b402de83fe
Address reviewer blockers on PR #8: - Remove trailing whitespace in credential-isolation.md and release-workflows.md - Add approved naming coverage (MCP Control Plane / mcp-control-plane project and repo names; common, gitea-mcp, jenkins-mcp, ops-mcp, release-mcp packages) to tool-boundaries.md Documentation-only. No code, scaffolding, or config changes. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
667 B
667 B
Credential Isolation
This document describes how credentials and sensitive environment variables are handled within the MCP tools monorepo.
Separate Credentials
Even though multiple MCP servers share the same monorepo, they must have separate credentials and runtimes.
- No Shared Environments: Each MCP server (
gitea-mcp,jenkins-mcp,ops-mcp, etc.) must be instantiated as an independent service with its own dedicated.envconfiguration file. - Strict Isolation: A server will only have access to the credentials required for its specific trust boundary. For instance,
gitea-mcphas no access to Jenkins or Ops authentication tokens.