diff --git a/docs/credential-isolation.md b/docs/credential-isolation.md index a194010..e8b34b8 100644 --- a/docs/credential-isolation.md +++ b/docs/credential-isolation.md @@ -3,7 +3,7 @@ This document describes how credentials and sensitive environment variables are handled within the MCP tools monorepo. ## Separate Credentials -Even though multiple MCP servers share the same monorepo, they **must** have separate credentials and runtimes. +Even though multiple MCP servers share the same monorepo, they **must** have separate credentials and runtimes. - **No Shared Environments**: Each MCP server (`gitea-mcp`, `jenkins-mcp`, `ops-mcp`, etc.) must be instantiated as an independent service with its own dedicated `.env` configuration file. - **Strict Isolation**: A server will only have access to the credentials required for its specific trust boundary. For instance, `gitea-mcp` has no access to Jenkins or Ops authentication tokens. diff --git a/docs/release-workflows.md b/docs/release-workflows.md index c2d3fc5..5efadcf 100644 --- a/docs/release-workflows.md +++ b/docs/release-workflows.md @@ -5,5 +5,5 @@ This document outlines the scope and boundaries of the optional future `release- ## Orchestrator Role The `release-mcp` package may be introduced later to coordinate workflows across the different MCP packages. -- **Coordination, not Consolidation**: It can call or compose other tools, but it **must not** become an all-powerful server holding credentials for all other components. +- **Coordination, not Consolidation**: It can call or compose other tools, but it **must not** become an all-powerful server holding credentials for all other components. - **Example Workflows**: Tasks such as collecting release evidence, verifying TEST deploy checklists, summarizing state (issue/PR/build/deploy), and posting evidence back to Gitea. diff --git a/docs/tool-boundaries.md b/docs/tool-boundaries.md index db75e4a..d5c29cd 100644 --- a/docs/tool-boundaries.md +++ b/docs/tool-boundaries.md @@ -2,6 +2,8 @@ This document defines the strict boundaries between the different MCP server packages within the monorepo. +The project is named **MCP Control Plane** and lives in the `mcp-control-plane` repository. It groups the following packages: `common`, `gitea-mcp`, `jenkins-mcp`, `ops-mcp`, and `release-mcp`. + ## 1. Architectural Philosophy - **One MCP Server per Trust Boundary**: While the packages share a monorepo, their runtime services must remain entirely separate. There is no single "everything" server.