1
Identity and Profiles
Jason Walker edited this page 2026-07-06 01:36:36 -04:00

Identity and Profiles

Navigation

The LLM is not the role — the MCP execution profile is the role. Profiles bind an authenticated Gitea identity to an allowed operation set.

Reference profiles (prgs)

Author / implementer

  • Profile: prgs-author
  • Typical identity: jcwalker3
  • Allowed: branch create/push, PR create, issue comment/create/close, repo commit, read.
  • Forbidden: PR approve, merge, request_changes.

Reviewer / merger

  • Profile: prgs-reviewer
  • Typical identity: sysadmin
  • Allowed: PR review/approve/merge/request_changes, issue comment, read.
  • Forbidden: branch push, PR create, repo commit.

Configuration

Profiles are defined in the canonical JSON config (GITEA_MCP_CONFIG, typically ~/.config/gitea-tools/profiles.json). Launchers are thin: they set GITEA_MCP_PROFILE and point at the config file. Credentials resolve from keychain or env references — never inline in client configs.

See docs/gitea-execution-profiles.md in the repository for the full model.

Profile switching

Use separate MCP server namespaces (gitea-tools author vs gitea-reviewer) or distinct launcher entries. Runtime in-place profile switching is disabled by default (fail closed).