feat: support separate Gitea MCP runtime profiles via env config (#19) #22

Merged
jcwalker3 merged 1 commits from feature/19-gitea-runtime-profiles-env into master 2026-07-01 12:35:41 -05:00
Owner

Closes #19
Roadmap parent: #10

Summary

Lets the same mcp_server.py run as separate MCP entries, each configured with its own token and profile name via environment variables — so roles stay task-scoped (the profile is the role, not the LLM). One token + one profile per process.

  • gitea_auth.get_profile() — reads GITEA_PROFILE_NAME, GITEA_ALLOWED_OPERATIONS (comma → list), and GITEA_BASE_URL as non-secret metadata. Defaults to gitea-default / [] / None. Never reads, returns, or logs GITEA_TOKEN or any credential.
  • gitea_whoami — now surfaces safe profile metadata (profile_name + allowed_operations) alongside identity, so a workflow can see which runtime it is talking to. Token still never exposed; fail-closed behavior unchanged.
  • .env.example — placeholder-only template for one runtime profile.
  • .gitignore — adds !.env.example so the template is tracked while real .env* files stay ignored.
  • README — documents multiple env-configured MCP entries (gitea-tools-reviewer, gitea-tools-merger) + env field table.
  • tests — 4 new: profile defaults, env parsing, token-never-included, whoami surfaces profile without leaking token.

Files changed (6, +175/-1)

File Change
gitea_auth.py new get_profile() (+32)
mcp_server.py import + whoami returns profile (+11/-1 docstring)
.env.example new placeholder template (+24)
.gitignore !.env.example negation (+1)
README.md runtime-profiles section (+52)
tests/test_mcp_server.py TestRuntimeProfile (+56)

Validation

  • git diff --check → clean.
  • python3 -m py_compile mcp_server.py tests/test_mcp_server.py gitea_auth.py → OK.
  • pytest tests/test_mcp_server.py34 passed (was 30; +4 new).
  • git check-ignore .env.example → not ignored (trackable); .env.personal → still ignored.
  • Secret scan on additions → no real tokens (replace-with-token / super-secret-token are placeholders/test synthetics; the latter is asserted absent from output).

Explicit statements

  • No real secrets were added. .env.example and tests use placeholders only; real .env* stays gitignored.
  • No multi-token switching inside one runtime — one token + one profile per process.
  • No approve/merge/eligibility workflow added — those are #14/#15/#16.
  • No profile discovery tool added beyond surfacing the name via existing gitea_whoami (#13 remains separate).
  • No Jenkins/Ops/GlitchTip/Release/deploy/production behavior added.
  • Existing Gitea MCP behavior unchanged (all prior tests green; whoami change is additive).

Scoped to #19 only. Does not touch #13–#18. Do not merge — awaiting independent review.

Closes #19 Roadmap parent: #10 ## Summary Lets the same `mcp_server.py` run as **separate MCP entries**, each configured with its own token and profile name via environment variables — so roles stay task-scoped (*the profile is the role, not the LLM*). One token + one profile **per process**. - **`gitea_auth.get_profile()`** — reads `GITEA_PROFILE_NAME`, `GITEA_ALLOWED_OPERATIONS` (comma → list), and `GITEA_BASE_URL` as **non-secret** metadata. Defaults to `gitea-default` / `[]` / `None`. Never reads, returns, or logs `GITEA_TOKEN` or any credential. - **`gitea_whoami`** — now surfaces safe profile metadata (`profile_name` + `allowed_operations`) alongside identity, so a workflow can see which runtime it is talking to. Token still never exposed; fail-closed behavior unchanged. - **`.env.example`** — placeholder-only template for one runtime profile. - **`.gitignore`** — adds `!.env.example` so the template is tracked while real `.env*` files stay ignored. - **README** — documents multiple env-configured MCP entries (`gitea-tools-reviewer`, `gitea-tools-merger`) + env field table. - **tests** — 4 new: profile defaults, env parsing, token-never-included, `whoami` surfaces profile without leaking token. ## Files changed (6, +175/-1) | File | Change | |------|--------| | `gitea_auth.py` | new `get_profile()` (+32) | | `mcp_server.py` | import + `whoami` returns `profile` (+11/-1 docstring) | | `.env.example` | new placeholder template (+24) | | `.gitignore` | `!.env.example` negation (+1) | | `README.md` | runtime-profiles section (+52) | | `tests/test_mcp_server.py` | `TestRuntimeProfile` (+56) | ## Validation - `git diff --check` → clean. - `python3 -m py_compile mcp_server.py tests/test_mcp_server.py gitea_auth.py` → OK. - `pytest tests/test_mcp_server.py` → **34 passed** (was 30; +4 new). - `git check-ignore .env.example` → not ignored (trackable); `.env.personal` → still ignored. - Secret scan on additions → no real tokens (`replace-with-token` / `super-secret-token` are placeholders/test synthetics; the latter is asserted **absent** from output). ## Explicit statements - **No real secrets were added.** `.env.example` and tests use placeholders only; real `.env*` stays gitignored. - **No multi-token switching inside one runtime** — one token + one profile per process. - **No approve/merge/eligibility workflow added** — those are #14/#15/#16. - **No profile discovery tool added** beyond surfacing the name via existing `gitea_whoami` (#13 remains separate). - **No Jenkins/Ops/GlitchTip/Release/deploy/production behavior added.** - Existing Gitea MCP behavior unchanged (all prior tests green; `whoami` change is additive). Scoped to #19 only. Does not touch #13–#18. **Do not merge** — awaiting independent review.
jcwalker3 added 1 commit 2026-07-01 12:22:23 -05:00
Allow the same MCP server to run as separate MCP entries, each with its
own token and profile name, so roles stay task-scoped (the profile is
the role, not the LLM).

- gitea_auth.get_profile(): reads GITEA_PROFILE_NAME,
  GITEA_ALLOWED_OPERATIONS, GITEA_BASE_URL as non-secret metadata.
  Never reads/returns/logs the token.
- gitea_whoami now surfaces the safe profile metadata (name + allowed
  operations) alongside identity; token still never exposed.
- .env.example: placeholder-only template for a runtime profile.
- .gitignore: track .env.example while keeping real .env* ignored.
- README: document multiple env-configured MCP entries.
- tests: profile defaults/parsing, token-never-included, whoami surfaces
  profile without leaking token.

One token + one profile per process. No multi-token switching in a
single runtime. No approve/merge/eligibility workflow. No
Jenkins/Ops/GlitchTip/Release/deploy behavior. No real secrets.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
jcwalker3 reviewed 2026-07-01 12:25:59 -05:00
jcwalker3 left a comment
Author
Owner

Content, scope, and validation passed. Confirmed runtime profiles are safe metadata only, no multi-token switching, and all tests pass (34 passed). Exactly 6 expected files changed. PR is approved.

Content, scope, and validation passed. Confirmed runtime profiles are safe metadata only, no multi-token switching, and all tests pass (34 passed). Exactly 6 expected files changed. PR is approved.
jcwalker3 reviewed 2026-07-01 12:35:41 -05:00
jcwalker3 left a comment
Author
Owner

All checks passed. Verified head e316120, correct file scope, and 34 passing tests. Merging.

All checks passed. Verified head e316120, correct file scope, and 34 passing tests. Merging.
jcwalker3 merged commit 769bec05e7 into master 2026-07-01 12:35:41 -05:00
Sign in to join this conversation.