chore: package send sandbox evidence gate
This commit is contained in:
109
docs/source-discovery/2026-07-10-send-sandbox-gate.md
Normal file
109
docs/source-discovery/2026-07-10-send-sandbox-gate.md
Normal file
@@ -0,0 +1,109 @@
|
||||
# Send Sandbox Gate
|
||||
|
||||
Date: 2026-07-10
|
||||
Node: R6c online sandbox-send evidence gate
|
||||
|
||||
## Local constraint
|
||||
|
||||
The local development environment cannot log in to iSphere / IMPlatformClient because it has no reachable service endpoint. Therefore R6c cannot be completed by a local live send.
|
||||
|
||||
Decision for this loop: prepare a returnable online sandbox evidence package instead of attempting any local send.
|
||||
|
||||
## Package produced
|
||||
|
||||
Script:
|
||||
|
||||
```powershell
|
||||
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\package-send-sandbox-gate.ps1
|
||||
```
|
||||
|
||||
Verification:
|
||||
|
||||
```powershell
|
||||
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-send-sandbox-gate-package.ps1
|
||||
```
|
||||
|
||||
Generated package:
|
||||
|
||||
```text
|
||||
runs/send-sandbox-gate-package/
|
||||
runs/send-sandbox-gate-package.zip
|
||||
```
|
||||
|
||||
The package embeds the existing read-only live probe recorder under:
|
||||
|
||||
```text
|
||||
recorder/ISphereLiveProbeRecorder.exe
|
||||
recorder/variants/ISphereLiveProbeRecorder-x86.exe
|
||||
```
|
||||
|
||||
## Package files
|
||||
|
||||
| File | Purpose |
|
||||
| --- | --- |
|
||||
| `README.txt` | Explains local login limitation, online sandbox requirement, and one-send rule. |
|
||||
| `OPERATOR-STEPS.md` | Step-by-step operator procedure. |
|
||||
| `SANDBOX-SEND-INPUTS.template.json` | Template for sandbox target, content hash, idempotency key, and observed result. |
|
||||
| `EXPECTED-RETURN-FILES.txt` | Return package acceptance checklist. |
|
||||
| `run-before-recorder.bat` | Runs read-only recorder before the manual sandbox send. |
|
||||
| `run-after-recorder.bat` | Runs read-only recorder after the manual sandbox send. |
|
||||
| `compute-content-hash.ps1` | Computes SHA256 for the exact test message body. |
|
||||
| `make-return-zip.ps1` | Creates the return zip after before/after recordings and input JSON are present. |
|
||||
|
||||
## Operator rules
|
||||
|
||||
The package encodes these explicit markers:
|
||||
|
||||
```text
|
||||
LOCAL_LOGIN_UNAVAILABLE
|
||||
ONLINE_SANDBOX_REQUIRED
|
||||
MANUAL_ONE_SEND_ONLY
|
||||
DO_NOT_SEND_SECOND_TIME
|
||||
content_sha256
|
||||
idempotency_key
|
||||
success_ack_or_sent_record
|
||||
```
|
||||
|
||||
Required online procedure:
|
||||
|
||||
1. Log in normally on an online/internal sandbox machine.
|
||||
2. Fill `SANDBOX-SEND-INPUTS.json` from the template.
|
||||
3. Run `run-before-recorder.bat`.
|
||||
4. Manually send exactly one message to the declared sandbox target.
|
||||
5. Record `success_ack_or_sent_record`.
|
||||
6. Do not send a second copy.
|
||||
7. Run `run-after-recorder.bat`.
|
||||
8. Run `make-return-zip.ps1`.
|
||||
9. Return the generated zip.
|
||||
|
||||
## Safety boundary
|
||||
|
||||
The package does not:
|
||||
|
||||
- send messages automatically;
|
||||
- upload files;
|
||||
- click or type;
|
||||
- inject or hook;
|
||||
- capture network traffic;
|
||||
- enable production send.
|
||||
|
||||
The only send action is the operator's one manual sandbox send inside the official client.
|
||||
|
||||
## Acceptance gate
|
||||
|
||||
R6c can pass only after a returned package proves all of the following:
|
||||
|
||||
- explicit sandbox target;
|
||||
- exactly one content hash;
|
||||
- exactly one idempotency key;
|
||||
- observed success/ack or local sent-record evidence;
|
||||
- confirmation that no second send was made;
|
||||
- before/after read-only recorder outputs are present.
|
||||
|
||||
## Current decision
|
||||
|
||||
R6c local-preparation slice is complete, but the full online evidence gate is not passed yet.
|
||||
|
||||
Production `isphere_send_message` remains blocked.
|
||||
|
||||
Next node: **R6d returned sandbox evidence intake** after the user returns the generated package.
|
||||
@@ -344,17 +344,17 @@ connector_stage = "preview" | "sandbox_send" | "production"
|
||||
|
||||
## Next implementation loop
|
||||
|
||||
R6b B-route preview/dry-run contract is now complete. `isphere_send_message` is registered as preview/dry-run only, validates target/content-hash/idempotency input, appends redacted audit JSONL, and blocks production with all side-effect flags false.
|
||||
R6c local preparation is now complete. Because the local development machine cannot log in, the online sandbox-send gate was converted into a returnable evidence package rather than a local live-send attempt.
