Require MCP-native cleanup for post-merge lease/comment/worktree cleanup #517

Closed
opened 2026-07-08 03:21:06 -05:00 by jcwalker3 · 0 comments
Owner

Problem:
Recent post-merge workflows used ad hoc cleanup actions such as raw scripts for Gitea comment deletion, direct git branch deletion, and local root checkout mutation. Even when the target cleanup is correct, these actions bypass the intended MCP role/capability gates and make it hard to prove that cleanup was authorized, scoped, and safe.

Required behavior:

  • Post-merge cleanup of leases, comments, source branches, and worktrees must go through explicit MCP tools or approved helper commands.
  • Raw scripts must not be accepted as cleanup proof.
  • Reviewer and merger sessions must not perform reconciler cleanup unless the operation is explicitly allowed by the profile/capability model.
  • Root checkout mutation must be blocked or clearly gated unless policy explicitly allows the operation.
  • Final reports must distinguish merge mutations from cleanup mutations.

Acceptance criteria:

  1. Add MCP-native cleanup helpers or enforce use of existing reconciler cleanup tools.
  2. Add tests proving raw comment deletion is not valid cleanup proof.
  3. Add tests proving raw git branch deletion is not valid cleanup proof.
  4. Add tests proving post-merge cleanup succeeds through the authorized reconciler path.
  5. Update handoff guidance so merger sessions hand cleanup to reconciler instead of doing ad hoc cleanup.
Problem: Recent post-merge workflows used ad hoc cleanup actions such as raw scripts for Gitea comment deletion, direct git branch deletion, and local root checkout mutation. Even when the target cleanup is correct, these actions bypass the intended MCP role/capability gates and make it hard to prove that cleanup was authorized, scoped, and safe. Required behavior: - Post-merge cleanup of leases, comments, source branches, and worktrees must go through explicit MCP tools or approved helper commands. - Raw scripts must not be accepted as cleanup proof. - Reviewer and merger sessions must not perform reconciler cleanup unless the operation is explicitly allowed by the profile/capability model. - Root checkout mutation must be blocked or clearly gated unless policy explicitly allows the operation. - Final reports must distinguish merge mutations from cleanup mutations. Acceptance criteria: 1. Add MCP-native cleanup helpers or enforce use of existing reconciler cleanup tools. 2. Add tests proving raw comment deletion is not valid cleanup proof. 3. Add tests proving raw git branch deletion is not valid cleanup proof. 4. Add tests proving post-merge cleanup succeeds through the authorized reconciler path. 5. Update handoff guidance so merger sessions hand cleanup to reconciler instead of doing ad hoc cleanup.
Sign in to join this conversation.
No labels
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#517