mathias/gitea-mcp
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mathias:b8463d66a0c673f01d09edc58aad7009b6d37184
Branches Tags
mathias:main
mathias:v0.2.7 mathias:v0.2.6 mathias:v0.2.5 mathias:v0.2.4 mathias:v0.2.3 mathias:v0.2.2 mathias:v0.2.1 mathias:v0.2.0 mathias:v0.1.2 mathias:v0.1.1 mathias:v0.1.0
..
compare: mathias:v0.2.1
Branches Tags
mathias:main
mathias:v0.2.7 mathias:v0.2.6 mathias:v0.2.5 mathias:v0.2.4 mathias:v0.2.3 mathias:v0.2.2 mathias:v0.2.1 mathias:v0.2.0 mathias:v0.1.2 mathias:v0.1.1 mathias:v0.1.0

27 Commits
b8463d66a0 ... v0.2.1

Author SHA1 Message Date
Mathias Bergqvist
f63605bdd0 fix(mcp): downgrade protocolVersion to 2025-03-26
Some checks failed
CD / Lint / Test / Vet (push) Failing after 3s
Details
CD / Build & Import (push) Has been skipped
Details
CD / Deploy via GitOps (push) Has been skipped
Details 
Claude Code CLI rejects 2025-06-18 and silently drops the connection;
2025-03-26 is the highest version it supports. Fixes #4.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-09 07:53:18 +02:00
Mathias Bergqvist
c4d3735272 fix(mcp): allow GET/SSE without session ID for claude.ai compatibility
Some checks failed
CD / Lint / Test / Vet (push) Failing after 3s
Details
CD / Build & Import (push) Has been skipped
Details
CD / Deploy via GitOps (push) Has been skipped
Details
2026-05-07 23:22:21 +02:00
Mathias Bergqvist
d8db786e27 ci: add environment: staging gate to deploy job
Some checks failed
CD / Lint / Test / Vet (push) Failing after 2s
Details
CD / Build & Import (push) Has been skipped
Details
CD / Deploy via GitOps (push) Has been skipped
Details 
Aligns with cobalt-dingo reference — the deploy job was missing the
Gitea Actions environment protection so staging approvals/secrets were
not enforced.
 2026-05-07 21:52:40 +02:00
Mathias Bergqvist
923689afa5 feat: replace static API token with per-request Gitea PAT pass-through 
Callers now supply their own Gitea PAT as a Bearer token; the server validates
it against GET /api/v1/user and threads it through context to all downstream
Gitea API calls. GITEA_API_TOKEN env var and the GiteaAPIToken config field are
removed.
 2026-05-07 21:04:47 +02:00
Mathias Bergqvist
9a5d0005c5 feat: add 9 GitOps agent tools for full GitOps loop
All checks were successful
CD / Lint / Test / Vet (push) Successful in 5s
Details
CD / Build & Import (push) Successful in 11s
Details
CD / Deploy via GitOps (push) Has been skipped
Details 
Adds branch_list, branch_delete, branch_protection_get, pr_list,
pr_merge, dir_list, file_delete, tag_create, and repo_status so an
AI agent can autonomously drive feature-branch or trunk-based
development workflows against Gitea.
 2026-05-07 08:11:45 +02:00
Mathias Bergqvist
c0576359d7 feat: register 9 new GitOps tools in main 
Wires branch_list, branch_delete, branch_protection_get, pr_list,
pr_merge, dir_list, file_delete, tag_create, and repo_status into the
MCP server registry so they are discoverable and callable by agents.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-06 23:00:29 +02:00
Mathias Bergqvist
0c5903a196 feat(tools): repo_status 2026-05-06 22:59:51 +02:00
Mathias Bergqvist
839fc93dcd feat(tools): tag_create 2026-05-06 22:54:22 +02:00
Mathias Bergqvist
5dac4856bd feat(tools): file_delete 2026-05-06 22:51:21 +02:00
Mathias Bergqvist
0eb9ebcafd feat(tools): dir_list 2026-05-06 22:49:50 +02:00
Mathias Bergqvist
284d5e19f6 feat(tools): pr_merge 2026-05-06 22:48:02 +02:00
Mathias Bergqvist
388131c8cd feat(tools): pr_list 2026-05-06 22:46:11 +02:00
Mathias Bergqvist
ddfcc32afd feat(tools): branch_protection_get 2026-05-06 22:44:24 +02:00
Mathias Bergqvist
9e4251c1a7 feat(tools): branch_delete 2026-05-06 22:42:38 +02:00
Mathias Bergqvist
06882d185e fix(tools): branch_list schema constraints 2026-05-06 22:41:05 +02:00
Mathias Bergqvist
073d88b29a feat(tools): branch_list 2026-05-06 22:38:15 +02:00
Mathias Bergqvist
44c42fa636 feat(gitea): add DeleteJSONBody for delete-with-body requests 2026-05-06 22:36:37 +02:00
Mathias Bergqvist
e7bd954e90 docs: add GitOps agent tools implementation plan 
11 tasks covering 9 new tools, client methods, tests, and registration.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-06 22:22:41 +02:00
Mathias Bergqvist
0cd465fb68 docs: add GitOps agent tools design spec 
9 new tools to enable full autonomous GitOps loop: repo_status,
branch_list/delete/protection_get, pr_list/merge, dir_list,
file_delete, tag_create.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-06 21:51:39 +02:00
mathias
4f0f65e26a Merge pull request 'fix: add OAuth discovery endpoints for claude.ai handshake' (#3) from fix/oauth-discovery-endpoints into main
All checks were successful
CD / Lint / Test / Vet (push) Successful in 5s
Details
CD / Build & Import (push) Successful in 12s
Details
CD / Deploy via GitOps (push) Successful in 3s
Details 
Reviewed-on: #3
 2026-05-06 15:20:58 +00:00
Mathias Bergqvist
9cbb564cd9 fix: add OAuth discovery endpoints for claude.ai handshake
All checks were successful
CD / Lint / Test / Vet (pull_request) Successful in 5s
Details
CD / Build & Import (pull_request) Has been skipped
Details
CD / Deploy via GitOps (pull_request) Has been skipped
Details 
Implements RFC 9728 protected resource metadata and HEAD probe so
claude.ai can complete its pre-handshake discovery without hitting 404.

- GET /.well-known/oauth-protected-resource → 200 {"authorization_servers":[]}
- GET /.well-known/oauth-authorization-server → 404 (no auth server)
- HEAD /mcp → 200 + MCP-Protocol-Version: 2025-06-18 header

Closes #2

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-06 17:19:14 +02:00
mathias
47e631da23 Merge pull request 'fix(file_write_branch): support file creation by routing POST/PUT on sha' (#1) from fix/file-write-branch-create into main
All checks were successful
CD / Lint / Test / Vet (push) Successful in 6s
Details
CD / Build & Import (push) Successful in 12s
Details
CD / Deploy via GitOps (push) Successful in 3s
Details 
Reviewed-on: #1
 2026-05-06 14:44:38 +00:00
gitea-mcp bot
d35ff9781c test(file_write_branch): assert branch and commit_sha on PUT path for parity
All checks were successful
CD / Lint / Test / Vet (pull_request) Successful in 5s
Details
CD / Build & Import (pull_request) Has been skipped
Details
CD / Deploy via GitOps (pull_request) Has been skipped
Details
2026-05-06 14:35:20 +00:00
gitea-mcp bot
052827320a test(file_write_branch): cover POST-on-create and PUT-on-update routing
All checks were successful
CD / Lint / Test / Vet (pull_request) Successful in 6s
Details
CD / Build & Import (pull_request) Has been skipped
Details
CD / Deploy via GitOps (pull_request) Has been skipped
Details
2026-05-06 14:05:23 +00:00
gitea-mcp bot
c85197ea5e fix(files): route UpsertFile to POST when sha is empty so new files can be created 2026-05-06 14:04:36 +00:00
Mathias Bergqvist
c345025221 fix(lint): staticcheck S1030, QF1002 and remove unused _ctx stub
All checks were successful
CD / Lint / Test / Vet (push) Successful in 4s
Details
CD / Build & Import (push) Successful in 12s
Details
CD / Deploy via GitOps (push) Has been skipped
Details
2026-05-05 09:02:39 +02:00
Mathias Bergqvist
64559f0250 fix(lint): check Body.Close error return in http client
Some checks failed
CD / Lint / Test / Vet (push) Failing after 2s
Details
CD / Build & Import (push) Has been skipped
Details
CD / Deploy via GitOps (push) Has been skipped
Details
2026-05-05 08:55:31 +02:00
39 changed files with 4589 additions and 34 deletions
Expand all files Collapse all files

1
.gitea/workflows/cd.yml
View File

@@ -95,6 +95,7 @@ jobs:
needs: build
runs-on: self-hosted
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
environment: staging
steps:
- name: Update image tag in infra repo
env:

