Skip to content

ai-assistant: docs/proposals: Add backend-and-mcp architecture proposal#889

Open
illume wants to merge 1 commit into
headlamp-k8s:mainfrom
illume:docs/ai-assistant-backend-and-mcp-proposal
Open

ai-assistant: docs/proposals: Add backend-and-mcp architecture proposal#889
illume wants to merge 1 commit into
headlamp-k8s:mainfrom
illume:docs/ai-assistant-backend-and-mcp-proposal

Conversation

@illume

@illume illume commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Adds docs/proposals/backend-and-mcp.md — an architecture proposal for the backend integration layer: how the AI assistant manages LangChain sessions, MCP server connections, and provider configuration in both browser and CLI contexts.

Assisted by Copilot.

Part of the ai-assistant design proposals.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an architecture proposal documenting how the ai-assistant should support backend-mediated command execution and MCP tooling across Desktop, Headless, In-cluster, and CLI modes, with an emphasis on a shared permission/consent security model.

Changes:

  • Introduces a proposal for HTTP-backed runCommand execution via the Go backend (incl. streaming and consent).
  • Proposes a unified MCP execution model across runtime modes (stdio vs HTTP/SSE/streamable HTTP), including Helm-based configuration for in-cluster.
  • Proposes consent and terminal-access mechanisms (COOP popup / terminal prompt / Helm pre-approval; WebSocket terminal streaming).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.


| Layer | Electron (today) | Backend (proposed) |
|-------|-------------------|-------------------|
| **Plugin isolation** | Random permission secrets per command, distributed via IPC | Same secrets, distributed via `GET /api/v1/run-command/secrets` |
| Layer | Electron (today) | Backend (proposed) |
|-------|-------------------|-------------------|
| **Plugin isolation** | Random permission secrets per command, distributed via IPC | Same secrets, distributed via `GET /api/v1/run-command/secrets` |
| **Caller auth** | IPC (implicit — only renderer can call) | `X-HEADLAMP_BACKEND-TOKEN` header (headless) or Bearer/OIDC (in-cluster) |
|----------|---------|-----|
| In-page React dialog | ❌ | Plugin can call API directly, DOM-manipulate the dialog, or override `window.fetch` |
| Same-origin popup (no COOP) | ❌ | Same origin = plugin has full DOM access to popup |
| Cross-origin popup (different port) | ✅ | SOP isolates; popup immune to clickjacking |
| Server-side nonce | Direct POST to approve endpoint |
| SW registration blocking | Service Worker interception |

**Proof of Concept:** See [`consent-poc/`](./consent-poc/) — 159 Playwright tests across Chromium, Firefox, and WebKit validating all security layers plus a deliberately-vulnerable twin as negative control.

| Threat | Category | Mitigation |
|--------|----------|------------|
| Unauthenticated MCP call | Spoofing | Bearer/OIDC (in-cluster) or `HEADLAMP_BACKEND_TOKEN` (headless) |
Comment on lines +5 to +11
Three related proposals for extending Headlamp's command/tool execution beyond Electron:

1. **Backend runCommand** — HTTP-based `runCommand` through the Go backend (headless + in-cluster)
2. **MCP across all modes** — MCP tool execution in desktop, headless, in-cluster, and CLI
3. **Terminal access** — Interactive shell via WebSocket on the backend server

All three share a common security model: permission secrets, backend token auth, and user consent.
@illume illume force-pushed the docs/ai-assistant-backend-and-mcp-proposal branch 2 times, most recently from 965ab81 to feda767 Compare July 8, 2026 11:52
…hitecture proposal

Architecture proposal for the backend integration layer.

Covers how LangChain sessions, MCP server connections, and provider configuration
are managed across the three execution contexts (browser extension, Electron
desktop app, headless CLI):

- The `ai-common` package provides the platform-agnostic session and tool layer.
- In Electron, MCP servers are spawned in the main process; the renderer
  communicates via `window.desktopApi.mcp` IPC.
- In the CLI, MCP servers are spawned as child processes of the Node runtime
  using the same `MCPClientCore` interface.
- Provider configuration is stored in `ProviderConfigManager` (localStorage in
  browser, JSON file in CLI) and shared with `LangChainManager` at session start.

Includes sequence diagrams for the session lifecycle, IPC call patterns, and
the consent/approval flow.

Signed-off-by: René Dudfield <renedudfield@microsoft.com>
Co-authored-by: Ashu Ghildiyal <aghildiyal@microsoft.com>
Signed-off-by: Ashu Ghildiyal <aghildiyal@microsoft.com>
@illume illume force-pushed the docs/ai-assistant-backend-and-mcp-proposal branch from feda767 to f23e10a Compare July 8, 2026 11:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants