Product Overview¶
Product: AI-Bridge for Cisco UC Version: v202604 Author: Pierre SOURDEAU Last Updated: April 2026
Project Overview¶
What is AI-Bridge for Cisco UC¶
AI-Bridge for Cisco UC is a Model Context Protocol (MCP) server that bridges AI/LLM platforms to Cisco Unified Communications on-premises infrastructure. It enables any MCP-compatible AI agent β such as Claude Desktop, GitHub Copilot, Cursor, or custom LLM-based tools β to interact directly with Cisco UC systems through a secure, authenticated, and auditable interface.
The server exposes Cisco UC operations (AXL/SOAP, RIS, SSH) as MCP tools, along with guided workflows as MCP prompts and reference documentation as MCP resources. AI agents consume these capabilities using the standard MCP protocol over Streamable HTTP transport.
Key value proposition:
- Empower Cisco UC administrators with AI-assisted operations: configuration queries, security audits, health checks, report generation, and troubleshooting β all driven by natural language through an AI agent.
- No Cisco UC expertise required in the AI model β the MCP server provides all the context, tools, and domain-specific prompts the AI needs to interact correctly with CUCM, IMP, and CUC systems.
- Production-grade security β enterprise authentication, RBAC, credential encryption, audit trail, and air-gapped deployment support.
AI-Bridge for Cisco UC is developed and published by Pierre SOURDEAU.
- Contact: contact@sourdeau.com
- Support: support@sourdeau.com
- License: Proprietary β see
LICENSE
Deployment Model (Air-Gapped, No Cloud Dependency)¶
AI-Bridge for Cisco UC is designed for fully on-premises, compatible with air-gapped deployment:
- No cloud dependency β the server runs entirely on the customer's infrastructure. No data is sent to any external service. No telemetry, no analytics, no phone-home mechanism.
- No outbound connections β the server only connects to the Cisco UC nodes explicitly configured by the administrator (AXL over HTTPS, SSH). It never initiates connections to the internet.
- Offline licensing β licenses are RS256-signed JWT files issued offline by the editor and installed locally. No license server or online activation is required.
- Offline upgrades β upgrade packages are delivered as signed
.tar.gzarchives. Integrity is verified via DNS-published SHA-256 checksums and RSA-PSS digital signatures. - Offline AI operation β the MCP protocol runs over the local network between the AI agent and the MCP server. If the AI agent itself runs locally (e.g., a local LLM), the entire chain operates without any internet connectivity.
- Reverse proxy support (optional) β a web reverse proxy (e.g., Nginx, Apache, HAProxy) can be placed in front of the MCP server for TLS termination, load balancing, or network segmentation. The server's transport security layer (Host/Origin validation) is compatible with proxied requests when
MCP_SERVER_SECURITY_ALLOWED_HOSTSis configured accordingly. - Standalone with multi-instance redundancy β each AI-Bridge instance is a standalone server with no inter-instance communication or shared state. For high availability, multiple instances can be deployed behind a load-balancing reverse proxy. Each instance must share the same
.envconfiguration, RSA key pair, license file, and client directories (e.g., via shared storage or synchronized deployment). The reverse proxy distributes incoming MCP requests across instances.
This architecture makes AI-Bridge suitable for regulated environments, government networks, and any organization where data sovereignty and network isolation are requirements.
