docs: verify five-tool mcp surface
This commit is contained in:
@@ -725,7 +725,7 @@ Implemented and verified in this loop:
|
||||
- Default `isphere_receive_messages` source: `isphere.EncryptedPacketLogSource{}` with no configured lines, so the operator smoke call should return `messages: []` until a real evidence loader is wired.
|
||||
- Verification script should still call `win_helper_version`, and should additionally call `isphere_receive_messages` with a small `limit` and assert the returned `messages` field is an array.
|
||||
|
||||
- [ ] **Step 1: Capture current verification red state**
|
||||
- [x] **Step 1: Capture current verification red state**
|
||||
|
||||
Run before editing the script:
|
||||
|
||||
@@ -735,15 +735,15 @@ powershell -NoProfile -ExecutionPolicy Bypass -File scripts/verify-go-mcp.ps1
|
||||
|
||||
Expected: FAIL because the existing harness still expects exactly four tools and treats `receive` as a forbidden term.
|
||||
|
||||
- [ ] **Step 2: Update `scripts/verify-go-mcp.ps1`**
|
||||
- [x] **Step 2: Update `scripts/verify-go-mcp.ps1`**
|
||||
|
||||
Change expected tools to five, remove `receive` from the forbidden write/scope terms, and add an SDK call to `isphere_receive_messages` with `{ "limit": 5 }`. Assert `messages` exists and is an array; for the default empty source, assert the smoke result has zero messages.
|
||||
|
||||
- [ ] **Step 3: Update operator docs**
|
||||
- [x] **Step 3: Update operator docs**
|
||||
|
||||
Update `docs/go-mcp-runbook.md` and `docs/current-status-card.md` so they describe the current five-tool surface, the empty default read source, and the fact that raw N12-pre evidence still stays under ignored `runs/` paths.
|
||||
|
||||
- [ ] **Step 4: Run full verification**
|
||||
- [x] **Step 4: Run full verification**
|
||||
|
||||
Run:
|
||||
|
||||
@@ -756,12 +756,86 @@ powershell -NoProfile -ExecutionPolicy Bypass -File scripts/verify-go-mcp.ps1
|
||||
|
||||
Expected: all exit 0. Remove any generated root `isphere-mcp.exe` after build.
|
||||
|
||||
- [ ] **Step 5: Commit Loop C4 and rewrite next loop**
|
||||
- [x] **Step 5: Commit Loop C4 and rewrite next loop**
|
||||
|
||||
Commit exact C4 paths only. Rewrite the next loop around the remaining gap: a safe configurable source loader or fixture path for `isphere_receive_messages`, without committing raw evidence.
|
||||
|
||||
---
|
||||
|
||||
## Loop C4 Result
|
||||
|
||||
Implemented and verified in this loop:
|
||||
|
||||
- `scripts/verify-go-mcp.ps1` now expects five tools and treats `isphere_receive_messages` as an allowed read capability rather than a forbidden action term.
|
||||
- The SDK harness still verifies `win_helper_version`, and now also calls `isphere_receive_messages` with `{ "limit": 5 }`.
|
||||
- Default server wiring returns `messages: []` for `isphere_receive_messages`, proving the tool is callable without loading raw evidence.
|
||||
- `docs/go-mcp-runbook.md` and `docs/current-status-card.md` now describe the five-tool surface and the empty default source behavior.
|
||||
- Verification completed for C4 with `git diff --check`, `go test ./...`, `go build ./cmd/isphere-mcp`, and `powershell -NoProfile -ExecutionPolicy Bypass -File scripts/verify-go-mcp.ps1`; the generated root `isphere-mcp.exe` build artifact was removed.
|
||||
|
||||
---
|
||||
|
||||
## Loop C5: Safe configurable PacketReader log source loader
|
||||
|
||||
**Goal:** Add a safe configuration path so `isphere_receive_messages` can read encrypted PacketReader log lines from a local operator-supplied file without committing raw evidence and while preserving the empty default source.
