Thanks for the proposal. The direction is reasonable, but the scope is too large for a single PIP. I'd suggest splitting it into three independent PIPs (MCP server, Functions-based agent runtime, multi-agent patterns) and discussing them separately.
Let's focus on Phase 1 first. Before this can move to [DISCUSS]/[VOTE], a few things need to be tightened up: 1. Implementation path Pick the implementation language (Go or Python) and justify it in terms of the contributor pool and Pulsar's existing tooling. Specify the repo, release cadence, and versioning relative to the main Pulsar release. 2. Relationship with pulsar-admin / Admin REST The MCP server becomes a third control-plane surface. Please define the source of truth and the concrete mechanism that prevents feature drift (e.g. generated from the OpenAPI spec, conformance tests against each release). State the compatibility policy for tool names and arguments. 3. Security A wrapper over the full admin API is, by default, an RCE surface for an LLM. Please cover at minimum: Read-only by default; destructive operations gated behind explicit opt-in. AuthN/AuthZ mapped onto Pulsar's existing auth and authorization plugin — no bypass. Tenant/namespace scope enforced per session. Audit logging of every tool invocation. Rate limiting and a brief threat-model note (prompt injection, compromised agent credentials). Phases 2 and 3 read more like a roadmap than a PIP today; I'd hold those until Phase 1 lands. Thanks, Haiting On Thu, Jun 4, 2026 at 1:00 AM 陈嘉伟 <[email protected]> wrote: > > Hi, > > I've opened an issue proposing that Pulsar add first-class > support for the AI agent ecosystem — an official MCP server, > Pulsar Functions as an agent runtime, and multi-agent > communication patterns documented on Pulsar primitives. > > Would love to hear thoughts from the community. > > Issue: https://github.com/apache/pulsar/issues/25881 > > Thanks, > Jiawei Chen
