Fix #723: Prevent poisoned role stamp during task capability denial
This fixes #723 Defect B where attempting to acquire a reviewer lease from a merger session caused the session role to be incorrectly stamped as 'reviewer', leading to downstream workspace binding exceptions. This commit moves the preflight capability recording to only apply when the task is allowed, and adds a try/except downstream to correctly fail-closed instead of throwing RuntimeError.
This commit is contained in:
@@ -442,5 +442,23 @@ class TestResolveTaskCapability(unittest.TestCase):
|
||||
with self.assertRaises(ValueError):
|
||||
mcp_server.gitea_resolve_task_capability(task=unknown, remote="prgs")
|
||||
|
||||
@patch("mcp_server.api_request", return_value={"login": "author-user"})
|
||||
@patch("mcp_server.get_auth_header", return_value="token author-pass")
|
||||
def test_resolve_task_capability_does_not_poison_role_stamp_on_denial(self, _auth, _api):
|
||||
# Issue #723: attempting to acquire a reviewer lease from a merger profile
|
||||
# should fail without poisoning the session role stamp as 'reviewer'.
|
||||
with patch.dict(os.environ, self._env("merger-profile")):
|
||||
# Initially no preflight check is recorded
|
||||
self.assertEqual(mcp_server._preflight_resolved_role, None)
|
||||
|
||||
# Request reviewer lease task which should be denied for merger
|
||||
res = mcp_server.gitea_resolve_task_capability(task="review_pr", remote="prgs")
|
||||
|
||||
# The task is denied
|
||||
self.assertFalse(res["allowed_in_current_session"])
|
||||
|
||||
# The session role stamp should NOT be poisoned
|
||||
self.assertNotEqual(mcp_server._preflight_resolved_role, "reviewer")
|
||||
|
||||
if __name__ == "__main__":
|
||||
unittest.main()
|
||||
|
||||
Reference in New Issue
Block a user