933 B
933 B
MCP Safety Model
This document outlines the safety requirements for all tools within the MCP monorepo.
1. Audit Logging and Confirmation
All mutating actions (e.g., triggering builds, creating resources, updating environments) must be recorded in an audit log. These actions require explicit confirmation from the user before execution to prevent accidental state changes.
2. Production Environment Safety
Any action that targets a production environment must have a hard confirmation gate. Production actions must never run based on vague or ambiguous prompts. The user must provide explicit, unambiguous consent to proceed with a production deployment or modification.
3. Secret Redaction
To maintain a secure environment, all secrets, tokens, passwords, and sensitive keys must be strictly redacted from:
- System and application logs
- Tool return values/outputs
- Any form of persistent storage or console output