aminghadersohi opened a new pull request, #36017:
URL: https://github.com/apache/superset/pull/36017
### SUMMARY
This PR adds comprehensive documentation for the MCP service in response to
review feedback on PR #35163. The documentation addresses all questions raised
about the Flask singleton pattern, multitenant architecture, security model,
and production deployment path.
**Addresses review feedback from PR #35163:**
- Flask singleton pattern explanation and justification
- Multitenant architecture with tenant isolation strategies
- Authentication and authorization model (dev and production)
- Security considerations and best practices
- Production deployment guide with multiple deployment options
- Migration path from development to production
**Documentation Added:**
1. **ARCHITECTURE.md** (669 lines)
- Flask singleton pattern explanation and justification
- Why module-level singleton is appropriate for MCP service
- Thread safety implementation details
- Multitenant architecture (shared process with tenant isolation)
- Tenant isolation mechanisms (database, application, JWT)
- Process models (single, multi-process, containerized)
- Database connection management
- Deployment considerations
2. **SECURITY.md** (744 lines)
- Authentication (dev: MCP_DEV_USERNAME, prod: JWT)
- JWT provider examples (Auth0, Okta, AWS Cognito, Keycloak)
- Authorization (RBAC, RLS, tool permissions)
- Session and CSRF handling
- Audit logging strategies
- Compliance considerations (GDPR, SOC2, HIPAA)
- Security checklist
- Incident response procedures
3. **PRODUCTION.md** (1,257 lines)
- Current status (what's ready vs dev-only)
- Required for production checklist
- Deployment guides (systemd, supervisord, Docker, Kubernetes)
- Reverse proxy configuration (Nginx, Apache)
- Monitoring and alerting (Prometheus, Grafana, CloudWatch)
- Migration path from dev to prod
- Troubleshooting common issues
- Performance tuning recommendations
4. **UPDATING.md**
- Added comprehensive MCP service documentation in main project changelog
- Configuration options (dev vs prod)
- Running instructions
- Security requirements
- Links to all new documentation files
### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
N/A - Documentation only
### TESTING INSTRUCTIONS
Review the documentation files:
- `superset/mcp_service/ARCHITECTURE.md`
- `superset/mcp_service/SECURITY.md`
- `superset/mcp_service/PRODUCTION.md`
- `UPDATING.md` (MCP service section in "Next" release)
All documentation:
- Uses concrete code examples from the actual implementation
- References existing Superset patterns (RBAC, RLS, DAOs)
- Provides deployment-ready configurations
- Includes troubleshooting guidance
- Links to related files and documentation
### ADDITIONAL INFORMATION
- [ ] Has associated issue: Related to PR #35163 review feedback
- [ ] Required feature flags: None
- [ ] Changes UI: No
- [ ] Includes DB Migration: No
- [ ] Introduces new feature or API: No - Documentation only
- [ ] Removes existing feature or API: No
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
