docs: agent temp artifact cleanup guidance (Closes #261) #277
+107
-4
@@ -2275,6 +2275,106 @@ def gitea_get_file(
|
||||
}
|
||||
|
||||
|
||||
def _prepare_commit_payload_files(files: list[dict]) -> tuple[list[dict], list[dict]]:
|
||||
import base64
|
||||
import json
|
||||
import os
|
||||
|
||||
processed_files = []
|
||||
source_proofs = []
|
||||
|
||||
lock_data = {}
|
||||
if os.path.exists(ISSUE_LOCK_FILE):
|
||||
try:
|
||||
with open(ISSUE_LOCK_FILE, "r", encoding="utf-8") as f:
|
||||
lock_data = json.load(f)
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
locked_worktree = lock_data.get("worktree_path")
|
||||
if locked_worktree:
|
||||
locked_worktree = os.path.realpath(locked_worktree)
|
||||
|
||||
for f in files:
|
||||
f_copy = dict(f)
|
||||
path = f_copy.get("path", "")
|
||||
|
||||
content_keys = [k for k in ["content", "content_plain", "workspace_path", "local_path"] if k in f_copy]
|
||||
if len(content_keys) > 1:
|
||||
raise ValueError(
|
||||
f"Multiple content sources specified for file '{path}'; provide exactly one of "
|
||||
f"'content', 'content_plain', 'workspace_path', or 'local_path' (fail closed)"
|
||||
)
|
||||
|
||||
source = "none"
|
||||
if "content_plain" in f_copy:
|
||||
content_plain = f_copy.pop("content_plain")
|
||||
if content_plain is not None:
|
||||
content_bytes = content_plain.encode("utf-8")
|
||||
f_copy["content"] = base64.b64encode(content_bytes).decode("utf-8")
|
||||
source = "inline_plain"
|
||||
elif "workspace_path" in f_copy:
|
||||
workspace_path = f_copy.pop("workspace_path")
|
||||
if not locked_worktree:
|
||||
raise RuntimeError(
|
||||
f"Issue lock is missing or does not define a worktree path. "
|
||||
f"Cannot resolve workspace_path '{workspace_path}' (fail closed)."
|
||||
)
|
||||
target_path = os.path.realpath(os.path.abspath(os.path.join(locked_worktree, workspace_path)))
|
||||
|
||||
is_inside = target_path == locked_worktree or target_path.startswith(os.path.join(locked_worktree, ""))
|
||||
is_tmp = target_path.startswith(os.path.realpath("/tmp") + os.sep) or target_path.startswith("/tmp" + os.sep)
|
||||
|
||||
if not (is_inside or is_tmp):
|
||||
raise ValueError(
|
||||
f"workspace_path '{workspace_path}' resolves to '{target_path}' which falls outside "
|
||||
f"of locked worktree '{locked_worktree}' (fail closed)"
|
||||
)
|
||||
|
||||
if not os.path.exists(target_path):
|
||||
raise FileNotFoundError(f"File not found: {target_path} (fail closed)")
|
||||
|
||||
with open(target_path, "rb") as fh:
|
||||
file_bytes = fh.read()
|
||||
f_copy["content"] = base64.b64encode(file_bytes).decode("utf-8")
|
||||
source = "workspace_path"
|
||||
elif "local_path" in f_copy:
|
||||
local_path = f_copy.pop("local_path")
|
||||
if not locked_worktree:
|
||||
raise RuntimeError(
|
||||
f"Issue lock is missing or does not define a worktree path. "
|
||||
f"Cannot resolve local_path '{local_path}' (fail closed)."
|
||||
)
|
||||
target_path = os.path.realpath(os.path.abspath(local_path))
|
||||
|
||||
is_inside = target_path == locked_worktree or target_path.startswith(os.path.join(locked_worktree, ""))
|
||||
is_tmp = target_path.startswith(os.path.realpath("/tmp") + os.sep) or target_path.startswith("/tmp" + os.sep)
|
||||
|
||||
if not (is_inside or is_tmp):
|
||||
raise ValueError(
|
||||
f"local_path '{local_path}' resolves to '{target_path}' which falls outside "
|
||||
f"of locked worktree '{locked_worktree}' (fail closed)"
|
||||
)
|
||||
|
||||
if not os.path.exists(target_path):
|
||||
raise FileNotFoundError(f"File not found: {target_path} (fail closed)")
|
||||
|
||||
with open(target_path, "rb") as fh:
|
||||
file_bytes = fh.read()
|
||||
f_copy["content"] = base64.b64encode(file_bytes).decode("utf-8")
|
||||
source = "local_path"
|
||||
elif "content" in f_copy:
|
||||
source = "inline_base64"
|
||||
|
||||
processed_files.append(f_copy)
|
||||
source_proofs.append({
|
||||
"path": path,
|
||||
"source": source
|
||||
})
|
||||
|
||||
return processed_files, source_proofs
|
||||
|
||||
|
||||
@mcp.tool()
|
||||
def gitea_commit_files(
|
||||
files: list[dict],
|
||||
@@ -2289,7 +2389,7 @@ def gitea_commit_files(
|
||||
"""Commit changes to multiple files in a Gitea repository in a single atomic commit.
