Türkçe sürüm: docs/tr/security/security-model.md
mcp-code uses a deny-by-default posture around mutation and verification.
- The public tool surface does not expose raw file CRUD helpers.
- The public tool surface does not expose arbitrary shell execution.
- Edit application only runs against a remembered edit plan.
- Verification only uses configured script names and allowed commands.
- Workspace access stays bound to configured allowed paths.
apply_safe_edit requires a valid planId produced by plan_safe_edit.
That protects the workflow in two ways:
- The edit must fit within previously planned symbol and file scope.
- The analyzer can reject edits that do not match the approved plan boundary.
- MCP protocol traffic uses stdout.
- Logs are written to stderr.
- In-memory telemetry is used for runtime sampling without changing the public contract.
Last updated: 2026-03-10