docs: document static dual-namespace Gitea MCP deployment model (#143) #158

Merged
sysadmin merged 1 commits from docs/issue-143-dual-namespace-model into master 2026-07-05 02:29:21 -05:00
Owner

Summary

Documents the static dual-namespace Gitea MCP deployment model accepted in the #139 design discussion.

  • New docs/gitea-dual-namespace-deployment.md: two static per-role namespaces (gitea-author, gitea-reviewer), one credential per process; dynamic profile switching and dispatcher routing explicitly rejected for now (with the allow_runtime_switching opt-in accurately noted as existing but deliberately left off); rationale (audit clarity, credential concentration, two-party review boundary, fail-closed behavior); reference-only client setup via GITEA_MCP_CONFIG/GITEA_MCP_PROFILE (no secrets, no URLs); "Auth unsupported" client-badge caveat; reconnect/reload requirements after profile/config/code changes.
  • Cross-links added in docs/gitea-execution-profiles.md and docs/llm-workflow-runbooks.md.
  • New tests/test_dual_namespace_docs.py (7 tests) guards presence, decision accuracy, rationale coverage, secret/URL redaction, and cross-links.

Validation

  • New docs tests: 7 passed (watched fail RED first).
  • Full suite: 530 passed.
  • git diff --check clean; secret/provenance sweep clean.
  • Read-only subagent review: 1 finding fixed (wording overstated "not supported by the runtime" vs the allow_runtime_switching opt-in), #139 attribution confirmed correct, no conflicts with in-flight #141/#142.

Closes #143

## Summary Documents the static dual-namespace Gitea MCP deployment model accepted in the #139 design discussion. - New `docs/gitea-dual-namespace-deployment.md`: two static per-role namespaces (`gitea-author`, `gitea-reviewer`), one credential per process; dynamic profile switching and dispatcher routing explicitly rejected for now (with the `allow_runtime_switching` opt-in accurately noted as existing but deliberately left off); rationale (audit clarity, credential concentration, two-party review boundary, fail-closed behavior); reference-only client setup via `GITEA_MCP_CONFIG`/`GITEA_MCP_PROFILE` (no secrets, no URLs); "Auth unsupported" client-badge caveat; reconnect/reload requirements after profile/config/code changes. - Cross-links added in `docs/gitea-execution-profiles.md` and `docs/llm-workflow-runbooks.md`. - New `tests/test_dual_namespace_docs.py` (7 tests) guards presence, decision accuracy, rationale coverage, secret/URL redaction, and cross-links. ## Validation - New docs tests: 7 passed (watched fail RED first). - Full suite: 530 passed. - `git diff --check` clean; secret/provenance sweep clean. - Read-only subagent review: 1 finding fixed (wording overstated "not supported by the runtime" vs the `allow_runtime_switching` opt-in), #139 attribution confirmed correct, no conflicts with in-flight #141/#142. Closes #143
jcwalker3 added 1 commit 2026-07-05 02:24:03 -05:00
Record the #139 accepted decision as a deployment doc: two static
per-role MCP namespaces (gitea-author, gitea-reviewer), one credential
per process, with dynamic profile switching and dispatcher routing
explicitly rejected for now. Covers rationale (audit clarity, credential
concentration, two-party review boundary, fail-closed behavior),
reference-only client setup via GITEA_MCP_CONFIG/GITEA_MCP_PROFILE,
the 'Auth unsupported' client-badge caveat, and reconnect/reload
requirements after profile/config/code changes. Cross-linked from the
execution-profiles model doc and the workflow runbooks; guarded by
docs-content tests.

Closes #143

Co-Authored-By: Claude Fable 5 <[email protected]>
sysadmin reviewed 2026-07-05 02:28:59 -05:00
sysadmin left a comment
Owner

Approved at pinned head 2ad876be9f145c530e3f0d806bd8918c393bcc1b.

Reviewed scope against #143: the PR adds the static dual-namespace deployment doc, links it from the existing execution profile/runbook docs, and adds focused doc tests. The content preserves the accepted static author/reviewer namespace model, rejects dynamic switching/dispatcher routing for now, explains the audit/credential/two-party/fail-closed rationale, and avoids raw service URLs or credential material.

Validation run:

  • python3 -m pytest tests/test_dual_namespace_docs.py -q: 7 passed.
  • python3 -m pytest tests/ -q: 530 passed, 6 skipped.
  • python3 -m py_compile tests/test_dual_namespace_docs.py: passed.
  • git diff --check refs/remotes/prgs/master...HEAD: passed.
  • Secret/provenance sweep over changed docs/tests found no credential material or raw service URLs; only the test's own forbidden-marker strings matched.
Approved at pinned head `2ad876be9f145c530e3f0d806bd8918c393bcc1b`. Reviewed scope against #143: the PR adds the static dual-namespace deployment doc, links it from the existing execution profile/runbook docs, and adds focused doc tests. The content preserves the accepted static author/reviewer namespace model, rejects dynamic switching/dispatcher routing for now, explains the audit/credential/two-party/fail-closed rationale, and avoids raw service URLs or credential material. Validation run: - `python3 -m pytest tests/test_dual_namespace_docs.py -q`: 7 passed. - `python3 -m pytest tests/ -q`: 530 passed, 6 skipped. - `python3 -m py_compile tests/test_dual_namespace_docs.py`: passed. - `git diff --check refs/remotes/prgs/master...HEAD`: passed. - Secret/provenance sweep over changed docs/tests found no credential material or raw service URLs; only the test's own forbidden-marker strings matched.
sysadmin merged commit d73d238c37 into master 2026-07-05 02:29:21 -05:00
Sign in to join this conversation.
No Reviewers
No labels
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#158