Safety Modes¶
The MCP server uses safety modes to control which tools are available. Each tool has a safety classification, and the server only exposes tools that match or are below the current mode.
Modes¶
Read-Only (Default)¶
Only tools classified as read are available. No resources can be created, modified, or deleted.
Use cases: Exploring infrastructure, answering questions, generating reports.
Non-Destructive¶
Tools classified as read and write (create/update) are available. Delete operations are blocked.
Use cases: Creating DNS records, deploying Helm charts, writing files.
Full Access¶
All tools are available, including destructive operations (delete resources, drain nodes, uninstall releases).
Use cases: Trusted automation, cleanup tasks, full infrastructure management.
Warning
Full access mode allows the AI to delete resources, remove DNS records, uninstall Helm releases, and drain Kubernetes nodes. Use only in controlled environments.
Safety Classification¶
Each tool is tagged with one of three safety levels:
| Level | Description | Examples |
|---|---|---|
| Read | Query/list operations, no side effects | list_dns_zones, kube_list_pods, fs_read_file |
| Write | Create or modify resources | create_dns_record, kube_scale, fs_write_file |
| Destructive | Delete or remove resources | delete_dns_record, kube_delete, helm_uninstall |
Mode Compatibility¶
| Tool safety | read-only | non-destructive | allow-writes |
|---|---|---|---|
| Read | Yes | Yes | Yes |
| Write | No | Yes | Yes |
| Destructive | No | No | Yes |
Audit Logging¶
All tool executions are logged to stderr with:
- Timestamp
- Tool name
- Safety level
- Parameters (sanitized)
This provides an audit trail of all operations performed through the MCP server.