feat(agent): explore MCP tool bridge [BACKLOG]

[however-yir]

Problem

Agent workflows become more useful when external tools can be connected through a standard integration model instead of project-specific adapters only.

Status: BACKLOG

Not implementing in current cycle. Requires:

• MCP protocol specification review
• Security model for tool invocation (sandboxing, rate limiting, audit)
• Proof-of-concept with at least one MCP tool server

Deferred until

• Agent workflow system (currently in com.enterprise.iqk.agent.workflow) is stabilized
• Tool safety and secret handling policies are documented
• At least one concrete MCP tool integration use case is identified

Original scope

• Evaluate an MCP bridge for controlled tool access.
• Define how MCP tools interact with tenant permissions, audit logs, and rate limits.
• Document risks around tool safety and secret handling.

Acceptance criteria

• Design notes are added under docs/.
• Security and audit implications are documented.
• A minimal proof-of-concept plan is captured for a later implementation issue.

[however-yir]

Update: Design notes published

Acceptance criteria status:

• Design notes added under docs/ → docs/architecture-mcp-bridge.md
• Security and audit implications documented → tenant visibility policies, mcp_audit_log table, three-tier rate limiting, AES-256-GCM secret storage
• Minimal POC plan captured → three-phase plan: (1) stdio bridge with sample tool server, 1-2 weeks; (2) security + SSE, 2-3 weeks; (3) production hardening, 3-4 weeks

Exploration phase complete. Implementation deferred to follow-up issue.

[denitzade]

@however-yir

这马甲穿得也太薄了，一眼就看穿了。

最近在做技术选型，搜索相关工具时发现了这个 repo。看到 Star 数的第一反应是——哇，这项目这么火？

然后我犯了一个错误：我点开了 Stargazer 列表。全是默认灰色头像，bio 一片空白。这马甲穿得也太薄了，一眼就看穿了。

给个小建议：下次作弊至少作得像样点。让那些号至少有个头像、有个 bio、关注几个别的项目。现在这样真的太明显了。

好了玩笑归玩笑，正经建议还是要给的：

1. 对近期 Star 来源做全面核查
2. 移除确认的虚假数据
3. 向社区道歉并说明经过

不要辜负那些真心关注这个项目的人。
违规事实昭然若揭，举报已发出，GitHub 官方将清理违规流量、关闭该项目。