Standard deployment model:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Customer Network β
β β
β βββββββββββββββ ββββββββββββ βββββββββββββββ β
β β LLM β API β AI Agent β β Web β β
β β (OpenAI, βββββββββΊβ (Claude, βββββββββΊβ Reverse- β β
β β Anthropic, β β Copilot,β β Proxy β β
β β Local LLM) β β etc.) β β (optional) β β
β βββββββββββββββ ββββββββββββ ββββββββ¬βββββββ β
β Cloud or Local β β
β β β
β βΌ β
β ββββββββββββββββ β
β β AI-Bridge β β
β β Instance 1 β β
β β (MCP Server) β β
β ββββββββ¬ββββββββ β
β β β
β ββββββββ΄ββββββ β
β βΌ βΌ β
β ββββββββββββ ββββββββββββ β
β β CUCM β β IMP β β
β ββββββββββββ ββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Redundant deployment model (optional):
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Customer Network β
β β
β βββββββββββββββ ββββββββββββ βββββββββββββββ β
β β LLM β API β AI Agent β β Web β β
β β (OpenAI, βββββββββΊβ (Claude, βββββββββΊβ Reverse- β β
β β Anthropic, β β Copilot,β β Proxy / β β
β β Local LLM) β β etc.) β βLoad Balancerβ β
β βββββββββββββββ ββββββββββββ ββββββββ¬βββββββ β
β Cloud or Local ββββββ΄βββββ β
β β β β
β βΌ βΌ β
β ββββββββββββββββ ββββββββββββββββ β
β β AI-Bridge β β AI-Bridge β β
β β Instance 1 β β Instance 2 β β
β β (MCP Server) β β (MCP Server) β β
β βββββ¬βββββββ¬ββββ βββββ¬βββββββ¬ββββ β
β β ββββββββββββββββββ β β
β β β Shared Storage β β β
β β β (/secrets β β β
β β β and /clients β β β
β β β directories) β β β
β β ββββββββββββββββββ β β
β β β β
β ββββββββββββββ¬ββββββββββββββ β
β β β
β βββββββ΄ββββββ β
β βΌ βΌ β
β ββββββββββββ ββββββββββββ β
β β CUCM β β IMP β β
β ββββββββββββ ββββββββββββ β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Supported Products & Versions¶
AI-Bridge for Cisco UC currently supports the following Cisco UC products:
| Product | Full Name | Multi-Cluster | Query Protocols | Supported Versions |
|---|---|---|---|---|
| CUCM | Cisco Unified Communications Manager | β | AXL/SOAP RIS SSH |
14 15 |
| IMP | Cisco IM & Presence Service | β | AXL/SOAP SSH |
14 15 |
Multi-cluster support: the server can manage credentials and execute operations against multiple independent clusters simultaneously.
Protocol details:
- AXL (Administrative XML Layer) β SOAP-based API for CUCM and IMP administration. Supports all standard AXL operations (
get,list,add,update,remove) as well as raw SQL queries (executeSQLQuery,executeSQLUpdate). - RIS (Real-time Information Service) β RisPort70 SOAP interface for querying device registration status on CUCM (phones, gateways, trunks, media resources).
- SSH β Secure Shell access to the Cisco VOS (Voice Operating System) CLI for platform-level commands (
show,utils,file).
Add-ons Compatibility Matrix¶
AI-Bridge for Cisco UC supports a modular add-on system. Add-ons are AI-guided workflows (MCP prompts) that leverage the server's tools and embedded reference resources to perform complex multi-step operations.
| Add-on | Description | CUCM | IMP | Status |
|---|---|---|---|---|
| Security Audit | Automated configuration security audit based on Cisco Security Guide Release 15. Report with PDF export. | β | β | GA |
| Health Check | System health verification | π | π | Planned |
| Best Practices | Configuration compliance validation against Cisco and industry best practices. | π | π | Planned |
| Troubleshooting | AI-powered diagnostic assistance | π | π | Planned |
| Certificate Renewal | Automated certificate lifecycle management: inventory, expiry monitoring, CSR generation, renewal workflow. | π | π | Planned |
| Upgrade | Upgrade planning: version compatibility checks, pre-upgrade audit, COP file management, scheduling. | π | π | Planned |
Built-in modules:
| Module | Description |
|---|---|
| Reports | Markdown report generation with 9 chart types (pie, bar, donut, radar, gauge, treemap, grouped bars, waterfall, severity matrix) and PDF export via WeasyPrint. |
| Infra | HTTP endpoints for health check, Prometheus metrics, server status, and OAuth token management. |
| License Verification | RS256-signed JWT license verified at startup and monitored periodically by a background watchdog. |
| Automatic Backups | Periodic encrypted backups (RSA-4096 + AES-256-GCM) with local retention, optional SFTP export, and interactive restore. |
| Packaged-Upgrades | Signed package-based upgrade system with --dry-run preview, .env key merge, and automatic pre-upgrade backup. |
Standards & RFC Compliance Summary¶
AI-Bridge for Cisco UC implements a comprehensive set of industry standards across its security, authentication, cryptography, and transport layers, including:
- OAuth 2.0 / 2.1 β RFC 6749 (Authorization Framework), RFC 6750 (Bearer Tokens), RFC 7009 (Token Revocation), RFC 7617 (HTTP Basic Auth), RFC 8414 (Server Metadata Discovery), RFC 9068 (JWT Access Tokens), RFC 9700 / BCP 212 (Security Best Practices)
- JWT & Cryptography β RFC 7519 (JWT), RFC 7518 (JWA / RS256), RFC 8017 (RSA-PSS & RSA-OAEP), RFC 2898 / RFC 8018 (PBKDF2), NIST FIPS 180-4 (SHA-256), NIST SP 800-38D (AES-256-GCM)
- TLS & HTTP Security β RFC 5280 (X.509), RFC 8446 / RFC 5246 (TLS 1.3 / 1.2), RFC 9110 (HTTP Semantics), RFC 6585 (HTTP 429)
- Logging & Integrity β RFC 8259 (JSON), RFC 5424 (Syslog Levels), CWE-117 (Log Injection Prevention), RFC 4251β4254 (SSH/SFTP)
For the complete compliance matrix with implementation details, see the Reference page.
