MCP security boundaries in Mqttable
How Mqttable keeps local MCP useful for agents while rejecting remote exposure, URL tokens, origins, and raw secrets.
Mqttable’s MCP endpoint is powerful because it can inspect and operate local MQTT workflows. That power needs a hard boundary. The endpoint is local-only by default, requires an authorization header, rejects token query strings, and can be paused from Settings.
Interactive diagram
Trust boundary: local client, bearer header, secret intake, plan review, verified result.
Placeholder for the interactive diagram. Replace with the generated artifact when ready.
Network boundary
MCP accepts POST JSON on /mcp. It is local-only by default. Remote access is not a public deployment mode unless the runtime is explicitly configured as a remote development sandbox.
Secret boundary
Raw passwords, bearer tokens, PEM certificates, private keys, API keys, and secret-bearing payloads do not belong in MCP arguments or results. TLS and credential workflows use intake pages or APIs, then pass SecretRef, CertRef, and KeyRef handles.
Diagnostic boundary
mqttable_doctoris passive by default. It does not connect to brokers, publish, write config, or create plans unless an active self-probe is explicitly requested.
Human boundary
Agents can prepare a plan. Humans review the masked diff and decide whether to apply it. That line is the difference between useful automation and a dangerous chatbot.