b402de83fe
Address reviewer blockers on PR #8: - Remove trailing whitespace in credential-isolation.md and release-workflows.md - Add approved naming coverage (MCP Control Plane / mcp-control-plane project and repo names; common, gitea-mcp, jenkins-mcp, ops-mcp, release-mcp packages) to tool-boundaries.md Documentation-only. No code, scaffolding, or config changes. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
10 lines
667 B
Markdown
10 lines
667 B
Markdown
# Credential Isolation
|
|
|
|
This document describes how credentials and sensitive environment variables are handled within the MCP tools monorepo.
|
|
|
|
## Separate Credentials
|
|
Even though multiple MCP servers share the same monorepo, they **must** have separate credentials and runtimes.
|
|
|
|
- **No Shared Environments**: Each MCP server (`gitea-mcp`, `jenkins-mcp`, `ops-mcp`, etc.) must be instantiated as an independent service with its own dedicated `.env` configuration file.
|
|
- **Strict Isolation**: A server will only have access to the credentials required for its specific trust boundary. For instance, `gitea-mcp` has no access to Jenkins or Ops authentication tokens.
|