35
cmd/gitea-mcp/main.go
View File

@@ -23,25 +23,34 @@ func main() {
os.Exit(1)
}
giteaClient := gitea.NewClient(cfg.GiteaBaseURL, cfg.GiteaAPIToken)
giteaClient := gitea.NewClient(cfg.GiteaBaseURL, "")
ownerAllow := allowlist.New(cfg.AllowedOwners)
reg := registry.New()
reg.Register(tools.NewRepoList(giteaClient, ownerAllow))
reg.Register(tools.NewRepoGet(giteaClient, ownerAllow))
reg.Register(tools.NewRepoSearch(giteaClient, ownerAllow))
reg.Register(tools.NewRepoStatus(giteaClient, ownerAllow))
reg.Register(tools.NewFileRead(giteaClient, ownerAllow))
reg.Register(tools.NewFileWriteBranch(giteaClient, ownerAllow))
reg.Register(tools.NewFileDelete(giteaClient, ownerAllow))
reg.Register(tools.NewDirList(giteaClient, ownerAllow))
reg.Register(tools.NewBranchList(giteaClient, ownerAllow))
reg.Register(tools.NewBranchDelete(giteaClient, ownerAllow))
reg.Register(tools.NewBranchProtectionGet(giteaClient, ownerAllow))
reg.Register(tools.NewPRCreate(giteaClient, ownerAllow))
reg.Register(tools.NewPRGet(giteaClient, ownerAllow))
reg.Register(tools.NewPRList(giteaClient, ownerAllow))
reg.Register(tools.NewPRMerge(giteaClient, ownerAllow))
reg.Register(tools.NewPRComment(giteaClient, ownerAllow))
reg.Register(tools.NewPRFilesDiff(giteaClient, ownerAllow))
reg.Register(tools.NewWorkflowRunTrigger(giteaClient, ownerAllow, cfg.GiteaBaseURL))
reg.Register(tools.NewWorkflowRunStatus(giteaClient, ownerAllow))
reg.Register(tools.NewRepoSearch(giteaClient, ownerAllow))
reg.Register(tools.NewCodeSearch(giteaClient, ownerAllow))
reg.Register(tools.NewIssueCreate(giteaClient, ownerAllow))
reg.Register(tools.NewIssueComment(giteaClient, ownerAllow))
reg.Register(tools.NewPRComment(giteaClient, ownerAllow))
reg.Register(tools.NewPRFilesDiff(giteaClient, ownerAllow))
reg.Register(tools.NewCreateProjectFromTemplate(giteaClient, ownerAllow, "mathias", "template-go-web"))
reg.Register(tools.NewTagCreate(giteaClient, ownerAllow))
mcpSrv := mcp.NewServer(mcp.ServerOptions{
Registry: reg,
@@ -49,11 +58,27 @@ func main() {
})
mux := http.NewServeMux()
mux.Handle("/mcp", mcp.OriginAllowlist(cfg.OriginAllowlist)(auth.CallerMiddleware(mcpSrv)))
mux.Handle("/mcp", mcp.OriginAllowlist(cfg.OriginAllowlist)(
auth.BearerMiddleware(cfg.GiteaBaseURL,
auth.CallerMiddleware(mcpSrv),
),
))
mux.HandleFunc("/healthz", func(w http.ResponseWriter, _ *http.Request) {
w.WriteHeader(http.StatusOK)
_, _ = w.Write([]byte("ok"))
})
mux.HandleFunc("/.well-known/oauth-protected-resource", func(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodGet {
http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
return
}
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusOK)
_, _ = w.Write([]byte(`{"authorization_servers":[]}`))
})
mux.HandleFunc("/.well-known/oauth-authorization-server", func(w http.ResponseWriter, r *http.Request) {
http.NotFound(w, r)
})
addr := ":" + cfg.Port
logger.Info("gitea-mcp starting", "addr", addr, "version", "0.1.0")

2450
docs/superpowers/plans/2026-05-06-gitops-agent-tools.md Normal file
View File

File diff suppressed because it is too large Load Diff

169
docs/superpowers/specs/2026-05-06-gitops-agent-tools-design.md Normal file
View File

@@ -0,0 +1,169 @@
# GitOps Agent Tools — Design Spec
**Date:** 2026-05-06
**Status:** Approved
## Goal
Extend the Gitea MCP server with the tools an AI agent needs to drive a full GitOps development loop autonomously — reading repo state, deciding on a branching strategy, making changes, opening and merging PRs, and tagging releases — without any local git tooling.
The agent selects between feature-branch and trunk-based development based on branch protection rules it reads at runtime.
---
## New Tools (9)
All tools follow the existing pattern: one file in `internal/tools/`, one Gitea client method in `internal/gitea/`, allowlist check on `owner`, table-driven tests in both packages.
### `repo_status`
Convenience read tool — returns branch list, open PRs, and protection info for a target branch in a single call. Designed for the agent's first query on any repo so it can decide its strategy.
**Inputs:** `owner`, `name`, `branch` (optional — defaults to repo default branch)
**Output:** `{ branches: [...], open_prs: [...], protection: { protected, required_approvals, push_whitelist, merge_whitelist } }`
**Implementation:** calls `ListBranches` + `ListPullRequests(state=open)` + `GetBranchProtection` internally, composes result. No new Gitea API surface.
---
### `branch_list`
**Inputs:** `owner`, `name`, `page` (optional), `limit` (optional, default 30)
**Output:** array of `{ name, sha }`
**Gitea endpoint:** `GET /api/v1/repos/{owner}/{repo}/branches`
---
### `branch_delete`
**Inputs:** `owner`, `name`, `branch`
**Output:** confirmation message
**Gitea endpoint:** `DELETE /api/v1/repos/{owner}/{repo}/branches/{branch}`
**Error handling:** 403 from Gitea (protected branch) surfaced as a descriptive error.
---
### `branch_protection_get`
**Inputs:** `owner`, `name`, `branch`
**Output:** `{ protected, required_approvals, push_whitelist, merge_whitelist }`
**Gitea endpoint:** `GET /api/v1/repos/{owner}/{repo}/branch_protections/{branch}`
**Error handling:** 404 → return `{ protected: false }`, not an error. Allows agent to make clean boolean decisions.
---
### `pr_list`
**Inputs:** `owner`, `name`, `state` (`open`/`closed`/`all`, default `open`), `head` (optional branch filter), `page`, `limit`
**Output:** array of `{ number, title, state, head_branch, base_branch, draft, html_url }`
**Gitea endpoint:** `GET /api/v1/repos/{owner}/{repo}/pulls`
---
### `pr_merge`
**Inputs:** `owner`, `name`, `index`, `style` (`merge`/`squash`/`rebase`, default `merge`), `merge_message_title` (optional), `merge_message_field` (optional)
**Output:** `{ merged: true, commit_sha }` — if Gitea returns 204 No Content (some merge styles), output is `{ merged: true }` without `commit_sha`.
**Gitea endpoint:** `POST /api/v1/repos/{owner}/{repo}/pulls/{index}/merge`
**Error handling:** 405 (checks failing) and 409 (merge conflict) passed through with the Gitea error message intact so the agent understands why it failed.
---
### `dir_list`
**Inputs:** `owner`, `name`, `path` (empty string = repo root), `ref` (optional branch/tag/SHA)
**Output:** array of `{ name, path, type (file|dir|symlink), sha, size }`
**Gitea endpoint:** `GET /api/v1/repos/{owner}/{repo}/contents/{path}`
**Note:** same endpoint as `file_read` but returns an array when `path` is a directory. Client detects response shape (array vs object). If called on a file path, returns a descriptive error: `"path is a file, not a directory — use file_read"`.
---
### `file_delete`
**Inputs:** `owner`, `name`, `path`, `branch`, `message`, `sha` (required — current blob SHA)
**Output:** `{ commit_sha, html_url }`
**Gitea endpoint:** `DELETE /api/v1/repos/{owner}/{repo}/contents/{path}`
---
### `tag_create`
**Inputs:** `owner`, `name`, `tag` (tag name), `target` (branch name or commit SHA), `message` (optional — creates annotated tag if set)
**Output:** `{ tag, commit_sha, html_url }`
**Gitea endpoint:** `POST /api/v1/repos/{owner}/{repo}/tags`
---
## Gitea Client Methods
New methods on `gitea.Client`:
| Method | Endpoint | HTTP verb |
|--------|----------|-----------|
| `ListBranches(ctx, owner, repo, page, limit)` | `/api/v1/repos/{owner}/{repo}/branches` | GET |
| `DeleteBranch(ctx, owner, repo, branch)` | `/api/v1/repos/{owner}/{repo}/branches/{branch}` | DELETE |
| `GetBranchProtection(ctx, owner, repo, branch)` | `/api/v1/repos/{owner}/{repo}/branch_protections/{branch}` | GET |
| `ListPullRequests(ctx, owner, repo, state, head, page, limit)` | `/api/v1/repos/{owner}/{repo}/pulls` | GET |
| `MergePullRequest(ctx, owner, repo, index, args)` | `/api/v1/repos/{owner}/{repo}/pulls/{index}/merge` | POST |
| `ListContents(ctx, owner, repo, path, ref)` | `/api/v1/repos/{owner}/{repo}/contents/{path}` | GET |
| `DeleteFile(ctx, owner, repo, path, args)` | `/api/v1/repos/{owner}/{repo}/contents/{path}` | DELETE |
| `CreateTag(ctx, owner, repo, args)` | `/api/v1/repos/{owner}/{repo}/tags` | POST |
---
## Architecture
No structural changes. Each new tool is:
- One file: `internal/tools/<tool_name>.go` + `internal/tools/<tool_name>_test.go`
- One client method: `internal/gitea/<domain>.go` (added to existing domain files where logical)
- Registered in `cmd/gitea-mcp/main.go`
`repo_status` is the only tool with internal composition — it calls three client methods and merges their results. It has no dedicated client method of its own.
New client methods go in existing domain files:
- Branch methods → `internal/gitea/files.go` (already has `BranchExists`, `CreateBranch`)
- PR methods → `internal/gitea/pulls.go`
- Contents (dir_list, file_delete) → `internal/gitea/files.go`
- Tags → new `internal/gitea/tags.go`
---
## Testing
Pattern: table-driven tests with a `httptest.NewServer` mock, same as `file_write_branch_test.go`.
Each tool covers:
- Happy path
- 404 response
- Allowlist rejection
- Tool-specific edge cases:
- `branch_delete`: 403 protected branch
- `branch_protection_get`: 404 → `{protected: false}` not error
- `dir_list`: file path → descriptive error
- `pr_merge`: 405 checks failing, 409 merge conflict
- `repo_status`: any one sub-call failing propagates the error
---
## Agent Decision Flow (Reference)
```
1. repo_status(owner, name)
→ if branch.protected && required_approvals > 0:
use feature-branch workflow
→ else:
use trunk-based workflow
Feature-branch workflow:
file_write_branch (auto-creates branch)
→ pr_create
→ [wait for CI via workflow_run_status]
→ pr_merge
→ branch_delete
Trunk-based workflow:
file_write_branch(branch=main)
→ [optionally] tag_create
Post-merge (either):
→ [optionally] tag_create to trigger deployment
```

49
internal/auth/bearer.go Normal file
View File

@@ -0,0 +1,49 @@
package auth
import (
"context"
"net/http"
"strings"
"time"
)
type tokenKey struct{}
// BearerMiddleware validates the incoming bearer token as a Gitea PAT by
// calling GET /api/v1/user. The validated token is stored in context for
// downstream use by the Gitea client.
func BearerMiddleware(giteaBaseURL string, next http.Handler) http.Handler {
hc := &http.Client{Timeout: 5 * time.Second}
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
token, ok := strings.CutPrefix(r.Header.Get("Authorization"), "Bearer ")
if !ok || token == "" {
http.Error(w, "unauthorized", http.StatusUnauthorized)
return
}
req, err := http.NewRequestWithContext(r.Context(), http.MethodGet, giteaBaseURL+"/api/v1/user", nil)
if err != nil {
http.Error(w, "unauthorized", http.StatusUnauthorized)
return
}
req.Header.Set("Authorization", "token "+token)
resp, err := hc.Do(req)
if err != nil || resp.StatusCode != http.StatusOK {
if resp != nil {
_ = resp.Body.Close()
}
http.Error(w, "unauthorized", http.StatusUnauthorized)
return
}
_ = resp.Body.Close()
ctx := context.WithValue(r.Context(), tokenKey{}, token)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
// TokenFromContext returns the validated Gitea PAT stored by BearerMiddleware.
func TokenFromContext(ctx context.Context) string {
if v, ok := ctx.Value(tokenKey{}).(string); ok {
return v
}
return ""
}

