docs: local vs server quickstart, authz model, packaging
Reframe the README around two transports and add a local stdio quickstart with uvx/pip and Claude Desktop / Claude Code wiring. New docs: local-quickstart.md and packaging.md (uv build/publish). Document resource-type-aware authorization and classified gitea_request in security.md; stdio env vars + audit-log fallback in configuration.md; local install in deployment.md; core+adapters in architecture.md. Add the missing root AGENTS.md contract, update CLAUDE.md with the core/adapter layout, fail-closed invariants, and the branching flow (HEAD -> feature -> dev -> main). Update roadmap/todo and .env.example. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
+7
-1
@@ -1,3 +1,7 @@
|
||||
# This example targets the public HTTP/OAuth server. For the LOCAL stdio server
|
||||
# (`uvx aegis-gitea-mcp`) you only need GITEA_URL and GITEA_TOKEN; OAuth and the
|
||||
# API-key gate are off automatically. See docs/local-quickstart.md.
|
||||
|
||||
# Runtime environment
|
||||
ENVIRONMENT=production
|
||||
|
||||
@@ -71,7 +75,9 @@ WRITE_ALLOW_ALL_TOKEN_REPOS=false
|
||||
RAW_API_ENABLED=true
|
||||
# Allow gitea_request to reach admin/credential surfaces (/admin, *tokens*,
|
||||
# *secrets*, *hooks*, *keys*, applications/oauth2, runner registration tokens).
|
||||
# Leave false unless you fully understand the exposure.
|
||||
# Even with this enabled, admin endpoints additionally require the signed-in user
|
||||
# to be a verified Gitea site administrator. Leave false unless you fully
|
||||
# understand the exposure.
|
||||
RAW_API_ALLOW_SENSITIVE=false
|
||||
|
||||
# Automation mode (disabled by default)
|
||||
|
||||
Reference in New Issue
Block a user