fix(mcp): complete canonical-root consumption for cross-repository namespaces (Closes #739) #740
Open
jcwalker3
wants to merge 1 commits from
feat/issue-739-canonical-root-consumption into master
pull from: feat/issue-739-canonical-root-consumption
merge into: :master
:master
:feat/issue-739-canonical-root-consumption
:feat/issue-706-canonical-repository-root
:fix/issue-735-author-org-repo-forwarding
:fix/issue-733-delete-branch-repo-forwarding
:feat/issue-609-prepared-review-verdict-resume
:fix/issue-702-stale-binding-lease-recovery
:issue-723-role-poisoning
:fix/issue-723-capability-role-invariants
:fix/issue-720-expired-decision-lock
:docs/mcp-stable-control-runtime-policy
:feat/issue-687-reconciler-branch-delete
:fix/issue-709-decision-lock-cross-profile
:fix/issue-695-native-transport-quarantine
:fix/issue-698-report-validator-schema
:fix/issue-699-structured-auth-mcp-errors
:fix/issue-695-native-quarantine-v2
:fix/issue-691-obsolete-reviewer-lease-cleanup
:fix/issue-683-workflow-guard-hardening
:chore/issue-681-preserve-review-session-wip
:fix/issue-671-block-stable-branch-push
:fix/issue-675-residual-preflight-remediation
:fix/issue-673-remediate-regressions-part2
:fix/issue-673-remediate-regressions
:feat/issue-603-lifecycle-labels
:fix/issue-627-set-issue-labels-pagination
:feat/issue-601-first-class-leases
:feat/issue-612-incident-bridge
:feat/issue-600-controller-allocator-api
:fix/issue-620-head-scoped-review-locks
:feat/issue-613-allocator-db-substrate
:feat/issue-610-live-remote-parity
:feat/issue-503-reviewer-active-worktree
:feat/issue-470-preflight-contract
:feat/issue-440-lock-recovery
:feat/issue-440-branch-recovery
:feat/issue-458-queue-fail-closed-copy
:feat/issue-400-early-duplicate-work-gate
:feat/issue-308-reconcile-inventory-pagination
:feat/issue-308-reconcile-pagination-proof
:docs/issue-261-agent-temp-artifact-cleanup
:feat/issue-262-map-commit-files
:fix/infra-stop-conflict-marker-false-positive
:feat/issue-139-role-aware-task-routing
:feat/issue-188-continuation-selection-wall
:feat/issue-189-continuation-mode-proofs
:feat/issue-232-refresh-wiki-proof-heads
:feat/issue-210-block-workspace-edits
:feat/issue-204-exact-issue-lock
:docs/issue-80-label-taxonomy
:docs/issue-79-safety-boundary-updates
Labels
Clear labels
allocator
anti-stomp
architecture
bug
chore
codex
concurrency
contamination
control-plane
dashboard
database
design
documentation
enhancement
gitea
glitchtip
important
incident
incident-bridge
integration
jenkins
labels
leases
mcp
mcp-health
mcp-menu
multi-project
mutating
nice-to-have
observability
portability
preflight
protected-branch
queue
read-only
reconnect
recovery
refactor
release
reliability
resumable-review
reviewer
roadmap
safety
security
self-hosted
sentry
stale-runtime
status:blocked
status:in-progress
status:pr-open
status:ready
terminal-lock
testing
tracker
type:bug
type:feature
type:feature
type:guardrail
visibility
workflow
workflow-hardening
workflow-hardening
Controller-owned work allocator
Prevent concurrent LLM session stomping
Architecture / structural design
OpenAI Codex client / workflow session surface
Concurrent session safety
Workflow or session contamination incident
MCP control-plane coordination and allocation authority
MCP operational dashboard/queue view
Internal coordination storage (SQLite/Postgres)
Design / investigation, no implementation
Docs / runbooks
New feature or improvement
Gitea MCP workflow
GlitchTip integration
Operational or process incident requiring durable audit trail
Sentry-to-Gitea incident bridging
Integration testing
Jenkins integration
Label taxonomy management
