docs: Document MCP security model and trust boundaries for #52
This commit is contained in:
@@ -0,0 +1,9 @@
|
||||
# Release Workflows
|
||||
|
||||
This document outlines the scope and boundaries of the optional future `release-mcp` orchestrator.
|
||||
|
||||
## Orchestrator Role
|
||||
The `release-mcp` package may be introduced later to coordinate workflows across the different MCP packages.
|
||||
|
||||
- **Coordination, not Consolidation**: It can call or compose other tools, but it **must not** become an all-powerful server holding credentials for all other components.
|
||||
- **Example Workflows**: Tasks such as collecting release evidence, verifying TEST deploy checklists, summarizing state (issue/PR/build/deploy), and posting evidence back to Gitea.
|
||||
Reference in New Issue
Block a user