You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Strategic-direction issue capturing the 14 on-mission gaps surfaced in the 2026-05-20 session. Update 2026-05-20: Tier A code + all Tier B RFCs landed; Tier C remains.
BoJ's character: unified consolidation, formal verification, multi-agent coordination, trust tiers, security posture. Each item below was scored as "on-mission" rather than "could conceivably ship."
Tier A — implementable (real code)
1. MCP resources + prompts — bridge already declares resources + prompts capabilities in initialize; serve actual URIs (boj://cartridges/<name>/manifest, boj://capabilities/matrix, boj://proofs/<obligation>) and prompt templates ("audit my repo", "convene multi-agent cluster", "deploy with DNS+SSL"). ~300 LOC. Highest coherence-payoff. — DONE in PR feat(mcp-bridge): implement resources + prompts surface (epic #87 item 1) #89.
13. OTel structured traces — wire OTLP-compatible exporter into the bridge so every tool call emits a span. Pairs with observe-mcp / grafana-mcp in the cartridge set. ~150 LOC. — DONE in PR feat(mcp-bridge): OTLP/HTTP+JSON span emission (epic #87 item 13) #91 (zero-dep hand-rolled exporter; OFF by default, enabled via OTEL_EXPORTER_OTLP_ENDPOINT).
8. Search-engine cartridge — search-mcp covering Tavily / Brave / Exa / Perplexity behind one cartridge. Fundamental LLM-agent capability gap.
7. Vector database + RAG cartridges — pinecone-mcp, weaviate-mcp, qdrant-mcp, chromadb-mcp. Composes with local-memory-mcp + codeseeker-mcp for the full memory/RAG story.
14. Streamable HTTP transport — add MCP's HTTP+SSE transport alongside stdio so BoJ deploys as a Cloudflare Worker and browser-based clients can talk to a remote instance. Replaces stdio for remote clients without breaking stdio for local clients (transports coexist). ~60% of bridge tools (HTTP-based cartridges — GitHub, GitLab, Cloudflare, ML, research) work fully in Worker context; local-only cartridges (browser-mcp, container-mcp, local-coord-mcp) still require host-process deployment. Aligns with MCP roadmap direction; Cloudflare published a Workers+Durable Objects pattern. ~1-2 weeks focused work. NEW 2026-05-20 — added after JSR runtime-compatibility question surfaced the gap.
Tier B — RFCs (design-first)
4. Trust-tier policy DSL — extend Nickel beyond coord messages to per-cartridge-per-operation tier gating. PEP at the bridge; PDP as a separate policy-mcp cartridge. Turns Teranga/Shield/Ayo from concept into runtime enforcement. Aligns with ADR-0002 "BoJ-only MCP" (one gateway → one PEP). — DONE: ADR-0007 in PR rfc: ADR-0007 trust-tier policy DSL + ADR-0008 cartridge marketplace (epic #87 items 4 + 10) #92.
3. Cross-machine coord federation — DID-based peer identity, ML-KEM key exchange, federated quarantine. Loopback local-coord-mcp → encrypted mesh. Aligns with EXHIBIT-B quantum-safe provenance + ML-DSA-87 signing in stapeln.toml. The 0.1.0 Umoja gossip work is the starting point. — DONE: ADR-0010 in PR rfc: ADR-0009 sandbox cartridge + ADR-0010 cross-machine federation (epic #87 items 2 + 3) #93.
Tier C — multi-week campaigns
11. Discharge last 4 believe_me axioms — proof-debt audit reduced 31 → 4 in v0.4.0. Closing the last 4 lets BoJ claim "zero unproven axioms in the ABI" — rare in the wild.
12. Cross-cartridge composition proof — currently each cartridge is verified in isolation; cross-cartridge boj_cartridge_invoke is not proven-safe end-to-end. Research-grade work; JOSS-paper-shaped.
