docs(cloud): scope is a guardrail; read-only rests on the IAM floor#65
Merged
sourcehawk merged 1 commit intoMay 31, 2026
Merged
Conversation
…IAM floor Addresses two review findings: scope only constrains explicit --project/--region values (omission falls back to the CLI default, so hard project confinement is the per-project IAM grant), and allowlist entries must be leaf read-verbs (an intermediate override would admit mutating siblings via prefix match; the no-write guarantee is the read-only IAM grant, not the allowlist alone). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Towards #44
Addresses two review findings on the cloud-context MCP that are guardrail-vs-floor clarifications rather than code bugs. Both reduce to the same principle, now stated explicitly in the docs: scope and the command allowlist are guardrails on the agent's explicit behavior, while the read-only, per-project IAM grant on the pinned identity is the hard floor.
Changes
validate.go:74). The Scope section now states that scope constrains the value of an explicit--project/--region/--zone, but omitting the flag falls back to the CLI's default target, which scope does not police. Hard project confinement comes from granting the pinned identity read-only IAM only on the in-scope projects (as the setup section already recommends); region scope is a guardrail against explicit pivots, not a hard limit.allowlist.go:120). The Command-allowlist section now states entries must be complete leaf verbs, never an intermediate group path, because the prefix match would otherwise admit sibling verbs including mutating ones. The shipped defaults are all leaf reads, and the no-write guarantee rests on the read-only IAM grant (a viewer principal's mutating call fails at the cloud), not on the allowlist alone.Testing
Docs-only.
make docsbuilds the site and regenerates thecloud-providers/route. The corresponding security improvements these clarify (the bidirectional deny-floor filter and the bounded probe) shipped in #64.🤖 Generated with Claude Code