MCP server must dynamically reload runtime profiles and capability gates or support hot restart #420

Closed
opened 2026-07-07 10:57:50 -05:00 by jcwalker3 · 2 comments
Owner

Problem

During review/merge runs, newly merged security/capability gates (such as the branch-delete gate in PR #410/Issue #408) do not immediately take effect in the active Gitea MCP server because the server runs in-memory and does not dynamically reload the code or profiles when master changes. This allows subsequent reviewer/audit sessions to execute mutations (like remote branch deletions) that should be forbidden under the updated codebase.

Hot-swapping or reloading is needed so that the server remains in parity with the master branch.

Required behavior

The Gitea MCP server must reload or hot-restart when Master branch is updated, or it must dynamically load capability gates and execution profiles from the workspace files at tool invocation time, rather than caching them statically in memory.

Acceptance criteria

  1. MCP server has a file-watcher or reload trigger when master updates.
  2. In-memory profile allowed_operations list is read dynamically or refreshed upon config file changes.
  3. Mutations check the current codebase's capability gates at runtime.
  4. Added test cases for dynamic reload.
## Problem During review/merge runs, newly merged security/capability gates (such as the branch-delete gate in PR #410/Issue #408) do not immediately take effect in the active Gitea MCP server because the server runs in-memory and does not dynamically reload the code or profiles when master changes. This allows subsequent reviewer/audit sessions to execute mutations (like remote branch deletions) that should be forbidden under the updated codebase. Hot-swapping or reloading is needed so that the server remains in parity with the master branch. ## Required behavior The Gitea MCP server must reload or hot-restart when Master branch is updated, or it must dynamically load capability gates and execution profiles from the workspace files at tool invocation time, rather than caching them statically in memory. ## Acceptance criteria 1. MCP server has a file-watcher or reload trigger when `master` updates. 2. In-memory profile allowed_operations list is read dynamically or refreshed upon config file changes. 3. Mutations check the current codebase's capability gates at runtime. 4. Added test cases for dynamic reload.
Owner

Clarification on safety requirements for Issue #420:

This is not just a file-watcher feature. The core requirement is runtime safety proof:

  • Expose version/SHA: The MCP runtime must expose the active server code/profile/config version or SHA.
  • Gate awareness: Safety-gated tools must know whether the live runtime includes the merged gate.
  • Restart/reload proof: After merging a safety-critical gate, workflows must require runtime restart/reload proof before relying on the new protection.
  • Fail closed: If the runtime is stale, affected tools should fail closed or emit a hard warning.
  • Acceptable strategies: Dynamic reload, hot restart, or explicit restart verification are all acceptable implementation strategies to satisfy this proof requirement.
Clarification on safety requirements for Issue #420: This is not just a file-watcher feature. The core requirement is runtime safety proof: * **Expose version/SHA**: The MCP runtime must expose the active server code/profile/config version or SHA. * **Gate awareness**: Safety-gated tools must know whether the live runtime includes the merged gate. * **Restart/reload proof**: After merging a safety-critical gate, workflows must require runtime restart/reload proof before relying on the new protection. * **Fail closed**: If the runtime is stale, affected tools should fail closed or emit a hard warning. * **Acceptable strategies**: Dynamic reload, hot restart, or explicit restart verification are all acceptable implementation strategies to satisfy this proof requirement.
jcwalker3 added the status:in-progress label 2026-07-07 12:04:37 -05:00
Author
Owner

Issue claim heartbeat

<!-- gitea-issue-claim-heartbeat:v1 --> **Issue claim heartbeat** - kind: claim - issue: #420 - branch: feat/issue-420-master-parity-gate - phase: claimed - profile: prgs-author - pr: none - blocker: none - next_action: create worktree and begin implementation
sysadmin removed the status:in-progress label 2026-07-08 22:49:35 -05:00
Sign in to join this conversation.
No labels
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#420