Compare commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
78cc37a977 |
@@ -39,6 +39,27 @@ GITEA_AUDIT_LOG=/path/to/gitea-mcp-audit.log
|
|||||||
# only — never the token value. Surfaced by gitea_get_profile.
|
# only — never the token value. Surfaced by gitea_get_profile.
|
||||||
GITEA_TOKEN_SOURCE=GITEA_TOKEN
|
GITEA_TOKEN_SOURCE=GITEA_TOKEN
|
||||||
|
|
||||||
|
# ── Optional self-hosted Sentry observability (#606) ────────────────────────
|
||||||
|
# Emits runtime errors, fail-closed workflow blockers, lease/terminal-lock/
|
||||||
|
# stale-runtime collisions, and watchdog cron check-ins to a SELF-HOSTED Sentry
|
||||||
|
# (https://sentry.prgs.cc/) — never Sentry Cloud. Gitea stays the source of
|
||||||
|
# truth; Sentry is observe-only. OFF by default: with MCP_SENTRY_ENABLED unset
|
||||||
|
# or SENTRY_DSN empty, nothing is initialised and no events are sent.
|
||||||
|
#
|
||||||
|
# Master gate. Truthy = 1/true/yes/on. Both this AND SENTRY_DSN are required.
|
||||||
|
MCP_SENTRY_ENABLED=0
|
||||||
|
# DSN for the self-hosted project (create a `gitea-tools-mcp` project in
|
||||||
|
# https://sentry.prgs.cc/ and copy its DSN). Never commit a real DSN.
|
||||||
|
SENTRY_DSN=
|
||||||
|
# Deployment environment tag (local/dev/prod). Defaults to "development".
|
||||||
|
SENTRY_ENVIRONMENT=development
|
||||||
|
# Optional release identifier (e.g. a git SHA or version string).
|
||||||
|
SENTRY_RELEASE=
|
||||||
|
# Performance-trace sample rate, 0.0–1.0 (clamped). Default 0.0 (traces off).
|
||||||
|
MCP_SENTRY_TRACES_SAMPLE_RATE=0.0
|
||||||
|
# Set to 1 to forward Python logs to Sentry as structured logs. Default off.
|
||||||
|
MCP_SENTRY_ENABLE_LOGS=0
|
||||||
|
|
||||||
# Optional canonical runtime-profile config (#19). Instead of the fields above,
|
# Optional canonical runtime-profile config (#19). Instead of the fields above,
|
||||||
# point every LLM launcher at ONE JSON file of named profiles and select one.
|
# point every LLM launcher at ONE JSON file of named profiles and select one.
|
||||||
# Secrets are referenced (keychain id / env var name), never inlined. See
|
# Secrets are referenced (keychain id / env var name), never inlined. See
|
||||||
|
|||||||
@@ -7,19 +7,6 @@ from typing import Any
|
|||||||
|
|
||||||
PROTECTED_BRANCHES = frozenset({"master", "main", "dev"})
|
PROTECTED_BRANCHES = frozenset({"master", "main", "dev"})
|
||||||
|
|
||||||
# Evidence / preservation branches must never be removed by cleanup tools
|
|
||||||
# (e.g. chore/issue-681-preserve-review-session-wip).
|
|
||||||
_PRESERVATION_MARKERS = ("preserve", "preservation", "evidence")
|
|
||||||
|
|
||||||
|
|
||||||
def is_preservation_or_evidence_branch(branch: str | None) -> bool:
|
|
||||||
"""Return True when *branch* is a preservation/evidence ref that must stay."""
|
|
||||||
if not branch:
|
|
||||||
return False
|
|
||||||
name = str(branch).lower()
|
|
||||||
return any(marker in name for marker in _PRESERVATION_MARKERS)
|
|
||||||
|
|
||||||
|
|
||||||
_RAW_BRANCH_DELETE_PATTERNS = (
|
_RAW_BRANCH_DELETE_PATTERNS = (
|
||||||
re.compile(r"\bgit(?:\s+-C\s+\S+)?\s+branch\s+-[dD]\b[^\n\r]*", re.I),
|
re.compile(r"\bgit(?:\s+-C\s+\S+)?\s+branch\s+-[dD]\b[^\n\r]*", re.I),
|
||||||
re.compile(r"\bgit(?:\s+-C\s+\S+)?\s+push\b[^\n\r]*\s--delete\b[^\n\r]*", re.I),
|
re.compile(r"\bgit(?:\s+-C\s+\S+)?\s+push\b[^\n\r]*\s--delete\b[^\n\r]*", re.I),
|
||||||
@@ -85,11 +72,6 @@ def assess_merged_pr_branch_cleanup(
|
|||||||
reasons.append("PR head branch is missing")
|
reasons.append("PR head branch is missing")
|
||||||
if head_branch in protected:
|
if head_branch in protected:
|
||||||
reasons.append(f"branch '{head_branch}' is protected")
|
reasons.append(f"branch '{head_branch}' is protected")
|
||||||
if is_preservation_or_evidence_branch(head_branch):
|
|
||||||
reasons.append(
|
|
||||||
f"branch '{head_branch}' is a preservation/evidence branch and "
|
|
||||||
"cannot be deleted through merged-PR cleanup"
|
|
||||||
)
|
|
||||||
if head_branch in open_pr_heads:
|
if head_branch in open_pr_heads:
|
||||||
reasons.append("an open PR still references this head branch")
|
reasons.append("an open PR still references this head branch")
|
||||||
if head_on_target is False:
|
if head_on_target is False:
|
||||||
@@ -114,490 +96,3 @@ def assess_merged_pr_branch_cleanup(
|
|||||||
"block_reasons": reasons,
|
"block_reasons": reasons,
|
||||||
"recommended_action": "delete_remote_branch" if safe else "keep_remote_branch",
|
"recommended_action": "delete_remote_branch" if safe else "keep_remote_branch",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
|
||||||
# #687 remediation: post-delete readback + active ownership protection
|
|
||||||
# ---------------------------------------------------------------------------
|
|
||||||
|
|
||||||
READBACK_NOT_FOUND = "not_found"
|
|
||||||
READBACK_EXISTS = "exists"
|
|
||||||
READBACK_AUTHENTICATION = "authentication_error"
|
|
||||||
READBACK_AUTHORIZATION = "authorization_error"
|
|
||||||
READBACK_TRANSPORT = "transport_error"
|
|
||||||
READBACK_UNEXPECTED = "unexpected_response"
|
|
||||||
READBACK_AMBIGUOUS_404 = "ambiguous_not_found"
|
|
||||||
|
|
||||||
# Scope of a 404: only branch-scoped absence may set verified_absent.
|
|
||||||
NOT_FOUND_SCOPE_BRANCH = "branch"
|
|
||||||
NOT_FOUND_SCOPE_REPOSITORY = "repository"
|
|
||||||
NOT_FOUND_SCOPE_HOST = "host"
|
|
||||||
NOT_FOUND_SCOPE_UNKNOWN = "unknown"
|
|
||||||
|
|
||||||
ERROR_CLASS_AUTHENTICATION = "authentication"
|
|
||||||
ERROR_CLASS_AUTHORIZATION = "authorization"
|
|
||||||
ERROR_CLASS_TRANSPORT = "transport"
|
|
||||||
ERROR_CLASS_UNEXPECTED = "unexpected"
|
|
||||||
|
|
||||||
OWNERSHIP_CATEGORY_AUTHOR_SESSION = "author_session"
|
|
||||||
OWNERSHIP_CATEGORY_AUTHOR_LEASE = "author_lease"
|
|
||||||
OWNERSHIP_CATEGORY_REVIEWER_LEASE = "reviewer_lease"
|
|
||||||
OWNERSHIP_CATEGORY_MERGER_LEASE = "merger_lease"
|
|
||||||
OWNERSHIP_CATEGORY_CONTROLLER_LEASE = "controller_lease"
|
|
||||||
OWNERSHIP_CATEGORY_RECONCILER_LEASE = "reconciler_lease"
|
|
||||||
OWNERSHIP_CATEGORY_WORKTREE_BINDING = "worktree_binding"
|
|
||||||
OWNERSHIP_CATEGORY_INVENTORY_ERROR = "ownership_inventory_error"
|
|
||||||
|
|
||||||
_ROLE_TO_OWNERSHIP_CATEGORY = {
|
|
||||||
"author": OWNERSHIP_CATEGORY_AUTHOR_LEASE,
|
|
||||||
"reviewer": OWNERSHIP_CATEGORY_REVIEWER_LEASE,
|
|
||||||
"merger": OWNERSHIP_CATEGORY_MERGER_LEASE,
|
|
||||||
"controller": OWNERSHIP_CATEGORY_CONTROLLER_LEASE,
|
|
||||||
"reconciler": OWNERSHIP_CATEGORY_RECONCILER_LEASE,
|
|
||||||
}
|
|
||||||
|
|
||||||
_ACTIVE_OWNERSHIP_STATUSES = frozenset(
|
|
||||||
{"active", "live", "claimed", "in_progress", "working", "pushing", "pushed"}
|
|
||||||
)
|
|
||||||
_TERMINAL_OWNERSHIP_STATUSES = frozenset(
|
|
||||||
{"released", "abandoned", "done", "blocked", "terminal", "closed"}
|
|
||||||
)
|
|
||||||
_EXPIRED_STATUSES = frozenset({"expired"})
|
|
||||||
_STALE_STATUSES = frozenset({"stale", "stale_dead_process", "stale_missing_worktree"})
|
|
||||||
|
|
||||||
|
|
||||||
def _norm_str(value: Any) -> str:
|
|
||||||
return str(value or "").strip()
|
|
||||||
|
|
||||||
|
|
||||||
def normalize_host(host: str | None) -> str:
|
|
||||||
"""Normalize a host identity for ownership matching (no credentials)."""
|
|
||||||
text = _norm_str(host).lower()
|
|
||||||
for prefix in ("https://", "http://"):
|
|
||||||
if text.startswith(prefix):
|
|
||||||
text = text[len(prefix) :]
|
|
||||||
# Drop path/query if a full URL slipped through.
|
|
||||||
text = text.split("/", 1)[0]
|
|
||||||
text = text.split("?", 1)[0]
|
|
||||||
return text.rstrip(".")
|
|
||||||
|
|
||||||
|
|
||||||
def ownership_category_for_role(role: str | None) -> str:
|
|
||||||
"""Map a role kind to a non-secret ownership category label."""
|
|
||||||
key = _norm_str(role).lower()
|
|
||||||
return _ROLE_TO_OWNERSHIP_CATEGORY.get(key, f"{key or 'unknown'}_lease")
|
|
||||||
|
|
||||||
|
|
||||||
def classify_branch_readback_http_status(
|
|
||||||
status_code: int | None,
|
|
||||||
*,
|
|
||||||
not_found_scope: str | None = None,
|
|
||||||
) -> dict[str, Any]:
|
|
||||||
"""Classify a GET-branch HTTP status into a secret-free readback result.
|
|
||||||
|
|
||||||
R1: A bare/generic/repository/wrong-host 404 never yields
|
|
||||||
``verified_absent=True``. Only an authoritative *branch-scoped* not-found
|
|
||||||
(``not_found_scope='branch'``) may verify deletion.
|
|
||||||
"""
|
|
||||||
if status_code == 404:
|
|
||||||
scope = _norm_str(not_found_scope).lower() or NOT_FOUND_SCOPE_UNKNOWN
|
|
||||||
if scope == NOT_FOUND_SCOPE_BRANCH:
|
|
||||||
return {
|
|
||||||
"status": READBACK_NOT_FOUND,
|
|
||||||
"error_class": None,
|
|
||||||
"verified_absent": True,
|
|
||||||
"branch_present": False,
|
|
||||||
"not_found_scope": NOT_FOUND_SCOPE_BRANCH,
|
|
||||||
"reasons": [],
|
|
||||||
}
|
|
||||||
# repository / host / unknown / generic 404 — not verified absence
|
|
||||||
reason = {
|
|
||||||
NOT_FOUND_SCOPE_REPOSITORY: (
|
|
||||||
"post-delete readback 404 is repository-scoped, not branch absence"
|
|
||||||
),
|
|
||||||
NOT_FOUND_SCOPE_HOST: (
|
|
||||||
"post-delete readback 404 is host-scoped, not branch absence"
|
|
||||||
),
|
|
||||||
}.get(
|
|
||||||
scope,
|
|
||||||
"post-delete readback 404 is ambiguous (not branch-scoped); "
|
|
||||||
"cannot verify absence",
|
|
||||||
)
|
|
||||||
return {
|
|
||||||
"status": READBACK_AMBIGUOUS_404,
|
|
||||||
"error_class": ERROR_CLASS_UNEXPECTED,
|
|
||||||
"verified_absent": False,
|
|
||||||
"branch_present": None,
|
|
||||||
"not_found_scope": scope,
|
|
||||||
"reasons": [reason],
|
|
||||||
}
|
|
||||||
if status_code in (401, 407):
|
|
||||||
return {
|
|
||||||
"status": READBACK_AUTHENTICATION,
|
|
||||||
"error_class": ERROR_CLASS_AUTHENTICATION,
|
|
||||||
"verified_absent": False,
|
|
||||||
"branch_present": None,
|
|
||||||
"reasons": ["post-delete branch readback authentication failed"],
|
|
||||||
}
|
|
||||||
if status_code == 403:
|
|
||||||
return {
|
|
||||||
"status": READBACK_AUTHORIZATION,
|
|
||||||
"error_class": ERROR_CLASS_AUTHORIZATION,
|
|
||||||
"verified_absent": False,
|
|
||||||
"branch_present": None,
|
|
||||||
"reasons": ["post-delete branch readback authorization failed"],
|
|
||||||
}
|
|
||||||
if status_code is not None and 200 <= int(status_code) < 300:
|
|
||||||
return {
|
|
||||||
"status": READBACK_EXISTS,
|
|
||||||
"error_class": None,
|
|
||||||
"verified_absent": False,
|
|
||||||
"branch_present": True,
|
|
||||||
"reasons": ["post-delete readback found branch still present"],
|
|
||||||
}
|
|
||||||
if status_code is not None and int(status_code) >= 500:
|
|
||||||
return {
|
|
||||||
"status": READBACK_TRANSPORT,
|
|
||||||
"error_class": ERROR_CLASS_TRANSPORT,
|
|
||||||
"verified_absent": False,
|
|
||||||
"branch_present": None,
|
|
||||||
"reasons": ["post-delete branch readback transport/upstream failure"],
|
|
||||||
}
|
|
||||||
return {
|
|
||||||
"status": READBACK_UNEXPECTED,
|
|
||||||
"error_class": ERROR_CLASS_UNEXPECTED,
|
|
||||||
"verified_absent": False,
|
|
||||||
"branch_present": None,
|
|
||||||
"reasons": ["post-delete branch readback returned an unexpected response"],
|
|
||||||
"http_status": status_code,
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
def _extract_http_status(exc: BaseException) -> int | None:
|
|
||||||
"""Extract an HTTP status code from an exception chain (secret-free)."""
|
|
||||||
seen: set[int] = set()
|
|
||||||
current: BaseException | None = exc
|
|
||||||
while current is not None and id(current) not in seen:
|
|
||||||
seen.add(id(current))
|
|
||||||
for attr in ("code", "status", "status_code"):
|
|
||||||
value = getattr(current, attr, None)
|
|
||||||
if isinstance(value, int) and 100 <= value <= 599:
|
|
||||||
return value
|
|
||||||
text = str(current) if current is not None else ""
|
|
||||||
match = re.match(r"HTTP\s+(\d{3})\b", text)
|
|
||||||
if match:
|
|
||||||
return int(match.group(1))
|
|
||||||
current = current.__cause__ or current.__context__
|
|
||||||
return None
|
|
||||||
|
|
||||||
|
|
||||||
def classify_branch_readback_exception(
|
|
||||||
exc: BaseException,
|
|
||||||
*,
|
|
||||||
not_found_scope: str | None = None,
|
|
||||||
) -> dict[str, Any]:
|
|
||||||
"""Classify a GET-branch exception without leaking credentials or bodies.
|
|
||||||
|
|
||||||
R1: substring ``404`` / ``not found`` alone never becomes verified_absent.
|
|
||||||
Callers must pass ``not_found_scope='branch'`` only after authoritative
|
|
||||||
proof that the repository/host is still reachable and the 404 is branch-level.
|
|
||||||
"""
|
|
||||||
status_code = _extract_http_status(exc)
|
|
||||||
if status_code is None:
|
|
||||||
lower = str(exc).lower() if exc is not None else ""
|
|
||||||
if any(
|
|
||||||
token in lower
|
|
||||||
for token in (
|
|
||||||
"timed out",
|
|
||||||
"timeout",
|
|
||||||
"connection",
|
|
||||||
"network",
|
|
||||||
"temporarily unavailable",
|
|
||||||
"name or service not known",
|
|
||||||
"nodename nor servname",
|
|
||||||
)
|
|
||||||
):
|
|
||||||
return {
|
|
||||||
"status": READBACK_TRANSPORT,
|
|
||||||
"error_class": ERROR_CLASS_TRANSPORT,
|
|
||||||
"verified_absent": False,
|
|
||||||
"branch_present": None,
|
|
||||||
"reasons": [
|
|
||||||
"post-delete branch readback transport/upstream failure"
|
|
||||||
],
|
|
||||||
}
|
|
||||||
if "unauthorized" in lower:
|
|
||||||
status_code = 401
|
|
||||||
elif "forbidden" in lower:
|
|
||||||
status_code = 403
|
|
||||||
elif "404" in lower or "not found" in lower:
|
|
||||||
# Ambiguous: do NOT treat as branch absence without scope proof.
|
|
||||||
status_code = 404
|
|
||||||
if not_found_scope is None:
|
|
||||||
not_found_scope = NOT_FOUND_SCOPE_UNKNOWN
|
|
||||||
|
|
||||||
if status_code is not None:
|
|
||||||
return classify_branch_readback_http_status(
|
|
||||||
status_code, not_found_scope=not_found_scope
|
|
||||||
)
|
|
||||||
|
|
||||||
return {
|
|
||||||
"status": READBACK_UNEXPECTED,
|
|
||||||
"error_class": ERROR_CLASS_UNEXPECTED,
|
|
||||||
"verified_absent": False,
|
|
||||||
"branch_present": None,
|
|
||||||
"reasons": ["post-delete branch readback returned an unexpected response"],
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
def assess_post_delete_readback(readback: dict[str, Any] | None) -> dict[str, Any]:
|
|
||||||
"""Decide whether DELETE success may be reported after branch readback.
|
|
||||||
|
|
||||||
Success requires authoritative branch-scoped not-found
|
|
||||||
(``verified_absent=True``). DELETE HTTP success alone is never enough.
|
|
||||||
Generic/repository/host 404 cannot verify absence (R1).
|
|
||||||
"""
|
|
||||||
payload = dict(readback or {})
|
|
||||||
status = _norm_str(payload.get("status")) or READBACK_UNEXPECTED
|
|
||||||
# Only explicit verified_absent flag counts — never infer from status alone
|
|
||||||
# when status is a bare not_found without branch scope proof.
|
|
||||||
verified = bool(payload.get("verified_absent")) is True
|
|
||||||
if verified and status == READBACK_NOT_FOUND:
|
|
||||||
return {
|
|
||||||
"ok": True,
|
|
||||||
"success": True,
|
|
||||||
"verified_absent": True,
|
|
||||||
"readback": {
|
|
||||||
"status": READBACK_NOT_FOUND,
|
|
||||||
"verified_absent": True,
|
|
||||||
"branch_present": False,
|
|
||||||
"error_class": None,
|
|
||||||
"not_found_scope": NOT_FOUND_SCOPE_BRANCH,
|
|
||||||
},
|
|
||||||
"reasons": [],
|
|
||||||
}
|
|
||||||
|
|
||||||
reasons = list(payload.get("reasons") or [])
|
|
||||||
if not reasons:
|
|
||||||
if status == READBACK_EXISTS:
|
|
||||||
reasons = ["post-delete readback found branch still present"]
|
|
||||||
elif status == READBACK_AUTHENTICATION:
|
|
||||||
reasons = ["post-delete branch readback authentication failed"]
|
|
||||||
elif status == READBACK_AUTHORIZATION:
|
|
||||||
reasons = ["post-delete branch readback authorization failed"]
|
|
||||||
elif status == READBACK_TRANSPORT:
|
|
||||||
reasons = ["post-delete branch readback transport/upstream failure"]
|
|
||||||
elif status == READBACK_AMBIGUOUS_404:
|
|
||||||
reasons = [
|
|
||||||
"post-delete readback 404 is not branch-scoped; "
|
|
||||||
"cannot verify absence"
|
|
||||||
]
|
|
||||||
else:
|
|
||||||
reasons = ["post-delete branch readback could not verify deletion"]
|
|
||||||
|
|
||||||
return {
|
|
||||||
"ok": False,
|
|
||||||
"success": False,
|
|
||||||
"verified_absent": False,
|
|
||||||
"readback": {
|
|
||||||
"status": status,
|
|
||||||
"verified_absent": False,
|
|
||||||
"branch_present": payload.get("branch_present"),
|
|
||||||
"error_class": payload.get("error_class"),
|
|
||||||
"not_found_scope": payload.get("not_found_scope"),
|
|
||||||
},
|
|
||||||
"reasons": reasons,
|
|
||||||
"blocker_kind": "post_delete_readback_failed",
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
def cleanup_result_envelope(
|
|
||||||
*,
|
|
||||||
success: bool,
|
|
||||||
performed: bool,
|
|
||||||
delete_acknowledged: bool,
|
|
||||||
verified_absent: bool,
|
|
||||||
**extra: Any,
|
|
||||||
) -> dict[str, Any]:
|
|
||||||
"""R2: consistent top-level cleanup result fields on every return path."""
|
|
||||||
out: dict[str, Any] = {
|
|
||||||
"success": bool(success),
|
|
||||||
"performed": bool(performed),
|
|
||||||
"delete_acknowledged": bool(delete_acknowledged),
|
|
||||||
"verified_absent": bool(verified_absent),
|
|
||||||
}
|
|
||||||
out.update(extra)
|
|
||||||
return out
|
|
||||||
|
|
||||||
|
|
||||||
def _repo_matches(
|
|
||||||
record: dict[str, Any],
|
|
||||||
*,
|
|
||||||
remote: str,
|
|
||||||
org: str,
|
|
||||||
repo: str,
|
|
||||||
host: str | None = None,
|
|
||||||
) -> bool:
|
|
||||||
"""Match ownership record to target remote/org/repo and normalized host."""
|
|
||||||
if (
|
|
||||||
_norm_str(record.get("remote")).lower() != _norm_str(remote).lower()
|
|
||||||
or _norm_str(record.get("org")).lower() != _norm_str(org).lower()
|
|
||||||
or _norm_str(record.get("repo")).lower() != _norm_str(repo).lower()
|
|
||||||
):
|
|
||||||
return False
|
|
||||||
expected_host = normalize_host(host)
|
|
||||||
record_host = normalize_host(record.get("host") or record.get("host_name"))
|
|
||||||
# When both sides declare a host, they must agree after normalization.
|
|
||||||
# A record host that disagrees with the expected host is out of scope.
|
|
||||||
# Legacy records without host still match when remote/org/repo agree.
|
|
||||||
if expected_host and record_host and expected_host != record_host:
|
|
||||||
return False
|
|
||||||
return True
|
|
||||||
|
|
||||||
|
|
||||||
def _branch_matches(record: dict[str, Any], branch: str) -> bool:
|
|
||||||
return _norm_str(record.get("branch")) == _norm_str(branch)
|
|
||||||
|
|
||||||
|
|
||||||
def assess_ownership_record_activity(record: dict[str, Any]) -> dict[str, Any]:
|
|
||||||
"""Classify one ownership record as blocking or non-blocking.
|
|
||||||
|
|
||||||
Distinguishes active ownership from expired/released/terminal/stale records.
|
|
||||||
Expired/stale records block unless reclaim_allowed is *explicitly* True
|
|
||||||
(O2: never treat missing/unknown reclaim as auto-allowed).
