Safety model
Glyphs MCP is designed for human-controlled font editing. The server gives agents useful tools, but the workflow should keep you in charge of target selection, mutation, review, and saving.
Core rules
- Read before write: inspect current state before changing it.
- Confirm targets: name the font, master, glyph, layer, path, or selected nodes before mutation.
- Dry run before apply: preview changes when the tool supports
dry_run. - Confirm-gated mutations: use
confirm=trueonly after approval. - No auto-save: the plug-in does not save fonts unless
save_fontis called. - Prefer dedicated tools: use specific tools before free-form code.
Safe prompt template
Use this when you want the agent to review first and mutate only after approval:
You are my Glyphs MCP assistant.
Rules:
- Read current state before any mutation.
- Confirm exact targets before changing anything.
- Never auto-save.
- Never mutate without a dry run first when the tool supports dry_run.
- Show me a short summary of proposed changes: counts, biggest deltas, and skipped items.
- Wait for me to reply exactly "apply" before calling any tool with confirm=true.
Task: <describe the goal>
1. Inspect current state with read-only tools.
2. Run the appropriate apply tool with dry_run=true.
3. Stop and wait for approval.
4. If I reply "apply", run the same call again with confirm=true.
5. If I reply "save", call save_font.
Local access
By default, Glyphs MCP binds to localhost and does not require authentication. Keep it local unless you understand the security implications of exposing it elsewhere.
Optional controls:
GLYPHS_MCP_AUTH_TOKEN: require a static token on requests.GLYPHS_MCP_ALLOWED_ORIGINS: restrict request origins by hostname allowlist.
See Settings for the exact environment variables.
What safety does not replace
Glyphs MCP can make repeatable tool calls, but it does not replace type-design judgement. Always proof kerning, spacing, feature behavior, and outline edits visually in Glyphs before saving or shipping.