|
||||
|
||||
Args:
|
||||
files: List of file operations. Each file dict must contain 'operation' ('create', 'update', 'delete', 'rename'), 'path', and 'content' (base64 encoded for create/update), and optionally 'sha' (required for update/delete) or 'from_path' (for rename).
|
||||
files: List of file operations. Each file dict must contain 'operation' ('create', 'update', 'delete', 'rename'), 'path', and one of content payload sources: 'content' (base64), 'content_plain', 'workspace_path', or 'local_path'.
|
||||
message: The commit message.
|
||||
branch: Optional existing branch to start/commit from.
|
||||
new_branch: Optional new branch name to create for this commit.
|
||||
@@ -2325,12 +2425,14 @@ def gitea_commit_files(
|
||||
return blocked
|
||||
|
||||
verify_preflight_purity(remote)
|
||||
processed_files, source_proofs = _prepare_commit_payload_files(files)
|
||||
|
||||
h, o, r = _resolve(remote, host, org, repo)
|
||||
auth = _auth(h)
|
||||
url = f"{repo_api_url(h, o, r)}/contents"
|
||||
|
||||
payload = {
|
||||
"files": files,
|
||||
"files": processed_files,
|
||||
"message": message,
|
||||
}
|
||||
if branch is not None:
|
||||
@@ -2341,13 +2443,14 @@ def gitea_commit_files(
|
||||
with _audited("commit_files", host=h, remote=remote, org=o, repo=r,
|
||||
target_branch=(new_branch or branch),
|
||||
request_metadata={"message": message,
|
||||
"paths": [f.get("path") for f in files],
|
||||
"operations": [f.get("operation") for f in files]}):
|
||||
"paths": [f.get("path") for f in processed_files],
|
||||
"operations": [f.get("operation") for f in processed_files]}):
|
||||
data = api_request("POST", url, auth, payload)
|
||||
return {
|
||||
"success": True,
|
||||
"commit": data.get("commit", {}).get("sha", ""),
|
||||
"branch": data.get("branch", {}).get("name", ""),
|
||||
"content_source_proof": source_proofs,
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -0,0 +1,251 @@
|
||||
import json
|
||||
import os
|
||||
import tempfile
|
||||
import unittest
|
||||
from unittest.mock import MagicMock, patch
|
||||
|
||||
import gitea_config
|
||||
import mcp_server
|
||||
import task_capability_map
|
||||
|
||||
CONFIG = {
|
||||
"version": 2,
|
||||
"contexts": {
|
||||
"ctx": {
|
||||
"enabled": True,
|
||||
"gitea": {"enabled": True, "base_url": "https://gitea.example.com"},
|
||||
}
|
||||
},
|
||||
"profiles": {
|
||||
"full-author": {
|
||||
"enabled": True,
|
||||
"context": "ctx",
|
||||
"role": "author",
|
||||
"username": "author-user",
|
||||
"auth": {"type": "env", "name": "GITEA_TOKEN_AUTHOR"},
|
||||
"allowed_operations": [
|
||||
"gitea.read",
|
||||
"gitea.repo.commit",
|
||||
"gitea.pr.create",
|
||||
"gitea.branch.push",
|
||||
],
|
||||
"forbidden_operations": [
|
||||
"gitea.pr.approve",
|
||||
"gitea.pr.merge",
|
||||
"gitea.pr.review",
|
||||
],
|
||||
"execution_profile": "full-author",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
class TestCommitPayloads(unittest.TestCase):
|
||||
def setUp(self):
|
||||
self._remotes = patch.dict(mcp_server.REMOTES, {
|
||||
"prgs": {"host": "gitea.example.com", "org": "Example-Org",
|
||||
"repo": "Example-Repo"},
|
||||
})
|
||||
self._remotes.start()
|
||||
mcp_server._IDENTITY_CACHE.clear()
|
||||
|
||||
# Setup temp directories and lock files
|
||||
self._dir = tempfile.TemporaryDirectory()
|
||||
self.config_path = os.path.join(self._dir.name, "profiles.json")
|
||||
with open(self.config_path, "w", encoding="utf-8") as fh:
|
||||
fh.write(json.dumps(CONFIG))
|
||||
|
||||
