AegisGitea-MCP
A security-first MCP (Model Context Protocol) server that gives controlled, auditable AI access to a self-hosted Gitea instance. Access flows exclusively through explicit MCP tool calls; every call is authorized by a policy engine, per-user OAuth/OIDC or a service PAT, and recorded in a tamper-evident audit log.
Core principles
- Write disabled by default (
WRITE_MODE=false); mutations require write-mode plus a whitelisted repository.
- Policy before execution: every tool call passes the policy engine before it reaches Gitea.
- Everything audited: each invocation produces a hash-chained audit event.
- No raw secrets in logs or tool output.
Tools
Alongside the curated, typed tools (issues, pull requests, files, commits, releases, branches, labels, milestones) there is gitea_request: a generic escape hatch that can reach any Gitea REST endpoint, behind the same policy, write-mode, and a sensitive-path denylist (admin, tokens, secrets, hooks, keys, oauth2).
Documentation
Use the sidebar for the full manual: Getting Started, Configuration, Write Mode, Architecture, Security, Hardening, Policy, Audit, Observability, Automation, Deployment, Governance, Troubleshooting, API Reference and Roadmap.
This wiki mirrors the docs/ directory in the repository.