|
||||
|
||||
**Planned files:**
|
||||
- Create: `internal/isphere/file_source.go`
|
||||
- Create: `internal/isphere/file_source_test.go`
|
||||
- Modify: `internal/mcpserver/server.go`
|
||||
- Modify: `internal/mcpserver/server_test.go`
|
||||
- Modify: `cmd/isphere-mcp/main.go`
|
||||
- Modify: `scripts/verify-go-mcp.ps1`
|
||||
- Modify: `docs/go-mcp-runbook.md`
|
||||
- Modify: `docs/current-status-card.md`
|
||||
- Modify: `docs/superpowers/plans/2026-07-09-stage-c-log-backed-receive-messages-loop.md`
|
||||
|
||||
**Planned interface:**
|
||||
- Environment variable: `ISPHERE_PACKET_LOG_FILE`.
|
||||
- Default behavior: env var unset means `isphere_receive_messages` remains an empty-source read tool returning `messages: []`.
|
||||
- Configured behavior: env var set to a local text file means the server reads non-empty encrypted Base64 lines from that file into `isphere.EncryptedPacketLogSource{Lines: lines}`.
|
||||
- Evidence rule: the configured file should live under ignored `runs/` or another operator-local path; the loader must not require or commit raw evidence.
|
||||
|
||||
- [ ] **Step 1: Write failing file loader test**
|
||||
|
||||
Create `internal/isphere/file_source_test.go` first and run:
|
||||
|
||||
```powershell
|
||||
go test ./internal/isphere -run TestLoadEncryptedPacketLogSourceFromFileReadsNonEmptyLines -v
|
||||
```
|
||||
|
||||
Expected initial failure: loader function/type does not exist.
|
||||
|
||||
- [ ] **Step 2: Implement file loader**
|
||||
|
||||
Implement a small loader that reads a UTF-8 text file, trims whitespace, skips blank lines, and returns `EncryptedPacketLogSource{Lines: lines}`. It should return clear path/context errors for missing or unreadable files.
|
||||
|
||||
- [ ] **Step 3: Write failing env-wired server test**
|
||||
|
||||
Update `internal/mcpserver/server_test.go` with a temp encrypted fixture file and a test that sets `ISPHERE_PACKET_LOG_FILE`, constructs the env-wired server, calls `isphere_receive_messages`, and expects one redacted message. Run the specific test before implementation.
|
||||
|
||||
- [ ] **Step 4: Implement env-wired server construction**
|
||||
|
||||
Add `NewServerFromEnv()` or equivalent env-aware construction. Keep `NewServer()` as the empty default for existing tests. Update `cmd/isphere-mcp/main.go` to use the env-aware server.
|
||||
|
||||
- [ ] **Step 5: Update operator verification/docs**
|
||||
|
||||
Extend `scripts/verify-go-mcp.ps1` so default verification still asserts zero messages when no env var is set. Document optional `ISPHERE_PACKET_LOG_FILE` usage in `docs/go-mcp-runbook.md` and update the status card.
|
||||
|
||||
- [ ] **Step 6: Run full verification and commit**
|
||||
|
||||
Run:
|
||||
|
||||
```powershell
|
||||
git diff --check
|
||||
go test ./...
|
||||
go build ./cmd/isphere-mcp
|
||||
powershell -NoProfile -ExecutionPolicy Bypass -File scripts/verify-go-mcp.ps1
|
||||
```
|
||||
|
||||
Expected: all exit 0. Remove any generated root `isphere-mcp.exe` after build. Commit exact C5 paths only and rewrite the next loop from actual results.
|
||||
|
||||
---
|
||||
|
||||
## Self-Review
|
||||
|
||||
- Spec coverage: the plan follows the user's cyclic requirement: plan first, implement one loop at a time, update the next loop after each result, and ask only on blockers.
|
||||
|
||||
Reference in New Issue
Block a user