Enforce dot-prefixed repositories are always private (cannot be made public) #725

Open
opened 2026-07-04 20:54:41 +00:00 by jmiller · 1 comment
Owner

Feature request

Dot-prefixed repositories (repo name starting with ., e.g. .mokogitea, .mokogitea-private, .vault, .profile) are used for organization infrastructure, profile, and vault content. These must never be public.

Desired behavior

  • A repository whose name starts with . is forced private and cannot be set to public (or Hidden→as configured), via the fork's three-level visibility system (Public 200 / Private 403 / Hidden 404).
  • Enforce at:
    • Repo creation — reject/void a public visibility choice for a .-named repo.
    • Repo rename — if a repo is renamed to a .-prefixed name, force it private.
    • Settings update — block/hide the "make public" toggle for .-named repos (API + web UI).
  • Applies org-wide (all orgs on the instance), server-enforced (not just UI).

Rationale

Dot repos hold infra config, secrets-adjacent operational data, org profile, and the vault. A public dot repo is a security incident waiting to happen; the invariant should be enforced by MokoGitea itself, not left to convention.

Notes

  • Consider a config toggle ([repository] FORCE_DOT_PREFIX_PRIVATE = true) defaulting on.
  • Should cover both the REST API (PATCH /repos/{owner}/{repo} with private: false) and the web settings form.

Filed via automation on behalf of @jmiller.

## Feature request Dot-prefixed repositories (repo name starting with `.`, e.g. `.mokogitea`, `.mokogitea-private`, `.vault`, `.profile`) are used for organization infrastructure, profile, and vault content. These must **never** be public. ### Desired behavior - A repository whose name starts with `.` is **forced private** and **cannot be set to public** (or Hidden→as configured), via the fork's three-level visibility system (Public 200 / Private 403 / Hidden 404). - Enforce at: - **Repo creation** — reject/void a public visibility choice for a `.`-named repo. - **Repo rename** — if a repo is renamed to a `.`-prefixed name, force it private. - **Settings update** — block/hide the "make public" toggle for `.`-named repos (API + web UI). - Applies org-wide (all orgs on the instance), server-enforced (not just UI). ### Rationale Dot repos hold infra config, secrets-adjacent operational data, org profile, and the vault. A public dot repo is a security incident waiting to happen; the invariant should be enforced by MokoGitea itself, not left to convention. ### Notes - Consider a config toggle (`[repository] FORCE_DOT_PREFIX_PRIVATE = true`) defaulting on. - Should cover both the REST API (`PATCH /repos/{owner}/{repo}` with `private: false`) and the web settings form. _Filed via automation on behalf of @jmiller._
Author
Owner

Branch created: feature/725-enforce-dot-prefixed-repositories-are-al

git fetch origin
git checkout feature/725-enforce-dot-prefixed-repositories-are-al
Branch created: [`feature/725-enforce-dot-prefixed-repositories-are-al`](https://git.mokoconsulting.tech/MokoConsulting/MokoGitea-Fork/src/branch/feature/725-enforce-dot-prefixed-repositories-are-al) ```bash git fetch origin git checkout feature/725-enforce-dot-prefixed-repositories-are-al ```
Sign in to join this conversation.