feat: add read-only gitea_check_pr_eligibility (#14) #24

Merged
jcwalker3 merged 2 commits from feature/14-gitea-pr-eligibility-checks into master 2026-07-01 13:20:31 -05:00

2 Commits

Author SHA1 Message Date
sysadmin baf4eae30b test: cover self-approve block and unknown-mergeability fail-closed (#14)
Add two explicit eligibility tests requested in review of PR #24:
- self-author blocked from 'approve' (eligible=false, reason
  "authenticated user is PR author").
- 'merge' fails closed when Gitea reports mergeable=None (eligible=false,
  reason "PR mergeability unknown").

Tests only; no implementation change. Behavior already enforced by
gitea_check_pr_eligibility.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-01 14:02:48 -04:00
sysadmin fbbbd5359e feat: add read-only gitea_check_pr_eligibility (#14)
Add a read-only MCP tool that decides whether the current authenticated
identity + active runtime profile is eligible to review, approve,
request_changes, or merge a specific PR. Evaluation only — it never
reviews, approves, requests changes, merges, or mutates anything.

Inspects: authenticated username (/user), active profile metadata
(allowed/forbidden operations), and PR facts (author, state, head SHA,
mergeability). Returns {eligible, requested_action, authenticated_user,
profile_name, pr_author, pr_state, head_sha, mergeable, reasons}.

Fail-closed rules:
- unknown action / unknown remote -> not eligible
- action not in allowed ops, or in forbidden ops -> not eligible
- identity undetermined -> not eligible
- authenticated user == PR author -> cannot approve/merge
- PR not open -> not eligible
- merge requires a positive mergeable signal

No token/auth-header exposure. No review/approve/request-changes
mutation. No merge mutation. No multi-token switching. No
Jenkins/Ops/GlitchTip/Release/deploy behavior.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-01 13:54:49 -04:00