5.5 KiB
MCP Core Business Plan
Date: 2026-07-09
Business correction
项目核心不是继续做 UIA selector/report,而是通过 MCP 暴露 iSphere 的联系人、群组、消息、文件能力。
后续研发主线切换为 MCP 核心通信能力:搜索联系人、搜索群组、收发消息、收发文件。现有 UIA/selector/report 只作为底层辅助和证据,不再作为主线继续扩展。
Core business capabilities
The product roadmap is limited to six business capabilities:
- Search contacts.
- Search groups.
- Receive/read messages.
- Send messages.
- Receive/download files.
- Send files.
Everything else is infrastructure or fallback support. Selector catalog/report validation may support UI automation if needed, but it is not the main product deliverable.
Capability source priority
Use this priority order when searching for real implementations:
- Existing bridge / API / local service.
- Local database / log / cache read-only access.
- UI automation.
- Network/API analysis.
- Reverse engineering, only for explanation and validation, not as the default route.
Implications:
- Prefer an existing bridge/API/local service before reading local storage or using UIA.
- Prefer read-only database/log/cache access before UI automation when it can answer the business question.
- UIA selector work is a fallback access mechanic, not the primary roadmap.
- Do not continue investing in selector report hardening unless a concrete business tool is blocked by selector quality.
- Reverse engineering is last resort and should explain formats or validate assumptions; it should not become the default delivery path.
Stage A: Freeze MCP core tools contract
Goal: lock the business-facing MCP tool surface before adding more helper or selector work.
Deliverables:
docs/mcp-core-tools-contract.mdexists and defines:isphere_search_contactsisphere_search_groupsisphere_receive_messagesisphere_send_messageisphere_receive_filesisphere_send_file
- Write-capable tools require
approval_idfor real execution. - Write-capable tools support
dry_run=trueand default to dry-run until approved. - Read-only tools do not mutate the iSphere client state.
Acceptance:
- Contract names, input parameters, output JSON, error codes, audit fields, read-only/write status, approval behavior, and implementation priority are explicit.
- No new selector/report node is introduced as the next primary step.
Stage B: Find real capability sources
Goal: identify the best source for each read-only capability.
Tasks:
- Inventory existing bridge/API/local service artifacts and current Go/C# boundaries.
- Re-check whether existing bridge endpoints or local services can provide contacts, groups, messages, or files.
- Re-check local database/log/cache artifacts only in read-only mode.
- Use UIA only if higher-priority sources cannot satisfy the read-only tool.
- Document source decisions per tool before implementation.
Acceptance:
- Each read-only tool has a selected primary source and a fallback source.
- The decision is evidence-backed and does not rely on stale prior notes without current verification.
- No automatic login, hook, injection, memory read, or endpoint-security bypass is introduced.
Stage C: Read-only loop
Goal: deliver useful MCP read capability before any real write capability.
Implementation order:
isphere_search_contactsisphere_search_groupsisphere_receive_messagesisphere_receive_files
Acceptance:
- Each tool can return normalized JSON through MCP.
- Each tool records audit metadata.
- File receiving/download writes only to an approved local output directory and never mutates source client state.
- Tests and verification do not send messages, upload files, click destructive controls, or alter production data.
Stage D: Approval-after-read-only write capability
Goal: add write behavior only after the read-only loop is proven.
Implementation order:
isphere_send_messagewithdry_run=truepreview first.- Approval store and audit validation.
isphere_send_messagereal send only with validapproval_id.isphere_send_filewithdry_run=truepreview first.isphere_send_filereal send only with validapproval_id.
Acceptance:
- No valid
approval_id, no real send. - Every real send records target, content/file hash, approver, time, connector, and result.
- Idempotency prevents accidental duplicate sends.
- Operator can review dry-run output before approval.
Stage E: Pre-production safety, audit, and deployment acceptance
Goal: make the MCP service safe and operable before broader use.
Checks:
- Tool allowlist and source allowlist are explicit.
- Audit records are durable and redacted where needed.
- Approval records are traceable.
- Deployment docs include exact commands, rollback, logs, and known limits.
- Security boundaries are still enforced: no automatic login, no bypass, no injection, no hook, no target-process memory read.
Acceptance:
- Full test suite passes.
- Operator runbook covers normal operation and failure modes.
- A business user can understand which of the six capabilities are supported and which remain staged.
Immediate next action
Current next step is:
MCP core tools contract freeze + read-only message source discovery + N12-pre evidence package organization.
Do not start N16/N17 selector/report hardening as the mainline. If UIA is needed later, use the existing N13/N14/N15 results as auxiliary evidence only.