|
|
||||||
"""
|
|
||||||
status = _norm_str(record.get("status")).lower()
|
|
||||||
category = _norm_str(record.get("category")) or "unknown"
|
|
||||||
reclaim_allowed = record.get("reclaim_allowed")
|
|
||||||
|
|
||||||
if category == OWNERSHIP_CATEGORY_INVENTORY_ERROR:
|
|
||||||
return {
|
|
||||||
"blocks": True,
|
|
||||||
"status": status or "unknown",
|
|
||||||
"category": category,
|
|
||||||
"reason": "ownership inventory failed closed",
|
|
||||||
}
|
|
||||||
|
|
||||||
if status in _TERMINAL_OWNERSHIP_STATUSES:
|
|
||||||
return {
|
|
||||||
"blocks": False,
|
|
||||||
"status": status,
|
|
||||||
"category": category,
|
|
||||||
"reason": f"{category} ownership is terminal/released ({status})",
|
|
||||||
}
|
|
||||||
if status in _ACTIVE_OWNERSHIP_STATUSES:
|
|
||||||
return {
|
|
||||||
"blocks": True,
|
|
||||||
"status": status,
|
|
||||||
"category": category,
|
|
||||||
"reason": f"active {category} ownership still uses the target branch",
|
|
||||||
}
|
|
||||||
if status in _EXPIRED_STATUSES or status in _STALE_STATUSES:
|
|
||||||
# O2: only explicit reclaim_allowed=True skips the block.
|
|
||||||
if reclaim_allowed is True:
|
|
||||||
return {
|
|
||||||
"blocks": False,
|
|
||||||
"status": status,
|
|
||||||
"category": category,
|
|
||||||
"reason": (
|
|
||||||
f"{category} ownership is {status} and reclaimable; "
|
|
||||||
"does not block deletion"
|
|
||||||
),
|
|
||||||
}
|
|
||||||
return {
|
|
||||||
"blocks": True,
|
|
||||||
"status": status,
|
|
||||||
"category": category,
|
|
||||||
"reason": (
|
|
||||||
f"{status} {category} ownership still protects the target "
|
|
||||||
"branch (reclaim not proven; fail closed)"
|
|
||||||
),
|
|
||||||
}
|
|
||||||
# Unknown status → fail closed
|
|
||||||
return {
|
|
||||||
"blocks": True,
|
|
||||||
"status": status or "unknown",
|
|
||||||
"category": category,
|
|
||||||
"reason": (
|
|
||||||
f"unclassified {category} ownership status "
|
|
||||||
f"'{status or 'unknown'}'; fail closed"
|
|
||||||
),
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
def assess_active_branch_ownership(
|
|
||||||
*,
|
|
||||||
remote: str,
|
|
||||||
org: str,
|
|
||||||
repo: str,
|
|
||||||
branch: str,
|
|
||||||
host: str | None = None,
|
|
||||||
records: list[dict[str, Any]] | None = None,
|
|
||||||
) -> dict[str, Any]:
|
|
||||||
"""Assess whether any active ownership still uses *branch* in *repo*.
|
|
||||||
|
|
||||||
Matching requires remote/org/repo/branch and, when provided, normalized
|
|
||||||
host identity. Other repositories, hosts, or branches never false-block.
|
|
||||||
"""
|
|
||||||
target_branch = _norm_str(branch)
|
|
||||||
expected_host = normalize_host(host)
|
|
||||||
considered: list[dict[str, Any]] = []
|
|
||||||
blocking: list[dict[str, Any]] = []
|
|
||||||
ignored: list[dict[str, Any]] = []
|
|
||||||
|
|
||||||
for raw in records or []:
|
|
||||||
if not isinstance(raw, dict):
|
|
||||||
continue
|
|
||||||
if not _repo_matches(
|
|
||||||
raw, remote=remote, org=org, repo=repo, host=expected_host or None
|
|
||||||
):
|
|
||||||
ignored.append(
|
|
||||||
{
|
|
||||||
"category": _norm_str(raw.get("category")) or "unknown",
|
|
||||||
"reason": "different repository or host scope",
|
|
||||||
}
|
|
||||||
)
|
|
||||||
continue
|
|
||||||
if not _branch_matches(raw, target_branch):
|
|
||||||
ignored.append(
|
|
||||||
{
|
|
||||||
"category": _norm_str(raw.get("category")) or "unknown",
|
|
||||||
"reason": "different branch",
|
|
||||||
}
|
|
||||||
)
|
|
||||||
continue
|
|
||||||
activity = assess_ownership_record_activity(raw)
|
|
||||||
entry = {
|
|
||||||
"category": activity["category"],
|
|
||||||
"status": activity["status"],
|
|
||||||
"blocks": activity["blocks"],
|
|
||||||
"reason": activity["reason"],
|
|
||||||
}
|
|
||||||
considered.append(entry)
|
|
||||||
if activity["blocks"]:
|
|
||||||
blocking.append(entry)
|
|
||||||
|
|
||||||
block = bool(blocking)
|
|
||||||
categories = sorted({b["category"] for b in blocking})
|
|
||||||
reasons = [
|
|
||||||
(
|
|
||||||
"active ownership protects branch "
|
|
||||||
f"'{target_branch}': " + "; ".join(b["reason"] for b in blocking)
|
|
||||||
)
|
|
||||||
] if block else []
|
|
||||||
return {
|
|
||||||
"block": block,
|
|
||||||
"safe_to_delete": not block,
|
|
||||||
"remote": remote,
|
|
||||||
"org": org,
|
|
||||||
"repo": repo,
|
|
||||||
"host": expected_host or None,
|
|
||||||
"branch": target_branch,
|
|
||||||
"blocking_categories": categories,
|
|
||||||
"blocking": blocking,
|
|
||||||
"considered": considered,
|
|
||||||
"ignored_out_of_scope": ignored,
|
|
||||||
"reasons": reasons,
|
|
||||||
"blocker_kind": "active_branch_ownership" if block else None,
|
|
||||||
"recommended_action": "keep_remote_branch" if block else "delete_remote_branch",
|
|
||||||
}
|
|
||||||
|
|||||||
@@ -238,43 +238,11 @@ narrow operation set:
|
|||||||
- `gitea.issue.comment`
|
- `gitea.issue.comment`
|
||||||
- `gitea.issue.close`
|
- `gitea.issue.close`
|
||||||
- `gitea.pr.close`
|
- `gitea.pr.close`
|
||||||
- `gitea.branch.delete` (merged-branch cleanup only — see below)
|
|
||||||
|
|
||||||
Forbidden on reconciler profiles: `gitea.pr.approve`, `gitea.pr.merge`,
|
Forbidden on reconciler profiles: `gitea.pr.approve`, `gitea.pr.merge`,
|
||||||
`gitea.pr.review`, `gitea.pr.create`, `gitea.branch.push`, and
|
`gitea.pr.review`, `gitea.pr.create`, `gitea.branch.push`, and
|
||||||
`gitea.repo.commit`.
|
`gitea.repo.commit`.
|
||||||
|
|
||||||
### Merged-branch cleanup ownership (`gitea.branch.delete`)
|
|
||||||
|
|
||||||
The reconciler is the repository-supported owner of merged-PR source-branch
|
|
||||||
cleanup: `task_capability_map` maps `cleanup_merged_pr_branch` (and
|
|
||||||
`reconciliation_cleanup`) to role `reconciler` with permission
|
|
||||||
`gitea.branch.delete`. Post-merge branch lifecycle is reconciliation work —
|
|
||||||
it happens after the author, reviewer, and merger roles have completed, and
|
|
||||||
it must not be reachable from those roles.
|
|
||||||
|
|
||||||
Least-privilege constraints:
|
|
||||||
|
|
||||||
- `gitea.branch.delete` is granted **only** to reconciler profiles. Author,
|
|
||||||
reviewer, and merger profiles must never hold it; `gitea_delete_branch`
|
|
||||||
and `gitea_cleanup_merged_pr_branch` fail closed on any profile without
|
|
||||||
the permission.
|
|
||||||
- Even with the permission, reconciler deletion is only supported through the
|
|
||||||
guarded `gitea_cleanup_merged_pr_branch` path (#514 / #687): the PR must be
|
|
||||||
merged, the head an ancestor of the target, the branch not protected
|
|
||||||
(`master`/`main`/`dev`), the branch not a preservation/evidence ref (e.g.
|
|
||||||
`chore/issue-681-preserve-review-session-wip`), no open PR may still use the
|
|
||||||
head, and an explicit `CLEANUP MERGED PR <n> BRANCH <branch>` confirmation is
|
|
||||||
required. Raw `gitea_delete_branch` is **denied** to reconciler even when
|
|
||||||
`gitea.branch.delete` is present.
|
|
||||||
- Raw `git branch -d` / `git push --delete` cleanup remains blocked by
|
|
||||||
`branch_cleanup_guard` and the final-report validator regardless of
|
|
||||||
profile permissions.
|
|
||||||
- `gitea.branch.delete` has no short alias in `GITEA_OPERATION_ALIASES`;
|
|
||||||
write it fully qualified in `allowed_operations`. Migration must emit
|
|
||||||
canonical names such as `gitea.pr.close` (never bare `pr.close` /
|
|
||||||
`issue.close`, which the production normalizer rejects or drops).
|
|
||||||
|
|
||||||
Launch a static `gitea-reconciler` MCP namespace with
|
Launch a static `gitea-reconciler` MCP namespace with
|
||||||
`GITEA_MCP_PROFILE=prgs-reconciler`. Profile shape is validated by
|
`GITEA_MCP_PROFILE=prgs-reconciler`. Profile shape is validated by
|
||||||
`reconciler_profile.assess_reconciler_profile` (#304). Use the
|
`reconciler_profile.assess_reconciler_profile` (#304). Use the
|
||||||
@@ -283,159 +251,6 @@ Launch a static `gitea-reconciler` MCP namespace with
|
|||||||
fresh target-branch fetch, recorded target SHA, and ancestor proof. PRs whose
|
fresh target-branch fetch, recorded target SHA, and ancestor proof. PRs whose
|
||||||
heads are not already landed cannot be closed through this path.
|
heads are not already landed cannot be closed through this path.
|
||||||
|
|
||||||
### Operational runbook: grant reconciler `gitea.branch.delete` (#687)
|
|
||||||
|
|
||||||
Merging a code PR that updates `migrate_profiles.py` / `reconciler_profile.py`
|
|
||||||
**does not** change the live operator profile on disk. Apply the profile
|
|
||||||
change deliberately, then reconnect the client-managed namespace.
|
|
||||||
|
|
||||||
1. **Approved migration / profile-update command** (from the repo root, using
|
|
||||||
the project venv if present):
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# Dry-run first (default): validates v2 output, writes nothing
|
|
||||||
python3 migrate_profiles.py -i ~/.config/gitea-tools/profiles.json
|
|
||||||
|
|
||||||
# Apply: creates backup then writes migrated v2 config
|
|
||||||
python3 migrate_profiles.py -i ~/.config/gitea-tools/profiles.json -w
|
|
||||||
# Optional explicit paths:
|
|
||||||
# python3 migrate_profiles.py -i ~/.config/gitea-tools/profiles.json \
|
|
||||||
# -o ~/.config/gitea-tools/profiles.json \
|
|
||||||
# --backup ~/.config/gitea-tools/profiles.json.bak -w
|
|
||||||
```
|
|
||||||
|
|
||||||
If the live file is already v2, edit the reconciler identity’s
|
|
||||||
`allowed_operations` / `forbidden_operations` under
|
|
||||||
`environments.<env>.services.gitea.identities.reconciler` (or the
|
|
||||||
`prgs-reconciler` alias target) so allowed includes the canonical set
|
|
||||||
below — then re-validate with a load of the config (see step 3).
|
|
||||||
|
|
||||||
2. **Inspect the generated (or edited) profile** — confirm the reconciler
|
|
||||||
identity, for example:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
python3 - <<'PY'
|
|
||||||
import json
|
|
||||||
from pathlib import Path
|
|
||||||
cfg = json.loads(Path.home().joinpath(".config/gitea-tools/profiles.json").read_text())
|
|
||||||
# v2 environments shape:
|
|
||||||
ident = cfg["environments"]["prgs"]["services"]["gitea"]["identities"]["reconciler"]
|
|
||||||
print("role:", ident.get("role"))
|
|
||||||
print("allowed:", ident.get("allowed_operations"))
|
|
||||||
print("forbidden:", ident.get("forbidden_operations"))
|
|
||||||
PY
|
|
||||||
```
|
|
||||||
|
|
||||||
3. **Validate canonical operation names and least privilege**
|
|
||||||
|
|
||||||
Expected canonical **allowed** (defaults after migration):
|
|
||||||
|
|
||||||
- `gitea.read`
|
|
||||||
- `gitea.pr.close` (required)
|
|
||||||
- `gitea.pr.comment`
|
|
||||||
- `gitea.issue.comment`
|
|
||||||
- `gitea.issue.close`
|
|
||||||
- `gitea.branch.delete` (recommended; cleanup only)
|
|
||||||
|
|
||||||
Expected **forbidden** includes at least: `gitea.pr.approve`,
|
|
||||||
`gitea.pr.merge`, `gitea.pr.review`, `gitea.pr.create`,
|
|
||||||
`gitea.branch.push`, `gitea.repo.commit`.
|
|
||||||
|
|
||||||
No shorthand (`pr.close`, `issue.close`, `pr.comment`) may remain.
|
|
||||||
Validate with the production loader:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
python3 - <<'PY'
|
|
||||||
import gitea_config, reconciler_profile
|
|
||||||
from pathlib import Path
|
|
||||||
path = str(Path.home() / ".config/gitea-tools/profiles.json")
|
|
||||||
gitea_config.load_config(path) # fails closed on invalid config
|
|
||||||
# Or assess the reconciler lists directly after extracting them:
|
|
||||||
# print(reconciler_profile.assess_reconciler_profile(allowed, forbidden))
|
|
||||||
PY
|
|
||||||
```
|
|
||||||
|
|
||||||
4. **Merging PR #688 (or any code PR) does not update the live profile.**
|
|
||||||
Code changes only the migration helper, schema, docs, and tests. The
|
|
||||||
operator must still run `migrate_profiles.py -w` or an equivalent
|
|
||||||
authorized edit of `~/.config/gitea-tools/profiles.json`.
|
|
||||||
|
|
||||||
5. **Supported apply method:** `python3 migrate_profiles.py … -w` (backup
|
|
||||||
created automatically) **or** operator-authorized edit of the live
|
|
||||||
profiles file after backup. Unsupported: silent mtime tricks, manual
|
|
||||||
process kill to “reload”, or undocumented env overrides.
|
|
||||||
|
|
||||||
6. **Backup and validation:** `-w` copies the input to
|
|
||||||
`<input_path>.bak` (or `--backup PATH`) before writing. Re-run
|
|
||||||
`load_config` / `assess_reconciler_profile` after write. Keep the
|
|
||||||
`.bak` until live whoami/capability checks pass.
|
|
||||||
|
|
||||||
7. **Client-managed namespace reconnect/reload:** reconnect or reload the
|
|
||||||
IDE MCP client so `gitea-reconciler` restarts from current `master` and
|
|
||||||
the updated `GITEA_MCP_PROFILE=prgs-reconciler` config. Do not hand-launch
|
|
||||||
`mcp_server.py` / `gitea_mcp_server.py` with ad hoc `GITEA_*` env
|
|
||||||
(see #686 / #630).
|
|
||||||
|
|
||||||
8. **Live reverification** (through the client-managed `gitea-reconciler`
|
|
||||||
namespace only):
|
|
||||||
|
|
||||||
- `gitea_whoami` → identity + profile `prgs-reconciler`
|
|
||||||
- `gitea_assess_master_parity` → `stale=false`, `restart_required=false`
|
|
||||||
- `gitea_resolve_task_capability(task="cleanup_merged_pr_branch")` →
|
|
||||||
`allowed_in_current_session=true` only when permission and role match
|
|
||||||
- `gitea_resolve_task_capability(task="delete_branch")` →
|
|
||||||
**not** allowed for reconciler (role denial must be enforced)
|
|
||||||
|
|
||||||
9. **Guarded cleanup usage** (example for a merged PR whose source branch
|
|
||||||
remains on the remote):
|
|
||||||
|
|
||||||
```text
|
|
||||||
gitea_cleanup_merged_pr_branch(
|
|
||||||
pr_number=<N>,
|
|
||||||
branch=<exact PR head branch>,
|
|
||||||
confirmation="CLEANUP MERGED PR <N> BRANCH <exact PR head branch>",
|
|
||||||
remote="prgs",
|
|
||||||
org="Scaled-Tech-Consulting",
|
|
||||||
repo="Gitea-Tools",
|
|
||||||
worktree_path="<path under branches/>",
|
|
||||||
)
|
|
||||||
```
|
|
||||||
|
|
||||||
The tool refuses unmerged PRs, protected branches, preservation/evidence
|
|
||||||
branches, open-PR heads, mismatched branch names, and wrong confirmation.
|
|
||||||
|
|
||||||
10. **Prohibitions**
|
|
||||||
|
|
||||||
- No raw `git push --delete`, `git branch -d` / `-D`, or delete refspecs
|
|
||||||
- No arbitrary `gitea_delete_branch` from reconciler
|
|
||||||
- No unsupported profile switching mid-run without full re-preflight
|
|
||||||
- No ad hoc hand-edits of live profiles **unless** operator-authorized,
|
|
||||||
backed up, and revalidated as above
|
|
||||||
|
|
||||||
Canonical migrated reconciler example:
|
|
||||||
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"role": "reconciler",
|
|
||||||
"allowed_operations": [
|
|
||||||
"gitea.read",
|
|
||||||
"gitea.pr.close",
|
|
||||||
"gitea.pr.comment",
|
|
||||||
"gitea.issue.comment",
|
|
||||||
"gitea.issue.close",
|
|
||||||
"gitea.branch.delete"
|
|
||||||
],
|
|
||||||
"forbidden_operations": [
|
|
||||||
"gitea.pr.approve",
|
|
||||||
"gitea.pr.merge",
|
|
||||||
"gitea.pr.review",
|
|
||||||
"gitea.pr.create",
|
|
||||||
"gitea.branch.push",
|
|
||||||
"gitea.repo.commit"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
## Identity and fail-closed rules
|
## Identity and fail-closed rules
|
||||||
|
|
||||||
Before **any** mutating action, a workflow must know both:
|
Before **any** mutating action, a workflow must know both:
|
||||||
|
|||||||
@@ -0,0 +1,138 @@
|
|||||||
|
# Self-hosted Sentry observability for the Gitea MCP server (#606)
|
||||||
|
|
||||||
|
Optional, **off-by-default** instrumentation that reports MCP runtime errors,
|
||||||
|
fail-closed workflow blockers, lease / terminal-lock / stale-runtime
|
||||||
|
collisions, and recurring watchdog check-ins to a **self-hosted** Sentry at
|
||||||
|
`https://sentry.prgs.cc/`.
|
||||||
|
|
||||||
|
> **Gitea remains the source of truth.** Sentry is observe-only. It never
|
||||||
|
> approves, merges, closes, or otherwise mutates Gitea workflow state, and it
|
||||||
|
> never bypasses leases, #332, workflow roles, or the MCP gates. Sentry alerts
|
||||||
|
> may only feed the *sanctioned* Gitea issue/comment path via the #612 incident
|
||||||
|
> bridge — never a direct write.
|
||||||
|
|
||||||
|
Implemented by [`sentry_observability.py`](../../sentry_observability.py).
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 1. Create the Sentry project
|
||||||
|
|
||||||
|
1. Sign in to the self-hosted Sentry at **`https://sentry.prgs.cc/`** (this is
|
||||||
|
**not** Sentry Cloud — do not use `*.ingest.sentry.io`).
|
||||||
|
2. Create a new **Python** project named **`gitea-tools-mcp`**.
|
||||||
|
3. Open **Settings → Projects → gitea-tools-mcp → Client Keys (DSN)** and copy
|
||||||
|
the DSN. It looks like `https://<publickey>@sentry.prgs.cc/<project-id>`.
|
||||||
|
4. **Never commit the DSN.** It is a runtime secret supplied via env var only.
|
||||||
|
|
||||||
|
## 2. Configure the environment
|
||||||
|
|
||||||
|
All configuration is env-var driven (see [`.env.example`](../../.env.example)):
|
||||||
|
|
||||||
|
| Variable | Purpose | Default |
|
||||||
|
|----------|---------|---------|
|
||||||
|
| `MCP_SENTRY_ENABLED` | Master gate (`1/true/yes/on`). Required. | off |
|
||||||
|
| `SENTRY_DSN` | Self-hosted DSN. Required. | *(empty)* |
|
||||||
|
| `SENTRY_ENVIRONMENT` | `local` / `dev` / `prod` tag. | `development` |
|
||||||
|
| `SENTRY_RELEASE` | Release id (git SHA or version). | *(none)* |
|
||||||
|
| `MCP_SENTRY_TRACES_SAMPLE_RATE` | Perf-trace sample rate `0.0–1.0` (clamped). | `0.0` |
|
||||||
|
| `MCP_SENTRY_ENABLE_LOGS` | Forward Python logs as structured logs. | off |
|
||||||
|
|
||||||
|
**The feature stays completely off unless `MCP_SENTRY_ENABLED` is truthy *and*
|
||||||
|
`SENTRY_DSN` is non-empty.** With either missing, `init_sentry()` is a no-op,
|
||||||
|
the SDK is never initialised, and no events are sent — existing tool behaviour
|
||||||
|
and API-call patterns are unchanged.
|
||||||
|
|
||||||
|
### Per-environment examples
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# local (quiet: capture errors/blockers, no traces)
|
||||||
|
export MCP_SENTRY_ENABLED=1
|
||||||
|
export SENTRY_DSN="https://<key>@sentry.prgs.cc/<id>"
|
||||||
|
export SENTRY_ENVIRONMENT=local
|
||||||
|
|
||||||
|
# dev (light tracing + logs)
|
||||||
|
export MCP_SENTRY_ENABLED=1
|
||||||
|
export SENTRY_DSN="https://<key>@sentry.prgs.cc/<id>"
|
||||||
|
export SENTRY_ENVIRONMENT=dev
|
||||||
|
export MCP_SENTRY_TRACES_SAMPLE_RATE=0.2
|
||||||
|
export MCP_SENTRY_ENABLE_LOGS=1
|
||||||
|
|
||||||
|
# prod (errors/blockers + low-rate tracing, release-tagged)
|
||||||
|
export MCP_SENTRY_ENABLED=1
|
||||||
|
export SENTRY_DSN="https://<key>@sentry.prgs.cc/<id>"
|
||||||
|
export SENTRY_ENVIRONMENT=prod
|
||||||
|
export SENTRY_RELEASE="$(git rev-parse --short HEAD)"
|
||||||
|
export MCP_SENTRY_TRACES_SAMPLE_RATE=0.05
|
||||||
|
```
|
||||||
|
|
||||||
|
The optional SDK is pinned in [`requirements.txt`](../../requirements.txt)
|
||||||
|
(`sentry-sdk==2.20.0`). It is imported lazily: if the package is absent, the
|
||||||
|
module still imports and every entry point is a safe no-op.
|
||||||
|
|
||||||
|
## 3. What is instrumented
|
||||||
|
|
||||||
|
| Signal | Where | Notes |
|
||||||
|
|--------|-------|-------|
|
||||||
|
| Startup init | `gitea_mcp_server.py` `__main__`, before `mcp.run` | Prints a redaction-safe status line to stderr. |
|
||||||
|
| Failing mutations (exceptions) | `_audited(...)` context manager | `capture_exception` with scrubbed tags. |
|
||||||
|
| Fail-closed blockers / failed mutations | `_audit_pr_result(...)` (BLOCKED/FAILED) | Structured `capture_workflow_blocker` event incl. the canonical next action when available (criterion 7). |
|
||||||
|
| Allocator watchdog check-ins | `gitea_allocate_next_work` tool | `allocator_health`, `stale_lease_scan`, `terminal_lock_scan`. |
|
||||||
|
| Namespace-health check-in | `gitea_assess_mcp_namespace_health` tool | `namespace_health`. |
|
||||||
|
|
||||||
|
All capture paths are **best-effort / fail open**: a Sentry outage or capture
|
||||||
|
error never breaks an MCP tool success path.
|
||||||
|
|
||||||
|
## 4. Cron / watchdog monitors
|
||||||
|
|
||||||
|
`sentry_observability.MONITOR_SLUGS` defines stable check-in slugs:
|
||||||
|
|
||||||
|
| Registry key | Sentry monitor slug | Wired at |
|
||||||
|
|--------------|--------------------|----------|
|
||||||
|
| `stale_lease_scan` | `gitea-mcp-stale-lease-scan` | allocator run (global lease expiry) |
|
||||||
|
| `terminal_lock_scan` | `gitea-mcp-terminal-lock-scan` | allocator run (terminal-lock lookup) |
|
||||||
|
| `allocator_health` | `gitea-mcp-allocator-health` | allocator run |
|
||||||
|
| `namespace_health` | `gitea-mcp-namespace-health` | namespace-health probe |
|
||||||
|
| `dashboard_freshness` | `gitea-mcp-dashboard-freshness` | call `monitor_checkin("dashboard_freshness", ...)` from the dashboard refresh job (#605) |
|
||||||
|
| `reconciler_cleanup` | `gitea-mcp-reconciler-cleanup` | call `monitor_checkin("reconciler_cleanup", ...)` from the reconciler cleanup entrypoint |
|
||||||
|
|
||||||
|
Create matching Cron monitors in Sentry with those slugs. Emit an
|
||||||
|
`in_progress` check-in at job start and `ok`/`error` at completion via
|
||||||
|
`sentry_observability.monitor_checkin(slug_key, status)`.
|
||||||
|
|
||||||
|
## 5. Redaction guarantees (fail closed)
|
||||||
|
|
||||||
|
Redaction fails *closed*: if a field cannot be proven safe it is dropped rather
|
||||||
|
than sent. The `before_send` (and `before_send_log`) hook `scrub_event`
|
||||||
|
recursively redacts every outgoing event; on any error it drops the event
|
||||||
|
entirely. Guarantees, proven by `tests/test_sentry_observability.py`:
|
||||||
|
|
||||||
|
- **No** tokens, passwords, keychain IDs, DSNs, cookies, or `user:pass@host`.
