Hiddenden/AegisGitea-MCP
3
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add opt-in write access for all token-visible repos

Browse Source
This commit is contained in:
Latte
2026-02-14 16:35:03 +01:00
parent e22a8d37e4
commit 8504a95a11
10 changed files with 74 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
tests/test_config.py
View File

@@ -78,3 +78,31 @@ def test_settings_singleton(mock_env: None) -> None:
settings2 = get_settings()
assert settings1 is settings2
def test_write_mode_requires_whitelist_or_allow_all(monkeypatch: pytest.MonkeyPatch) -> None:
"""Write mode without whitelist must be rejected unless allow-all is enabled."""
monkeypatch.setenv("GITEA_URL", "https://gitea.example.com")
monkeypatch.setenv("GITEA_TOKEN", "test-token")
monkeypatch.setenv("MCP_API_KEYS", "a" * 64)
monkeypatch.setenv("WRITE_MODE", "true")
monkeypatch.delenv("WRITE_REPOSITORY_WHITELIST", raising=False)
monkeypatch.setenv("WRITE_ALLOW_ALL_TOKEN_REPOS", "false")
reset_settings()
with pytest.raises(ValidationError):
get_settings()
def test_write_mode_allows_all_token_repos(monkeypatch: pytest.MonkeyPatch) -> None:
"""Allow-all mode should pass validation without explicit repository whitelist."""
monkeypatch.setenv("GITEA_URL", "https://gitea.example.com")
monkeypatch.setenv("GITEA_TOKEN", "test-token")
monkeypatch.setenv("MCP_API_KEYS", "a" * 64)
monkeypatch.setenv("WRITE_MODE", "true")
monkeypatch.delenv("WRITE_REPOSITORY_WHITELIST", raising=False)
monkeypatch.setenv("WRITE_ALLOW_ALL_TOKEN_REPOS", "true")
reset_settings()
settings = get_settings()
assert settings.write_allow_all_token_repos is True