目录

CCF2026 OpenHarmony Track - Native MCP Protocol Stack

Selected Problem

This project targets Problem 1: ubiquitous operating-system-native MCP protocol stack design.

The competition asks for an MCP protocol stack integrated into an operating system kernel or user-space service layer, reducing middleware overhead, improving Agent communication efficiency, and adding built-in security.

Project Summary

oh-native-mcp is a runnable user-space service-layer prototype for an OpenHarmony-native MCP transport. It keeps MCP’s JSON-RPC method semantics while replacing verbose framework-side request envelopes with a compact native frame that provides:

  • JSON-RPC compatible MCP request handling for ping, initialize, tools/list, native tools/schema, and tools/call.
  • MCP compatibility smoke coverage for structured tool output and method-not-found behavior.
  • Context digest cache to avoid retransmitting repeated Agent context.
  • zlib compression for large payloads.
  • ChaCha20 payload encryption.
  • HMAC-SHA256 frame authentication.
  • Monotonic sequence replay protection.
  • Edge Agent demo tools and reproducible benchmark.
  • LangChain-style adapter.
  • HelloAgents-inspired intelligent travel assistant end-to-end demo.
  • Signed capability policy, audit events, taint flow, and object-handle data plane for large tool results.
  • Deterministic native MCP capsule manifests that bind tool schema, native-frame ABI, capability policy, SBOM fields, and HMAC-verifiable handoff metadata.
  • mcpcc capsule package compiler that emits deterministic .mcap directories with signed package index, manifest, policy, native ABI, SPDX SBOM, and typed Python/C++/TypeScript stubs.
  • Schema-heavy mini-manifest discovery path where native Agent runtimes route with schema hashes and compact argument summaries instead of repeating full JSON Schema catalogs.
  • Active tool router exposed through native tools/route, ranking candidates by intent, agent role, permission cost, observed latency, schema complexity, and data-plane hints before full schema fetch.
  • Multi-Agent collaboration scenario where four edge Agents run tools/route -> tools/schema -> signed native tools/call, covering route planning, sensor object handles, health monitoring, and confirmed high-risk actuation.
  • Manifest-gated host capsule runtime that verifies signed metadata, validates schema/policy, launches a bounded subprocess worker, records audit events, and enforces timeout kill.
  • Host capsule sandbox profile with minimal inherited environment, isolated temporary working directory, and auditable boundary metadata.
  • WASI-style capsule permission profile handoff that maps signed manifests to reviewable sandbox allowlists and rejects ambient-authority or filesystem-write preopens.
  • Two-process host data-plane daemon/client where the client writes payload bytes into a shared mmap arena and the daemon receives only offset/size/checksum control records.
  • Multi-slot two-process data-plane stress check with 8 concurrent client workers and guard checks for bad checksums, negative offsets, out-of-bounds ranges, unsupported operations, and zero-sized payloads.
  • Multi-level Agent concurrency matrix that sweeps native MCP calls from 1 to 32 workers and records throughput, p95 worker latency, byte reduction, and errors.
  • OpenHarmony C++ data-plane handoff now includes source-level control-record guard validation for offset, size, operation, checksum, and registered slot matching.
  • OpenHarmony C++ control-ring handoff for ordered data-plane control records with sequence, overflow, and malformed-record guards.
  • OpenHarmony C++ sandbox-profile handoff for capsule permission profiles, including ambient-authority, filesystem-write preopen, sandbox-env, and high-risk confirmation guards.
  • PR-ready patch apply/rollback verifier that checks the candidate OpenHarmony patch with git apply --check --whitespace=error, applies it in a temporary target tree, verifies all applied file hashes, then verifies and executes git apply -R --whitespace=error.
  • OpenHarmony port bundle that packages the candidate patch, target-file snapshot, patch manifest, and apply/rollback helpers for reviewer handoff.
  • Self-contained interactive reviewer dashboard with validation-gate search/filtering, metric bars, evidence matrix, risk boundaries, and a dashboard contract check.
  • Official submission audit that verifies local CCF deliverables: selected Problem 1, design docs, source code, testing evidence, PPT, 5-minute-limit demo video, package size limits, and GitLink/platform manual-action boundaries.
  • Local Git history audit that exports recent commits, HEAD, branch, commit count, and worktree status into machine-readable and reviewer-readable evidence.
  • Verified GitLink release handoff that creates a local git bundle, verifies it with git bundle verify, clones it back, checks HEAD/commit-count parity, and records the remaining account-only upload steps.
  • Multi-scenario performance matrix covering four repeated-context edge-link workloads.
  • Deterministic protocol fuzz corpus covering malformed native frames, schema-registry errors, JSON-RPC negative paths, and policy denials.