self.locked_worktree_dir = tempfile.TemporaryDirectory()
|
||||
self.locked_worktree_path = os.path.realpath(self.locked_worktree_dir.name)
|
||||
|
||||
self.lock_file_path = "/tmp/gitea_issue_lock.json"
|
||||
self.lock_data = {
|
||||
"issue_number": 263,
|
||||
"branch_name": "feat/issue-263-native-commit-payloads",
|
||||
"remote": "prgs",
|
||||
"org": "Example-Org",
|
||||
"repo": "Example-Repo",
|
||||
"worktree_path": self.locked_worktree_path,
|
||||
}
|
||||
with open(self.lock_file_path, "w", encoding="utf-8") as fh:
|
||||
fh.write(json.dumps(self.lock_data))
|
||||
|
||||
# Reset preflight status to bypass/pass verification in tests
|
||||
self.orig_whoami_called = mcp_server._preflight_whoami_called
|
||||
self.orig_capability_called = mcp_server._preflight_capability_called
|
||||
mcp_server._preflight_whoami_called = True
|
||||
mcp_server._preflight_capability_called = True
|
||||
|
||||
def tearDown(self):
|
||||
self._remotes.stop()
|
||||
mcp_server._IDENTITY_CACHE.clear()
|
||||
|
||||
mcp_server._preflight_whoami_called = self.orig_whoami_called
|
||||
mcp_server._preflight_capability_called = self.orig_capability_called
|
||||
|
||||
self._dir.cleanup()
|
||||
self.locked_worktree_dir.cleanup()
|
||||
if os.path.exists(self.lock_file_path):
|
||||
os.remove(self.lock_file_path)
|
||||
|
||||
def _env(self, profile: str) -> dict:
|
||||
return {
|
||||
"GITEA_MCP_CONFIG": self.config_path,
|
||||
"GITEA_MCP_PROFILE": profile,
|
||||
"GITEA_TOKEN_AUTHOR": "author-pass",
|
||||
"GITEA_TEST_PORCELAIN": "",
|
||||
}
|
||||
|
||||
@patch("mcp_server.api_request")
|
||||
@patch("mcp_server.get_auth_header", return_value="token author-pass")
|
||||
def test_commit_files_content_plain(self, _auth, mock_api):
|
||||
mock_api.return_value = {
|
||||
"commit": {"sha": "sha-123"},
|
||||
"branch": {"name": "feat/issue-263-native-commit-payloads"}
|
||||
}
|
||||
with patch.dict(os.environ, self._env("full-author"), clear=True):
|
||||
res = mcp_server.gitea_commit_files(
|
||||
files=[
|
||||
{
|
||||
"operation": "create",
|
||||
"path": "hello.txt",
|
||||
"content_plain": "Hello World!",
|
||||
}
|
||||
],
|
||||
message="Add hello.txt",
|
||||
remote="prgs",
|
||||
)
|
||||
print("DEBUG RES IS:", res)
|
||||
self.assertTrue(res["success"])
|
||||
self.assertEqual(res["commit"], "sha-123")
|
||||
self.assertEqual(res["content_source_proof"][0]["source"], "inline_plain")
|
||||
|
||||
# Verify posted base64 content
|
||||
post_args = mock_api.call_args[0]
|
||||
payload = post_args[3]
|
||||
self.assertEqual(payload["files"][0]["content"], "SGVsbG8gV29ybGQh")
|
||||
|
||||
@patch("mcp_server.api_request")
|
||||
@patch("mcp_server.get_auth_header", return_value="token author-pass")
|
||||
def test_commit_files_workspace_path(self, _auth, mock_api):
|
||||
mock_api.return_value = {
|
||||
"commit": {"sha": "sha-456"},
|
||||
"branch": {"name": "feat/issue-263-native-commit-payloads"}
|
||||
}
|
||||
|
||||
# Create a workspace file
|
||||
file_relative = "src/code.py"
|
||||
file_abs = os.path.join(self.locked_worktree_path, file_relative)
|
||||
os.makedirs(os.path.dirname(file_abs), exist_ok=True)
|
||||
with open(file_abs, "wb") as fh:
|
||||
fh.write(b"print('hello')")
|
||||
|
||||
with patch.dict(os.environ, self._env("full-author"), clear=True):
|
||||
res = mcp_server.gitea_commit_files(
|
||||
files=[
|
||||
{
|
||||
"operation": "create",
|
||||
"path": "src/code.py",
|
||||
"workspace_path": file_relative,
|
||||
}
|
||||
],
|
||||
message="Add code.py",
|
||||
remote="prgs",
|
||||
)
|
||||
