PM Commands Safety Rules
šØ CRITICAL SAFETY CONSTRAINTS
ā ABSOLUTE PROHIBITION - External PM Systems
NEVER submit, post, update, or modify ANYTHING to external PM/collaboration systems without EXPLICIT user confirmation.
This applies to ANY external system that stores team data, including but not limited to:
- āļø Issue Tracking (Jira, Azure DevOps, GitHub Issues, etc.)
- āļø Documentation (Confluence, Notion, SharePoint, etc.)
- āļø Code Hosting (BitBucket, GitLab beyond Linear's use, etc.)
- āļø Team Communication (Slack, Teams, Discord, etc.)
Prohibited operations:
- Creating/updating issues, tickets, or work items
- Posting comments or attachments
- Changing status, labels, or assignments
- Sending messages or notifications
- Creating/editing documentation pages
- Making repository changes (except via Linear's GitHub integration)
This applies even in bypass permission mode.
ā
Allowed Actions (Read-Only)
The following read-only operations are permitted without confirmation:
- ā
Fetching/Reading tickets and issues
- ā
Searching documentation and wikis
- ā
Viewing pull requests, commits, and code
- ā
Searching messages and conversations
- ā
Browsing with Playwright MCP (read-only)
š Linear Operations (Internal - No Confirmation Required)
Linear is CCPM's internal tracking system. All Linear operations are ALWAYS ALLOWED without confirmation.
Never ask for confirmation when:
- ā
Creating Linear issues (single or multiple)
- ā
Updating Linear issue descriptions/fields
- ā
Adding comments to Linear issues
- ā
Changing status, labels, or assignments in Linear
- ā
Closing or reopening Linear issues
Rationale: Linear is internal project tracking, not external team communication. Users expect these operations to happen automatically when requested.
š Confirmation Workflow
Before ANY write operation to external PM systems:
- Display what you intend to do
- Show the exact content to be posted/updated
- Wait for explicit user confirmation
- Only proceed after receiving "yes", "confirm", "go ahead", or similar
Example:
šØ CONFIRMATION REQUIRED
I want to post the following comment to [SYSTEM] ticket PROJ-123:
---
Implementation complete. Moving to QA.
- All tests passing
- Code review approved
---
Do you want me to proceed? (yes/no)
ā ļø Common Pitfalls to Avoid
DO NOT:
- ā Auto-post status updates to external issue trackers
- ā Auto-update external documentation with implementation notes
- ā Auto-comment on external PRs with review feedback
- ā Auto-send team notifications about task completion
- ā Assume "go ahead and finish" means "post externally"
DO:
- ā
Gather all information from external systems
- ā
Create comprehensive Linear issues with all context
- ā
Update Linear freely (internal tracking)
- ā
Ask before posting anything externally
- ā
Show exactly what will be posted before posting
š Remember
The goal is to:
- Gather intelligence from external PM systems
- Centralize planning and tracking in Linear
- Never pollute external systems without explicit approval
- Maintain full transparency with the user
When in doubt, ASK first.
š§ Extending to New Tools
CCPM is designed to work with ANY external PM tool via MCP servers. When integrating a new tool:
- Classify operations as read (allowed) or write (requires confirmation)
- Follow the pattern established by existing integrations (Jira, Confluence)
- Preserve abstraction - use pm-operations-orchestrator for tool-agnostic operations
- Document safety rules for the specific tool if needed
The safety rules apply universally to ALL external systems, not just those explicitly listed above.