DOCS: добавить MCP semantic discovery в архитектурный план

2026-04-20 08:56:34 +03:00 · 2026-04-20 08:56:34 +03:00 · 05aad66dc4
parent 399e29f4a4
commit 05aad66dc4
2 changed files with 178 additions and 4 deletions
--- a/semantic_dialog_authority_recovery_plan_2026-04-19.md
+++ b/semantic_dialog_authority_recovery_plan_2026-04-19.md
@ -373,9 +373,156 @@ This block is complete only when:
 - truthful limited answers do not look like stale replay;
 - human answer quality becomes a structural acceptance dimension, not a soft preference.

+## Big Block 5. MCP Semantic Data Agent Instead Of Route Hardcoding
+
+### Goal
+
+Reduce the need to hardcode every new business question as a separate route by introducing a guarded semantic data-discovery layer over 1C/MCP.
+
+This block does not mean giving Qwen3 unrestricted authority to invent arbitrary 1C queries.
+
+It means letting the model help build and revise a data-search plan while deterministic runtime contracts still own:
+
+- allowed MCP primitives;
+- schema/catalog boundaries;
+- execution budgets;
+- evidence sufficiency;
+- final answer truthfulness.
+
+### Architectural Rule
+
+The assistant may explore 1C data through MCP only through reviewed data primitives and evidence gates.
+
+The model can propose:
+
+- which business object to look for;
+- which metric or evidence axis is needed;
+- which period, organization, counterparty, contract, account, register, or document family should constrain the search;
+- whether the first query result is sufficient or requires a follow-up probe.
+
+The runtime must decide:
+
+- whether the proposed search is allowed;
+- which concrete MCP primitive or query template can execute it;
+- whether returned evidence proves the answer, only supports an inference, or is insufficient;
+- how the answer should describe confirmed facts, inferred facts, and unknowns.
+
+### Required Shift
+
+The route layer should stop being the only way to reach live 1C data.
+
+Today, the common pattern is:
+
+- wording signal;
+- fixed intent;
+- fixed route/capability;
+- fixed query/reply branch.
+
+The target pattern is:
+
+- current-turn meaning authority;
+- semantic data need;
+- guarded MCP discovery plan;
+- evidence object;
+- answer contract.
+
+Exact routes remain valuable for hot, high-confidence contours.
+
+But new or long-tail business questions should be able to enter a controlled discovery lane instead of immediately becoming:
+
+- unsupported;
+- stale carryover;
+- or another hand-coded route request.
+
+### MCP Primitive Families
+
+The discovery lane should expose a small set of broad, reviewed primitives rather than many free-form model tools:
+
+- `search_business_entity`
+- `inspect_1c_metadata`
+- `resolve_entity_reference`
+- `query_movements`
+- `query_documents`
+- `aggregate_by_axis`
+- `drilldown_related_objects`
+- `probe_coverage`
+- `explain_evidence_basis`
+
+These are not final API names.
+
+They describe the architectural shape: the model plans at business level, while runtime adapters execute controlled 1C/MCP operations.
+
+### Required Catalog Brain
+
+The assistant needs a machine-readable 1C schema/catalog memory before this can be safe:
+
+- available catalogs, documents, registers, and accounting axes;
+- known links between counterparties, contracts, documents, accounts, payments, shipments, and balances;
+- safe query templates and field mappings;
+- known MCP limitations and fallback probes;
+- examples of proven query recipes from accepted semantic runs.
+
+Without this catalog brain, a model-led MCP agent will guess.
+
+Guessing is not acceptable for accounting answers.
+
+### Truth And Evidence Requirements
+
+Every discovery result must emit an evidence object before answer composition:
+
+- `confirmed_facts`
+- `inferred_facts`
+- `unknown_facts`
+- `source_rows_summary`
+- `coverage_status`
+- `query_plan`
+- `query_limitations`
+- `confidence_reason`
+- `recommended_next_probe`
+
+The final answer may not present an inference as a confirmed 1C fact.
+
+If the exact fact is unavailable but a useful inference is possible from 1C activity evidence, the answer must say that clearly.
+
+### Stack Mapping
+
+Existing seams that already point in this direction:
+
+- `AssistantDataLayer`
+- `buildLiveMcpCallPlan`
+- `buildSemanticRetrievalProfile`
+- `addressMcpClient.ts`
+- `AddressQueryService`
+- truth/coverage/evidence contracts
+
+Primary new owner candidates:
+
+- `assistantSemanticDataAgentPolicy.ts`
+- `assistantMcpDiscoveryPlanner.ts`
+- `assistantMcpEvidenceGate.ts`
+- `assistantMcpCatalogIndex.ts`
+
+The naming can change, but the ownership split should not:
+
+- planner proposes a business-level data plan;
+- catalog constrains what can be searched;
+- executor runs allowed MCP primitives;
+- evidence gate decides what can be said;
+- answer layer explains the result in human business terms.
+
+### Done Criteria
+
+This block is complete only when:
+
+- at least one long-tail 1C business question can be answered through discovery without adding a one-off route branch;
+- the discovery lane produces machine-readable query/evidence artifacts;
+- failed discovery degrades to a useful "what I checked / what is still unknown" answer, not a generic unsupported fallback;
+- exact hot routes and semantic discovery can coexist without route collisions;
+- semantic replay can prove that the model does not leak internal query mechanics or hallucinate unconfirmed facts.
+
 ## Concrete Stack Plan

-This problem should be addressed in the current stack through four large architecture blocks, not through many micro-passes.
+This problem should be addressed in the current stack through five large architecture blocks, not through many micro-passes.

