docs: block display name enrichment pending source evidence
This commit is contained in:
@@ -27,7 +27,7 @@ Remote base before local roadmap commits: `b2d839e Merge branch 'codex/n15-repor
|
||||
- `scripts/verify-win-helper.ps1` and `scripts/verify-go-mcp.ps1` provide repeatable local checks for the helper, eight-tool MCP surface, default empty-source receive/contact/group/file calls, synthetic configured-file receive/contact/group/file smoke, and synthetic configured-directory receive/contact/group/file smoke.
|
||||
- `isphere_receive_messages` now returns the contract-facing `ok`, `conversation`, `messages`, `next_cursor`, and `audit` envelope while retaining legacy parser-native message fields for compatibility.
|
||||
- `isphere_receive_messages` accepts the read-contract argument set for the current local-readonly path: `conversation_id`, `query`, `since`, `limit`, `include_attachment_metadata`, `source_preference`, `preview`, and empty `cursor`.
|
||||
- `isphere_search_contacts` and `isphere_search_groups` accept and validate the safe search-contract args for the current local-readonly path.
|
||||
- `isphere_search_contacts` and `isphere_search_groups` accept and validate the safe search-contract args for the current local-readonly path, but display names/member data remain JID-derived/unknown because C23 found no validated mapping source yet.
|
||||
- `isphere_receive_files` list mode accepts and validates the safe file-list contract args for the current local-readonly path while keeping download blocked.
|
||||
- N12-pre and N12R documents define safe offline evidence intake and internal-sandbox live UIA capture procedures.
|
||||
- N13/N14/N15 produced selector catalog/report validation infrastructure, but those are supporting validation assets only.
|
||||
@@ -55,7 +55,7 @@ N13/N14/N15 are pre-business validation results. They can help identify UI eleme
|
||||
|
||||
## Current loop
|
||||
|
||||
Current loop: `Stage C / Loop C23 - contact/group display-name source precheck`.
|
||||
Current loop: `Stage C / Loop C24 - MsgLib.db readability/wrapper path precheck`.
|
||||
|
||||
Plan file: `docs/superpowers/plans/2026-07-09-stage-c-log-backed-receive-messages-loop.md`.
|
||||
|
||||
@@ -90,10 +90,11 @@ Current loop output so far:
|
||||
20. C20: `isphere_receive_messages` now accepts and validates the remaining safe read-contract args, rejects unsupported source/cursor cases, and can suppress inline attachment metadata.
|
||||
21. C21: `isphere_search_contacts` and `isphere_search_groups` now accept and validate safe search-contract args, while rejecting unsupported source/cursor cases.
|
||||
22. C22: `isphere_receive_files` list mode now accepts and validates safe contract args, rejects unsupported source/cursor/output/download cases, and keeps download blocked.
|
||||
23. C23: display-name enrichment was blocked because current committed evidence and ignored metadata do not validate a JID-to-display-name/group-title source; `MsgLib.db` remains the most likely next source but inspected copies are not directly readable as SQLite.
|
||||
|
||||
## Next business mainline
|
||||
|
||||
1. Run Stage C Loop C23: inspect whether current evidence can enrich contact/group display names beyond JID-only identities.
|
||||
1. Run Stage C Loop C24: precheck why `MsgLib.db` is not directly readable as SQLite and identify the safest wrapper/decryption/read path before attempting display-name enrichment.
|
||||
2. Leave `isphere_send_message` blocked until bridge/API, UIA action-chain, or protocol connector evidence is validated.
|
||||
3. Leave actual file download/cache mapping as a later connector node until a message-to-cache hash or client download source is validated.
|
||||
4. Keep UIA selector/report work as fallback support, not as the primary roadmap.
|
||||
|
||||
@@ -0,0 +1,38 @@
|
||||
# Contact/group display-name source precheck
|
||||
|
||||
Date: 2026-07-10
|
||||
|
||||
## Question
|
||||
|
||||
Can the current N12-pre evidence safely enrich `isphere_search_contacts` and `isphere_search_groups` beyond JID-derived display names?
