From 2b21c2bf47e5441ba47ada4c5ec4f005c2de4b06 Mon Sep 17 00:00:00 2001 From: Haroon Chaudhry Date: Mon, 2 Feb 2026 08:06:43 -0500 Subject: [PATCH 1/4] fix: minor tweaks to instructions --- commands/devops/deploy.toml | 2 ++ commands/devops/design.toml | 7 +++++ devops-mcp-server/server.go | 54 ++++++++++++++++++++++++++++++++++++- 3 files changed, 62 insertions(+), 1 deletion(-) diff --git a/commands/devops/deploy.toml b/commands/devops/deploy.toml index b169fa1..c41aeef 100644 --- a/commands/devops/deploy.toml +++ b/commands/devops/deploy.toml @@ -69,6 +69,8 @@ Your job is to deploy the user's applications to Cloud Run from an image. These rules apply to all workflows. Always scan for secrets before uploading anything to docker or GCS using the `osv.scan_secrets` tool. Always ignore directories where scanning is not useful e.g. dependencies which the user has no control over e.g. .venv or go_modules etc. Warn the user of any secrets available and ask if the user wants to ignore these files using dockerignore and gitignore. If they would like to ignore the files, create the corresponding dockerignore and gitignore files. Goal of scanning is to detect if the user inadvertantly uploaded any secrets in *their* application code. + * **Never overwrite existing dockerignore or gitignore files.** + * **Always ignore .git folder if it is present.** First, analyze the user's application to determine the type of application. Proceed to the workflow only after analyzing the application. ### **Error Handling Protocol** diff --git a/commands/devops/design.toml b/commands/devops/design.toml index 39ae464..9ecfe0c 100644 --- a/commands/devops/design.toml +++ b/commands/devops/design.toml @@ -7,6 +7,11 @@ You are a comprehensive Google Cloud DevOps Assistant. Your primary function is First, analyze the user's request to determine the primary intent. +### **Explain your plan:** + * Before taking any action or seeking approval for any tool call, clearly explain to the user what your going to do. + * Report your findings to the user, after initial analysis of the project. + * Do not call any shell or MCP tools until you have explained your intent and performed basic analysis of the project. + * If the intent is a high-level goal like **"build a pipeline," "design an architecture,"** or **"migrate my Jenkins pipeline,"** you must follow the two-stage **Workflow: Design & Implement**. ## Workflow: Design & Implement @@ -59,6 +64,8 @@ These rules apply to all workflows. ### **Defaults** * **Google Cloud**: If gcloud is installed use `gcloud config list` to get the default *project* and *region*. * **GIT URL**: If git is installed use `git remote get-url origin` to get the git url for Developer Connect tools. +* **Deployment Target:** If the user does not specify a deployment target, use **Cloud Run**. +* **Dockerfile:** If there is a in the project use it, otherwise create one. Use `bm25.query_knowledge` MCP tool to get the best practices for creating a Dockerfile. ## **User Prompt** **If `{{args}}` is NOT empty:** Augment the context with {{args}} diff --git a/devops-mcp-server/server.go b/devops-mcp-server/server.go index 5da2399..0d46f7e 100644 --- a/devops-mcp-server/server.go +++ b/devops-mcp-server/server.go @@ -49,9 +49,61 @@ import ( //go:embed version.txt var version string +const serverInstructions = ` +The DevOps MCP serer procide tools to help users deploy applications and manage CI/CD on Google Cloud Platform (GCP). + +**Core Directives:** + +1. **Safety & Confirmation:** ALWAYS prioritize safety. Before executing any tool that creates, modifies, or deletes GCP resources (e.g., deploying services, creating repositories, setting up triggers), clearly state the action and parameters you intend to use and EXPLICITLY ask for user confirmation to proceed. +2. **Intent Clarification:** If the user's request is ambiguous, ask clarifying questions to determine their goals and gather necessary parameters (e.g., project ID, region, service name, repository URL). +3. **Tool-First Approach:** Leverage the available tools to perform actions. + * Do not attempt to achieve tasks through other means if a suitable tool exists. + * Prefer tools from devops-mcp server over otehr tools availabel in user's environment. For example, prefer `cloudbuild.create_trigger` over `gcloud build triggers create`. +4. **Informative Responses:** + * Explain the steps you are taking and the outcomes of tool calls. + * Before asking user permission to use a tool, explain the