Complete canonical-root consumption for cross-repository MCP namespaces #739
Open
opened 2026-07-18 02:35:19 -05:00 by jcwalker3
·
1 comment
No Branch/Tag Specified
master
feat/issue-739-canonical-root-consumption
feat/issue-706-canonical-repository-root
fix/issue-735-author-org-repo-forwarding
fix/issue-733-delete-branch-repo-forwarding
feat/issue-609-prepared-review-verdict-resume
fix/issue-702-stale-binding-lease-recovery
issue-723-role-poisoning
fix/issue-723-capability-role-invariants
fix/issue-720-expired-decision-lock
docs/mcp-stable-control-runtime-policy
feat/issue-687-reconciler-branch-delete
fix/issue-709-decision-lock-cross-profile
fix/issue-695-native-transport-quarantine
fix/issue-698-report-validator-schema
fix/issue-699-structured-auth-mcp-errors
fix/issue-695-native-quarantine-v2
fix/issue-691-obsolete-reviewer-lease-cleanup
fix/issue-683-workflow-guard-hardening
chore/issue-681-preserve-review-session-wip
fix/issue-671-block-stable-branch-push
fix/issue-675-residual-preflight-remediation
fix/issue-673-remediate-regressions-part2
fix/issue-673-remediate-regressions
feat/issue-603-lifecycle-labels
fix/issue-627-set-issue-labels-pagination
feat/issue-601-first-class-leases
feat/issue-612-incident-bridge
feat/issue-600-controller-allocator-api
fix/issue-620-head-scoped-review-locks
feat/issue-613-allocator-db-substrate
feat/issue-610-live-remote-parity
feat/issue-503-reviewer-active-worktree
feat/issue-470-preflight-contract
feat/issue-440-lock-recovery
feat/issue-440-branch-recovery
feat/issue-458-queue-fail-closed-copy
feat/issue-400-early-duplicate-work-gate
feat/issue-308-reconcile-inventory-pagination
feat/issue-308-reconcile-pagination-proof
docs/issue-261-agent-temp-artifact-cleanup
feat/issue-262-map-commit-files
fix/infra-stop-conflict-marker-false-positive
feat/issue-139-role-aware-task-routing
feat/issue-188-continuation-selection-wall
feat/issue-189-continuation-mode-proofs
feat/issue-232-refresh-wiki-proof-heads
feat/issue-210-block-workspace-edits
feat/issue-204-exact-issue-lock
docs/issue-80-label-taxonomy
docs/issue-79-safety-boundary-updates
v1.1.0
Labels
Clear labels
allocator
anti-stomp
architecture
bug
chore
codex
concurrency
contamination
control-plane
dashboard
database
design
documentation
enhancement
gitea
glitchtip
important
incident
incident-bridge
integration
jenkins
labels
leases
mcp
mcp-health
mcp-menu
multi-project
mutating
nice-to-have
observability
portability
preflight
protected-branch
queue
read-only
reconnect
recovery
refactor
release
reliability
resumable-review
reviewer
roadmap
safety
security
self-hosted
sentry
stale-runtime
status:blocked
status:in-progress
status:pr-open
status:ready
terminal-lock
testing
tracker
type:bug
type:feature
type:feature
type:guardrail
visibility
workflow
workflow-hardening
workflow-hardening
Controller-owned work allocator
Prevent concurrent LLM session stomping
Architecture / structural design
OpenAI Codex client / workflow session surface
Concurrent session safety
Workflow or session contamination incident
MCP control-plane coordination and allocation authority
MCP operational dashboard/queue view
Internal coordination storage (SQLite/Postgres)
Design / investigation, no implementation
Docs / runbooks
New feature or improvement
Gitea MCP workflow
GlitchTip integration
Operational or process incident requiring durable audit trail
Sentry-to-Gitea incident bridging
Integration testing
Jenkins integration
Label taxonomy management
Lease adopt/release/expire lifecycle
MCP server / tooling
MCP namespace and runtime health
MCP menu surface
Work spanning multiple monitoring projects or Gitea repos
Mutating action; requires gating
Observability, metrics, traces, error reporting
Cross-platform / portability
Shared preflight gates before mutation
Protected branch / stable-branch policy concern
Work queue visibility and allocation
Read-only, no mutation
MCP client reconnect/reload recovery path
Recovery paths for stale/foreign leases
Code refactor / restructure
Release / versioning
Reliability / failure handling
Persist and resume prepared review verdicts across sessions
Reviewer workflow tooling
Roadmap / umbrella issue
Safety rails and fail-closed mutation guards
Security / trust boundary
Self-hosted infrastructure integration
Sentry error monitoring integration
Stale backend daemon / runtime-vs-master parity failures
Issue is blocked
Issue is being worked on
Issue has an open pull request
Issue is ready for work
Terminal review lock (#332) path
Tests / test coverage
Issue tracker hygiene / meta
Bug or defect
Feature or enhancement
Feature or enhancement
Safety gate or guardrail
Workflow state visibility for LLMs/operators
Cross-tool workflow
LLM workflow coordination hardening
LLM workflow coordination hardening
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Scaled-Tech-Consulting/Gitea-Tools#739
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Problem
#706 (landed via PR #736, master