|
||||
|
||||
## Evidence checked
|
||||
|
||||
- `docs/source-discovery/2026-07-09-n12-pre-zyl-index.md`
|
||||
- `docs/source-discovery/2026-07-09-n12-pre-zyl-schema-notes.md`
|
||||
- Ignored metadata summaries under `runs/offline-evidence-intake/zyl-qqfile-20260709/metadata/`
|
||||
|
||||
No raw DB/log content or decrypted personal values are committed in this note.
|
||||
|
||||
## Findings
|
||||
|
||||
1. The committed index identifies `MsgLib.db` as the strongest candidate for messages, contacts, groups, and attachment references, but it leaves display-name storage as an open question.
|
||||
2. The schema summary for the extracted `MsgLib.db` candidates reports `file is not a database` for the inspected copies, so there is no validated SQLite table/column source for contact names, group names, department, title, or member count yet.
|
||||
3. `PacketReader.ProcessPacket` gives reliable JIDs and `chat`/`groupchat` routing data, but the current committed field mapping only proves message id, conversation id/type, sender/receiver JIDs, timestamp, content body, subject, and receipt/status fields.
|
||||
4. `LoginInfo` has sensitive local account/user/dept/contact metadata, but the available summary only proves local account context. It does not prove a full roster or group display-name mapping for arbitrary contacts/groups.
|
||||
5. `SaveToDB` summaries show message-arrival shapes and `from`/`body` presence, but not a committed display-name/group-title mapping.
|
||||
|
||||
## Decision
|
||||
|
||||
Do not implement display-name enrichment in the current loop.
|
||||
|
||||
Keep `isphere_search_contacts` and `isphere_search_groups` honest as JID-derived local-readonly candidates until one of these sources is validated:
|
||||
|
||||
- readable/decrypted `MsgLib.db` tables with contact/group display columns;
|
||||
- decrypted roster/contact/group stanzas with stable JID-to-name mapping;
|
||||
- bridge/API/local-service evidence exposing roster/group metadata;
|
||||
- internal-sandbox UIA or live capture evidence that safely maps visible display names to stable JIDs.
|
||||
|
||||
## Next slice
|
||||
|
||||
Use C24 to precheck `MsgLib.db` format/readability or identify the correct wrapper/decryption path, because that is the most likely route to contact/group display names and richer message metadata.
|
||||
@@ -18,8 +18,8 @@ Schema notes: `docs/source-discovery/2026-07-09-n12-pre-zyl-schema-notes.md`
|
||||
| MCP tool | Primary source | Fallback source | Evidence file | Decision status | Next implementation slice |
|
||||
| --- | --- | --- | --- | --- | --- |
|
||||
| `isphere_receive_messages` | decrypted `PacketReader.ProcessPacket` XMPP `<message>` stanzas via `internal/isphere.EncryptedPacketLogSource`; configured by `ISPHERE_PACKET_LOG_FILE` or `ISPHERE_PACKET_LOG_DIR` | decrypted `Smark.SendReceive` transport stanzas; decrypted `SaveToDB` `Chat_OnMessageArrived` traces; wrapped `MsgLib.db` after DB wrapper is solved | `docs/source-discovery/2026-07-09-n12-pre-zyl-schema-notes.md#field-mapping-evidence` | C20 supports and validates the current safe receive-message contract args; default source remains empty when unset | apply safe contract args to contact/group search |
|
||||
| `isphere_search_contacts` | bare sender/receiver JIDs extracted from normalized log-backed messages loaded from configured PacketReader file or directory source | decrypted roster/contact stanzas from `Smark.SendReceive`; `MsgLib.db` contact/conversation tables after DB wrapper is solved; UIA helper source if display names are missing | `docs/source-discovery/2026-07-09-n12-pre-zyl-schema-notes.md#log-decryption-result` | C21 verifies safe search-contract args plus default/configured contact smokes; JID-only display/account fallback | enrich display names from roster/db/uia evidence |
|
||||
