LLM-04: Spike — MCP server for external agent integration

[Chris0Jeky]

Context

Manual testing (2026-03-31) discussion identified MCP (Model Context Protocol) as a strategic path for making Taskdeck accessible to external AI agents and tools. Analysis: docs/analysis/2026-03-31_manual_testing_ux_feedback.md §7.

Problem

Taskdeck's board/card/column resources are only accessible via REST API with JWT auth. No standardized agent protocol exists for:

• Third-party AI agents to query board state
• External tools (OpenClaw, etc.) to interact with Taskdeck
• Multi-agent workflows that span Taskdeck and other systems

Spike Scope

Design an MCP server that exposes Taskdeck resources:

Resources

• boards:// — list and read boards
• boards://{id}/columns — column structure
• boards://{id}/cards — card data
• captures:// — inbox items
• proposals:// — pending proposals

Tools (via MCP tool protocol)

• Board queries (read-only)
• Card operations (proposal-producing, review-first)
• Capture creation

Key Design Questions

1. Auth: How do MCP clients authenticate? API key? OAuth?
2. Scope: Per-board or per-workspace permissions?
3. Safety: Write operations must still produce proposals
4. Hosting: Embedded in API process or standalone?
5. OpenClaw compatibility: What's the overlap?

Deliverables

• MCP server scope document
• Resource/tool inventory with auth model
• Prototype: one resource (boards://) accessible via MCP
• Integration test with a reference MCP client
• Timeline estimate for production readiness

Sequencing

This follows LLM-03 (native tool-calling) and is targeted at v0.4.0+ per the platform expansion strategy (#531).

[Chris0Jeky]

Spike completed. Architecture document at docs/spikes/SPIKE_619_COMPLETED.md (1,374 lines, 16 sections + 2 appendices).

Key decisions: official MCP C# SDK (v1.2.0), embedded in API process with --mcp flag, stdio first then HTTP, 9 resources under taskdeck://, 9 tools with proposal-first write semantics, API key auth for remote.

Implementation tracker: #648
Phase issues: #652 (minimal prototype), #653 (full inventory), #654 (HTTP + auth), #655 (production hardening, deferred)