Commit Graph

71 Commits

Author SHA1 Message Date
jcwalker3 28feef3c11 Merge pull request 'docs: define task-scoped Gitea MCP execution profile model (#12)' (#21) from feature/12-gitea-execution-profile-model into master 2026-07-01 12:15:06 -05:00
sysadmin 5aad2e62d9 docs: define task-scoped Gitea MCP execution profile model (#12)
Add docs/gitea-execution-profiles.md defining the execution profile
model for gitea-mcp: profile metadata shape, five reference profiles
(gitea-issue-manager, gitea-author, gitea-reviewer, gitea-merger,
gitea-owner), allowed/forbidden operation model, identity + fail-closed
rules, and self-review/self-merge prevention.

Model/documentation only. No runtime profile switching, no multi-token
loading, no approve/merge/eligibility workflow, no secrets. Runtime
config (#19), discovery (#13), eligibility (#14), review (#15), merge
(#16), and audit logging (#18) are explicitly deferred.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-01 13:03:24 -04:00
sysadmin 89fe118279 Merge pull request 'feat: add read-only gitea_whoami authenticated-user lookup (#11)' (#20) from feature/11-gitea-authenticated-user-lookup into master
Reviewed-on: #20
2026-07-01 12:00:17 -05:00
sysadmin 03e28c159e feat: add read-only gitea_whoami authenticated-user lookup (#11)
Add a read-only MCP tool that calls Gitea's authenticated-user
endpoint (GET /api/v1/user) and returns safe identity metadata only:
username, display name, user id, email, server, and remote.

This lets future review/merge workflows prove which Gitea account the
MCP server is authenticated as, so self-review/self-merge can be
detected before acting — the blocker discovered during PR #8 dogfooding.

- Never returns the token, Authorization header, password, or secrets.
- Fails closed with a clear error if identity cannot be determined.
- No mutation; no profile switching; no review/approve/merge behavior.

Tests: identity mapping, secret-redaction, fail-closed, unknown-remote.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-01 12:42:37 -04:00
jcwalker3 952e308a18 Merge pull request 'docs: Document MCP security model and trust boundaries' (#8) from feature/52-security-docs into master 2026-07-01 10:40:15 -05:00
sysadmin b402de83fe docs: fix trailing whitespace and add approved naming for #52
Address reviewer blockers on PR #8:
- Remove trailing whitespace in credential-isolation.md and release-workflows.md
- Add approved naming coverage (MCP Control Plane / mcp-control-plane project
  and repo names; common, gitea-mcp, jenkins-mcp, ops-mcp, release-mcp packages)
  to tool-boundaries.md

Documentation-only. No code, scaffolding, or config changes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-01 04:17:30 -04:00
sysadmin 509ff7574a docs: Document MCP security model and trust boundaries for #52 2026-07-01 03:46:45 -04:00
sysadmin 989856a007 feat: add PR review and edit tools to CLI and MCP server 2026-06-26 06:24:19 -04:00
sysadmin ccbb44c81e docs: document new PR and label management tools in README 2026-06-24 00:15:07 -04:00
sysadmin 82fcd5a4bc feat: expand MCP server tools for PR and label management, add helper CLI scripts
Closes #7
2026-06-24 00:14:47 -04:00
sysadmin 8b1c115647 feat: add auth.py backwards compatibility wrapper 2026-06-21 22:36:59 -04:00
sysadmin 80a71f2020 feat: bypass Cloudflare block & convert close/mark issue shell scripts to Python 2026-06-21 22:32:37 -04:00
sysadmin 51296c88a3 refactor: rename auth.py to gitea_auth.py and ignore env files 2026-06-21 22:27:40 -04:00
sysadmin 203e9d4cb7 docs: add per-client MCP setup instructions
Expandable sections for Antigravity, Claude Code, generic MCP clients,
and Codex/non-MCP fallback to CLI scripts.
2026-06-21 20:20:30 -04:00
sysadmin b7e195e426 feat: add MCP server + shared auth module (#7, #1)
- New: mcp_server.py — FastMCP stdio server exposing 7 tools:
  gitea_create_issue, gitea_create_pr, gitea_close_issue,
  gitea_list_issues, gitea_view_issue, gitea_mark_issue,
  gitea_mirror_refs
- New: auth.py — shared authentication and API helpers
  (get_credentials, get_auth_header, api_request, repo_api_url)
- Refactored: create_pr.py, create_issue.py, manage_labels.py
  to use shared auth module (eliminates credential duplication)
- New: tests/test_mcp_server.py — 17 tests for all MCP tools
- Updated: tests/test_credentials.py — now tests auth.py directly
- Updated: tests/test_create_issue.py — adapted for refactored imports
- New: requirements.txt — frozen venv deps (mcp[cli], pytest)
- Updated: README.md — MCP server as primary interface
- Config: added gitea-tools to mcp_config.json