Supported Versions & End-of-Life Policy¶
AI-Bridge for Cisco UC follows a calendar-based versioning scheme: vYYYYMM (e.g., v202604 for the April 2026 release).
Current release status:
| Release | Status | End of Life |
|---|---|---|
| v202604 | β GA (General Availability) | TBD |
| v202605 | π Alpha (Next) | TBD |
Support policy:
- GA releases receive security patches, bug fixes, and compatibility updates.
- End of Life (EOL) dates are announced at least 12 months in advance.
- Only the latest GA release is actively supported. Customers are encouraged to upgrade promptly using the built-in upgrade system.
- License validity is version-agnostic β a valid license continues to work across upgrades.
For feature requests, bug reports, or EOL inquiries, contact via email.
Architecture & Design¶
High-Level Architecture Diagram¶
The following diagram illustrates the full internal architecture of AI-Bridge for Cisco UC, from the AI agent connection through the security layers down to the Cisco UC backends:
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AI Agent (MCP Client) β
β Claude Desktop / GitHub Copilot / Cursor / Custom β
ββββββββββββββββββββββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββββββββββββββ
β
β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β WEB Reverse-Proxy β
β (optional) β
ββββββββββββββββββββββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββββββββββββββ
β
β MCP over Streamable HTTP (HTTPS)
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AI-Bridge for Cisco UC (MCP Server) β
β β
β ββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββββββββββββ β
β β β β Transport & Security Layer β β β β
β β AUDIT β β TLS 1.2+ β DNS Rebinding β Host/Origin/Content-Type β β Watch- β β
β β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β dogs β β
β βMIDDLEWAREβ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β
β β β β Authentication & Authorization β ββββββββββββ β
β β β β β JWT (RS256) β OAuth 2.1 β RBAC Profiles β Rate Limit β Fail2Banβ β β β
β β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β License β β
β β app.log β β β β
β β audit.logβ βββββββββββββββββ¬ββββββββββββββββ¬ββββββββββββββββ¬ββββββββββββββββ β Integrityβ β
β β β β β β β β β β β
β β β β CUCM Module β IMP Module β Common Module β Infra Module β β Backup β β
β β β β β β β β β β β
β β β β β β Reports β HTTP Routes β β β β
β β β β β β Charts β /health β β β β
β β β β β β PDF Export β /metrics β β β β
β β β β β β β /status β β β β
β β β β β β β /token β β β β
β β β β β β β /revoke β β β β
β ββββββββββββ ββββββββ¬βββββββββ΄βββββββ¬βββββββββ΄ββββββββββββββββ΄ββββββββββββββββ ββββββ¬ββββββ β
β β β β β
βββββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββΌββββββββ
β β β
β β β
β SSH/HTTPS β SSH/HTTPS β SFTP
βΌ βΌ βΌ
ββββββββββββββ ββββββββββββββ ββββββββββββββ
β CUCM β β IMP β β SFTP β
β AXL/SOAP β β AXL/SOAP β β Server β
β RIS/SOAP β β SSH β β β
β SSH β β β β β
ββββββββββββββ ββββββββββββββ ββββββββββββββ
MCP Protocol & Streamable HTTP Transport¶
AI-Bridge for Cisco UC implements the Model Context Protocol (MCP) β an open standard for connecting AI agents to external tools and data sources. The server uses the Streamable HTTP transport, which operates over standard HTTPS.
How it works:
- The AI agent sends an HTTP POST request to the MCP endpoint (e.g.,
https://host:port/mcp/). - The server authenticates the request via the
Authorization: Bearer <token>header (JWT or OAuth 2.1 access token). - The MCP protocol payload contains the requested operation: tool call, prompt retrieval, or resource read.
- The server executes the operation, enforces RBAC, and returns a structured MCP response.
- For long-running operations, the server uses Server-Sent Events (SSE) streaming within the HTTP response.
