Bootstrap repo-tracked wiki pages (10 required pages), the operator- confirmed sync script, PR template publication gate, and safety tests so Gitea-Tools can publish to the live Gitea Wiki per issue #224. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
1.6 KiB
1.6 KiB
Identity and Profiles
Navigation
- Home | Operator Guide | Repositories Map | Identity and Profiles | Workflow Model | Safety and Gates | MCP Tools Reference | Operator Runbooks | Open Decisions | Project History
The LLM is not the role — the MCP execution profile is the role. Profiles bind an authenticated Gitea identity to an allowed operation set.
Reference profiles (prgs)
Author / implementer
- Profile:
prgs-author - Typical identity:
jcwalker3 - Allowed: branch create/push, PR create, issue comment/create/close, repo commit, read.
- Forbidden: PR approve, merge, request_changes.
Reviewer / merger
- Profile:
prgs-reviewer - Typical identity:
sysadmin - Allowed: PR review/approve/merge/request_changes, issue comment, read.
- Forbidden: branch push, PR create, repo commit.
Configuration
Profiles are defined in the canonical JSON config (GITEA_MCP_CONFIG, typically
~/.config/gitea-tools/profiles.json). Launchers are thin: they set
GITEA_MCP_PROFILE and point at the config file. Credentials resolve from
keychain or env references — never inline in client configs.
See docs/gitea-execution-profiles.md in the repository for the full model.
Profile switching
Use separate MCP server namespaces (gitea-tools author vs gitea-reviewer)
or distinct launcher entries. Runtime in-place profile switching is disabled by
default (fail closed).