Lease adopt/release/expire lifecycle
MCP server / tooling
MCP namespace and runtime health
MCP menu surface
Work spanning multiple monitoring projects or Gitea repos
Mutating action; requires gating
Observability, metrics, traces, error reporting
Cross-platform / portability
Shared preflight gates before mutation
Protected branch / stable-branch policy concern
Work queue visibility and allocation
Read-only, no mutation
MCP client reconnect/reload recovery path
Recovery paths for stale/foreign leases
Code refactor / restructure
Release / versioning
Reliability / failure handling
Persist and resume prepared review verdicts across sessions
Reviewer workflow tooling
Roadmap / umbrella issue
Safety rails and fail-closed mutation guards
Security / trust boundary
Self-hosted infrastructure integration
Sentry error monitoring integration
Stale backend daemon / runtime-vs-master parity failures
Issue is blocked
Issue is being worked on
Issue has an open pull request
Issue is ready for work
Terminal review lock (#332) path
Tests / test coverage
Issue tracker hygiene / meta
Bug or defect
Feature or enhancement
Feature or enhancement
Safety gate or guardrail
Workflow state visibility for LLMs/operators
Cross-tool workflow
LLM workflow coordination hardening
LLM workflow coordination hardening
No labels
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Scaled-Tech-Consulting/Gitea-Tools#740
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Closes #739
Head:
15a8a76e999729cbbd3a27f9339d8f682f67793dBase:
master@a8d2087b4af3ae143b839c5c0c821e2a3ca7fd4fRoot cause
#706 introduced the immutable, configured
canonical_repository_rootand routed two consumers through it: the #274 filesystem guards and the session repository slug. Three consumption paths kept deriving repository identity from the Gitea-Tools installation checkout. Each was reproduced by an executable test against the production entry point before being changed.F1 — runtime-context did not normalize its remote
gitea_whoaminormalizes via_effective_remotebefore seeding the session context;gitea_get_runtime_contextdid not._effective_remote(gitea_mcp_server.py:2349-2363) is the only place a profile's own configured remote is consulted, and it fires only when the caller leftremoteat its"dadeschools"default.Before: on a prgs-hosted namespace whose first native call was the runtime-context path, the raw argument default flowed into the host lookup and into
_seed_session_context. The session pinnedremote="dadeschools"/host="gitea.dadeschools.net",_authenticated_usernameresolved identity against the wrong host, and because first-bind is first-write-wins (session_context_binding.py:218) a later correctgitea_whoami(remote="prgs")could not repair it — the mutation gate then reported remote drift against a binding that was wrong from the start.After:
remote = _effective_remote(remote)runs before any host lookup, identity resolution, or session seeding. Explicit remotes are untouched; a dadeschools-hosted profile still resolves todadeschools. This is a production-path fix, not call-ordering advice.F2 — delete-branch binding guard read the installation checkout
_delete_branch_repository_binding_blockderived its expected slug from_workspace_repository_slug, which runs_local_git_remote_urlwithcwd=PROJECT_ROOT— always Gitea-Tools. The delete path never reaches_trusted_session_repository, which already had the canonical-root branch.Before: for a namespace with a configured canonical root the guard was inverted — an explicit target naming the genuinely bound repository was rejected, and one naming Gitea-Tools was accepted.