82
internal/auth/bearer_test.go Normal file
View File

@@ -0,0 +1,82 @@
package auth_test
import (
"net/http"
"net/http/httptest"
"testing"
"gitea.d-ma.be/mathias/gitea-mcp/internal/auth"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestBearerMiddleware_NoAuthHeader(t *testing.T) {
srv := httptest.NewServer(auth.BearerMiddleware("https://gitea.example.com",
http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
w.WriteHeader(http.StatusOK)
}),
))
defer srv.Close()
resp, err := http.Post(srv.URL+"/mcp", "application/json", nil)
require.NoError(t, err)
defer resp.Body.Close()
assert.Equal(t, http.StatusUnauthorized, resp.StatusCode)
}
func TestBearerMiddleware_InvalidToken(t *testing.T) {
// Mock Gitea that rejects the token
giteaMock := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusUnauthorized)
}))
defer giteaMock.Close()
srv := httptest.NewServer(auth.BearerMiddleware(giteaMock.URL,
http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
w.WriteHeader(http.StatusOK)
}),
))
defer srv.Close()
req, _ := http.NewRequest(http.MethodPost, srv.URL+"/mcp", nil)
req.Header.Set("Authorization", "Bearer bad-token")
resp, err := http.DefaultClient.Do(req)
require.NoError(t, err)
defer resp.Body.Close()
assert.Equal(t, http.StatusUnauthorized, resp.StatusCode)
}
func TestBearerMiddleware_ValidToken(t *testing.T) {
const token = "valid-pat"
// Mock Gitea that accepts the token and returns a user
giteaMock := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "token "+token, r.Header.Get("Authorization"))
w.WriteHeader(http.StatusOK)
}))
defer giteaMock.Close()
called := false
srv := httptest.NewServer(auth.BearerMiddleware(giteaMock.URL,
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
called = true
// Token must be available in context for downstream Gitea client
assert.Equal(t, token, auth.TokenFromContext(r.Context()))
w.WriteHeader(http.StatusOK)
}),
))
defer srv.Close()
req, _ := http.NewRequest(http.MethodPost, srv.URL+"/mcp", nil)
req.Header.Set("Authorization", "Bearer "+token)
resp, err := http.DefaultClient.Do(req)
require.NoError(t, err)
defer resp.Body.Close()
assert.Equal(t, http.StatusOK, resp.StatusCode)
assert.True(t, called)
}
func TestTokenFromContext_Empty(t *testing.T) {
req := httptest.NewRequest(http.MethodGet, "/", nil)
assert.Equal(t, "", auth.TokenFromContext(req.Context()))
}

2
internal/config/config.go
View File

@@ -8,7 +8,6 @@ import (
type Config struct {
Port string // GITEA_MCP_PORT, default 8080
GiteaBaseURL string // GITEA_BASE_URL, e.g. https://gitea.d-ma.be
GiteaAPIToken string // GITEA_API_TOKEN — bot user token
AllowedOwners []string // GITEA_MCP_ALLOWED_OWNERS, comma-separated, default "mathias"
OriginAllowlist []string // GITEA_MCP_ORIGIN_ALLOWLIST, comma-separated
}
@@ -17,7 +16,6 @@ func Load() (Config, error) {
cfg := Config{
Port: envOr("GITEA_MCP_PORT", "8080"),
GiteaBaseURL: os.Getenv("GITEA_BASE_URL"),
GiteaAPIToken: os.Getenv("GITEA_API_TOKEN"),
AllowedOwners: splitCSV(envOr("GITEA_MCP_ALLOWED_OWNERS", "mathias")),
OriginAllowlist: splitCSV(os.Getenv("GITEA_MCP_ORIGIN_ALLOWLIST")),
}

3
internal/config/config_test.go
View File

@@ -10,7 +10,6 @@ import (
func TestLoadDefaults(t *testing.T) {
t.Setenv("GITEA_BASE_URL", "")
t.Setenv("GITEA_API_TOKEN", "")
t.Setenv("GITEA_MCP_ALLOWED_OWNERS", "")
t.Setenv("GITEA_MCP_ORIGIN_ALLOWLIST", "")
t.Setenv("GITEA_MCP_PORT", "")
@@ -23,7 +22,6 @@ func TestLoadDefaults(t *testing.T) {
func TestLoadFromEnv(t *testing.T) {
t.Setenv("GITEA_BASE_URL", "https://gitea.d-ma.be")
t.Setenv("GITEA_API_TOKEN", "test-token")
t.Setenv("GITEA_MCP_ALLOWED_OWNERS", "mathias,acme")
t.Setenv("GITEA_MCP_ORIGIN_ALLOWLIST", "https://claude.ai,https://api.anthropic.com")
t.Setenv("GITEA_MCP_PORT", "9000")
@@ -31,7 +29,6 @@ func TestLoadFromEnv(t *testing.T) {
cfg, err := config.Load()
require.NoError(t, err)
assert.Equal(t, "https://gitea.d-ma.be", cfg.GiteaBaseURL)
assert.Equal(t, "test-token", cfg.GiteaAPIToken)
assert.Equal(t, []string{"mathias", "acme"}, cfg.AllowedOwners)
assert.Equal(t, []string{"https://claude.ai", "https://api.anthropic.com"}, cfg.OriginAllowlist)
assert.Equal(t, "9000", cfg.Port)

25
internal/gitea/client.go
View File

@@ -7,6 +7,7 @@ import (
"net/http"
"time"
"gitea.d-ma.be/mathias/gitea-mcp/internal/auth"
"github.com/hashicorp/golang-lru/v2/expirable"
)
@@ -49,8 +50,12 @@ func (c *Client) doOnce(ctx context.Context, method, path string, body []byte) (
if err != nil {
return nil, 0, err
}
if c.token != "" {
req.Header.Set("Authorization", "token "+c.token)
token := auth.TokenFromContext(ctx)
if token == "" {
token = c.token
}
if token != "" {
req.Header.Set("Authorization", "token "+token)
}
if body != nil {
req.Header.Set("Content-Type", "application/json")
@@ -61,7 +66,7 @@ func (c *Client) doOnce(ctx context.Context, method, path string, body []byte) (
if err != nil {
return nil, 0, err
}
defer resp.Body.Close()
defer func() { _ = resp.Body.Close() }()
b, err := io.ReadAll(resp.Body)
return b, resp.StatusCode, err
}
@@ -95,6 +100,10 @@ func (c *Client) DeleteJSON(ctx context.Context, path string) ([]byte, int, erro
return c.do(ctx, http.MethodDelete, path, nil)
}
func (c *Client) DeleteJSONBody(ctx context.Context, path string, body []byte) ([]byte, int, error) {
return c.do(ctx, http.MethodDelete, path, body)
}
type rawResponse struct {
Body []byte
Status int
@@ -110,8 +119,12 @@ func (c *Client) doRaw(ctx context.Context, method, path string, body []byte) (*
if err != nil {
return nil, err
}
if c.token != "" {
req.Header.Set("Authorization", "token "+c.token)
token := auth.TokenFromContext(ctx)
if token == "" {
token = c.token
}
if token != "" {
req.Header.Set("Authorization", "token "+token)
}
if body != nil {
req.Header.Set("Content-Type", "application/json")
@@ -122,7 +135,7 @@ func (c *Client) doRaw(ctx context.Context, method, path string, body []byte) (*
if err != nil {
return nil, err
}
defer resp.Body.Close()
defer func() { _ = resp.Body.Close() }()
b, err := io.ReadAll(resp.Body)
return &rawResponse{Body: b, Status: resp.StatusCode, Headers: resp.Header}, err
}

130
internal/gitea/files.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"encoding/json"
"fmt"
"net/url"
)
type FileContents struct {
@@ -92,13 +93,138 @@ type FileWriteResult struct {
} `json:"commit"`
}
func (c *Client) UpsertFile(ctx context.Context, owner, repo, path string, args UpsertFileArgs) (*FileWriteResult, error) {
func (c *Client) ListBranches(ctx context.Context, owner, repo string, page, limit int) ([]Branch, error) {
if page < 1 {
page = 1
}
if limit < 1 {
limit = 30
}
p := fmt.Sprintf("/api/v1/repos/%s/%s/branches?page=%d&limit=%d", owner, repo, page, limit)
body, status, err := c.GetJSON(ctx, p)
if err != nil {
return nil, err
}
if err := MapStatus(status, body); err != nil {
return nil, err
}
var branches []Branch
if err := json.Unmarshal(body, &branches); err != nil {
return nil, err
}
return branches, nil
}
func (c *Client) DeleteBranch(ctx context.Context, owner, repo, branch string) error {
p := fmt.Sprintf("/api/v1/repos/%s/%s/branches/%s", owner, repo, branch)
body, status, err := c.DeleteJSON(ctx, p)
if err != nil {
return err
}
return MapStatus(status, body)
}
type BranchProtection struct {
Protected bool `json:"-"`
RequiredApprovals int64 `json:"required_approvals"`
PushWhitelist []string `json:"push_whitelist_usernames"`
MergeWhitelist []string `json:"merge_whitelist_usernames"`
}
func (c *Client) GetBranchProtection(ctx context.Context, owner, repo, branch string) (*BranchProtection, error) {
p := fmt.Sprintf("/api/v1/repos/%s/%s/branch_protections/%s", owner, repo, branch)
body, status, err := c.GetJSON(ctx, p)
if err != nil {
return nil, err
}
if status == 404 {
return &BranchProtection{Protected: false}, nil
}
if err := MapStatus(status, body); err != nil {
return nil, err
}
var bp BranchProtection
if err := json.Unmarshal(body, &bp); err != nil {
return nil, err
}
bp.Protected = true
return &bp, nil
}
type DirEntry struct {
Name string `json:"name"`
Path string `json:"path"`
Type string `json:"type"`
Sha string `json:"sha"`
Size int64 `json:"size"`
}
func (c *Client) ListContents(ctx context.Context, owner, repo, path, ref string) ([]DirEntry, error) {
p := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", owner, repo, path)
if ref != "" {
p += "?ref=" + url.QueryEscape(ref)
}
body, status, err := c.GetJSON(ctx, p)
if err != nil {
return nil, err
}
if err := MapStatus(status, body); err != nil {
return nil, err
}
if len(body) > 0 && body[0] == '{' {
return nil, fmt.Errorf("path is a file, not a directory — use file_read: %w", ErrValidation)
}
var entries []DirEntry
if err := json.Unmarshal(body, &entries); err != nil {
return nil, err
}
return entries, nil
}
type DeleteFileArgs struct {
Branch string `json:"branch"`
Message string `json:"message"`
Sha string `json:"sha"`
}
func (c *Client) DeleteFile(ctx context.Context, owner, repo, path string, args DeleteFileArgs) (*FileWriteResult, error) {
p := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", owner, repo, path)
payload, err := json.Marshal(args)
if err != nil {
return nil, err
}
body, status, err := c.PutJSON(ctx, p, payload)
body, status, err := c.DeleteJSONBody(ctx, p, payload)
if err != nil {
return nil, err
}
if err := MapStatus(status, body); err != nil {
return nil, err
}
var out FileWriteResult
if err := json.Unmarshal(body, &out); err != nil {
return nil, err
}
return &out, nil
}
// UpsertFile creates a file when args.Sha is empty (POST) or updates an existing
// file when args.Sha is set (PUT). Gitea routes both operations by HTTP method on
// the same /contents/{path} URL, and rejects PUT without a sha.
func (c *Client) UpsertFile(ctx context.Context, owner, repo, path string, args UpsertFileArgs) (*FileWriteResult, error) {
p := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", owner, repo, path)
payload, err := json.Marshal(args)
if err != nil {
return nil, err
}
var (
body []byte
status int
)
if args.Sha == "" {
body, status, err = c.PostJSON(ctx, p, payload)
} else {
body, status, err = c.PutJSON(ctx, p, payload)
}
if err != nil {
return nil, err
}

