feat: add msglib readonly sidecar

This commit is contained in:
zhaoyilun
2026-07-10 02:45:55 +08:00
parent b442138e5c
commit 5b05228ba8
8 changed files with 849 additions and 23 deletions

View File

@@ -2106,40 +2106,113 @@ Copied `MsgLib.db` read-only schema extraction result:
**Goal:** Turn the validated C26 read-only DB path into the first production-shaped helper boundary for DB-backed display-name/source metadata, without exposing message bodies or adding write behavior.
**Planned files:**
- Modify or create docs that define the sidecar/helper JSON contract.
- Optionally create a minimal committed C# sidecar/helper skeleton if the contract can stay narrow and testable.
- Modify verification docs/scripts only if an executable smoke is added.
**Files:**
- Create: `native/MsgLibReadSidecar/Program.cs`
- Create: `native/MsgLibReadSidecar/SidecarProtocol.cs`
- Create: `scripts/build-msglib-sidecar.ps1`
- Create: `scripts/verify-msglib-sidecar.ps1`
- Create: `docs/msglib-read-sidecar-contract.md`
- Modify: `docs/source-discovery/capability-source-matrix.md`
- Modify: `docs/current-status-card.md`
- Modify: `docs/superpowers/plans/2026-07-09-stage-c-log-backed-receive-messages-loop.md`
- Do not commit `System.Data.SQLite.dll`, copied DBs, raw rows, message bodies, personal values, file paths, or generated probe binaries.
**Planned behavior:**
- Treat the DB reader as a dedicated x86 .NET boundary because C26 proved 32-bit SQLite loading is required.
- Start with safe operations such as:
- `msglib_self_check`: validates provider load and read-only open against a copied DB path.
- `msglib_list_display_sources`: returns table/column availability and limited display-name source counts, not raw message content.
- Implement safe operations:
- `self_check`: sidecar identity, runtime, x86 bitness, and no-mutation flags.
- `schema_summary`: provider load/read-only DB open plus schema/columns/counts only.
- `display_sources`: schema availability mapped to display-source candidates only.
- Keep Go MCP as the coordinator and use a bounded process/helper contract for Windows/.NET DB access.
- Keep message-body reads, file downloads, sends, writes, hooks, injection, and DB mutation out of scope.
- [ ] **Step 1: Define the sidecar/helper contract**
- [x] **Step 1: Define the sidecar/helper contract**
Write the request/response envelope, allowed operations, path rules, limit rules, and redaction rules.
Created `docs/msglib-read-sidecar-contract.md` with protocol `isphere.msglib.v1`, request/response envelopes, safe operation contracts, and scope rules.
- [ ] **Step 2: Decide skeleton vs docs-only for this loop**
- [x] **Step 2: Implement minimal C# x86 sidecar skeleton**
If the contract is stable enough, create a minimal C# x86 sidecar skeleton with self-check only. Otherwise keep C27 as a contract/design gate and make C28 the skeleton implementation.
Created `native/MsgLibReadSidecar` and build/verify scripts. The sidecar compiles x86 and uses reflection to load a caller-supplied `System.Data.SQLite.dll`, so the SQLite binary is not committed.
- [ ] **Step 3: Update status/matrix/plan**
- [x] **Step 3: Verify default and evidence-backed smokes**
Record the implementation boundary and next code slice based on actual C27 output.
Verified default and evidence-backed sidecar smokes with `scripts\verify-msglib-sidecar.ps1`; evidence-backed smoke used copied DB paths through environment variables and returned `display_source_count=8`.
- [ ] **Step 4: Verify and commit**
- [x] **Step 4: Verify and commit**
Run the appropriate docs/code verification before commit:
Run final verification before commit:
```powershell
git diff --check
go test ./...
powershell -NoProfile -ExecutionPolicy Bypass -File scripts/verify-go-mcp.ps1
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\build-msglib-sidecar.ps1
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-msglib-sidecar.ps1
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-msglib-sidecar.ps1 # with copied DB env paths
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-go-mcp.ps1
```
Final verification passed: `git diff --check`, `go test ./...`, explicit `go build ./cmd/isphere-mcp`, default sidecar smoke, evidence-backed sidecar smoke, and `scripts\verify-go-mcp.ps1`.
---
## Loop C27 Result
Bounded MsgLib sidecar result:
- Added `native/MsgLibReadSidecar` as a dedicated x86 .NET process with protocol `isphere.msglib.v1`.
- Added `self_check`, `schema_summary`, and `display_sources` operations.
- `schema_summary` and `display_sources` require caller-supplied `sqlite_dll_path` and `db_path`, open only files named `MsgLib.db`, set read-only SQLite connection options, and return schema/column/count/display-source metadata only.
- Added `scripts/build-msglib-sidecar.ps1`, compiling with 32-bit .NET Framework `csc.exe` and `/platform:x86`.
- Added `scripts/verify-msglib-sidecar.ps1`, with default self-check verification plus opt-in evidence-backed provider verification through `ISPHERE_MSGLIB_SQLITE_DLL` and `ISPHERE_MSGLIB_DB`.
- Default sidecar verification passed with `process_bits=32`.
- Evidence-backed sidecar verification passed against the copied DB and returned `display_source_count=8`.
- The sidecar is not yet wrapped by Go and is not yet used by MCP tools.
---
## Loop C28: Go `MsgLibReadSidecar` client wrapper
**Goal:** Add a Go-side client wrapper that can call the C27 x86 sidecar through a bounded JSON process contract, without exposing a new MCP tool or reading message bodies yet.
**Planned files:**
- Create: `internal/msglib/sidecar_client.go`
- Create: `internal/msglib/sidecar_client_test.go`
- Optionally update `docs/msglib-read-sidecar-contract.md`
- Modify: `docs/current-status-card.md`
- Modify: `docs/superpowers/plans/2026-07-09-stage-c-log-backed-receive-messages-loop.md`
**Planned behavior:**
- Implement a Go client for `isphere.msglib.v1` with request ids, stdin/stdout JSON, timeout, and structured errors.
- Test with a fake sidecar executable/script first; do not require real `System.Data.SQLite.dll` or real DB in normal unit tests.
- Add env config shape but do not wire MCP tools yet:
- `ISPHERE_MSGLIB_SIDECAR_EXE`
- `ISPHERE_MSGLIB_SQLITE_DLL`
- `ISPHERE_MSGLIB_DB`
- Expose only Go functions for `SelfCheck` and `DisplaySources` metadata.
- Do not add message-body reads, file downloads, sends, writes, hooks, injection, DB mutation, or a public MCP tool in this loop.
- [ ] **Step 1: Write failing fake-sidecar client tests**
Test request envelope, timeout/error handling, and display-source metadata decoding against a fake process.
- [ ] **Step 2: Implement sidecar client**
Use `context.Context`, `exec.CommandContext`, stdin JSON, stdout JSON, stderr capture, and small typed structs.
- [ ] **Step 3: Verify and update docs**
Run Go tests and update status/plan. Keep real evidence-backed sidecar smoke optional through `scripts/verify-msglib-sidecar.ps1`.
- [ ] **Step 4: Full verification and commit**
Run:
```powershell
git diff --check
go test ./...
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\build-msglib-sidecar.ps1
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-msglib-sidecar.ps1
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-go-mcp.ps1
```
---