feat(tools): pr_create with identity footer

internal/tools/pr_create.go

@@ -0,0 +1,91 @@
+package tools
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
+	"gitea.d-ma.be/mathias/gitea-mcp/internal/auth"
+	"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
+	"gitea.d-ma.be/mathias/gitea-mcp/internal/identity"
+	"gitea.d-ma.be/mathias/gitea-mcp/internal/registry"
+)
+
+type PRCreate struct {
+	c *gitea.Client
+	a *allowlist.Allowlist
+}
+
+func NewPRCreate(c *gitea.Client, a *allowlist.Allowlist) *PRCreate {
+	return &PRCreate{c: c, a: a}
+}
+
+func (t *PRCreate) Descriptor() registry.ToolDescriptor {
+	return registry.ToolDescriptor{
+		Name:        "pr_create",
+		Description: "Create a pull request. Applies an identity footer to the PR body.",
+		InputSchema: json.RawMessage(`{
+			"type":"object",
+			"properties":{
+				"owner":{"type":"string"},
+				"name":{"type":"string"},
+				"title":{"type":"string"},
+				"body":{"type":"string"},
+				"head":{"type":"string"},
+				"base":{"type":"string"},
+				"draft":{"type":"boolean"}
+			},
+			"required":["owner","name","title","head","base"]
+		}`),
+	}
+}
+
+type prCreateArgs struct {
+	Owner string `json:"owner"`
+	Name  string `json:"name"`
+	Title string `json:"title"`
+	Body  string `json:"body"`
+	Head  string `json:"head"`
+	Base  string `json:"base"`
+	Draft bool   `json:"draft"`
+}
+
+func (t *PRCreate) Call(ctx context.Context, raw json.RawMessage) (json.RawMessage, error) {
+	var args prCreateArgs
+	if err := parseArgs(raw, &args); err != nil {
+		return nil, err
+	}
+	if err := t.a.Check(args.Owner); err != nil {
+		return nil, err
+	}
+	if args.Title == "" {
+		return nil, fmt.Errorf("title is required: %w", gitea.ErrValidation)
+	}
+	if args.Head == "" || args.Base == "" {
+		return nil, fmt.Errorf("head and base are required: %w", gitea.ErrValidation)
+	}
+
+	body := identity.ApplyFooter(args.Body, auth.Caller(ctx))
+
+	pr, err := t.c.CreatePullRequest(ctx, args.Owner, args.Name, gitea.CreatePullRequestArgs{
+		Title: args.Title,
+		Body:  body,
+		Head:  args.Head,
+		Base:  args.Base,
+		Draft: args.Draft,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return textOK(map[string]any{
+		"number":   pr.Number,
+		"title":    pr.Title,
+		"html_url": pr.HTMLURL,
+		"head":     pr.Head.Ref,
+		"base":     pr.Base.Ref,
+		"state":    pr.State,
+		"draft":    pr.Draft,
+	})
+}

internal/tools/pr_create_test.go

@@ -0,0 +1,107 @@
+package tools_test
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
+	"gitea.d-ma.be/mathias/gitea-mcp/internal/auth"
+	"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
+	"gitea.d-ma.be/mathias/gitea-mcp/internal/tools"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+const prFixture = `{
+	"number": 3,
+	"title": "My PR",
+	"body": "description",
+	"html_url": "http://example.com/pulls/3",
+	"state": "open",
+	"draft": false,
+	"head": {"ref": "feat/new"},
+	"base": {"ref": "main"}
+}`
+
+func callerContext(user string) context.Context {
+	var capturedCtx context.Context
+	h := auth.CallerMiddleware(http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
+		capturedCtx = r.Context()
+	}))
+	req := httptest.NewRequest("POST", "/", nil)
+	if user != "" {
+		req.Header.Set("X-Auth-Request-User", user)
+	}
+	h.ServeHTTP(httptest.NewRecorder(), req)
+	return capturedCtx
+}
+
+func TestPRCreateAppliesIdentityFooter(t *testing.T) {
+	var captured []byte
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, "/api/v1/repos/o/r/pulls", r.URL.Path)
+		var err error
+		captured, err = io.ReadAll(r.Body)
+		require.NoError(t, err)
+		w.WriteHeader(http.StatusCreated)
+		_, _ = w.Write([]byte(prFixture))
+	}))
+	defer srv.Close()
+
+	tool := tools.NewPRCreate(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"o"}))
+	ctx := callerContext("mathiasbq")
+	_, err := tool.Call(ctx, json.RawMessage(`{
+		"owner":"o","name":"r","title":"My PR","body":"description","head":"feat/new","base":"main"
+	}`))
+	require.NoError(t, err)
+
+	var payload map[string]any
+	require.NoError(t, json.Unmarshal(captured, &payload))
+	body, _ := payload["body"].(string)
+	assert.Contains(t, body, "_Created via git-mcp on behalf of @mathiasbq_")
+}
+
+func TestPRCreateNoFooterWhenCallerEmpty(t *testing.T) {
+	var captured []byte
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		var err error
+		captured, err = io.ReadAll(r.Body)
+		require.NoError(t, err)
+		w.WriteHeader(http.StatusCreated)
+		_, _ = w.Write([]byte(prFixture))
+	}))
+	defer srv.Close()
+
+	tool := tools.NewPRCreate(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"o"}))
+	_, err := tool.Call(context.Background(), json.RawMessage(`{
+		"owner":"o","name":"r","title":"My PR","body":"description","head":"feat/new","base":"main"
+	}`))
+	require.NoError(t, err)
+
+	var payload map[string]any
+	require.NoError(t, json.Unmarshal(captured, &payload))
+	body, _ := payload["body"].(string)
+	assert.False(t, strings.Contains(body, "_Created via git-mcp on behalf of"), "footer should not be present when caller is empty")
+}
+
+func TestPRCreateAllowlistRejects(t *testing.T) {
+	tool := tools.NewPRCreate(gitea.NewClient("http://unused", ""), allowlist.New([]string{"allowed"}))
+	_, err := tool.Call(context.Background(), json.RawMessage(`{
+		"owner":"evil","name":"r","title":"T","head":"feat/x","base":"main"
+	}`))
+	require.Error(t, err)
+}
+
+func TestPRCreateRequiresTitle(t *testing.T) {
+	tool := tools.NewPRCreate(gitea.NewClient("http://unused", ""), allowlist.New([]string{"o"}))
+	_, err := tool.Call(context.Background(), json.RawMessage(`{
+		"owner":"o","name":"r","title":"","head":"feat/x","base":"main"
+	}`))
+	require.Error(t, err)
+	assert.ErrorIs(t, err, gitea.ErrValidation)
+}