@boringstudio_org/gitea-mcp 1.6.1 → 1.8.0

package/.gitea/workflows/release.yaml

@@ -1,43 +1,34 @@
-name: Release
+name: Release and Publish
 
 on:
   push:
-    branches:
-      - main
+    tags:
+      - 'v*'
 
 jobs:
-  release:
+  publish:
     runs-on: ubuntu-latest
-    if: "!contains(github.event.head_commit.message, 'chore(release)')"
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          token: ${{ secrets.RELEASE_TOKEN }}
 
-      - name: Checkout branch
+      - name: Verify tag is on main
         run: |
-          git checkout main
-          git pull origin main
+          git fetch origin main
+          git merge-base --is-ancestor HEAD origin/main
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
           node-version: '24'
-
-      - name: Configure Git
-        run: |
-          git config user.name "Gitea Actions"
-          git config user.email "sgmakgg@gmail.com"
+          registry-url: 'https://registry.npmjs.org'
 
       - name: Install dependencies
         run: npm ci
 
-      - name: Run standard-version
-        run: npm run release
-
-      - name: Push changes
-        run: git push --follow-tags origin main
+      - name: Publish to NPM
+        run: npm publish
         env:
-          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/CHANGELOG.md

@@ -2,68 +2,98 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
-### [1.6.1](https://git.boringstudio.by/BoringStudio/mcp-gitea/compare/v1.6.0...v1.6.1) (2026-01-15)
+<<<<<<< HEAD
+## [1.8.0](https://github.com/boringstudio-org/mcp-gitea/compare/v1.7.0...v1.8.0) (2026-01-17)
+=======
+### [1.7.1](https://git.boringstudio.by/BoringStudio/mcp-gitea/compare/v1.7.0...v1.7.1) (2026-01-15)
 
-## [1.6.0](https://git.boringstudio.by/BoringStudio/mcp-gitea/compare/v1.4.1...v1.6.0) (2026-01-15)
+## [1.7.0](https://git.boringstudio.by/BoringStudio/mcp-gitea/compare/v1.6.1...v1.7.0) (2026-01-15)
+>>>>>>> main
 
 
 ### Features
 
-* enhance security and optimization ([#5](https://git.boringstudio.by/BoringStudio/mcp-gitea/issues/5)) ([f9f7055](https://git.boringstudio.by/BoringStudio/mcp-gitea/commit/f9f70556240482149ac245357f23f1160e873e5c))
+* add project files (v1.4.0) ([01ae6c1](https://github.com/boringstudio-org/mcp-gitea/commit/01ae6c10b4f5ec17d606db69da0d9d9cd0ea82ec))
+* enhance security and optimization ([72d3a8a](https://github.com/boringstudio-org/mcp-gitea/commit/72d3a8ac8b3c590025e43f00578a167906ee2e0f))
+* update readme with security details ([650ffde](https://github.com/boringstudio-org/mcp-gitea/commit/650ffde4e25c0b7b472b7a9b20c5bd4da695e0e2))
+
+
+### Bug Fixes
+
+* **ci:** add .versionrc to skip ci on release commits ([4a8856b](https://github.com/boringstudio-org/mcp-gitea/commit/4a8856bc93215f98aa7eb0637a449601b1c96bd9))
+* **ci:** checkout main branch before release ([d85bd5c](https://github.com/boringstudio-org/mcp-gitea/commit/d85bd5c57982d25d4cc2145f41ae21c75e91f97a))
+* **ci:** use admin email for release workflow ([9fb8e1d](https://github.com/boringstudio-org/mcp-gitea/commit/9fb8e1d14a2ca30bb4e81d6587c1aed6f4541d03))
+* **ci:** use correct bot email for release workflow ([c4899e4](https://github.com/boringstudio-org/mcp-gitea/commit/c4899e46e32e621273ebdde9f783d3ff29f9a251))
+
+## [1.7.0](https://github.com/boringstudio-org/mcp-gitea/compare/v1.6.1...v1.7.0) (2026-01-15)
+
+
+### Features
+
+* update readme with security details ([#7](https://github.com/boringstudio-org/mcp-gitea/issues/7)) ([9c719bb](https://github.com/boringstudio-org/mcp-gitea/commit/9c719bbf6f4e46bcba98f3656f899c9e11fd1e5e))
+
+### [1.6.1](https://github.com/boringstudio-org/mcp-gitea/compare/v1.6.0...v1.6.1) (2026-01-15)
+
+## [1.6.0](https://github.com/boringstudio-org/mcp-gitea/compare/v1.4.1...v1.6.0) (2026-01-15)
+
+
+### Features
+
+* enhance security and optimization ([#5](https://github.com/boringstudio-org/mcp-gitea/issues/5)) ([f9f7055](https://github.com/boringstudio-org/mcp-gitea/commit/f9f70556240482149ac245357f23f1160e873e5c))
 