After: the canonical-root branch is extracted as
_canonical_repository_slugand shared by both call sites. A configured-but-unresolvable root fails closed rather than silently falling back to the installation identity. Unconfigured namespaces keep the install-derived default unchanged.F3 — parity carried no target-repository dimension
gitea_assess_master_paritycomputes both HEADs fromPROJECT_ROOT. This is intentional and is preserved — it detects that in-memory capability-gate code is stale relative to the on-disk Gitea-Tools checkout, exactly asmaster_parity_gate.py:1-21documents. The defect was that it was the only dimension, so "in parity" read as a whole-system statement.After:
startup_head,current_head,in_parity,stale,restart_required,summary,reasons, andprocess_rootkeep their existing meaning and values, and only the server dimension gates mutations. Two separately labelled dimensions are added:server_implementation—installation_root,startup_head,current_head,stale,determinabletarget_repository—canonical_repository_root,source,repository_slug,checkout_head,tracking_ref,remote_tracking_head,determinable,stale,reasonsThe target assessment makes no network call: the remote side is read from the existing remote-tracking ref, and a target that has never been fetched is reported indeterminate rather than guessed at. It deliberately does not honour
GITEA_TEST_CURRENT_HEAD, which exists to pin the server's HEAD.Proven intentional — no change made
assess_workspace_repo_membership,assess_author_mutation_worktree, and the branches-only guard already validate againstctx["canonical_repo_root"]. The canonical target root resolves to its own slug, the installation root stays Gitea-Tools, explicitorg/repomay confirm but never authorize a binding, and a Gitea-Tools-rooted namespace cannot reach another repository.allowed_repositorieslimited to one repository, an absolute canonical root, and credential references only already passes config audit and bind-time validation; a wrong root fails closed; role separation holds in both directions.Both are now covered by regression tests so a future change cannot quietly undo them.
Files changed
gitea_mcp_server.py— F1 normalization; new_canonical_repository_slughelper;_trusted_session_repositoryrefactored onto it with identical semantics; delete-branch guard consumes it; parity tool reports two labelled dimensions.master_parity_gate.py— additiveassess_target_repository_parity,_git_capture,DEFAULT_TARGET_TRACKING_REF. No existing symbol modified.tests/test_cross_repo_canonical_consumption.py— new, 31 cases across groups A–E using real git repositories and no network.Tests
a8d2087: 3267 passed, 6 skipped, 240 subtests passed. Delta is exactly the 31 new cases.test_issue_702_review_findings_f1_f6::test_removed_worktree_recovers_before_probeandtest_reconciler_supersession_close::test_tool_posts_comment_and_closes_superseded_pr_issue— reproduce identically on unmodifieda8d2087and are pre-existing, not attributable to this change.git diff --checkclean.Remaining limitations
_resolve,_enforce_remote_repo_guard, the anti-stomp org/repo fill, and the git-operation call sites that passPROJECT_ROOTdirectly (branch cleanup, merge, ownership). A cross-repository namespace exercising those will still resolve against the installation checkout. They are not on the author/reviewer/merger/reconciler critical path this change unblocks and warrant a separate scoped issue._validate_canonical_repository_rootruns only on the v2-contexts config shape; the v1 and v2-environments loaders read the field without validating it.profiles.json, or credential was read or modified, and no branch was deleted by any test.Author work unit only — not reviewed, not approved, not merged.
Follow-up scope is tracked in #741, "Eliminate remaining PROJECT_ROOT coupling in cross-repository MCP operations."
PR #740 fixes the three confirmed defects scoped to #739: first-call effective-remote binding, canonical-root-aware reconciler branch validation, and separate target-repository parity evidence.
PR #740 does not claim that every cross-repository mutation path is commissioned. Client configuration installation and unattended
mcp-control-planeoperation remain blocked until the mutation-critical paths identified in #741—particularly author, merge, remote-guard, anti-stomp, and cleanup consumers—are verified or corrected, independently reviewed and merged, loaded through a daemon restart, and proven by repository-correct commissioning.This follow-up does not expand PR #740's diff or acceptance scope.
Canonical Issue State
STATE: PR #740 is open at head
15a8a76e99against base mastera8d2087b4a, carrying no review verdict yet.WHO_IS_NEXT: REVIEWER
NEXT_ACTION: A leased prgs-reviewer session performs a fresh native review of PR #740 at head
15a8a76e99and records a formal verdict.NEXT_PROMPT:
WHAT_HAPPENED: Issue #739 was filed after executable reproduction of three canonical-root consumption defects left by #706/#736. PR #740 implements the fixes and adds tests/test_cross_repo_canonical_consumption.py. Residual installation-root coupling found during that work was filed separately as #741 rather than expanding this PR.
WHY: #706 routed only the #274 filesystem guards and the session repository slug through the configured canonical root. Paths reached through _local_git_remote_url, which runs in PROJECT_ROOT, continued to report the Gitea-Tools installation checkout. #740 corrects the three consumers on the author, reviewer, merger, and reconciler critical path; #741 tracks the remainder so this diff stays scoped.
