feat: integrate mock server with gitea-tools remote resolution and correct verdict parser

- Fix allowedTools options inside run_compliance to support prefixless and prefixed tool access
- Implement sys.executable resolution to allow compliance runner to run safely inside git worktrees
- Dynamically load GITEA_MCP_CONFIG JSON profiles inside gitea_auth.py to support 'mock' remote name
- Implement gitea_url helper inside gitea_auth.py to automatically handle HTTP and HTTPS scheme differences for localhost/loopback mock targets, preventing wrong SSL version errors
- Fix verdict.py escaping mismatch by normalizing stream-json block output structure before matching strings, allowing PR view decision points to be verified correctly

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
This commit is contained in:
2026-07-05 04:12:13 -04:00
co-authored by Claude Opus 4.8
parent 0947f1ad8a
commit e80508313a
5 changed files with 104 additions and 12 deletions
+9 -8
View File
@@ -41,6 +41,7 @@ from gitea_auth import ( # noqa: E402
api_get_all,
repo_api_url,
get_profile,
gitea_url,
)
import gitea_audit # noqa: E402
import gitea_config # noqa: E402
@@ -186,7 +187,7 @@ def _authenticated_username(host: str):
try:
header = get_auth_header(host)
if header:
who = api_request("GET", f"https://{host}/api/v1/user", header)
who = api_request("GET", gitea_url(host, "/api/v1/user"), header)
user = (who or {}).get("login")
except Exception:
user = None
@@ -211,7 +212,7 @@ def _audit(action: str, *, host, remote, result, org=None, repo=None,
action=action,
result=result,
remote=remote,
server=(f"https://{host}" if host else None),
server=(gitea_url(host, "").rstrip("/") if host else None),
repository=repo,
issue_number=issue_number,
pr_number=pr_number,
@@ -562,7 +563,7 @@ def gitea_check_pr_eligibility(
auth_user = None
if auth:
try:
who = api_request("GET", f"https://{h}/api/v1/user", auth)
who = api_request("GET", gitea_url(h, "/api/v1/user"), auth)
auth_user = (who or {}).get("login")
except Exception:
auth_user = None
@@ -2060,7 +2061,7 @@ def gitea_whoami(
raise ValueError(f"Unknown remote '{remote}'. Choose from: {list(REMOTES)}")
h = host or REMOTES[remote]["host"]
auth = _auth(h)
url = f"https://{h}/api/v1/user"
url = gitea_url(h, "/api/v1/user")
data = api_request("GET", url, auth)
if not data or not data.get("login"):
# Fail closed: never assume an identity we could not verify.
@@ -2096,7 +2097,7 @@ def gitea_whoami(
},
}
if _reveal_endpoints():
result["server"] = f"https://{h}"
result["server"] = gitea_url(h, "").rstrip("/")
return result
@@ -2185,12 +2186,12 @@ def gitea_get_profile(
h = host or REMOTES[remote]["host"]
if reveal:
result["server"] = f"https://{h}"
result["server"] = gitea_url(h, "").rstrip("/")
if resolve_identity:
try:
auth = _auth(h)
data = api_request("GET", f"https://{h}/api/v1/user", auth)
data = api_request("GET", gitea_url(h, "/api/v1/user"), auth)
login = (data or {}).get("login")
if login:
result["authenticated_username"] = login
@@ -2309,7 +2310,7 @@ def gitea_get_runtime_context(
}
if reveal and h:
result["server"] = f"https://{h}"
result["server"] = gitea_url(h, "").rstrip("/")
return result