- Updated jenkins-readonly and glitchtip-readonly skills in _PROJECT_SKILLS: - Descriptions and notes now use actual server names (jenkins-mcp, glitchtip-mcp) - Explain historical -readonly skill names vs registration in mcp-control-plane #55 - Note gated trigger in jenkins-mcp (see #56), partial filing in glitchtip (see #57) - Updated docs/safety-model.md: naming note, corrected mutation gating claims for trigger/filing - Updated docs/architecture/jenkins-readonly-build-status-design.md: naming note, updated Phase 1 to account for gated trigger - No behavior change to skill status/availability; no secrets exposed - AC: stale naming explained, actual names documented, Jenkins claims corrected, GlitchTip filing as partial, no over-claiming Closes #154
26 lines
1.9 KiB
Markdown
26 lines
1.9 KiB
Markdown
# MCP Safety Model
|
|
|
|
This document outlines the safety requirements for all tools within the MCP monorepo.
|
|
|
|
## 1. Audit Logging and Confirmation
|
|
All mutating actions (e.g., triggering builds, creating resources, updating environments) must be recorded in an audit log. These actions require explicit confirmation from the user before execution to prevent accidental state changes.
|
|
|
|
## 2. Production Environment Safety
|
|
Any action that targets a production environment must have a hard confirmation gate. Production actions must never run based on vague or ambiguous prompts. The user must provide explicit, unambiguous consent to proceed with a production deployment or modification.
|
|
|
|
## 3. Secret Redaction
|
|
To maintain a secure environment, all secrets, tokens, passwords, and sensitive keys must be strictly redacted from:
|
|
- System and application logs
|
|
- Tool return values/outputs
|
|
- Any form of persistent storage or console output
|
|
|
|
## 4. Read-Only First Policy
|
|
By default, MCP servers (such as `jenkins-mcp` and `ops-mcp`) operate in a **read-only** mode. Mutation capabilities are deny-by-default and fail-closed.
|
|
|
|
Note on naming: Historical design docs used `jenkins-readonly` / `glitchtip-readonly` skill names. Actual server packages are `jenkins-mcp` / `glitchtip-mcp` (registered via entry points in mcp-control-plane). See Gitea-Tools skills and mcp-control-plane #55 for registration.
|
|
|
|
## 5. Mutation Gating
|
|
Any mutating action (e.g., Gitea issue creation from GlitchTip, or Jenkins builds) must be explicitly allowed by the execution profile.
|
|
- **Jenkins build triggers** exist in jenkins-mcp (landed #4) but require dedicated profile/identity and exact confirmation; not on standard reader profiles. See #56 for boundary correction.
|
|
- **GlitchTip to Gitea issue filing** is documented as a gated, orchestrated workflow (not in glitchtip-mcp), currently partial (mocked, dedup not wired, audit missing). See #57.
|