5.13 Broker and MQTT (special review)
Parent: Story 5 (#7232)
Tool file: new forge/ee/lib/mcp/tools/broker.js
Status: SPECIAL REVIEW
Summary
The team broker (built-in MQTT broker clients) and 3rd-party brokers (external broker credentials + topics). This category is credential-sensitive. The endpoints that mint MQTT broker credentials (broker client create/link, setting a client password, 3rd-party broker registration, raw credential fetch) are not implemented per the #7513 decision: that issue prevents any PAT-authenticated request from obtaining MQTT broker credentials, and MCP agents are always PAT-authenticated. They are mapped in the admin appendix (issue 5.A) so the decision is reversible. The remaining broker writes (topic CRUD, lifecycle, delete client) do not mint credentials, so #7513 does not apply to them; they are phase-2 candidates in 5.13-b/c, contingent on a product decision to allow broker mutation over MCP.
5.13 Broker and MQTT (special review)
Parent: Story 5 (#7232)
Tool file: new
forge/ee/lib/mcp/tools/broker.jsStatus: SPECIAL REVIEW
Summary
The team broker (built-in MQTT broker clients) and 3rd-party brokers (external broker credentials + topics). This category is credential-sensitive. The endpoints that mint MQTT broker credentials (broker client create/link, setting a client password, 3rd-party broker registration, raw credential fetch) are not implemented per the #7513 decision: that issue prevents any PAT-authenticated request from obtaining MQTT broker credentials, and MCP agents are always PAT-authenticated. They are mapped in the admin appendix (issue 5.A) so the decision is reversible. The remaining broker writes (topic CRUD, lifecycle, delete client) do not mint credentials, so #7513 does not apply to them; they are phase-2 candidates in 5.13-b/c, contingent on a product decision to allow broker mutation over MCP.