Files
isphere-ai-bridge/docs/mcp-core-business-plan.md

146 lines
5.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# MCP Core Business Plan
Date: 2026-07-09
## Business correction
项目核心不是继续做 UIA selector/report而是通过 MCP 暴露 iSphere 的联系人、群组、消息、文件能力。
后续研发主线切换为 MCP 核心通信能力:搜索联系人、搜索群组、收发消息、收发文件。现有 UIA/selector/report 只作为底层辅助和证据,不再作为主线继续扩展。
## Core business capabilities
The product roadmap is limited to six business capabilities:
1. Search contacts.
2. Search groups.
3. Receive/read messages.
4. Send messages.
5. Receive/download files.
6. Send files.
Everything else is infrastructure or fallback support. Selector catalog/report validation may support UI automation if needed, but it is not the main product deliverable.
## Capability source priority
Use this priority order when searching for real implementations:
1. Existing bridge / API / local service.
2. Local database / log / cache read-only access.
3. UI automation.
4. Network/API analysis.
5. Reverse engineering, only for explanation and validation, not as the default route.
Implications:
- Prefer an existing bridge/API/local service before reading local storage or using UIA.
- Prefer read-only database/log/cache access before UI automation when it can answer the business question.
- UIA selector work is a fallback access mechanic, not the primary roadmap.
- Do not continue investing in selector report hardening unless a concrete business tool is blocked by selector quality.
- Reverse engineering is last resort and should explain formats or validate assumptions; it should not become the default delivery path.
## Stage A: Freeze MCP core tools contract
Goal: lock the business-facing MCP tool surface before adding more helper or selector work.
Deliverables:
- `docs/mcp-core-tools-contract.md` exists and defines:
- `isphere_search_contacts`
- `isphere_search_groups`
- `isphere_receive_messages`
- `isphere_send_message`
- `isphere_receive_files`
- `isphere_send_file`
- Write-capable tools require `approval_id` for real execution.
- Write-capable tools support `dry_run=true` and default to dry-run until approved.
- Read-only tools do not mutate the iSphere client state.
Acceptance:
- Contract names, input parameters, output JSON, error codes, audit fields, read-only/write status, approval behavior, and implementation priority are explicit.
- No new selector/report node is introduced as the next primary step.
## Stage B: Find real capability sources
Goal: identify the best source for each read-only capability.
Tasks:
1. Inventory existing bridge/API/local service artifacts and current Go/C# boundaries.
2. Re-check whether existing bridge endpoints or local services can provide contacts, groups, messages, or files.
3. Re-check local database/log/cache artifacts only in read-only mode.
4. Use UIA only if higher-priority sources cannot satisfy the read-only tool.
5. Document source decisions per tool before implementation.
Acceptance:
- Each read-only tool has a selected primary source and a fallback source.
- The decision is evidence-backed and does not rely on stale prior notes without current verification.
- No automatic login, hook, injection, memory read, or endpoint-security bypass is introduced.
## Stage C: Read-only loop
Goal: deliver useful MCP read capability before any real write capability.
Implementation order:
1. `isphere_search_contacts`
2. `isphere_search_groups`
3. `isphere_receive_messages`
4. `isphere_receive_files`
Acceptance:
- Each tool can return normalized JSON through MCP.
- Each tool records audit metadata.
- File receiving/download writes only to an approved local output directory and never mutates source client state.
- Tests and verification do not send messages, upload files, click destructive controls, or alter production data.
## Stage D: Approval-after-read-only write capability
Goal: add write behavior only after the read-only loop is proven.
Implementation order:
1. `isphere_send_message` with `dry_run=true` preview first.
2. Approval store and audit validation.
3. `isphere_send_message` real send only with valid `approval_id`.
4. `isphere_send_file` with `dry_run=true` preview first.
5. `isphere_send_file` real send only with valid `approval_id`.
Acceptance:
- No valid `approval_id`, no real send.
- Every real send records target, content/file hash, approver, time, connector, and result.
- Idempotency prevents accidental duplicate sends.
- Operator can review dry-run output before approval.
## Stage E: Pre-production safety, audit, and deployment acceptance
Goal: make the MCP service safe and operable before broader use.
Checks:
- Tool allowlist and source allowlist are explicit.
- Audit records are durable and redacted where needed.
- Approval records are traceable.
- Deployment docs include exact commands, rollback, logs, and known limits.
- Security boundaries are still enforced: no automatic login, no bypass, no injection, no hook, no target-process memory read.
Acceptance:
- Full test suite passes.
- Operator runbook covers normal operation and failure modes.
- A business user can understand which of the six capabilities are supported and which remain staged.
## Immediate next action
Current next step is:
```text
MCP core tools contract freeze + read-only message source discovery + N12-pre evidence package organization.
```
Do not start N16/N17 selector/report hardening as the mainline. If UIA is needed later, use the existing N13/N14/N15 results as auxiliary evidence only.