fix: redact Gitea web links from MCP PR output

This commit is contained in:
2026-07-04 16:46:55 -04:00
parent 2beeeceb90
commit 552f538d97
2 changed files with 118 additions and 24 deletions
+26 -17
View File
@@ -54,6 +54,13 @@ def _reveal_endpoints() -> bool:
return (os.environ.get("GITEA_MCP_REVEAL_ENDPOINTS") or "").strip().lower() \
in ("1", "true", "yes")
def _with_optional_url(result: dict, url: str | None) -> dict:
"""Attach web links only under the explicit endpoint reveal opt-in."""
if _reveal_endpoints() and url:
result["url"] = url
return result
mcp = FastMCP("gitea-tools", instructions=(
"Gitea issue tracker and PR management for dadeschools and prgs instances. "
"Use the gitea_ prefixed tools to create issues, PRs, list issues, etc."
@@ -310,7 +317,7 @@ def gitea_create_issue(
repo: Override the repository name.
Returns:
dict with 'number' and 'url' of the created issue.
dict with 'number' of the created issue ('url' only with the reveal opt-in).
"""
h, o, r = _resolve(remote, host, org, repo)
auth = _auth(h)
@@ -325,7 +332,7 @@ def gitea_create_issue(
_audit("create_issue", host=h, remote=remote, org=o, repo=r,
result=gitea_audit.SUCCEEDED, issue_number=data["number"],
request_metadata={"title": title})
return {"number": data["number"], "url": data["html_url"]}
return _with_optional_url({"number": data["number"]}, data.get("html_url"))
@mcp.tool()
@@ -352,7 +359,7 @@ def gitea_create_pr(
repo: Override the repository name.
Returns:
dict with 'number' and 'url' of the created PR.
dict with 'number' of the created PR ('url' only with the reveal opt-in).
"""
h, o, r = _resolve(remote, host, org, repo)
auth = _auth(h)
@@ -369,7 +376,7 @@ def gitea_create_pr(
_audit("create_pr", host=h, remote=remote, org=o, repo=r,
result=gitea_audit.SUCCEEDED, pr_number=data["number"],
target_branch=head, request_metadata=meta)
return {"number": data["number"], "url": data["html_url"]}
return _with_optional_url({"number": data["number"]}, data.get("html_url"))
@mcp.tool()
@@ -390,24 +397,25 @@ def gitea_list_prs(
repo: Override the repository name.
Returns:
List of dicts with 'number', 'title', 'state', 'head', 'base', 'url', 'mergeable'.
List of dicts with 'number', 'title', 'state', 'head', 'base', and
'mergeable' ('url' only with the reveal opt-in).
"""
h, o, r = _resolve(remote, host, org, repo)
auth = _auth(h)
url = f"{repo_api_url(h, o, r)}/pulls?state={state}"
prs = api_get_all(url, auth)
return [
{
results = []
for pr in prs:
entry = {
"number": pr["number"],
"title": pr["title"],
"state": pr["state"],
"head": pr["head"]["ref"],
"base": pr["base"]["ref"],
"url": pr["html_url"],
"mergeable": pr.get("mergeable"),
}
for pr in prs
]
results.append(_with_optional_url(entry, pr.get("html_url")))
return results
@mcp.tool()
@@ -434,17 +442,17 @@ def gitea_view_pr(
auth = _auth(h)
url = f"{repo_api_url(h, o, r)}/pulls/{pr_number}"
pr = api_request("GET", url, auth)
return {
result = {
"number": pr["number"],
"title": pr["title"],
"body": pr.get("body", ""),
"state": pr["state"],
"head": pr["head"]["ref"],
"base": pr["base"]["ref"],
"url": pr["html_url"],
"mergeable": pr.get("mergeable"),
"user": pr.get("user", {}).get("login", ""),
}
return _with_optional_url(result, pr.get("html_url"))
# Actions whose eligibility this tool can evaluate.
@@ -921,15 +929,15 @@ def gitea_edit_pr(
except Exception:
pass
return {
result = {
"success": True,
"number": data["number"],
"title": data["title"],
"body": data.get("body", ""),
"state": data["state"],
"url": data["html_url"],
"cleanup_status": cleanup_status,
}
return _with_optional_url(result, data.get("html_url"))
@mcp.tool()
@@ -1424,21 +1432,22 @@ def gitea_view_issue(
repo: Override the repository name.
Returns:
dict with 'number', 'title', 'body', 'state', 'labels', 'assignee', 'url'.
dict with 'number', 'title', 'body', 'state', 'labels', and 'assignee'
('url' only with the reveal opt-in).
"""
h, o, r = _resolve(remote, host, org, repo)
auth = _auth(h)
url = f"{repo_api_url(h, o, r)}/issues/{issue_number}"
i = api_request("GET", url, auth)
return {
result = {
"number": i["number"],
"title": i["title"],
"body": i.get("body", ""),
"state": i["state"],
"labels": [lb["name"] for lb in i.get("labels", [])],
"assignee": (i.get("assignee") or {}).get("login", ""),
"url": i["html_url"],
}
return _with_optional_url(result, i.get("html_url"))
def _issue_comment_gate(op: str) -> list[str]: