fix(mcp): consume canonical target root in cross-repository operations (Closes #741) #744
Merged
sysadmin
merged 1 commits from 2026-07-18 11:23:35 -05:00
fix/issue-741-canonical-root-consumers into master
Labels
Clear labels
allocator
anti-stomp
architecture
bug
chore
codex
concurrency
contamination
control-plane
dashboard
database
design
documentation
enhancement
gitea
glitchtip
important
incident
incident-bridge
integration
jenkins
labels
leases
mcp
mcp-health
mcp-menu
multi-project
mutating
nice-to-have
observability
portability
preflight
protected-branch
queue
read-only
reconnect
recovery
refactor
release
reliability
resumable-review
reviewer
roadmap
safety
security
self-hosted
sentry
stale-runtime
status:blocked
status:in-progress
status:pr-open
status:ready
terminal-lock
testing
tracker
type:bug
type:feature
type:feature
type:guardrail
visibility
workflow
workflow-hardening
workflow-hardening
Controller-owned work allocator
Prevent concurrent LLM session stomping
Architecture / structural design
OpenAI Codex client / workflow session surface
Concurrent session safety
Workflow or session contamination incident
MCP control-plane coordination and allocation authority
MCP operational dashboard/queue view
Internal coordination storage (SQLite/Postgres)
Design / investigation, no implementation
Docs / runbooks
New feature or improvement
Gitea MCP workflow
GlitchTip integration
Operational or process incident requiring durable audit trail
Sentry-to-Gitea incident bridging
Integration testing
Jenkins integration
Label taxonomy management
Lease adopt/release/expire lifecycle
MCP server / tooling
MCP namespace and runtime health
MCP menu surface
Work spanning multiple monitoring projects or Gitea repos
Mutating action; requires gating
Observability, metrics, traces, error reporting
Cross-platform / portability
Shared preflight gates before mutation
Protected branch / stable-branch policy concern
Work queue visibility and allocation
Read-only, no mutation
MCP client reconnect/reload recovery path
Recovery paths for stale/foreign leases
Code refactor / restructure
Release / versioning
Reliability / failure handling
Persist and resume prepared review verdicts across sessions
Reviewer workflow tooling
Roadmap / umbrella issue
Safety rails and fail-closed mutation guards
Security / trust boundary
Self-hosted infrastructure integration
Sentry error monitoring integration
Stale backend daemon / runtime-vs-master parity failures
Issue is blocked
Issue is being worked on
Issue has an open pull request
Issue is ready for work
Terminal review lock (#332) path
Tests / test coverage
Issue tracker hygiene / meta
Bug or defect
Feature or enhancement
Feature or enhancement
Safety gate or guardrail
Workflow state visibility for LLMs/operators
Cross-tool workflow
LLM workflow coordination hardening
LLM workflow coordination hardening
No labels
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Scaled-Tech-Consulting/Gitea-Tools#744
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Closes #741.
Summary
#706 introduced the immutable
canonical_repository_root; #739/#740 routed three consumption paths through it. Every path #740 left behind shared one shape: the filesystem guards had been migrated to the canonical root, but repository identity still bottomed out in_local_git_remote_url, which rangit remote get-urlwithcwd=PROJECT_ROOT— always the Gitea-Tools install checkout. The two halves of a single assessment therefore described two different repositories.For a namespace bound to another repository this inverts the guards rather than merely weakening them: an operation naming the genuinely bound target is rejected, while one naming Gitea-Tools is accepted.
Inventory and classification
Every production consumer of
PROJECT_ROOT,_workspace_repository_slug,_local_git_remote_url,_resolve,_enforce_remote_repo_guard, the anti-stomp org/repo fill, and the local git subprocess helpers was inventoried and classified.Installation scope — preserved, deliberately unchanged:
master_parity_gatestartup/current head, workflow + schema + skill file loading, review-workflow boundary state, self-code hashing and stale-runtime detection,role_session_router.assess_infra_stop,mirror_refs.shlookup, thesys.pathbootstrap, andprocess_project_root=arguments (process identity, with the canonical root passed separately).Canonical target scope — fixed below.