 ### 1.4.1 (2026-01-14)
 
-### [1.3.6](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/compare/v1.3.5...v1.3.6) (2026-01-14)
+### [1.3.6](https://github.com/boringstudio-org/mcp-gitea-proxy/compare/v1.3.5...v1.3.6) (2026-01-14)
 
-### [1.3.5](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/compare/v1.3.4...v1.3.5) (2026-01-14)
+### [1.3.5](https://github.com/boringstudio-org/mcp-gitea-proxy/compare/v1.3.4...v1.3.5) (2026-01-14)
 
 
 ### Bug Fixes
 
-* Update start script to use global package and load env ([#20](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/issues/20)) ([c4598fc](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/commit/c4598fce2bbfcd9acc48599fe0eddde013ecedb5))
+* Update start script to use global package and load env ([#20](https://github.com/boringstudio-org/mcp-gitea-proxy/issues/20)) ([c4598fc](https://github.com/boringstudio-org/mcp-gitea-proxy/commit/c4598fce2bbfcd9acc48599fe0eddde013ecedb5))
 
-### [1.3.4](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/compare/v1.3.3...v1.3.4) (2026-01-14)
+### [1.3.4](https://github.com/boringstudio-org/mcp-gitea-proxy/compare/v1.3.3...v1.3.4) (2026-01-14)
 
 
 ### Features
 
-* Native Node.js Google Search implementation ([#19](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/issues/19)) ([555f44a](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/commit/555f44a9bd9017d2cd01351efe19b5b2c766b442))
+* Native Node.js Google Search implementation ([#19](https://github.com/boringstudio-org/mcp-gitea-proxy/issues/19)) ([555f44a](https://github.com/boringstudio-org/mcp-gitea-proxy/commit/555f44a9bd9017d2cd01351efe19b5b2c766b442))
 
-### [1.3.3](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/compare/v1.3.2...v1.3.3) (2026-01-14)
+### [1.3.3](https://github.com/boringstudio-org/mcp-gitea-proxy/compare/v1.3.2...v1.3.3) (2026-01-14)
 
 
 ### Bug Fixes
 
-* Silence npx output, map Google ID, add start script and update docs ([#18](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/issues/18)) ([7c36bdc](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/commit/7c36bdcedd5c29281a1562a7a801c3d0ac6d3256))
+* Silence npx output, map Google ID, add start script and update docs ([#18](https://github.com/boringstudio-org/mcp-gitea-proxy/issues/18)) ([7c36bdc](https://github.com/boringstudio-org/mcp-gitea-proxy/commit/7c36bdcedd5c29281a1562a7a801c3d0ac6d3256))
 
-### [1.3.2](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/compare/v1.3.1...v1.3.2) (2026-01-14)
+### [1.3.2](https://github.com/boringstudio-org/mcp-gitea-proxy/compare/v1.3.1...v1.3.2) (2026-01-14)
 
 
 ### Bug Fixes
 
-* Add ~/.local/bin to PATH for uvx discovery ([#16](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/issues/16)) ([b2a25d5](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/commit/b2a25d5fa5ec6d5d9fface87d48eb431ff9fd175))
+* Add ~/.local/bin to PATH for uvx discovery ([#16](https://github.com/boringstudio-org/mcp-gitea-proxy/issues/16)) ([b2a25d5](https://github.com/boringstudio-org/mcp-gitea-proxy/commit/b2a25d5fa5ec6d5d9fface87d48eb431ff9fd175))
 
-### [1.3.1](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/compare/v1.3.0...v1.3.1) (2026-01-14)
+### [1.3.1](https://github.com/boringstudio-org/mcp-gitea-proxy/compare/v1.3.0...v1.3.1) (2026-01-14)
 
 
 ### Bug Fixes
 
-* Remove hardcoded env from npm config and update docs ([9842c48](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/commit/9842c48e07e91a0d5b79d547782aa0aa9b6d9390))
+* Remove hardcoded env from npm config and update docs ([9842c48](https://github.com/boringstudio-org/mcp-gitea-proxy/commit/9842c48e07e91a0d5b79d547782aa0aa9b6d9390))
 