a8d2087b) introduced an immutable, configuredcanonical_repository_rootand routed two things through it: the #274 filesystem guards (namespace_workspace_binding.resolve_namespace_mutation_context) and the session repository slug (_trusted_session_repository).Three consumption paths were not completed. Each is reproduced by an executable test against the production entry point on
a8d2087b; none is hypothetical.F1 —
gitea_get_runtime_contextdoes not normalize itsremoteargumentgitea_whoamicallsremote = _effective_remote(remote)before seeding the session context (gitea_mcp_server.py:13405)._effective_remote(gitea_mcp_server.py:2349-2363) is the only place a profile's own configured remote is consulted: when the caller left the argument at its"dadeschools"default, it rewrites the remote from the active profile'sbase_urlhost.gitea_get_runtime_context(gitea_mcp_server.py:14026-14197) never calls it. The raw argument flows into the host lookup at 14064 and 14127 and straight into_seed_session_contextat 14128-14134.Consequences when the runtime-context path is the first native call in a fresh
prgs-*process:remote="dadeschools"/host="gitea.dadeschools.net";_authenticated_username(h)at 14064 resolves identity against the wrong host;session_context_binding.py:218), so a later, correctgitea_whoami(remote="prgs")cannot repair it — it returns the already-bound context and the mutation gate then reports remote drift against a binding that was wrong from the start.Every existing first-bind test passes
remoteexplicitly (tests/test_issue_714_production_first_bind.py:149-154,tests/test_runtime_clarity.py:118,150,174), so the gap was invisible.Ordering advice ("call whoami first") is not a durable fix: the production path must be correct regardless of call order.
F2 — the delete-branch repository-binding guard derives identity from the installation checkout
_delete_branch_repository_binding_block(gitea_mcp_server.py:8749-8807) computes its expected slug from_workspace_repository_slug(remote)(line 8772), which reads_local_git_remote_urlwithcwd=PROJECT_ROOT(gitea_mcp_server.py:8484-8498) — always the Gitea-Tools installation checkout._trusted_session_repositoryalready branches on the canonical root first and only falls back to the install-derived slug (gitea_mcp_server.py:1689-1714); its own comment names this hazard. The delete path never reaches that resolver: it calls neither_mutation_config_authority_blocknor_session_context_mutation_block.For a namespace whose
canonical_repository_rootpoints at another repository this inverts the guard:No test in
tests/test_issue_733_delete_branch_repo_forwarding.pyortests/test_delete_branch_capability.pyconfigures a canonical root while exercising this guard.F3 — no target-repository dimension in commissioning evidence
gitea_assess_master_paritycomputesstartup_headandcurrent_headfromPROJECT_ROOTonly (gitea_mcp_server.py:1799,10871-10874;master_parity_gate.py:35-68). This is intentional and must be preserved — it detects that the in-memory capability-gate code is stale relative to the on-disk Gitea-Tools checkout, exactly asmaster_parity_gate.py:1-21documents.The gap is that it is the only dimension. A cross-repository namespace has no evidence about the repository it actually mutates, so "in parity" reads as a whole-system statement when it is a statement about one checkout. Commissioning evidence must separately distinguish: server installation root and Gitea-Tools implementation commit; canonical target repository root; target checkout commit; target remote/master commit; and staleness per dimension.
Confirmed intentional — not defects
Recorded here so they are not re-filed:
assess_workspace_repo_membership,assess_author_mutation_worktree, and the branches-only guard all validate againstctx["canonical_repo_root"], which is the configured canonical root when set (namespace_workspace_binding.py:144-148). The canonical target root resolves to its own slug, the installation root stays Gitea-Tools, explicitorg/repomay confirm but never authorize a binding (session_context_binding.py:495-520), and a Gitea-Tools-rooted namespace cannot reach another repository. Verified, not changed.allowed_repositorieslimited to one repository, an absolutecanonical_repository_root, and credential references only already passes config audit and bind-time validation; a wrong root fails closed; role separation holds in both directions. Verified, not changed.Acceptance criteria
gitea_get_runtime_contextnormalizesremotethrough_effective_remotebefore any host lookup, identity resolution, or session seeding; explicit arguments are unchanged and a dadeschools-hosted profile still resolves todadeschools.gitea_assess_master_parityreports separately labelled server-implementation and target-repository dimensions.startup_head,current_head,in_parity,stale, andrestart_requiredkeep their existing meaning and values.Scope
Gitea-Tools server source and tests only. No client launcher,
profiles.json, or credential changes; no branch is deleted by any test.Issue claim heartbeat