149
internal/gitea/files_test.go
View File

@@ -82,6 +82,28 @@ func TestCreateBranchSendsPayload(t *testing.T) {
assert.Equal(t, "main", payload["old_branch_name"])
}
func TestListBranches(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "/api/v1/repos/o/r/branches", r.URL.Path)
assert.Equal(t, "1", r.URL.Query().Get("page"))
assert.Equal(t, "30", r.URL.Query().Get("limit"))
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`[
{"name":"main","commit":{"id":"abc","url":"http://example.com"}},
{"name":"feat/x","commit":{"id":"def","url":"http://example.com"}}
]`))
}))
defer srv.Close()
c := gitea.NewClient(srv.URL, "tok")
branches, err := c.ListBranches(context.Background(), "o", "r", 0, 0)
require.NoError(t, err)
require.Len(t, branches, 2)
assert.Equal(t, "main", branches[0].Name)
assert.Equal(t, "abc", branches[0].Commit.ID)
assert.Equal(t, "feat/x", branches[1].Name)
}
func TestUpsertFileSendsPayloadAndDecodesResult(t *testing.T) {
var captured []byte
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -116,3 +138,130 @@ func TestUpsertFileSendsPayloadAndDecodesResult(t *testing.T) {
assert.Equal(t, "http://example.com/p.md", result.Content.HTMLURL)
assert.Equal(t, "abc", result.Commit.Sha)
}
func TestDeleteBranch(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "/api/v1/repos/o/r/branches/feat/x", r.URL.Path)
assert.Equal(t, http.MethodDelete, r.Method)
w.WriteHeader(http.StatusNoContent)
}))
defer srv.Close()
c := gitea.NewClient(srv.URL, "tok")
err := c.DeleteBranch(context.Background(), "o", "r", "feat/x")
require.NoError(t, err)
}
func TestDeleteBranchProtected(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusForbidden)
_, _ = w.Write([]byte(`{"message":"branch is protected"}`))
}))
defer srv.Close()
c := gitea.NewClient(srv.URL, "tok")
err := c.DeleteBranch(context.Background(), "o", "r", "main")
require.Error(t, err)
assert.ErrorIs(t, err, gitea.ErrPermissionDenied)
}
func TestGetBranchProtectionFound(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "/api/v1/repos/o/r/branch_protections/main", r.URL.Path)
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`{
"required_approvals": 2,
"push_whitelist_usernames": ["alice"],
"merge_whitelist_usernames": ["bob"]
}`))
}))
defer srv.Close()
c := gitea.NewClient(srv.URL, "tok")
bp, err := c.GetBranchProtection(context.Background(), "o", "r", "main")
require.NoError(t, err)
assert.True(t, bp.Protected)
assert.Equal(t, int64(2), bp.RequiredApprovals)
assert.Equal(t, []string{"alice"}, bp.PushWhitelist)
assert.Equal(t, []string{"bob"}, bp.MergeWhitelist)
}
func TestGetBranchProtectionNotFoundReturnsUnprotected(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusNotFound)
_, _ = w.Write([]byte(`{"message":"not found"}`))
}))
defer srv.Close()
c := gitea.NewClient(srv.URL, "tok")
bp, err := c.GetBranchProtection(context.Background(), "o", "r", "feat/x")
require.NoError(t, err)
assert.False(t, bp.Protected)
}
func TestListContentsDirectory(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "/api/v1/repos/o/r/contents/src", r.URL.Path)
assert.Equal(t, "main", r.URL.Query().Get("ref"))
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`[
{"name":"main.go","path":"src/main.go","type":"file","sha":"abc","size":100},
{"name":"lib","path":"src/lib","type":"dir","sha":"def","size":0}
]`))
}))
defer srv.Close()
c := gitea.NewClient(srv.URL, "tok")
entries, err := c.ListContents(context.Background(), "o", "r", "src", "main")
require.NoError(t, err)
require.Len(t, entries, 2)
assert.Equal(t, "main.go", entries[0].Name)
assert.Equal(t, "file", entries[0].Type)
assert.Equal(t, "lib", entries[1].Name)
assert.Equal(t, "dir", entries[1].Type)
}
func TestListContentsOnFileReturnsError(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`{"path":"main.go","sha":"abc","size":100,"content":"","encoding":"base64"}`))
}))
defer srv.Close()
c := gitea.NewClient(srv.URL, "tok")
_, err := c.ListContents(context.Background(), "o", "r", "main.go", "")
require.Error(t, err)
assert.ErrorIs(t, err, gitea.ErrValidation)
}
func TestDeleteFile(t *testing.T) {
var captured []byte
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "/api/v1/repos/o/r/contents/src/old.go", r.URL.Path)
assert.Equal(t, http.MethodDelete, r.Method)
var err error
captured, err = io.ReadAll(r.Body)
require.NoError(t, err)
w.WriteHeader(http.StatusOK)
_, _ = w.Write([]byte(`{
"content":null,
"commit":{"sha":"cmt1","html_url":"http://example.com/commit/cmt1"}
}`))
}))
defer srv.Close()
c := gitea.NewClient(srv.URL, "tok")
result, err := c.DeleteFile(context.Background(), "o", "r", "src/old.go", gitea.DeleteFileArgs{
Branch: "main",
Message: "remove old.go",
Sha: "blobsha",
})
require.NoError(t, err)
assert.Equal(t, "cmt1", result.Commit.Sha)
var payload map[string]string
require.NoError(t, json.Unmarshal(captured, &payload))
assert.Equal(t, "main", payload["branch"])
assert.Equal(t, "remove old.go", payload["message"])
assert.Equal(t, "blobsha", payload["sha"])
}

46
internal/gitea/pulls.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"encoding/json"
"fmt"
"net/url"
)
type PullRequest struct {
@@ -101,3 +102,48 @@ func (c *Client) GetPullRequestDiff(ctx context.Context, owner, repo string, ind
}
return resp.Body, nil
}
type MergePRArgs struct {
Do string `json:"Do"`
Title string `json:"merge_message_title,omitempty"`
Body string `json:"merge_message_field,omitempty"`
}
func (c *Client) MergePullRequest(ctx context.Context, owner, repo string, index int, args MergePRArgs) error {
p := fmt.Sprintf("/api/v1/repos/%s/%s/pulls/%d/merge", owner, repo, index)
payload, err := json.Marshal(args)
if err != nil {
return err
}
body, status, err := c.PostJSON(ctx, p, payload)
if err != nil {
return err
}
return MapStatus(status, body)
}
func (c *Client) ListPullRequests(ctx context.Context, owner, repo, state, head string, page, limit int) ([]PullRequest, error) {
if page < 1 {
page = 1
}
if limit < 1 {
limit = 30
}
p := fmt.Sprintf("/api/v1/repos/%s/%s/pulls?state=%s&page=%d&limit=%d",
owner, repo, url.QueryEscape(state), page, limit)
if head != "" {
p += "&head=" + url.QueryEscape(head)
}
body, status, err := c.GetJSON(ctx, p)
if err != nil {
return nil, err
}
if err := MapStatus(status, body); err != nil {
return nil, err
}
var prs []PullRequest
if err := json.Unmarshal(body, &prs); err != nil {
return nil, err
}
return prs, nil
}

52
internal/gitea/pulls_test.go
View File

@@ -136,3 +136,55 @@ func TestGetPullRequestDiff(t *testing.T) {
require.NoError(t, err)
assert.Equal(t, []byte(rawDiff), diff)
}
func TestListPullRequests(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "/api/v1/repos/o/r/pulls", r.URL.Path)
assert.Equal(t, "open", r.URL.Query().Get("state"))
assert.Equal(t, "feat/x", r.URL.Query().Get("head"))
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`[` + pullFixture + `]`))
}))
defer srv.Close()
c := gitea.NewClient(srv.URL, "tok")
prs, err := c.ListPullRequests(context.Background(), "o", "r", "open", "feat/x", 0, 0)
require.NoError(t, err)
require.Len(t, prs, 1)
assert.Equal(t, 7, prs[0].Number)
assert.Equal(t, "feat/x", prs[0].Head.Ref)
}
func TestMergePullRequestSuccess(t *testing.T) {
var captured []byte
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "/api/v1/repos/o/r/pulls/7/merge", r.URL.Path)
assert.Equal(t, http.MethodPost, r.Method)
var err error
captured, err = io.ReadAll(r.Body)
require.NoError(t, err)
w.WriteHeader(http.StatusNoContent)
}))
defer srv.Close()
c := gitea.NewClient(srv.URL, "tok")
err := c.MergePullRequest(context.Background(), "o", "r", 7, gitea.MergePRArgs{Do: "squash"})
require.NoError(t, err)
var payload map[string]any
require.NoError(t, json.Unmarshal(captured, &payload))
assert.Equal(t, "squash", payload["Do"])
}
func TestMergePullRequestConflict(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusConflict)
_, _ = w.Write([]byte(`{"message":"merge conflict"}`))
}))
defer srv.Close()
c := gitea.NewClient(srv.URL, "tok")
err := c.MergePullRequest(context.Background(), "o", "r", 7, gitea.MergePRArgs{Do: "merge"})
require.Error(t, err)
assert.ErrorIs(t, err, gitea.ErrConflict)
}