-## [1.3.0](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/compare/v1.2.0...v1.3.0) (2026-01-13)
+## [1.3.0](https://github.com/boringstudio-org/mcp-gitea-proxy/compare/v1.2.0...v1.3.0) (2026-01-13)
 
 ## 1.2.0 (2026-01-13)
 
 
 ### Features
 
-* add create_pull_request and list_branches tools (Closes [#3](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/issues/3)) ([465d4ed](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/commit/465d4ed1738cf7e54d2b67b7a8c5f2df70194cfe))
-* add list_labels and update_issue with labels support (Closes [#2](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/issues/2)) ([9006385](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/commit/9006385ce82cd5adc5f7af9bdbf5e28c89789816))
-* add memory schema docs and update project structure ([841b0d6](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/commit/841b0d6075c9e9b501a7d76a7cfa10a1f228a2bb))
-* add secure shell execution and full Gitea integration ([d22d48c](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/commit/d22d48cb99de046b560313995b08d1c67955fb41))
-* upgrade to v1.4.0 with Resources and Prompts ([1510e9e](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/commit/1510e9e7e1b3d682c011a7fdc56ae2b26435c086))
+* add create_pull_request and list_branches tools (Closes [#3](https://github.com/boringstudio-org/mcp-gitea-proxy/issues/3)) ([465d4ed](https://github.com/boringstudio-org/mcp-gitea-proxy/commit/465d4ed1738cf7e54d2b67b7a8c5f2df70194cfe))
+* add list_labels and update_issue with labels support (Closes [#2](https://github.com/boringstudio-org/mcp-gitea-proxy/issues/2)) ([9006385](https://github.com/boringstudio-org/mcp-gitea-proxy/commit/9006385ce82cd5adc5f7af9bdbf5e28c89789816))
+* add memory schema docs and update project structure ([841b0d6](https://github.com/boringstudio-org/mcp-gitea-proxy/commit/841b0d6075c9e9b501a7d76a7cfa10a1f228a2bb))
+* add secure shell execution and full Gitea integration ([d22d48c](https://github.com/boringstudio-org/mcp-gitea-proxy/commit/d22d48cb99de046b560313995b08d1c67955fb41))
+* upgrade to v1.4.0 with Resources and Prompts ([1510e9e](https://github.com/boringstudio-org/mcp-gitea-proxy/commit/1510e9e7e1b3d682c011a7fdc56ae2b26435c086))
 
 
 ### Bug Fixes
 
-* Add fallback for uvx path ([dba4e21](https://git.boringstudio.by/BoringStudio/mcp-gitea-proxy/commit/dba4e213790c91a8d031c37cac9a0eaf8724664a))
+* Add fallback for uvx path ([dba4e21](https://github.com/boringstudio-org/mcp-gitea-proxy/commit/dba4e213790c91a8d031c37cac9a0eaf8724664a))

package/README.md

@@ -12,6 +12,11 @@ This package is designed to be used as a standalone server or imported by a gate
 *   **Analysis:** Analyze issues with AI prompts.
 *   **Shell:** Execute safe git commands in WSL (`run_safe_shell`).
 
+## 🔒 Security
+
+*   **Allowed Paths:** Restricted via `MCP_ALLOWED_PATHS` environment variable.
+*   **Git Safety:** Only whitelisted git subcommands are allowed. Global flags are blocked.
+
 ## 📦 Installation
 
 ```bash
@@ -24,9 +29,14 @@ npm install @boringstudio_org/gitea-mcp
 ```bash
 # Configure environment variables
 export GITEA_TOKEN=your_token
-# Optional: Defaults to https://git.boringstudio.by/api/v1
+# Optional: Defaults to https://git.your-instance.com/api/v1
 export GITEA_API_URL=https://git.your-instance.com/api/v1
 
