Feature Overview

This feature explores and prototypes the use of a Model Context Protocol (MCP) server to expose Red Hat Advanced Cluster Management (RHACM) Policy-based Governance data for AI integrations and agentic workflows. The primary focus is to determine if the existing Search MCP server prototype can be extended to handle governance-related queries, leveraging the fact that the Discovered Policies user experience is already powered by Search data. The initial scope will concentrate on read-only flows to display compliance status and violations.

Goals

This Section: Provide high-level goal statement, providing user context
and expected user outcome(s) for this feature

• Investigate the feasibility of extending the existing Search MCP server prototype to include governance data and capabilities.
• Enable AI models and agents to perform basic, read-only queries against RHACM's policy data.
• Provide an AI-friendly interface for common governance questions related to policy compliance, violations, and non-compliant clusters.

Requirements

This Section: A list of specific needs or objectives that a Feature must
deliver to satisfy the Feature.. Some requirements will be flagged as MVP.
If an MVP gets shifted, the feature shifts. If a non MVP requirement slips,
it does not shift the feature.

(Optional) Use Cases

This Section:

• Main success scenarios - high-level user stories
  • As a security administrator, I can ask an AI assistant, "How many policies are my clusters violating?" and get a direct answer based on the most current data.
  • As an operator, I can use a conversational interface to ask, "Show me all the violations for the cis-compliance policy on my production-cluster" and receive a clear, concise list.
  • As a C-level executive, I can get a high-level overview by asking a conversational tool, "Which clusters have the most severe compliance issues?" and receive a prioritized list.
• Alternate flow/scenarios - high-level user stories
  • If a query is ambiguous, the MCP server should provide the LLM with enough information to request clarification from the user.
  • If a user asks a question that involves policy remediation, the MCP server should respond that its capabilities are currently read-only and direct the user to the appropriate RHACM console functionality.

Questions to answer

• If we rely solely on the Search MCP server, what do we lose or what does that hinder us from in the future?  Examples:
  • Creating new policies and distributing them across clusters
  • Leveraging AI to assist in troubleshooting policy violations or facilitating remediation

Out of Scope

• This feature does not include the ability to create, edit, or delete policies or violations through the MCP server.
• This feature does not implement a full-fledged conversational UI or AI agent. It focuses on the server-side protocol and data exposure.
• This is an exploration and prototyping effort; it is not intended to be a production-ready feature in this phase.

Background, and strategic fit

This Section: What does the person writing code, testing, documenting
need to know? What context can be provided to frame this feature?

The Policy-based Governance area is a critical component of RHACM. Providing a natural language interface for this feature via an MCP server would significantly enhance usability and accessibility. Leveraging the existing Search MCP server prototype is a logical and efficient approach, as the Discovered Policies UX already relies on Search data. This minimizes redundant development efforts and accelerates the path to providing AI-enabled capabilities. This feature aligns with the broader strategy of evolving RHACM into a more intuitive, intelligent, and proactive management platform.

Assumptions

• The Search data model contains all the necessary information about policies, compliance, and violations to answer the required queries.
• The existing Search MCP server prototype can be extended without major architectural changes to support the new governance-related queries.
• The team has access to the necessary expertise in both Search and Governance to successfully integrate the data models.

Customer Considerations

• Customers will benefit from a simpler, more intuitive way to access critical compliance information.
• This feature provides an early look into how AI can simplify complex infrastructure management tasks.
• Users must be aware that this is a read-only prototype and that policy actions must still be performed through the RHACM console.

Documentation Considerations

Questions to be addressed:

• What educational or reference material (docs) is required to support this
  product feature? For users/admins? Other functions (security officers, etc)?
• Does this feature have a doc impact?
• New Content, Updates to existing content, Release Note, or No Doc Impact
• If unsure and no Technical Writer is available, please contact Content
  Strategy.
• What concepts do customers need to understand to be successful in
  [action]?
• How do we expect customers will use the feature? For what purpose(s)?
• What reference material might a customer want/need to complete [action]?
• Is there source material that can be used as reference for the Technical
  Writer in writing the content? If yes, please link if available.
• What is the doc impact (New Content, Updates to existing content, or
  Release Note)?