fix: redact Gitea web links from PR/issue MCP tool output (#125) #133
Reference in New Issue
Block a user
Delete Branch "feat/issue-125-pr-url-redaction"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
Implements #125:
url/web-link fields are omitted from normal LLM-facing output of the PR/issue tools, closing the leak found in the 2026-07-03 MCP connectivity proof and making behavior match the redaction rules already stated by the operator guide (hide_service_urls_from_llm, #120 pattern).Changes
_with_optional_url(result, url): attaches the web link only whenGITEA_MCP_REVEAL_ENDPOINTS=1is set.gitea_list_prs,gitea_view_pr,gitea_create_issue,gitea_create_pr,gitea_edit_pr,gitea_view_issue. Docstrings updated.Tests
Paired tests per affected tool: default path asserts no
urlkey (clean env), reveal path asserts the link returns underGITEA_MCP_REVEAL_ENDPOINTS=1.Full suite: 513 passed, 6 skipped.
py_compileclean;git diff --checkclean; secret/provenance sweep clean.Subagent review
Independent read-only code-review subagent ran before this PR opened. Verdict: NO BLOCKERS. It confirmed: #125 scope fully satisfied; redaction complete for both
gitea_list_prsandgitea_view_pr; reveal opt-in works everywhere touched; whole-file leak sweep found no remaining URL/keychain/token sinks in normal output (gitea_get_file/gitea_commit_files/gitea_merge_prextract only safe fields); both-path test coverage present per tool; no gate weakened; no doc updates required (the change makes the #128 guide's stated redaction claims true); no over-redaction of safe metadata. Its one LOW note (document the helper's in-place mutation contract) is addressed in the follow-up commit.Closes #125
Independent reviewer validation passed for PR #133 at pinned head
c349b98206.Reviewed scope is limited to mcp_server.py and tests/test_mcp_server.py. The implementation removes default web-link output from PR/issue tool responses, preserves GITEA_MCP_REVEAL_ENDPOINTS=1 reveal behavior, keeps useful safe metadata, and does not alter author/reviewer/merge/profile gates.
Validation run in a clean detached review worktree:
Verdict: APPROVE.
Redaction behavior verified. Paired unit tests run and pass. File scope is correct. Approved.