Back to docs

MCP security boundaries in Mqttable

How Mqttable keeps local MCP useful for agents while rejecting remote exposure, URL tokens, origins, and raw secrets.

Jun 24, 2026Mqttable EngineeringMqttable Engineering

Mqttable’s MCP endpoint is powerful because it can inspect and operate local MQTT workflows. That power needs a hard boundary. The endpoint is local-only by default, requires an authorization header, rejects token query strings, and can be paused from Settings.

Interactive diagram

Trust boundary: local client, bearer header, secret intake, plan review, verified result.

Placeholder for the interactive diagram. Replace with the generated artifact when ready.

placeholder

Network boundary

MCP accepts POST JSON on /mcp. It is local-only by default. Remote access is not a public deployment mode unless the runtime is explicitly configured as a remote development sandbox.

Secret boundary

Raw passwords, bearer tokens, PEM certificates, private keys, API keys, and secret-bearing payloads do not belong in MCP arguments or results. TLS and credential workflows use intake pages or APIs, then pass SecretRef, CertRef, and KeyRef handles.

Diagnostic boundary

  • mqttable_doctor is passive by default. It does not connect to brokers, publish, write config, or create plans unless an active self-probe is explicitly requested.

Human boundary

Agents can prepare a plan. Humans review the masked diff and decide whether to apply it. That line is the difference between useful automation and a dangerous chatbot.