MCP Control Plane umbrella: Jenkins + GlitchTip integrations #75

Open
opened 2026-07-02 05:46:25 -05:00 by jcwalker3 · 0 comments
Owner

Umbrella issue for adding Jenkins and GlitchTip support to the MCP Control Plane while preserving the documented trust-boundary model.

Existing docs already define the intended direction (docs/tool-boundaries.md, docs/safety-model.md, docs/credential-isolation.md, docs/release-workflows.md, docs/gitea-execution-profiles.md):

  • one MCP server per trust boundary
  • separate credentials per service
  • read-only first
  • mutations gated by profiles/allowed operations
  • orchestration coordinates tools without consolidating all credentials

Scope

  • Jenkins read-only build visibility
  • GlitchTip read-only observability/error visibility
  • GlitchTip-to-Gitea issue filing through an orchestrator
  • shared profile/config/audit model across service boundaries

Non-goals for phase 1

  • Jenkins build triggers
  • deploy actions
  • automatic GlitchTip polling that files issues without explicit invocation
  • giving GlitchTip tools direct Gitea write credentials
  • putting Jenkins/GlitchTip logic directly into mcp_server.py

Child / related issues

  • #71 — ADR: Jenkins/GlitchTip/MCP Control Plane architecture (note: direction is already set by existing docs; ADR should extend the boundary model, not re-decide it)
  • #72 — Jenkins read-only build status tools design
  • #73 — GlitchTip read-only issue/event tools design
  • #74 — GlitchTip-to-Gitea issue filing workflow design
  • Profile/config multi-service model (this batch)
  • Jenkins repo/branch→job mapping design (this batch)
  • GlitchTip/Gitea dedup and linking design (this batch)
  • Safety/boundary doc updates for Jenkins + GlitchTip (this batch)

Acceptance criteria

  • Child issues are linked.
  • Boundary rules are documented clearly.
  • Jenkins and GlitchTip work is planned as separate MCP packages/modules.
  • Read-only work is sequenced before mutations.
  • Mutation tools require explicit allowed operations and audit logging.
Umbrella issue for adding Jenkins and GlitchTip support to the MCP Control Plane while preserving the documented trust-boundary model. Existing docs already define the intended direction (`docs/tool-boundaries.md`, `docs/safety-model.md`, `docs/credential-isolation.md`, `docs/release-workflows.md`, `docs/gitea-execution-profiles.md`): * one MCP server per trust boundary * separate credentials per service * read-only first * mutations gated by profiles/allowed operations * orchestration coordinates tools without consolidating all credentials ## Scope * Jenkins read-only build visibility * GlitchTip read-only observability/error visibility * GlitchTip-to-Gitea issue filing through an orchestrator * shared profile/config/audit model across service boundaries ## Non-goals for phase 1 * Jenkins build triggers * deploy actions * automatic GlitchTip polling that files issues without explicit invocation * giving GlitchTip tools direct Gitea write credentials * putting Jenkins/GlitchTip logic directly into `mcp_server.py` ## Child / related issues * #71 — ADR: Jenkins/GlitchTip/MCP Control Plane architecture (note: direction is already set by existing docs; ADR should extend the boundary model, not re-decide it) * #72 — Jenkins read-only build status tools design * #73 — GlitchTip read-only issue/event tools design * #74 — GlitchTip-to-Gitea issue filing workflow design * Profile/config multi-service model (this batch) * Jenkins repo/branch→job mapping design (this batch) * GlitchTip/Gitea dedup and linking design (this batch) * Safety/boundary doc updates for Jenkins + GlitchTip (this batch) ## Acceptance criteria * Child issues are linked. * Boundary rules are documented clearly. * Jenkins and GlitchTip work is planned as separate MCP packages/modules. * Read-only work is sequenced before mutations. * Mutation tools require explicit allowed operations and audit logging.
jcwalker3 added the mcpsecurityroadmapjenkinsglitchtip labels 2026-07-02 05:46:48 -05:00
Sign in to join this conversation.