Provide native MCP-safe commit payload preparation without shell #263

Closed
opened 2026-07-06 12:21:33 -05:00 by jcwalker3 · 0 comments
Owner

Context

Issue #152 commit recovery stopped correctly because shell spawn was dead (exit_code: -1) and gitea_commit_files requires base64 content per tool schema. With shell unavailable, the LLM had no approved encoding path and prior agents attempted forbidden fallbacks (WebFetch, Playwright, helper scripts, manual LLM base64, subagents).

MCP itself was responsive; gitea.repo.commit is allowed on prgs-author.

Related dogfood follow-ups: #258, #259, #260, #261.

Problem

gitea_commit_files requires base64-encoded file bodies. When the agent shell executor is unavailable, there is no native MCP-safe way to prepare commit payloads. This forces unsafe improvisation or hard-stop recovery.

Required behavior

Provide a native MCP-safe way to prepare commit payloads without shell.

Possible solutions (pick one or document chosen approach):

  1. Let gitea_commit_files accept plain-text content (or content_plain) and perform base64 encoding internally before calling Gitea.
  2. Add a dedicated read-only or preparatory MCP helper such as gitea_prepare_commit_files or mcp_encode_file_base64 that reads local/workspace files server-side and returns a commit-ready payload.
  3. Allow connector/local file references (local_path, workspace_path) where the MCP server reads and encodes files itself (with strict path allowlisting and issue-lock scope checks).

Acceptance criteria

  • Commit payloads can be prepared without shell.
  • Manual LLM base64 is unnecessary and forbidden in runbooks.
  • WebFetch / Playwright / browser automation is unnecessary and forbidden for encoding.
  • Throwaway helper scripts (_encode_*, _emit_*) are unnecessary and forbidden for encoding.
  • Tests prove shell-unavailable sessions can still complete the native MCP commit flow safely.
  • Tests prove binary, unicode, and newline-preservation cases are handled safely.
  • Final operator/agent report includes exact file list and content source proof (local read vs remote vs inline).
  • Documentation explains the approved path end-to-end.

Non-goals

  • Replacing gitea_commit_files with raw REST calls from the LLM.
  • Re-enabling shell as the only encoding path.

Ordering

Complements resolver work (separate issue: map commit_files / gitea_commit_files in TASK_CAPABILITY_MAP). Land together for a complete shell-free author commit story.

## Context Issue #152 commit recovery stopped correctly because shell spawn was dead (`exit_code: -1`) and `gitea_commit_files` requires base64 `content` per tool schema. With shell unavailable, the LLM had no approved encoding path and prior agents attempted forbidden fallbacks (WebFetch, Playwright, helper scripts, manual LLM base64, subagents). MCP itself was responsive; `gitea.repo.commit` is allowed on `prgs-author`. Related dogfood follow-ups: #258, #259, #260, #261. ## Problem `gitea_commit_files` requires base64-encoded file bodies. When the agent shell executor is unavailable, there is no native MCP-safe way to prepare commit payloads. This forces unsafe improvisation or hard-stop recovery. ## Required behavior Provide a **native MCP-safe** way to prepare commit payloads **without shell**. Possible solutions (pick one or document chosen approach): 1. Let `gitea_commit_files` accept **plain-text** `content` (or `content_plain`) and perform base64 encoding internally before calling Gitea. 2. Add a dedicated read-only or preparatory MCP helper such as `gitea_prepare_commit_files` or `mcp_encode_file_base64` that reads local/workspace files server-side and returns a commit-ready payload. 3. Allow **connector/local file references** (`local_path`, `workspace_path`) where the MCP server reads and encodes files itself (with strict path allowlisting and issue-lock scope checks). ## Acceptance criteria - [ ] Commit payloads can be prepared **without shell**. - [ ] Manual LLM base64 is unnecessary and **forbidden** in runbooks. - [ ] WebFetch / Playwright / browser automation is unnecessary and **forbidden** for encoding. - [ ] Throwaway helper scripts (`_encode_*`, `_emit_*`) are unnecessary and **forbidden** for encoding. - [ ] Tests prove shell-unavailable sessions can still complete the native MCP commit flow safely. - [ ] Tests prove binary, unicode, and newline-preservation cases are handled safely. - [ ] Final operator/agent report includes exact file list and **content source proof** (local read vs remote vs inline). - [ ] Documentation explains the approved path end-to-end. ## Non-goals - Replacing `gitea_commit_files` with raw REST calls from the LLM. - Re-enabling shell as the only encoding path. ## Ordering Complements resolver work (separate issue: map `commit_files` / `gitea_commit_files` in `TASK_CAPABILITY_MAP`). Land together for a complete shell-free author commit story.
Sign in to join this conversation.
No labels
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#263