# MCP Starter Map

Use this map to think through what an AI agent should be allowed to inspect, automate, or change.

## 1. Workflow Goal

- Workflow:
- Agent user:
- Desired outcome:
- Systems involved:
- Human approvals required:
- Data sensitivity:
- Success measure:

## 2. Connection Map

| System | Agent use | Access level | Risk | Approval needed |
| --- | --- | --- | --- | --- |
| Local codebase | Read files, inspect structure, edit scoped changes | Read/write | Medium | Before commits or destructive changes |
| GitHub | Create PRs, inspect issues, check CI | Read/write | Medium | Before merge or broad comments |
| Supabase | Inspect schema, migrations, content, logs | Read or limited write | High | Before schema/data changes |
| Postman | Review collections, run tests, inspect APIs | Read/run | Medium | Before publishing docs or changing shared collections |
| Browser | Verify local UI, test interactions, inspect pages | Read/interact | Medium | Before submitting external forms |
| Deployment platform | Check previews, logs, environment assumptions | Read | Medium | Before production deploy changes |

## 3. Useful MCP Patterns

### Codebase Context

- Search files and symbols.
- Read specific implementation paths.
- Compare branch diffs.
- Run build and tests.
- Create scoped patches.
- Open a PR with verification notes.

### Product And Content Context

- Read content records.
- Verify generated static output.
- Compare page copy to positioning.
- Check links, downloads, and metadata.
- Draft migration or seed updates.

### API Context

- Inspect collections and specs.
- Send test requests.
- Generate or update examples.
- Check auth behavior.
- Review agent-readiness.

### Browser Context

- Open local previews.
- Verify responsive layouts.
- Check visible copy and interactions.
- Capture screenshots.
- Confirm no overflow or broken states.

## 4. Guardrails

- [ ] Define what the agent can read.
- [ ] Define what the agent can write.
- [ ] Keep production secrets out of prompts and logs.
- [ ] Require approval for schema changes, production deploys, payments, and external messages.
- [ ] Prefer least-privilege credentials.
- [ ] Keep generated changes reviewable in git.
- [ ] Log verification steps.
- [ ] Keep human judgment on product and brand decisions.

## 5. Starter Workflow: Website PR

1. Inspect current branch and merged main.
2. Search for the relevant component, data, and styles.
3. Add the artifact or feature.
4. Run build.
5. Open local preview in browser.
6. Verify desktop and mobile.
7. Commit scoped changes.
8. Push branch.
9. Open PR with summary and verification.
10. Check deployment preview.

## 6. Starter Workflow: API Review

1. Load the collection or OpenAPI spec.
2. Identify auth and environment variables.
3. Run a basic request sequence.
4. Review request examples and response examples.
5. Check destructive endpoints.
6. Add missing tests or notes.
7. Write agent-readiness findings.
8. Publish only after human review.