docs: Document MCP security model and trust boundaries for #52

This commit is contained in:
2026-07-01 03:46:45 -04:00
parent 989856a007
commit 509ff7574a
4 changed files with 44 additions and 0 deletions
+11
View File
@@ -0,0 +1,11 @@
# Tool Boundaries
This document defines the strict boundaries between the different MCP server packages within the monorepo.
## 1. Architectural Philosophy
- **One MCP Server per Trust Boundary**: While the packages share a monorepo, their runtime services must remain entirely separate. There is no single "everything" server.
## 2. Package-Specific Boundaries
- **gitea-mcp**: Restricted to source-control and work-item capabilities (issues, PRs, comments). This package **must not** have Jenkins or Ops credentials, nor can it execute deploy operations.
- **jenkins-mcp**: Focused on CI/CD capabilities. This package **must not** have Ops credentials unless explicitly configured for a specific, isolated pipeline later.
- **ops-mcp**: Dedicated to live environment and host checks. In its initial state, this package starts as strictly read-only (e.g., health checks, status checks, log reading).