# Identity and Profiles ## Navigation - [Home](Home.md) | [Operator Guide](Operator-Guide.md) | [Repositories Map](Repositories.md) | [Identity and Profiles](Identity-and-Profiles.md) | [Workflow Model](Workflow.md) | [Safety and Gates](Safety-and-Gates.md) | [MCP Tools Reference](MCP-Tools.md) | [Operator Runbooks](Runbooks.md) | [Open Decisions](Open-Decisions.md) | [Project History](History.md) The LLM is not the role — the **MCP execution profile** is the role. Profiles bind an authenticated Gitea identity to an allowed operation set. ## Reference profiles (prgs) ### Author / implementer - **Profile:** `prgs-author` - **Typical identity:** `jcwalker3` - **Allowed:** branch create/push, PR create, issue comment/create/close, repo commit, read. - **Forbidden:** PR approve, merge, request_changes. ### Reviewer - **Profile:** `prgs-reviewer` - **Typical identity:** `sysadmin` - **Allowed:** PR review/approve/request_changes, issue comment, read. - **Forbidden:** branch push, PR create, repo commit, PR merge. Review and merge are separate workflow roles. A reviewer approval is not merge authorization. ### Merger - **Profile:** `prgs-merger` - **Typical identity:** `sysadmin` - **Allowed:** PR merge, issue comment, read. - **Forbidden:** branch push, PR create, repo commit, PR approve, PR review, PR request_changes. ## Configuration Profiles are defined in the canonical JSON config (`GITEA_MCP_CONFIG`, typically `~/.config/gitea-tools/profiles.json`). Launchers are thin: they set `GITEA_MCP_PROFILE` and point at the config file. Credentials resolve from keychain or env references — never inline in client configs. See `docs/gitea-execution-profiles.md` in the repository for the full model. ## Profile switching Use separate MCP server namespaces (`gitea-tools` author vs `gitea-reviewer`) or distinct launcher entries. Runtime in-place profile switching is disabled by default (fail closed).