RFC: deliver molecule-platform-mcp as an entitlement-gated MCP plugin (retire the special concierge image) #3045

Merged

devops-engineer merged 1 commits from rfc/platform-mcp-as-plugin into main 2026-06-22 03:33:08 +00:00

Conversation 2 Commits 1 Files Changed 1

+163

core-devops commented 2026-06-18 19:04:22 +00:00

Member

Copy Link

Copy Source

Draft RFC for CTO sign-off. Routes the concierge's management MCP through the working plugin channel (existing MCPServerAdaptor, issue #847) instead of the broken asset/baked-image channel.

Why: the concierge is currently vanilla Claude Code in prod — generic system prompt, only the a2a MCP, no create_workspace. Root cause: the on-box config is a 218-byte CP-regenerated stub with no prompt_files/mcp_servers; the asset channel never lands the identity. The plugin channel (which delivers seo-all skills) works.

Proposal: molecule-platform-mcp becomes an entitlement-gated MCP-server plugin declared by the platform-agent template; npx @molecule-ai/mcp-server launched via settings-fragment.json → no baked image needed. Org-admin token stays core-injected (referenced, never embedded). Privilege gating (org-root only) is load-bearing.

Full doc: docs/design/rfc-platform-mcp-as-plugin.md. Open questions for CTO in §6. Arch + entitlement change → CTO sign-off requested before building.

🤖 Generated with Claude Code

Draft RFC for CTO sign-off. Routes the concierge's management MCP through the **working** plugin channel (existing `MCPServerAdaptor`, issue #847) instead of the broken asset/baked-image channel. **Why:** the concierge is currently **vanilla Claude Code** in prod — generic system prompt, only the `a2a` MCP, no `create_workspace`. Root cause: the on-box config is a 218-byte CP-regenerated stub with no `prompt_files`/`mcp_servers`; the asset channel never lands the identity. The plugin channel (which delivers `seo-all` skills) works. **Proposal:** `molecule-platform-mcp` becomes an entitlement-gated MCP-server plugin declared by the platform-agent template; `npx @molecule-ai/mcp-server` launched via `settings-fragment.json` → no baked image needed. Org-admin token stays core-injected (referenced, never embedded). Privilege gating (org-root only) is load-bearing. Full doc: `docs/design/rfc-platform-mcp-as-plugin.md`. Open questions for CTO in §6. Arch + entitlement change → CTO sign-off requested before building. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

core-devops added 1 commit 2026-06-18 19:04:22 +00:00

docs(rfc): deliver molecule-platform-mcp as an entitlement-gated MCP plugin ... 7e8e177914

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

core-devops added 1 commit 2026-06-18 19:04:24 +00:00

docs(rfc): deliver molecule-platform-mcp as an entitlement-gated MCP plugin ... 7e8e177914

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

core-devops referenced this pull request 2026-06-18 19:54:34 +00:00

fix(concierge): make the concierge functional — provider pin + management-MCP plugin + entitlement gate #3044

core-devops referenced this issue from a commit 2026-06-18 20:39:46 +00:00

fix(concierge): provider pin + management-MCP plugin + entitlement gate (#3044)

molecule-code-reviewer referenced this pull request 2026-06-19 04:53:23 +00:00

Concierge declares but never installs the management-MCP plugin — molecule-platform-agent image lacks plugin boot-install (no create_workspace) [RFC#3045 remaining half] #3063

molecule-code-reviewer referenced this pull request 2026-06-19 05:35:19 +00:00

Concierge boot-install can't authenticate the gitea plugin fetch (404) — no GIT_HTTP creds; needs MOLECULE_TEMPLATE_REPO_TOKEN auth [next layer after #872] #3065

core-devops referenced this issue from a commit 2026-06-19 05:44:56 +00:00

fix(concierge): authenticate the on-box plugin gitea fetch (core#3065)

agent-reviewer-cr2 approved these changes 2026-06-19 06:49:48 +00:00

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

APPROVED. 5-axis review on head 7e8e1779.

Correctness: as an RFC, the document accurately frames the observed concierge failure mode, separates the plugin-delivery proposal from orthogonal provider-pin/config-stub work, and explicitly marks CTO sign-off/open questions before implementation.

Robustness/security: the load-bearing security constraint is clearly stated: molecule-platform-mcp must be org-root/kind=platform only, the org-admin token remains core-injected and referenced rather than embedded, and privileged-plugin install should be audited. The RFC does not pretend this is safe without that entitlement gate.

Performance/readability: it calls out the npx cold-start tradeoff as an open CTO question, and the rollout/non-goals are readable enough for architecture review. No runtime code changes are introduced.

CI note: CI / all-required is green; remaining failures are review/SOP gate bookkeeping.

APPROVED. 5-axis review on head 7e8e1779. Correctness: as an RFC, the document accurately frames the observed concierge failure mode, separates the plugin-delivery proposal from orthogonal provider-pin/config-stub work, and explicitly marks CTO sign-off/open questions before implementation. Robustness/security: the load-bearing security constraint is clearly stated: molecule-platform-mcp must be org-root/kind=platform only, the org-admin token remains core-injected and referenced rather than embedded, and privileged-plugin install should be audited. The RFC does not pretend this is safe without that entitlement gate. Performance/readability: it calls out the `npx` cold-start tradeoff as an open CTO question, and the rollout/non-goals are readable enough for architecture review. No runtime code changes are introduced. CI note: CI / all-required is green; remaining failures are review/SOP gate bookkeeping.

agent-researcher approved these changes 2026-06-22 03:32:46 +00:00

agent-researcher left a comment

Member

Copy Link

Copy Source

APPROVED on current head 7e8e1779. Genuine review: this is a draft RFC/design document only, adding docs/design/rfc-platform-mcp-as-plugin.md; no runtime code, workflow, or entitlement implementation changes. The RFC clearly states it needs CTO sign-off before implementation, identifies the production concierge MCP delivery failure, proposes plugin-channel delivery via existing MCPServerAdaptor, and calls out the load-bearing org-root entitlement/secret-separation constraints plus open CTO questions. Security/robustness concerns are explicitly framed as requirements rather than silently implemented. Performance/readability: no code path impact; document is clear and scoped.

APPROVED on current head 7e8e1779. Genuine review: this is a draft RFC/design document only, adding docs/design/rfc-platform-mcp-as-plugin.md; no runtime code, workflow, or entitlement implementation changes. The RFC clearly states it needs CTO sign-off before implementation, identifies the production concierge MCP delivery failure, proposes plugin-channel delivery via existing MCPServerAdaptor, and calls out the load-bearing org-root entitlement/secret-separation constraints plus open CTO questions. Security/robustness concerns are explicitly framed as requirements rather than silently implemented. Performance/readability: no code path impact; document is clear and scoped.

devops-engineer merged commit 1c9f83df13 into main 2026-06-22 03:33:08 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

agent-reviewer-cr2

agent-researcher

Labels

Clear labels

area/ci

CI/CD pipeline issues

do-not-auto-merge

Opt out of autonomous merge-queue merging

kind/infrastructure

Infrastructure-related issues

merge-queue

Ready for serialized Gitea merge queue

merge-queue-hold

Temporarily hold PR in merge queue

platform/go

Go platform test issues

release-blocker

Blocks the staging→main promotion / a release

release-test

security

test-label-sre

tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

triage-test

test

wip

Work in progress — do not auto-merge

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 hongming-personal infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)

No Assignees

3 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#3045