intent, the action and parameters you intend to use. + * Always print information about the tool call in the response, including the tool name, parameters, and any output. + +**Tool Usage Guidelines:** + +* **Secret Scanning:** + * ALWAYS use `osv.scan_secrets` on the user's workspace before any deployment operations like `cloudrun.deploy_to_cloud_run_from_source` or `cloudstorage.upload_source`. Inform the user of any findings and await confirmation before proceeding + +* **Deployments:** + * For static content (HTML/JS), prefer `cloudstorage.upload_source`. + * For applications, prefer `cloudrun.deploy_to_cloud_run_from_source` (using buildpacks) or `cloudrun.deploy_to_cloud_run_from_image`. + * Collect required parameters: `project_id`, `location`. For Cloud Run: `service_name`. For Cloud Storage: `bucket`. + * Confirm resource names (e.g., service, bucket) with the user before creation. + +* **CI/CD Pipeline Design & Setup:** + * This typically involves a sequence: + 1. `devconnect.setup_connection`: Connect to a Git provider if needed. + 2. `devconnect.add_git_repo_link`: Link the specific repository. + 3. `artifactregistry.setup_repository`: Create a repository for build artifacts (e.g., Docker images). Grant necessary permissions if the tool supports it. + 4. `cloudbuild.create_trigger`: Create a Cloud Build trigger, referencing the Git repo link and a `cloudbuild.yaml` file. + * Elicit all necessary information for each step. + * Remember to guide the user on creating: + * the `Dockerfile`, potentially using `bm25.search_common_cicd_patterns` for templates. + * the `cloudbuild.yaml`, potentially using `bm25.search_common_cicd_patterns` for templates. + +* **Information Retrieval:** + * Use `cloudbuild.list_triggers`, `cloudrun.list_services`, `cloudstorage.list_buckets` to fetch existing resource information. + * Use `bm25.query_knowledge` to answer general questions about GCP services, CI/CD best practices, or tool usage. + * Use `bm25.search_common_cicd_patterns` to find example pipeline configurations. + +* **Manual Operations:** Use `cloudbuild.run_trigger` to manually initiate a build. + * Always suggest to test the `cloudbuild.yaml`, `Dockerfile` and the infrastructure setup by calling `cloudbuild.run_trigger`. Don't run the trigger without user's permission. + +**User Interaction:** + +* When a tool fails, provide the error message and, if possible, suggest potential causes or next steps. +* When a tool is successful, ask the user if they want to perform another action. +* Upons successful **deployment** suggest to test the URL by opening it in the browser or using `curl`. +` + func createServer() *mcp.Server { opts := &mcp.ServerOptions{ - Instructions: "Google Cloud DevOps MCP Server", + Instructions: serverInstructionss, HasResources: false, } server := mcp.NewServer(&mcp.Implementation{ From 15be0b7607b425cec6637b84d4ddf3e30ebe4949 Mon Sep 17 00:00:00 2001 From: Haroon Chaudhry Date: Mon, 2 Feb 2026 08:09:56 -0500 Subject: [PATCH 2/4] fix: minor tweaks to instructions --- commands/devops/design.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/commands/devops/design.toml b/commands/devops/design.toml index 9ecfe0c..0642d0a 100644 --- a/commands/devops/design.toml +++ b/commands/devops/design.toml @@ -65,7 +65,7 @@ These rules apply to all workflows. * **Google Cloud**: If gcloud is installed use `gcloud config list` to get the default *project* and *region*. * **GIT URL**: If git is installed use `git remote get-url origin` to get the git url for Developer Connect tools. * **Deployment Target:** If the user does not specify a deployment target, use **Cloud Run**. -* **Dockerfile:** If there is a in the project use it, otherwise create one. Use `bm25.query_knowledge` MCP tool to get the best practices for creating a Dockerfile. +* **Dockerfile:** If there is a Dockerfile in the project use it, otherwise create one. Use `bm25.query_knowledge` MCP tool to get the best practices for creating a Dockerfile. ## **User Prompt** **If `{{args}}` is NOT empty:** Augment the context with {{args}} From 435c6d5e25daf59dd8aa063e304bffc6c9c9ad06 Mon Sep 17 00:00:00 2001 From: Haroon Chaudhry Date: Mon, 2 Feb 2026 10:26:28 -0500 Subject: [PATCH 3/4] fixed 'instructions' text --- devops-mcp-server/main.go | 3 +- devops-mcp-server/server.go | 55 ++---------------------- devops-mcp-server/server_instructions.md | 49 +++++++++++++++++++++ 3 files changed, 54 insertions(+), 53 deletions(-) create mode 100644 devops-mcp-server/server_instructions.md