{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreiewzexpvywefkncvrnnluxoffq334nz72isx7ey453hzkklttge6q",
"uri": "at://did:plc:lk3jfj3zq4k4wxnk474axylu/app.bsky.feed.post/3moxxuzljgnt2"
},
"path": "/t/best-practices-for-working-with-remote-local-code-repo-with-mcp-connectors-developer-mode/1384096#post_2",
"publishedAt": "2026-06-23T17:27:50.000Z",
"site": "https://community.openai.com",
"textContent": "For remote/local repo work, I would separate the workflow into three trust zones rather than one broad MCP connection:\n\n 1. Read-only inspection: list files, read selected files, search symbols, summarize diffs.\n 2. Planned mutation: propose a file-level patch plan before any write-capable tool is exposed.\n 3. Execution: allow writes only after the target paths, command budget, and rollback condition are explicit.\n\n\n\nThe biggest failure mode is letting a connector prove it can access the repo, then immediately treating that as permission to mutate the repo. I would also keep a small audit note per run: repo/ref, allowed paths, tools granted, commands run, and files changed.",
"title": "Best practices for working with remote/local code Repo with MCP Connectors & Developer Mode"
}