docs: Document MCP security model and trust boundaries for #52

This commit is contained in:
2026-07-01 03:46:45 -04:00
parent 989856a007
commit 509ff7574a
4 changed files with 44 additions and 0 deletions
+9
View File
@@ -0,0 +1,9 @@
# Release Workflows
This document outlines the scope and boundaries of the optional future `release-mcp` orchestrator.
## Orchestrator Role
The `release-mcp` package may be introduced later to coordinate workflows across the different MCP packages.
- **Coordination, not Consolidation**: It can call or compose other tools, but it **must not** become an all-powerful server holding credentials for all other components.
- **Example Workflows**: Tasks such as collecting release evidence, verifying TEST deploy checklists, summarizing state (issue/PR/build/deploy), and posting evidence back to Gitea.