Scope
Document the three sandbox modes (read-only, filtered, unrestricted) with decision matrix:
- AST-based script validation
- Command allowlists/blocklists
- Obfuscation detection
- CLM auto-detection
- Confirmation-required commands
- Security recommendations per environment
Important: Clarify that sandbox/security modes only apply to remoting, not other SPE integration points (ISE, Console, etc.), and explain why these protections are needed for remoting specifically.
Cross-reference existing security/ pages and SitecorePowerShell/Console#1419 (CLM).
References
Files
- New
mcp-server/security.md
SUMMARY.md — Add under MCP Server
Scope
Document the three sandbox modes (
read-only,filtered,unrestricted) with decision matrix:Important: Clarify that sandbox/security modes only apply to remoting, not other SPE integration points (ISE, Console, etc.), and explain why these protections are needed for remoting specifically.
Cross-reference existing
security/pages and SitecorePowerShell/Console#1419 (CLM).References
Files
mcp-server/security.mdSUMMARY.md— Add under MCP Server