This is not an OpenHarmony kernel patch yet. It is a complete host-runnable prototype and porting design for the OpenHarmony user-space service layer.

Repository Layout

mcp_native_stack/
  START_HERE_REVIEWER.md      One-command reviewer entrypoint
  src/oh_mcp_native/          Native MCP protocol stack implementation
  src/oh_mcp_native/stdio_server.py
  src/oh_mcp_native/capsule_manifest.py
  src/oh_mcp_native/mcpcc.py
  src/oh_mcp_native/mini_manifest.py
  src/oh_mcp_native/router.py
  src/oh_mcp_native/collaboration.py
  src/oh_mcp_native/capsule_runtime.py
  src/oh_mcp_native/capsule_worker.py
  src/oh_mcp_native/dataplane_daemon.py
  tests/                      Unit tests for transport, cache, auth, replay, tool calls
  benchmarks/                 Baseline-vs-native benchmark
  docs/                       Design, usage, testing, video script, final report
  examples/                   End-to-end Agent application demos
  logs/                       Generated test/demo/benchmark logs
  openharmony_service/         OpenHarmony C/C++ user-space service skeleton
  scripts/run_tests.ps1       Reproducible verification entry
  scripts/run_showcase.ps1    Full showcase rebuild: tests, media, assets, package, audit
  scripts/run_showcase.py     Cross-platform showcase rebuild for non-PowerShell reviewers
  scripts/run_showcase.sh     POSIX wrapper for scripts/run_showcase.py
  scripts/run_competitor_alignment_audit.py
  scripts/run_package_repro_check.py
  scripts/run_active_router_check.py
  scripts/run_agent_collaboration_check.py
  scripts/run_dashboard_contract_check.py
  scripts/run_reviewer_assets_check.py
  scripts/run_mcpcc_check.py
  scripts/run_patch_apply_check.py
  scripts/build_openharmony_port_bundle.py
  scripts/run_official_submission_audit.py
  scripts/run_git_history_audit.py
  scripts/run_gitlink_release_bundle.py
  scripts/generate_submission_assets.py
  scripts/package_submission.ps1
  scripts/package_submission.py
  demo.py                     End-to-end Agent tool-call demo

Quick Verification

Run from C:\CCFOpenSource:\CCFOpenSource\09_OpenHarmony\mcp_native_stack9_OpenHarmony\mcp_native_stack:

powershell -ExecutionPolicy Bypass -File .\scripts\run_tests.ps1

Cross-platform unit-test smoke:

python -m unittest discover -s tests -v

Full Showcase Pipeline

For a reviewer-style rebuild that mirrors a same-track showcase flow, run:

powershell -ExecutionPolicy Bypass -File .\scripts\run_showcase.ps1

For reviewers on Linux/macOS or a shell-neutral Windows terminal, use the Python pipeline:

python scripts/run_showcase.py
python scripts/run_showcase.py --skip-tests

Or through the POSIX wrapper:

sh scripts/run_showcase.sh --skip-tests

This runs full verification, regenerates the PPT and MP4 from current logs, refreshes dashboard/showcase assets, creates a timestamped package, audits zip contents, reruns competition readiness, and writes:

  • docs/showcase_pipeline.md
  • docs/showcase_pipeline_python.md
  • docs/competitor_alignment_audit.md
  • docs/package_repro_check.md
  • docs/active_tool_router.md
  • docs/agent_collaboration_scenario.md
  • docs/dashboard_contract_check.md
  • docs/gitlink_release_handoff.md
  • docs/reviewer_assets_check.md
  • logs/showcase_pipeline.json
  • logs/showcase_pipeline_python.json
  • logs/competitor_alignment_audit.json
  • logs/package_repro_check.json
  • logs/active_router_check.json
  • logs/agent_collaboration_scenario.json
  • logs/dashboard_contract_check.json
  • logs/gitlink_release_bundle.json
  • logs/reviewer_assets_check.json
  • logs/showcase_pipeline_console.txt

Use -SkipTests only after a recent full verification run when refreshing media/package evidence.

