Add read-only Gitea MCP profile discovery #13

Closed
opened 2026-07-01 11:15:54 -05:00 by jcwalker3 · 0 comments
Owner

Parent

Roadmap #10 — Task-scoped MCP execution profiles for LLM-operated Gitea workflows

Scope

Add read-only profile discovery so an LLM can see which Gitea MCP execution profile is active and what operations it is allowed to perform.

The tool should expose safe metadata only:

  • active profile name
  • authenticated username
  • allowed operation categories
  • forbidden operation categories
  • server/base URL
  • audit label

It must not expose:

  • tokens
  • authorization headers
  • raw secrets
  • private credential file paths, unless safe and intentionally configured

Acceptance criteria

  • Active profile can be identified.
  • Authenticated username can be identified.
  • Allowed/forbidden operation categories can be inspected.
  • Secrets are redacted.
  • Workflows can fail closed when profile data is missing or ambiguous.
  • No mutating behavior is added.

Non-goals

  • Do not implement approve/merge yet.
  • Do not add Jenkins/Ops/deploy behavior.
  • Do not expose multiple tokens to one unsafe runtime.

Proposed labels

mcp · gitea · profiles · read-only · security

## Parent Roadmap #10 — Task-scoped MCP execution profiles for LLM-operated Gitea workflows ## Scope Add read-only profile discovery so an LLM can see which Gitea MCP execution profile is active and what operations it is allowed to perform. The tool should expose safe metadata only: * active profile name * authenticated username * allowed operation categories * forbidden operation categories * server/base URL * audit label It must not expose: * tokens * authorization headers * raw secrets * private credential file paths, unless safe and intentionally configured ## Acceptance criteria * Active profile can be identified. * Authenticated username can be identified. * Allowed/forbidden operation categories can be inspected. * Secrets are redacted. * Workflows can fail closed when profile data is missing or ambiguous. * No mutating behavior is added. ## Non-goals * Do not implement approve/merge yet. * Do not add Jenkins/Ops/deploy behavior. * Do not expose multiple tokens to one unsafe runtime. ## Proposed labels `mcp` · `gitea` · `profiles` · `read-only` · `security`
jcwalker3 added the mcpsecuritygitearead-only labels 2026-07-01 11:28:19 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#13