ticket: accept mcp stdio config trust
This commit is contained in:
parent
a5df9e3728
commit
b0225e48b8
|
|
@ -1 +1,2 @@
|
|||
{"id":"orch-plan-20260620-060022-1","ticket_id":"00001KVHR3WRF","kind":"waiting_capacity_note","note":"Panel Queue was accepted for routing review, but implementation is held because `00001KVHKWNQS` is currently inprogress with active Coder work. Leave this MCP foundation Ticket queued; reroute when current implementation capacity is free.","author":"yoi-orchestrator","at":"2026-06-20T06:00:22Z"}
|
||||
{"id":"orch-plan-20260620-065554-2","ticket_id":"00001KVHR3WRF","kind":"accepted_plan","accepted_plan":{"summary":"Named local stdio MCP server configuration and trust policy metadataを追加する。This Ticket only parses/validates config and diagnostics; it must not spawn subprocesses or implement JSON-RPC lifecycle. Command/env/secret fields must fail closed, redact sensitive values, and document that local MCP executables run with user OS permissions outside Yoi feature sandbox authority.","branch":"impl/00001KVHR3WRF-mcp-stdio-config-trust","worktree":"/home/hare/Projects/yoi/.worktree/00001KVHR3WRF-mcp-stdio-config-trust","role_plan":"Orchestrator は acceptance records を commit 後、専用 implementation worktree `.worktree/00001KVHR3WRF-mcp-stdio-config-trust` を作成し、Coder をその child worktree への narrow write scope で起動する。Coder 実装後、Reviewer が config schema、trust boundary docs、secret redaction、fail-closed validation、no auto-start/no process execution、Profile/config layering separation を確認する。"},"author":"yoi-orchestrator","at":"2026-06-20T06:55:54Z"}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
---
|
||||
title: 'MCP: add local stdio server config and trust policy'
|
||||
state: 'queued'
|
||||
state: 'inprogress'
|
||||
created_at: '2026-06-20T05:30:04Z'
|
||||
updated_at: '2026-06-20T06:00:44Z'
|
||||
updated_at: '2026-06-20T06:56:23Z'
|
||||
assignee: null
|
||||
readiness: 'implementation_ready'
|
||||
risk_flags: ['mcp', 'config', 'trust-boundary', 'secrets', 'process-exec']
|
||||
|
|
|
|||
|
|
@ -33,3 +33,69 @@ Next:
|
|||
- `00001KVHKWNQS` が完了して実装 capacity が空いた後、改めて reroute する。
|
||||
|
||||
---
|
||||
|
||||
<!-- event: decision author: yoi-orchestrator at: 2026-06-20T06:56:16Z -->
|
||||
|
||||
## Decision
|
||||
|
||||
Routing decision: implementation_ready
|
||||
|
||||
Reason:
|
||||
- Panel Queue により、この Ticket は Orchestrator routing 対象として明示許可された。
|
||||
- Ticket body は local stdio MCP server configuration / trust policy の範囲を、spawning/lifecycle を含まない config parse/validation/diagnostics Ticket として明確に定義している。
|
||||
- 前回の waiting_capacity note は `00001KVHKWNQS` が inprogress だったためだが、現在 `00001KVHKWNQS` は closed で capacity blocker は解消済み。
|
||||
- `00001KVHR3WRF` 自身には未解決 blocking relation はない。Incoming `00001KVHR3WRY depends_on this` は後続 Ticket であり blocker ではない。
|
||||
- 現在 inprogress は 0 件、child implementation Pods はなし、matching branch/worktree はなし、Orchestrator worktree は clean。
|
||||
- Risk domain は mcp / config / trust-boundary / secrets / process-exec だが、Ticket は no process spawning、no auto-start、secret redaction、local executable trust boundary、Plugin permissions / `pod::feature` authority separation などの invariants を明示している。bounded context check 後も implementation 前に必要な追加 human decision は見つからなかった。
|
||||
|
||||
Evidence checked:
|
||||
- Ticket `00001KVHR3WRF` body / thread / relations / artifacts。
|
||||
- `TicketRelationQuery(00001KVHR3WRF)`: no outgoing blocking dependency; incoming lifecycle Ticket depends on this。
|
||||
- `TicketOrchestrationPlanQuery(00001KVHR3WRF)`: previous waiting capacity note resolved by `00001KVHKWNQS` closure; accepted plan recorded now。
|
||||
- Workspace state:
|
||||
- Orchestrator worktree clean at `a5df9e37`。
|
||||
- queued: MCP chain remains queued。
|
||||
- inprogress: 0。
|
||||
- visible Pods: self + peers only; spawned children 0。
|
||||
- no matching MCP implementation branch/worktree。
|
||||
|
||||
IntentPacket:
|
||||
|
||||
Intent:
|
||||
- Add typed Profile/config support for named local stdio MCP servers and the trust-policy diagnostics around that config。
|
||||
- This Ticket is intentionally config-only: parse, validate, redact, and document; do not spawn processes or implement JSON-RPC lifecycle。
|
||||
|
||||
Binding decisions / invariants:
|
||||
- No package/workspace presence auto-start。Config alone must not spawn an MCP process。
|
||||
- Local stdio MCP servers are local executables running with user OS permissions; Yoi feature authority does not sandbox OS-level side effects。
|
||||
- Keep MCP config/trust policy separate from Plugin permissions and `pod::feature` authority。
|
||||
- Config must be explicit and named; no implicit discovery or auto-enablement。
|
||||
- Command/args/cwd/env/secret-related configuration must validate fail-closed with bounded diagnostics。
|
||||
- Secret/env values must be redacted in diagnostics/log/model-facing surfaces; do not persist plaintext secrets through errors/debug output。
|
||||
- This Ticket must not implement initialize/capability negotiation, tool/resource/prompt registration, streamable HTTP/OAuth/remote MCP, or subprocess spawning。
|
||||
|
||||
Requirements / acceptance criteria:
|
||||
- A Profile/config can declare a named local stdio MCP server。
|
||||
- Invalid command/env/secret config is rejected with bounded diagnostic。
|
||||
- Secrets are not emitted in plaintext diagnostics/log/model context。
|
||||
- Config alone does not spawn a process。
|
||||
- Docs explain that configured local MCP servers are not OS-sandboxed by Yoi feature authority。
|
||||
- Tests cover valid config, invalid config, secret redaction, and no auto-start。
|
||||
|
||||
Escalate if:
|
||||
- Existing Profile/config model cannot represent MCP server declarations without a broader config/profile schema decision。
|
||||
- Secret reference representation would require changing the local secret-store policy rather than referencing existing secret/env abstractions。
|
||||
- Tests require actual process spawning; that belongs to a later Ticket, not this one。
|
||||
|
||||
Next action:
|
||||
- Record `queued -> inprogress` and commit Ticket records before creating the implementation worktree and spawning Coder。
|
||||
|
||||
---
|
||||
|
||||
<!-- event: state_changed author: yoi-orchestrator at: 2026-06-20T06:56:23Z from: queued to: inprogress reason: orchestrator_acceptance_mcp_stdio_config_trust field: state -->
|
||||
|
||||
## State changed
|
||||
|
||||
Ticket body/thread, relation metadata, resolved capacity blocker, Orchestrator worktree state, visible Pods, existing branch/worktree, and bounded MCP config/trust context were checked. There is no unresolved blocking dependency, no inprogress/capacity blocker, and no missing planning decision. Accepting this queued Ticket for implementation before worktree/Pod side effects.
|
||||
|
||||
---
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user