Add Gitea issue comment list/create MCP tools #126

Closed
opened 2026-07-03 17:58:58 -05:00 by jcwalker3 · 0 comments
Owner

Summary

Add first-class Gitea MCP tools for listing and creating issue discussion comments.

Current workflows can read Gitea issues and submit PR reviews, but discussion/design workflows need to post normal issue comments. Operators are currently forced to use direct API scripts as a workaround.

Problem

For mcp-control-plane issue #24, external LLM design-review comments needed to be posted to the issue discussion thread.

The active Gitea MCP profiles exposed issue read tools and PR review tools, but not issue-comment tools.

This caused LLMs to correctly block with:

BLOCKED: Gitea issue-comment tool unavailable in the active MCP profile.

One comment was eventually posted through a local scratch script and direct Gitea API/auth helper, proving Gitea supports the action but the MCP server does not expose it as a controlled tool.

Required Tools

Add tools equivalent to:

gitea_list_issue_comments
gitea_create_issue_comment

Names may follow the existing project naming convention.

Required Behavior

gitea_list_issue_comments

Inputs:

  • remote
  • owner
  • repo
  • issue_number

Behavior:

  • Lists comments on a Gitea issue.
  • Returns comment ID, author, created timestamp, updated timestamp, body snippet/body, and URL if available.
  • Does not expose tokens or credentials.
  • Requires explicit remote/org/repo/issue target.

gitea_create_issue_comment

Inputs:

  • remote
  • owner
  • repo
  • issue_number
  • body

Behavior:

  • Posts a markdown comment to the specified Gitea issue.
  • Returns comment ID and URL.
  • Does not confuse issue comments with PR reviews.
  • Does not support implicit repo/issue inference unless already supported safely elsewhere.
  • Uses configured profile permissions.
  • Redacts sensitive values in errors.

Permissions

The tools should be permission-gated separately from PR review/merge permissions.

Suggested permissions:

issue.comment.read
issue.comment.write

or equivalent names consistent with the existing profile permission model.

Safety Requirements

  • Do not print tokens, Keychain IDs, passwords, service URLs, or credential values.
  • Do not read or expose secret files.
  • Redact sensitive values in errors.
  • Require explicit target repo and issue number.
  • Ensure PR review submission remains separate from issue discussion comments.
  • Add audit logging for create-comment operations if audit logging is available.

Acceptance Criteria

  • gitea_list_issue_comments can list comments for a Gitea issue.
  • gitea_create_issue_comment can post a markdown comment to a Gitea issue.
  • Tool returns comment ID and URL or equivalent location.
  • Tests cover successful list/create.
  • Tests cover missing issue.
  • Tests cover missing permission.
  • Tests cover invalid repo/owner/issue inputs.
  • Tests confirm PR review tools are not used for issue comments.
  • Tests confirm sensitive data is redacted from errors.
  • Documentation explains issue comments versus PR reviews.

Non-Goals

  • Do not add GitHub issue comment tools.
  • Do not add broad shell/API execution.
  • Do not add PR review behavior.
  • Do not implement discussion synthesis in this issue.
## Summary Add first-class Gitea MCP tools for listing and creating issue discussion comments. Current workflows can read Gitea issues and submit PR reviews, but discussion/design workflows need to post normal issue comments. Operators are currently forced to use direct API scripts as a workaround. ## Problem For mcp-control-plane issue #24, external LLM design-review comments needed to be posted to the issue discussion thread. The active Gitea MCP profiles exposed issue read tools and PR review tools, but not issue-comment tools. This caused LLMs to correctly block with: `BLOCKED: Gitea issue-comment tool unavailable in the active MCP profile.` One comment was eventually posted through a local scratch script and direct Gitea API/auth helper, proving Gitea supports the action but the MCP server does not expose it as a controlled tool. ## Required Tools Add tools equivalent to: ```text gitea_list_issue_comments gitea_create_issue_comment ``` Names may follow the existing project naming convention. ## Required Behavior ### `gitea_list_issue_comments` Inputs: * `remote` * `owner` * `repo` * `issue_number` Behavior: * Lists comments on a Gitea issue. * Returns comment ID, author, created timestamp, updated timestamp, body snippet/body, and URL if available. * Does not expose tokens or credentials. * Requires explicit remote/org/repo/issue target. ### `gitea_create_issue_comment` Inputs: * `remote` * `owner` * `repo` * `issue_number` * `body` Behavior: * Posts a markdown comment to the specified Gitea issue. * Returns comment ID and URL. * Does not confuse issue comments with PR reviews. * Does not support implicit repo/issue inference unless already supported safely elsewhere. * Uses configured profile permissions. * Redacts sensitive values in errors. ## Permissions The tools should be permission-gated separately from PR review/merge permissions. Suggested permissions: ```text issue.comment.read issue.comment.write ``` or equivalent names consistent with the existing profile permission model. ## Safety Requirements * Do not print tokens, Keychain IDs, passwords, service URLs, or credential values. * Do not read or expose secret files. * Redact sensitive values in errors. * Require explicit target repo and issue number. * Ensure PR review submission remains separate from issue discussion comments. * Add audit logging for create-comment operations if audit logging is available. ## Acceptance Criteria * `gitea_list_issue_comments` can list comments for a Gitea issue. * `gitea_create_issue_comment` can post a markdown comment to a Gitea issue. * Tool returns comment ID and URL or equivalent location. * Tests cover successful list/create. * Tests cover missing issue. * Tests cover missing permission. * Tests cover invalid repo/owner/issue inputs. * Tests confirm PR review tools are not used for issue comments. * Tests confirm sensitive data is redacted from errors. * Documentation explains issue comments versus PR reviews. ## Non-Goals * Do not add GitHub issue comment tools. * Do not add broad shell/API execution. * Do not add PR review behavior. * Do not implement discussion synthesis in this issue.
jcwalker3 added the status:in-progress label 2026-07-03 18:00:44 -05:00
sysadmin removed the status:in-progress label 2026-07-03 18:40:41 -05:00
Sign in to join this conversation.