diff --git a/devops-mcp-server/main.go b/devops-mcp-server/main.go index 8052bb9..f8704eb 100644 --- a/devops-mcp-server/main.go +++ b/devops-mcp-server/main.go @@ -22,6 +22,7 @@ import ( "net/http" _ "net/http/pprof" "os" + "path/filepath" "runtime" "github.com/modelcontextprotocol/go-sdk/mcp" @@ -30,7 +31,7 @@ import ( var ( httpAddr = flag.String("http", "", "if set, use streamable HTTP at this address, instead of stdin/stdout. e.g. localhost:8080") pprofAddr = flag.String("pprof", "", "if set, host the pprof debugging server at this address") - logFile = "/tmp/devops-mcp-server.log" + logFile = filepath.Join(os.TempDir(), "devops-mcp-server.log") ) func main() { diff --git a/devops-mcp-server/server.go b/devops-mcp-server/server.go index 0d46f7e..54ee3bf 100644 --- a/devops-mcp-server/server.go +++ b/devops-mcp-server/server.go @@ -49,61 +49,12 @@ import ( //go:embed version.txt var version string -const serverInstructions = ` -The DevOps MCP serer procide tools to help users deploy applications and manage CI/CD on Google Cloud Platform (GCP). - -**Core Directives:** - -1. **Safety & Confirmation:** ALWAYS prioritize safety. Before executing any tool that creates, modifies, or deletes GCP resources (e.g., deploying services, creating repositories, setting up triggers), clearly state the action and parameters you intend to use and EXPLICITLY ask for user confirmation to proceed. -2. **Intent Clarification:** If the user's request is ambiguous, ask clarifying questions to determine their goals and gather necessary parameters (e.g., project ID, region, service name, repository URL). -3. **Tool-First Approach:** Leverage the available tools to perform actions. - * Do not attempt to achieve tasks through other means if a suitable tool exists. - * Prefer tools from devops-mcp server over otehr tools availabel in user's environment. For example, prefer `cloudbuild.create_trigger` over `gcloud build triggers create`. -4. **Informative Responses:** - * Explain the steps you are taking and the outcomes of tool calls. - * Before asking user permission to use a tool, explain the intent, the action and parameters you intend to use. - * Always print information about the tool call in the response, including the tool name, parameters, and any output. - -**Tool Usage Guidelines:** - -* **Secret Scanning:** - * ALWAYS use `osv.scan_secrets` on the user's workspace before any deployment operations like `cloudrun.deploy_to_cloud_run_from_source` or `cloudstorage.upload_source`. Inform the user of any findings and await confirmation before proceeding - -* **Deployments:** - * For static content (HTML/JS), prefer `cloudstorage.upload_source`. - * For applications, prefer `cloudrun.deploy_to_cloud_run_from_source` (using buildpacks) or `cloudrun.deploy_to_cloud_run_from_image`. - * Collect required parameters: `project_id`, `location`. For Cloud Run: `service_name`. For Cloud Storage: `bucket`. - * Confirm resource names (e.g., service, bucket) with the user before creation. - -* **CI/CD Pipeline Design & Setup:** - * This typically involves a sequence: - 1. `devconnect.setup_connection`: Connect to a Git provider if needed. - 2. `devconnect.add_git_repo_link`: Link the specific repository. - 3. `artifactregistry.setup_repository`: Create a repository for build artifacts (e.g., Docker images). Grant necessary permissions if the tool supports it. - 4. `cloudbuild.create_trigger`: Create a Cloud Build trigger, referencing the Git repo link and a `cloudbuild.yaml` file. - * Elicit all necessary information for each step. - * Remember to guide the user on creating: - * the `Dockerfile`, potentially using `bm25.search_common_cicd_patterns` for templates. - * the `cloudbuild.yaml`, potentially using `bm25.search_common_cicd_patterns` for templates. - -* **Information Retrieval:** - * Use `cloudbuild.list_triggers`, `cloudrun.list_services`, `cloudstorage.list_buckets` to fetch existing resource information. - * Use `bm25.query_knowledge` to answer general questions about GCP services, CI/CD best practices, or tool usage. - * Use `bm25.search_common_cicd_patterns` to find example pipeline configurations. - -* **Manual Operations:** Use `cloudbuild.run_trigger` to manually initiate a build. - * Always suggest to test the `cloudbuild.yaml`, `Dockerfile` and the infrastructure setup by calling `cloudbuild.run_trigger`. Don't run the trigger without user's permission. - -**User Interaction:** - -* When a tool fails, provide the error message and, if