Expected result:

  • Unit tests: 64/64 passed.
  • OpenHarmony handoff static check: passed, including C++ data-plane control-record guard declarations and implementation.
  • OpenHarmony C++ host smoke: source-level audit passed, including data-plane, control-ring, and sandbox-profile guard source coverage; no C++ compiler was available on this host, so no binary execution is claimed.
  • OpenHarmony candidate patch bundle: passed.
  • OpenHarmony patch apply/rollback check: 12/12 files applied with git apply --whitespace=error, matched source hashes, and rolled back with git apply -R --whitespace=error.
  • OpenHarmony port bundle: 12 target files, patch copy, target-file snapshot, apply/rollback helpers, and bundle manifest audited.
  • Official submission audit: local deliverables passed, generated MP4 duration verified under 5 minutes, package size limits checked, and GitLink/platform actions documented as manual account steps.
  • Git history audit: local branch, HEAD, commit count, recent commits, commit stats, and worktree entries exported to docs/git_history.txt and logs/git_history_audit.json.
  • GitLink release handoff: local git bundle created, git bundle verify passed, clone verification passed, and manual GitLink push boundary recorded.
  • Demo: native MCP frame decodes and calls route_plan.
  • MCP conformance smoke: 11/11 assertions passed, including active routing negotiation and tools/route.
  • Stdio JSON-RPC MCP server conformance: passed.
  • Security attack matrix: 8/8 host attack cases blocked.
  • Protocol fuzz corpus: 16/16 deterministic negative cases passed across native frame, schema registry, JSON-RPC, and policy categories.
  • Capsule manifest handoff: 4/4 tool manifests deterministic, signed, verified, and tamper-rejected.
  • mcpcc package compiler: 4/4 .mcap tool packages deterministic, signed, verified, tamper-rejected, and emitted with policy, ABI, SPDX SBOM, and typed stubs.
  • Capsule runtime execution: signed manifest-gated subprocess execution passed, including sandbox profile checks.
  • Capsule sandbox profile: minimal environment, isolated temporary cwd, and no ambient environment inheritance recorded.
  • WASI profile handoff: 4/4 permission profiles validated, including ambient-authority and filesystem-write negative checks.
  • WASM capsule execution: 2 constrained WebAssembly MVP-subset modules executed, 5/5 sandbox rejection cases passed.
  • Wasmtime capsule execution: Wasmtime 46.0.1 executed 2 modules and rejected 5/5 sandbox cases; optional wheel lives under run/ and is excluded from the submission package.
  • Two-process data-plane daemon: shared-arena daemon/client passed with payload kept out of control-plane JSON.
  • Two-process data-plane stress: 8 workers, 192 requests, 0 errors, 5/5 malformed-handle guard checks rejected.
  • OpenHarmony C++ control ring: source-level ring guard checks cover replayed sequence, overflow, and malformed records.
  • OpenHarmony C++ sandbox profile: source-level profile guards cover ambient authority, filesystem-write preopen, sandbox env allowlist, and high-risk confirmation.
  • End-to-end story demo: 6/6 reviewer story steps passed.
  • Competition readiness audit: delivery gates passed.
  • Reviewer launch check: offline entrypoints verified.
  • Trip planner demo: LangChain/HelloAgents-style tool workflow over native MCP.
  • Benchmark: native transport reduces bytes and estimated edge-link latency.
  • Performance matrix: 4/4 edge-link scenarios passed, 960 total requests, minimum 86.36% byte reduction.
  • Schema-heavy mini-manifest benchmark: 3000 tools, 76.60% discovery-byte and estimated-token reduction, 3000/3000 schema refs resolved.
  • Multi-Agent collaboration scenario: 4/4 Agents routed to the expected tool, 4/4 schema refs resolved, 4/4 signed calls succeeded, 1 object-handle payload returned, high-risk actuation confirmed, and 96%+ context-byte reduction recorded.
  • Submission assets: validation summary, artifact manifest, and showcase page generated.
  • Same-track capability audit: native-MCP capability rows mapped to local evidence with explicit remaining boundaries.
  • Package reproducibility check: latest zip extracted under run/ and host checks executed from the extracted package tree.

