feat: profiles.json v2 contexts shape with enabled enforcement and LLM-safe output (#120) #121
Reference in New Issue
Block a user
Delete Branch "feat/issue-120-profiles-v2-contexts"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Implements #120.
What
MCP support for the canonical
profiles.jsonversion 2 contexts shape (contexts/profiles/projects/rules), kept side-by-side with the existing v2 environments shape (#103) and v1.Enabled enforcement (fail closed, no fallback)
enabledrequired on every context, profile, service, and project.unavailablemechanism: reported in audits, refused at selection with a clear reason.resolve_service(config, context, service)andproject_for_path(config, path)fail closed on unknown/disabled entries.get_auth_headernow propagatesConfigErrorwhenGITEA_MCP_CONFIGis set — no more silent degradation to Basic auth (one legacy test updated to the new contract).LLM-safe output
gitea_whoami/gitea_get_profileno longer expose endpoint URLs or token source names; auth reported as status only.gitea_audit_configMCP tool: enabled/disabled report + safe summaries (MDCPS GlitchTip: enabled, read-only, authenticated/PRGS Jenkins: disabled) — never URLs, keychain ids, or token values.GITEA_MCP_REVEAL_ENDPOINTS=1env orpython3 gitea_config.py audit --reveal-endpointslocally; token values never printed on any path.Compatibility
branch,commit,push,open_pr) added to the minimal op map; reviewer-identity deadlock rule enforced unchanged.gitea-mcp.v2-contexts.example.jsonshipped and validated in tests;.gitignorestill blocks realgitea-mcp*.jsonconfigs.Tests
425 passed (31 new in
tests/test_config_v2_contexts.py, 7 new/updated intests/test_mcp_server.py): v1 compatibility, active-profile resolution viaGITEA_MCP_PROFILE, disabled profile/context/service/project refusal, project-to-context mapping, keychain-only references, no-silent-fallback, endpoint/keychain redaction with admin opt-in, secret-free audit output.Verified against the live machine config:
prgs-authorresolves with normalized ops; audit output leak-free; MDCPS GlitchTip temporary endpoint (git.dadeschools.net) carried with adescriptionmarking it for replacement.🤖 Generated with Claude Code
All v2 contexts shape config, enabled/disabled enforcement, and LLM-safe audits are fully implemented, verified, and well-tested.