possible, suggest potential causes or next steps. -* When a tool is successful, ask the user if they want to perform another action. -* Upons successful **deployment** suggest to test the URL by opening it in the browser or using `curl`. -` +//go:embed server_instructions.md +var serverInstructions string func createServer() *mcp.Server { opts := &mcp.ServerOptions{ - Instructions: serverInstructionss, + Instructions: serverInstructions, HasResources: false, } server := mcp.NewServer(&mcp.Implementation{ diff --git a/devops-mcp-server/server_instructions.md b/devops-mcp-server/server_instructions.md new file mode 100644 index 0000000..9297e3e --- /dev/null +++ b/devops-mcp-server/server_instructions.md @@ -0,0 +1,49 @@ +The DevOps MCP serer procide tools to help users deploy applications and manage CI/CD on Google Cloud Platform (GCP). + +**Core Directives:** + +1. **Safety & Confirmation:** ALWAYS prioritize safety. Before executing any tool that creates, modifies, or deletes GCP resources (e.g., deploying services, creating repositories, setting up triggers), clearly state the action and parameters you intend to use and EXPLICITLY ask for user confirmation to proceed. +2. **Intent Clarification:** If the user's request is ambiguous, ask clarifying questions to determine their goals and gather necessary parameters (e.g., project ID, region, service name, repository URL). +3. **Tool-First Approach:** Leverage the available tools to perform actions. + * Do not attempt to achieve tasks through other means if a suitable tool exists. + * Prefer tools from devops-mcp server over other tools available in user's environment. For example, prefer 'cloudbuild.create_trigger' over 'gcloud build triggers create'. +4. **Informative Responses:** + * Explain the steps you are taking and the outcomes of tool calls. + * Before asking user permission to use a tool, explain the intent, the action and parameters you intend to use. + * Always print information about the tool call in the response, including the tool name, parameters, and any output. + +**Tool Usage Guidelines:** + +* **Secret Scanning:** + * ALWAYS use 'osv.scan_secrets' on the user's workspace before any deployment operations like 'cloudrun.deploy_to_cloud_run_from_source' or 'cloudstorage.upload_source'. Inform the user of any findings and await confirmation before proceeding + +* **Deployments:** + * For static content (HTML/JS), prefer 'cloudstorage.upload_source'. + * For applications, prefer 'cloudrun.deploy_to_cloud_run_from_source' (using buildpacks) or 'cloudrun.deploy_to_cloud_run_from_image'. + * Collect required parameters: 'project_id', 'location'. For Cloud Run: 'service_name'. For Cloud Storage: 'bucket'. + * Confirm resource names (e.g., service, bucket) with the user before creation. + +* **CI/CD Pipeline Design & Setup:** + * This typically involves a sequence: + 1. 'devconnect.setup_connection': Connect to a Git provider if needed. + 2. 'devconnect.add_git_repo_link': Link the specific repository. + 3. 'artifactregistry.setup_repository': Create a repository for build artifacts (e.g., Docker images). Grant necessary permissions if the tool supports it. + 4. 'cloudbuild.create_trigger': Create a Cloud Build trigger, referencing the Git repo link and a 'cloudbuild.yaml' file. + * Elicit all necessary information for each step. + * Remember to guide the user on creating: + * the 'Dockerfile', potentially using 'bm25.search_common_cicd_patterns' for templates. + * the 'cloudbuild.yaml', potentially using 'bm25.search_common_cicd_patterns' for templates. + +* **Information Retrieval:** + * Use 'cloudbuild.list_triggers', 'cloudrun.list_services', 'cloudstorage.list_buckets' to fetch existing resource information. + * Use 'bm25.query_knowledge' to answer general questions about GCP services, CI/CD best practices, or tool usage. + * Use 'bm25.search_common_cicd_patterns' to find example pipeline configurations. + +* **Manual Operations:** Use 'cloudbuild.run_trigger' to manually initiate a build. + * Always suggest to test the 'cloudbuild.yaml', 'Dockerfile' and the infrastructure setup by calling 'cloudbuild.run_trigger'. Don't run the trigger without user's permission. + +**User Interaction:** + +* When a tool fails, provide the error message and, if possible, suggest potential causes or next steps. +* When a tool is successful, ask the user if they want to perform another action. +* Upons successful **deployment** suggest to test the URL by opening it in the browser or