Clarify and enforce reviewer-vs-merger role boundaries (#483)
This commit is contained in:
@@ -33,8 +33,15 @@ REVIEWER_ENV = {
|
||||
"GITEA_PROFILE_NAME": "reviewer-test",
|
||||
"GITEA_ALLOWED_OPERATIONS":
|
||||
"gitea.read,gitea.pr.review,gitea.pr.comment,gitea.pr.approve,"
|
||||
"gitea.pr.request_changes,gitea.pr.merge",
|
||||
"GITEA_FORBIDDEN_OPERATIONS": "gitea.pr.create,gitea.branch.push",
|
||||
"gitea.pr.request_changes",
|
||||
"GITEA_FORBIDDEN_OPERATIONS": "gitea.pr.create,gitea.branch.push,gitea.pr.merge",
|
||||
}
|
||||
|
||||
MERGER_ENV = {
|
||||
"GITEA_PROFILE_NAME": "merger-test",
|
||||
"GITEA_ALLOWED_OPERATIONS":
|
||||
"gitea.read,gitea.pr.comment,gitea.pr.merge",
|
||||
"GITEA_FORBIDDEN_OPERATIONS": "gitea.pr.create,gitea.branch.push,gitea.pr.approve",
|
||||
}
|
||||
|
||||
EXPECTED_SKILLS = [
|
||||
@@ -88,6 +95,15 @@ class TestControlPlaneGuide(GuideTestBase):
|
||||
self.assertIn("eligibility", blob)
|
||||
self.assertIn("pinned", blob)
|
||||
|
||||
@patch("mcp_server.api_request", return_value={"login": "merger-bot"})
|
||||
@patch("mcp_server.get_auth_header", return_value=FAKE_AUTH)
|
||||
def test_merger_profile_guidance(self, _auth, _api):
|
||||
with patch.dict(os.environ, MERGER_ENV, clear=True):
|
||||
g = mcp_get_control_plane_guide(remote="prgs")
|
||||
self.assertEqual(g["profile"]["role_kind"], "merger")
|
||||
blob = " ".join(g["guidance"]).lower()
|
||||
self.assertIn("merge", blob)
|
||||
|
||||
@patch("mcp_server.get_auth_header", return_value=None)
|
||||
def test_unresolved_identity_instructs_stop(self, _auth):
|
||||
with patch.dict(os.environ, AUTHOR_ENV, clear=True):
|
||||
|
||||
Reference in New Issue
Block a user