diff --git a/mcp_server.py b/mcp_server.py index 8f33c43..ae7e711 100644 --- a/mcp_server.py +++ b/mcp_server.py @@ -720,9 +720,9 @@ def gitea_edit_pr( Returns: dict with success status and details of the edited PR. """ - h, o, r = _resolve(remote, host, org, repo) - auth = _auth(h) - url = f"{repo_api_url(h, o, r)}/pulls/{pr_number}" + # Validate inputs BEFORE any auth/profile resolution or API setup: a + # no-fields call is a pure validation error and must not depend on + # credentials, network, or environment configuration. payload = {} if title is not None: payload["title"] = title @@ -736,6 +736,10 @@ def gitea_edit_pr( if not payload: raise ValueError("At least one field to edit (title, body, state, base) must be provided.") + h, o, r = _resolve(remote, host, org, repo) + auth = _auth(h) + url = f"{repo_api_url(h, o, r)}/pulls/{pr_number}" + with _audited("edit_pr", host=h, remote=remote, org=o, repo=r, pr_number=pr_number, request_metadata={"fields": sorted(payload)}): data = api_request("PATCH", url, auth, payload) diff --git a/tests/test_mcp_server.py b/tests/test_mcp_server.py index b62c2d3..85a47d9 100644 --- a/tests/test_mcp_server.py +++ b/tests/test_mcp_server.py @@ -737,6 +737,17 @@ class TestEditPR(unittest.TestCase): with self.assertRaises(ValueError): gitea_edit_pr(pr_number=1) + @patch("mcp_server.api_request") + @patch("mcp_server.get_auth_header") + def test_edit_pr_no_fields_validates_before_auth(self, mock_auth, mock_api): + # No-fields validation must not depend on credentials/network: it raises + # ValueError before touching auth or the API, even with no creds. + mock_auth.return_value = None # simulate an unauthenticated environment + with self.assertRaises(ValueError): + gitea_edit_pr(pr_number=1) + mock_auth.assert_not_called() + mock_api.assert_not_called() + # --------------------------------------------------------------------------- # Get File