|
||||||
|
- **No** raw session-state or full prompt/comment bodies — `session_id` is only
|
||||||
|
ever surfaced as a 12-char `session_id_hash`.
|
||||||
|
- **No** private config contents or raw credential headers.
|
||||||
|
- **No** full local filesystem paths — a worktree path collapses to a coarse
|
||||||
|
`worktree_category` (`author` / `reviewer` / `merger` / `reconciler` /
|
||||||
|
`branches` / `root` / `other`).
|
||||||
|
- Only the allowlisted tag keys in `ALLOWED_TAG_KEYS` are ever attached.
|
||||||
|
|
||||||
|
## 6. Coexistence with GlitchTip / the #612 incident bridge
|
||||||
|
|
||||||
|
This is the **outbound** path (MCP → Sentry SDK). It complements — it does not
|
||||||
|
replace — the **inbound** [`incident_bridge.py`](../../incident_bridge.py)
|
||||||
|
(#612), which turns Sentry/GlitchTip *observations* into durable Gitea issues
|
||||||
|
and `incident_links` rows.
|
||||||
|
|
||||||
|
- Prefer **one** observability path per environment. Point the MCP server's
|
||||||
|
`SENTRY_DSN` at the same self-hosted `gitea-tools-mcp` project that the #612
|
||||||
|
bridge reconciles from, so an MCP-reported error and its Gitea issue line up.
|
||||||
|
- GlitchTip is Sentry-protocol compatible; if an existing GlitchTip DSN is in
|
||||||
|
use, either migrate it to `https://sentry.prgs.cc/` or document the split
|
||||||
|
(MCP → Sentry, legacy → GlitchTip) explicitly for operators.
|
||||||
|
- The bridge remains the **only** sanctioned route from an alert back into
|
||||||
|
Gitea workflow state.
|
||||||
|
|
||||||
|
## 7. Non-goals
|
||||||
|
|
||||||
|
- Sentry must **not** become the workflow source of truth.
|
||||||
|
- Sentry must **not** approve, merge, close, or mutate Gitea workflow state.
|
||||||
|
- Sentry must **not** bypass leases, #332, workflow roles, or the MCP gates.
|
||||||
+121
-873
File diff suppressed because it is too large
Load Diff
+7
-126
@@ -20,114 +20,12 @@ if PROJECT_ROOT not in sys.path:
|
|||||||
import gitea_config
|
import gitea_config
|
||||||
|
|
||||||
|
|
||||||
# Defaults emit *canonical* operation names only. Shorthand that is not in
|
AUTHOR_DEFAULT_ALLOWED = ["read", "branch", "commit", "push", "open_pr", "comment"]
|
||||||
# gitea_config.GITEA_OPERATION_ALIASES (e.g. ``pr.close``, ``issue.close``)
|
AUTHOR_DEFAULT_FORBIDDEN = ["approve", "request_changes", "merge"]
|
||||||
# is silently dropped by the production loader and must never appear here.
|
|
||||||
AUTHOR_DEFAULT_ALLOWED = [
|
|
||||||
"gitea.read",
|
|
||||||
"gitea.branch.create",
|
|
||||||
"gitea.repo.commit",
|
|
||||||
"gitea.branch.push",
|
|
||||||
"gitea.pr.create",
|
|
||||||
"gitea.pr.comment",
|
|
||||||
]
|
|
||||||
AUTHOR_DEFAULT_FORBIDDEN = [
|
|
||||||
"gitea.pr.approve",
|
|
||||||
"gitea.pr.request_changes",
|
|
||||||
"gitea.pr.merge",
|
|
||||||
]
|
|
||||||
REVIEWER_DEFAULT_ALLOWED = [
|
REVIEWER_DEFAULT_ALLOWED = [
|
||||||
"gitea.read",
|
"read", "review", "comment", "approve", "request_changes", "merge"
|
||||||
"gitea.pr.review",
|
|
||||||
"gitea.pr.comment",
|
|
||||||
"gitea.pr.approve",
|
|
||||||
"gitea.pr.request_changes",
|
|
||||||
"gitea.pr.merge",
|
|
||||||
]
|
]
|
||||||
REVIEWER_DEFAULT_FORBIDDEN = [
|
REVIEWER_DEFAULT_FORBIDDEN = ["branch", "commit", "push", "open_pr"]
|
||||||
"gitea.branch.create",
|
|
||||||
"gitea.repo.commit",
|
|
||||||
"gitea.branch.push",
|
|
||||||
"gitea.pr.create",
|
|
||||||
]
|
|
||||||
# Required reconciler ops (read + pr.close) plus recommended comment/close and
|
|
||||||
# branch.delete for guarded merged-PR cleanup. All names must normalize via
|
|
||||||
# gitea_config.normalize_operation without being dropped.
|
|
||||||
RECONCILER_DEFAULT_ALLOWED = [
|
|
||||||
"gitea.read",
|
|
||||||
"gitea.pr.close",
|
|
||||||
"gitea.pr.comment",
|
|
||||||
"gitea.issue.comment",
|
|
||||||
"gitea.issue.close",
|
|
||||||
"gitea.branch.delete",
|
|
||||||
]
|
|
||||||
RECONCILER_DEFAULT_FORBIDDEN = [
|
|
||||||
"gitea.pr.approve",
|
|
||||||
"gitea.pr.merge",
|
|
||||||
"gitea.pr.review",
|
|
||||||
"gitea.pr.create",
|
|
||||||
"gitea.branch.push",
|
|
||||||
"gitea.repo.commit",
|
|
||||||
]
|
|
||||||
|
|
||||||
# Migration-only expansions for common shorthands that are *not* in
|
|
||||||
# GITEA_OPERATION_ALIASES. Emitted output is always the canonical form so a
|
|
||||||
# second canonicalize pass is a no-op (idempotent).
|
|
||||||
_MIGRATION_ONLY_ALIASES = {
|
|
||||||
"pr.close": "gitea.pr.close",
|
|
||||||
"pr.comment": "gitea.pr.comment",
|
|
||||||
"issue.close": "gitea.issue.close",
|
|
||||||
"branch.delete": "gitea.branch.delete",
|
|
||||||
}
|
|
||||||
|
|
||||||
# Reconciler required ops that must survive migration (from reconciler_profile).
|
|
||||||
RECONCILER_REQUIRED_CANONICAL = ("gitea.read", "gitea.pr.close")
|
|
||||||
|
|
||||||
|
|
||||||
def canonicalize_operation(op: str) -> str:
|
|
||||||
"""Return a canonical operation name accepted by the production loader.
|
|
||||||
|
|
||||||
Fail closed on unknown/ambiguous spellings so required permissions cannot
|
|
||||||
be silently dropped by ``check_operation`` later.
|
|
||||||
"""
|
|
||||||
if not isinstance(op, str) or not op.strip():
|
|
||||||
raise ValueError("operation must be a non-empty string (fail closed)")
|
|
||||||
op = op.strip()
|
|
||||||
try:
|
|
||||||
return gitea_config.normalize_operation(op)
|
|
||||||
except gitea_config.ConfigError:
|
|
||||||
pass
|
|
||||||
if op in _MIGRATION_ONLY_ALIASES:
|
|
||||||
return _MIGRATION_ONLY_ALIASES[op]
|
|
||||||
raise ValueError(
|
|
||||||
f"operation {op!r} cannot be canonicalized for migration "
|
|
||||||
"(unknown/ambiguous; fail closed — production loader would drop it)"
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def canonicalize_operations(ops, *, context: str = "operations") -> list[str]:
|
|
||||||
"""Canonicalize a list of operations; preserve order, drop duplicates."""
|
|
||||||
if not isinstance(ops, list):
|
|
||||||
raise ValueError(f"{context} must be a list (fail closed)")
|
|
||||||
out: list[str] = []
|
|
||||||
seen: set[str] = set()
|
|
||||||
for entry in ops:
|
|
||||||
canon = canonicalize_operation(entry)
|
|
||||||
if canon not in seen:
|
|
||||||
seen.add(canon)
|
|
||||||
out.append(canon)
|
|
||||||
return out
|
|
||||||
|
|
||||||
|
|
||||||
def _assert_reconciler_required_survive(allowed: list[str], profile_name: str) -> None:
|
|
||||||
"""Fail visibly when migration would leave a reconciler without required ops."""
|
|
||||||
missing = [op for op in RECONCILER_REQUIRED_CANONICAL if op not in set(allowed)]
|
|
||||||
if missing:
|
|
||||||
raise ValueError(
|
|
||||||
f"Profile '{profile_name}' (reconciler) is missing required "
|
|
||||||
f"operation(s) after migration: {missing}. Refusing to emit a "
|
|
||||||
"profile that would silently fail pr.close / read (fail closed)."
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def infer_role(name, execution_profile):
|
def infer_role(name, execution_profile):
|
||||||
@@ -192,11 +90,9 @@ def migrate_v1_to_v2(v1_data):
|
|||||||
ident_name = "reviewer"
|
ident_name = "reviewer"
|
||||||
elif role == "author":
|
elif role == "author":
|
||||||
ident_name = "author"
|
ident_name = "author"
|
||||||
elif role == "reconciler":
|
|
||||||
ident_name = "reconciler"
|
|
||||||
else:
|
else:
|
||||||
role = prof.get("role")
|
role = prof.get("role")
|
||||||
if role not in (None, "author", "reviewer", "reconciler"):
|
if role not in (None, "author", "reviewer"):
|
||||||
raise ValueError(
|
raise ValueError(
|
||||||
f"Profile '{name}' has unsupported role {role!r}"
|
f"Profile '{name}' has unsupported role {role!r}"
|
||||||
)
|
)
|
||||||
@@ -228,35 +124,20 @@ def migrate_v1_to_v2(v1_data):
|
|||||||
raise ValueError(
|
raise ValueError(
|
||||||
f"Profile '{name}' operation fields must be lists"
|
f"Profile '{name}' operation fields must be lists"
|
||||||
)
|
)
|
||||||
try:
|
identity_data["allowed_operations"] = list(allowed)
|
||||||
identity_data["allowed_operations"] = canonicalize_operations(
|
identity_data["forbidden_operations"] = list(forbidden)
|
||||||
allowed, context=f"profile '{name}' allowed_operations"
|
|
||||||
)
|
|
||||||
identity_data["forbidden_operations"] = canonicalize_operations(
|
|
||||||
forbidden, context=f"profile '{name}' forbidden_operations"
|
|
||||||
)
|
|
||||||
except ValueError as exc:
|
|
||||||
raise ValueError(f"Profile '{name}': {exc}") from exc
|
|
||||||
elif role == "author":
|
elif role == "author":
|
||||||
identity_data["allowed_operations"] = list(AUTHOR_DEFAULT_ALLOWED)
|
identity_data["allowed_operations"] = list(AUTHOR_DEFAULT_ALLOWED)
|
||||||
identity_data["forbidden_operations"] = list(AUTHOR_DEFAULT_FORBIDDEN)
|
identity_data["forbidden_operations"] = list(AUTHOR_DEFAULT_FORBIDDEN)
|
||||||
elif role == "reviewer":
|
elif role == "reviewer":
|
||||||
identity_data["allowed_operations"] = list(REVIEWER_DEFAULT_ALLOWED)
|
identity_data["allowed_operations"] = list(REVIEWER_DEFAULT_ALLOWED)
|
||||||
identity_data["forbidden_operations"] = list(REVIEWER_DEFAULT_FORBIDDEN)
|
identity_data["forbidden_operations"] = list(REVIEWER_DEFAULT_FORBIDDEN)
|
||||||
elif role == "reconciler":
|
|
||||||
identity_data["allowed_operations"] = list(RECONCILER_DEFAULT_ALLOWED)
|
|
||||||
identity_data["forbidden_operations"] = list(RECONCILER_DEFAULT_FORBIDDEN)
|
|
||||||
else:
|
else:
|
||||||
raise ValueError(
|
raise ValueError(
|
||||||
f"Profile '{name}' has no explicit operation lists and no "
|
f"Profile '{name}' has no explicit operation lists and no "
|
||||||
"unambiguous author/reviewer role marker (fail closed)"
|
"unambiguous author/reviewer role marker (fail closed)"
|
||||||
)
|
)
|
||||||
|
|
||||||
if role == "reconciler":
|
|
||||||
_assert_reconciler_required_survive(
|
|
||||||
identity_data["allowed_operations"], name
|
|
||||||
)
|
|
||||||
|
|
||||||
# Nest inside environments/services structure
|
# Nest inside environments/services structure
|
||||||
env = environments.setdefault(env_name, {})
|
env = environments.setdefault(env_name, {})
|
||||||
services = env.setdefault("services", {})
|
services = env.setdefault("services", {})
|
||||||
|
|||||||
@@ -18,11 +18,6 @@ RECONCILER_RECOMMENDED_OPERATIONS = (
|
|||||||
"gitea.pr.comment",
|
"gitea.pr.comment",
|
||||||
"gitea.issue.comment",
|
"gitea.issue.comment",
|
||||||
"gitea.issue.close",
|
"gitea.issue.close",
|
||||||
# Merged-branch cleanup is reconciler-owned (task_capability_map maps
|
|
||||||
# cleanup_merged_pr_branch -> reconciler). The permission is only
|
|
||||||
# exercisable through the guarded gitea_cleanup_merged_pr_branch path
|
|
||||||
# (#514): merged proof, protected-branch refusal, explicit confirmation.
|
|
||||||
"gitea.branch.delete",
|
|
||||||
)
|
)
|
||||||
|
|
||||||
RECONCILER_FORBIDDEN_OPERATIONS = (
|
RECONCILER_FORBIDDEN_OPERATIONS = (
|
||||||
|
|||||||
@@ -31,6 +31,7 @@ python-multipart==0.0.32
|
|||||||
referencing==0.37.0
|
referencing==0.37.0
|
||||||
rich==15.0.0
|
rich==15.0.0
|
||||||
rpds-py==2026.5.1
|
rpds-py==2026.5.1
|
||||||
|
sentry-sdk==2.20.0
|
||||||
shellingham==1.5.4
|
shellingham==1.5.4
|
||||||
sse-starlette==3.4.5
|
sse-starlette==3.4.5
|
||||||
starlette==1.3.1
|
starlette==1.3.1
|
||||||
|
|||||||
@@ -0,0 +1,535 @@
|
|||||||
|
"""Optional self-hosted Sentry observability for the Gitea MCP server (#606).
|
||||||
|
|
||||||
|
Adds env-var-gated Sentry SDK instrumentation so runtime errors, fail-closed
|
||||||
|
workflow blockers, lease/terminal-lock/stale-runtime collisions, and recurring
|
||||||
|
watchdog check-ins are visible in a *self-hosted* Sentry at
|
||||||
|
``https://sentry.prgs.cc/`` — never Sentry Cloud, and never as the workflow
|
||||||
|
source of truth (Gitea stays canonical).
|
||||||
|
|
||||||
|
Design constraints (mirror ``gitea_audit`` and the #612 incident bridge):
|
||||||
|
|
||||||
|
- **Off by default.** With ``MCP_SENTRY_ENABLED`` false/unset *or* ``SENTRY_DSN``
|
||||||
|
empty, ``init_sentry`` is a no-op and no events are ever sent — existing tool
|
||||||
|
behaviour and API-call patterns are unchanged (acceptance criterion 1).
|
||||||
|
- **Fail *open* for observability.** A Sentry outage, a missing ``sentry_sdk``
|
||||||
|
package, or any capture error must never break an MCP tool success path. Every
|
||||||
|
public entry point swallows its own exceptions.
|
||||||
|
- **Fail *closed* for redaction.** If a field cannot be proven safe it is dropped
|
||||||
|
rather than sent. Tokens, passwords, keychain IDs, DSNs, private config, raw
|
||||||
|
session-state, full prompt bodies, and full filesystem paths never leave here.
|
||||||
|
- **No hard dependency.** ``sentry_sdk`` is imported lazily; the module is fully
|
||||||
|
importable and testable without it installed.
|
||||||
|
|
||||||
|
Sentry is observe-only: it must not approve, merge, close, or otherwise mutate
|
||||||
|
Gitea workflow state, nor bypass leases, #332, or MCP gates. Alerts may only feed
|
||||||
|
the sanctioned Gitea issue/comment path via the #612 incident bridge.
|
||||||
|
"""
|
||||||
|
|
||||||
|
from __future__ import annotations
|
||||||
|
|
||||||
|
import hashlib
|
||||||
|
import os
|
||||||
|
import re
|
||||||
|
from dataclasses import dataclass
|
||||||
|
from typing import Any
|
||||||
|
|
||||||
|
# Reuse the most comprehensive existing scrubber so redaction stays consistent
|
||||||
|
# with the #612 incident bridge (tokens, DSNs, cookies, bearer/basic, keychain
|
||||||
|
# ids, session ids, user:pass@host).
|
||||||
|
from incident_bridge import redact_text as _redact_text
|
||||||
|
|
||||||
|
# Second, complementary scrubber: catches bare ``token <value>`` /
|
||||||
|
# ``Bearer <value>`` / ``Basic <value>`` prefixes and raw URLs that the
|
||||||
|
# incident-bridge delimiter patterns miss.
|
||||||
|
from gitea_audit import _redact_str as _redact_prefixes
|
||||||
|
|
||||||
|
# ── Optional SDK (lazy, never a hard dependency) ────────────────────────────
|
||||||
|
try: # pragma: no cover - trivial import guard
|
||||||
|
import sentry_sdk # type: ignore
|
||||||
|
except Exception: # pragma: no cover - absence is a supported state
|
||||||
|
sentry_sdk = None # type: ignore
|
||||||
|
|
||||||
|
|
||||||
|
# ── Env var names (single source of truth) ──────────────────────────────────
|
||||||
|
ENV_ENABLED = "MCP_SENTRY_ENABLED"
|
||||||
|
ENV_DSN = "SENTRY_DSN"
|
||||||
|
ENV_ENVIRONMENT = "SENTRY_ENVIRONMENT"
|
||||||
|
ENV_RELEASE = "SENTRY_RELEASE"
|
||||||
|
ENV_TRACES_SAMPLE_RATE = "MCP_SENTRY_TRACES_SAMPLE_RATE"
|
||||||
|
ENV_ENABLE_LOGS = "MCP_SENTRY_ENABLE_LOGS"
|
||||||
|
|
||||||
|
_TRUTHY = frozenset({"1", "true", "yes", "on"})
|
||||||
|
|
||||||
|
REDACTED = "[REDACTED]"
|
||||||
|
REDACTED_PATH = "[REDACTED_PATH]"
|
||||||
|
|
||||||
|
|
||||||
|
# ── Cron / watchdog monitor slugs (acceptance criterion 6) ──────────────────
|
||||||
|
# Stable slugs for the recurring/watchdog jobs #606 wants check-ins for. The
|
||||||
|
# slug is the durable monitor identity in Sentry; the wiring call sites pass one
|
||||||
|
# of these keys (or an explicit slug) to ``monitor_checkin``.
|
||||||
|
MONITOR_SLUGS: dict[str, str] = {
|
||||||
|
"stale_lease_scan": "gitea-mcp-stale-lease-scan",
|
||||||
|
"terminal_lock_scan": "gitea-mcp-terminal-lock-scan",
|
||||||
|
"allocator_health": "gitea-mcp-allocator-health",
|
||||||
|
"namespace_health": "gitea-mcp-namespace-health",
|
||||||
|
"dashboard_freshness": "gitea-mcp-dashboard-freshness",
|
||||||
|
"reconciler_cleanup": "gitea-mcp-reconciler-cleanup",
|
||||||
|
}
|
||||||
|
|
||||||
|
_CHECKIN_STATUSES = frozenset({"in_progress", "ok", "error"})
|
||||||
|
|
||||||
|
|
||||||
|
# ── Tag allowlist (issue "Suggested Sentry tags/context") ───────────────────
|
||||||
|
# Only these keys are ever attached as Sentry tags. Anything else is dropped so
|
||||||
|
# a caller cannot accidentally leak a sensitive value through a tag.
|
||||||
|
ALLOWED_TAG_KEYS = frozenset({
|
||||||
|
"role",
|
||||||
|
"profile",
|
||||||
|
"namespace",
|
||||||
|
"repo",
|
||||||
|
"org",
|
||||||
|
"issue_number",
|
||||||
|
"pr_number",
|
||||||
|
"blocker_type",
|
||||||
|
"workflow_hash",
|
||||||
|
"session_id_hash", # hash only — never the raw session id
|
||||||
|
"pid",
|
||||||
|
"worktree_category", # category, never the full sensitive path
|
||||||
|
"lease_comment_id",
|
||||||
|
"expected_head_sha",
|
||||||
|
"current_head_sha",
|
||||||
|
"terminal_lock_state",
|
||||||
|
"capability",
|
||||||
|
"mutation_tool",
|
||||||
|
})
|
||||||
|
|
||||||
|
# Absolute-path shapes that must never be sent verbatim (macOS/Linux + temp).
|
||||||
|
_PATH_RE = re.compile(r"(?:/private)?/(?:Users|home|tmp|var|opt|Volumes)/[^\s\"']*")
|
||||||
|
|
||||||
|
# ``extra`` keys whose *full* contents are forbidden by the redaction rules
|
||||||
|
# (raw session-state, full prompt/comment bodies, private config blobs, raw
|
||||||
|
# headers).
|
||||||
|
_FORBIDDEN_EXTRA_KEYS = frozenset({
|
||||||
|
"prompt",
|
||||||
|
"prompt_body",
|
||||||
|
"next_prompt",
|
||||||
|
"body",
|
||||||
|
"raw_body",
|
||||||
|
"session_state",
|
||||||
|
"session_state_contents",
|
||||||
|
"config",
|
||||||
|
"config_contents",
|
||||||
|
"private_config",
|
||||||
|
"headers",
|
||||||
|
"authorization",
|
||||||
|
})
|
||||||
|
|
||||||
|
|
||||||
|
# ── Configuration ───────────────────────────────────────────────────────────
|
||||||
|
@dataclass(frozen=True)
|
||||||
|
class SentryConfig:
|
||||||
|
"""Immutable snapshot of the Sentry env configuration."""
|
||||||
|
|
||||||
|
enabled: bool = False
|
||||||
|
dsn: str | None = None
|
||||||
|
environment: str = "development"
|
||||||
|
release: str | None = None
|
||||||
|
traces_sample_rate: float = 0.0
|
||||||
|
enable_logs: bool = False
|
||||||
|
|
||||||
|
@property
|
||||||
|
def active(self) -> bool:
|
||||||
|
"""True only when the operator both opted in *and* supplied a DSN.
|
||||||
|
|
||||||
|
This is the single gate that keeps the feature off by default: enabling
|
||||||
|
the flag without a DSN (or vice versa) sends nothing.
|
||||||
|
"""
|
||||||
|
return bool(self.enabled and self.dsn)
|
||||||
|
|
||||||
|
def safe_summary(self) -> dict[str, Any]:
|
||||||
|
"""Operator-facing status with **no** DSN value (only presence)."""
|
||||||
|
return {
|
||||||
|
"enabled": self.enabled,
|
||||||
|
"dsn_present": bool(self.dsn),
|
||||||
|
"environment": self.environment,
|
||||||
|
"release": self.release,
|
||||||
|
"traces_sample_rate": self.traces_sample_rate,
|
||||||
|
"enable_logs": self.enable_logs,
|
||||||
|
"active": self.active,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def _env_bool(name: str, env: dict[str, str]) -> bool:
|
||||||
|
return (env.get(name) or "").strip().lower() in _TRUTHY
|
||||||
|
|
||||||
|
|
||||||
|
def _env_float(name: str, default: float, env: dict[str, str]) -> float:
|
||||||
|
raw = (env.get(name) or "").strip()
|
||||||
|
if not raw:
|
||||||
|
return default
|
||||||
|
try:
|
||||||
|
val = float(raw)
|
||||||
|
except (TypeError, ValueError):
|
||||||
|
return default
|
||||||
|
# Clamp to Sentry's valid [0.0, 1.0] sample-rate range.
|
||||||
|
if val < 0.0:
|
||||||
|
return 0.0
|
||||||
|
if val > 1.0:
|
||||||
|
return 1.0
|
||||||
|
return val
|
||||||
|
|
||||||
|
|
||||||
|
def load_config(env: dict[str, str] | None = None) -> SentryConfig:
|
||||||
|
"""Build a :class:`SentryConfig` from the environment (read at call time)."""
|
||||||
|
env = dict(os.environ if env is None else env)
|
||||||
|
dsn = (env.get(ENV_DSN) or "").strip() or None
|
||||||
|
return SentryConfig(
|
||||||
|
enabled=_env_bool(ENV_ENABLED, env),
|
||||||
|
dsn=dsn,
|
||||||
|
environment=(env.get(ENV_ENVIRONMENT) or "").strip() or "development",
|
||||||
|
release=(env.get(ENV_RELEASE) or "").strip() or None,
|
||||||
|
traces_sample_rate=_env_float(ENV_TRACES_SAMPLE_RATE, 0.0, env),
|
||||||
|
enable_logs=_env_bool(ENV_ENABLE_LOGS, env),
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def sdk_available() -> bool:
|
||||||
|
"""True when the optional ``sentry_sdk`` package is importable."""