42
internal/gitea/tags.go Normal file
View File

@@ -0,0 +1,42 @@
package gitea
import (
"context"
"encoding/json"
"fmt"
)
type CreateTagArgs struct {
TagName string `json:"tag_name"`
Target string `json:"target"`
Message string `json:"message,omitempty"`
}
type Tag struct {
Name string `json:"name"`
ID string `json:"id"`
Message string `json:"message"`
Commit struct {
Sha string `json:"sha"`
} `json:"commit"`
}
func (c *Client) CreateTag(ctx context.Context, owner, repo string, args CreateTagArgs) (*Tag, error) {
p := fmt.Sprintf("/api/v1/repos/%s/%s/tags", owner, repo)
payload, err := json.Marshal(args)
if err != nil {
return nil, err
}
body, status, err := c.PostJSON(ctx, p, payload)
if err != nil {
return nil, err
}
if err := MapStatus(status, body); err != nil {
return nil, err
}
var tag Tag
if err := json.Unmarshal(body, &tag); err != nil {
return nil, err
}
return &tag, nil
}

49
internal/gitea/tags_test.go Normal file
View File

@@ -0,0 +1,49 @@
package gitea_test
import (
"context"
"encoding/json"
"io"
"net/http"
"net/http/httptest"
"testing"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestCreateTag(t *testing.T) {
var captured []byte
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "/api/v1/repos/o/r/tags", r.URL.Path)
assert.Equal(t, http.MethodPost, r.Method)
var err error
captured, err = io.ReadAll(r.Body)
require.NoError(t, err)
w.WriteHeader(http.StatusCreated)
_, _ = w.Write([]byte(`{
"name":"v1.0.0",
"id":"tagsha",
"message":"release",
"commit":{"sha":"cmt1","url":"http://example.com/commit/cmt1"}
}`))
}))
defer srv.Close()
c := gitea.NewClient(srv.URL, "tok")
tag, err := c.CreateTag(context.Background(), "o", "r", gitea.CreateTagArgs{
TagName: "v1.0.0",
Target: "main",
Message: "release",
})
require.NoError(t, err)
assert.Equal(t, "v1.0.0", tag.Name)
assert.Equal(t, "cmt1", tag.Commit.Sha)
var payload map[string]string
require.NoError(t, json.Unmarshal(captured, &payload))
assert.Equal(t, "v1.0.0", payload["tag_name"])
assert.Equal(t, "main", payload["target"])
assert.Equal(t, "release", payload["message"])
}

12
internal/mcp/server.go
View File

@@ -9,7 +9,7 @@ import (
)
const (
ProtocolVersion = "2025-06-18"
ProtocolVersion = "2025-03-26"
maxRequestBodyBytes = 1 << 20 // 1 MiB
)
@@ -31,6 +31,9 @@ func NewServer(opts ServerOptions) *Server {
func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case http.MethodHead:
w.Header().Set("MCP-Protocol-Version", ProtocolVersion)
w.WriteHeader(http.StatusOK)
case http.MethodGet:
s.handleGET(w, r)
case http.MethodPost:
@@ -108,11 +111,8 @@ func (s *Server) handlePOST(w http.ResponseWriter, r *http.Request) {
}
func (s *Server) handleGET(w http.ResponseWriter, r *http.Request) {
sid := r.Header.Get("Mcp-Session-Id")
if !s.opts.Sessions.Valid(sid) {
http.Error(w, "missing or invalid Mcp-Session-Id", http.StatusBadRequest)
return
}
// Session ID is optional for GET: clients may open the SSE stream before
// calling initialize (e.g. claude.ai probes on add). Accept with or without.
w.Header().Set("Content-Type", "text/event-stream")
w.Header().Set("Cache-Control", "no-cache")
w.Header().Set("Connection", "keep-alive")

11
internal/mcp/server_test.go
View File

@@ -52,7 +52,7 @@ func TestInitialize(t *testing.T) {
var resp map[string]any
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &resp))
result := resp["result"].(map[string]any)
assert.Equal(t, "2025-06-18", result["protocolVersion"])
assert.Equal(t, mcp.ProtocolVersion, result["protocolVersion"])
si := result["serverInfo"].(map[string]any)
assert.Equal(t, "gitea-mcp", si["name"])
}
@@ -118,6 +118,15 @@ func TestPostBodyTooLarge(t *testing.T) {
assert.Equal(t, http.StatusBadRequest, rr.Code)
}
func TestHEADReturnsMCPProtocolVersionHeader(t *testing.T) {
srv := newServer(t)
req := httptest.NewRequest(http.MethodHead, "/mcp", nil)
rr := httptest.NewRecorder()
srv.ServeHTTP(rr, req)
require.Equal(t, http.StatusOK, rr.Code)
assert.Equal(t, mcp.ProtocolVersion, rr.Header().Get("MCP-Protocol-Version"))
}
func TestToolsCallToolNotFound(t *testing.T) {
srv := newServer(t)
// Initialize to get a session ID.

64
internal/tools/branch_delete.go Normal file
View File

@@ -0,0 +1,64 @@
package tools
import (
"context"
"encoding/json"
"fmt"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/registry"
)
type BranchDelete struct {
c *gitea.Client
a *allowlist.Allowlist
}
func NewBranchDelete(c *gitea.Client, a *allowlist.Allowlist) *BranchDelete {
return &BranchDelete{c: c, a: a}
}
func (t *BranchDelete) Descriptor() registry.ToolDescriptor {
return registry.ToolDescriptor{
Name: "branch_delete",
Description: "Delete a branch from a repository.",
InputSchema: json.RawMessage(`{
"type":"object",
"properties":{
"owner":{"type":"string"},
"name":{"type":"string"},
"branch":{"type":"string"}
},
"required":["owner","name","branch"]
}`),
}
}
type branchDeleteArgs struct {
Owner string `json:"owner"`
Name string `json:"name"`
Branch string `json:"branch"`
}
func (t *BranchDelete) Call(ctx context.Context, raw json.RawMessage) (json.RawMessage, error) {
var args branchDeleteArgs
if err := parseArgs(raw, &args); err != nil {
return nil, err
}
if err := t.a.Check(args.Owner); err != nil {
return nil, err
}
if args.Branch == "" {
return nil, fmt.Errorf("branch is required: %w", gitea.ErrValidation)
}
if err := t.c.DeleteBranch(ctx, args.Owner, args.Name, args.Branch); err != nil {
return nil, err
}
return textOK(map[string]any{
"deleted": true,
"branch": args.Branch,
})
}

51
internal/tools/branch_delete_test.go Normal file
View File

@@ -0,0 +1,51 @@
package tools_test
import (
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/tools"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestBranchDeleteSuccess(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, http.MethodDelete, r.Method)
w.WriteHeader(http.StatusNoContent)
}))
defer srv.Close()
tool := tools.NewBranchDelete(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
out, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo","branch":"feat/x"}`))
require.NoError(t, err)
var result map[string]any
require.NoError(t, json.Unmarshal(out, &result))
assert.Equal(t, true, result["deleted"])
assert.Equal(t, "feat/x", result["branch"])
}
func TestBranchDeleteProtectedReturnsError(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusForbidden)
_, _ = w.Write([]byte(`{"message":"branch is protected"}`))
}))
defer srv.Close()
tool := tools.NewBranchDelete(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo","branch":"main"}`))
require.Error(t, err)
assert.ErrorIs(t, err, gitea.ErrPermissionDenied)
}
func TestBranchDeleteAllowlistRejects(t *testing.T) {
tool := tools.NewBranchDelete(gitea.NewClient("http://unused", ""), allowlist.New([]string{"allowed"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"evil","name":"repo","branch":"feat/x"}`))
require.Error(t, err)
}

67
internal/tools/branch_list.go Normal file
View File

@@ -0,0 +1,67 @@
package tools
import (
"context"
"encoding/json"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/registry"
)
type BranchList struct {
c *gitea.Client
a *allowlist.Allowlist
}
func NewBranchList(c *gitea.Client, a *allowlist.Allowlist) *BranchList {
return &BranchList{c: c, a: a}
}
func (t *BranchList) Descriptor() registry.ToolDescriptor {
return registry.ToolDescriptor{
Name: "branch_list",
Description: "List branches in a repository.",
InputSchema: json.RawMessage(`{
"type":"object",
"properties":{
"owner":{"type":"string"},
"name":{"type":"string"},
"page":{"type":"integer","minimum":1},
"limit":{"type":"integer","minimum":1,"maximum":50}
},
"required":["owner","name"]
}`),
}
}
type branchListArgs struct {
Owner string `json:"owner"`
Name string `json:"name"`
Page int `json:"page"`
Limit int `json:"limit"`
}
func (t *BranchList) Call(ctx context.Context, raw json.RawMessage) (json.RawMessage, error) {
var args branchListArgs
if err := parseArgs(raw, &args); err != nil {
return nil, err
}
if err := t.a.Check(args.Owner); err != nil {
return nil, err
}
branches, err := t.c.ListBranches(ctx, args.Owner, args.Name, args.Page, capLimit(args.Limit, 30))
if err != nil {
return nil, err
}
result := make([]map[string]any, len(branches))
for i, b := range branches {
result[i] = map[string]any{
"name": b.Name,
"sha": b.Commit.ID,
}
}
return textOK(result)
}

43
internal/tools/branch_list_test.go Normal file
View File

@@ -0,0 +1,43 @@
package tools_test
import (
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/tools"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestBranchListReturnsNames(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`[
{"name":"main","commit":{"id":"abc","url":""}},
{"name":"feat/x","commit":{"id":"def","url":""}}
]`))
}))
defer srv.Close()
tool := tools.NewBranchList(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
out, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo"}`))
require.NoError(t, err)
var result []map[string]any
require.NoError(t, json.Unmarshal(out, &result))
require.Len(t, result, 2)
assert.Equal(t, "main", result[0]["name"])
assert.Equal(t, "abc", result[0]["sha"])
assert.Equal(t, "feat/x", result[1]["name"])
}
func TestBranchListAllowlistRejects(t *testing.T) {
tool := tools.NewBranchList(gitea.NewClient("http://unused", ""), allowlist.New([]string{"allowed"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"evil","name":"repo"}`))
require.Error(t, err)
}

