# PLAN — local stdio package + safe full-API coverage

Branch: `feat/local-package-and-full-coverage` (from `dev`). All PRs target `dev`.
Flow: HEAD -> custom branch -> dev -> main. Never push directly to dev/main.

Baseline (recorded Phase 0): 284 passed, 1 skipped, coverage 84.04%, threshold 80%.

## Phase checklist

- [x] Phase 0 — Branch from dev, baseline recorded, PLAN.md committed.
- [x] Phase 1 — Extract transport-agnostic core + shared tool registry (+ boundary test).
- [x] Phase 2 — stdio adapter (`stdio_app.py`) + packaging (core + `[server]` extra, 0.2.0).
- [x] Phase 3 — Resource-type-aware authorization (fail-closed).
- [x] Phase 4 — gitea_request classifier + known-path gate (unknown path => deny).
- [x] Phase 5 — Tests: authz matrix, write-mode bypass, classifier, stdio adapter, boundary.
- [x] Phase 6 — Docs & README (local vs server quickstart, authz model, packaging, CLAUDE/AGENTS).
- [ ] Phase 7 — `.gitea/workflows/publish.yml` (uv build + publish to Gitea registry on tag).
- [ ] Phase 8 — Verify green + coverage >= baseline, `uv build`, push, open PR into dev.

Note: version bumped to 0.2.0 (the app already reported 0.2.0; pyproject was 0.1.0).
TODO(authz): make `list_organizations` user-scoped (`/users/{login}/orgs`) so it can
be allowed rather than denied in service-PAT mode.

## Key deltas found during orientation

- No single tool registry today: definitions in `mcp_protocol.AVAILABLE_TOOLS`,
  handlers in `server.TOOL_HANDLERS`. Phase 1 unifies them.
- `tools/raw_tools.py` imports `fastapi.HTTPException` — the only core->web import to break.
- Current authz is repo-only and lives in `server._verify_user_repository_access`.
- stdio mode must run with `AUTH_ENABLED=false` (config otherwise requires MCP_API_KEYS).
- `AGENTS.md` absent at root though CLAUDE.md cites it; create it from the contract.