ManufacturingStudied

MES / historian, read-only across OT/IT

Everything is read-only — the agent can observe the plant, never actuate it.

Open the live lab · pre-loaded to this scenario

MCP Server Playground

Context

A plant-ops copilot sits on the IT side of the OT/IT boundary. The MES/historian server exposes only read tools — machine status, OEE, tag history. There is no write tool at all, so nothing the agent does can actuate equipment.

The decision

Read-only resource design is the OT safety guarantee: the absence of any write tool, not a permission setting, is what makes the copilot safe on the plant floor.

What most miss

People add a 'set_setpoint' tool behind an approval and think they're safe. On OT the guarantee people trust is the one that's structurally impossible — no write tool exists.

Stakes

A single actuation path from an IT-side agent onto OT equipment is a safety-of-life risk, not an incident ticket.

Takeaway · On the OT boundary, safety is a manifest with no write tools — structural, not configured.

Studied · Agent & Protocol · verified 2026-07-03

Sources: OT/IT segmentation (Purdue model) and read-only integration patterns; MES / historian (OPC-UA) data exposure practice

← All industries·See it in a full program storyline →