feat: profiles.json v2 parser with validation invariants (#103) #114
Reference in New Issue
Block a user
Delete Branch "feat/issue-103-profiles-v2-parser"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Implement profiles.json v2 config parser with validation invariants. Flatten environment/service/identity structure, validate version 2 schemas, and prevent reviewer-identity deadlock at configuration load time. Closes #103.
Add version-2 support to gitea_config: environment -> service -> identity hierarchy flattened at load into v1-shaped profiles keyed by the canonical dotted address {env}.{service}.{identity}, with aliases for legacy names (mdcps, prgs-author, prgs-reviewer) and service-level defaults inherited by identities. Fail-closed validation: missing required version (v1 files must now declare version: 1), unknown versions, malformed environment/service/identity structure, dotted segment names, missing base_url, missing auth reference, inline secrets in identities or auth entries, alias/address selector conflicts, aliases to unknown targets, and unqualified operations that cannot be normalized safely. TBD-* usernames fail closed at selection without blocking other identities in the file. Reviewer-identity deadlock rule enforced at load: any identity allowed gitea.pr.approve or gitea.pr.merge must forbid gitea.pr.create and gitea.branch.push (prevents the PR #102-style self-authored-PR deadlock). Selector resolution is strict: exact alias -> exact dotted address -> fail closed; no fuzzy matching. Minimal operation normalization only (the known v1 unqualified Gitea ops and single-word non-Gitea ops); the full table and enforcement matrix remain issue #106. Tests: new tests/test_config_v2.py (29 cases) covering the acceptance criteria; test_config.py missing-version case flipped to fail-closed per the issue. resolve_token/auth_source_name proven against flattened v2 profiles. Refs #100. Closes #103. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>Independent identity review from detached worktree at pinned head
6dbd51b(0 behind master2e2da05).Attribution transparency: this reviewer session also authored the branch content earlier; per docs/llm-agent-sha.md eligibility is determined solely by authenticated Gitea user (author jcwalker3 ≠ reviewer sysadmin) — same precedent as PR #99.
Review Metadata:
Approving.