What This Does
This article explains how LoopIQ governs MCP-powered write actions, especially actions proposed by Helix. MCP can be used for read-only context retrieval or for actions that create or update LoopIQ records. Write actions need stronger controls because they can affect release governance, remediation planning, work item creation, compliance evidence, and audit history.How Governed MCP Actions Work
LoopIQ follows a plan, preview, approve, execute, and audit pattern.- Helix or the MCP client identifies a possible action.
- LoopIQ builds a structured payload.
- The user reviews the proposed tool, reason, payload, tenant, and target records.
- The user approves or rejects the action.
- Approved actions are executed with tenant and caller auth propagation.
- LoopIQ returns created or updated record IDs.
- Audit details are attached to the result.
What to Review Before Approval
Before approving an MCP action, check:- tenant or organization
- team
- release
- certification
- application, module, repository, or service context
- tool name
- reason for the action
- payload fields
- parent and child work item titles
- evidence, control, or finding references
- approval ID
- request ID, trace ID, workflow, and idempotency key
Remediation Work Packages
For release blockers, Helix may proposeloopiq_create_remediation_work_package.
This tool is designed to create a parent story and child tasks in one approved transaction.
The expected result includes:
- the parent story ID
- child task IDs
- release or certification references
- blocker or evidence references
- approval ID
- idempotency key
- audit details
Approval States
An MCP action can be:Pending approvalwhen Helix has prepared the payload but has not executed itApprovedwhen the user has accepted the payloadRejectedwhen the user declined the actionExecutedwhen the backend completed the approved actionFailedwhen the backend could not execute the action
Audit Trail
For governed actions, LoopIQ should preserve:- user identity
- tenant
- request ID
- trace ID
- workflow
- tool call chain
- tool name
- approval ID
- idempotency key
- submitted payload
- execution result
- created or updated record IDs
- timestamp
Idempotency
Idempotency helps prevent duplicate records when a request is retried. If a network error occurs after approval, do not immediately approve the same action again. First check the action result or audit trail. The same idempotency key should return or reference the original execution where supported.Good Approval Examples
Approve when:- the action is grounded in real release evidence
- the release and certification are correct
- the work items have clear titles
- child tasks are tied to the correct parent story
- provider findings or control failures are referenced
- the owner or team is correct
- Helix uses the wrong tenant, team, release, or certification
- the payload references unrelated backlog items
- titles are generic or missing
- parent IDs are missing for child tasks outside a work-package transaction
- evidence is stale or missing
- the action would create duplicate work

