ff920a6496
Support the canonical contexts-shape version 2 config (contexts / profiles / projects / rules) alongside the existing environments shape and v1: - Require a boolean 'enabled' on every context, profile, service, and project. Disabled entries are surfaced in audits but fail closed at selection/resolution — never a silent fallback to another profile, service, or credential source. - Resolve the active identity from GITEA_MCP_PROFILE via the existing select_profile path; profile base_url falls back to the context's enabled gitea block. - Add resolve_service() and project_for_path() for context service and project-to-context resolution (internal use; fail closed on disabled). - get_auth_header now propagates ConfigError when GITEA_MCP_CONFIG is set instead of silently degrading to Basic auth. - Hide endpoint URLs and keychain ids from normal LLM-facing output: gitea_whoami / gitea_get_profile report logical names and auth status only; new gitea_audit_config tool reports enabled/disabled state and safe one-line service summaries. The GITEA_MCP_REVEAL_ENDPOINTS opt-in (and 'python3 gitea_config.py audit --reveal-endpoints' locally) restores endpoints and auth source names for admin diagnostics; token values are never printed on any path. - Ship gitea-mcp.v2-contexts.example.json (synthetic values) and validate it in tests. Implements #120 Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
81 lines
2.7 KiB
JSON
81 lines
2.7 KiB
JSON
{
|
|
"version": 2,
|
|
"contexts": {
|
|
"example-context": {
|
|
"enabled": true,
|
|
"label": "Example environment",
|
|
"description": "One deployment environment: its Gitea plus non-Gitea services.",
|
|
"default_owner": "Example-Org",
|
|
"gitea": {
|
|
"enabled": true,
|
|
"kind": "gitea",
|
|
"base_url": "https://gitea.example.invalid"
|
|
},
|
|
"services": {
|
|
"jenkins": {
|
|
"enabled": true,
|
|
"kind": "jenkins",
|
|
"label": "Example Jenkins",
|
|
"base_url": "https://jenkins.example.invalid",
|
|
"auth": { "type": "keychain", "id": "example-jenkins-token" },
|
|
"capabilities": ["read"]
|
|
},
|
|
"glitchtip": {
|
|
"enabled": false,
|
|
"kind": "glitchtip",
|
|
"label": "Example GlitchTip (disabled: defined but unavailable)",
|
|
"base_url": "",
|
|
"auth": { "type": "keychain", "id": "example-glitchtip-token" },
|
|
"capabilities": ["read"],
|
|
"allow_raw_events": false
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"profiles": {
|
|
"example-author": {
|
|
"enabled": true,
|
|
"context": "example-context",
|
|
"role": "author",
|
|
"username": "author-user",
|
|
"execution_profile": "example-author",
|
|
"audit_label": "example-author",
|
|
"auth": { "type": "keychain", "id": "example-gitea-author-token" },
|
|
"allowed_operations": ["read", "branch", "commit", "push", "open_pr", "comment"],
|
|
"forbidden_operations": ["approve", "request_changes", "merge"]
|
|
},
|
|
"example-reviewer": {
|
|
"enabled": true,
|
|
"context": "example-context",
|
|
"role": "reviewer",
|
|
"username": "reviewer-user",
|
|
"execution_profile": "example-reviewer",
|
|
"audit_label": "example-reviewer",
|
|
"auth": { "type": "keychain", "id": "example-gitea-reviewer-token" },
|
|
"allowed_operations": ["read", "review", "comment", "approve", "request_changes", "merge"],
|
|
"forbidden_operations": ["branch", "commit", "push", "open_pr"]
|
|
}
|
|
},
|
|
"projects": {
|
|
"/absolute/path/to/local/repo": {
|
|
"enabled": true,
|
|
"context": "example-context",
|
|
"default_owner": "Example-Org",
|
|
"default_repo": "Example-Repo",
|
|
"default_author_profile": "example-author",
|
|
"default_reviewer_profile": "example-reviewer"
|
|
}
|
|
},
|
|
"rules": {
|
|
"disabled_behavior": "Defined but unavailable for action. MCP tools may report disabled entries during audits, but must not use them automatically.",
|
|
"no_silent_fallback": true,
|
|
"tokens_in_json": false,
|
|
"token_storage": "keychain",
|
|
"identity_must_match_task": true,
|
|
"same_username_cannot_review_own_pr": true,
|
|
"hide_service_urls_from_llm": true,
|
|
"hide_keychain_ids_from_llm": true,
|
|
"mcp_resolves_endpoints": true
|
|
}
|
|
}
|