feat(profiles): add configuration profiles infrastructure#60
Merged
Conversation
Add support for named configuration profiles and presets: - Profile: full config with host/auth (user-defined in ~/.config/gitlab-mcp/profiles.yaml) - Preset: settings only, NO host/auth (built-in safe for testing) Features: - ProfileLoader class with caching and validation - applyProfile() to map profile settings to env vars - --profile CLI argument and GITLAB_PROFILE env var support - Built-in presets: readonly, developer, admin - Zod schemas for type-safe validation - 67 unit tests covering loader, applicator, types Security: Built-in presets NEVER contain host/auth to prevent accidental requests to wrong GitLab instances during testing.
📊 Test Coverage ReportOverall Coverage: 87.67% Coverage Details
Coverage Report: View detailed coverage report
|
Codecov Report❌ Patch coverage is 📢 Thoughts on this report? Let us know! |
There was a problem hiding this comment.
Pull request overview
This PR introduces configuration profiles infrastructure to enable multi-GitLab workflows and role-based access patterns. The implementation separates full profiles (with host/auth) from presets (settings only) for security purposes.
Changes:
- Added Profile/Preset type system with Zod schemas for validation
- Implemented ProfileLoader class for loading and caching profiles from YAML files
- Created profile applicator to map settings to environment variables
- Integrated CLI support with
--profileargument andGITLAB_PROFILEenv var - Added three built-in presets: readonly, developer, and admin
- Included 67 comprehensive unit tests
Reviewed changes
Copilot reviewed 17 out of 18 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| src/profiles/types.ts | Zod schemas and TypeScript types for Profile and Preset configurations |
| src/profiles/loader.ts | ProfileLoader class with caching, validation, and YAML parsing |
| src/profiles/applicator.ts | Functions to apply profile settings to environment variables |
| src/profiles/index.ts | Module exports for the profiles subsystem |
| src/profiles/builtin/*.yaml | Three built-in preset configurations (readonly, developer, admin) |
| src/main.ts | CLI integration for --profile argument and profile loading |
| tests/unit/profiles/*.test.ts | Comprehensive unit tests (67 tests total) |
| tests/unit/main.test.ts | Updated tests to reflect new main() function structure |
| tests/unit/main.entry.test.ts | Updated entry point tests with profile mocking |
| package.json | Added yaml dependency |
| yarn.lock | Lockfile update for yaml package |
- Add applyPreset() function for runtime built-in preset application - Add .strict() to PresetSchema to reject unknown fields (security) - Validate --profile CLI argument is not another flag - Validate OAuth client_secret_env environment variable - Validate cookie auth file path exists
- Add build:copy-assets script to copy YAML presets to dist - Update getBuiltinDir() to use __dirname for npm package compatibility - Add Node.js CommonJS globals to ESLint config - Add 45+ tests for applyPreset, loadAndApplyProfile, loadAndApplyPreset - Add validation tests for OAuth, cookie auth, and TLS paths - Add profile handling tests for main.ts CLI integration Closes #54
…rning - Replace Unix shell commands with Node.js one-liner for cross-platform compatibility - Add warning when multiple --profile flags are provided
Add environment variable mappings for: - allowed_groups -> GITLAB_ALLOWED_GROUP_IDS - allowed_tools -> GITLAB_ALLOWED_TOOLS (in applyProfile) - default_namespace -> GITLAB_DEFAULT_NAMESPACE These fields were defined in the Profile type but not applied to environment variables when the profile was loaded.
- Improve denied_actions validation to check both tool and action parts are non-empty (fixes ':action', 'tool:', ':' edge cases) - Fix getProfileNameFromEnv JSDoc comment accuracy - Move multiple --profile warning outside loop with count - Add tests for denied_actions edge cases
Member
Author
|
Fixed in cf7fa57:
|
Add tests for: - allowed_groups, allowed_tools, default_namespace env var mapping - validation warnings logging path - getProfileNameFromEnv standalone function Coverage improved: - applicator.ts: 94.44% -> 99.3% - loader.ts: 95.56% -> 96.2% - Overall profiles: 91.07% -> 93.53%
Add tests for: - Alphabetical sorting within same profile category - Config cache hit when loading multiple profiles Coverage improved: - loader.ts: 96.2% -> 97.46% - Overall profiles: 93.53% -> 94.15%
Warn users when denied_actions entries contain extra whitespace around the colon (e.g., "tool : action"). The validation still passes but logs a warning indicating the normalized form.
Reduces code duplication between validateProfile and validatePreset by extracting shared denied_actions validation logic into a private helper method.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #54
Add support for named configuration profiles and presets that enable multi-GitLab workflows and role-based access patterns.
Key Changes
Profile= full config with host/auth (user-defined only)Preset= settings only, NO host/auth (built-in, safe for testing)--profile <name>argument andGITLAB_PROFILEenv varSecurity
Built-in presets NEVER contain host or auth to prevent accidental requests to wrong GitLab instances during testing.
Files
src/profiles/types.tssrc/profiles/loader.tssrc/profiles/applicator.tssrc/profiles/index.tssrc/profiles/builtin/*.yamlsrc/main.tsTest plan