Enforce strict cross-project boundaries (permit issues, block codebase mutations) #707

Open
opened 2026-07-13 21:15:04 -05:00 by jcwalker3 · 0 comments
Owner

Problem

Currently, there is no strict boundary preventing an AI agent instantiated in one project context from executing codebase mutations (such as branch creation, file modification, or PR creation) against another distinct project repository. If the agent's filesystem or MCP permissions technically allow it, the agent can spontaneously attempt to perform direct code work outside of its originally authorized context.

While we want to enable agents to orchestrate cross-project coordination, this should be strictly confined to metadata operations (e.g., creating issues) rather than direct codebase modification.

Requirements

  1. Implement a policy/guard inside the MCP server that explicitly enforces cross-project mutation boundaries.
  2. Allow agents to execute metadata operations (such as creating tracking issues or commenting on issues) across project boundaries to coordinate workflows.
  3. Block any attempt to execute mutation operations (creating branches, committing files, creating PRs) outside of the primary authorized project context.
  4. Ensure clear diagnostic output when this boundary is hit, explicitly advising the agent that cross-project work is forbidden and that it should create an issue in the target repository instead.
  5. Provide regression tests validating that cross-project codebase mutations fail closed, while cross-project issue creation is allowed.
## Problem Currently, there is no strict boundary preventing an AI agent instantiated in one project context from executing codebase mutations (such as branch creation, file modification, or PR creation) against another distinct project repository. If the agent's filesystem or MCP permissions technically allow it, the agent can spontaneously attempt to perform direct code work outside of its originally authorized context. While we want to enable agents to orchestrate cross-project coordination, this should be strictly confined to metadata operations (e.g., creating issues) rather than direct codebase modification. ## Requirements 1. Implement a policy/guard inside the MCP server that explicitly enforces cross-project mutation boundaries. 2. Allow agents to execute metadata operations (such as creating tracking issues or commenting on issues) across project boundaries to coordinate workflows. 3. Block any attempt to execute mutation operations (creating branches, committing files, creating PRs) outside of the primary authorized project context. 4. Ensure clear diagnostic output when this boundary is hit, explicitly advising the agent that cross-project work is forbidden and that it should create an issue in the target repository instead. 5. Provide regression tests validating that cross-project codebase mutations fail closed, while cross-project issue creation is allowed.
jcwalker3 added the type:guardrailstatus:ready labels 2026-07-13 21:16:36 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#707