 ### Stack Block A. Turn Meaning Layer

@ -441,6 +588,25 @@ Required result:
 - top-block answer correctness becomes part of acceptance;
 - "route technically matched" no longer overrules semantic mismatch.

+### Stack Block E. MCP Semantic Data Discovery Layer
+
+Add a guarded discovery lane for business questions that are understood but not yet covered by an exact route.
+
+Primary files and owner seams:
+
+- [addressMcpClient.ts](/x:/1C/NDC_1C/llm_normalizer/backend/src/services/addressMcpClient.ts:1)
+- [addressQueryService.ts](/x:/1C/NDC_1C/llm_normalizer/backend/src/services/addressQueryService.ts:1)
+- future `assistantMcpCatalogIndex.ts`
+- future `assistantMcpDiscoveryPlanner.ts`
+- future `assistantMcpEvidenceGate.ts`
+
+Required result:
+
+- Qwen3 may help plan MCP exploration, but it cannot directly define truth;
+- runtime exposes guarded MCP primitives instead of arbitrary model-generated 1C access;
+- every discovery answer is backed by an explicit evidence object;
+- long-tail understood business questions become recoverable without route-per-question hardcoding.
+
 ## Required Acceptance Invariants

 The architecture should not be considered corrected until the following invariants are green:
@ -453,6 +619,10 @@ The architecture should not be considered corrected until the following invarian
 6. `short_followup_retains_dialog_stem_without_glitch_replay`
 7. `answer_top_block_matches_current_user_intent`
 8. `meta_interrupt_does_not_corrupt_business_thread`
+9. `understood_long_tail_question_enters_guarded_mcp_discovery`
+10. `mcp_discovery_answer_separates_confirmed_inferred_and_unknown_facts`
+11. `model_planned_mcp_probe_cannot_bypass_runtime_evidence_gate`
+12. `failed_discovery_reports_checked_sources_without_hallucinated_fact`

 ## Progress Update - 2026-04-20

@ -503,7 +673,8 @@ Implement it as:
 - one shared current-turn meaning authority;
 - one explicit arbitration rule between new meaning and continuity;
 - stronger family-level semantic robustness for supported contours;
- answer and replay gates that prove the assistant now feels alive to a human user.
+- answer and replay gates that prove the assistant now feels alive to a human user;
+- guarded MCP semantic discovery for understood questions that do not deserve one-off route hardcoding.

 ## Bottom Line

@ -513,7 +684,8 @@ It fails because it still lacks a stable architecture for:

 - recognizing the meaning of the current turn;
 - subordinating continuity to that meaning;
- and reflecting that meaning in the final user-visible answer.
+- reflecting that meaning in the final user-visible answer;
+- and discovering relevant 1C evidence through controlled MCP primitives when no exact route exists yet.

 That is the next large architecture block.

--- a/architecture_turnaround/README.md
+++ b/architecture_turnaround/README.md
@ -63,6 +63,7 @@ Current honest status:
  - replay breadth still narrower than the intended multi-domain rollout surface beyond the flagship and late-switch families
  - remaining answer-semantics pressure inside `composeStage.ts` / `answerComposer.ts`
  - insufficient semantic robustness on live user wording, especially short follow-up retarget, typo tolerance, and intent-faithful human answers
+  - no guarded MCP semantic discovery lane yet for understood long-tail 1C questions that should not require one-off route hardcoding

 Latest live proof now includes:

@ -77,7 +78,7 @@ Current architectural reading:
 - the system is already materially past the dangerous regression breakpoint;
 - it is now safe for continued architecture hardening and controlled domain-by-domain enablement under replay gates;
 - it is now materially closer to pre-multidomain stability, but still not safe to declare broad low-risk multi-domain expansion.
- the practical next target is now `90%+ pre-multidomain readiness`, and the remaining gap should be treated as four large architecture iterations rather than as cosmetic cleanup.
+- the practical next target is now `90%+ pre-multidomain readiness`, and the remaining gap should be treated as five large architecture iterations rather than as cosmetic cleanup.
 - from this point onward, readiness must be judged not only by route truth and replay pass rate, but also by whether a new human user would feel that the assistant understands the intent and responds meaningfully in live wording.

 For the detailed audit, current percentages, and remaining debt, read:
@ -151,3 +152,4 @@ The biggest remaining blockers are:
 - central intent pressure in `resolveAddressIntent()`;
 - remaining answer-semantics pressure in `composeStage.ts` and `answerComposer.ts`.
 - semantic robustness gaps where already-supported questions can still look broken to a human user because of typo sensitivity, short follow-up retarget loss, or human-answer mismatch.
+- missing MCP semantic data-discovery layer where Qwen3 can help plan controlled 1C evidence search without bypassing runtime truth gates.