{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreihwygwk4jjqh5dfe2gk7364zcalmfgbwwio5ettdwn4fjawazcrx4",
"uri": "at://did:plc:lk3jfj3zq4k4wxnk474axylu/app.bsky.feed.post/3momn6k6qw6f2"
},
"path": "/t/best-practices-for-working-with-remote-local-code-repo-with-mcp-connectors-developer-mode/1384096#post_1",
"publishedAt": "2026-06-19T04:27:31.000Z",
"site": "https://community.openai.com",
"textContent": "Hi OpenAI Team and Community,\n\nWith the recent rollout of MCP (Model Context Protocol) support in ChatGPT Web / Developer Mode, we’ve seen a surge in users connecting their local repositories to GPT-5.5/Pro models, so I’ve been developing an MCP runtime called coding-tools-mcp since May.\n\n**My question is regarding the official stance on “Agentic Safety” for local/remote coding tools:**\n\nIn my project, I’ve implemented **Linux Landlock** and **Docker sandboxing** to ensure the model cannot perform destructive operations or leak sensitive .env files, even if prompted.\n\n 1. Does OpenAI have specific security guidelines for third-party MCP connectors accessing local/remote filesystems?\n 2. Is there a preferred “Semantic Tool” pattern (e.g., using apply_patch vs. raw bash) that OpenAI recommends for better model alignment?\n\n\n\nI believe that for MCP to be a viable professional tool, we need to move past simple “wrappers” and move toward secure, stateful runtimes. I’d love to get feedback on the architecture I’ve built:\nGitHub: xyTom/coding-tools-mcp\nDocs: **coding-1afcb9be.mintlify.app**\n\nLooking forward to your thoughts!",
"title": "Best practices for working with remote/local code Repo with MCP Connectors & Developer Mode"
}