Ambiguous — explicitly classified rather than left to guess:
record_pre_review_commandand the shell-spawn health probe are classified installation-scoped (neither derives repository identity nor mutates a repository);gitea_update_pr_branch_by_merge'scontrol_cleanporcelain probe is classified target-scoped and fixed.Defects fixed
_canonical_local_git_root()is the single place a target-repository root is resolved: the configured canonical root when declared, elsePROJECT_ROOT. A configured-but-invalid root is never silently replaced by the install checkout._local_git_remote_urlnow runs in the canonical target root, correcting every downstream identity consumer at once (_resolve, the #530 remote/repo guard, the anti-stomp org/repo fill,_workspace_repository_slug) without duplicating root-resolution logic._verify_role_mutation_workspaceomittedconfigured_canonical_root, so the #274 branches-only / worktree-membership guards validatedGitea-Tools/branches/instead of the bound target. It now threads the root exactly as_resolve_namespace_mutation_contextdoes — the two paths previously disagreed._resolveremote-name lookup. Omitted coordinates were derived by looking a remote up by name. A target checkout commonly names its remoteoriginrather thanprgs, so the lookup returnedNoneand coordinates fell through to the remote-wide default target — a foreign repository entirely outside the namespace's scope. It now prefers_canonical_repository_slug, which probes candidate remote names against the canonical root.org/reposhort-circuit the #530 match check, so caller coordinates bypassed validation entirely. They may now only confirm a canonical binding, never establish or override one, and fail closed in both directions.fetch_target_branch, worktree inventory/snapshot, cleanup and scratch-tree removal, the author worktree derivation ingitea_lock_issue/gitea_create_pr, and thecontrol_cleanporcelain probe now use the canonical target root.environments_flatten_identitysilently droppedcanonical_repository_root, so such a namespace fell back to the install root — fail-open, not merely unvalidated. It is now validated and propagated. The v1 path validates it too, so all three loaders behave identically.docs/canonical-repository-root.mdexplains the two roots, which rule applies to a new consumer, why conflating them inverts the guards, the layered validation, the confirm-never-override rule, and the per-dimension parity reporting. No documentation previously mentioned the canonical root at all.Preserved invariants
Single-repository Gitea-Tools behaviour is unchanged: with no binding configured the helper returns
PROJECT_ROOTand every path behaves exactly as before. Role separation, fail-closed semantics, and branches-only enforcement are untouched. Theserver_implementationvstarget_repositoryparity dimensions from #740 remain separately labelled, and only the server dimension gates mutations.Tests
tests/test_issue_741_canonical_root_consumers.py— 51 tests, 52 subtests. A role-by-operation matrix drives author, reviewer, merger and reconciler against: correct cross-repository target, wrong repository, wrong worktree, explicit matching coordinates, explicit mismatched coordinates, missing canonical root, invalid canonical root, immutable binding after first bind, and request-override attempts. Both cross-repository directions and all three config loaders are covered. Real git repositories throughout; no network calls, no branch deletion, no merge.The module reinstalls the genuine
_local_git_remote_urlper test. An autouseconftestfixture permanently reassigns it to a working-directory-independent stub — which is precisely the behaviour under test, so without this the assertions would silently pass against the stub in a full-suite run.Results
c908ed605089: 3357 passed, 6 skipped, 2 failed.Both failures —
test_issue_702_review_findings_f1_f6::test_removed_worktree_recovers_before_probeandtest_reconciler_supersession_close::test_tool_posts_comment_and_closes_superseded_pr_issue— reproduce identically on clean master and are pre-existing, not introduced here.git diff --checkis clean. No credential, launcher, live-profile, or generated-file changes. PR #740 and PR #743 artifacts are untouched, and nomcp-control-planenamespace configuration is installed by this work.Commissioning dependency