63
internal/tools/branch_protection_get.go Normal file
View File

@@ -0,0 +1,63 @@
package tools
import (
"context"
"encoding/json"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/registry"
)
type BranchProtectionGet struct {
c *gitea.Client
a *allowlist.Allowlist
}
func NewBranchProtectionGet(c *gitea.Client, a *allowlist.Allowlist) *BranchProtectionGet {
return &BranchProtectionGet{c: c, a: a}
}
func (t *BranchProtectionGet) Descriptor() registry.ToolDescriptor {
return registry.ToolDescriptor{
Name: "branch_protection_get",
Description: "Get branch protection rules. Returns {protected:false} if no rule exists — never returns an error for unprotected branches.",
InputSchema: json.RawMessage(`{
"type":"object",
"properties":{
"owner":{"type":"string"},
"name":{"type":"string"},
"branch":{"type":"string"}
},
"required":["owner","name","branch"]
}`),
}
}
type branchProtectionGetArgs struct {
Owner string `json:"owner"`
Name string `json:"name"`
Branch string `json:"branch"`
}
func (t *BranchProtectionGet) Call(ctx context.Context, raw json.RawMessage) (json.RawMessage, error) {
var args branchProtectionGetArgs
if err := parseArgs(raw, &args); err != nil {
return nil, err
}
if err := t.a.Check(args.Owner); err != nil {
return nil, err
}
bp, err := t.c.GetBranchProtection(ctx, args.Owner, args.Name, args.Branch)
if err != nil {
return nil, err
}
return textOK(map[string]any{
"protected": bp.Protected,
"required_approvals": bp.RequiredApprovals,
"push_whitelist": bp.PushWhitelist,
"merge_whitelist": bp.MergeWhitelist,
})
}

54
internal/tools/branch_protection_get_test.go Normal file
View File

@@ -0,0 +1,54 @@
package tools_test
import (
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/tools"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestBranchProtectionGetProtected(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`{"required_approvals":1,"push_whitelist_usernames":[],"merge_whitelist_usernames":[]}`))
}))
defer srv.Close()
tool := tools.NewBranchProtectionGet(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
out, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo","branch":"main"}`))
require.NoError(t, err)
var result map[string]any
require.NoError(t, json.Unmarshal(out, &result))
assert.Equal(t, true, result["protected"])
assert.Equal(t, float64(1), result["required_approvals"])
}
func TestBranchProtectionGetUnprotected(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusNotFound)
_, _ = w.Write([]byte(`{"message":"not found"}`))
}))
defer srv.Close()
tool := tools.NewBranchProtectionGet(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
out, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo","branch":"feat/x"}`))
require.NoError(t, err)
var result map[string]any
require.NoError(t, json.Unmarshal(out, &result))
assert.Equal(t, false, result["protected"])
}
func TestBranchProtectionGetAllowlistRejects(t *testing.T) {
tool := tools.NewBranchProtectionGet(gitea.NewClient("http://unused", ""), allowlist.New([]string{"allowed"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"evil","name":"repo","branch":"main"}`))
require.Error(t, err)
}

70
internal/tools/dir_list.go Normal file
View File

@@ -0,0 +1,70 @@
package tools
import (
"context"
"encoding/json"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/registry"
)
type DirList struct {
c *gitea.Client
a *allowlist.Allowlist
}
func NewDirList(c *gitea.Client, a *allowlist.Allowlist) *DirList {
return &DirList{c: c, a: a}
}
func (t *DirList) Descriptor() registry.ToolDescriptor {
return registry.ToolDescriptor{
Name: "dir_list",
Description: "List directory contents in a repository. Use empty path for repo root. Returns name, path, type (file/dir/symlink), sha, size per entry.",
InputSchema: json.RawMessage(`{
"type":"object",
"properties":{
"owner":{"type":"string"},
"name":{"type":"string"},
"path":{"type":"string"},
"ref":{"type":"string"}
},
"required":["owner","name"]
}`),
}
}
type dirListArgs struct {
Owner string `json:"owner"`
Name string `json:"name"`
Path string `json:"path"`
Ref string `json:"ref"`
}
func (t *DirList) Call(ctx context.Context, raw json.RawMessage) (json.RawMessage, error) {
var args dirListArgs
if err := parseArgs(raw, &args); err != nil {
return nil, err
}
if err := t.a.Check(args.Owner); err != nil {
return nil, err
}
entries, err := t.c.ListContents(ctx, args.Owner, args.Name, args.Path, args.Ref)
if err != nil {
return nil, err
}
result := make([]map[string]any, len(entries))
for i, e := range entries {
result[i] = map[string]any{
"name": e.Name,
"path": e.Path,
"type": e.Type,
"sha": e.Sha,
"size": e.Size,
}
}
return textOK(result)
}

75
internal/tools/dir_list_test.go Normal file
View File

@@ -0,0 +1,75 @@
package tools_test
import (
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/tools"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestDirListReturnsEntries(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "/api/v1/repos/owner/repo/contents/src", r.URL.Path)
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`[
{"name":"main.go","path":"src/main.go","type":"file","sha":"abc","size":512},
{"name":"util","path":"src/util","type":"dir","sha":"def","size":0}
]`))
}))
defer srv.Close()
tool := tools.NewDirList(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
out, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo","path":"src"}`))
require.NoError(t, err)
var result []map[string]any
require.NoError(t, json.Unmarshal(out, &result))
require.Len(t, result, 2)
assert.Equal(t, "main.go", result[0]["name"])
assert.Equal(t, "file", result[0]["type"])
assert.Equal(t, "util", result[1]["name"])
assert.Equal(t, "dir", result[1]["type"])
}
func TestDirListRootPath(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "/api/v1/repos/owner/repo/contents/", r.URL.Path)
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`[]`))
}))
defer srv.Close()
tool := tools.NewDirList(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
out, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo","path":""}`))
require.NoError(t, err)
var result []map[string]any
require.NoError(t, json.Unmarshal(out, &result))
assert.Empty(t, result)
}
func TestDirListOnFileReturnsError(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`{"path":"README.md","sha":"abc","size":10,"content":"","encoding":"base64"}`))
}))
defer srv.Close()
tool := tools.NewDirList(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo","path":"README.md"}`))
require.Error(t, err)
assert.ErrorIs(t, err, gitea.ErrValidation)
}
func TestDirListAllowlistRejects(t *testing.T) {
tool := tools.NewDirList(gitea.NewClient("http://unused", ""), allowlist.New([]string{"allowed"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"evil","name":"repo","path":""}`))
require.Error(t, err)
}

78
internal/tools/file_delete.go Normal file
View File

@@ -0,0 +1,78 @@
package tools
import (
"context"
"encoding/json"
"fmt"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/registry"
)
type FileDelete struct {
c *gitea.Client
a *allowlist.Allowlist
}
func NewFileDelete(c *gitea.Client, a *allowlist.Allowlist) *FileDelete {
return &FileDelete{c: c, a: a}
}
func (t *FileDelete) Descriptor() registry.ToolDescriptor {
return registry.ToolDescriptor{
Name: "file_delete",
Description: "Delete a file from a repository branch. sha is the current blob SHA (from file_read).",
InputSchema: json.RawMessage(`{
"type":"object",
"properties":{
"owner":{"type":"string"},
"name":{"type":"string"},
"path":{"type":"string"},
"branch":{"type":"string"},
"message":{"type":"string"},
"sha":{"type":"string"}
},
"required":["owner","name","path","branch","message","sha"]
}`),
}
}
type fileDeleteArgs struct {
Owner string `json:"owner"`
Name string `json:"name"`
Path string `json:"path"`
Branch string `json:"branch"`
Message string `json:"message"`
Sha string `json:"sha"`
}
func (t *FileDelete) Call(ctx context.Context, raw json.RawMessage) (json.RawMessage, error) {
var args fileDeleteArgs
if err := parseArgs(raw, &args); err != nil {
return nil, err
}
if err := t.a.Check(args.Owner); err != nil {
return nil, err
}
if args.Sha == "" {
return nil, fmt.Errorf("sha is required: %w", gitea.ErrValidation)
}
if args.Message == "" {
return nil, fmt.Errorf("message is required: %w", gitea.ErrValidation)
}
result, err := t.c.DeleteFile(ctx, args.Owner, args.Name, args.Path, gitea.DeleteFileArgs{
Branch: args.Branch,
Message: args.Message,
Sha: args.Sha,
})
if err != nil {
return nil, err
}
return textOK(map[string]any{
"commit_sha": result.Commit.Sha,
"html_url": result.Commit.HTMLURL,
})
}

52
internal/tools/file_delete_test.go Normal file
View File

@@ -0,0 +1,52 @@
package tools_test
import (
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/tools"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestFileDeleteSuccess(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, http.MethodDelete, r.Method)
w.WriteHeader(http.StatusOK)
_, _ = w.Write([]byte(`{"content":null,"commit":{"sha":"cmt1","html_url":"http://example.com/commit/cmt1"}}`))
}))
defer srv.Close()
tool := tools.NewFileDelete(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
out, err := tool.Call(context.Background(), json.RawMessage(`{
"owner":"owner","name":"repo","path":"src/old.go",
"branch":"main","message":"remove old.go","sha":"blobsha"
}`))
require.NoError(t, err)
var result map[string]any
require.NoError(t, json.Unmarshal(out, &result))
assert.Equal(t, "cmt1", result["commit_sha"])
}
func TestFileDeleteRequiresSha(t *testing.T) {
tool := tools.NewFileDelete(gitea.NewClient("http://unused", ""), allowlist.New([]string{"owner"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{
"owner":"owner","name":"repo","path":"f.go","branch":"main","message":"rm"
}`))
require.Error(t, err)
assert.ErrorIs(t, err, gitea.ErrValidation)
}
func TestFileDeleteAllowlistRejects(t *testing.T) {
tool := tools.NewFileDelete(gitea.NewClient("http://unused", ""), allowlist.New([]string{"allowed"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{
"owner":"evil","name":"repo","path":"f.go","branch":"main","message":"rm","sha":"abc"
}`))
require.Error(t, err)
}