|
||||||
|
return sentry_sdk is not None
|
||||||
|
|
||||||
|
|
||||||
|
# ── Redaction (fail closed) ─────────────────────────────────────────────────
|
||||||
|
def sanitize_path(value: Any) -> str:
|
||||||
|
"""Reduce a filesystem path to a non-sensitive *category* token.
|
||||||
|
|
||||||
|
Full local paths must never be sent. We keep only a coarse worktree
|
||||||
|
category derived from the path shape (author/reviewer/merger/reconciler/
|
||||||
|
branches/root/other).
|
||||||
|
"""
|
||||||
|
text = "" if value is None else str(value)
|
||||||
|
low = text.lower()
|
||||||
|
if not text:
|
||||||
|
return "unknown"
|
||||||
|
# Order matters: more specific role markers before the generic "branches".
|
||||||
|
if "reconcile" in low:
|
||||||
|
return "reconciler"
|
||||||
|
if "review" in low:
|
||||||
|
return "reviewer"
|
||||||
|
if "merge" in low or "merger" in low:
|
||||||
|
return "merger"
|
||||||
|
if "author" in low or re.search(r"/branches/(?:feat|fix|docs|chore|issue)", low):
|
||||||
|
return "author"
|
||||||
|
if "/branches/" in low:
|
||||||
|
return "branches"
|
||||||
|
if low.rstrip("/").endswith("gitea-tools"):
|
||||||
|
return "root"
|
||||||
|
return "other"
|
||||||
|
|
||||||
|
|
||||||
|
def redact_value(value: Any) -> Any:
|
||||||
|
"""Recursively redact a JSON-able value: secret text, absolute paths, and
|
||||||
|
known-sensitive dict keys are removed. Fail closed — any error drops the
|
||||||
|
value entirely rather than risk leaking it."""
|
||||||
|
try:
|
||||||
|
if isinstance(value, dict):
|
||||||
|
out: dict[str, Any] = {}
|
||||||
|
for k, v in value.items():
|
||||||
|
key = str(k)
|
||||||
|
low = key.lower()
|
||||||
|
if low in _FORBIDDEN_EXTRA_KEYS or any(
|
||||||
|
s in low
|
||||||
|
for s in ("token", "secret", "password", "cookie", "auth", "dsn", "keychain")
|
||||||
|
):
|
||||||
|
out[key] = REDACTED
|
||||||
|
continue
|
||||||
|
out[key] = redact_value(v)
|
||||||
|
return out
|
||||||
|
if isinstance(value, (list, tuple)):
|
||||||
|
return [redact_value(v) for v in value]
|
||||||
|
if isinstance(value, str):
|
||||||
|
scrubbed = _redact_text(value)
|
||||||
|
scrubbed = _redact_prefixes(scrubbed)
|
||||||
|
scrubbed = _PATH_RE.sub(REDACTED_PATH, scrubbed)
|
||||||
|
return scrubbed
|
||||||
|
return value
|
||||||
|
except Exception:
|
||||||
|
return REDACTED
|
||||||
|
|
||||||
|
|
||||||
|
def hash_session_id(session_id: Any) -> str:
|
||||||
|
"""Short, stable, non-reversible fingerprint of a session id."""
|
||||||
|
digest = hashlib.sha256(str(session_id).encode("utf-8", "replace")).hexdigest()
|
||||||
|
return digest[:12]
|
||||||
|
|
||||||
|
|
||||||
|
def build_tags(**kwargs: Any) -> dict[str, str]:
|
||||||
|
"""Return a scrubbed, allowlisted tag dict.
|
||||||
|
|
||||||
|
``session_id`` is accepted but only ever surfaced as ``session_id_hash``.
|
||||||
|
``worktree_path`` collapses to ``worktree_category``. Any non-allowlisted
|
||||||
|
key, or a value that still contains redacted material after scrubbing, is
|
||||||
|
dropped.
|
||||||
|
"""
|
||||||
|
raw: dict[str, Any] = dict(kwargs)
|
||||||
|
|
||||||
|
# Hash the session id — never emit it raw.
|
||||||
|
session_id = raw.pop("session_id", None)
|
||||||
|
if session_id and "session_id_hash" not in raw:
|
||||||
|
raw["session_id_hash"] = hash_session_id(session_id)
|
||||||
|
|
||||||
|
# A full worktree path collapses to a category tag.
|
||||||
|
wt = raw.pop("worktree_path", None)
|
||||||
|
if wt and "worktree_category" not in raw:
|
||||||
|
raw["worktree_category"] = sanitize_path(wt)
|
||||||
|
|
||||||
|
out: dict[str, str] = {}
|
||||||
|
for key, val in raw.items():
|
||||||
|
if key not in ALLOWED_TAG_KEYS:
|
||||||
|
continue
|
||||||
|
if val is None:
|
||||||
|
continue
|
||||||
|
scrubbed = redact_value(val)
|
||||||
|
text = str(scrubbed)
|
||||||
|
if not text or REDACTED in text or REDACTED_PATH in text:
|
||||||
|
continue
|
||||||
|
if len(text) > 200:
|
||||||
|
text = text[:200] + "…"
|
||||||
|
out[key] = text
|
||||||
|
return out
|
||||||
|
|
||||||
|
|
||||||
|
def scrub_event(event: Any, hint: Any = None) -> dict[str, Any] | None:
|
||||||
|
"""Sentry ``before_send`` / ``before_send_log`` hook.
|
||||||
|
|
||||||
|
Recursively redacts the outgoing event. On *any* failure it returns ``None``
|
||||||
|
so the event is dropped rather than sent unscrubbed (fail closed for
|
||||||
|
redaction).
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
if not isinstance(event, dict):
|
||||||
|
return None
|
||||||
|
scrubbed = redact_value(event)
|
||||||
|
# Drop server_name if it leaked a hostname/path; PID is kept via tags.
|
||||||
|
scrubbed.pop("server_name", None)
|
||||||
|
return scrubbed
|
||||||
|
except Exception:
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
|
# ── Event builders (pure, independently testable) ───────────────────────────
|
||||||
|
def build_blocker_event(
|
||||||
|
blocker_type: str,
|
||||||
|
*,
|
||||||
|
message: str | None = None,
|
||||||
|
next_action: str | None = None,
|
||||||
|
level: str = "warning",
|
||||||
|
tags: dict[str, Any] | None = None,
|
||||||
|
extra: dict[str, Any] | None = None,
|
||||||
|
) -> dict[str, Any]:
|
||||||
|
"""Build a redacted, structured Sentry event for a workflow blocker.
|
||||||
|
|
||||||
|
``next_action`` maps the issue's "canonical next action when available"
|
||||||
|
requirement (acceptance criterion 7).
|
||||||
|
"""
|
||||||
|
merged_tags = dict(tags or {})
|
||||||
|
merged_tags.setdefault("blocker_type", blocker_type)
|
||||||
|
safe_tags = build_tags(**merged_tags)
|
||||||
|
|
||||||
|
safe_extra = redact_value(dict(extra or {}))
|
||||||
|
if next_action:
|
||||||
|
# A short canonical next action is allowed (it is not a full prompt).
|
||||||
|
safe_extra["canonical_next_action"] = redact_value(str(next_action)[:500])
|
||||||
|
|
||||||
|
event: dict[str, Any] = {
|
||||||
|
"message": redact_value(message or blocker_type),
|
||||||
|
"level": level if level in ("debug", "info", "warning", "error", "fatal") else "warning",
|
||||||
|
"logger": "gitea-mcp.workflow",
|
||||||
|
"tags": safe_tags,
|
||||||
|
"extra": safe_extra,
|
||||||
|
"fingerprint": ["workflow-blocker", blocker_type],
|
||||||
|
}
|
||||||
|
return event
|
||||||
|
|
||||||
|
|
||||||
|
def build_checkin_payload(
|
||||||
|
monitor: str,
|
||||||
|
status: str,
|
||||||
|
*,
|
||||||
|
check_in_id: str | None = None,
|
||||||
|
duration: float | None = None,
|
||||||
|
) -> dict[str, Any]:
|
||||||
|
"""Build a Sentry cron check-in payload for one of :data:`MONITOR_SLUGS`.
|
||||||
|
|
||||||
|
``monitor`` may be a registry key (e.g. ``"stale_lease_scan"``) or an
|
||||||
|
explicit slug. Raises ``ValueError`` on an unknown status so callers cannot
|
||||||
|
silently send a malformed check-in.
|
||||||
|
"""
|
||||||
|
if status not in _CHECKIN_STATUSES:
|
||||||
|
raise ValueError(
|
||||||
|
f"invalid check-in status {status!r}; expected one of {sorted(_CHECKIN_STATUSES)}"
|
||||||
|
)
|
||||||
|
slug = MONITOR_SLUGS.get(monitor, monitor)
|
||||||
|
payload: dict[str, Any] = {"monitor_slug": slug, "status": status}
|
||||||
|
if check_in_id:
|
||||||
|
payload["check_in_id"] = str(check_in_id)
|
||||||
|
if duration is not None:
|
||||||
|
try:
|
||||||
|
payload["duration"] = float(duration)
|
||||||
|
except (TypeError, ValueError):
|
||||||
|
pass
|
||||||
|
return payload
|
||||||
|
|
||||||
|
|
||||||
|
# ── Runtime init + capture (fail open) ──────────────────────────────────────
|
||||||
|
_STATE: dict[str, Any] = {"initialized": False, "config": None}
|
||||||
|
|
||||||
|
|
||||||
|
def is_initialized() -> bool:
|
||||||
|
return bool(_STATE.get("initialized"))
|
||||||
|
|
||||||
|
|
||||||
|
def active_config() -> SentryConfig | None:
|
||||||
|
return _STATE.get("config")
|
||||||
|
|
||||||
|
|
||||||
|
def reset_for_tests() -> None:
|
||||||
|
"""Clear module init state. Test-only helper (never called in production)."""
|
||||||
|
_STATE["initialized"] = False
|
||||||
|
_STATE["config"] = None
|
||||||
|
|
||||||
|
|
||||||
|
def init_sentry(config: SentryConfig | None = None) -> dict[str, Any]:
|
||||||
|
"""Initialise the Sentry SDK if (and only if) enabled + DSN + SDK present.
|
||||||
|
|
||||||
|
Idempotent and never raises. Returns an operator-safe status dict (no DSN
|
||||||
|
value). Behaviour is unchanged when the feature is off.
|
||||||
|
"""
|
||||||
|
cfg = config or load_config()
|
||||||
|
status: dict[str, Any] = {"initialized": False, **cfg.safe_summary()}
|
||||||
|
try:
|
||||||
|
if not cfg.active:
|
||||||
|
status["reason"] = "disabled (MCP_SENTRY_ENABLED false or SENTRY_DSN empty)"
|
||||||
|
_STATE["config"] = cfg
|
||||||
|
return status
|
||||||
|
if not sdk_available():
|
||||||
|
status["reason"] = "sentry_sdk not installed"
|
||||||
|
_STATE["config"] = cfg
|
||||||
|
return status
|
||||||
|
|
||||||
|
init_kwargs: dict[str, Any] = {
|
||||||
|
"dsn": cfg.dsn,
|
||||||
|
"environment": cfg.environment,
|
||||||
|
"release": cfg.release,
|
||||||
|
"traces_sample_rate": cfg.traces_sample_rate,
|
||||||
|
"before_send": scrub_event,
|
||||||
|
"send_default_pii": False,
|
||||||
|
}
|
||||||
|
if cfg.enable_logs:
|
||||||
|
# sentry-sdk 2.x captures Python logs as structured logs when the
|
||||||
|
# experimental logs feature is enabled; scrub those too.
|
||||||
|
init_kwargs["_experiments"] = {
|
||||||
|
"enable_logs": True,
|
||||||
|
"before_send_log": scrub_event,
|
||||||
|
}
|
||||||
|
sentry_sdk.init(**init_kwargs) # type: ignore[union-attr]
|
||||||
|
_STATE["initialized"] = True
|
||||||
|
_STATE["config"] = cfg
|
||||||
|
status["initialized"] = True
|
||||||
|
status["reason"] = "sentry initialised"
|
||||||
|
except Exception as exc: # fail open: observability must not block startup
|
||||||
|
status["reason"] = f"init failed (ignored): {type(exc).__name__}"
|
||||||
|
_STATE["initialized"] = False
|
||||||
|
return status
|
||||||
|
|
||||||
|
|
||||||
|
def _set_scope_tags(scope: Any, tags: dict[str, str]) -> None:
|
||||||
|
for key, val in tags.items():
|
||||||
|
try:
|
||||||
|
scope.set_tag(key, val)
|
||||||
|
except Exception:
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
def capture_workflow_blocker(
|
||||||
|
blocker_type: str,
|
||||||
|
*,
|
||||||
|
message: str | None = None,
|
||||||
|
next_action: str | None = None,
|
||||||
|
level: str = "warning",
|
||||||
|
tags: dict[str, Any] | None = None,
|
||||||
|
extra: dict[str, Any] | None = None,
|
||||||
|
) -> dict[str, Any]:
|
||||||
|
"""Capture a fail-closed workflow blocker as a structured Sentry event.
|
||||||
|
|
||||||
|
Always returns the redacted event dict (so callers/tests can inspect it),
|
||||||
|
and sends it to Sentry only when initialised. Fail open.
|
||||||
|
"""
|
||||||
|
event = build_blocker_event(
|
||||||
|
blocker_type,
|
||||||
|
message=message,
|
||||||
|
next_action=next_action,
|
||||||
|
level=level,
|
||||||
|
tags=tags,
|
||||||
|
extra=extra,
|
||||||
|
)
|
||||||
|
try:
|
||||||
|
if is_initialized() and sdk_available():
|
||||||
|
sentry_sdk.capture_event(event) # type: ignore[union-attr]
|
||||||
|
except Exception:
|
||||||
|
pass
|
||||||
|
return event
|
||||||
|
|
||||||
|
|
||||||
|
def capture_exception(
|
||||||
|
exc: BaseException,
|
||||||
|
*,
|
||||||
|
tags: dict[str, Any] | None = None,
|
||||||
|
extra: dict[str, Any] | None = None,
|
||||||
|
) -> bool:
|
||||||
|
"""Capture a runtime exception with scrubbed tags. Fail open.
|
||||||
|
|
||||||
|
Returns True only when the event was handed to an initialised SDK.
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
if not (is_initialized() and sdk_available()):
|
||||||
|
return False
|
||||||
|
safe_tags = build_tags(**(tags or {}))
|
||||||
|
safe_extra = redact_value(dict(extra or {}))
|
||||||
|
with sentry_sdk.push_scope() as scope: # type: ignore[union-attr]
|
||||||
|
_set_scope_tags(scope, safe_tags)
|
||||||
|
for key, val in safe_extra.items():
|
||||||
|
try:
|
||||||
|
scope.set_extra(key, val)
|
||||||
|
except Exception:
|
||||||
|
pass
|
||||||
|
sentry_sdk.capture_exception(exc) # type: ignore[union-attr]
|
||||||
|
return True
|
||||||
|
except Exception:
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
def monitor_checkin(
|
||||||
|
monitor: str,
|
||||||
|
status: str,
|
||||||
|
*,
|
||||||
|
check_in_id: str | None = None,
|
||||||
|
duration: float | None = None,
|
||||||
|
) -> dict[str, Any] | None:
|
||||||
|
"""Send a Sentry cron check-in for a watchdog job. Fail open.
|
||||||
|
|
||||||
|
Returns the payload (for inspection/tests), or ``None`` if the status was
|
||||||
|
invalid. Only transmits when initialised.
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
payload = build_checkin_payload(
|
||||||
|
monitor, status, check_in_id=check_in_id, duration=duration
|
||||||
|
)
|
||||||
|
except ValueError:
|
||||||
|
return None
|
||||||
|
try:
|
||||||
|
if is_initialized() and sdk_available() and hasattr(sentry_sdk, "capture_checkin"):
|
||||||
|
sentry_sdk.capture_checkin(**payload) # type: ignore[union-attr]
|
||||||
|
except Exception:
|
||||||
|
pass
|
||||||
|
return payload
|
||||||
@@ -27,13 +27,7 @@ from task_capability_map import required_permission, required_role
|
|||||||
|
|
||||||
DELETE_PROFILE = {
|
DELETE_PROFILE = {
|
||||||
"profile_name": "prgs-author-delete",
|
"profile_name": "prgs-author-delete",
|
||||||
"role": "author",
|
"allowed_operations": ["gitea.read", "gitea.branch.delete"],
|
||||||
"allowed_operations": [
|
|
||||||
"gitea.read",
|
|
||||||
"gitea.pr.create",
|
|
||||||
"gitea.branch.push",
|
|
||||||
"gitea.branch.delete",
|
|
||||||
],
|
|
||||||
"forbidden_operations": [],
|
"forbidden_operations": [],
|
||||||
"audit_label": "prgs-author-delete",
|
"audit_label": "prgs-author-delete",
|
||||||
}
|
}
|
||||||
|
|||||||
+21
-1100
File diff suppressed because it is too large
Load Diff
@@ -57,23 +57,9 @@ class TestCreateIssueWorkspaceGuard(unittest.TestCase):
|
|||||||
# Without worktree_path/env hints, workspace resolves to PROJECT_ROOT. When that
|
# Without worktree_path/env hints, workspace resolves to PROJECT_ROOT. When that
|
||||||
# path is the stable control checkout (not under branches/), mutation must fail.
|
# path is the stable control checkout (not under branches/), mutation must fail.
|
||||||
with patch.object(srv, "PROJECT_ROOT", CONTROL_CHECKOUT_ROOT):
|
with patch.object(srv, "PROJECT_ROOT", CONTROL_CHECKOUT_ROOT):
|
||||||
try:
|
with self.assertRaises(RuntimeError) as ctx:
|
||||||
res = srv.gitea_create_issue(title="Test issue", body="body text")
|
srv.gitea_create_issue(title="Test issue", body="body text")
|
||||||
except RuntimeError as exc:
|
self.assertIn("stable control checkout", str(ctx.exception))
|
||||||
self.assertIn("stable control checkout", str(exc))
|
|
||||||
else:
|
|
||||||
# #683: production guards return typed blockers at entrypoints
|
|
||||||
self.assertFalse(res.get("success"))
|
|
||||||
self.assertFalse(res.get("performed"))
|
|
||||||
blob = " ".join(res.get("reasons") or []) + " " + str(
|
|
||||||
res.get("blocker_kind") or ""
|
|
||||||
)
|
|
||||||
self.assertTrue(
|
|
||||||
"stable control checkout" in blob
|
|
||||||
or "missing_issue_worktree" in blob
|
|
||||||
or "control checkout" in blob.lower()
|
|
||||||
)
|
|
||||||
self.assertTrue(res.get("exact_next_action"))
|
|
||||||
|
|
||||||
@patch("gitea_mcp_server._auth", return_value=FAKE_AUTH)
|
@patch("gitea_mcp_server._auth", return_value=FAKE_AUTH)
|
||||||
@patch("gitea_mcp_server._profile_permission_block", return_value=None)
|
@patch("gitea_mcp_server._profile_permission_block", return_value=None)
|
||||||
@@ -119,17 +105,11 @@ class TestCreateIssueWorkspaceGuard(unittest.TestCase):
|
|||||||
)
|
)
|
||||||
|
|
||||||
with patch.object(srv, "PROJECT_ROOT", CONTROL_CHECKOUT_ROOT):
|
with patch.object(srv, "PROJECT_ROOT", CONTROL_CHECKOUT_ROOT):
|
||||||
try:
|
with self.assertRaises(RuntimeError) as ctx:
|
||||||
res = srv.gitea_create_issue(
|
srv.gitea_create_issue(
|
||||||
title="Test issue", body="body", worktree_path=missing_path
|
title="Test issue", body="body", worktree_path=missing_path
|
||||||
)
|
)
|
||||||
except RuntimeError as exc:
|
self.assertIn("does not exist (fail closed)", str(ctx.exception))
|
||||||
self.assertIn("does not exist", str(exc))
|
|
||||||
else:
|
|
||||||
self.assertFalse(res.get("success"))
|
|
||||||
blob = " ".join(res.get("reasons") or [])
|
|
||||||
self.assertIn("does not exist", blob)
|
|
||||||
self.assertTrue(res.get("exact_next_action") or res.get("reasons"))
|
|
||||||
|
|
||||||
@patch("gitea_mcp_server._auth", return_value=FAKE_AUTH)
|
@patch("gitea_mcp_server._auth", return_value=FAKE_AUTH)
|
||||||
@patch("gitea_mcp_server._profile_permission_block", return_value=None)
|
@patch("gitea_mcp_server._profile_permission_block", return_value=None)
|
||||||
@@ -162,20 +142,11 @@ class TestCreateIssueWorkspaceGuard(unittest.TestCase):
|
|||||||
|
|
||||||
with patch.object(srv, "PROJECT_ROOT", CONTROL_CHECKOUT_ROOT):
|
with patch.object(srv, "PROJECT_ROOT", CONTROL_CHECKOUT_ROOT):
|
||||||
with patch("gitea_mcp_server._get_workspace_porcelain", return_value=""):
|
with patch("gitea_mcp_server._get_workspace_porcelain", return_value=""):
|
||||||
try:
|
with self.assertRaises(RuntimeError) as ctx:
|
||||||
res = srv.gitea_create_issue(
|
srv.gitea_create_issue(
|
||||||
title="Test issue",
|
title="Test issue", body="body", worktree_path=wrong_repo_path
|
||||||
body="body",
|
|
||||||
worktree_path=wrong_repo_path,
|
|
||||||
)
|
)
|
||||||
except RuntimeError as exc:
|
self.assertIn("does not belong to the target repository", str(ctx.exception))
|
||||||
self.assertIn(
|
|
||||||
"does not belong to the target repository", str(exc)
|
|
||||||
)
|
|
||||||
else:
|
|
||||||
self.assertFalse(res.get("success"))
|
|
||||||
blob = " ".join(res.get("reasons") or [])
|
|
||||||
self.assertIn("does not belong to the target repository", blob)
|
|
||||||
|
|
||||||
@patch("gitea_mcp_server._auth", return_value=FAKE_AUTH)
|
@patch("gitea_mcp_server._auth", return_value=FAKE_AUTH)
|
||||||
@patch("gitea_mcp_server._profile_permission_block", return_value=None)
|
@patch("gitea_mcp_server._profile_permission_block", return_value=None)
|
||||||
|
|||||||
@@ -267,19 +267,10 @@ class TestReconcilerCommentThroughCanonicalPath(unittest.TestCase):
|
|||||||
with patch.dict(os.environ, {}, clear=False):
|
with patch.dict(os.environ, {}, clear=False):
|
||||||
os.environ.pop("GITEA_AUTHOR_WORKTREE", None)
|
os.environ.pop("GITEA_AUTHOR_WORKTREE", None)
|
||||||
os.environ.pop("GITEA_ACTIVE_WORKTREE", None)
|
os.environ.pop("GITEA_ACTIVE_WORKTREE", None)
|
||||||
try:
|
with self.assertRaises(RuntimeError):
|
||||||
res = srv.gitea_create_issue_comment(
|
srv.gitea_create_issue_comment(
|
||||||
515, "author note", remote="prgs"
|
515, "author note", remote="prgs"
|
||||||
)
|
)
|
||||||
except RuntimeError:
|
|
||||||
pass # legacy raise path
|
|
||||||
else:
|
|
||||||
# #683: typed blocker at mutation entrypoint
|
|
||||||
self.assertFalse(res.get("success"))
|
|
||||||
self.assertFalse(res.get("performed"))
|
|
||||||
self.assertTrue(
|
|
||||||
res.get("blocker_kind") or res.get("reasons")
|
|
||||||
)
|
|
||||||
mock_api.assert_not_called()
|
mock_api.assert_not_called()
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -1,472 +0,0 @@
|
|||||||
"""#683: block unattributed root WIP; pytest cannot disable production guards.