Closes #1. Resolves #2, #5. Relates to #7.
2026-06-21 20:08:07 -04:00
sysadmin dd6f1308c1 feat: add mirror_refs.sh for bidirectional ref syncing
- mirror_refs.sh: additive branch+tag mirroring between dadeschools (HTTPS)
  and prgs (SSH:2222). Dry-run default, --apply to execute, --force for
  diverged branches. Uses bare repo cache for isolation.
- test_mirror_refs.py: flag parsing, safety defaults, brace-delimited refspec
  validation, and local bare-repo integration tests (FF detection, branch/tag
  comparison).
- README.md: document mirror_refs.sh, test suite, and multi-instance auth.
2026-06-21 18:08:53 -04:00
sysadmin c4c9993039 test: add comprehensive test suite
- test_create_issue.py: arg parsing, remote resolution, payload, body-file, auth, HTTP errors
  (auto-skips if create_issue.py is inaccessible due to macOS sandbox)
- test_create_pr.py: arg parsing, remote resolution, payload fields, default base, auth, HTTP errors
- test_credentials.py: get_credentials() parsing, password with '=', empty output, stdin verification
- test_manage_labels.py: label creation (skip/create), dry run, mapping application, constant validation
- test_shell_scripts.py: close_issue.sh and mark_issue.sh arg validation and error messages

28 passed, 12 skipped (macOS sandbox on create_issue.py).
2026-06-21 17:26:18 -04:00
sysadmin 7404f768d3 chore: improve tooling quality and docs
- close_issue.sh: add set -euo pipefail, argument validation, confirmation output
- mark_issue.sh: track previously untracked claim/release script
- create_pr.sh: remove hardcoded one-off (use create_pr.py instead)
- README.md: reflect current toolset with usage examples
- .gitignore: ignore venv/ and __pycache__/
2026-06-21 17:11:44 -04:00
sysadmin d3659534ef feat: parameterize create_issue.py, track manage_labels.py
- create_issue.py: argparse single-issue creator mirroring create_pr.py
  (--remote {dadeschools,prgs}, --title/--body/--body-file, host overrides),
  replacing the one-shot hardcoded ROADMAP backfill batch.
- manage_labels.py: add the label set + mapping tool (executable).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 17:03:12 -04:00
sysadmin ed63310b71 feat: parameterize create_pr.py and add PRGS remote
- argparse: --remote {dadeschools,prgs}, --title/--head/--base/--body,
  --body-file (or '-' for stdin), and --host/--org/--repo overrides.
- REMOTES table: dadeschools (gitea.dadeschools.net/Contractor) and
  prgs (gitea.prgs.cc/Scaled-Tech-Consulting).
- Print 'PR #N: <url>' on success; surface API error body on failure.
- Fix credential parsing to split('=', 1) so tokens containing '=' work.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 16:59:48 -04:00
sysadmin e7f4b2732c Initial commit 2026-06-21 15:35:57 -04:00