37
internal/tools/file_write_branch_test.go
View File

@@ -39,9 +39,9 @@ func TestFileWriteBranchCreatesBranchAndFile(t *testing.T) {
_, _ = w.Write([]byte(createBranchResp))
})
// Upsert file → 201
// New file (no sha) → POST to /contents/{path}
mux.HandleFunc("/api/v1/repos/owner/myrepo/contents/doc.md", func(w http.ResponseWriter, r *http.Request) {
require.Equal(t, http.MethodPut, r.Method)
require.Equal(t, http.MethodPost, r.Method)
w.WriteHeader(http.StatusCreated)
_, _ = w.Write([]byte(upsertFileResp))
})
@@ -64,6 +64,39 @@ func TestFileWriteBranchCreatesBranchAndFile(t *testing.T) {
assert.Equal(t, "cmt1", result["commit_sha"])
}
func TestFileWriteBranchUsesPutWhenShaProvided(t *testing.T) {
mux := http.NewServeMux()
// Branch exists
mux.HandleFunc("/api/v1/repos/owner/myrepo/branches/feat/existing", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(branchCheckExistsResp))
})
// Existing file (sha provided) → PUT
mux.HandleFunc("/api/v1/repos/owner/myrepo/contents/doc.md", func(w http.ResponseWriter, r *http.Request) {
require.Equal(t, http.MethodPut, r.Method)
w.WriteHeader(http.StatusOK)
_, _ = w.Write([]byte(upsertFileResp))
})
srv := httptest.NewServer(mux)
defer srv.Close()
tool := tools.NewFileWriteBranch(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
out, err := tool.Call(context.Background(), json.RawMessage(`{
"owner":"owner","name":"myrepo","path":"doc.md",
"content":"hello","branch":"feat/existing",
"sha":"oldsha","message":"update doc.md"
}`))
require.NoError(t, err)
var result map[string]any
require.NoError(t, json.Unmarshal(out, &result))
assert.Equal(t, "feat/existing", result["branch"])
assert.Equal(t, "cmt1", result["commit_sha"])
}
func TestFileWriteBranchUsesDefaultBaseWhenBaseEmpty(t *testing.T) {
var createBody []byte
mux := http.NewServeMux()

2
internal/tools/pr_files_diff.go
View File

@@ -143,7 +143,7 @@ func splitUnifiedDiff(d []byte) map[string][]byte {
flush := func() {
if currentFile != "" {
m[currentFile] = []byte(current.String())
m[currentFile] = current.Bytes()
current.Reset()
}
}

6
internal/tools/pr_files_diff_test.go
View File

@@ -42,11 +42,11 @@ func buildFilesJSON(files []string, additions int) string {
func newPRFilesDiffServer(t *testing.T, filesJSON, rawDiff string) *httptest.Server {
t.Helper()
return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch {
case r.URL.Path == "/api/v1/repos/o/r/pulls/1/files":
switch r.URL.Path {
case "/api/v1/repos/o/r/pulls/1/files":
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(filesJSON))
case r.URL.Path == "/api/v1/repos/o/r/pulls/1.diff":
case "/api/v1/repos/o/r/pulls/1.diff":
w.Header().Set("Content-Type", "text/plain")
_, _ = w.Write([]byte(rawDiff))
default:

80
internal/tools/pr_list.go Normal file
View File

@@ -0,0 +1,80 @@
package tools
import (
"context"
"encoding/json"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/registry"
)
type PRList struct {
c *gitea.Client
a *allowlist.Allowlist
}
func NewPRList(c *gitea.Client, a *allowlist.Allowlist) *PRList {
return &PRList{c: c, a: a}
}
func (t *PRList) Descriptor() registry.ToolDescriptor {
return registry.ToolDescriptor{
Name: "pr_list",
Description: "List pull requests. state: open (default), closed, or all. Optionally filter by head branch.",
InputSchema: json.RawMessage(`{
"type":"object",
"properties":{
"owner":{"type":"string"},
"name":{"type":"string"},
"state":{"type":"string","enum":["open","closed","all"]},
"head":{"type":"string"},
"page":{"type":"integer","minimum":1},
"limit":{"type":"integer","minimum":1,"maximum":50}
},
"required":["owner","name"]
}`),
}
}
type prListArgs struct {
Owner string `json:"owner"`
Name string `json:"name"`
State string `json:"state"`
Head string `json:"head"`
Page int `json:"page"`
Limit int `json:"limit"`
}
func (t *PRList) Call(ctx context.Context, raw json.RawMessage) (json.RawMessage, error) {
var args prListArgs
if err := parseArgs(raw, &args); err != nil {
return nil, err
}
if err := t.a.Check(args.Owner); err != nil {
return nil, err
}
state := args.State
if state == "" {
state = "open"
}
prs, err := t.c.ListPullRequests(ctx, args.Owner, args.Name, state, args.Head, args.Page, capLimit(args.Limit, 30))
if err != nil {
return nil, err
}
result := make([]map[string]any, len(prs))
for i, pr := range prs {
result[i] = map[string]any{
"number": pr.Number,
"title": pr.Title,
"state": pr.State,
"head_branch": pr.Head.Ref,
"base_branch": pr.Base.Ref,
"draft": pr.Draft,
"html_url": pr.HTMLURL,
}
}
return textOK(result)
}

62
internal/tools/pr_list_test.go Normal file
View File

@@ -0,0 +1,62 @@
package tools_test
import (
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/tools"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestPRListReturnsOpenPRs(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "open", r.URL.Query().Get("state"))
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`[{
"number":7,"title":"Add feature X","html_url":"http://example.com/pulls/7",
"state":"open","draft":false,
"head":{"ref":"feat/x"},"base":{"ref":"main"}
}]`))
}))
defer srv.Close()
tool := tools.NewPRList(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
out, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo"}`))
require.NoError(t, err)
var result []map[string]any
require.NoError(t, json.Unmarshal(out, &result))
require.Len(t, result, 1)
assert.Equal(t, float64(7), result[0]["number"])
assert.Equal(t, "feat/x", result[0]["head_branch"])
assert.Equal(t, "main", result[0]["base_branch"])
}
func TestPRListDefaultsToOpen(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "open", r.URL.Query().Get("state"))
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`[]`))
}))
defer srv.Close()
tool := tools.NewPRList(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
out, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo"}`))
require.NoError(t, err)
var result []map[string]any
require.NoError(t, json.Unmarshal(out, &result))
assert.Empty(t, result)
}
func TestPRListAllowlistRejects(t *testing.T) {
tool := tools.NewPRList(gitea.NewClient("http://unused", ""), allowlist.New([]string{"allowed"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"evil","name":"repo"}`))
require.Error(t, err)
}

76
internal/tools/pr_merge.go Normal file
View File

@@ -0,0 +1,76 @@
package tools
import (
"context"
"encoding/json"
"fmt"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/registry"
)
type PRMerge struct {
c *gitea.Client
a *allowlist.Allowlist
}
func NewPRMerge(c *gitea.Client, a *allowlist.Allowlist) *PRMerge {
return &PRMerge{c: c, a: a}
}
func (t *PRMerge) Descriptor() registry.ToolDescriptor {
return registry.ToolDescriptor{
Name: "pr_merge",
Description: "Merge a pull request. style: merge (default), squash, or rebase.",
InputSchema: json.RawMessage(`{
"type":"object",
"properties":{
"owner":{"type":"string"},
"name":{"type":"string"},
"index":{"type":"integer","minimum":1},
"style":{"type":"string","enum":["merge","squash","rebase"]},
"merge_message_title":{"type":"string"},
"merge_message_field":{"type":"string"}
},
"required":["owner","name","index"]
}`),
}
}
type prMergeArgs struct {
Owner string `json:"owner"`
Name string `json:"name"`
Index int `json:"index"`
Style string `json:"style"`
Title string `json:"merge_message_title"`
Body string `json:"merge_message_field"`
}
func (t *PRMerge) Call(ctx context.Context, raw json.RawMessage) (json.RawMessage, error) {
var args prMergeArgs
if err := parseArgs(raw, &args); err != nil {
return nil, err
}
if err := t.a.Check(args.Owner); err != nil {
return nil, err
}
if args.Index < 1 {
return nil, fmt.Errorf("index must be >= 1: %w", gitea.ErrValidation)
}
style := args.Style
if style == "" {
style = "merge"
}
if err := t.c.MergePullRequest(ctx, args.Owner, args.Name, args.Index, gitea.MergePRArgs{
Do: style,
Title: args.Title,
Body: args.Body,
}); err != nil {
return nil, err
}
return textOK(map[string]any{"merged": true})
}

70
internal/tools/pr_merge_test.go Normal file
View File

@@ -0,0 +1,70 @@
package tools_test
import (
"context"
"encoding/json"
"io"
"net/http"
"net/http/httptest"
"testing"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/tools"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestPRMergeSuccess(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "/api/v1/repos/owner/repo/pulls/7/merge", r.URL.Path)
w.WriteHeader(http.StatusNoContent)
}))
defer srv.Close()
tool := tools.NewPRMerge(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
out, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo","index":7}`))
require.NoError(t, err)
var result map[string]any
require.NoError(t, json.Unmarshal(out, &result))
assert.Equal(t, true, result["merged"])
}
func TestPRMergeDefaultsToMergeStyle(t *testing.T) {
var captured []byte
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
var err error
captured, err = io.ReadAll(r.Body)
require.NoError(t, err)
w.WriteHeader(http.StatusNoContent)
}))
defer srv.Close()
tool := tools.NewPRMerge(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo","index":7}`))
require.NoError(t, err)
var payload map[string]any
require.NoError(t, json.Unmarshal(captured, &payload))
assert.Equal(t, "merge", payload["Do"])
}
func TestPRMergeConflictReturnsError(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusConflict)
_, _ = w.Write([]byte(`{"message":"merge conflict"}`))
}))
defer srv.Close()
tool := tools.NewPRMerge(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo","index":7}`))
require.Error(t, err)
assert.ErrorIs(t, err, gitea.ErrConflict)
}
func TestPRMergeAllowlistRejects(t *testing.T) {
tool := tools.NewPRMerge(gitea.NewClient("http://unused", ""), allowlist.New([]string{"allowed"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"evil","name":"repo","index":1}`))
require.Error(t, err)
}

