31 lines
1.2 KiB
Markdown
31 lines
1.2 KiB
Markdown
# gitea-mcp
|
|
|
|
Stdio MCP for Gitea's REST API. It exposes read-only access to user,
|
|
repository/content, refs, commits, issues, pull requests, releases, wiki,
|
|
actions, packages, and organisation data. Exact tool names and schemas live in
|
|
`cmd/gitea-mcp/tools_*.go`.
|
|
|
|
## Auth
|
|
|
|
`gitea-mcp` uses Gitea's OAuth2 server with PKCE and stores its session under
|
|
wallet key `gitea`. Gitea web SSO through Authentik is incidental; API tokens
|
|
are minted by Gitea.
|
|
|
|
Config is `[services.gitea]` with inline `issuer`, `client_id`, optional
|
|
`client_secret`, and `base_url`. Scopes are compiled in `cmd/gitea-mcp/main.go`;
|
|
after scope changes, clear the wallet entry with `sherlock logout gitea`.
|
|
|
|
## Operation
|
|
|
|
When `gitea-mcp` is installed, `sherlock <agent>` includes it in the generated
|
|
MCP config. The first tool call authenticates lazily; later calls use refreshed
|
|
keyring tokens. `gitea-mcp --probe` verifies auth and one API call without an
|
|
agent.
|
|
|
|
## Known limitation
|
|
|
|
Some Gitea versions narrow OAuth grants to `read:user` and `read:repository`.
|
|
Tools that require issue, organisation, or package scopes can return 403 even
|
|
though the MCP starts correctly. That is a Gitea-side scope grant issue, not a
|
|
sherlock startup failure.
|