+# Cloudflare Access (Optional)
+# If your Gitea instance is behind Cloudflare Zero Trust
+export CF_ID=your_cf_client_id
+export CF_SECRET=your_cf_client_secret
+
 # Run
 npx @boringstudio_org/gitea-mcp
 ```
@@ -37,7 +47,11 @@ npx @boringstudio_org/gitea-mcp
 npm install
 
 # Configure .env
-echo "Gitea_TOKEN=..." > .env
+echo "GITEA_TOKEN=..." > .env
+echo "GITEA_API_URL=..." >> .env
+# Optional: Cloudflare Access
+echo "CF_ID=..." >> .env
+echo "CF_SECRET=..." >> .env
 
 # Run
 node index.js

package/RELEASE.md

@@ -0,0 +1,61 @@
+# Release Process
+
+This project follows a semi-automated release process using `standard-version` and Gitea Actions.
+
+## Prerequisites
+
+*   **NPM Token**: Ensure `NPM_TOKEN` is set in the repository secrets for automated publishing.
+*   **Permissions**: You need permission to push tags to the repository.
+
+## Steps to Release
+
+Since direct pushes to `main` are forbidden, we use a Pull Request workflow.
+
+1.  **Prepare the Release (Branch)**
+    Create a new branch for the release (e.g., `release/v1.7.2`).
+    Run the release script **without tagging** to bump the version and update the changelog.
+    ```bash
+    npm run release -- --skip.tag
+    ```
+
+2.  **Push & Merge**
+    Push the branch and open a Pull Request to `main`.
+    ```bash
+    git push origin release/v1.7.2
+    ```
+    Merge the Pull Request into `main`.
+
+3.  **Tag & Deploy**
+    After the code is successfully merged into `main`:
+    1.  Switch to `main` and pull the latest changes.
+        ```bash
+        git checkout main
+        git pull origin main
+        ```
+    2.  Create the tag on the merge commit.
+        ```bash
+        git tag v1.7.2
+        ```
+    3.  Push the tag to trigger the deployment.
+        ```bash
+        git push origin v1.7.2
+        ```
+
+    The Gitea Action workflow will trigger:
+    *   Verify the tag is on `main`
+    *   Install dependencies
+    *   Publish the package to NPM
+
+## Troubleshooting
+
+*   **Tag not triggering build?** Ensure the tag format matches `v*` (e.g., `v1.0.0`).
+*   **Workflow failed on "Verify tag is on main"?** This usually happens if you tagged a commit on a feature branch that was subsequently "Squashed" when merging. Always tag the commit *after* it lands on `main`.
+*   **Publish failed?** Check the Gitea Actions logs and verify the `NPM_TOKEN` validity.
+
+## Security & History Cleaning
+
+If sensitive data (tokens, keys, .env files) is accidentally committed, **do not** just delete the file. You must remove it from the git history to prevent leaks.
+
+**Recommended Tools:**
+*   [BFG Repo-Cleaner](https://rtyley.github.io/bfg-repo-cleaner/)
+*   [git-filter-repo](https://github.com/newren/git-filter-repo)

package/index.js

@@ -7,6 +7,10 @@ import dotenv from "dotenv";
 import path from "path";
 import { fileURLToPath } from 'url';
 import { spawn } from "child_process";
+import { createRequire } from "module";
+
+const require = createRequire(import.meta.url);
+const pkg = require("./package.json");
 
 // Load .env from the current working directory
 dotenv.config({ path: path.join(process.cwd(), ".env"), quiet: true });
@@ -14,11 +18,11 @@ dotenv.config({ path: path.join(process.cwd(), ".env"), quiet: true });
 export async function runGiteaServer() {
     const server = new McpServer({
         name: "gitea-proxy-agent",
-        version: "1.5.0",
+        version: pkg.version,
     });
 
     const GITEA_TOKEN = process.env.GITEA_TOKEN;
-    const BASE_URL = process.env.GITEA_API_URL || "https://git.boringstudio.by/api/v1";
+    const BASE_URL = process.env.GITEA_API_URL;
 
     if (!GITEA_TOKEN) {
         console.error("❌ Error: GITEA_TOKEN not found.");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@boringstudio_org/gitea-mcp",
-  "version": "1.6.1",
+  "version": "1.8.0",
   "description": "A Gitea MCP Server for interacting with repositories, issues, and more.",
   "type": "module",
   "main": "index.js",
@@ -20,7 +20,7 @@
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "https://git.boringstudio.by/BoringStudio/mcp-gitea.git"
+    "url": "https://github.com/boringstudio-org/mcp-gitea.git"
   },
   "keywords": [
     "mcp",

package/.gitea/workflows/publish.yaml

@@ -1,28 +0,0 @@
-name: Publish to NPM
-
-on:
-  push:
-    tags:
-      - 'v*'
-  workflow_dispatch:
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '24'
-          registry-url: 'https://registry.npmjs.org'
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Publish
-        run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}