Updated architecture with consideration to rune-admin#4
Conversation
There was a problem hiding this comment.
Pull request overview
This PR restructures the Rune plugin's architecture to enforce proper security isolation between the plugin and Vault components. The key change removes local Vault MCP server functionality from user machines and configures it to connect to a remote Vault server deployed by team administrators, ensuring that decryption keys (SecKey) never exist on user machines.
Changes:
- Removed local Vault MCP server implementation and deployment scripts
- Updated all scripts to only manage the envector-mcp-server locally
- Reconfigured MCP server connections to use SSE for remote Vault access
- Added Git submodule for envector-mcp-server with HTTPS URL
- Enhanced JSON merging in configuration script with Python fallback
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/start-mcp-servers.sh | Updated to start only envector-mcp-server locally; removed Vault MCP local startup |
| scripts/configure-claude-mcp.sh | Added Python-based JSON merging fallback and improved error handling |
| scripts/check-infrastructure.sh | Modified to check only local envector-mcp-server; added note about remote Vault |
| mcp/vault/vault_mcp.py | Removed entire local Vault MCP server implementation |
| mcp/vault/run_vault.sh | Removed local Vault startup script |
| mcp/envector-mcp-server | Added as Git submodule pointing to external repository |
| CHANGELOG.md | Documented security architecture changes and version bump to 0.2.1 |
| .gitmodules | Changed submodule URL from SSH to HTTPS |
| .github/claude-plugin.json | Updated version and reconfigured Vault MCP to use SSE connection |
| .claude/mcp_servers.template.json | Changed Vault configuration from local command to remote SSE URL |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@sunchuljung I've opened a new pull request, #5, to work on those changes. Once the pull request is ready, I'll request review from you. |
Co-authored-by: sunchuljung <108503957+sunchuljung@users.noreply.github.com>
Co-authored-by: sunchuljung <108503957+sunchuljung@users.noreply.github.com>
Co-authored-by: sunchuljung <108503957+sunchuljung@users.noreply.github.com>
Fix shell variable interpolation in Python heredoc
|
@sunchuljung I've opened a new pull request, #6, to work on those changes. Once the pull request is ready, I'll request review from you. |
|
@sunchuljung I've opened a new pull request, #7, to work on those changes. Once the pull request is ready, I'll request review from you. |
No description provided.