Provision MDCPS Gitea reviewer identity and enable MDCPS review/merge workflow #107

Open
opened 2026-07-02 17:38:00 -05:00 by sysadmin · 0 comments
Owner

Summary

Provision or identify a second MDCPS Gitea account for reviewer/merge workflows.

Source discussion

Refs #100

Problem

MDCPS currently has only one configured Gitea user. Safe review/merge workflows require a second distinct identity so LLMs cannot self-review or self-merge.

Current known MDCPS profile:

mdcps / username 913443

A second reviewer/merge identity is needed.

Owner decision required

Choose the MDCPS reviewer account name.

Candidate styles discussed:

  • svc-gitea-review
  • mdcps-reviewer
  • a sysadmin-style account
  • another approved MDCPS Gitea account

Scope

Once the reviewer account exists:

  • create/add keychain reference for reviewer token
  • configure mdcps.gitea.reviewer
  • ensure reviewer identity can review/approve/merge
  • ensure reviewer identity cannot create PRs or push branches
  • ensure mdcps alias maps to mdcps.gitea.author
  • validate self-review prevention

Blockers

  • owner must provide or provision second MDCPS Gitea account
  • owner must provide token out-of-band into keychain
  • no token or secret should be committed

Security requirements

  • reviewer identity must be distinct from author identity
  • runtime whoami must verify the actual user
  • config-declared username/role must not be trusted as proof
  • no secrets in JSON
  • no production token values in logs

Non-goals

  • Do not implement v2 parser unless prerequisite issues are done.
  • Do not store tokens in repo.
  • Do not touch release/tag state.

Acceptance criteria

  • MDCPS reviewer account is identified.
  • token is stored in keychain only.
  • JSON contains only keychain auth reference.
  • mdcps.gitea.author cannot review/approve/merge.
  • mdcps.gitea.reviewer cannot create PRs or push branches.
  • review/merge eligibility check passes only for a non-author reviewer.
  • self-review/self-merge remains blocked.
## Summary Provision or identify a second MDCPS Gitea account for reviewer/merge workflows. ## Source discussion Refs #100 ## Problem MDCPS currently has only one configured Gitea user. Safe review/merge workflows require a second distinct identity so LLMs cannot self-review or self-merge. Current known MDCPS profile: ```text mdcps / username 913443 ``` A second reviewer/merge identity is needed. ## Owner decision required Choose the MDCPS reviewer account name. Candidate styles discussed: * `svc-gitea-review` * `mdcps-reviewer` * a sysadmin-style account * another approved MDCPS Gitea account ## Scope Once the reviewer account exists: * create/add keychain reference for reviewer token * configure `mdcps.gitea.reviewer` * ensure reviewer identity can review/approve/merge * ensure reviewer identity cannot create PRs or push branches * ensure `mdcps` alias maps to `mdcps.gitea.author` * validate self-review prevention ## Blockers * owner must provide or provision second MDCPS Gitea account * owner must provide token out-of-band into keychain * no token or secret should be committed ## Security requirements * reviewer identity must be distinct from author identity * runtime `whoami` must verify the actual user * config-declared username/role must not be trusted as proof * no secrets in JSON * no production token values in logs ## Non-goals * Do not implement v2 parser unless prerequisite issues are done. * Do not store tokens in repo. * Do not touch release/tag state. ## Acceptance criteria * MDCPS reviewer account is identified. * token is stored in keychain only. * JSON contains only keychain auth reference. * `mdcps.gitea.author` cannot review/approve/merge. * `mdcps.gitea.reviewer` cannot create PRs or push branches. * review/merge eligibility check passes only for a non-author reviewer. * self-review/self-merge remains blocked.
sysadmin added the securitygiteaworkflow labels 2026-07-02 17:38:32 -05:00
Sign in to join this conversation.