Hiddenden/AegisGitea-MCP
3
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
v0.2.0
AegisGitea-MCP/PLAN.md
T
Latte 385b442b6f docs: local vs server quickstart, authz model, packaging 
Reframe the README around two transports and add a local stdio quickstart with
uvx/pip and Claude Desktop / Claude Code wiring. New docs: local-quickstart.md
and packaging.md (uv build/publish). Document resource-type-aware authorization
and classified gitea_request in security.md; stdio env vars + audit-log
fallback in configuration.md; local install in deployment.md; core+adapters in
architecture.md. Add the missing root AGENTS.md contract, update CLAUDE.md with
the core/adapter layout, fail-closed invariants, and the branching flow
(HEAD -> feature -> dev -> main). Update roadmap/todo and .env.example.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-27 11:17:01 +02:00

1.8 KiB
Raw Permalink Blame History

PLAN — local stdio package + safe full-API coverage

Branch: feat/local-package-and-full-coverage (from dev). All PRs target dev. Flow: HEAD -> custom branch -> dev -> main. Never push directly to dev/main.

Baseline (recorded Phase 0): 284 passed, 1 skipped, coverage 84.04%, threshold 80%.

Phase checklist

  • Phase 0 — Branch from dev, baseline recorded, PLAN.md committed.
  • Phase 1 — Extract transport-agnostic core + shared tool registry (+ boundary test).
  • Phase 2 — stdio adapter (stdio_app.py) + packaging (core + [server] extra, 0.2.0).
  • Phase 3 — Resource-type-aware authorization (fail-closed).
  • Phase 4 — gitea_request classifier + known-path gate (unknown path => deny).
  • Phase 5 — Tests: authz matrix, write-mode bypass, classifier, stdio adapter, boundary.
  • Phase 6 — Docs & README (local vs server quickstart, authz model, packaging, CLAUDE/AGENTS).
  • Phase 7 — .gitea/workflows/publish.yml (uv build + publish to Gitea registry on tag).
  • Phase 8 — Verify green + coverage >= baseline, uv build, push, open PR into dev.

Note: version bumped to 0.2.0 (the app already reported 0.2.0; pyproject was 0.1.0). TODO(authz): make list_organizations user-scoped (/users/{login}/orgs) so it can be allowed rather than denied in service-PAT mode.

Key deltas found during orientation

  • No single tool registry today: definitions in mcp_protocol.AVAILABLE_TOOLS, handlers in server.TOOL_HANDLERS. Phase 1 unifies them.
  • tools/raw_tools.py imports fastapi.HTTPException — the only core->web import to break.
  • Current authz is repo-only and lives in server._verify_user_repository_access.
  • stdio mode must run with AUTH_ENABLED=false (config otherwise requires MCP_API_KEYS).
  • AGENTS.md absent at root though CLAUDE.md cites it; create it from the contract.
Reference in New Issue View Git Blame Copy Permalink