Add a read-only MCP tool that calls Gitea's authenticated-user
endpoint (GET /api/v1/user) and returns safe identity metadata only:
username, display name, user id, email, server, and remote.
This lets future review/merge workflows prove which Gitea account the
MCP server is authenticated as, so self-review/self-merge can be
detected before acting — the blocker discovered during PR #8 dogfooding.
- Never returns the token, Authorization header, password, or secrets.
- Fails closed with a clear error if identity cannot be determined.
- No mutation; no profile switching; no review/approve/merge behavior.
Tests: identity mapping, secret-redaction, fail-closed, unknown-remote.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Address reviewer blockers on PR #8:
- Remove trailing whitespace in credential-isolation.md and release-workflows.md
- Add approved naming coverage (MCP Control Plane / mcp-control-plane project
and repo names; common, gitea-mcp, jenkins-mcp, ops-mcp, release-mcp packages)
to tool-boundaries.md
Documentation-only. No code, scaffolding, or config changes.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- mirror_refs.sh: additive branch+tag mirroring between dadeschools (HTTPS)
and prgs (SSH:2222). Dry-run default, --apply to execute, --force for
diverged branches. Uses bare repo cache for isolation.
- test_mirror_refs.py: flag parsing, safety defaults, brace-delimited refspec
validation, and local bare-repo integration tests (FF detection, branch/tag
comparison).
- README.md: document mirror_refs.sh, test suite, and multi-instance auth.
- argparse: --remote {dadeschools,prgs}, --title/--head/--base/--body,
--body-file (or '-' for stdin), and --host/--org/--repo overrides.
- REMOTES table: dadeschools (gitea.dadeschools.net/Contractor) and
prgs (gitea.prgs.cc/Scaled-Tech-Consulting).
- Print 'PR #N: <url>' on success; surface API error body on failure.
- Fix credential parsing to split('=', 1) so tokens containing '=' work.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>