docs(mcp): add comprehensive architecture, security, and production deployment documentation #36017
+2,929
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…yment documentation Add comprehensive documentation addressing PR apache#35163 review feedback: - ARCHITECTURE.md: Explains Flask singleton pattern, multitenant architecture with tenant isolation via RBAC/RLS, process models, database connection management, and deployment considerations (669 lines) - SECURITY.md: Documents authentication (dev and production JWT), authorization (RBAC, RLS, tool permissions), session/CSRF handling, audit logging, compliance considerations, security checklist, and incident response (744 lines) - PRODUCTION.md: Production deployment guide with current status, requirements checklist, deployment configurations (systemd, supervisord, Docker, Kubernetes), reverse proxy setup, monitoring/alerting, migration path, troubleshooting, and performance tuning (1,257 lines) - UPDATING.md: Added MCP service documentation in main project changelog These files provide complete guidance for deployers and future maintainers on architecture decisions, security implementation, and production deployment paths. Addresses all feedback from PR apache#35163 review.
Contributor
|
Bito Automatic Review Skipped - Files Excluded |
![korbit-ai[bot]](https://avatars.githubusercontent.com/in/322216?s=60&v=4){kind=small}
Replace all ASCII art diagrams with professional Mermaid diagrams for better rendering and maintainability: ARCHITECTURE.md: - Request Flow: Sequence diagram showing MCP client to database flow - Multi-Instance Deployment: Graph showing load balancer and MCP instances - Tenant Isolation: Graph showing RBAC and RLS enforcement - Current Implementation: Graph showing tenant isolation mechanisms SECURITY.md: - Refresh Token Pattern: Sequence diagram for token lifecycle - Row-Level Security: Sequence diagram showing RLS enforcement flow - CSRF Token Flow: Sequence diagram with conditional validation PRODUCTION.md: - Production Deployment Overview: Comprehensive architecture diagram showing all tiers (External, DMZ, Application, Data, Monitoring) Mermaid diagrams provide: - Better visual clarity and professionalism - Automatic rendering on GitHub and documentation sites - Easier maintenance and modification - Consistent styling across all diagrams
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #36017 +/- ##
===========================================
+ Coverage 0 68.74% +68.74%
===========================================
Files 0 622 +622
Lines 0 45718 +45718
Branches 0 4975 +4975
===========================================
+ Hits 0 31428 +31428
- Misses 0 13045 +13045
- Partials 0 1245 +1245
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Add required Apache Software Foundation license headers in HTML comment format to all new markdown documentation files: - ARCHITECTURE.md - SECURITY.md - PRODUCTION.md Per Apache project requirements, all files must include the ASF license header. Markdown files use HTML comment format for the license header.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
This PR adds comprehensive documentation for the MCP service in response to review feedback on PR #35163. The documentation addresses all questions raised about the Flask singleton pattern, multitenant architecture, security model, and production deployment path.
Addresses review feedback from PR #35163:
Documentation Added:
ARCHITECTURE.md (669 lines)
SECURITY.md (744 lines)
PRODUCTION.md (1,257 lines)
UPDATING.md
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
N/A - Documentation only
TESTING INSTRUCTIONS
Review the documentation files:
superset/mcp_service/ARCHITECTURE.mdsuperset/mcp_service/SECURITY.mdsuperset/mcp_service/PRODUCTION.mdUPDATING.md(MCP service section in "Next" release)All documentation:
ADDITIONAL INFORMATION