docs: ADR-0001 confirm and extend MCP Control Plane boundaries (#71) #85

Closed
jcwalker3 wants to merge 1 commits from docs/issue-71-control-plane-boundary-adr into master
Owner

Implements #71. Architecture documentation only — no code, no Jenkins/GlitchTip implementation.

Adds docs/architecture/adr-0001-mcp-control-plane-boundaries.md (no ADR dir existed; established docs/architecture/ per the issue's fallback convention).

What it does

Confirms the already-documented MCP Control Plane direction (does not reopen it) and extends it to Jenkins and GlitchTip.

Decisions recorded

  • Repo shape: this repo is effectively the gitea-mcp package; recommends extracting a dedicated mcp-control-plane monorepo; no Jenkins/GlitchTip code lands here until settled.
  • Boundaries table: common (credential-free lib), gitea-mcp, jenkins-mcp (read-only), GlitchTip boundary, ops-mcp, release-mcp/orchestrator.
  • GlitchTip placement: recommends a dedicated glitchtip-mcp; alternatives observability-mcp or folding into ops-mcp, with trade-offs.
  • Reaffirmed rules: one server per trust boundary; no "everything" server; separate/service-local credentials; read-only first; namespaced allowed_operations (forbidden overrides, deny-by-default, fail-closed); audited mutations with redaction; orchestrators coordinate, never credential sinks.

Phase-1 non-goals (hard)

No Jenkins build triggers · no deploy triggers · no parameterized job launches · no automatic GlitchTip→Gitea filing · no GlitchTip server holding Gitea write creds · no Jenkins/GlitchTip code in mcp_server.py.

Open owner decisions

Monorepo vs. this repo · GlitchTip placement · cross-service filing (runbook vs. constrained orchestrator) · approved common extraction scope.

Checks

  • py_compile mcp_server.py / manage_labels.py / gitea_auth.py — OK
  • bash -n scripts/clear-provenance — OK
  • git diff --check — clean
  • pytest tests/ -q — 327 passed
  • Secret sweep (no repo scanner; staged-diff) — clean

Scope

Documentation only; no code behavior changed. No README edit (avoids conflict with in-flight README changes in PR #82 / issue #69; no formal ADR index exists yet). Did not touch #67/#69/#65/#66 work.

🤖 Generated with Claude Code

Implements #71. Architecture documentation only — no code, no Jenkins/GlitchTip implementation. Adds `docs/architecture/adr-0001-mcp-control-plane-boundaries.md` (no ADR dir existed; established `docs/architecture/` per the issue's fallback convention). ## What it does **Confirms** the already-documented MCP Control Plane direction (does **not** reopen it) and **extends** it to Jenkins and GlitchTip. ### Decisions recorded - **Repo shape:** this repo is effectively the `gitea-mcp` package; recommends extracting a dedicated `mcp-control-plane` monorepo; **no Jenkins/GlitchTip code lands here** until settled. - **Boundaries table:** `common` (credential-free lib), `gitea-mcp`, `jenkins-mcp` (read-only), GlitchTip boundary, `ops-mcp`, `release-mcp`/orchestrator. - **GlitchTip placement:** recommends a dedicated `glitchtip-mcp`; alternatives `observability-mcp` or folding into `ops-mcp`, with trade-offs. - **Reaffirmed rules:** one server per trust boundary; no "everything" server; separate/service-local credentials; read-only first; namespaced `allowed_operations` (forbidden overrides, deny-by-default, fail-closed); audited mutations with redaction; orchestrators coordinate, never credential sinks. ### Phase-1 non-goals (hard) No Jenkins build triggers · no deploy triggers · no parameterized job launches · no automatic GlitchTip→Gitea filing · no GlitchTip server holding Gitea write creds · no Jenkins/GlitchTip code in `mcp_server.py`. ### Open owner decisions Monorepo vs. this repo · GlitchTip placement · cross-service filing (runbook vs. constrained orchestrator) · approved `common` extraction scope. ## Checks - `py_compile mcp_server.py` / `manage_labels.py` / `gitea_auth.py` — OK - `bash -n scripts/clear-provenance` — OK - `git diff --check` — clean - `pytest tests/ -q` — 327 passed - Secret sweep (no repo scanner; staged-diff) — clean ## Scope Documentation only; no code behavior changed. No README edit (avoids conflict with in-flight README changes in PR #82 / issue #69; no formal ADR index exists yet). Did not touch #67/#69/#65/#66 work. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
jcwalker3 added 1 commit 2026-07-02 12:43:37 -05:00
Add docs/architecture/adr-0001-mcp-control-plane-boundaries.md. Confirms the
already-documented Control Plane direction and extends it to Jenkins and
GlitchTip: package/server boundaries (common, gitea-mcp, jenkins-mcp,
glitchtip-mcp/observability-mcp/ops-mcp, release-mcp), recommended GlitchTip
placement with alternatives, reaffirmed rules (one server per boundary,
service-local creds, read-only first, namespaced allowed_operations, audited
mutations, orchestrators are not credential sinks), hard phase-1 non-goals,
consequences, and explicit open owner decisions. Does not reopen the settled
direction.

Documentation only; no code behavior changed. No Jenkins/GlitchTip
implementation.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
jcwalker3 closed this pull request 2026-07-02 12:45:46 -05:00
jcwalker3 deleted branch docs/issue-71-control-plane-boundary-adr 2026-07-02 12:45:46 -05:00

Pull request closed

Sign in to join this conversation.