Latest observed benchmark:

Metric Baseline Native
Requests 1000 1000
Total bytes 2,785,993 264,644
Byte reduction - 90.50%
Estimated E2E latency at 256 KiB/s 10,729.47 us 1,901.09 us
Estimated E2E latency improvement - 82.28%
Estimated throughput 93.20 rps 526.01 rps

Concurrent Agent benchmark:

Metric Value
Workers 16
Requests 3200
Errors 0
Throughput 1057.32 rps
Byte reduction 78.77%

Concurrency matrix:

Metric Value
Scenarios 4
Max workers 32
Total errors 0
Evidence docs/concurrency_matrix.md, logs/concurrency_matrix.json

Handle data-plane benchmark:

Metric Value
Payload 256 KiB x 200
Control-plane byte reduction 99.96%
Latency improvement 83.41%
Copy-site reduction 100.00%

End-to-end reviewer story:

Metric Value
Story steps 6
Passed steps 6
Evidence docs/e2e_story_demo.md

Capsule manifest handoff:

Metric Value
Tools compiled 4
Signed manifests verified 4/4
Tamper rejection Passed
Evidence docs/capsule_manifest.md, logs/capsule_manifest_check.json

Capsule runtime execution:

Metric Value
Runtime checks 9/9
Subprocess tool executions 2
Tamper/schema/policy/timeout guards Passed
Sandbox profile minimal env + isolated cwd
Evidence docs/capsule_runtime.md, logs/capsule_runtime_check.json

WASI profile handoff:

Metric Value
Tool profiles 4
Profile checks 6/6
Negative cases 2/2 rejected
High-risk confirmation profile Passed
Evidence docs/wasi_profile_handoff.md, logs/wasi_profile_check.json

WASM capsule execution:

Metric Value
Executed modules 2
Sandbox rejection cases 5/5
Supported runtime constrained WebAssembly MVP binary subset
Boundary not Wasmtime, not full WASI, not device-side sandboxing
Evidence docs/wasm_capsule_execution.md, logs/wasm_capsule_check.json

Wasmtime capsule execution:

Metric Value
Wasmtime version 46.0.1
Executed modules 2
Sandbox rejection cases 5/5
Optional dependency location run/wasmtime_vendor
Evidence docs/wasmtime_capsule_execution.md, logs/wasmtime_capsule_check.json

Reproduce optional Wasmtime evidence after unpacking:

powershell -ExecutionPolicy Bypass -File .\scripts\bootstrap_wasmtime_vendor.ps1
python .\scripts\run_wasmtime_capsule_check.py

Two-process data-plane daemon:

Metric Value
Payload path shared mmap arena
Control path TCP JSON handle records
Control-plane payload bytes 0
Evidence docs/twoprocess_dataplane.md, logs/twoprocess_dataplane_check.json

Two-process data-plane stress:

Metric Value
Workers 8
Total requests 192
Errors 0
Guard checks 5/5 rejected
Control-byte reduction 99.44%
Evidence docs/twoprocess_dataplane_stress.md, logs/twoprocess_dataplane_stress.json

Performance matrix:

Metric Value
Scenarios 4
Total requests 960
Minimum byte reduction 86.36%
Minimum estimated E2E latency improvement 83.43%
Minimum estimated throughput improvement 503.48%
Evidence docs/performance_matrix.md, logs/performance_matrix.json

Schema-heavy mini-manifest:

Metric Value
Synthetic tools 3000
Full tools/list bytes 4,422,716
Mini-manifest bytes 1,034,942
Byte reduction 76.60%
Estimated token reduction 76.60%
Schema refs resolved 3000/3000
Evidence docs/schema_manifest_benchmark.md, logs/schema_manifest_benchmark.json

Protocol fuzz corpus:

