3aaba73127
Let one MCP server select among named Gitea runtime profiles from a JSON file
instead of editing code or juggling many .env files:
GITEA_MCP_CONFIG=/path/to/gitea-mcp.json
GITEA_MCP_PROFILE=dev
- New gitea_config.py: load/validate the JSON, select the named profile, and
resolve its token by env-var reference. Profiles supply base_url,
profile_name, token_env, owner/repo, allowed/forbidden operations, and audit
label.
- gitea_auth.get_profile() now overlays env over the selected JSON profile:
explicit env vars win, the JSON profile fills only what env leaves unset.
- gitea_auth.get_auth_header() gains a JSON token_env fallback after explicit
env tokens (env still wins).
Security / safety:
- Tokens are referenced by env-var NAME (token_env); an inline "token" is
rejected and never echoed. The value is never stored in or returned as
profile metadata.
- Fail-safe errors: missing file / invalid JSON / unknown or unset selected
profile raise a clear ConfigError that never prints file contents or tokens
(JSONDecodeError context is suppressed so the raw file text can't surface).
- No network calls during config parsing.
- Real config files are gitignored (gitea-mcp*.json), example kept.
Backwards compatible: with GITEA_MCP_CONFIG unset, behaviour is exactly the
prior env-only behaviour (all existing get_profile/get_auth_header tests pass
unchanged).
Docs: README JSON-profiles section + env table rows, .env.example placeholders,
gitea-mcp.example.json.
Tests: tests/test_config.py (22 cases) — env-only, selection, multiple
profiles, env-override precedence, missing file, invalid JSON, missing/unset
profile, inline-token rejection + redaction, and no-network-during-parse.
Refs #10. Note: issue #19 (env-based profiles) was already implemented and
closed; this JSON-file capability is adjacent new scope tracked under the
roadmap rather than reopening #19.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
48 lines
2.2 KiB
Bash
48 lines
2.2 KiB
Bash
# Gitea MCP runtime profile — EXAMPLE / PLACEHOLDERS ONLY.
|
|
#
|
|
# Copy to a real, gitignored env file (e.g. .env.reviewer) per runtime profile.
|
|
# The same MCP server code is launched as separate MCP entries, each pointed at
|
|
# a different env file so each process authenticates as ONE token and carries
|
|
# ONE profile name. Do NOT put real tokens in this file.
|
|
#
|
|
# The token is read only by the auth layer; it is never returned, logged, or
|
|
# committed. Profile name and allowed operations are non-secret metadata.
|
|
|
|
# Base URL of the Gitea instance (informational).
|
|
GITEA_BASE_URL=https://gitea.example.invalid
|
|
|
|
# The API token for THIS runtime profile. Placeholder only — replace in a real,
|
|
# gitignored env file. Never commit a real token.
|
|
GITEA_TOKEN=replace-with-token
|
|
|
|
# Human label for the running profile (non-secret metadata).
|
|
# Examples: gitea-author, gitea-reviewer, gitea-merger, gitea-issue-manager.
|
|
GITEA_PROFILE_NAME=gitea-reviewer
|
|
|
|
# Optional, comma-separated operation categories this profile is intended for
|
|
# (descriptive only in this issue; enforcement is a later roadmap item).
|
|
GITEA_ALLOWED_OPERATIONS=read,review,approve
|
|
|
|
# Optional, comma-separated operation categories this profile must NOT perform
|
|
# (descriptive metadata; surfaced by gitea_get_profile).
|
|
GITEA_FORBIDDEN_OPERATIONS=merge,branch.push
|
|
|
|
# Optional short label attached to this runtime for audit purposes.
|
|
GITEA_AUDIT_LABEL=reviewer-runtime
|
|
|
|
# Optional path to an audit log file (#18). When set, each mutating action
|
|
# appends one redacted JSON record (profile + authenticated user + outcome).
|
|
# Leave unset to disable auditing entirely (no records, no extra API calls).
|
|
GITEA_AUDIT_LOG=/path/to/gitea-mcp-audit.log
|
|
|
|
# Optional NAME of the token's source (e.g. an env var name). This is a name
|
|
# only — never the token value. Surfaced by gitea_get_profile.
|
|
GITEA_TOKEN_SOURCE=GITEA_TOKEN
|
|
|
|
# Optional JSON runtime-profile config (roadmap #10). Instead of the fields
|
|
# above, point at a JSON file with multiple named profiles and select one.
|
|
# See gitea-mcp.example.json. Explicit env vars above still override the
|
|
# selected profile's values. Leave unset for pure env-based configuration.
|
|
GITEA_MCP_CONFIG=/path/to/gitea-mcp.json
|
|
GITEA_MCP_PROFILE=dev
|