This PR does not commission the four
mcp-control-planenamespace profiles. Remaining before that is safe: independent review and merge of this PR, then a restart of the Gitea-Tools MCP daemons (the running processes execute their startup commit, so merged fixes are not live until restart), then repository-correct commissioning for author, reviewer, merger and reconciler.repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #744
issue: #741
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 13393-582ad210bab7
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr-744-independent-20260718121255
phase: claimed
candidate_head:
61c3a57df5target_branch: master
target_branch_sha:
c908ed6050last_activity: 2026-07-18T16:14:10Z
expires_at: 2026-07-18T18:14:10Z
blocker: none
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #744
issue: #741
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 13393-582ad210bab7
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr-744-independent-20260718121255
phase: validating
candidate_head:
61c3a57df5target_branch: master
target_branch_sha:
c908ed6050last_activity: 2026-07-18T16:18:10Z
expires_at: 2026-07-18T18:18:10Z
blocker: none
Canonical PR State
STATE:
approved
WHO_IS_NEXT:
merger
NEXT_ACTION:
Acquire or adopt merger lease, recheck head
61c3a57d, merge only with confirmation MERGE PR 744NEXT_PROMPT:
WHAT_HAPPENED:
Independent reviewer session sysadmin/prgs-reviewer completed full validation of PR #744 for issue #741 and approved via native gitea_submit_pr_review.
WHY:
Remaining PROJECT_ROOT coupling inverted cross-repository guards; this PR completes target-root consumption and loader fail-closed behavior.
ISSUE:
#741
HEAD_SHA:
61c3a57df5REVIEW_STATUS:
APPROVED
MERGE_READY:
true
BLOCKERS:
none
VALIDATION:
new module 51 passed 52 subtests; related batch 359 passed; full suite 3408 passed 6 skipped 2 pre-existing failed; baseline defect proven; git diff --check clean; scope exactly 4 files
LAST_UPDATED_BY:
sysadmin
NATIVE_REVIEW_PROOF: transport=native_mcp; entrypoint=gitea_submit_pr_review; profile=prgs-reviewer; identity=sysadmin; head=61c3a57df57151a41dff02038acf276f62ad36af; namespace=gitea-reviewer
Review summary
Scope is the four expected files only. Install-scoped PROJECT_ROOT consumers preserved. Target-scoped paths use
_canonical_local_git_root(). Explicit coordinates confirm-only. v1/v2 loaders validate/propagate canonical_repository_root. Tests cover four roles and fail closed when stub is incorrectly captured. Residual non-blocking: stale historical comments and collection-order sensitivity of real-function capture (fails closed, not vacuous). Do not merge from this session.Workflow-load: hash 263d0a6cb8a6; schema a7634e7b8689; boundary clean.
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #744
issue: #741
reviewer_identity: sysadmin
profile: prgs-reviewer
session_id: 13393-582ad210bab7
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/review-pr-744-independent-20260718121255
phase: released
candidate_head:
61c3a57df5target_branch: master
target_branch_sha:
c908ed6050last_activity: 2026-07-18T16:20:28Z
expires_at: 2026-07-18T18:20:28Z
blocker: manual-release
repo: Scaled-Tech-Consulting/Gitea-Tools
pr: #744
issue: #741
reviewer_identity: sysadmin
profile: prgs-merger
session_id: 33673-1d54887a0415
worktree: /Users/jasonwalker/Development/Gitea-Tools/branches/merge-pr-744-61c3a57-20260718T122253
phase: claimed
candidate_head:
61c3a57df5target_branch: master
target_branch_sha:
c908ed6050last_activity: 2026-07-18T16:23:21Z
expires_at: 2026-07-18T18:23:21Z
blocker: none
Stale #332 review-decision lock cleanup (#594)
Status: APPLIED
sysadminprgs-merger2026-07-18T16:23:36.781469+00:00approveon PR fix(mcp): consume canonical target root in cross-repository operations (Closes #741) (#744)closed(merged=True)b05075fd25ea7f3ac2e86d68f18a1a14c803962e1prgs-reviewerManual deletion of session-state files is not the workflow.
This path only clears a lock when the referenced PR is merged/closed.