self.assertTrue(res["success"])
|
||||
self.assertEqual(res["content_source_proof"][0]["source"], "workspace_path")
|
||||
|
||||
post_args = mock_api.call_args[0]
|
||||
payload = post_args[3]
|
||||
# "print('hello')" in base64 is cHJpbnQoJ2hlbGxvJyk=
|
||||
self.assertEqual(payload["files"][0]["content"], "cHJpbnQoJ2hlbGxvJyk=")
|
||||
|
||||
@patch("mcp_server.api_request")
|
||||
@patch("mcp_server.get_auth_header", return_value="token author-pass")
|
||||
def test_commit_files_local_path(self, _auth, mock_api):
|
||||
mock_api.return_value = {
|
||||
"commit": {"sha": "sha-789"},
|
||||
"branch": {"name": "feat/issue-263-native-commit-payloads"}
|
||||
}
|
||||
|
||||
file_abs = os.path.join(self.locked_worktree_path, "local.bin")
|
||||
with open(file_abs, "wb") as fh:
|
||||
fh.write(b"\x00\x01\x02\x03\xff")
|
||||
|
||||
with patch.dict(os.environ, self._env("full-author"), clear=True):
|
||||
res = mcp_server.gitea_commit_files(
|
||||
files=[
|
||||
{
|
||||
"operation": "create",
|
||||
"path": "local.bin",
|
||||
"local_path": file_abs,
|
||||
}
|
||||
],
|
||||
message="Add local.bin",
|
||||
remote="prgs",
|
||||
)
|
||||
self.assertTrue(res["success"])
|
||||
self.assertEqual(res["content_source_proof"][0]["source"], "local_path")
|
||||
|
||||
post_args = mock_api.call_args[0]
|
||||
payload = post_args[3]
|
||||
# b"\x00\x01\x02\x03\xff" in base64 is AAECA/8=
|
||||
self.assertEqual(payload["files"][0]["content"], "AAECA/8=")
|
||||
|
||||
@patch("mcp_server.api_request")
|
||||
@patch("mcp_server.get_auth_header", return_value="token author-pass")
|
||||
def test_commit_files_traversal_blocked(self, _auth, mock_api):
|
||||
# Remove active lock file to ensure it fails on traversal/invalid locks
|
||||
os.remove(self.lock_file_path)
|
||||
|
||||
with patch.dict(os.environ, self._env("full-author"), clear=True):
|
||||
with self.assertRaises(RuntimeError) as ctx:
|
||||
mcp_server.gitea_commit_files(
|
||||
files=[
|
||||
{
|
||||
"operation": "create",
|
||||
"path": "hack.txt",
|
||||
"workspace_path": "any.txt",
|
||||
}
|
||||
],
|
||||
message="Add hack",
|
||||
remote="prgs",
|
||||
)
|
||||
self.assertIn("Issue lock is missing", str(ctx.exception))
|
||||
|
||||
@patch("mcp_server.api_request")
|
||||
@patch("mcp_server.get_auth_header", return_value="token author-pass")
|
||||
def test_commit_files_outside_scope_blocked(self, _auth, mock_api):
|
||||
with patch.dict(os.environ, self._env("full-author"), clear=True):
|
||||
with self.assertRaises(ValueError) as ctx:
|
||||
mcp_server.gitea_commit_files(
|
||||
files=[
|
||||
{
|
||||
"operation": "create",
|
||||
"path": "hack.txt",
|
||||
"workspace_path": "../outside.txt",
|
||||
}
|
||||
],
|
||||
message="Add hack",
|
||||
remote="prgs",
|
||||
)
|
||||
self.assertIn("falls outside of locked worktree", str(ctx.exception))
|
||||
|
||||
@patch("mcp_server.api_request")
|
||||
@patch("mcp_server.get_auth_header", return_value="token author-pass")
|
||||
def test_commit_files_multiple_sources_blocked(self, _auth, mock_api):
|
||||
with patch.dict(os.environ, self._env("full-author"), clear=True):
|
||||
with self.assertRaises(ValueError) as ctx:
|
||||
mcp_server.gitea_commit_files(
|
||||
files=[
|
||||
{
|
||||
"operation": "create",
|
||||
"path": "hello.txt",
|
||||
"content_plain": "Hello!",
|
||||
"content": "SGVsbG8=",
|
||||
}
|
||||
],
|
||||
message="Add hello",
|
||||
remote="prgs",
|
||||
)
|
||||
self.assertIn("Multiple content sources specified", str(ctx.exception))
|
||||
Reference in New Issue
Block a user