Conflux follows a constrained-orchestration model:
- Treat generated implementations as untrusted until gates pass.
- Centralize write governance through contracts and mutation checks.
- Route external MCP usage through one broker with policy + backend profiles.
- Keep observability transport separated from mutation permissions.
- Path isolation: safe path validation under project root.
- Track contracts: write-scope and quality-gate constraints.
- Sentinel gates: structural validation + adversarial checks.
- Red/Green + Smoke gates: enforce project-level regression barriers.
- Forensics lane: reproducible failure history and fingerprinting.
- Governance provenance: policy version/hash + metrics hash logged per admission decision.
- Control-loop rollback: automatic parallelism rollback on post-scale health regression.
- External MCP policy: explicit backend/tool allowlists.
- Backend registry: per-backend egress/required-env/preflight/circuit-breaker config.
Use both layers:
- Runtime backend profile (
set_external_mcp_backend) - Tool authorization policy (
set_external_mcp_policy) - Start from reproducible templates:
conductor/templates/mcp_backends.example.jsonconductor/templates/external_mcp_policy.example.json
Recommended defaults:
- Use narrow
egress_allowlistper backend. - Set
required_envfor tokenized providers. - Run
preflight_external_mcp_backendbefore enabling production calls. - Keep strict mode optional:
CONFLUX_EXTERNAL_MCP_STRICT_MODE=0(default lower-friction)CONFLUX_EXTERNAL_MCP_STRICT_MODE=1(high-assurance mode)
Optional MCP availability behavior:
CONFLUX_OPTIONAL_EXTERNAL_MCP_SOFT_FAIL=1CONFLUX_OPTIONAL_EXTERNAL_MCP_BACKENDS=code7,context7
This allows workflows to proceed when optional augmentation is unavailable.
- Bind Vigilance locally by default (
127.0.0.1). - Require auth/signature on ingest/control channels.
- Keep dashboard/SSE read-only; isolate control endpoints.
- Apply rate limits and bounded queues.
- Use a trusted relay path if worker sandboxes are strict.