|
|
||||||
|
|
||||||
Regression coverage required by issue #683:
|
|
||||||
|
|
||||||
1. Session locked to issue A blocks unrelated target issue B until B is selected.
|
|
||||||
2. Diagnostic source edit on the root checkout is blocked.
|
|
||||||
3. Same legitimate edit succeeds after issue ownership + isolated worktree bind.
|
|
||||||
4. Running under pytest does not deactivate production guards when force-on.
|
|
||||||
5. Dirty tracked Python files remain visible to porcelain consumers.
|
|
||||||
6. Monkeypatching one helper cannot silently turn the full guard path into a no-op.
|
|
||||||
7. Real mutation entrypoint proves production guards run before side effects.
|
|
||||||
8. Same-issue edits in a valid isolated worktree remain unaffected.
|
|
||||||
9. Blocker includes stable reason + exact recovery action.
|
|
||||||
"""
|
|
||||||
|
|
||||||
from __future__ import annotations
|
|
||||||
|
|
||||||
import os
|
|
||||||
import sys
|
|
||||||
import tempfile
|
|
||||||
import textwrap
|
|
||||||
import unittest
|
|
||||||
from pathlib import Path
|
|
||||||
from unittest.mock import MagicMock, patch
|
|
||||||
|
|
||||||
sys.path.insert(0, str(Path(__file__).resolve().parent.parent))
|
|
||||||
|
|
||||||
import gitea_mcp_server as mcp_server # noqa: E402
|
|
||||||
import issue_lock_worktree # noqa: E402
|
|
||||||
import workflow_scope_guard as wsg # noqa: E402
|
|
||||||
|
|
||||||
CONTROL_ROOT = str(Path(__file__).resolve().parent.parent)
|
|
||||||
if "branches" in Path(__file__).resolve().parts:
|
|
||||||
# Running from a worktree under branches/ — parent of branches is control.
|
|
||||||
parts = Path(__file__).resolve().parts
|
|
||||||
idx = parts.index("branches")
|
|
||||||
CONTROL_ROOT = str(Path(*parts[:idx])) if idx > 0 else CONTROL_ROOT
|
|
||||||
|
|
||||||
|
|
||||||
class TestProductionGuardsForceOn(unittest.TestCase):
|
|
||||||
def tearDown(self):
|
|
||||||
for key in (
|
|
||||||
wsg.FORCE_PRODUCTION_GUARDS_ENV,
|
|
||||||
"GITEA_TEST_FORCE_DIRTY",
|
|
||||||
"GITEA_TEST_PORCELAIN",
|
|
||||||
"GITEA_AUTHOR_WORKTREE",
|
|
||||||
"GITEA_ACTIVE_WORKTREE",
|
|
||||||
):
|
|
||||||
os.environ.pop(key, None)
|
|
||||||
wsg.clear_workflow_failure_ledger()
|
|
||||||
|
|
||||||
def test_force_on_under_pytest_keeps_production_active(self):
|
|
||||||
self.assertTrue(wsg.production_guards_active(in_test_mode=False))
|
|
||||||
self.assertFalse(wsg.production_guards_active(in_test_mode=True))
|
|
||||||
os.environ[wsg.FORCE_PRODUCTION_GUARDS_ENV] = "1"
|
|
||||||
self.assertTrue(wsg.production_guards_active(in_test_mode=True))
|
|
||||||
self.assertTrue(wsg.production_guards_forced())
|
|
||||||
|
|
||||||
def test_no_early_return_in_verify_role_mutation_workspace_source(self):
|
|
||||||
src = Path(mcp_server.__file__).read_text(encoding="utf-8")
|
|
||||||
# Rejected 300a4ca pattern must not exist.
|
|
||||||
self.assertNotIn(
|
|
||||||
"if _preflight_in_test_mode():\n return _resolve_preflight_workspace_path",
|
|
||||||
src,
|
|
||||||
)
|
|
||||||
# Docstring contract for #683.
|
|
||||||
self.assertIn("#683", src)
|
|
||||||
self.assertIn("must NOT early-return solely because pytest", src)
|
|
||||||
|
|
||||||
|
|
||||||
class TestPorcelainIntegrity(unittest.TestCase):
|
|
||||||
def test_read_worktree_git_state_surfaces_dirty_py(self):
|
|
||||||
with tempfile.TemporaryDirectory() as tmp:
|
|
||||||
# Use a real git repo so porcelain is truthful.
|
|
||||||
import subprocess
|
|
||||||
|
|
||||||
subprocess.run(["git", "init"], cwd=tmp, check=True, capture_output=True)
|
|
||||||
subprocess.run(
|
|
||||||
["git", "config", "user.email", "[email protected]"],
|
|
||||||
cwd=tmp,
|
|
||||||
check=True,
|
|
||||||
capture_output=True,
|
|
||||||
)
|
|
||||||
subprocess.run(
|
|
||||||
["git", "config", "user.name", "t"],
|
|
||||||
cwd=tmp,
|
|
||||||
check=True,
|
|
||||||
capture_output=True,
|
|
||||||
)
|
|
||||||
py_path = Path(tmp) / "sample_mod.py"
|
|
||||||
py_path.write_text("x = 1\n", encoding="utf-8")
|
|
||||||
subprocess.run(["git", "add", "sample_mod.py"], cwd=tmp, check=True)
|
|
||||||
subprocess.run(
|
|
||||||
["git", "commit", "-m", "init"],
|
|
||||||
cwd=tmp,
|
|
||||||
check=True,
|
|
||||||
capture_output=True,
|
|
||||||
)
|
|
||||||
py_path.write_text("x = 2\n", encoding="utf-8")
|
|
||||||
state = issue_lock_worktree.read_worktree_git_state(tmp)
|
|
||||||
porcelain = state.get("porcelain_status") or ""
|
|
||||||
self.assertIn("sample_mod.py", porcelain)
|
|
||||||
self.assertTrue(any(line.strip().endswith(".py") for line in porcelain.splitlines()))
|
|
||||||
|
|
||||||
def test_production_reader_source_rejects_pytest_py_filter(self):
|
|
||||||
src = Path(issue_lock_worktree.__file__).read_text(encoding="utf-8")
|
|
||||||
findings = wsg.assert_no_pytest_porcelain_filter(src)
|
|
||||||
self.assertEqual(findings, [])
|
|
||||||
# Negative: the rejected 300a4ca pattern is detected.
|
|
||||||
rejected = textwrap.dedent(
|
|
||||||
"""
|
|
||||||
porcelain = status_res.stdout or ""
|
|
||||||
import sys
|
|
||||||
if "pytest" in sys.modules or "unittest" in sys.modules:
|
|
||||||
porcelain = "\\n".join(
|
|
||||||
line for line in porcelain.splitlines()
|
|
||||||
if not line.strip().endswith(".py")
|
|
||||||
)
|
|
||||||
"""
|
|
||||||
)
|
|
||||||
self.assertTrue(wsg.assert_no_pytest_porcelain_filter(rejected))
|
|
||||||
|
|
||||||
|
|
||||||
class TestIssueScopeOwnership(unittest.TestCase):
|
|
||||||
def test_out_of_scope_issue_blocked_until_selected(self):
|
|
||||||
result = wsg.assess_issue_scope_ownership(
|
|
||||||
locked_issue_number=100,
|
|
||||||
target_issue_number=200,
|
|
||||||
branch_name="fix/issue-100-example",
|
|
||||||
role_kind="author",
|
|
||||||
)
|
|
||||||
self.assertTrue(result["block"])
|
|
||||||
self.assertEqual(result["blocker_kind"], wsg.BLOCKER_OUT_OF_SCOPE_ISSUE)
|
|
||||||
self.assertIn("exact_next_action", result)
|
|
||||||
self.assertIn("owning issue", result["exact_next_action"].lower())
|
|
||||||
self.assertTrue(result["reasons"])
|
|
||||||
|
|
||||||
def test_same_issue_scope_allowed(self):
|
|
||||||
result = wsg.assess_issue_scope_ownership(
|
|
||||||
locked_issue_number=100,
|
|
||||||
target_issue_number=100,
|
|
||||||
branch_name="fix/issue-100-example",
|
|
||||||
role_kind="author",
|
|
||||||
)
|
|
||||||
self.assertFalse(result["block"])
|
|
||||||
self.assertEqual(result["exact_next_action"], "proceed")
|
|
||||||
|
|
||||||
def test_missing_lock_when_required(self):
|
|
||||||
result = wsg.assess_issue_scope_ownership(
|
|
||||||
locked_issue_number=None,
|
|
||||||
target_issue_number=None,
|
|
||||||
role_kind="author",
|
|
||||||
require_lock_for_author=True,
|
|
||||||
)
|
|
||||||
self.assertTrue(result["block"])
|
|
||||||
self.assertEqual(result["blocker_kind"], wsg.BLOCKER_MISSING_ISSUE_SCOPE)
|
|
||||||
|
|
||||||
def test_branch_issue_mismatch(self):
|
|
||||||
result = wsg.assess_issue_scope_ownership(
|
|
||||||
locked_issue_number=50,
|
|
||||||
branch_name="fix/issue-99-other",
|
|
||||||
role_kind="author",
|
|
||||||
)
|
|
||||||
self.assertTrue(result["block"])
|
|
||||||
self.assertEqual(result["blocker_kind"], wsg.BLOCKER_OUT_OF_SCOPE_ISSUE)
|
|
||||||
|
|
||||||
|
|
||||||
class TestRootDiagnosticEdit(unittest.TestCase):
|
|
||||||
def test_dirty_root_source_blocked(self):
|
|
||||||
result = wsg.assess_root_source_mutation(
|
|
||||||
workspace_path=CONTROL_ROOT,
|
|
||||||
canonical_repo_root=CONTROL_ROOT,
|
|
||||||
porcelain_status=" M gitea_mcp_server.py\n M tests/test_x.py\n",
|
|
||||||
role_kind="author",
|
|
||||||
)
|
|
||||||
self.assertTrue(result["block"])
|
|
||||||
self.assertEqual(result["blocker_kind"], wsg.BLOCKER_ROOT_DIAGNOSTIC_EDIT)
|
|
||||||
self.assertIn("gitea_mcp_server.py", result["dirty_source_files"])
|
|
||||||
self.assertIn("exact_next_action", result)
|
|
||||||
self.assertIn("branches/", result["exact_next_action"])
|
|
||||||
|
|
||||||
def test_isolated_worktree_same_issue_unaffected(self):
|
|
||||||
wt = f"{CONTROL_ROOT}/branches/issue-100-example"
|
|
||||||
result = wsg.assess_root_source_mutation(
|
|
||||||
workspace_path=wt,
|
|
||||||
canonical_repo_root=CONTROL_ROOT,
|
|
||||||
porcelain_status=" M helper.py\n",
|
|
||||||
current_branch="fix/issue-100-example",
|
|
||||||
locked_issue_number=100,
|
|
||||||
role_kind="author",
|
|
||||||
)
|
|
||||||
self.assertFalse(result["block"])
|
|
||||||
self.assertTrue(result["under_branches"])
|
|
||||||
|
|
||||||
def test_legitimate_after_ownership_and_worktree(self):
|
|
||||||
wt = f"{CONTROL_ROOT}/branches/issue-683-workflow-guard-hardening"
|
|
||||||
composed = wsg.assess_production_mutation_guards(
|
|
||||||
workspace_path=wt,
|
|
||||||
canonical_repo_root=CONTROL_ROOT,
|
|
||||||
porcelain_status=" M workflow_scope_guard.py\n",
|
|
||||||
current_branch="fix/issue-683-workflow-guard-hardening",
|
|
||||||
locked_issue_number=683,
|
|
||||||
target_issue_number=683,
|
|
||||||
role_kind="author",
|
|
||||||
require_author_lock=True,
|
|
||||||
in_test_mode=True,
|
|
||||||
)
|
|
||||||
# Force-on required for production path under pytest.
|
|
||||||
os.environ[wsg.FORCE_PRODUCTION_GUARDS_ENV] = "1"
|
|
||||||
try:
|
|
||||||
composed = wsg.assess_production_mutation_guards(
|
|
||||||
workspace_path=wt,
|
|
||||||
canonical_repo_root=CONTROL_ROOT,
|
|
||||||
porcelain_status=" M workflow_scope_guard.py\n",
|
|
||||||
current_branch="fix/issue-683-workflow-guard-hardening",
|
|
||||||
locked_issue_number=683,
|
|
||||||
target_issue_number=683,
|
|
||||||
role_kind="author",
|
|
||||||
require_author_lock=True,
|
|
||||||
in_test_mode=True,
|
|
||||||
)
|
|
||||||
self.assertFalse(composed["block"])
|
|
||||||
self.assertFalse(composed.get("skipped"))
|
|
||||||
finally:
|
|
||||||
os.environ.pop(wsg.FORCE_PRODUCTION_GUARDS_ENV, None)
|
|
||||||
|
|
||||||
|
|
||||||
class TestTypedBlockerResponse(unittest.TestCase):
|
|
||||||
def test_block_response_has_stable_kind_and_next_action(self):
|
|
||||||
assessment = wsg.assess_issue_scope_ownership(
|
|
||||||
locked_issue_number=1,
|
|
||||||
target_issue_number=2,
|
|
||||||
role_kind="author",
|
|
||||||
)
|
|
||||||
resp = wsg.block_response(assessment)
|
|
||||||
self.assertFalse(resp["success"])
|
|
||||||
self.assertFalse(resp["performed"])
|
|
||||||
self.assertEqual(resp["blocker_kind"], wsg.BLOCKER_OUT_OF_SCOPE_ISSUE)
|
|
||||||
self.assertIsInstance(resp["exact_next_action"], str)
|
|
||||||
self.assertTrue(resp["exact_next_action"])
|
|
||||||
self.assertTrue(resp["reasons"])
|
|
||||||
|
|
||||||
def test_production_guard_error_roundtrip(self):
|
|
||||||
err = wsg.ProductionGuardError(
|
|
||||||
"blocked",
|
|
||||||
blocker_kind=wsg.BLOCKER_ROOT_DIAGNOSTIC_EDIT,
|
|
||||||
reasons=["dirty root"],
|
|
||||||
)
|
|
||||||
resp = wsg.block_response(err, issue_number=683)
|
|
||||||
self.assertEqual(resp["blocker_kind"], wsg.BLOCKER_ROOT_DIAGNOSTIC_EDIT)
|
|
||||||
self.assertEqual(resp["issue_number"], 683)
|
|
||||||
self.assertIn("exact_next_action", resp)
|
|
||||||
|
|
||||||
|
|
||||||
class TestDurableFailureRecording(unittest.TestCase):
|
|
||||||
def setUp(self):
|
|
||||||
wsg.clear_workflow_failure_ledger()
|
|
||||||
|
|
||||||
def tearDown(self):
|
|
||||||
wsg.clear_workflow_failure_ledger()
|
|
||||||
|
|
||||||
def test_record_before_source_mutation(self):
|
|
||||||
pending = wsg.assess_durable_failure_recorded(
|
|
||||||
require_record=True, pending_source_mutation=True
|
|
||||||
)
|
|
||||||
self.assertTrue(pending["block"])
|
|
||||||
self.assertEqual(pending["blocker_kind"], wsg.BLOCKER_UNRECORDED_FAILURE)
|
|
||||||
|
|
||||||
wsg.record_workflow_failure(
|
|
||||||
kind="transport_eof",
|
|
||||||
detail="EOF during review session (#584 cluster)",
|
|
||||||
issue_number=683,
|
|
||||||
task="comment_issue",
|
|
||||||
)
|
|
||||||
after = wsg.assess_durable_failure_recorded(
|
|
||||||
require_record=True, pending_source_mutation=True
|
|
||||||
)
|
|
||||||
self.assertFalse(after["block"])
|
|
||||||
self.assertEqual(len(wsg.workflow_failure_ledger()), 1)
|
|
||||||
|
|
||||||
|
|
||||||
class TestMonkeypatchCannotNoopFullPath(unittest.TestCase):
|
|
||||||
def tearDown(self):
|
|
||||||
os.environ.pop(wsg.FORCE_PRODUCTION_GUARDS_ENV, None)
|
|
||||||
|
|
||||||
def test_patching_branches_only_still_blocks_dirty_root_scope(self):
|
|
||||||
"""Monkeypatching branches-only must not silence root diagnostic block."""
|
|
||||||
os.environ[wsg.FORCE_PRODUCTION_GUARDS_ENV] = "1"
|
|
||||||
with patch.object(
|
|
||||||
mcp_server, "_enforce_branches_only_author_mutation", lambda *a, **k: None
|
|
||||||
):
|
|
||||||
with patch.object(
|
|
||||||
mcp_server, "_enforce_root_checkout_guard", lambda *a, **k: None
|
|
||||||
):
|
|
||||||
# Even if both legacy helpers are patched, issue-scope composition
|
|
||||||
# still sees dirty root source via assess_production_mutation_guards.
|
|
||||||
assessment = wsg.assess_production_mutation_guards(
|
|
||||||
workspace_path=CONTROL_ROOT,
|
|
||||||
canonical_repo_root=CONTROL_ROOT,
|
|
||||||
porcelain_status=" M gitea_mcp_server.py\n",
|
|
||||||
role_kind="author",
|
|
||||||
in_test_mode=True,
|
|
||||||
)
|
|
||||||
self.assertTrue(assessment["block"])
|
|
||||||
self.assertEqual(
|
|
||||||
assessment["blocker_kind"], wsg.BLOCKER_ROOT_DIAGNOSTIC_EDIT
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
class TestRealEntrypointProductionGuard(unittest.TestCase):
|
|
||||||
"""Real mutation entrypoint: production guard before side effects (#683)."""
|
|
||||||
|
|
||||||
def setUp(self):
|
|
||||||
os.environ[wsg.FORCE_PRODUCTION_GUARDS_ENV] = "1"
|
|
||||||
for key in ("GITEA_AUTHOR_WORKTREE", "GITEA_ACTIVE_WORKTREE"):
|
|
||||||
os.environ.pop(key, None)
|
|
||||||
self._orig_whoami = mcp_server._preflight_whoami_called
|
|
||||||
self._orig_cap = mcp_server._preflight_capability_called
|
|
||||||
mcp_server._preflight_whoami_called = False
|
|
||||||
mcp_server._preflight_capability_called = False
|
|
||||||
mcp_server._preflight_resolved_role = None
|
|
||||||
mcp_server._preflight_resolved_task = None
|
|
||||||
|
|
||||||
def tearDown(self):
|
|
||||||
os.environ.pop(wsg.FORCE_PRODUCTION_GUARDS_ENV, None)
|
|
||||||
for key in ("GITEA_AUTHOR_WORKTREE", "GITEA_ACTIVE_WORKTREE"):
|
|
||||||
os.environ.pop(key, None)
|
|
||||||
mcp_server._preflight_whoami_called = self._orig_whoami
|
|
||||||
mcp_server._preflight_capability_called = self._orig_cap
|
|
||||||
mcp_server._preflight_resolved_role = None
|
|
||||||
mcp_server._preflight_resolved_task = None
|
|
||||||
|
|
||||||
def test_comment_issue_blocks_dirty_root_before_api(self):
|
|
||||||
api_mock = MagicMock()
|
|
||||||
with patch.object(mcp_server, "api_request", api_mock), patch.object(
|
|
||||||
mcp_server,
|
|
||||||
"_actual_profile_role",
|
|
||||||
return_value="author",
|
|
||||||
), patch.object(
|
|
||||||
mcp_server,
|
|
||||||
"_effective_workspace_role",
|
|
||||||
return_value="author",
|
|
||||||
), patch.object(
|
|
||||||
mcp_server,
|
|
||||||
"get_profile",
|
|
||||||
return_value={
|
|
||||||
"profile_name": "prgs-author",
|
|
||||||
"allowed_operations": [
|
|
||||||
"gitea.issue.comment",
|
|
||||||
"gitea.read",
|
|
||||||
"gitea.pr.create",
|
|
||||||
"gitea.branch.push",
|
|
||||||
],
|
|
||||||
"forbidden_operations": [],
|
|
||||||
},
|
|
||||||
), patch.object(
|
|
||||||
issue_lock_worktree,
|
|
||||||
"read_worktree_git_state",
|
|
||||||
side_effect=lambda path, **kw: {
|
|
||||||
"current_branch": "master",
|
|
||||||
"porcelain_status": (
|
|
||||||
" M gitea_mcp_server.py\n"
|
|
||||||
if os.path.realpath(path) == os.path.realpath(CONTROL_ROOT)
|
|
||||||
or path == CONTROL_ROOT
|
|
||||||
else ""
|
|
||||||
),
|
|
||||||
"head_sha": "a" * 40,
|
|
||||||
"base_equivalent": True,
|
|
||||||
},
|
|
||||||
), patch.object(
|
|
||||||
mcp_server,
|
|
||||||
"_resolve_namespace_mutation_context",
|
|
||||||
return_value={
|
|
||||||
"workspace_path": CONTROL_ROOT,
|
|
||||||
"canonical_repo_root": CONTROL_ROOT,
|
|
||||||
"process_project_root": CONTROL_ROOT,
|
|
||||||
"workspace_role_kind": "author",
|
|
||||||
"workspace_binding_source": "process root",
|
|
||||||
"ignored_bindings": [],
|
|
||||||
},
|
|
||||||
), patch.object(
|
|
||||||
mcp_server,
|
|
||||||
"_resolve_author_mutation_context",
|
|
||||||
return_value={
|
|
||||||
"workspace_path": CONTROL_ROOT,
|
|
||||||
"canonical_repo_root": CONTROL_ROOT,
|
|
||||||
"process_project_root": CONTROL_ROOT,
|
|
||||||
"roots_aligned": True,
|
|
||||||
},
|
|
||||||
), patch.object(
|
|
||||||
mcp_server,
|
|
||||||
"_session_locked_issue_number",
|
|
||||||
return_value=None,
|
|
||||||
):
|
|
||||||
result = mcp_server.gitea_create_issue_comment(
|
|
||||||
issue_number=683,
|
|
||||||
body="diagnostic note",
|
|
||||||
remote="prgs",
|
|
||||||
org="Scaled-Tech-Consulting",
|
|
||||||
repo="Gitea-Tools",
|
|
||||||
worktree_path=CONTROL_ROOT,
|
|
||||||
)
|
|
||||||
|
|
||||||
api_mock.assert_not_called()
|
|
||||||
self.assertFalse(result.get("success"))
|
|
||||||
self.assertFalse(result.get("performed"))
|
|
||||||
self.assertIn(result.get("blocker_kind"), wsg.BLOCKER_KINDS)
|
|
||||||
self.assertTrue(result.get("exact_next_action"))
|
|
||||||
self.assertTrue(result.get("reasons"))
|
|
||||||
|
|
||||||
def test_comment_issue_succeeds_structure_after_worktree_bind(self):
|
|
||||||
"""Same-issue isolated worktree is not blocked by root diagnostic path."""
|
|
||||||
wt = f"{CONTROL_ROOT}/branches/issue-683-workflow-guard-hardening"
|
|
||||||
os.environ["GITEA_AUTHOR_WORKTREE"] = wt
|
|
||||||
assessment = wsg.assess_production_mutation_guards(
|
|
||||||
workspace_path=wt,
|
|
||||||
canonical_repo_root=CONTROL_ROOT,
|
|
||||||
porcelain_status=" M workflow_scope_guard.py\n",
|
|
||||||
current_branch="fix/issue-683-workflow-guard-hardening",
|
|
||||||
locked_issue_number=683,
|
|
||||||
target_issue_number=683,
|
|
||||||
role_kind="author",
|
|
||||||
require_author_lock=True,
|
|
||||||
in_test_mode=True,
|
|
||||||
)
|
|
||||||
self.assertFalse(assessment["block"], assessment)
|
|
||||||
|
|
||||||
|
|
||||||
class TestVerifyPreflightForceOn(unittest.TestCase):
|
|
||||||
def tearDown(self):
|
|
||||||
os.environ.pop(wsg.FORCE_PRODUCTION_GUARDS_ENV, None)
|
|
||||||
for key in ("GITEA_AUTHOR_WORKTREE", "GITEA_ACTIVE_WORKTREE"):
|
|
||||||
os.environ.pop(key, None)
|
|
||||||
|
|
||||||
def test_force_on_runs_production_guards_under_pytest(self):
|
|
||||||
os.environ[wsg.FORCE_PRODUCTION_GUARDS_ENV] = "1"
|
|
||||||
called = {"root": 0, "branches": 0, "scope": 0}
|
|
||||||
|
|
||||||
def _root(*a, **k):
|
|
||||||
called["root"] += 1
|
|
||||||
|
|
||||||
def _branches(*a, **k):
|
|
||||||
called["branches"] += 1
|
|
||||||
|
|
||||||
def _scope(*a, **k):
|
|
||||||
called["scope"] += 1
|
|
||||||
|
|
||||||
with patch.object(mcp_server, "_enforce_root_checkout_guard", _root), patch.object(
|
|
||||||
mcp_server, "_enforce_branches_only_author_mutation", _branches
|
|
||||||
), patch.object(mcp_server, "_enforce_issue_scope_guard", _scope):
