Files
Gitea-Tools/docs/safety-model.md
T
sysadminandClaude Opus 4.8 b4e04f4dfb docs: separate Jenkins trigger onto jenkins-write-mcp boundary (#152)
Document that build triggers live on the gated jenkins-write-mcp server,
not the read-only jenkins-mcp surface. Add registration and safety-model
cross-links plus doc tests that fail if trigger tools reappear on the read
boundary.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
2026-07-06 13:26:58 -04:00

2.0 KiB

MCP Safety Model

This document outlines the safety requirements for all tools within the MCP monorepo.

1. Audit Logging and Confirmation

All mutating actions (e.g., triggering builds, creating resources, updating environments) must be recorded in an audit log. These actions require explicit confirmation from the user before execution to prevent accidental state changes.

2. Production Environment Safety

Any action that targets a production environment must have a hard confirmation gate. Production actions must never run based on vague or ambiguous prompts. The user must provide explicit, unambiguous consent to proceed with a production deployment or modification.

3. Secret Redaction

To maintain a secure environment, all secrets, tokens, passwords, and sensitive keys must be strictly redacted from:

  • System and application logs
  • Tool return values/outputs
  • Any form of persistent storage or console output

4. Read-Only First Policy

By default, MCP servers (such as jenkins-mcp and ops-mcp) operate in a read-only mode. Mutation capabilities are deny-by-default and fail-closed.

Note on naming: Historical design docs used jenkins-readonly / glitchtip-readonly skill names. Actual server packages are jenkins-mcp / glitchtip-mcp (registered via entry points in mcp-control-plane). See Gitea-Tools skills and mcp-control-plane #55 for registration.

5. Mutation Gating

Any mutating action (e.g., Gitea issue creation from GlitchTip, or Jenkins builds) must be explicitly allowed by the execution profile.

  • Jenkins build triggers are gated on a separate write boundary (jenkins-write-mcp / jenkins_mcp.write_server), not on the read-only jenkins-mcp surface. Triggers require a dedicated profile with jenkins.build.trigger, exact confirmation, and fail-closed mutation audit. No default profile carries trigger capability (#152 / mcp-control-plane #56).
  • GlitchTip to Gitea issue filing is a library-only orchestrator in mcp-control-plane (not on glitchtip-mcp). See #153 / mcp-control-plane #57.