| `isphere_search_groups` | decrypted `PacketReader.ProcessPacket` `type="groupchat"` stanzas and conference/MUC JIDs loaded from configured PacketReader file or directory source | `MsgLib.db` group/conversation tables after DB wrapper is solved; UIA helper source if group display names are missing | C9 ignored-log scan: PacketReader 86 groupchat/86 conference hits; Smark 24 groupchat/658 conference/631 muc hits | C21 verifies safe search-contract args plus default/configured group smokes; JID-only display fallback | enrich group display/member data from roster/db/uia evidence |
|
||||
| `isphere_search_contacts` | bare sender/receiver JIDs extracted from normalized log-backed messages loaded from configured PacketReader file or directory source | decrypted roster/contact stanzas from `Smark.SendReceive`; `MsgLib.db` contact/conversation tables after DB wrapper is solved; UIA helper source if display names are missing | `docs/source-discovery/2026-07-10-display-name-source-precheck.md` | C23 blocked display-name enrichment: no validated JID-to-display-name source yet; JID-only display/account fallback remains honest | precheck `MsgLib.db` readability/wrapper path |
|
||||
| `isphere_search_groups` | decrypted `PacketReader.ProcessPacket` `type="groupchat"` stanzas and conference/MUC JIDs loaded from configured PacketReader file or directory source | `MsgLib.db` group/conversation tables after DB wrapper is solved; UIA helper source if group display names are missing | `docs/source-discovery/2026-07-10-display-name-source-precheck.md`; C9 ignored-log scan: PacketReader 86 groupchat/86 conference hits; Smark 24 groupchat/658 conference/631 muc hits | C23 blocked display-name/member enrichment: no validated group-title/member source yet; JID-only display fallback remains honest | precheck `MsgLib.db` readability/wrapper path |
|
||||
| `isphere_receive_files` | decrypted `PacketReader.ProcessPacket` file-transfer message stanzas via `internal/isphere.ListFilesFromMessages` and `isphere_receive_files` list mode; configured PacketReader file or directory source; `zyl\importal\<hash>` cache entries remain unlinked | decrypted `Smark.SendReceive` and `SaveToDB` traces for file-reference reconciliation; future UIA/client connector for download | `docs/source-discovery/2026-07-09-n12-pre-zyl-schema-notes.md#c12-file-transfer-evidence-precheck` | C22 verifies safe file-list contract args; no log-to-cache/download mapping yet | defer download mapping; precheck contact/group display-name evidence |
|
||||
| `isphere_send_message` | none validated yet | existing bridge/API/local service preferred; UIA write connector only after internal-sandbox action evidence; network/protocol connector only after protocol discovery | `docs/source-discovery/2026-07-10-send-message-source-precheck.md` | C15 blocked: contract exists, but no committed bridge/API/local service, helper write op, UIA action chain, or protocol connector is validated | do not implement write behavior; harden existing read source configuration |
|
||||
| `isphere_send_file` | none validated yet | depends on send-message connector plus outbound file/upload evidence | `docs/source-discovery/2026-07-10-send-message-source-precheck.md` | blocked behind `isphere_send_message` connector selection and file upload/source policy | defer until send-message connector is validated |
|
||||
|
||||
@@ -1873,15 +1873,15 @@ Implemented and verified in this loop:
|
||||
- If evidence is not enough, keep JID-only behavior explicit and choose the next business-read hardening node.
|
||||
- Do not add write/send/file-download behavior.
|
||||
|
||||
- [ ] **Step 1: Inspect current evidence**
|
||||
- [x] **Step 1: Inspect current evidence**
|
||||
|
||||
Use committed source-discovery docs first; only inspect ignored local summaries/counts if needed. Do not commit raw evidence.
|
||||
|
||||
- [ ] **Step 2: Update matrix/status and next loop**
|
||||
- [x] **Step 2: Update matrix/status and next loop**
|
||||
|
||||
Record whether display-name enrichment can proceed and rewrite C24 accordingly.
