From df840855cf2cd7ce66e3095a1e5e0e6f2fd2c26b Mon Sep 17 00:00:00 2001 From: Jason Walker <913443@dadeschools.net> Date: Thu, 2 Jul 2026 14:34:31 -0400 Subject: [PATCH] docs: update safety and boundary docs for Jenkins/GlitchTip (#79) --- docs/credential-isolation.md | 2 +- docs/safety-model.md | 8 ++++++++ docs/tool-boundaries.md | 3 ++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/docs/credential-isolation.md b/docs/credential-isolation.md index e8b34b8..0981aef 100644 --- a/docs/credential-isolation.md +++ b/docs/credential-isolation.md @@ -5,5 +5,5 @@ This document describes how credentials and sensitive environment variables are ## Separate Credentials Even though multiple MCP servers share the same monorepo, they **must** have separate credentials and runtimes. -- **No Shared Environments**: Each MCP server (`gitea-mcp`, `jenkins-mcp`, `ops-mcp`, etc.) must be instantiated as an independent service with its own dedicated `.env` configuration file. +- **No Shared Environments**: Each MCP server (`gitea-mcp`, `jenkins-mcp`, `glitchtip-mcp`, `ops-mcp`, etc.) must be instantiated as an independent service with its own dedicated `.env` configuration file. - **Strict Isolation**: A server will only have access to the credentials required for its specific trust boundary. For instance, `gitea-mcp` has no access to Jenkins or Ops authentication tokens. diff --git a/docs/safety-model.md b/docs/safety-model.md index bcc92a4..fd2549c 100644 --- a/docs/safety-model.md +++ b/docs/safety-model.md @@ -13,3 +13,11 @@ To maintain a secure environment, all secrets, tokens, passwords, and sensitive - System and application logs - Tool return values/outputs - Any form of persistent storage or console output + +## 4. Read-Only First Policy +By default, MCP servers (such as `jenkins-mcp` and `ops-mcp`) operate in a **read-only** mode. Mutation capabilities are deny-by-default and fail-closed. + +## 5. Mutation Gating +Any mutating action (e.g., Gitea issue creation from GlitchTip, or Jenkins builds) must be explicitly allowed by the execution profile. +- **Jenkins build triggers** are explicitly deferred for phase 1. +- **GlitchTip to Gitea issue filing** is documented as a gated, orchestrated workflow, not a direct unprompted automatic action. diff --git a/docs/tool-boundaries.md b/docs/tool-boundaries.md index d5c29cd..fd53346 100644 --- a/docs/tool-boundaries.md +++ b/docs/tool-boundaries.md @@ -2,7 +2,7 @@ This document defines the strict boundaries between the different MCP server packages within the monorepo. -The project is named **MCP Control Plane** and lives in the `mcp-control-plane` repository. It groups the following packages: `common`, `gitea-mcp`, `jenkins-mcp`, `ops-mcp`, and `release-mcp`. +The project is named **MCP Control Plane** and lives in the `mcp-control-plane` repository. It groups the following packages: `common`, `gitea-mcp`, `jenkins-mcp`, `glitchtip-mcp`, `ops-mcp`, and `release-mcp`. ## 1. Architectural Philosophy - **One MCP Server per Trust Boundary**: While the packages share a monorepo, their runtime services must remain entirely separate. There is no single "everything" server. @@ -10,4 +10,5 @@ The project is named **MCP Control Plane** and lives in the `mcp-control-plane` ## 2. Package-Specific Boundaries - **gitea-mcp**: Restricted to source-control and work-item capabilities (issues, PRs, comments). This package **must not** have Jenkins or Ops credentials, nor can it execute deploy operations. - **jenkins-mcp**: Focused on CI/CD capabilities. This package **must not** have Ops credentials unless explicitly configured for a specific, isolated pipeline later. +- **glitchtip-mcp**: Dedicated to observability and error reporting. This package **must not** have Gitea write credentials or Jenkins deploy capabilities. - **ops-mcp**: Dedicated to live environment and host checks. In its initial state, this package starts as strictly read-only (e.g., health checks, status checks, log reading). -- 2.43.7