Key properties:
| Property | Value |
|---|---|
| Transport | Streamable HTTP (configurable via MCP_SERVER_TRANSPORT) |
| Protocol | HTTPS (TLS 1.2+ mandatory) |
| Authentication | Bearer token (JWT RS256 or OAuth 2.1) |
| Content-Type | application/json |
| Endpoint path | Configurable via MCP_SERVER_URL_PATH (default: /mcp/) |
| Host / Port | Configurable via MCP_SERVER_HOST / MCP_SERVER_PORT |
FastMCP Server Structure¶
AI-Bridge for Cisco UC is built on top of FastMCP (fastmcp Python library), which provides the MCP protocol implementation, tool registration, prompt handling, resource serving, and Uvicorn-based ASGI server.
Mount-based modular architecture:
Product modules (CUCM, IMP, ...) are mounted as independent FastMCP sub-servers using namespaces. Each module registers its own tools, prompts, and resources, which are then exposed under a namespace prefix:
This design ensures:
- Namespace isolation β tool names, resource URIs, and prompt names are prefixed with the module namespace (e.g.,
cucm_,imp_,common_,infra_). - Conditional loading β product modules are mounted only if the license entitles them and is not expired.
- Independent development β each module has its own
tools.py,prompts.py,resources.py, andlib.py.
ASGI middleware chain:
Requests flow through the following middleware stack before reaching MCP handlers:
- TransportSecurityASGIMiddleware β DNS rebinding protection, Host/Origin validation (optional,
.env-configurable). - Uvicorn TLS β TLS termination with the configured certificate.
- AuditLoggingMiddleware β Logs all MCP tool invocations to
audit.log. - AuditingJWTVerifier β JWT signature verification, client resolution, RBAC profile enforcement.
Product Module Architecture¶
Each product module (CUCM, IMP, CUC) follows a standardized structure under servers/<product>/:
servers/<product>/
βββ __init__.py # Exports: <product>_tools, <product>_resources, <product>_prompts, ...
βββ tools.py # MCP tool definitions (@mcp.tool decorated functions)
βββ prompts.py # MCP prompt definitions (guided workflows)
βββ prompts_custom.py # Custom per-client prompts (loaded from clients/<name>/custom/)
βββ prompts_security.py # Security audit prompt (add-on)
βββ resources.py # MCP resource definitions (embedded reference documents)
βββ lib.py # Module-specific helpers (AXL session management, SSH, etc.)
βββ axl-schemas/ # AXL WSDL/XSD per CUCM version (14.0, 15.0)
βββ ris-schemas/ # RIS WSDL (CUCM only)
βββ resources/ # Embedded reference documents (CLI guide, security guide chapters)
Tool registration pattern:
Each tool is a Python async function decorated with @mcp.tool(), with Pydantic-validated input parameters.
Protocol adapters (in lib.py per module):
- AXL β Uses
zeep(SOAP client) with dynamically loaded WSDL/XSD schemas matching the target CUCM/IMP version. - RIS β Uses
zeepwith the RisPort70 WSDL for real-time device registration queries (CUCM only). - SSH β Uses
paramikofor VOS CLI command execution with trust-on-first-use fingerprint verification.
Library Layer Overview¶
The lib/ directory contains all shared, cross-cutting infrastructure code used by the main server and all product modules. It includes 25+ self-contained Python modules covering: authentication, cryptography, credential management, TLS, licensing, integrity verification, backup, rate limiting, logging, input validation, and more.
Each library module has a single responsibility and is documented independently. For the complete list with descriptions, see the Reference page.
Startup Sequence¶
When the server starts (python ai-bridge-for-cisco-uc.py), the following steps execute in strict order. Any failure at a critical step aborts the startup.
| Step | Action |
|---|---|
| 1 | Create secrets/ directory |
| 2 | Initialize logging |
| 3 | File integrity verification |
| 4 | TLS certificate resolution (self-signed or CA-signed) |
| 5 | License verification |
| 6 | Client synchronization |
| 7 | Configure authentication verifier |
| 8 | Create MCP instance |
| 9 | Mount common module |
| 10 | Mount product modules; CUCM, IMP, ... (if licensed) |
| 11 | Start License Watchdog thread |
| 12 | Start Integrity Watchdog thread |
| 13 | Start Backup Watchdog thread |
| 14 | Mount infra module |
| 15 | Configure transport security middleware |
| 16 | Start HTTPS ASGI server |
Watchdog Subsystems¶
AI-Bridge runs three independent background watchdog threads that monitor the system continuously after startup:
| Watchdog | Default Interval | Trigger Action on Failure | Configuration Keys |
|---|---|---|---|
| License Watchdog | 24 hours | SIGTERM β graceful shutdown (license expired) |
Interval embedded in license payload |
| Integrity Watchdog | 24 hours | SIGTERM β graceful shutdown (tampered files) |
INTEGRITY_CHECK_INTERVAL_HOURS |
| Backup Watchdog | 24 hours | Log error, continue running | BACKUP_INTERVAL_HOURS, BACKUP_ENABLED |
License Watchdog β Periodically re-verifies the license file. If the license transitions from GRACE to EXPIRED, it sends SIGTERM to the process, triggering a graceful shutdown.