|
||||
|
||||
- [ ] **Step 3: Verify and commit docs**
|
||||
- [x] **Step 3: Verify and commit docs**
|
||||
|
||||
Run:
|
||||
|
||||
@@ -1895,6 +1895,58 @@ Expected: all exit 0. Commit exact C23 paths only and rewrite the next loop from
|
||||
|
||||
---
|
||||
|
||||
## Loop C23 Result
|
||||
|
||||
Evidence precheck result:
|
||||
|
||||
- `MsgLib.db` remains the strongest likely source for contact/group display names and richer metadata, but the ignored schema summary reports the inspected copies as `file is not a database`; no readable SQLite table/column mapping is validated yet.
|
||||
- PacketReader/Smark message logs prove JIDs, `chat`/`groupchat` routing, message bodies, subjects, timestamps, and receipts, but not display names, departments, titles, group titles, owners, or member counts.
|
||||
- `LoginInfo` proves sensitive local account context only; it does not prove a roster or group display-name mapping for arbitrary contacts/groups.
|
||||
- `SaveToDB` summary proves message-arrival shapes but not a display-name mapping.
|
||||
- Decision: keep contact/group tools JID-derived and mark display-name/member enrichment blocked until DB wrapper/decryption, roster stanza, bridge/API, or safe live UIA mapping evidence is validated.
|
||||
|
||||
---
|
||||
|
||||
## Loop C24: `MsgLib.db` readability/wrapper path precheck
|
||||
|
||||
**Goal:** Determine why extracted `MsgLib.db` candidates are not directly readable as SQLite and identify the safest next path for contact/group display-name and richer message metadata extraction.
|
||||
|
||||
**Planned files:**
|
||||
- Modify: `docs/source-discovery/capability-source-matrix.md`
|
||||
- Modify: `docs/current-status-card.md`
|
||||
- Modify: `docs/superpowers/plans/2026-07-09-stage-c-log-backed-receive-messages-loop.md`
|
||||
- Optionally create a focused source-discovery note under `docs/source-discovery/`.
|
||||
- Optionally create ignored metadata under `runs/`; do not commit raw DB bytes, decrypted content, or personal values.
|
||||
|
||||
**Planned behavior:**
|
||||
- Inspect only safe metadata first: file headers, sizes, hashes, known nearby DLL names, committed notes, and existing metadata summaries.
|
||||
- Determine whether the DB issue looks like encryption, compression, copy truncation, custom wrapper, or a wrong file candidate.
|
||||
- If a safe local wrapper/decryption path is identifiable, write C25 as a minimal read-only schema extraction loop.
|
||||
- If not identifiable, record the blocker and shift to another business-read hardening node.
|
||||
- Do not add write/send/file-download behavior.
|
||||
|
||||
- [ ] **Step 1: Inspect safe DB metadata**
|
||||
|
||||
Use file headers, existing summaries, and committed notes only. Avoid committing raw bytes.
|
||||
|
||||
- [ ] **Step 2: Record likely wrapper/read path**
|
||||
|
||||
Write a source-discovery note with the decision and next implementation slice.
|
||||
|
||||
- [ ] **Step 3: Verify and commit docs**
|
||||
|
||||
Run:
|
||||
|
||||
```powershell
|
||||
git diff --check
|
||||
go test ./...
|
||||
powershell -NoProfile -ExecutionPolicy Bypass -File scripts/verify-go-mcp.ps1
|
||||
```
|
||||
|
||||
Expected: all exit 0. Commit exact C24 paths only and rewrite the next loop from actual results.
|
||||
|
||||
---
|
||||
|
||||
## Self-Review
|
||||
|
||||
- Spec coverage: the plan follows the user's cyclic requirement: plan first, implement one loop at a time, update the next loop after each result, and ask only on blockers.
|
||||
|
||||
Reference in New Issue
Block a user