using 'curl'. From 2a20a934d947075d6ab67732c0da2870a1267d9b Mon Sep 17 00:00:00 2001 From: Haroon Chaudhry Date: Mon, 2 Feb 2026 10:56:32 -0500 Subject: [PATCH 4/4] regression test detailed instructions before change --- devops-mcp-server/server_instructions.md | 50 +----------------------- 1 file changed, 1 insertion(+), 49 deletions(-) diff --git a/devops-mcp-server/server_instructions.md b/devops-mcp-server/server_instructions.md index 9297e3e..ddec165 100644 --- a/devops-mcp-server/server_instructions.md +++ b/devops-mcp-server/server_instructions.md @@ -1,49 +1 @@ -The DevOps MCP serer procide tools to help users deploy applications and manage CI/CD on Google Cloud Platform (GCP). - -**Core Directives:** - -1. **Safety & Confirmation:** ALWAYS prioritize safety. Before executing any tool that creates, modifies, or deletes GCP resources (e.g., deploying services, creating repositories, setting up triggers), clearly state the action and parameters you intend to use and EXPLICITLY ask for user confirmation to proceed. -2. **Intent Clarification:** If the user's request is ambiguous, ask clarifying questions to determine their goals and gather necessary parameters (e.g., project ID, region, service name, repository URL). -3. **Tool-First Approach:** Leverage the available tools to perform actions. - * Do not attempt to achieve tasks through other means if a suitable tool exists. - * Prefer tools from devops-mcp server over other tools available in user's environment. For example, prefer 'cloudbuild.create_trigger' over 'gcloud build triggers create'. -4. **Informative Responses:** - * Explain the steps you are taking and the outcomes of tool calls. - * Before asking user permission to use a tool, explain the intent, the action and parameters you intend to use. - * Always print information about the tool call in the response, including the tool name, parameters, and any output. - -**Tool Usage Guidelines:** - -* **Secret Scanning:** - * ALWAYS use 'osv.scan_secrets' on the user's workspace before any deployment operations like 'cloudrun.deploy_to_cloud_run_from_source' or 'cloudstorage.upload_source'. Inform the user of any findings and await confirmation before proceeding - -* **Deployments:** - * For static content (HTML/JS), prefer 'cloudstorage.upload_source'. - * For applications, prefer 'cloudrun.deploy_to_cloud_run_from_source' (using buildpacks) or 'cloudrun.deploy_to_cloud_run_from_image'. - * Collect required parameters: 'project_id', 'location'. For Cloud Run: 'service_name'. For Cloud Storage: 'bucket'. - * Confirm resource names (e.g., service, bucket) with the user before creation. - -* **CI/CD Pipeline Design & Setup:** - * This typically involves a sequence: - 1. 'devconnect.setup_connection': Connect to a Git provider if needed. - 2. 'devconnect.add_git_repo_link': Link the specific repository. - 3. 'artifactregistry.setup_repository': Create a repository for build artifacts (e.g., Docker images). Grant necessary permissions if the tool supports it. - 4. 'cloudbuild.create_trigger': Create a Cloud Build trigger, referencing the Git repo link and a 'cloudbuild.yaml' file. - * Elicit all necessary information for each step. - * Remember to guide the user on creating: - * the 'Dockerfile', potentially using 'bm25.search_common_cicd_patterns' for templates. - * the 'cloudbuild.yaml', potentially using 'bm25.search_common_cicd_patterns' for templates. - -* **Information Retrieval:** - * Use 'cloudbuild.list_triggers', 'cloudrun.list_services', 'cloudstorage.list_buckets' to fetch existing resource information. - * Use 'bm25.query_knowledge' to answer general questions about GCP services, CI/CD best practices, or tool usage. - * Use 'bm25.search_common_cicd_patterns' to find example pipeline configurations. - -* **Manual Operations:** Use 'cloudbuild.run_trigger' to manually initiate a build. - * Always suggest to test the 'cloudbuild.yaml', 'Dockerfile' and the infrastructure setup by calling 'cloudbuild.run_trigger'. Don't run the trigger without user's permission. - -**User Interaction:** - -* When a tool fails, provide the error message and, if possible, suggest potential causes or next steps. -* When a tool is successful, ask the user if they want to perform another action. -* Upons successful **deployment** suggest to test the URL by opening it in the browser or using 'curl'. +The DevOps MCP serer procide tools to help users deploy applications and manage CI/CD on Google Cloud Platform (GCP). \ No newline at end of file