docs: LLM-operated Gitea workflow runbooks (#17) #33

Closed
jcwalker3 wants to merge 0 commits from docs/issue-17-runtime-profile-docs into master
Owner

Closes #17. Refs roadmap #10 — the final unchecked child (all implementation children #11–#16, #18, #19 merged).

What

Adds docs/llm-workflow-runbooks.md: operational runbooks for LLM-operated Gitea workflows, built on the already-shipped canonical profiles + interactive menu + gated review/merge + audit logging. Docs-only — no implementation code (per issue non-goals).

Contents

  • Principle: the profile is the role, not the LLM (task-scoped; roles are not permanently assigned).
  • Canonical config: GITEA_MCP_CONFIG / GITEA_MCP_PROFILE, version, profiles, keychain + env auth references, precedence, legacy env-only fallback.
  • Interactive menu (python gitea_config.py menu): create author/reviewer profiles, generate Claude/Gemini/Codex launcher snippets, validate auth, check PR reviewer eligibility.
  • Thin-launcher pattern: LLM configs carry only command/args + the two GITEA_MCP_* vars — never raw tokens/passwords.
  • Migration: away from duplicated GITEA_USER_* / GITEA_PASS_* / GITEA_SITE_* blocks; secrets referenced by keychain id / env var name only.
  • Per-workflow runbooks (create issue/children, implement+PR, review/request-changes/approve, merge, close-after-merge, stop-on-blocker) with safe example prompts.
  • Fail-closed behavior table (unknown identity/profile, self-author, moved head, unexpected files, detected secrets, production/deploy) + no self-review/self-merge.

README links the new runbook.

Safety

Safe placeholder examples only — no real tokens, passwords, usernames, private config, or .env.personal contents. Scanned clean (gitea.example.invalid, <reviewer-username>, keychain ids / env var names).

Checks

  • Full suite: 264 passed, 0 failures, 0 errors (docs-only; ran anyway per instruction). JUnit XML — harness swallows pytest stdout on multi-file runs.
  • gitea-mcp.example.json validated + unchanged.
  • Secret-leak scan of the doc + README: none.
  • No Python changed → no compile step needed.

Files changed

docs/llm-workflow-runbooks.md (new), README.md (link).


⚠️ Authored by me — do not self-merge. Needs review by another author.
Note: #19 and #31 are already merged — do not modify.

Closes #17. Refs roadmap #10 — the final unchecked child (all implementation children #11–#16, #18, #19 merged). ## What Adds `docs/llm-workflow-runbooks.md`: operational runbooks for LLM-operated Gitea workflows, built on the already-shipped canonical profiles + interactive menu + gated review/merge + audit logging. **Docs-only — no implementation code** (per issue non-goals). ## Contents - **Principle:** the profile is the role, not the LLM (task-scoped; roles are not permanently assigned). - **Canonical config:** `GITEA_MCP_CONFIG` / `GITEA_MCP_PROFILE`, `version`, `profiles`, keychain + env auth references, precedence, legacy env-only fallback. - **Interactive menu** (`python gitea_config.py menu`): create author/reviewer profiles, generate Claude/Gemini/Codex launcher snippets, validate auth, check PR reviewer eligibility. - **Thin-launcher pattern:** LLM configs carry only command/args + the two `GITEA_MCP_*` vars — never raw tokens/passwords. - **Migration:** away from duplicated `GITEA_USER_*` / `GITEA_PASS_*` / `GITEA_SITE_*` blocks; secrets referenced by keychain id / env var name only. - **Per-workflow runbooks** (create issue/children, implement+PR, review/request-changes/approve, merge, close-after-merge, stop-on-blocker) with safe example prompts. - **Fail-closed behavior table** (unknown identity/profile, self-author, moved head, unexpected files, detected secrets, production/deploy) + no self-review/self-merge. README links the new runbook. ## Safety Safe placeholder examples only — no real tokens, passwords, usernames, private config, or `.env.personal` contents. Scanned clean (`gitea.example.invalid`, `<reviewer-username>`, keychain ids / env var names). ## Checks - Full suite: **264 passed, 0 failures, 0 errors** (docs-only; ran anyway per instruction). JUnit XML — harness swallows pytest stdout on multi-file runs. - `gitea-mcp.example.json` validated + unchanged. - Secret-leak scan of the doc + README: none. - No Python changed → no compile step needed. ## Files changed `docs/llm-workflow-runbooks.md` (new), `README.md` (link). --- ⚠️ Authored by me — do **not** self-merge. Needs review by another author. Note: #19 and #31 are already merged — do not modify.
jcwalker3 added 1 commit 2026-07-02 00:25:02 -05:00
Add docs/llm-workflow-runbooks.md — the final roadmap #10 deliverable:
operational runbooks for LLM-operated Gitea workflows, built on the shipped
canonical profiles + interactive menu + gated review/merge + audit logging.

Covers:
- Principle: the profile is the role, not the LLM (task-scoped, not assigned).
- Canonical config: GITEA_MCP_CONFIG / GITEA_MCP_PROFILE, version, profiles,
  keychain + env auth references, precedence, legacy env-only fallback.
- Interactive menu (python gitea_config.py menu): create author/reviewer
  profiles, generate Claude/Gemini/Codex launcher snippets, validate auth,
  check PR reviewer eligibility.
- Thin-launcher pattern: LLM configs carry only command/args + the two
  GITEA_MCP_* vars — never raw tokens/passwords.
- Migration away from duplicated GITEA_USER_*/GITEA_PASS_*/GITEA_SITE_* blocks;
  secrets referenced by keychain id or env var name only.
- Per-workflow runbooks (create issue/children, implement+PR, review/request-
  changes/approve, merge, close-after-merge, stop-on-blocker) with safe prompts.
- Fail-closed behavior table (unknown identity/profile, self-author, moved head,
  unexpected files, detected secrets, production/deploy) and no self-review/merge.

Docs-only: no implementation code. Safe placeholder examples only (no real
tokens, passwords, usernames, or private config). README links the new runbook.

Closes #17. Refs #10.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
jcwalker3 closed this pull request 2026-07-02 00:42:12 -05:00
jcwalker3 deleted branch docs/issue-17-runtime-profile-docs 2026-07-02 00:42:12 -05:00

Pull request closed

Sign in to join this conversation.