Normal reviewer workflows must not use local Gitea fallback scripts or profile secrets #324

Closed
opened 2026-07-07 01:49:29 -05:00 by jcwalker3 · 1 comment
Owner

A reviewer workflow used working MCP reviewer tools, but also inspected Gitea auth/config code, requested access to ~/.config/gitea-tools/profiles.json, and ran local list_prs.py with GITEA_MCP_CONFIG and GITEA_MCP_PROFILE.

Problem:

When MCP tools are available and capability checks pass, local Gitea scripts and profile files are unnecessary and increase risk. They may expose credentials, bypass MCP gates, or create inconsistent identity/capability proof.

Required behavior:

  1. Normal PR review/merge workflows must use MCP tools for Gitea operations.

  2. Do not inspect or read profile secret files during normal review.

  3. Do not run local Gitea fallback scripts during normal review.

  4. Local fallback is allowed only in explicit recovery mode and only if it independently proves:

    • identity
    • profile
    • repo
    • exact capability
    • no MCP path is available
  5. If local fallback is used, final report must classify it as fallback and explain why MCP was unavailable.

Acceptance criteria:

  • Reviewer workflow fails if it reads profiles.json during normal review.
  • Reviewer workflow fails if it runs local Gitea scripts while MCP tools are available.
  • Recovery-mode fallback requires exact capability proof.
  • Tests cover MCP available, MCP unavailable, local fallback attempted, and profile-file access.
A reviewer workflow used working MCP reviewer tools, but also inspected Gitea auth/config code, requested access to `~/.config/gitea-tools/profiles.json`, and ran local `list_prs.py` with `GITEA_MCP_CONFIG` and `GITEA_MCP_PROFILE`. Problem: When MCP tools are available and capability checks pass, local Gitea scripts and profile files are unnecessary and increase risk. They may expose credentials, bypass MCP gates, or create inconsistent identity/capability proof. Required behavior: 1. Normal PR review/merge workflows must use MCP tools for Gitea operations. 2. Do not inspect or read profile secret files during normal review. 3. Do not run local Gitea fallback scripts during normal review. 4. Local fallback is allowed only in explicit recovery mode and only if it independently proves: * identity * profile * repo * exact capability * no MCP path is available 5. If local fallback is used, final report must classify it as fallback and explain why MCP was unavailable. Acceptance criteria: * Reviewer workflow fails if it reads `profiles.json` during normal review. * Reviewer workflow fails if it runs local Gitea scripts while MCP tools are available. * Recovery-mode fallback requires exact capability proof. * Tests cover MCP available, MCP unavailable, local fallback attempted, and profile-file access.
jcwalker3 added the status:in-progress label 2026-07-07 04:05:52 -05:00
Author
Owner

PR opened with reviewer local-fallback verifier.

  • Entry point: assess_reviewer_fallback_report(report_text, action_log=..., recovery_mode=..., mcp_available=...)
  • Blocks profiles.json access and local list_prs.py/view_pr.py runs during normal review when MCP is available
  • Recovery mode requires explicit proof fields

Verification: pytest tests/test_reviewer_fallback.py tests/test_review_proofs.py -q — 158 passed

PR opened with reviewer local-fallback verifier. - Entry point: `assess_reviewer_fallback_report(report_text, action_log=..., recovery_mode=..., mcp_available=...)` - Blocks `profiles.json` access and local `list_prs.py`/`view_pr.py` runs during normal review when MCP is available - Recovery mode requires explicit proof fields Verification: `pytest tests/test_reviewer_fallback.py tests/test_review_proofs.py -q` — 158 passed
sysadmin removed the status:in-progress label 2026-07-07 04:37:14 -05:00
Sign in to join this conversation.
No labels
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#324