feat(profiles): make gitea.branch.delete a documented reconciler-owned capability
Merged-PR source-branch cleanup is reconciler work (task_capability_map maps cleanup_merged_pr_branch -> reconciler / gitea.branch.delete), but the reconciler profile schema, execution-profile docs, and tests never covered the permission, so no configured profile could run the guarded gitea_cleanup_merged_pr_branch path. - reconciler_profile.py: add gitea.branch.delete to RECONCILER_RECOMMENDED_OPERATIONS (not required; not forbidden) - docs/gitea-execution-profiles.md: document merged-branch cleanup ownership, least-privilege constraints, and the no-alias caveat - tests/test_reconciler_profile.py: reconciler profile with branch.delete stays valid and classified reconciler; missing grant is reported as missing-recommended - tests/test_branch_cleanup_guard.py: author- and merger-shaped profiles without gitea.branch.delete fail closed on gitea_cleanup_merged_pr_branch Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
This commit is contained in:
@@ -18,6 +18,11 @@ RECONCILER_RECOMMENDED_OPERATIONS = (
|
||||
"gitea.pr.comment",
|
||||
"gitea.issue.comment",
|
||||
"gitea.issue.close",
|
||||
# Merged-branch cleanup is reconciler-owned (task_capability_map maps
|
||||
# cleanup_merged_pr_branch -> reconciler). The permission is only
|
||||
# exercisable through the guarded gitea_cleanup_merged_pr_branch path
|
||||
# (#514): merged proof, protected-branch refusal, explicit confirmation.
|
||||
"gitea.branch.delete",
|
||||
)
|
||||
|
||||
RECONCILER_FORBIDDEN_OPERATIONS = (
|
||||
|
||||
Reference in New Issue
Block a user