|
|
||||||
# No whoami/capability — purity-order skipped; production still runs.
|
|
||||||
mcp_server.verify_preflight_purity(task="comment_issue")
|
|
||||||
|
|
||||||
self.assertEqual(called["root"], 1)
|
|
||||||
self.assertEqual(called["branches"], 1)
|
|
||||||
self.assertEqual(called["scope"], 1)
|
|
||||||
|
|
||||||
def test_without_force_on_pytest_skips_production_only_for_unit_isolation(self):
|
|
||||||
called = {"root": 0}
|
|
||||||
|
|
||||||
def _root(*a, **k):
|
|
||||||
called["root"] += 1
|
|
||||||
|
|
||||||
with patch.object(mcp_server, "_enforce_root_checkout_guard", _root), patch.object(
|
|
||||||
mcp_server, "_enforce_branches_only_author_mutation", lambda *a, **k: None
|
|
||||||
), patch.object(mcp_server, "_enforce_issue_scope_guard", lambda *a, **k: None):
|
|
||||||
mcp_server.verify_preflight_purity(task="comment_issue")
|
|
||||||
self.assertEqual(called["root"], 0)
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
unittest.main()
|
|
||||||
@@ -108,24 +108,13 @@ class TestIssueCommentWorkspaceGuard(unittest.TestCase):
|
|||||||
"gitea_mcp_server.issue_lock_worktree.read_worktree_git_state",
|
"gitea_mcp_server.issue_lock_worktree.read_worktree_git_state",
|
||||||
side_effect=self._git_state(valid_worktree),
|
side_effect=self._git_state(valid_worktree),
|
||||||
):
|
):
|
||||||
try:
|
with self.assertRaises(RuntimeError) as ctx:
|
||||||
res = srv.gitea_create_issue_comment(
|
srv.gitea_create_issue_comment(
|
||||||
issue_number=557,
|
issue_number=557,
|
||||||
body="evidence comment",
|
body="evidence comment",
|
||||||
remote="prgs",
|
remote="prgs",
|
||||||
)
|
)
|
||||||
except RuntimeError as exc:
|
self.assertIn("stable control checkout", str(ctx.exception))
|
||||||
self.assertIn("stable control checkout", str(exc))
|
|
||||||
else:
|
|
||||||
# #683 typed blocker at mutation entrypoint
|
|
||||||
self.assertFalse(res.get("success"))
|
|
||||||
self.assertFalse(res.get("performed"))
|
|
||||||
blob = " ".join(res.get("reasons") or [])
|
|
||||||
self.assertTrue(
|
|
||||||
"stable control checkout" in blob
|
|
||||||
or res.get("blocker_kind")
|
|
||||||
)
|
|
||||||
self.assertTrue(res.get("exact_next_action") or res.get("reasons"))
|
|
||||||
mock_api.assert_not_called()
|
mock_api.assert_not_called()
|
||||||
|
|
||||||
@patch("gitea_mcp_server._auth", return_value=FAKE_AUTH)
|
@patch("gitea_mcp_server._auth", return_value=FAKE_AUTH)
|
||||||
@@ -195,24 +184,14 @@ class TestIssueCommentWorkspaceGuard(unittest.TestCase):
|
|||||||
side_effect=self._subprocess(valid_worktree, outside_worktree),
|
side_effect=self._subprocess(valid_worktree, outside_worktree),
|
||||||
):
|
):
|
||||||
with patch.dict(os.environ, self.AUTHOR_ENV, clear=True):
|
with patch.dict(os.environ, self.AUTHOR_ENV, clear=True):
|
||||||
try:
|
with self.assertRaises(RuntimeError) as ctx:
|
||||||
res = srv.gitea_create_issue_comment(
|
srv.gitea_create_issue_comment(
|
||||||
issue_number=557,
|
issue_number=557,
|
||||||
body="evidence comment",
|
body="evidence comment",
|
||||||
remote="prgs",
|
remote="prgs",
|
||||||
worktree_path=outside_worktree,
|
worktree_path=outside_worktree,
|
||||||
)
|
)
|
||||||
except RuntimeError as exc:
|
self.assertIn("does not belong to the target repository", str(ctx.exception))
|
||||||
self.assertIn(
|
|
||||||
"does not belong to the target repository",
|
|
||||||
str(exc),
|
|
||||||
)
|
|
||||||
else:
|
|
||||||
self.assertFalse(res.get("success"))
|
|
||||||
blob = " ".join(res.get("reasons") or [])
|
|
||||||
self.assertIn(
|
|
||||||
"does not belong to the target repository", blob
|
|
||||||
)
|
|
||||||
mock_api.assert_not_called()
|
mock_api.assert_not_called()
|
||||||
|
|
||||||
@patch("gitea_mcp_server._auth", return_value=FAKE_AUTH)
|
@patch("gitea_mcp_server._auth", return_value=FAKE_AUTH)
|
||||||
|
|||||||
@@ -1425,16 +1425,10 @@ class TestReviewPR(unittest.TestCase):
|
|||||||
class TestDeleteBranch(unittest.TestCase):
|
class TestDeleteBranch(unittest.TestCase):
|
||||||
|
|
||||||
DELETE_PROFILE = {
|
DELETE_PROFILE = {
|
||||||
"profile_name": "test-author-deleter",
|
"profile_name": "test-deleter",
|
||||||
"role": "author",
|
"allowed_operations": ["gitea.read", "gitea.branch.delete"],
|
||||||
"allowed_operations": [
|
|
||||||
"gitea.read",
|
|
||||||
"gitea.pr.create",
|
|
||||||
"gitea.branch.push",
|
|
||||||
"gitea.branch.delete",
|
|
||||||
],
|
|
||||||
"forbidden_operations": [],
|
"forbidden_operations": [],
|
||||||
"audit_label": "test-author-deleter",
|
"audit_label": "test-deleter",
|
||||||
}
|
}
|
||||||
|
|
||||||
@patch("mcp_server.get_profile", return_value=DELETE_PROFILE)
|
@patch("mcp_server.get_profile", return_value=DELETE_PROFILE)
|
||||||
|
|||||||
@@ -92,19 +92,14 @@ class TestMigrateProfiles(unittest.TestCase):
|
|||||||
author = prgs_gitea["identities"]["author"]
|
author = prgs_gitea["identities"]["author"]
|
||||||
self.assertEqual(author["username"], "jcwalker3")
|
self.assertEqual(author["username"], "jcwalker3")
|
||||||
self.assertEqual(author["auth"]["id"], "redacted-author-ref")
|
self.assertEqual(author["auth"]["id"], "redacted-author-ref")
|
||||||
self.assertEqual(
|
self.assertEqual(author["allowed_operations"], ["read", "comment"])
|
||||||
author["allowed_operations"], ["gitea.read", "gitea.pr.comment"]
|
self.assertEqual(author["forbidden_operations"], ["approve", "merge"])
|
||||||
)
|
|
||||||
self.assertEqual(
|
|
||||||
author["forbidden_operations"],
|
|
||||||
["gitea.pr.approve", "gitea.pr.merge"],
|
|
||||||
)
|
|
||||||
|
|
||||||
reviewer = prgs_gitea["identities"]["reviewer"]
|
reviewer = prgs_gitea["identities"]["reviewer"]
|
||||||
self.assertEqual(reviewer["role"], "reviewer")
|
self.assertEqual(reviewer["role"], "reviewer")
|
||||||
self.assertEqual(reviewer["username"], "sysadmin")
|
self.assertEqual(reviewer["username"], "sysadmin")
|
||||||
self.assertEqual(reviewer["auth"]["id"], "redacted-reviewer-ref")
|
self.assertEqual(reviewer["auth"]["id"], "redacted-reviewer-ref")
|
||||||
self.assertIn("gitea.pr.merge", reviewer["allowed_operations"])
|
self.assertIn("merge", reviewer["allowed_operations"])
|
||||||
|
|
||||||
def test_alias_generation(self):
|
def test_alias_generation(self):
|
||||||
"""Test that aliases are correctly generated to support old profile names."""
|
"""Test that aliases are correctly generated to support old profile names."""
|
||||||
@@ -193,7 +188,7 @@ class TestMigrateProfiles(unittest.TestCase):
|
|||||||
self.assertNotIn("token", stdout_output.lower())
|
self.assertNotIn("token", stdout_output.lower())
|
||||||
|
|
||||||
def test_explicit_operations_are_preserved(self):
|
def test_explicit_operations_are_preserved(self):
|
||||||
"""Explicit v1 permissions are canonicalized, not replaced by role defaults."""
|
"""Explicit v1 permissions must not be replaced by role defaults."""
|
||||||
v1_data = json.loads(json.dumps(self.v1_content))
|
v1_data = json.loads(json.dumps(self.v1_content))
|
||||||
v1_data["profiles"]["prgs-reviewer"]["allowed_operations"] = ["read"]
|
v1_data["profiles"]["prgs-reviewer"]["allowed_operations"] = ["read"]
|
||||||
v1_data["profiles"]["prgs-reviewer"]["forbidden_operations"] = ["merge"]
|
v1_data["profiles"]["prgs-reviewer"]["forbidden_operations"] = ["merge"]
|
||||||
@@ -203,8 +198,8 @@ class TestMigrateProfiles(unittest.TestCase):
|
|||||||
v2_data["environments"]["prgs"]["services"]["gitea"]
|
v2_data["environments"]["prgs"]["services"]["gitea"]
|
||||||
["identities"]["reviewer"]
|
["identities"]["reviewer"]
|
||||||
)
|
)
|
||||||
self.assertEqual(reviewer["allowed_operations"], ["gitea.read"])
|
self.assertEqual(reviewer["allowed_operations"], ["read"])
|
||||||
self.assertEqual(reviewer["forbidden_operations"], ["gitea.pr.merge"])
|
self.assertEqual(reviewer["forbidden_operations"], ["merge"])
|
||||||
|
|
||||||
def test_inferred_role_defaults_only_when_unambiguous(self):
|
def test_inferred_role_defaults_only_when_unambiguous(self):
|
||||||
"""Role defaults are allowed only for clear author/reviewer profiles."""
|
"""Role defaults are allowed only for clear author/reviewer profiles."""
|
||||||
@@ -311,171 +306,6 @@ class TestMigrateProfiles(unittest.TestCase):
|
|||||||
migrate_profiles.main()
|
migrate_profiles.main()
|
||||||
self.assertEqual(cm.exception.code, 1)
|
self.assertEqual(cm.exception.code, 1)
|
||||||
|
|
||||||
def test_reconciler_profile_migration(self):
|
|
||||||
"""Legacy reconciler shorthands migrate to valid canonical operations."""
|
|
||||||
import gitea_config
|
|
||||||
import reconciler_profile
|
|
||||||
|
|
||||||
v1_data = {
|
|
||||||
"version": 1,
|
|
||||||
"profiles": {
|
|
||||||
"prgs-reconciler": {
|
|
||||||
"base_url": "redacted-prgs-service",
|
|
||||||
"username": "reconciler-agent",
|
|
||||||
"auth": {"type": "keychain", "id": "reconciler-ref"},
|
|
||||||
"execution_profile": "prgs-reconciler",
|
|
||||||
"allowed_operations": [
|
|
||||||
"read",
|
|
||||||
"pr.close",
|
|
||||||
"pr.comment",
|
|
||||||
"issue.comment",
|
|
||||||
"issue.close",
|
|
||||||
"gitea.branch.delete",
|
|
||||||
],
|
|
||||||
"forbidden_operations": [
|
|
||||||
"merge",
|
|
||||||
"approve",
|
|
||||||
"review",
|
|
||||||
"pr.create",
|
|
||||||
"branch.push",
|
|
||||||
"commit",
|
|
||||||
],
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
v2_data = migrate_profiles.migrate_v1_to_v2(v1_data)
|
|
||||||
reconciler = (
|
|
||||||
v2_data["environments"]["prgs"]["services"]["gitea"]
|
|
||||||
["identities"]["reconciler"]
|
|
||||||
)
|
|
||||||
self.assertEqual(reconciler["role"], "reconciler")
|
|
||||||
allowed = reconciler["allowed_operations"]
|
|
||||||
forbidden = reconciler["forbidden_operations"]
|
|
||||||
# No invalid shorthand remains
|
|
||||||
for bad in ("pr.close", "pr.comment", "issue.close", "read", "merge"):
|
|
||||||
self.assertNotIn(bad, allowed)
|
|
||||||
self.assertNotIn(bad, forbidden)
|
|
||||||
for required in (
|
|
||||||
"gitea.read",
|
|
||||||
"gitea.pr.close",
|
|
||||||
"gitea.pr.comment",
|
|
||||||
"gitea.issue.comment",
|
|
||||||
"gitea.issue.close",
|
|
||||||
"gitea.branch.delete",
|
|
||||||
):
|
|
||||||
self.assertIn(required, allowed)
|
|
||||||
# Production loader accepts every allowed op
|
|
||||||
self.assertEqual(
|
|
||||||
gitea_config.normalize_operation(required), required
|
|
||||||
)
|
|
||||||
self.assertEqual(v2_data["aliases"]["prgs-reconciler"], "prgs.gitea.reconciler")
|
|
||||||
assessment = reconciler_profile.assess_reconciler_profile(allowed, forbidden)
|
|
||||||
self.assertTrue(assessment["valid"])
|
|
||||||
self.assertTrue(migrate_profiles.validate_v2_data(v2_data))
|
|
||||||
|
|
||||||
def test_reconciler_profile_defaults(self):
|
|
||||||
"""Reconciler defaults are fully canonical and loader-valid."""
|
|
||||||
import gitea_config
|
|
||||||
import reconciler_profile
|
|
||||||
|
|
||||||
v1_data = {
|
|
||||||
"version": 1,
|
|
||||||
"profiles": {
|
|
||||||
"prgs-reconciler": {
|
|
||||||
"base_url": "redacted-prgs-service",
|
|
||||||
"username": "reconciler-agent",
|
|
||||||
"auth": {"type": "keychain", "id": "reconciler-ref"},
|
|
||||||
"execution_profile": "prgs-reconciler",
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
v2_data = migrate_profiles.migrate_v1_to_v2(v1_data)
|
|
||||||
reconciler = (
|
|
||||||
v2_data["environments"]["prgs"]["services"]["gitea"]
|
|
||||||
["identities"]["reconciler"]
|
|
||||||
)
|
|
||||||
self.assertEqual(reconciler["role"], "reconciler")
|
|
||||||
self.assertEqual(
|
|
||||||
reconciler["allowed_operations"],
|
|
||||||
migrate_profiles.RECONCILER_DEFAULT_ALLOWED,
|
|
||||||
)
|
|
||||||
self.assertEqual(
|
|
||||||
reconciler["forbidden_operations"],
|
|
||||||
migrate_profiles.RECONCILER_DEFAULT_FORBIDDEN,
|
|
||||||
)
|
|
||||||
for op in reconciler["allowed_operations"]:
|
|
||||||
self.assertEqual(gitea_config.normalize_operation(op), op)
|
|
||||||
self.assertTrue(op.startswith("gitea."))
|
|
||||||
assessment = reconciler_profile.assess_reconciler_profile(
|
|
||||||
reconciler["allowed_operations"],
|
|
||||||
reconciler["forbidden_operations"],
|
|
||||||
)
|
|
||||||
self.assertTrue(assessment["valid"])
|
|
||||||
self.assertNotIn(
|
|
||||||
"gitea.branch.delete", assessment["missing_recommended_operations"]
|
|
||||||
)
|
|
||||||
|
|
||||||
def test_reconciler_migration_idempotent_canonicalize(self):
|
|
||||||
"""Second canonicalize of already-canonical ops is a no-op."""
|
|
||||||
first = migrate_profiles.canonicalize_operations(
|
|
||||||
list(migrate_profiles.RECONCILER_DEFAULT_ALLOWED)
|
|
||||||
)
|
|
||||||
second = migrate_profiles.canonicalize_operations(first)
|
|
||||||
self.assertEqual(first, second)
|
|
||||||
self.assertEqual(first, list(migrate_profiles.RECONCILER_DEFAULT_ALLOWED))
|
|
||||||
|
|
||||||
def test_reconciler_missing_required_fails_visibly(self):
|
|
||||||
"""Missing gitea.pr.close after migration fails closed (not silent drop)."""
|
|
||||||
v1_data = {
|
|
||||||
"version": 1,
|
|
||||||
"profiles": {
|
|
||||||
"prgs-reconciler": {
|
|
||||||
"base_url": "redacted-prgs-service",
|
|
||||||
"username": "reconciler-agent",
|
|
||||||
"auth": {"type": "keychain", "id": "reconciler-ref"},
|
|
||||||
"execution_profile": "prgs-reconciler",
|
|
||||||
"allowed_operations": ["read", "gitea.branch.delete"],
|
|
||||||
"forbidden_operations": ["merge"],
|
|
||||||
}
|
|
||||||
},
|
|
||||||
}
|
|
||||||
with self.assertRaisesRegex(ValueError, "missing required"):
|
|
||||||
migrate_profiles.migrate_v1_to_v2(v1_data)
|
|
||||||
|
|
||||||
def test_unknown_operation_fails_visibly(self):
|
|
||||||
v1_data = {
|
|
||||||
"version": 1,
|
|
||||||
"profiles": {
|
|
||||||
"prgs-author": {
|
|
||||||
"base_url": "redacted-prgs-service",
|
|
||||||
"username": "jcwalker3",
|
|
||||||
"auth": {"type": "keychain", "id": "hidden-author-ref"},
|
|
||||||
"execution_profile": "prgs-author",
|
|
||||||
"allowed_operations": ["read", "not.a.real.op"],
|
|
||||||
"forbidden_operations": ["merge"],
|
|
||||||
}
|
|
||||||
},
|
|
||||||
}
|
|
||||||
with self.assertRaisesRegex(ValueError, "cannot be canonicalized"):
|
|
||||||
migrate_profiles.migrate_v1_to_v2(v1_data)
|
|
||||||
|
|
||||||
def test_role_inference_author_reviewer_merger_reconciler(self):
|
|
||||||
self.assertEqual(
|
|
||||||
migrate_profiles.infer_role("prgs-author", "prgs-author"), "author"
|
|
||||||
)
|
|
||||||
self.assertEqual(
|
|
||||||
migrate_profiles.infer_role("prgs-reviewer", "prgs-reviewer"),
|
|
||||||
"reviewer",
|
|
||||||
)
|
|
||||||
self.assertEqual(
|
|
||||||
migrate_profiles.infer_role("prgs-reconciler", "prgs-reconciler"),
|
|
||||||
"reconciler",
|
|
||||||
)
|
|
||||||
self.assertIsNone(
|
|
||||||
migrate_profiles.infer_role("prgs-merger", "prgs-merger")
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
unittest.main()
|
unittest.main()
|
||||||
|
|
||||||
|
|||||||
@@ -76,17 +76,13 @@ class TestPreflightReadSurvival(unittest.TestCase):
|
|||||||
self.assertIn("task mismatch", str(ctx.exception))
|
self.assertIn("task mismatch", str(ctx.exception))
|
||||||
|
|
||||||
def test_capability_consumed_after_mutation_gate(self):
|
def test_capability_consumed_after_mutation_gate(self):
|
||||||
# Use reconciler/close_pr so this purity-order test does not require a
|
|
||||||
# branches/ worktree (author create_issue would hit #274/#683 guards).
|
|
||||||
# Test isolation stays explicit; production author guards remain live
|
|
||||||
# under force-on (see tests/test_issue_683_workflow_scope_guards.py).
|
|
||||||
mcp_server.record_preflight_check("whoami")
|
mcp_server.record_preflight_check("whoami")
|
||||||
mcp_server.record_preflight_check(
|
mcp_server.record_preflight_check(
|
||||||
"capability", resolved_role="reconciler", resolved_task="close_pr"
|
"capability", resolved_role="author", resolved_task="create_issue"
|
||||||
)
|
)
|
||||||
mcp_server.verify_preflight_purity(task="close_pr")
|
mcp_server.verify_preflight_purity(task="create_issue")
|
||||||
with self.assertRaises(RuntimeError) as ctx:
|
with self.assertRaises(RuntimeError) as ctx:
|
||||||
mcp_server.verify_preflight_purity(task="close_pr")
|
mcp_server.verify_preflight_purity(task="create_issue")
|
||||||
self.assertIn("has not been resolved", str(ctx.exception))
|
self.assertIn("has not been resolved", str(ctx.exception))
|
||||||
|
|
||||||
def test_whoami_recovery_after_violation_clears_capability(self):
|
def test_whoami_recovery_after_violation_clears_capability(self):
|
||||||
|
|||||||
@@ -86,21 +86,9 @@ class TestReconcilerCloseWorkspaceGuard(unittest.TestCase):
|
|||||||
):
|
):
|
||||||
srv._preflight_resolved_role = "author"
|
srv._preflight_resolved_role = "author"
|
||||||
with patch.object(srv, "PROJECT_ROOT", CONTROL_CHECKOUT_ROOT):
|
with patch.object(srv, "PROJECT_ROOT", CONTROL_CHECKOUT_ROOT):
|
||||||
try:
|
with self.assertRaises(RuntimeError) as ctx:
|
||||||
res = srv.gitea_create_issue(title="Test", body="body")
|
srv.gitea_create_issue(title="Test", body="body")
|
||||||
except RuntimeError as exc:
|
self.assertIn("stable control checkout", str(ctx.exception))
|
||||||
self.assertIn("stable control checkout", str(exc))
|
|
||||||
else:
|
|
||||||
# #683 typed blocker at mutation entrypoint
|
|
||||||
self.assertFalse(res.get("success"))
|
|
||||||
blob = " ".join(res.get("reasons") or []) + str(
|
|
||||||
res.get("blocker_kind") or ""
|
|
||||||
)
|
|
||||||
self.assertTrue(
|
|
||||||
"stable control checkout" in blob
|
|
||||||
or "missing_issue_worktree" in blob
|
|
||||||
or "control checkout" in blob.lower()
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
|
|||||||
@@ -82,42 +82,6 @@ class TestReconcilerProfileModel(unittest.TestCase):
|
|||||||
"reconciler",
|
"reconciler",
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_branch_delete_is_recommended_for_reconciler(self):
|
|
||||||
self.assertIn(
|
|
||||||
"gitea.branch.delete",
|
|
||||||
reconciler_profile.RECONCILER_RECOMMENDED_OPERATIONS,
|
|
||||||
)
|
|
||||||
self.assertNotIn(
|
|
||||||
"gitea.branch.delete",
|
|
||||||
reconciler_profile.RECONCILER_REQUIRED_OPERATIONS,
|
|
||||||
)
|
|
||||||
|
|
||||||
def test_reconciler_with_branch_delete_stays_valid(self):
|
|
||||||
allowed = PRGS_RECONCILER_ALLOWED + ["gitea.branch.delete"]
|
|
||||||
result = reconciler_profile.assess_reconciler_profile(
|
|
||||||
allowed,
|
|
||||||
PRGS_RECONCILER_FORBIDDEN,
|
|
||||||
)
|
|
||||||
self.assertTrue(result["is_reconciler_profile"])
|
|
||||||
self.assertTrue(result["valid"])
|
|
||||||
self.assertNotIn(
|
|
||||||
"gitea.branch.delete", result["missing_recommended_operations"]
|
|
||||||
)
|
|
||||||
self.assertEqual(
|
|
||||||
mcp_server._role_kind(allowed, PRGS_RECONCILER_FORBIDDEN),
|
|
||||||
"reconciler",
|
|
||||||
)
|
|
||||||
|
|
||||||
def test_reconciler_without_branch_delete_reports_missing_recommended(self):
|
|
||||||
result = reconciler_profile.assess_reconciler_profile(
|
|
||||||
PRGS_RECONCILER_ALLOWED,
|
|
||||||
PRGS_RECONCILER_FORBIDDEN,
|
|
||||||
)
|
|
||||||
self.assertTrue(result["valid"])
|
|
||||||
self.assertIn(
|
|
||||||
"gitea.branch.delete", result["missing_recommended_operations"]
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
unittest.main()
|
unittest.main()
|
||||||
@@ -0,0 +1,412 @@
|
|||||||
|
"""Tests for optional self-hosted Sentry observability (#606).
|
||||||
|
|
||||||
|
Covers the pure module (config, redaction, event/check-in builders) and the
|
||||||
|
runtime capture paths using a fake ``sentry_sdk``, so nothing ever touches the
|
||||||
|
network. Critically proves the feature is a no-op when disabled or DSN-less
|
||||||
|
(acceptance criterion 1) and that secrets/paths/session-state are never sent
|
||||||
|
(criterion 5).
|
||||||
|
"""
|
||||||
|
|
||||||
|
import sys
|
||||||
|
import contextlib
|
||||||
|
from pathlib import Path
|
||||||
|
|
||||||
|
import pytest
|
||||||
|
|
||||||
|
sys.path.insert(0, str(Path(__file__).resolve().parent.parent))
|
||||||
|
|
||||||
|
import sentry_observability as so # noqa: E402
|
||||||
|
|
||||||
|
|
||||||
|
# ── Fake SDK ────────────────────────────────────────────────────────────────
|
||||||
|
class _FakeScope:
|
||||||
|
def __init__(self):
|
||||||
|
self.tags = {}
|
||||||
|
self.extras = {}
|
||||||
|
|
||||||
|
def set_tag(self, k, v):
|
||||||
|
self.tags[k] = v
|
||||||
|
|
||||||
|
def set_extra(self, k, v):
|
||||||
|
self.extras[k] = v
|
||||||
|
|
||||||
|
|
||||||
|
class FakeSentrySDK:
|
||||||
|
"""Minimal stand-in exposing the SDK surface sentry_observability uses."""
|
||||||
|
|
||||||
|
def __init__(self):
|
||||||
|
self.init_kwargs = None
|
||||||
|
self.events = []
|
||||||
|
self.exceptions = []
|
||||||
|
self.checkins = []
|
||||||
|
self.last_scope = None
|
||||||
|
|
||||||
|
def init(self, **kwargs):
|
||||||
|
self.init_kwargs = kwargs
|
||||||
|
|
||||||
|
def capture_event(self, event):
|
||||||
|
self.events.append(event)
|
||||||
|
|
||||||
|
def capture_exception(self, exc):
|
||||||
|
self.exceptions.append(exc)
|
||||||
|
|
||||||
|
def capture_checkin(self, **payload):
|
||||||
|
self.checkins.append(payload)
|
||||||
|
|
||||||
|
@contextlib.contextmanager
|
||||||
|
def push_scope(self):
|
||||||
|
self.last_scope = _FakeScope()
|
||||||
|
yield self.last_scope
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.fixture(autouse=True)
|
||||||
|
def _reset_state():
|
||||||
|
"""Isolate module init state between tests."""
