Description
Currently, the mcp-luno server exposes all tools including those that perform write operations (e.g., create_order, cancel_order) as soon as API credentials are provided. We should add an additional security layer by requiring an explicit opt-in environment variable to enable write operations.
Requirements
- Add an environment variable
ALLOW_WRITE_OPERATIONS that controls whether write operations are exposed
- Default behavior should be read-only (no write operations available)
- Write operations include:
- create_order
- cancel_order
Implementation Details
- Add configuration option in config.Config to track this setting
- Modify tool registration to check this flag before exposing write operation tools
- Update server initialization to parse this environment variable
- Update documentation in README.md to explain this feature