104
internal/tools/repo_status.go Normal file
View File

@@ -0,0 +1,104 @@
package tools
import (
"context"
"encoding/json"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/registry"
)
type RepoStatus struct {
c *gitea.Client
a *allowlist.Allowlist
}
func NewRepoStatus(c *gitea.Client, a *allowlist.Allowlist) *RepoStatus {
return &RepoStatus{c: c, a: a}
}
func (t *RepoStatus) Descriptor() registry.ToolDescriptor {
return registry.ToolDescriptor{
Name: "repo_status",
Description: "Get repo state in one call: all branches, open PRs, and protection rules for a target branch. Use this first to decide whether to use feature-branch or trunk-based development.",
InputSchema: json.RawMessage(`{
"type":"object",
"properties":{
"owner":{"type":"string"},
"name":{"type":"string"},
"branch":{"type":"string"}
},
"required":["owner","name"]
}`),
}
}
type repoStatusArgs struct {
Owner string `json:"owner"`
Name string `json:"name"`
Branch string `json:"branch"`
}
func (t *RepoStatus) Call(ctx context.Context, raw json.RawMessage) (json.RawMessage, error) {
var args repoStatusArgs
if err := parseArgs(raw, &args); err != nil {
return nil, err
}
if err := t.a.Check(args.Owner); err != nil {
return nil, err
}
branch := args.Branch
if branch == "" {
var err error
branch, err = t.c.DefaultBranch(ctx, args.Owner, args.Name)
if err != nil {
return nil, err
}
}
branches, err := t.c.ListBranches(ctx, args.Owner, args.Name, 1, 50)
if err != nil {
return nil, err
}
prs, err := t.c.ListPullRequests(ctx, args.Owner, args.Name, "open", "", 1, 50)
if err != nil {
return nil, err
}
bp, err := t.c.GetBranchProtection(ctx, args.Owner, args.Name, branch)
if err != nil {
return nil, err
}
branchList := make([]map[string]any, len(branches))
for i, b := range branches {
branchList[i] = map[string]any{"name": b.Name, "sha": b.Commit.ID}
}
prList := make([]map[string]any, len(prs))
for i, pr := range prs {
prList[i] = map[string]any{
"number": pr.Number,
"title": pr.Title,
"state": pr.State,
"head_branch": pr.Head.Ref,
"base_branch": pr.Base.Ref,
"draft": pr.Draft,
"html_url": pr.HTMLURL,
}
}
return textOK(map[string]any{
"branches": branchList,
"open_prs": prList,
"protection": map[string]any{
"protected": bp.Protected,
"required_approvals": bp.RequiredApprovals,
"push_whitelist": bp.PushWhitelist,
"merge_whitelist": bp.MergeWhitelist,
},
})
}

131
internal/tools/repo_status_test.go Normal file
View File

@@ -0,0 +1,131 @@
package tools_test
import (
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/tools"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestRepoStatusComposesThreeEndpoints(t *testing.T) {
mux := http.NewServeMux()
mux.HandleFunc("/api/v1/repos/owner/repo/branches", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`[
{"name":"main","commit":{"id":"abc","url":""}},
{"name":"feat/x","commit":{"id":"def","url":""}}
]`))
})
mux.HandleFunc("/api/v1/repos/owner/repo/pulls", func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "open", r.URL.Query().Get("state"))
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`[{
"number":3,"title":"My PR","html_url":"http://example.com/pulls/3",
"state":"open","draft":false,
"head":{"ref":"feat/x"},"base":{"ref":"main"}
}]`))
})
mux.HandleFunc("/api/v1/repos/owner/repo/branch_protections/main", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`{"required_approvals":1,"push_whitelist_usernames":[],"merge_whitelist_usernames":[]}`))
})
srv := httptest.NewServer(mux)
defer srv.Close()
tool := tools.NewRepoStatus(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
out, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo","branch":"main"}`))
require.NoError(t, err)
var result map[string]any
require.NoError(t, json.Unmarshal(out, &result))
branches := result["branches"].([]any)
assert.Len(t, branches, 2)
openPRs := result["open_prs"].([]any)
assert.Len(t, openPRs, 1)
assert.Equal(t, float64(3), openPRs[0].(map[string]any)["number"])
protection := result["protection"].(map[string]any)
assert.Equal(t, true, protection["protected"])
assert.Equal(t, float64(1), protection["required_approvals"])
}
func TestRepoStatusUnprotectedBranch(t *testing.T) {
mux := http.NewServeMux()
mux.HandleFunc("/api/v1/repos/owner/repo/branches", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`[{"name":"main","commit":{"id":"abc","url":""}}]`))
})
mux.HandleFunc("/api/v1/repos/owner/repo/pulls", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`[]`))
})
mux.HandleFunc("/api/v1/repos/owner/repo/branch_protections/main", func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusNotFound)
_, _ = w.Write([]byte(`{"message":"not found"}`))
})
srv := httptest.NewServer(mux)
defer srv.Close()
tool := tools.NewRepoStatus(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
out, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo","branch":"main"}`))
require.NoError(t, err)
var result map[string]any
require.NoError(t, json.Unmarshal(out, &result))
protection := result["protection"].(map[string]any)
assert.Equal(t, false, protection["protected"])
}
func TestRepoStatusAllowlistRejects(t *testing.T) {
tool := tools.NewRepoStatus(gitea.NewClient("http://unused", ""), allowlist.New([]string{"allowed"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"evil","name":"repo","branch":"main"}`))
require.Error(t, err)
}
func TestRepoStatusDefaultsBranchFromRepo(t *testing.T) {
mux := http.NewServeMux()
mux.HandleFunc("/api/v1/repos/owner/repo", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`{"name":"repo","full_name":"owner/repo","default_branch":"main","description":"","private":false,"clone_url":"","html_url":""}`))
})
mux.HandleFunc("/api/v1/repos/owner/repo/branches", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`[{"name":"main","commit":{"id":"abc","url":""}}]`))
})
mux.HandleFunc("/api/v1/repos/owner/repo/pulls", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`[]`))
})
mux.HandleFunc("/api/v1/repos/owner/repo/branch_protections/main", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`{"required_approvals":0,"push_whitelist_usernames":[],"merge_whitelist_usernames":[]}`))
})
srv := httptest.NewServer(mux)
defer srv.Close()
tool := tools.NewRepoStatus(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
// no "branch" field — triggers DefaultBranch fallback
out, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo"}`))
require.NoError(t, err)
var result map[string]any
require.NoError(t, json.Unmarshal(out, &result))
assert.NotNil(t, result["branches"])
assert.NotNil(t, result["open_prs"])
assert.NotNil(t, result["protection"])
}

76
internal/tools/tag_create.go Normal file
View File

@@ -0,0 +1,76 @@
package tools
import (
"context"
"encoding/json"
"fmt"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/registry"
)
type TagCreate struct {
c *gitea.Client
a *allowlist.Allowlist
}
func NewTagCreate(c *gitea.Client, a *allowlist.Allowlist) *TagCreate {
return &TagCreate{c: c, a: a}
}
func (t *TagCreate) Descriptor() registry.ToolDescriptor {
return registry.ToolDescriptor{
Name: "tag_create",
Description: "Create a tag pointing at a branch or commit SHA. Add a message to create an annotated tag.",
InputSchema: json.RawMessage(`{
"type":"object",
"properties":{
"owner":{"type":"string"},
"name":{"type":"string"},
"tag":{"type":"string"},
"target":{"type":"string"},
"message":{"type":"string"}
},
"required":["owner","name","tag","target"]
}`),
}
}
type tagCreateArgs struct {
Owner string `json:"owner"`
Name string `json:"name"`
Tag string `json:"tag"`
Target string `json:"target"`
Message string `json:"message"`
}
func (t *TagCreate) Call(ctx context.Context, raw json.RawMessage) (json.RawMessage, error) {
var args tagCreateArgs
if err := parseArgs(raw, &args); err != nil {
return nil, err
}
if err := t.a.Check(args.Owner); err != nil {
return nil, err
}
if args.Tag == "" {
return nil, fmt.Errorf("tag is required: %w", gitea.ErrValidation)
}
if args.Target == "" {
return nil, fmt.Errorf("target is required: %w", gitea.ErrValidation)
}
tag, err := t.c.CreateTag(ctx, args.Owner, args.Name, gitea.CreateTagArgs{
TagName: args.Tag,
Target: args.Target,
Message: args.Message,
})
if err != nil {
return nil, err
}
return textOK(map[string]any{
"tag": tag.Name,
"commit_sha": tag.Commit.Sha,
})
}

52
internal/tools/tag_create_test.go Normal file
View File

@@ -0,0 +1,52 @@
package tools_test
import (
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/tools"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestTagCreateSuccess(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "/api/v1/repos/owner/repo/tags", r.URL.Path)
assert.Equal(t, http.MethodPost, r.Method)
w.WriteHeader(http.StatusCreated)
_, _ = w.Write([]byte(`{
"name":"v2.0.0","id":"tagsha",
"commit":{"sha":"cmt1","url":""}
}`))
}))
defer srv.Close()
tool := tools.NewTagCreate(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"owner"}))
out, err := tool.Call(context.Background(), json.RawMessage(`{
"owner":"owner","name":"repo","tag":"v2.0.0","target":"main"
}`))
require.NoError(t, err)
var result map[string]any
require.NoError(t, json.Unmarshal(out, &result))
assert.Equal(t, "v2.0.0", result["tag"])
assert.Equal(t, "cmt1", result["commit_sha"])
}
func TestTagCreateRequiresTag(t *testing.T) {
tool := tools.NewTagCreate(gitea.NewClient("http://unused", ""), allowlist.New([]string{"owner"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"owner","name":"repo","target":"main"}`))
require.Error(t, err)
assert.ErrorIs(t, err, gitea.ErrValidation)
}
func TestTagCreateAllowlistRejects(t *testing.T) {
tool := tools.NewTagCreate(gitea.NewClient("http://unused", ""), allowlist.New([]string{"allowed"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{"owner":"evil","name":"repo","tag":"v1.0.0","target":"main"}`))
require.Error(t, err)
}

3
internal/tools/tool.go
View File

@@ -1,7 +1,6 @@
package tools
import (
"context"
"encoding/json"
"gitea.d-ma.be/mathias/gitea-mcp/internal/registry"
@@ -21,8 +20,6 @@ func parseArgs(raw json.RawMessage, dst any) error {
return json.Unmarshal(raw, dst)
}
func _ctx(ctx context.Context) context.Context { return ctx } // stub for future hooks
// capLimit returns a sane page size: 0 or negative → def, > 50 → 50.
func capLimit(in, def int) int {
if in <= 0 {