Add gated Gitea PR merge workflow #16

Closed
opened 2026-07-01 11:16:10 -05:00 by jcwalker3 · 0 comments
Owner

Parent

Roadmap #10 — Task-scoped MCP execution profiles for LLM-operated Gitea workflows

Dependencies

Depends on:

  • authenticated-user identity lookup
  • execution profile model
  • PR author/reviewer eligibility checks
  • gated PR review actions, if approvals are part of the workflow

Scope

Add a gated merge workflow for PRs.

The merge workflow must verify:

  • authenticated Gitea identity
  • active execution profile
  • PR author
  • PR state
  • expected commit/head SHA
  • changed files
  • mergeability
  • required approvals, if available
  • requested target branch
  • issue linkage, if required by repo workflow

Required safety behavior

  • Do not merge if authenticated user is PR author.
  • Do not merge if identity cannot be proven.
  • Do not merge if PR head changed after review.
  • Do not merge if unexpected files changed.
  • Do not merge if required checks are missing or failing, where available.
  • Do not bypass branch protection.

Acceptance criteria

  • Merge action is gated by identity, profile, and PR state.
  • Merge requires explicit confirmation.
  • Merge verifies expected commit/head SHA.
  • Merge fails closed on ambiguity.
  • Merge action is audit logged.
  • Tool output includes merge result and merge commit if available.
  • Existing Gitea MCP behavior is not broken.

Non-goals

  • Do not add Jenkins/Ops/deploy behavior.
  • Do not trigger CI/CD.
  • Do not deploy.
  • Do not bypass repository policy.

Proposed labels

mcp · gitea · merge · mutating · safety-gates

## Parent Roadmap #10 — Task-scoped MCP execution profiles for LLM-operated Gitea workflows ## Dependencies Depends on: * authenticated-user identity lookup * execution profile model * PR author/reviewer eligibility checks * gated PR review actions, if approvals are part of the workflow ## Scope Add a gated merge workflow for PRs. The merge workflow must verify: * authenticated Gitea identity * active execution profile * PR author * PR state * expected commit/head SHA * changed files * mergeability * required approvals, if available * requested target branch * issue linkage, if required by repo workflow ## Required safety behavior * Do not merge if authenticated user is PR author. * Do not merge if identity cannot be proven. * Do not merge if PR head changed after review. * Do not merge if unexpected files changed. * Do not merge if required checks are missing or failing, where available. * Do not bypass branch protection. ## Acceptance criteria * Merge action is gated by identity, profile, and PR state. * Merge requires explicit confirmation. * Merge verifies expected commit/head SHA. * Merge fails closed on ambiguity. * Merge action is audit logged. * Tool output includes merge result and merge commit if available. * Existing Gitea MCP behavior is not broken. ## Non-goals * Do not add Jenkins/Ops/deploy behavior. * Do not trigger CI/CD. * Do not deploy. * Do not bypass repository policy. ## Proposed labels `mcp` · `gitea` · `merge` · `mutating` · `safety-gates`
jcwalker3 added the mcpsecuritygiteamutating labels 2026-07-01 11:28:28 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#16