|
||||||
|
so.reset_for_tests()
|
||||||
|
yield
|
||||||
|
so.reset_for_tests()
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.fixture
|
||||||
|
def fake_sdk(monkeypatch):
|
||||||
|
sdk = FakeSentrySDK()
|
||||||
|
monkeypatch.setattr(so, "sentry_sdk", sdk)
|
||||||
|
return sdk
|
||||||
|
|
||||||
|
|
||||||
|
# ── Config / gating ─────────────────────────────────────────────────────────
|
||||||
|
def test_disabled_by_default_empty_env():
|
||||||
|
cfg = so.load_config(env={})
|
||||||
|
assert cfg.enabled is False
|
||||||
|
assert cfg.active is False
|
||||||
|
|
||||||
|
|
||||||
|
def test_enabled_flag_without_dsn_is_not_active():
|
||||||
|
cfg = so.load_config(env={"MCP_SENTRY_ENABLED": "1"})
|
||||||
|
assert cfg.enabled is True
|
||||||
|
assert cfg.dsn is None
|
||||||
|
assert cfg.active is False # DSN required
|
||||||
|
|
||||||
|
|
||||||
|
def test_dsn_without_enabled_flag_is_not_active():
|
||||||
|
cfg = so.load_config(env={"SENTRY_DSN": "https://[email protected]/1"})
|
||||||
|
assert cfg.active is False
|
||||||
|
|
||||||
|
|
||||||
|
def test_active_requires_enabled_and_dsn():
|
||||||
|
cfg = so.load_config(
|
||||||
|
env={"MCP_SENTRY_ENABLED": "true", "SENTRY_DSN": "https://[email protected]/1"}
|
||||||
|
)
|
||||||
|
assert cfg.active is True
|
||||||
|
|
||||||
|
|
||||||
|
def test_truthy_variants():
|
||||||
|
for val in ("1", "true", "YES", "On"):
|
||||||
|
cfg = so.load_config(env={"MCP_SENTRY_ENABLED": val})
|
||||||
|
assert cfg.enabled is True
|
||||||
|
for val in ("0", "false", "no", "", "off"):
|
||||||
|
cfg = so.load_config(env={"MCP_SENTRY_ENABLED": val})
|
||||||
|
assert cfg.enabled is False
|
||||||
|
|
||||||
|
|
||||||
|
def test_traces_sample_rate_parsed_and_clamped():
|
||||||
|
assert so.load_config(env={"MCP_SENTRY_TRACES_SAMPLE_RATE": "0.25"}).traces_sample_rate == 0.25
|
||||||
|
assert so.load_config(env={"MCP_SENTRY_TRACES_SAMPLE_RATE": "5"}).traces_sample_rate == 1.0
|
||||||
|
assert so.load_config(env={"MCP_SENTRY_TRACES_SAMPLE_RATE": "-1"}).traces_sample_rate == 0.0
|
||||||
|
assert so.load_config(env={"MCP_SENTRY_TRACES_SAMPLE_RATE": "junk"}).traces_sample_rate == 0.0
|
||||||
|
|
||||||
|
|
||||||
|
def test_safe_summary_has_no_dsn_value():
|
||||||
|
cfg = so.load_config(
|
||||||
|
env={"MCP_SENTRY_ENABLED": "1", "SENTRY_DSN": "https://[email protected]/1"}
|
||||||
|
)
|
||||||
|
summary = cfg.safe_summary()
|
||||||
|
assert summary["dsn_present"] is True
|
||||||
|
assert "secret" not in repr(summary)
|
||||||
|
assert "dsn" not in summary # only presence, never the value
|
||||||
|
|
||||||
|
|
||||||
|
# ── init_sentry ─────────────────────────────────────────────────────────────
|
||||||
|
def test_init_noop_when_disabled(fake_sdk):
|
||||||
|
status = so.init_sentry(so.load_config(env={}))
|
||||||
|
assert status["initialized"] is False
|
||||||
|
assert fake_sdk.init_kwargs is None # no SDK init
|
||||||
|
assert so.is_initialized() is False
|
||||||
|
|
||||||
|
|
||||||
|
def test_init_noop_when_enabled_but_missing_dsn(fake_sdk):
|
||||||
|
status = so.init_sentry(so.load_config(env={"MCP_SENTRY_ENABLED": "1"}))
|
||||||
|
assert status["initialized"] is False
|
||||||
|
assert fake_sdk.init_kwargs is None
|
||||||
|
|
||||||
|
|
||||||
|
def test_init_reports_missing_sdk(monkeypatch):
|
||||||
|
monkeypatch.setattr(so, "sentry_sdk", None)
|
||||||
|
status = so.init_sentry(
|
||||||
|
so.load_config(
|
||||||
|
env={"MCP_SENTRY_ENABLED": "1", "SENTRY_DSN": "https://[email protected]/1"}
|
||||||
|
)
|
||||||
|
)
|
||||||
|
assert status["initialized"] is False
|
||||||
|
assert "not installed" in status["reason"]
|
||||||
|
|
||||||
|
|
||||||
|
def test_init_configures_sdk_with_scrubber(fake_sdk):
|
||||||
|
status = so.init_sentry(
|
||||||
|
so.load_config(
|
||||||
|
env={
|
||||||
|
"MCP_SENTRY_ENABLED": "1",
|
||||||
|
"SENTRY_DSN": "https://[email protected]/1",
|
||||||
|
"SENTRY_ENVIRONMENT": "prod",
|
||||||
|
"MCP_SENTRY_TRACES_SAMPLE_RATE": "0.1",
|
||||||
|
}
|
||||||
|
)
|
||||||
|
)
|
||||||
|
assert status["initialized"] is True
|
||||||
|
assert so.is_initialized() is True
|
||||||
|
kw = fake_sdk.init_kwargs
|
||||||
|
assert kw["dsn"] == "https://[email protected]/1"
|
||||||
|
assert kw["environment"] == "prod"
|
||||||
|
assert kw["traces_sample_rate"] == 0.1
|
||||||
|
assert kw["before_send"] is so.scrub_event
|
||||||
|
assert kw["send_default_pii"] is False
|
||||||
|
|
||||||
|
|
||||||
|
def test_init_enable_logs_wires_log_scrubber(fake_sdk):
|
||||||
|
so.init_sentry(
|
||||||
|
so.load_config(
|
||||||
|
env={
|
||||||
|
"MCP_SENTRY_ENABLED": "1",
|
||||||
|
"SENTRY_DSN": "https://[email protected]/1",
|
||||||
|
"MCP_SENTRY_ENABLE_LOGS": "1",
|
||||||
|
}
|
||||||
|
)
|
||||||
|
)
|
||||||
|
exp = fake_sdk.init_kwargs["_experiments"]
|
||||||
|
assert exp["enable_logs"] is True
|
||||||
|
assert exp["before_send_log"] is so.scrub_event
|
||||||
|
|
||||||
|
|
||||||
|
def test_init_never_raises_on_sdk_failure(monkeypatch):
|
||||||
|
class Boom:
|
||||||
|
def init(self, **kwargs):
|
||||||
|
raise RuntimeError("sentry down")
|
||||||
|
|
||||||
|
monkeypatch.setattr(so, "sentry_sdk", Boom())
|
||||||
|
status = so.init_sentry(
|
||||||
|
so.load_config(
|
||||||
|
env={"MCP_SENTRY_ENABLED": "1", "SENTRY_DSN": "https://[email protected]/1"}
|
||||||
|
)
|
||||||
|
)
|
||||||
|
assert status["initialized"] is False
|
||||||
|
assert "init failed" in status["reason"]
|
||||||
|
|
||||||
|
|
||||||
|
# ── Redaction (fail closed) ─────────────────────────────────────────────────
|
||||||
|
def test_build_tags_allowlist_only():
|
||||||
|
tags = so.build_tags(role="author", secret_thing="leak", pid=123)
|
||||||
|
assert tags["role"] == "author"
|
||||||
|
assert tags["pid"] == "123"
|
||||||
|
assert "secret_thing" not in tags
|
||||||
|
|
||||||
|
|
||||||
|
def test_build_tags_hashes_session_id():
|
||||||
|
tags = so.build_tags(session_id="prgs-author-20479-cf9ac178")
|
||||||
|
assert "session_id" not in tags
|
||||||
|
assert "session_id_hash" in tags
|
||||||
|
assert tags["session_id_hash"] != "prgs-author-20479-cf9ac178"
|
||||||
|
assert len(tags["session_id_hash"]) == 12
|
||||||
|
|
||||||
|
|
||||||
|
def test_build_tags_collapses_worktree_path():
|
||||||
|
tags = so.build_tags(
|
||||||
|
worktree_path="/Users/x/Development/Gitea-Tools/branches/issue-606-sentry-observability"
|
||||||
|
)
|
||||||
|
assert "worktree_path" not in tags
|
||||||
|
assert tags["worktree_category"] == "author"
|
||||||
|
|
||||||
|
|
||||||
|
def test_build_tags_drops_value_that_scrubs_to_redacted():
|
||||||
|
# A tag value that is itself a token gets scrubbed then dropped.
|
||||||
|
tags = so.build_tags(capability="token abcdef1234567890")
|
||||||
|
assert "capability" not in tags
|
||||||
|
|
||||||
|
|
||||||
|
def test_sanitize_path_categories():
|
||||||
|
assert so.sanitize_path("/repo/branches/review-pr-654") == "reviewer"
|
||||||
|
assert so.sanitize_path("/repo/branches/merge-pr-1") == "merger"
|
||||||
|
assert so.sanitize_path("/repo/branches/reconcile-pr-1") == "reconciler"
|
||||||
|
assert so.sanitize_path("/repo/branches/feat-issue-606") == "author"
|
||||||
|
assert so.sanitize_path("/x/y/Gitea-Tools") == "root"
|
||||||
|
|
||||||
|
|
||||||
|
def test_redact_value_scrubs_secrets_and_paths():
|
||||||
|
out = so.redact_value(
|
||||||
|
{
|
||||||
|
"token": "abc123",
|
||||||
|
"note": "Authorization: Bearer sk_live_abcdefgh12345",
|
||||||
|
"path": "/Users/jasonwalker/Development/Gitea-Tools/secret",
|
||||||
|
"dsn": "https://[email protected]/1",
|
||||||
|
"safe": "hello",
|
||||||
|
}
|
||||||
|
)
|
||||||
|
assert out["token"] == so.REDACTED
|
||||||
|
assert out["dsn"] == so.REDACTED
|
||||||
|
assert "sk_live" not in out["note"]
|
||||||
|
assert so.REDACTED_PATH in out["path"]
|
||||||
|
assert "/Users/" not in out["path"]
|
||||||
|
assert out["safe"] == "hello"
|
||||||
|
|
||||||
|
|
||||||
|
def test_redact_value_forbidden_prompt_and_session_state():
|
||||||
|
out = so.redact_value(
|
||||||
|
{"prompt": "full body", "session_state": "{...}", "keep": "ok"}
|
||||||
|
)
|
||||||
|
assert out["prompt"] == so.REDACTED
|
||||||
|
assert out["session_state"] == so.REDACTED
|
||||||
|
assert out["keep"] == "ok"
|
||||||
|
|
||||||
|
|
||||||
|
def test_scrub_event_redacts_nested_and_drops_server_name():
|
||||||
|
event = {
|
||||||
|
"server_name": "some-host",
|
||||||
|
"message": "boom",
|
||||||
|
"extra": {"token": "leak", "ok": "1"},
|
||||||
|
}
|
||||||
|
scrubbed = so.scrub_event(event)
|
||||||
|
assert "server_name" not in scrubbed
|
||||||
|
assert scrubbed["extra"]["token"] == so.REDACTED
|
||||||
|
assert scrubbed["extra"]["ok"] == "1"
|
||||||
|
|
||||||
|
|
||||||
|
def test_scrub_event_drops_non_dict():
|
||||||
|
assert so.scrub_event("not a dict") is None
|
||||||
|
assert so.scrub_event(None) is None
|
||||||
|
|
||||||
|
|
||||||
|
# ── Event builders ──────────────────────────────────────────────────────────
|
||||||
|
def test_build_blocker_event_structure_and_next_action():
|
||||||
|
event = so.build_blocker_event(
|
||||||
|
"active_foreign_lease",
|
||||||
|
message="blocked by foreign lease",
|
||||||
|
next_action="wait or adopt via allocator",
|
||||||
|
level="warning",
|
||||||
|
tags={"pr_number": 606, "session_id": "s-123"},
|
||||||
|
)
|
||||||
|
assert event["tags"]["blocker_type"] == "active_foreign_lease"
|
||||||
|
assert event["tags"]["pr_number"] == "606"
|
||||||
|
assert "session_id" not in event["tags"]
|
||||||
|
assert event["tags"]["session_id_hash"]
|
||||||
|
assert event["extra"]["canonical_next_action"] == "wait or adopt via allocator"
|
||||||
|
assert event["fingerprint"] == ["workflow-blocker", "active_foreign_lease"]
|
||||||
|
|
||||||
|
|
||||||
|
def test_build_blocker_event_invalid_level_defaults_warning():
|
||||||
|
event = so.build_blocker_event("x", level="nonsense")
|
||||||
|
assert event["level"] == "warning"
|
||||||
|
|
||||||
|
|
||||||
|
def test_build_checkin_payload_maps_slugs():
|
||||||
|
for key, slug in so.MONITOR_SLUGS.items():
|
||||||
|
payload = so.build_checkin_payload(key, "ok")
|
||||||
|
assert payload["monitor_slug"] == slug
|
||||||
|
assert payload["status"] == "ok"
|
||||||
|
|
||||||
|
|
||||||
|
def test_build_checkin_payload_explicit_slug_passthrough():
|
||||||
|
payload = so.build_checkin_payload("custom-slug", "in_progress", duration=1.5)
|
||||||
|
assert payload["monitor_slug"] == "custom-slug"
|
||||||
|
assert payload["duration"] == 1.5
|
||||||
|
|
||||||
|
|
||||||
|
def test_build_checkin_payload_rejects_bad_status():
|
||||||
|
with pytest.raises(ValueError):
|
||||||
|
so.build_checkin_payload("allocator_health", "bogus")
|
||||||
|
|
||||||
|
|
||||||
|
def test_all_six_monitors_registered():
|
||||||
|
assert set(so.MONITOR_SLUGS) == {
|
||||||
|
"stale_lease_scan",
|
||||||
|
"terminal_lock_scan",
|
||||||
|
"allocator_health",
|
||||||
|
"namespace_health",
|
||||||
|
"dashboard_freshness",
|
||||||
|
"reconciler_cleanup",
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# ── Capture paths (fail open) ───────────────────────────────────────────────
|
||||||
|
def test_capture_workflow_blocker_noop_when_disabled(fake_sdk):
|
||||||
|
# not initialised
|
||||||
|
event = so.capture_workflow_blocker("some_blocker", message="x")
|
||||||
|
assert isinstance(event, dict) # still returns redacted event
|
||||||
|
assert fake_sdk.events == [] # but nothing sent
|
||||||
|
|
||||||
|
|
||||||
|
def test_capture_workflow_blocker_sends_when_initialised(fake_sdk):
|
||||||
|
so.init_sentry(
|
||||||
|
so.load_config(
|
||||||
|
env={"MCP_SENTRY_ENABLED": "1", "SENTRY_DSN": "https://[email protected]/1"}
|
||||||
|
)
|
||||||
|
)
|
||||||
|
so.capture_workflow_blocker("terminal_lock_occupied", message="held")
|
||||||
|
assert len(fake_sdk.events) == 1
|
||||||
|
assert fake_sdk.events[0]["tags"]["blocker_type"] == "terminal_lock_occupied"
|
||||||
|
|
||||||
|
|
||||||
|
def test_capture_exception_noop_when_disabled(fake_sdk):
|
||||||
|
assert so.capture_exception(ValueError("x")) is False
|
||||||
|
assert fake_sdk.exceptions == []
|
||||||
|
|
||||||
|
|
||||||
|
def test_capture_exception_sends_scrubbed_tags(fake_sdk):
|
||||||
|
so.init_sentry(
|
||||||
|
so.load_config(
|
||||||
|
env={"MCP_SENTRY_ENABLED": "1", "SENTRY_DSN": "https://[email protected]/1"}
|
||||||
|
)
|
||||||
|
)
|
||||||
|
ok = so.capture_exception(
|
||||||
|
RuntimeError("bad"), tags={"mutation_tool": "gitea_merge_pr", "leaky": "x"}
|
||||||
|
)
|
||||||
|
assert ok is True
|
||||||
|
assert len(fake_sdk.exceptions) == 1
|
||||||
|
assert fake_sdk.last_scope.tags["mutation_tool"] == "gitea_merge_pr"
|
||||||
|
assert "leaky" not in fake_sdk.last_scope.tags
|
||||||
|
|
||||||
|
|
||||||
|
def test_capture_exception_never_raises(monkeypatch, fake_sdk):
|
||||||
|
so.init_sentry(
|
||||||
|
so.load_config(
|
||||||
|
env={"MCP_SENTRY_ENABLED": "1", "SENTRY_DSN": "https://[email protected]/1"}
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
def boom(exc):
|
||||||
|
raise RuntimeError("sdk exploded")
|
||||||
|
|
||||||
|
monkeypatch.setattr(fake_sdk, "capture_exception", boom)
|
||||||
|
# Must swallow the SDK failure (fail open).
|
||||||
|
assert so.capture_exception(ValueError("y")) is False
|
||||||
|
|
||||||
|
|
||||||
|
def test_monitor_checkin_noop_when_disabled(fake_sdk):
|
||||||
|
payload = so.monitor_checkin("allocator_health", "ok")
|
||||||
|
assert payload["monitor_slug"] == "gitea-mcp-allocator-health"
|
||||||
|
assert fake_sdk.checkins == [] # not sent while disabled
|
||||||
|
|
||||||
|
|
||||||
|
def test_monitor_checkin_sends_when_initialised(fake_sdk):
|
||||||
|
so.init_sentry(
|
||||||
|
so.load_config(
|
||||||
|
env={"MCP_SENTRY_ENABLED": "1", "SENTRY_DSN": "https://[email protected]/1"}
|
||||||
|
)
|
||||||
|
)
|
||||||
|
so.monitor_checkin("stale_lease_scan", "ok")
|
||||||
|
assert fake_sdk.checkins == [
|
||||||
|
{"monitor_slug": "gitea-mcp-stale-lease-scan", "status": "ok"}
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def test_monitor_checkin_invalid_status_returns_none(fake_sdk):
|
||||||
|
assert so.monitor_checkin("allocator_health", "bogus") is None
|
||||||
|
assert fake_sdk.checkins == []
|
||||||
@@ -1,626 +0,0 @@
|
|||||||
"""Workflow scope ownership and production-guard hardening (#683).
|
|
||||||
|
|
||||||
Implements fail-closed enforcement so sessions cannot:
|
|
||||||
|
|
||||||
* mutate source/tests on the root/control checkout (including temporary
|
|
||||||
diagnostic edits) without binding an issue-backed ``branches/`` worktree;
|
|
||||||
* continue out-of-scope source work while locked to a different issue;
|
|
||||||
* disable, skip, or conceal production root/branches/porcelain guards solely
|
|
||||||
because pytest/unittest is loaded.
|
|
||||||
|
|
||||||
This module is pure assessment + small durable ledger helpers. Callers gather
|
|
||||||
live facts (lock, branch, porcelain, worktree path) and pass them in. Existing
|
|
||||||
root_checkout_guard / author_mutation_worktree assessors remain authoritative;
|
|
||||||
this module composes typed blockers with exact recovery actions.
|
|
||||||
|
|
||||||
Do **not** reintroduce the rejected #681 / ``300a4ca`` patterns:
|
|
||||||
|
|
||||||
* early-return from workspace verification under ``_preflight_in_test_mode()``
|
|
||||||
* porcelain filtering that strips ``*.py`` lines under pytest
|
|
||||||
"""
|
|
||||||
|
|
||||||
from __future__ import annotations
|
|
||||||
|
|
||||||
import os
|
|
||||||
import re
|
|
||||||
import threading
|
|
||||||
from typing import Any
|
|
||||||
|
|
||||||
import author_mutation_worktree
|
|
||||||
from reviewer_worktree import parse_dirty_tracked_files
|
|
||||||
|
|
||||||
# ── force-on / test isolation ────────────────────────────────────────────────
|
|
||||||
|
|
||||||
# When set, production root/branches/scope guards MUST run even under pytest.
|
|
||||||
# Unit tests that only need preflight-order isolation leave this unset and
|
|
||||||
# use GITEA_TEST_PORCELAIN / fixtures; real-entrypoint proof sets this to "1".
|
|
||||||
FORCE_PRODUCTION_GUARDS_ENV = "GITEA_TEST_FORCE_PRODUCTION_GUARDS"
|
|
||||||
|
|
||||||
# Existing force signals also mean "exercise production dirtiness paths".
|
|
||||||
_FORCE_DIRTY_ENV = "GITEA_TEST_FORCE_DIRTY"
|
|
||||||
_FORCE_PORCELAIN_ENV = "GITEA_TEST_PORCELAIN"
|
|
||||||
|
|
||||||
# ── typed blocker kinds ──────────────────────────────────────────────────────
|
|
||||||
|
|
||||||
BLOCKER_ROOT_DIAGNOSTIC_EDIT = "root_diagnostic_edit"
|
|
||||||
BLOCKER_MISSING_ISSUE_SCOPE = "missing_issue_scope"
|
|
||||||
BLOCKER_OUT_OF_SCOPE_ISSUE = "out_of_scope_issue"
|
|
||||||
BLOCKER_MISSING_WORKTREE = "missing_issue_worktree"
|
|
||||||
BLOCKER_UNRECORDED_FAILURE = "unrecorded_workflow_failure"
|
|
||||||
BLOCKER_PRODUCTION_GUARD = "production_guard_violation"
|
|
||||||
|
|
||||||
BLOCKER_KINDS = frozenset(
|
|
||||||
{
|
|
||||||
BLOCKER_ROOT_DIAGNOSTIC_EDIT,
|
|
||||||
BLOCKER_MISSING_ISSUE_SCOPE,
|
|
||||||
BLOCKER_OUT_OF_SCOPE_ISSUE,
|
|
||||||
BLOCKER_MISSING_WORKTREE,
|
|
||||||
BLOCKER_UNRECORDED_FAILURE,
|
|
||||||
BLOCKER_PRODUCTION_GUARD,
|
|
||||||
}
|
|
||||||
)
|
|
||||||
|
|
||||||
_NEXT_ACTIONS: dict[str, str] = {
|
|
||||||
BLOCKER_ROOT_DIAGNOSTIC_EDIT: (
|
|
||||||
"Stop editing the control/root checkout. Preserve or discard root WIP "
|
|
||||||
"durably, restore root to clean master, lock or create the owning issue, "
|
|
||||||
"bind branches/issue-<N>-*, set GITEA_AUTHOR_WORKTREE to that worktree, "
|
|
||||||
"then re-run the mutation."
|
|
||||||
),
|
|
||||||
BLOCKER_MISSING_ISSUE_SCOPE: (
|
|
||||||
"Select or create the owning Gitea issue, claim/lock it "
|
|
||||||
"(gitea_mark_issue + gitea_lock_issue), bind branches/issue-<N>-* "
|
|
||||||
"from clean master, then re-run the mutation from that worktree."
|
|
||||||
),
|
|
||||||
BLOCKER_OUT_OF_SCOPE_ISSUE: (
|
|
||||||
"Stop. The active issue lock does not own this work. Release or finish "
|
|
||||||
"the current issue lease, then select/create and lock the correct "
|
|
||||||
"owning issue, bind its branches/issue-<N>-* worktree, and re-run."
|
|
||||||
),
|
|
||||||
BLOCKER_MISSING_WORKTREE: (
|
|
||||||
"Bind an issue-backed worktree under branches/ (scripts/worktree-start "
|
|
||||||
"or git worktree add branches/issue-<N>-*), set GITEA_AUTHOR_WORKTREE / "
|
|
||||||
"worktree_path to that path, keep the control checkout clean on master, "
|
|
||||||
"then re-run the mutation."
|
|
||||||
),
|
|
||||||
BLOCKER_UNRECORDED_FAILURE: (
|
|
||||||
"Record the workflow/tool failure durably first (issue comment or "
|
|
||||||
"workflow_scope_guard.record_workflow_failure), then continue only "
|
|
||||||
"inside the owning issue-backed worktree."
|
|
||||||
),
|
|
||||||
BLOCKER_PRODUCTION_GUARD: (
|
|
||||||
"Resolve the production guard violation: clean or isolate the control "
|
|
||||||
"checkout, bind the owning issue worktree under branches/, and re-run "
|
|
||||||
"with production guards active."
|
|
||||||
),
|
|
||||||
}
|
|
||||||
|
|
||||||
_ISSUE_IN_BRANCH_RE = re.compile(r"issue-(\d+)", re.IGNORECASE)
|
|
||||||
|
|
||||||
# In-process durable failure ledger (also written via optional sink callback).
|
|
||||||
_ledger_lock = threading.Lock()
|
|
||||||
_failure_ledger: list[dict[str, Any]] = []
|
|
||||||
|
|
||||||
|
|
||||||
class ProductionGuardError(RuntimeError):
|
|
||||||
"""Fail-closed production guard with typed blocker metadata (#683)."""