Metric Value
Deterministic corpus cases 16
Passed cases 16
Native frame cases 8/8
Schema registry cases 4/4
JSON-RPC negative cases 2/2
Policy denial cases 2/2
Evidence docs/protocol_fuzz_corpus.md, logs/protocol_fuzz_corpus.json

End-to-end Agent application:

Metric Value
Scenario HelloAgents-style trip planner
MCP tools 3
LangChain manifest tools 3
Native byte reduction 24.94%

Important boundary: pure Python CPU encode/decode latency is slower than the baseline because the prototype performs compression, ChaCha20 encryption, HMAC verification, and replay checks. The performance claim is therefore scoped to resource-limited link transmission efficiency and estimated end-to-end communication latency, not raw CPU micro-latency.

Submission Artifacts

  • Design document: docs/design.md
  • Start-here reviewer guide: START_HERE_REVIEWER.md
  • Technical solution: docs/technical_solution.md
  • Test report: docs/testing_report.md
  • Usage guide: docs/usage.md
  • Problem alignment matrix: docs/problem1_alignment.md
  • Competition gap analysis: docs/competition_gap_analysis.md
  • PR handoff: docs/pr_handoff.md
  • Security model: docs/security_model.md
  • Data-plane methodology: docs/dataplane_methodology.md
  • Capsule manifest handoff: docs/capsule_manifest.md
  • Capsule runtime: docs/capsule_runtime.md
  • WASI profile handoff: docs/wasi_profile_handoff.md
  • WASM capsule execution: docs/wasm_capsule_execution.md
  • Wasmtime capsule execution: docs/wasmtime_capsule_execution.md
  • Two-process data-plane daemon: docs/twoprocess_dataplane.md
  • Two-process data-plane stress: docs/twoprocess_dataplane_stress.md
  • Protocol fuzz corpus: docs/protocol_fuzz_corpus.md
  • OpenHarmony porting plan: docs/openharmony_porting_plan.md
  • OpenHarmony service skeleton: openharmony_service/
  • OpenHarmony host smoke source: openharmony_service/tests/native_mcp_host_smoke.cpp
  • OpenHarmony C++ data-plane guard handoff: openharmony_service/include/native_mcp_dataplane.h, openharmony_service/src/native_mcp_dataplane.cpp
  • OpenHarmony C++ control-ring handoff: openharmony_service/include/native_mcp_ring.h, openharmony_service/src/native_mcp_ring.cpp
  • OpenHarmony C++ sandbox-profile handoff: openharmony_service/include/native_mcp_sandbox_profile.h, openharmony_service/src/native_mcp_sandbox_profile.cpp
  • OpenHarmony candidate patch: patches/openharmony_native_mcp_service.patch
  • OpenHarmony patch apply/rollback check: scripts/run_patch_apply_check.py, docs/patch_apply_check.md, logs/patch_apply_check.json
  • OpenHarmony port bundle: scripts/build_openharmony_port_bundle.py, docs/openharmony_port_bundle.md, logs/openharmony_port_bundle_audit.json, patches/openharmony_port_bundle/
  • Official submission audit: scripts/run_official_submission_audit.py, docs/official_submission_audit.md, logs/official_submission_audit.json
  • Local Git history audit: scripts/run_git_history_audit.py, docs/git_history.txt, logs/git_history_audit.json
  • GitLink release handoff: scripts/run_gitlink_release_bundle.py, docs/gitlink_release_handoff.md, logs/gitlink_release_bundle.json
  • Patch manifest: patches/patch_manifest.json
  • Stdio MCP server: src/oh_mcp_native/stdio_server.py
  • Security attack matrix: scripts/run_security_attack_matrix.py
  • Protocol fuzz corpus: scripts/run_protocol_fuzz_corpus.py
  • Capsule manifest compiler: src/oh_mcp_native/capsule_manifest.py
  • mcpcc package compiler: src/oh_mcp_native/mcpcc.py, scripts/run_mcpcc_check.py, docs/mcpcc.md, logs/mcpcc_check.json, capsules/compiled/
