feat(allowlist): owner allowlist enforcement

internal/allowlist/allowlist.go

@@ -0,0 +1,25 @@
+package allowlist
+
+import "fmt"
+
+type Allowlist struct {
+	owners map[string]struct{}
+}
+
+func New(owners []string) *Allowlist {
+	m := make(map[string]struct{}, len(owners))
+	for _, o := range owners {
+		m[o] = struct{}{}
+	}
+	return &Allowlist{owners: m}
+}
+
+func (a *Allowlist) Check(owner string) error {
+	if owner == "" {
+		return fmt.Errorf("owner required")
+	}
+	if _, ok := a.owners[owner]; !ok {
+		return fmt.Errorf("owner %q not in allowlist", owner)
+	}
+	return nil
+}

internal/allowlist/allowlist_test.go

@@ -0,0 +1,16 @@
+package allowlist_test
+
+import (
+	"testing"
+
+	"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAllowlistCheck(t *testing.T) {
+	a := allowlist.New([]string{"mathias", "acme"})
+	assert.NoError(t, a.Check("mathias"))
+	assert.NoError(t, a.Check("acme"))
+	assert.Error(t, a.Check("evil"))
+	assert.Error(t, a.Check(""))
+}