RELATED_PRS: #740 (this PR, open); #736 (merged, introduced canonical_repository_root for #706)
BLOCKERS: None for review. Commissioning of the four mcp-control-plane namespace profiles remains gated on #741 plus merge of #740 and a subsequent daemon restart, as recorded in #741.
VALIDATION: New tests 31 passed with 31 subtests, red before the fix at 13 failed / 20 passed. Targeted regression across #706, #706-F1, #714, #733, parity, delete-branch capability, namespace binding, and workspace-guard alignment: 120 passed, 36 subtests. Full suite on the PR head 3298 passed, 6 skipped, 271 subtests; clean baseline
a8d20873267 passed, 6 skipped, 240 subtests. The two failures, test_issue_702_review_findings_f1_f6::test_removed_worktree_recovers_before_probe and test_reconciler_supersession_close::test_tool_posts_comment_and_closes_superseded_pr_issue, reproduce identically on unmodifieda8d2087. git diff --check reports no whitespace errors.LAST_UPDATED_BY: jcwalker3 / prgs-author
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #740
issue: #739
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 96831-394b583efa4b
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr-740-grok
phase: claimed
candidate_head:
15a8a76e99target_branch: master
target_branch_sha:
a8d2087b4alast_activity: 2026-07-18T08:13:10Z
expires_at: 2026-07-18T10:13:10Z
blocker: none
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #740
issue: #739
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 96831-394b583efa4b
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr-740-grok
phase: validating
candidate_head:
15a8a76e99target_branch: master
target_branch_sha:
a8d2087b4alast_activity: 2026-07-18T08:13:58Z
expires_at: 2026-07-18T10:13:58Z
blocker: none
Independent Review — APPROVE PR #740
Pinned head:
15a8a76e999729cbbd3a27f9339d8f682f67793dBase:
master@a8d2087b4af3ae143b839c5c0c821e2a3ca7fd4fAuthor: jcwalker3 (reviewer sysadmin — not self-review)
Scope
Exactly three files (no credential/config/launcher/memory changes):
git diff --check clean. Secret sweep: only test env token names/placeholders and negative assertions.
#739 fixes verified
#741 deferred scope
Issue #741 accurately owns remaining PROJECT_ROOT/_local_git_remote_url/_resolve/anti-stomp/merge/cleanup consumers; PR does not claim them fixed.
Validation (worktree branches/review-pr-740-grok @
15a8a76)a8d2087(pre-merge baseline-proven)Mutation boundaries
Decision: APPROVE. No merge. No cleanup.
Canonical PR State
STATE:
approved
WHO_IS_NEXT:
merger
NEXT_ACTION:
Separate merger session merges PR #740 only if live head remains
15a8a76e99.NEXT_PROMPT:
WHAT_HAPPENED:
Independent reviewer sysadmin/prgs-reviewer approved after full independent validation on detached worktree branches/review-pr-740-grok.
WHY:
F1/F2/F3 meet #739 acceptance criteria; tests green; scope limited to three files; #741 accurately defers remaining PROJECT_ROOT work.
ISSUE:
#739
BASE:
master
HEAD:
feat/issue-739-canonical-root-consumption
HEAD_SHA:
15a8a76e99REVIEW_STATUS:
approved
MERGE_READY:
yes — approved at current head; merger must re-pin head before merge
BLOCKERS:
none
VALIDATION:
31 new + 175 related + full suite 3298 passed / 6 skipped; 2 baseline-proven failures on a8d2087; git diff --check clean
NATIVE_REVIEW_PROOF:
native MCP gitea_submit_pr_review approve via gitea-reviewer namespace; profile prgs-reviewer; identity sysadmin; expected_head_sha 15a8a76e999729cbbd3a27f9339d8f682f67793d; lease session 96831-394b583efa4b; worktree branches/review-pr-740-grok
LAST_UPDATED_BY:
sysadmin / prgs-reviewer / 2026-07-18
Review Metadata:
Workflow-load helper result:
View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.