{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiewzexpvywefkncvrnnluxoffq334nz72isx7ey453hzkklttge6q",
    "uri": "at://did:plc:lk3jfj3zq4k4wxnk474axylu/app.bsky.feed.post/3moxxuzljgnt2"
  },
  "path": "/t/best-practices-for-working-with-remote-local-code-repo-with-mcp-connectors-developer-mode/1384096#post_2",
  "publishedAt": "2026-06-23T17:27:50.000Z",
  "site": "https://community.openai.com",
  "textContent": "For remote/local repo work, I would separate the workflow into three trust zones rather than one broad MCP connection:\n\n  1. Read-only inspection: list files, read selected files, search symbols, summarize diffs.\n  2. Planned mutation: propose a file-level patch plan before any write-capable tool is exposed.\n  3. Execution: allow writes only after the target paths, command budget, and rollback condition are explicit.\n\n\n\nThe biggest failure mode is letting a connector prove it can access the repo, then immediately treating that as permission to mutate the repo. I would also keep a small audit note per run: repo/ref, allowed paths, tools granted, commands run, and files changed.",
  "title": "Best practices for working with remote/local code Repo with MCP Connectors & Developer Mode"
}