Integrity Watchdog β Re-runs the SHA-256 manifest verification and RSA-PSS signature check. If any source file has been modified since startup, the server is terminated immediately. This detects runtime tampering.
Backup Watchdog β Creates encrypted backup archives (RSA-4096 + AES-256-GCM) at the startup then at the configured interval. Backups include client data, secrets, configuration, and logs. Optionally exports to an SFTP server. Non-critical β failures are logged but do not stop the server.
All watchdogs are stopped cleanly during graceful shutdown via atexit and SIGTERM handlers.
Project Directory Structure¶
AI-Bridge-for-Cisco-UC/
βββ ai-bridge-for-cisco-uc.py # Main entry point β server startup, module mounting
βββ .env # Environment configuration (not in repo β generated by setup wizard)
βββ manifest.json # SHA-256 hashes of all source files
βββ manifest.sig # RSA-PSS signature of manifest.json
βββ pyproject.toml # Project metadata, Ruff configuration
βββ requirements.txt # Runtime Python dependencies
βββ requirements-dev.txt # Development dependencies (pytest, ruff, pip-audit, ...)
βββ LICENSE # Proprietary license text
βββ CHANGELOG.md # Version history
βββ SECURITY.md # Vulnerability reporting policy
βββ README.md # Project overview
β
βββ lib/ # Shared library layer
β βββ auth.py # JWT verifier, RBAC enforcement
β βββ backup.py # Encrypted backup engine + watchdog
β βββ credentials.py # Per-client credential encryption
β βββ crypto.py # Fernet key derivation, encryption helpers
β βββ integrity.py # Manifest verification + watchdog
β βββ license.py # License verification + watchdog
β βββ tls.py # TLS certificate management
β βββ ... # (25+ modules β see Reference)
β βββ editor_public.pem # Editor's RSA public key (manifest signature verification)
β
βββ servers/ # Product modules (MCP sub-servers)
β βββ cucm/ # CUCM module β tools, prompts, resources, AXL/RIS schemas
β βββ imp/ # IMP module β tools, prompts, resources, AXL schemas
β βββ cuc/ # CUC module (planned) β resources only
β βββ common/ # Common module β report tools, charts, PDF export
β βββ infra/ # Infra module β HTTP routes (/health, /metrics, /status, OAuth)
β
βββ profiles/ # RBAC profile definitions (JSON)
β βββ admin.json # Full access
β βββ operator.json # Read-only + limited write
β βββ auditor.json # Read-only, audit-focused
β
βββ clients/ # Per-client isolated data directories
β βββ _default/ # Template for new clients
β β βββ custom/ # Custom prompt templates
β βββ <client_name>/ # One directory per AUTH_CLIENTS entry
β βββ secrets/ # Encrypted credentials, client-specific keys
β βββ reports/ # Generated reports (Markdown, PDF)
β βββ custom/ # Custom per-client prompt files
β
βββ secrets/ # Server-level secrets (mode 0700)
β βββ rsa_private.pem # RSA-4096 private key (JWT signing, backup encryption)
β βββ rsa_public.pem # RSA-4096 public key (JWT verification)
β βββ license.jwt # License file (RS256-signed JWT)
β βββ server-ca-signed.crt # CA-signed TLS certificate (optional)
β βββ server-ca-signed.key # CA-signed TLS private key (optional)
β βββ token_blacklist.json # Persistent revoked token JTI list
β
βββ certs-trust-store/ # Custom CA certificates for Cisco UC HTTPS verification
βββ backups/ # Encrypted backup archives (.enc + .sha256 sidecar)
βββ logs/ # Log files (app.log, audit.log)
βββ scripts/ # Administrative CLI scripts
β βββ backup_restore.py # Interactive backup restore
β βββ rotate_rsa_keys.py # RSA key rotation
β βββ show_tech.py # Support bundle generation
β βββ update_manifest.py # Manifest regeneration
β βββ export_mcp_definitions.py # Export all MCP tool/prompt/resource definitions
β βββ ... # Other utilities
β
βββ tests/ # Test suite
β βββ conftest.py # Shared pytest fixtures
β βββ unit/ # Unit tests
β βββ integration/ # Integration tests (live UC equipment)
β
βββ upgrade/ # Upgrade staging directory
βββ docs/
βββ admin-guide.md # Full administration guide