feat(review-workflow): enforce single terminal review decision per review run (#211)
This commit is contained in:
+14
-14
@@ -28,6 +28,14 @@ from gitea_auth import get_auth_header, resolve_remote, add_remote_args, api_req
|
||||
|
||||
|
||||
def main(argv=None):
|
||||
if os.environ.get("GITEA_SESSION_PROFILE_LOCK"):
|
||||
print(
|
||||
"Direct CLI review submission is disabled within MCP sessions. "
|
||||
"Use MCP tools instead.",
|
||||
file=sys.stderr,
|
||||
)
|
||||
return 2
|
||||
|
||||
parser = argparse.ArgumentParser(description="Review and sign-off on a Gitea pull request.")
|
||||
add_remote_args(parser)
|
||||
parser.add_argument("--pr-number", type=int, required=True, help="PR number/index to review.")
|
||||
@@ -71,20 +79,12 @@ def main(argv=None):
|
||||
# spoof it and it cannot go stale across sessions.
|
||||
session_lock = (os.environ.get("GITEA_SESSION_PROFILE_LOCK") or "").strip()
|
||||
if session_lock:
|
||||
try:
|
||||
cli_profile = (get_profile().get("profile_name") or "").strip()
|
||||
except Exception as e:
|
||||
print(f"Mutation authority check failed: {e}", file=sys.stderr)
|
||||
return 3
|
||||
if cli_profile != session_lock:
|
||||
print(
|
||||
f"Mismatched active profile vs session profile lock "
|
||||
f"(CLI override rejected): CLI profile '{cli_profile}' does "
|
||||
f"not match locked session profile '{session_lock}' "
|
||||
f"(fail closed)",
|
||||
file=sys.stderr,
|
||||
)
|
||||
return 3
|
||||
print(
|
||||
"Direct CLI review submission is disabled within MCP sessions. "
|
||||
"Use the gated 'gitea_submit_pr_review' MCP tool instead.",
|
||||
file=sys.stderr,
|
||||
)
|
||||
return 2
|
||||
|
||||
body = args.body
|
||||
if args.body_file:
|
||||
|
||||
Reference in New Issue
Block a user