Define task-scoped Gitea MCP execution profile model #12

Closed
opened 2026-07-01 11:15:51 -05:00 by jcwalker3 · 0 comments
Owner

Parent

Roadmap #10 — Task-scoped MCP execution profiles for LLM-operated Gitea workflows

Problem

We want roles to be fluid across LLM sessions. A specific LLM should not permanently be “the reviewer” or “the merger.”

Instead, each task should select an appropriate MCP execution profile.

Scope

Design and document a Gitea MCP execution profile model.

Example profiles:

gitea-issue-manager
gitea-author
gitea-reviewer
gitea-merger
gitea-owner

Each profile should define:

  • profile name
  • authenticated username
  • allowed operations
  • forbidden operations
  • token source name
  • audit label
  • whether the profile can approve
  • whether the profile can merge
  • whether the profile can push branches
  • whether the profile can mutate issues

Acceptance criteria

  • Execution profile concept is documented.
  • Profile metadata shape is defined.
  • Allowed/forbidden operation model is defined.
  • The docs explain that LLMs are not roles; profiles are roles.
  • The docs explain that a task may use any eligible profile.
  • The docs require fail-closed behavior if profile identity is unknown.
  • No tokens or secrets are exposed.

Non-goals

  • Do not implement profile switching yet.
  • Do not implement approval or merge workflows yet.
  • Do not add Jenkins/Ops/deploy behavior.

Proposed labels

mcp · gitea · profiles · security · design

## Parent Roadmap #10 — Task-scoped MCP execution profiles for LLM-operated Gitea workflows ## Problem We want roles to be fluid across LLM sessions. A specific LLM should not permanently be “the reviewer” or “the merger.” Instead, each task should select an appropriate MCP execution profile. ## Scope Design and document a Gitea MCP execution profile model. Example profiles: ```text gitea-issue-manager gitea-author gitea-reviewer gitea-merger gitea-owner ``` Each profile should define: * profile name * authenticated username * allowed operations * forbidden operations * token source name * audit label * whether the profile can approve * whether the profile can merge * whether the profile can push branches * whether the profile can mutate issues ## Acceptance criteria * Execution profile concept is documented. * Profile metadata shape is defined. * Allowed/forbidden operation model is defined. * The docs explain that LLMs are not roles; profiles are roles. * The docs explain that a task may use any eligible profile. * The docs require fail-closed behavior if profile identity is unknown. * No tokens or secrets are exposed. ## Non-goals * Do not implement profile switching yet. * Do not implement approval or merge workflows yet. * Do not add Jenkins/Ops/deploy behavior. ## Proposed labels `mcp` · `gitea` · `profiles` · `security` · `design`
jcwalker3 added the mcpsecuritygiteadocumentation labels 2026-07-01 11:28:16 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#12