Scoring rationale
All 14 selected because they're on the BoJ character axis:
Items 1, 13 → first-class MCP citizen
Items 4, 10, 2, 3 → trust-tier + multi-agent coherence (the real ambition)
Items 5, 6 → bidirectional agent loop (not just request/response)
Background
Strategic-direction issue capturing the 14 on-mission gaps surfaced in the 2026-05-20 session. Update 2026-05-20: Tier A code + all Tier B RFCs landed; Tier C remains.
BoJ's character: unified consolidation, formal verification, multi-agent coordination, trust tiers, security posture. Each item below was scored as "on-mission" rather than "could conceivably ship."
Tier A — implementable (real code)
resources+promptscapabilities ininitialize; serve actual URIs (boj://cartridges/<name>/manifest,boj://capabilities/matrix,boj://proofs/<obligation>) and prompt templates ("audit my repo", "convene multi-agent cluster", "deploy with DNS+SSL"). ~300 LOC. Highest coherence-payoff. — DONE in PR feat(mcp-bridge): implement resources + prompts surface (epic #87 item 1) #89.observe-mcp/grafana-mcpin the cartridge set. ~150 LOC. — DONE in PR feat(mcp-bridge): OTLP/HTTP+JSON span emission (epic #87 item 13) #91 (zero-dep hand-rolled exporter; OFF by default, enabled viaOTEL_EXPORTER_OTLP_ENDPOINT).search-mcpcovering Tavily / Brave / Exa / Perplexity behind one cartridge. Fundamental LLM-agent capability gap.pinecone-mcp,weaviate-mcp,qdrant-mcp,chromadb-mcp. Composes withlocal-memory-mcp+codeseeker-mcpfor the full memory/RAG story.whisper-mcp(STT),elevenlabs-mcp(TTS),replicate-mcp(image/video),ffmpeg-mcp(transcoding). Glaring omission given multi-modal agent work.Tier B — RFCs (design-first)
policy-mcpcartridge. Turns Teranga/Shield/Ayo from concept into runtime enforcement. Aligns with ADR-0002 "BoJ-only MCP" (one gateway → one PEP). — DONE: ADR-0007 in PR rfc: ADR-0007 trust-tier policy DSL + ADR-0008 cartridge marketplace (epic #87 items 4 + 10) #92.notifications/*. Closes the agent feedback loop; agents become operators, not just queriers. — DONE: ADR-0011 in PR rfc: ADR-0011 webhooks inbound + ADR-0012 server-initiated sampling (epic #87 items 5 + 6) #95.sampling/createMessagefor cartridge composition routing and ambiguous-input clarification. Underused capability across the MCP ecosystem. — DONE: ADR-0012 in PR rfc: ADR-0011 webhooks inbound + ADR-0012 server-initiated sampling (epic #87 items 5 + 6) #95.sandbox-mcpwrapping e2b / Modal / CodeSandbox / Replit. Slots into the apprentice/journeyman/master tier model. Pairs withpanic-attack-mcp(static pre-flight) → sandbox (dynamic execution) →vordr-mcp(post-execution integrity). — DONE: ADR-0009 in PR rfc: ADR-0009 sandbox cartridge + ADR-0010 cross-machine federation (epic #87 items 2 + 3) #93.local-coord-mcp→ encrypted mesh. Aligns with EXHIBIT-B quantum-safe provenance + ML-DSA-87 signing instapeln.toml. The 0.1.0 Umoja gossip work is the starting point. — DONE: ADR-0010 in PR rfc: ADR-0009 sandbox cartridge + ADR-0010 cross-machine federation (epic #87 items 2 + 3) #93.Tier C — multi-week campaigns
believe_meaxioms — proof-debt audit reduced 31 → 4 in v0.4.0. Closing the last 4 lets BoJ claim "zero unproven axioms in the ABI" — rare in the wild.boj_cartridge_invokeis not proven-safe end-to-end. Research-grade work; JOSS-paper-shaped.Scoring rationale
All 14 selected because they're on the BoJ character axis:
What's NOT on this list (deliberate)
git-mcpgeneric covers themqueues-mcpalready genericSequencing rule
Status 2026-05-20: Tier A items 1 + 13 in code; all 6 Tier B RFCs landed. Recommended next order: