feat: profiles.json v2 contexts shape with enabled enforcement and LLM-safe output (#120) #121

Merged
sysadmin merged 1 commits from feat/issue-120-profiles-v2-contexts into master 2026-07-03 01:36:22 -05:00
Owner

Implements #120.

What

MCP support for the canonical profiles.json version 2 contexts shape (contexts / profiles / projects / rules), kept side-by-side with the existing v2 environments shape (#103) and v1.

Enabled enforcement (fail closed, no fallback)

  • Boolean enabled required on every context, profile, service, and project.
  • Disabled profiles (or profiles in disabled contexts) route through the existing unavailable mechanism: reported in audits, refused at selection with a clear reason.
  • resolve_service(config, context, service) and project_for_path(config, path) fail closed on unknown/disabled entries.
  • get_auth_header now propagates ConfigError when GITEA_MCP_CONFIG is set — no more silent degradation to Basic auth (one legacy test updated to the new contract).

LLM-safe output

  • gitea_whoami / gitea_get_profile no longer expose endpoint URLs or token source names; auth reported as status only.
  • New gitea_audit_config MCP tool: enabled/disabled report + safe summaries (MDCPS GlitchTip: enabled, read-only, authenticated / PRGS Jenkins: disabled) — never URLs, keychain ids, or token values.
  • Admin/debug opt-in: GITEA_MCP_REVEAL_ENDPOINTS=1 env or python3 gitea_config.py audit --reveal-endpoints locally; token values never printed on any path.

Compatibility

  • v1 configs and v2 environments-shape configs unchanged (full suite green).
  • Contexts-shape author verbs (branch, commit, push, open_pr) added to the minimal op map; reviewer-identity deadlock rule enforced unchanged.
  • Synthetic gitea-mcp.v2-contexts.example.json shipped and validated in tests; .gitignore still blocks real gitea-mcp*.json configs.

Tests

425 passed (31 new in tests/test_config_v2_contexts.py, 7 new/updated in tests/test_mcp_server.py): v1 compatibility, active-profile resolution via GITEA_MCP_PROFILE, disabled profile/context/service/project refusal, project-to-context mapping, keychain-only references, no-silent-fallback, endpoint/keychain redaction with admin opt-in, secret-free audit output.

Verified against the live machine config: prgs-author resolves with normalized ops; audit output leak-free; MDCPS GlitchTip temporary endpoint (git.dadeschools.net) carried with a description marking it for replacement.

🤖 Generated with Claude Code

Implements #120. ## What MCP support for the canonical `profiles.json` version 2 **contexts shape** (`contexts` / `profiles` / `projects` / `rules`), kept side-by-side with the existing v2 environments shape (#103) and v1. ### Enabled enforcement (fail closed, no fallback) - Boolean `enabled` required on every context, profile, service, and project. - Disabled profiles (or profiles in disabled contexts) route through the existing `unavailable` mechanism: reported in audits, refused at selection with a clear reason. - `resolve_service(config, context, service)` and `project_for_path(config, path)` fail closed on unknown/disabled entries. - `get_auth_header` now propagates `ConfigError` when `GITEA_MCP_CONFIG` is set — no more silent degradation to Basic auth (one legacy test updated to the new contract). ### LLM-safe output - `gitea_whoami` / `gitea_get_profile` no longer expose endpoint URLs or token source names; auth reported as status only. - New `gitea_audit_config` MCP tool: enabled/disabled report + safe summaries (`MDCPS GlitchTip: enabled, read-only, authenticated` / `PRGS Jenkins: disabled`) — never URLs, keychain ids, or token values. - Admin/debug opt-in: `GITEA_MCP_REVEAL_ENDPOINTS=1` env or `python3 gitea_config.py audit --reveal-endpoints` locally; token values never printed on any path. ### Compatibility - v1 configs and v2 environments-shape configs unchanged (full suite green). - Contexts-shape author verbs (`branch`, `commit`, `push`, `open_pr`) added to the minimal op map; reviewer-identity deadlock rule enforced unchanged. - Synthetic `gitea-mcp.v2-contexts.example.json` shipped and validated in tests; `.gitignore` still blocks real `gitea-mcp*.json` configs. ## Tests 425 passed (31 new in `tests/test_config_v2_contexts.py`, 7 new/updated in `tests/test_mcp_server.py`): v1 compatibility, active-profile resolution via `GITEA_MCP_PROFILE`, disabled profile/context/service/project refusal, project-to-context mapping, keychain-only references, no-silent-fallback, endpoint/keychain redaction with admin opt-in, secret-free audit output. Verified against the live machine config: `prgs-author` resolves with normalized ops; audit output leak-free; MDCPS GlitchTip temporary endpoint (`git.dadeschools.net`) carried with a `description` marking it for replacement. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
jcwalker3 added 1 commit 2026-07-03 01:20:07 -05:00
Support the canonical contexts-shape version 2 config (contexts / profiles /
projects / rules) alongside the existing environments shape and v1:

- Require a boolean 'enabled' on every context, profile, service, and
  project. Disabled entries are surfaced in audits but fail closed at
  selection/resolution — never a silent fallback to another profile,
  service, or credential source.
- Resolve the active identity from GITEA_MCP_PROFILE via the existing
  select_profile path; profile base_url falls back to the context's enabled
  gitea block.
- Add resolve_service() and project_for_path() for context service and
  project-to-context resolution (internal use; fail closed on disabled).
- get_auth_header now propagates ConfigError when GITEA_MCP_CONFIG is set
  instead of silently degrading to Basic auth.
- Hide endpoint URLs and keychain ids from normal LLM-facing output:
  gitea_whoami / gitea_get_profile report logical names and auth status
  only; new gitea_audit_config tool reports enabled/disabled state and safe
  one-line service summaries. The GITEA_MCP_REVEAL_ENDPOINTS opt-in (and
  'python3 gitea_config.py audit --reveal-endpoints' locally) restores
  endpoints and auth source names for admin diagnostics; token values are
  never printed on any path.
- Ship gitea-mcp.v2-contexts.example.json (synthetic values) and validate
  it in tests.

Implements #120

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
sysadmin approved these changes 2026-07-03 01:35:18 -05:00
sysadmin left a comment
Owner

All v2 contexts shape config, enabled/disabled enforcement, and LLM-safe audits are fully implemented, verified, and well-tested.

All v2 contexts shape config, enabled/disabled enforcement, and LLM-safe audits are fully implemented, verified, and well-tested.
sysadmin merged commit 205f089c44 into master 2026-07-03 01:36:22 -05:00
Sign in to join this conversation.