Rule: Engineer AROUND MCP/connector dependencies wherever possible. For anything that runs unattended on a schedule, the default architecture is deterministic Python doing the I/O directly (via cloud_bridge for browser, direct API/files otherwise) — no MCP server, no Claude call. Only invoke Claude when the task needs genuine reasoning (drafting in Joseph's voice, synthesis, judgment); and even then, Python gathers the data and hands it to Claude as text in the prompt; Claude returns structured text; Python acts on it — NO live MCP tools in the loop. MCP is demoted to optional / interactive-exploratory use only — never the backbone of scheduled work.
Why: Joseph's explicit directive 2026-05-17: "MCP seems unstable at times and the cause of a ton of errors... ways to engineer around that dependency seems logical. the more stable the better across the board." Backed by hard evidence this session: hosted Gmail/Calendar Cowork connectors unreachable headless; FastMCP/starlette secrets.py shadow crash; SKILLs themselves note "Gmail MCP is rate-limited (429-class errors)"; the recurring HS-401/keychain pain was all connector-layer. Deterministic Python + cloud_bridge (every box extractor migrated this session) has been bulletproof by contrast. The QB canary (qb_state_pack.py gathers → Claude reasons over text → no MCP) has been stable.
How to apply:
- Triage every fleet task into: (A) mechanical → rewrite as plain Python + cloud_bridge, the proven extractor pattern, zero MCP/Claude (maximally stable; this is the majority). (B) genuine-reasoning → Python-gather → Claude-reason-over-text → Python-act; no live MCP tools.
- The reusable stable core =
cloud_bridge+cb_op.py(process-isolated deterministic browser ops). Build on that, not on MCP. skyrun_bridge_mcp.pystays available but is NOT the runtime for scheduled jobs — optional/interactive only.- Accept more upfront per-task Python in exchange for an unattended fleet that does not flake. Stability > cleverness/convenience, across the board.
- Applies to #3 tenant replication too: per-tenant = deterministic Python + that tenant's cloud_bridge/creds, not an MCP-dependent stack.