5aeb51f132
Add gitea_list_issue_comments and gitea_create_issue_comment so discussion/design workflows can read and post issue comments through the MCP layer instead of direct API scripts. - List requires gitea.read; create requires gitea.issue.comment — gated separately from the gitea.pr.* review/merge family, fail closed. - Issue comments never touch PR review endpoints. - LLM-safe output: comment id/author/timestamps/body only; web links appear solely under the GITEA_MCP_REVEAL_ENDPOINTS admin opt-in. - Create operations are audit-logged (create_issue_comment) and errors are redacted before being raised. - Tests cover list/create success, permission blocks (including PR review permissions not granting issue comments), forbidden-overrides, empty body, missing issue with redacted error, endpoint separation, and reveal opt-in. - Document issue comments versus PR reviews in docs/gitea-execution-profiles.md. Closes #126 Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>