  • Capsule runtime: src/oh_mcp_native/capsule_runtime.py, src/oh_mcp_native/capsule_worker.py
  • WASI profile handoff: src/oh_mcp_native/wasi_profile.py, scripts/run_wasi_profile_check.py
  • WASM capsule execution: src/oh_mcp_native/wasm_capsule.py, scripts/run_wasm_capsule_check.py
  • Optional Wasmtime capsule execution: scripts/bootstrap_wasmtime_vendor.ps1, scripts/run_wasmtime_capsule_check.py
  • Mini-manifest discovery: src/oh_mcp_native/mini_manifest.py, scripts/run_schema_manifest_benchmark.py
  • Active tool router: src/oh_mcp_native/router.py, scripts/run_active_router_check.py, docs/active_tool_router.md, logs/active_router_check.json
  • Multi-Agent collaboration scenario: src/oh_mcp_native/collaboration.py, scripts/run_agent_collaboration_check.py, docs/agent_collaboration_scenario.md, logs/agent_collaboration_scenario.json, tests/test_agent_collaboration.py
  • Two-process data-plane daemon: src/oh_mcp_native/dataplane_daemon.py
  • Two-process data-plane stress runner: scripts/run_twoprocess_dataplane_stress.py
  • Multi-scenario performance matrix: scripts/run_performance_matrix.py
  • Multi-level concurrency matrix: scripts/run_concurrency_matrix.py
  • Presentation deck: docs/CCF2026_OpenHarmony_native_mcp_stack.pptx
  • Demo video: docs/CCF2026_OpenHarmony_native_mcp_stack_demo.mp4
  • 5-minute video script: docs/video_script.md
  • Local commit history: scripts/run_git_history_audit.py, docs/git_history.txt, logs/git_history_audit.json
  • Platform submission guide: docs/platform_submission_guide.md
  • Submission ready report: SUBMISSION_READY_REPORT.md
  • Final report: docs/final_report.md
  • Submission checklist: docs/submission_checklist.md
  • Validation summary: docs/validation_summary.json
  • Artifact manifest: docs/artifact_manifest.json
  • Offline showcase page: docs/showcase.html
  • Offline dashboard page: docs/dashboard.html
  • Dashboard contract check: docs/dashboard_contract_check.md, logs/dashboard_contract_check.json
  • End-to-end story transcript: docs/e2e_story_demo.md
  • Competition readiness scorecard: docs/competition_readiness_scorecard.md
  • Reviewer launch output: docs/reviewer_start_here.md
  • Logs:
    • logs/test_results.txt
    • logs/patch_bundle_check.json
    • logs/official_submission_audit.json
    • logs/git_history_audit.json
    • logs/openharmony_cpp_smoke.json
    • logs/demo_output.txt
    • logs/e2e_story_demo.json
    • logs/competition_readiness_audit.json
    • logs/reviewer_launch_check.json
    • logs/benchmark_results.json
    • logs/mcp_conformance.json
    • logs/stdio_conformance.json
    • logs/security_attack_matrix.json
    • logs/openharmony_port_bundle_audit.json
    • logs/capsule_manifest_check.json
    • logs/capsule_runtime_check.json
    • logs/twoprocess_dataplane_check.json
    • logs/twoprocess_dataplane_stress.json
    • logs/performance_matrix.json
    • logs/concurrency_matrix.json
    • logs/schema_manifest_benchmark.json
    • logs/active_router_check.json
    • logs/agent_collaboration_scenario.json
    • logs/trip_planner_output.json
    • logs/dataplane_results.json
    • logs/openharmony_handoff_check.json
    • logs/concurrency_results.json
    • logs/submission_assets_console.txt

Packaging

powershell -ExecutionPolicy Bypass -File .\scripts\package_submission.ps1

The package is written to C:\CCFOpenSource:\CCFOpenSource\09_OpenHarmony\dist9_OpenHarmony\dist with a timestamped name and a .sha256 sidecar.

关于
18.9 MB
邀请码
    Gitlink(确实开源)
  • 加入我们
  • 官网邮箱:gitlink@ccf.org.cn
  • QQ群
  • QQ群
  • 公众号
  • 公众号

版权所有:中国计算机学会技术支持:开源发展技术委员会
京ICP备13000930号-9 京公网安备 11010802047560号