|
|
||||||
|
|
||||||
def __init__(
|
|
||||||
self,
|
|
||||||
message: str,
|
|
||||||
*,
|
|
||||||
blocker_kind: str,
|
|
||||||
exact_next_action: str | None = None,
|
|
||||||
reasons: list[str] | None = None,
|
|
||||||
details: dict[str, Any] | None = None,
|
|
||||||
) -> None:
|
|
||||||
super().__init__(message)
|
|
||||||
kind = (blocker_kind or "").strip()
|
|
||||||
if kind not in BLOCKER_KINDS:
|
|
||||||
kind = BLOCKER_PRODUCTION_GUARD
|
|
||||||
self.blocker_kind = kind
|
|
||||||
self.exact_next_action = (
|
|
||||||
(exact_next_action or "").strip() or _NEXT_ACTIONS[kind]
|
|
||||||
)
|
|
||||||
self.reasons = list(reasons or [message])
|
|
||||||
self.details = dict(details or {})
|
|
||||||
|
|
||||||
|
|
||||||
def production_guards_forced() -> bool:
|
|
||||||
"""True when the explicit #683 force-on flag requests production guards."""
|
|
||||||
return (os.environ.get(FORCE_PRODUCTION_GUARDS_ENV) or "").strip().lower() in {
|
|
||||||
"1",
|
|
||||||
"true",
|
|
||||||
"yes",
|
|
||||||
"on",
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
def purity_order_forced() -> bool:
|
|
||||||
"""True when tests force preflight-order dirtiness paths (legacy flags)."""
|
|
||||||
if os.environ.get(_FORCE_DIRTY_ENV):
|
|
||||||
return True
|
|
||||||
# GITEA_TEST_PORCELAIN present (even empty) means dirtiness paths are live.
|
|
||||||
if os.environ.get(_FORCE_PORCELAIN_ENV) is not None:
|
|
||||||
return True
|
|
||||||
return False
|
|
||||||
|
|
||||||
|
|
||||||
def production_guards_active(*, in_test_mode: bool) -> bool:
|
|
||||||
"""Whether production root/branches/scope guards must execute.
|
|
||||||
|
|
||||||
Production (non-test) always active. Under pytest, active when either the
|
|
||||||
explicit #683 force-on flag or legacy dirty/porcelain force signals are
|
|
||||||
set — never skip production enforcement solely because tests are running
|
|
||||||
when force-on is requested.
|
|
||||||
"""
|
|
||||||
if production_guards_forced() or purity_order_forced():
|
|
||||||
return True
|
|
||||||
return not bool(in_test_mode)
|
|
||||||
|
|
||||||
|
|
||||||
def extract_issue_number_from_branch(branch_name: str | None) -> int | None:
|
|
||||||
"""Return the first issue-N number embedded in a branch name, if any."""
|
|
||||||
text = (branch_name or "").strip()
|
|
||||||
if not text:
|
|
||||||
return None
|
|
||||||
match = _ISSUE_IN_BRANCH_RE.search(text)
|
|
||||||
if not match:
|
|
||||||
return None
|
|
||||||
try:
|
|
||||||
return int(match.group(1))
|
|
||||||
except ValueError:
|
|
||||||
return None
|
|
||||||
|
|
||||||
|
|
||||||
def is_source_or_test_path(path: str) -> bool:
|
|
||||||
"""True for tracked source/test paths that must not land as root WIP."""
|
|
||||||
p = (path or "").replace("\\", "/").lstrip("./")
|
|
||||||
if not p:
|
|
||||||
return False
|
|
||||||
if p.startswith("tests/") or "/tests/" in f"/{p}":
|
|
||||||
return True
|
|
||||||
if p.endswith((".py", ".pyi", ".toml", ".cfg", ".ini", ".sh")):
|
|
||||||
return True
|
|
||||||
if p in {"requirements.txt", "pyproject.toml", "setup.py", "setup.cfg"}:
|
|
||||||
return True
|
|
||||||
return False
|
|
||||||
|
|
||||||
|
|
||||||
def dirty_source_files(porcelain_status: str) -> list[str]:
|
|
||||||
"""Tracked dirty paths that count as source/test contamination."""
|
|
||||||
dirty = parse_dirty_tracked_files(porcelain_status or "")
|
|
||||||
return [p for p in dirty if is_source_or_test_path(p)]
|
|
||||||
|
|
||||||
|
|
||||||
def assess_issue_scope_ownership(
|
|
||||||
*,
|
|
||||||
locked_issue_number: int | None,
|
|
||||||
target_issue_number: int | None = None,
|
|
||||||
branch_name: str | None = None,
|
|
||||||
role_kind: str | None = None,
|
|
||||||
require_lock_for_author: bool = False,
|
|
||||||
) -> dict[str, Any]:
|
|
||||||
"""Fail closed when the session issue lock does not own the attempted work.
|
|
||||||
|
|
||||||
* Author sessions that require a lock fail when none is held.
|
|
||||||
* When a lock exists, the target issue (tool argument) and/or the issue
|
|
||||||
number embedded in the branch must match the locked issue.
|
|
||||||
* Reviewer/merger/reconciler roles are not issue-scope owners of author
|
|
||||||
implementation work and skip the author lock requirement.
|
|
||||||
"""
|
|
||||||
role = (role_kind or "").strip().lower()
|
|
||||||
locked = locked_issue_number
|
|
||||||
if isinstance(locked, str) and locked.isdigit():
|
|
||||||
locked = int(locked)
|
|
||||||
if locked is not None:
|
|
||||||
try:
|
|
||||||
locked = int(locked)
|
|
||||||
except (TypeError, ValueError):
|
|
||||||
locked = None
|
|
||||||
|
|
||||||
target = target_issue_number
|
|
||||||
if target is not None:
|
|
||||||
try:
|
|
||||||
target = int(target)
|
|
||||||
except (TypeError, ValueError):
|
|
||||||
target = None
|
|
||||||
|
|
||||||
branch_issue = extract_issue_number_from_branch(branch_name)
|
|
||||||
reasons: list[str] = []
|
|
||||||
blocker_kind: str | None = None
|
|
||||||
|
|
||||||
# Non-author roles do not take author issue locks for implementation.
|
|
||||||
if role in {"reviewer", "merger", "reconciler"}:
|
|
||||||
return _scope_ok(locked, target, branch_issue)
|
|
||||||
|
|
||||||
if require_lock_for_author and locked is None:
|
|
||||||
reasons.append(
|
|
||||||
"no owning issue lock is bound for this author session; "
|
|
||||||
"source/test mutation requires selecting or creating an owning issue first"
|
|
||||||
)
|
|
||||||
blocker_kind = BLOCKER_MISSING_ISSUE_SCOPE
|
|
||||||
|
|
||||||
if locked is not None and target is not None and locked != target:
|
|
||||||
reasons.append(
|
|
||||||
f"session is locked to issue #{locked} but mutation targets issue "
|
|
||||||
f"#{target}; out-of-scope until the owning issue is selected"
|
|
||||||
)
|
|
||||||
blocker_kind = BLOCKER_OUT_OF_SCOPE_ISSUE
|
|
||||||
|
|
||||||
if locked is not None and branch_issue is not None and locked != branch_issue:
|
|
||||||
reasons.append(
|
|
||||||
f"session is locked to issue #{locked} but workspace branch is for "
|
|
||||||
f"issue #{branch_issue}; bind the matching issue-backed worktree"
|
|
||||||
)
|
|
||||||
blocker_kind = BLOCKER_OUT_OF_SCOPE_ISSUE
|
|
||||||
|
|
||||||
if reasons:
|
|
||||||
kind = blocker_kind or BLOCKER_MISSING_ISSUE_SCOPE
|
|
||||||
return {
|
|
||||||
"proven": False,
|
|
||||||
"block": True,
|
|
||||||
"blocker_kind": kind,
|
|
||||||
"exact_next_action": _NEXT_ACTIONS[kind],
|
|
||||||
"reasons": reasons,
|
|
||||||
"locked_issue_number": locked,
|
|
||||||
"target_issue_number": target,
|
|
||||||
"branch_issue_number": branch_issue,
|
|
||||||
}
|
|
||||||
return _scope_ok(locked, target, branch_issue)
|
|
||||||
|
|
||||||
|
|
||||||
def assess_root_source_mutation(
|
|
||||||
*,
|
|
||||||
workspace_path: str,
|
|
||||||
canonical_repo_root: str,
|
|
||||||
porcelain_status: str,
|
|
||||||
current_branch: str | None = None,
|
|
||||||
locked_issue_number: int | None = None,
|
|
||||||
role_kind: str | None = None,
|
|
||||||
) -> dict[str, Any]:
|
|
||||||
"""Fail closed for diagnostic/source edits on the control/root checkout.
|
|
||||||
|
|
||||||
Allowed only when the active workspace is under ``branches/``. Dirty
|
|
||||||
tracked source/test files on the control checkout always block, including
|
|
||||||
temporary/diagnostic/test-only intent.
|
|
||||||
"""
|
|
||||||
role = (role_kind or "").strip().lower()
|
|
||||||
if role == "reconciler":
|
|
||||||
return {
|
|
||||||
"proven": True,
|
|
||||||
"block": False,
|
|
||||||
"blocker_kind": None,
|
|
||||||
"exact_next_action": "proceed",
|
|
||||||
"reasons": [],
|
|
||||||
"dirty_source_files": [],
|
|
||||||
}
|
|
||||||
|
|
||||||
root = os.path.realpath(canonical_repo_root or "")
|
|
||||||
workspace = os.path.realpath(workspace_path or root or ".")
|
|
||||||
under_branches = author_mutation_worktree.is_path_under_branches(workspace, root)
|
|
||||||
dirty_src = dirty_source_files(porcelain_status)
|
|
||||||
reasons: list[str] = []
|
|
||||||
blocker_kind: str | None = None
|
|
||||||
|
|
||||||
if not under_branches and workspace == root and dirty_src:
|
|
||||||
# Root workspace with source dirtiness is unattributed root WIP.
|
|
||||||
# (Clean-root author binding is enforced by branches-only #274.)
|
|
||||||
reasons.append(
|
|
||||||
"control/root checkout has tracked source or test edits "
|
|
||||||
f"(dirty files: {', '.join(dirty_src)}); diagnostic or temporary "
|
|
||||||
"edits on the root checkout are forbidden"
|
|
||||||
)
|
|
||||||
blocker_kind = BLOCKER_ROOT_DIAGNOSTIC_EDIT
|
|
||||||
|
|
||||||
if (
|
|
||||||
not under_branches
|
|
||||||
and workspace == root
|
|
||||||
and not dirty_src
|
|
||||||
and role == "author"
|
|
||||||
):
|
|
||||||
# Explicit missing-worktree signal for force-on author entrypoints.
|
|
||||||
reasons.append(
|
|
||||||
"author source/test mutation from the stable control checkout is "
|
|
||||||
"forbidden; bind an issue-backed worktree under branches/ first"
|
|
||||||
)
|
|
||||||
blocker_kind = BLOCKER_MISSING_WORKTREE
|
|
||||||
|
|
||||||
if reasons:
|
|
||||||
kind = blocker_kind or BLOCKER_ROOT_DIAGNOSTIC_EDIT
|
|
||||||
return {
|
|
||||||
"proven": False,
|
|
||||||
"block": True,
|
|
||||||
"blocker_kind": kind,
|
|
||||||
"exact_next_action": _NEXT_ACTIONS[kind],
|
|
||||||
"reasons": reasons,
|
|
||||||
"dirty_source_files": dirty_src,
|
|
||||||
"workspace_path": workspace,
|
|
||||||
"canonical_repo_root": root,
|
|
||||||
"under_branches": under_branches,
|
|
||||||
"locked_issue_number": locked_issue_number,
|
|
||||||
}
|
|
||||||
return {
|
|
||||||
"proven": True,
|
|
||||||
"block": False,
|
|
||||||
"blocker_kind": None,
|
|
||||||
"exact_next_action": "proceed",
|
|
||||||
"reasons": [],
|
|
||||||
"dirty_source_files": dirty_src,
|
|
||||||
"workspace_path": workspace,
|
|
||||||
"canonical_repo_root": root,
|
|
||||||
"under_branches": under_branches,
|
|
||||||
"locked_issue_number": locked_issue_number,
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
def assess_production_mutation_guards(
|
|
||||||
*,
|
|
||||||
workspace_path: str,
|
|
||||||
canonical_repo_root: str,
|
|
||||||
porcelain_status: str,
|
|
||||||
current_branch: str | None = None,
|
|
||||||
locked_issue_number: int | None = None,
|
|
||||||
target_issue_number: int | None = None,
|
|
||||||
role_kind: str | None = None,
|
|
||||||
require_author_lock: bool = False,
|
|
||||||
in_test_mode: bool = False,
|
|
||||||
) -> dict[str, Any]:
|
|
||||||
"""Compose root + scope production guards when they must be active (#683)."""
|
|
||||||
if not production_guards_active(in_test_mode=in_test_mode):
|
|
||||||
return {
|
|
||||||
"proven": True,
|
|
||||||
"block": False,
|
|
||||||
"blocker_kind": None,
|
|
||||||
"exact_next_action": "proceed",
|
|
||||||
"reasons": [],
|
|
||||||
"skipped": True,
|
|
||||||
"skip_reason": "production guards not active (test isolation without force-on)",
|
|
||||||
}
|
|
||||||
|
|
||||||
root_assess = assess_root_source_mutation(
|
|
||||||
workspace_path=workspace_path,
|
|
||||||
canonical_repo_root=canonical_repo_root,
|
|
||||||
porcelain_status=porcelain_status,
|
|
||||||
current_branch=current_branch,
|
|
||||||
locked_issue_number=locked_issue_number,
|
|
||||||
role_kind=role_kind,
|
|
||||||
)
|
|
||||||
if root_assess["block"]:
|
|
||||||
return {**root_assess, "skipped": False}
|
|
||||||
|
|
||||||
scope_assess = assess_issue_scope_ownership(
|
|
||||||
locked_issue_number=locked_issue_number,
|
|
||||||
target_issue_number=target_issue_number,
|
|
||||||
branch_name=current_branch,
|
|
||||||
role_kind=role_kind,
|
|
||||||
require_lock_for_author=require_author_lock,
|
|
||||||
)
|
|
||||||
if scope_assess["block"]:
|
|
||||||
return {**scope_assess, "skipped": False}
|
|
||||||
|
|
||||||
return {
|
|
||||||
"proven": True,
|
|
||||||
"block": False,
|
|
||||||
"blocker_kind": None,
|
|
||||||
"exact_next_action": "proceed",
|
|
||||||
"reasons": [],
|
|
||||||
"skipped": False,
|
|
||||||
"root": root_assess,
|
|
||||||
"scope": scope_assess,
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
def raise_if_blocked(assessment: dict[str, Any]) -> None:
|
|
||||||
"""Raise :class:`ProductionGuardError` when *assessment* blocks."""
|
|
||||||
if not assessment or not assessment.get("block"):
|
|
||||||
return
|
|
||||||
kind = assessment.get("blocker_kind") or BLOCKER_PRODUCTION_GUARD
|
|
||||||
reasons = list(assessment.get("reasons") or ["production guard violation"])
|
|
||||||
message = (
|
|
||||||
f"Workflow scope guard (#683) [{kind}]: {'; '.join(reasons)}. "
|
|
||||||
f"exact_next_action: {assessment.get('exact_next_action') or _NEXT_ACTIONS.get(kind, '')}"
|
|
||||||
)
|
|
||||||
raise ProductionGuardError(
|
|
||||||
message,
|
|
||||||
blocker_kind=kind,
|
|
||||||
exact_next_action=assessment.get("exact_next_action"),
|
|
||||||
reasons=reasons,
|
|
||||||
details={
|
|
||||||
k: v
|
|
||||||
for k, v in assessment.items()
|
|
||||||
if k
|
|
||||||
not in {
|
|
||||||
"proven",
|
|
||||||
"block",
|
|
||||||
"blocker_kind",
|
|
||||||
"exact_next_action",
|
|
||||||
"reasons",
|
|
||||||
}
|
|
||||||
},
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def block_response(
|
|
||||||
assessment: dict[str, Any] | ProductionGuardError | None = None,
|
|
||||||
*,
|
|
||||||
blocker_kind: str | None = None,
|
|
||||||
reasons: list[str] | None = None,
|
|
||||||
exact_next_action: str | None = None,
|
|
||||||
**extra: Any,
|
|
||||||
) -> dict[str, Any]:
|
|
||||||
"""Structured fail-closed tool response with typed blocker fields."""
|
|
||||||
if isinstance(assessment, ProductionGuardError):
|
|
||||||
kind = assessment.blocker_kind
|
|
||||||
reason_list = list(assessment.reasons)
|
|
||||||
next_action = assessment.exact_next_action
|
|
||||||
extra = {**assessment.details, **extra}
|
|
||||||
elif isinstance(assessment, dict) and assessment.get("block"):
|
|
||||||
kind = assessment.get("blocker_kind") or BLOCKER_PRODUCTION_GUARD
|
|
||||||
reason_list = list(assessment.get("reasons") or [])
|
|
||||||
next_action = assessment.get("exact_next_action") or _NEXT_ACTIONS.get(
|
|
||||||
kind, _NEXT_ACTIONS[BLOCKER_PRODUCTION_GUARD]
|
|
||||||
)
|
|
||||||
else:
|
|
||||||
kind = (blocker_kind or BLOCKER_PRODUCTION_GUARD).strip()
|
|
||||||
if kind not in BLOCKER_KINDS:
|
|
||||||
kind = BLOCKER_PRODUCTION_GUARD
|
|
||||||
reason_list = list(reasons or ["production guard violation"])
|
|
||||||
next_action = exact_next_action or _NEXT_ACTIONS[kind]
|
|
||||||
|
|
||||||
if kind not in BLOCKER_KINDS:
|
|
||||||
kind = BLOCKER_PRODUCTION_GUARD
|
|
||||||
if not reason_list:
|
|
||||||
reason_list = ["production guard violation"]
|
|
||||||
next_action = (next_action or "").strip() or _NEXT_ACTIONS[kind]
|
|
||||||
|
|
||||||
out: dict[str, Any] = {
|
|
||||||
"success": False,
|
|
||||||
"performed": False,
|
|
||||||
"blocker_kind": kind,
|
|
||||||
"exact_next_action": next_action,
|
|
||||||
"reasons": reason_list,
|
|
||||||
}
|
|
||||||
for key, value in extra.items():
|
|
||||||
if key not in out and value is not None:
|
|
||||||
out[key] = value
|
|
||||||
return out
|
|
||||||
|
|
||||||
|
|
||||||
def format_production_guard_error(assessment: dict[str, Any]) -> str:
|
|
||||||
"""Single RuntimeError string carrying kind + exact next action."""
|
|
||||||
kind = assessment.get("blocker_kind") or BLOCKER_PRODUCTION_GUARD
|
|
||||||
reasons = "; ".join(assessment.get("reasons") or ["production guard violation"])
|
|
||||||
next_action = assessment.get("exact_next_action") or _NEXT_ACTIONS.get(
|
|
||||||
kind, _NEXT_ACTIONS[BLOCKER_PRODUCTION_GUARD]
|
|
||||||
)
|
|
||||||
return (
|
|
||||||
f"Workflow scope guard (#683) [{kind}]: {reasons}. "
|
|
||||||
f"exact_next_action: {next_action}"
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
# ── durable failure recording ────────────────────────────────────────────────
|
|
||||||
|
|
||||||
|
|
||||||
def record_workflow_failure(
|
|
||||||
*,
|
|
||||||
kind: str,
|
|
||||||
detail: str,
|
|
||||||
issue_number: int | None = None,
|
|
||||||
task: str | None = None,
|
|
||||||
sink: Any | None = None,
|
|
||||||
) -> dict[str, Any]:
|
|
||||||
"""Record a workflow/tool failure before source edits continue (#683 AC8).
|
|
||||||
|
|
||||||
*sink* may be a callable ``sink(record)`` (e.g. tests) or omitted for the
|
|
||||||
in-process ledger only. Returns the durable record.
|
|
||||||
"""
|
|
||||||
record = {
|
|
||||||
"kind": (kind or "workflow_failure").strip() or "workflow_failure",
|
|
||||||
"detail": (detail or "").strip(),
|
|
||||||
"issue_number": issue_number,
|
|
||||||
"task": task,
|
|
||||||
"pid": os.getpid(),
|
|
||||||
}
|
|
||||||
with _ledger_lock:
|
|
||||||
_failure_ledger.append(dict(record))
|
|
||||||
if callable(sink):
|
|
||||||
sink(record)
|
|
||||||
return record
|
|
||||||
|
|
||||||
|
|
||||||
def clear_workflow_failure_ledger() -> None:
|
|
||||||
"""Test helper: reset the in-process failure ledger."""
|
|
||||||
with _ledger_lock:
|
|
||||||
_failure_ledger.clear()
|
|
||||||
|
|
||||||
|
|
||||||
def workflow_failure_ledger() -> list[dict[str, Any]]:
|
|
||||||
"""Copy of durable in-process failure records."""
|
|
||||||
with _ledger_lock:
|
|
||||||
return [dict(r) for r in _failure_ledger]
|
|
||||||
|
|
||||||
|
|
||||||
def assess_durable_failure_recorded(
|
|
||||||
*,
|
|
||||||
require_record: bool,
|
|
||||||
pending_source_mutation: bool,
|
|
||||||
) -> dict[str, Any]:
|
|
||||||
"""Block source mutation when a workflow failure was not recorded first."""
|
|
||||||
if not require_record or not pending_source_mutation:
|
|
||||||
return {
|
|
||||||
"proven": True,
|
|
||||||
"block": False,
|
|
||||||
"blocker_kind": None,
|
|
||||||
"exact_next_action": "proceed",
|
|
||||||
"reasons": [],
|
|
||||||
}
|
|
||||||
with _ledger_lock:
|
|
||||||
has_record = bool(_failure_ledger)
|
|
||||||
if has_record:
|
|
||||||
return {
|
|
||||||
"proven": True,
|
|
||||||
"block": False,
|
|
||||||
"blocker_kind": None,
|
|
||||||
"exact_next_action": "proceed",
|
|
||||||
"reasons": [],
|
|
||||||
}
|
|
||||||
return {
|
|
||||||
"proven": False,
|
|
||||||
"block": True,
|
|
||||||
"blocker_kind": BLOCKER_UNRECORDED_FAILURE,
|
|
||||||
"exact_next_action": _NEXT_ACTIONS[BLOCKER_UNRECORDED_FAILURE],
|
|
||||||
"reasons": [
|
|
||||||
"workflow/tool failure triggered a need for source changes but no "
|
|
||||||
"durable failure record exists yet"
|
|
||||||
],
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
def porcelain_preserves_python_paths(porcelain_status: str) -> bool:
|
|
||||||
"""Regression helper: dirty ``*.py`` lines must remain visible (#683)."""
|
|
||||||
text = porcelain_status or ""
|
|
||||||
for line in text.splitlines():
|
|
||||||
stripped = line.strip()
|
|
||||||
if stripped.endswith(".py") or ".py " in stripped or stripped.endswith(".py"):
|
|
||||||
# Any py path present proves no silent strip of all *.py lines.
|
|
||||||
if " M " in f" {stripped}" or stripped[:1] in "MADRCTU" or len(line) >= 4:
|
|
||||||
return True
|
|
||||||
# Empty porcelain is fine; integrity means we did not strip when present.
|
|
||||||
return ".py" not in text
|
|
||||||
|
|
||||||
|
|
||||||
def assert_no_pytest_porcelain_filter(source_text: str) -> list[str]:
|
|
||||||
"""Static check: production reader must not strip ``*.py`` under pytest."""
|
|
||||||
findings: list[str] = []
|
|
||||||
lowered = source_text or ""
|
|
||||||
if "endswith(\".py\")" in lowered or "endswith('.py')" in lowered:
|
|
||||||
if "pytest" in lowered and "porcelain" in lowered.lower():
|
|
||||||
findings.append(
|
|
||||||
"production porcelain reader must not filter *.py under pytest "
|
|
||||||
"(rejected 300a4ca pattern)"
|
|
||||||
)
|
|
||||||
if "if \"pytest\" in sys.modules" in lowered and "porcelain" in lowered.lower():
|
|
||||||
if ".py" in lowered and ("join" in lowered or "endswith" in lowered):
|
|
||||||
findings.append(
|
|
||||||
"test-mode porcelain filtering of source files is forbidden (#683)"
|
|
||||||
)
|
|
||||||
return findings
|
|
||||||
|
|
||||||
|
|
||||||
def _scope_ok(
|
|
||||||
locked: int | None,
|
|
||||||
target: int | None,
|
|
||||||
branch_issue: int | None,
|
|
||||||
) -> dict[str, Any]:
|
|
||||||
return {
|
|
||||||
"proven": True,
|
|
||||||
"block": False,
|
|
||||||
"blocker_kind": None,
|
|
||||||
"exact_next_action": "proceed",
|
|
||||||
"reasons": [],
|
|
||||||
"locked_issue_number": locked,
|
|
||||||
"target_issue_number": target,
|
|
||||||
"branch_issue_number": branch_issue,
|
|
||||||
}
|
|
||||||
Reference in New Issue
Block a user