# Read-only preset - safe browsing without write access
#
# Use this preset when you need to explore a GitLab instance
# without any risk of modifying data.
#
# All write operations (create, update, delete) are blocked.
#
# NOTE: This is a PRESET, not a full profile.
# It does NOT contain host or auth - those come from your
# environment variables (GITLAB_API_URL, GITLAB_TOKEN).
description: "Read-only access - blocks all write operations"
read_only: true
denied_tools_regex: "^manage_|^create_"
features:
wiki: true
milestones: true
pipelines: true
labels: true
mrs: true
files: true
variables: false # Variables often contain secrets
workitems: true
webhooks: false # Webhooks are admin-level
snippets: true
integrations: false # Integrations are admin-level
# New entities - all browsing enabled (read_only=true blocks writes)
releases: true
refs: true
members: true
search: true