|
||||
|
||||
Next node should be **R6c online sandbox-send evidence gate**:
|
||||
Next node should be **R6d returned sandbox evidence intake** after the package is run in an online/internal sandbox and returned:
|
||||
|
||||
1. Prepare or collect one operator-approved sandbox send evidence package.
|
||||
2. Use one explicit sandbox target, one content hash, and one idempotency key.
|
||||
3. Observe success/ack or local sent-record evidence.
|
||||
4. Prove duplicate retry with the same idempotency key is locally rejected before any second send.
|
||||
5. Capture method names, argument shape, IDs/hashes, status booleans, and refs only.
|
||||
6. Do not enable production `send_message_after_approval` until the evidence gate passes.
|
||||
1. Check completed `SANDBOX-SEND-INPUTS.json`.
|
||||
2. Check before/after read-only recorder outputs.
|
||||
3. Confirm one explicit sandbox target, one content hash, and one idempotency key.
|
||||
4. Confirm `success_ack_or_sent_record`.
|
||||
5. Confirm no second send was made.
|
||||
6. Do not enable production `send_message_after_approval` until returned evidence passes.
|
||||
|
||||
## Current status
|
||||
|
||||
B is selected as the primary send/file-send route. Runtime discovery, entrypoint metadata preflight, and preview/dry-run audit are in place. A remains the fallback and now has concrete UIA selector/offline-blocker classifier support. Production send remains blocked until dynamic observation and one approved sandbox send prove success/ack behavior.
|
||||
B is selected as the primary send/file-send route. Runtime discovery, entrypoint metadata preflight, preview/dry-run audit, and the online sandbox evidence package are in place. A remains the fallback and now has concrete UIA selector/offline-blocker classifier support. Production send remains blocked until the returned sandbox package proves success/ack behavior.
|
||||
|
||||
@@ -6,6 +6,7 @@ Evidence index: `docs/source-discovery/2026-07-09-n12-pre-zyl-index.md`
|
||||
Schema notes: `docs/source-discovery/2026-07-09-n12-pre-zyl-schema-notes.md`
|
||||
Returned live probe: `docs/source-discovery/2026-07-10-returned-live-probe-analysis.md`
|
||||
Send connector preflight: `docs/source-discovery/2026-07-10-send-connector-preflight.md`
|
||||
Send sandbox gate: `docs/source-discovery/2026-07-10-send-sandbox-gate.md`
|
||||
|
||||
## Source priority
|
||||
|
||||
@@ -24,8 +25,8 @@ Send connector preflight: `docs/source-discovery/2026-07-10-send-connector-prefl
|
||||
| `isphere_search_contacts` | bare sender/receiver JIDs extracted from normalized log-backed messages loaded from configured PacketReader file or directory source | validated copied `MsgLib.db` tables: `TD_Roster`, `TD_CustomEffigy`, `tblRecent`, `tblChatLevel`, `tblPersonMsg`; decrypted roster/contact stanzas from `Smark.SendReceive`; UIA helper source if display names are still missing | `docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md`; `internal/isphere/contacts_test.go`; `internal/tools/isphere_contacts_test.go` | C34 documents optional MsgLib contact display enrichment; R2 adds deterministic exact-match-first ranking, case-insensitive de-duplication across log/MsgLib candidates, and preserves `source`/`raw_ref` | core contact search complete; optional richer fields later |
|
||||
| `isphere_search_groups` | decrypted `PacketReader.ProcessPacket` `type="groupchat"` stanzas and conference/MUC JIDs loaded from configured PacketReader file or directory source | validated copied `MsgLib.db` tables: `tblMsgGroupPersonMsg`, `TD_WorkGroupAuth`, `tblRecent`; UIA helper source if group display names are still missing | `docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md`; `internal/isphere/groups_test.go`; `internal/tools/isphere_groups_test.go`; C9 ignored-log scan: PacketReader 86 groupchat/86 conference hits; Smark 24 groupchat/658 conference/631 muc hits | C34 documents optional MsgLib group display enrichment; R2 adds deterministic exact-match-first ranking, case-insensitive de-duplication across log/MsgLib candidates, and preserves `source`/`raw_ref` | core group search complete; optional member/owner hierarchy later |
|
||||
| `isphere_receive_files` | decrypted `PacketReader.ProcessPacket` file-transfer message stanzas via `internal/isphere.ListFilesFromMessages` and `isphere_receive_files` list mode; configured PacketReader file or directory source; `zyl\importal\<hash>` cache entries remain unlinked | MsgLib `TD_ReceiveFileRecord` safe metadata through explicit copied-DB path; decrypted `Smark.SendReceive` and `SaveToDB` traces for file-reference reconciliation; future UIA/client connector for download | `docs/source-discovery/2026-07-09-n12-pre-zyl-schema-notes.md#c12-file-transfer-evidence-precheck`; `docs/source-discovery/2026-07-10-file-download-mapping-precheck.md`; `docs/source-discovery/2026-07-10-file-cache-mapping-diagnostic.md` | C22 verifies safe file-list contract args; R3 confirms list metadata is available; R3b diagnostic finds 0 current cache/archive matches, so R4 remains blocked | blocked pending better cache evidence or UI/client download connector |
|
||||
| `isphere_send_message` | B-route selected: running-client sidecar / in-process connector, preferring `AppContextManager.SendTxtMessageByJid(...)` or `MessageScheduling.SendChatMessage(...)` over the unimplemented `SendP2PMessage(...)` interface path; current MCP tool exposes preview/dry-run only | A-route fallback: constrained UI/RPA wrapper only if B cannot pass runtime probe, entrypoint availability, dynamic observation, and idempotent dry-run gates; network/protocol replay remains deferred | `docs/source-discovery/2026-07-10-send-message-source-precheck.md`; `docs/source-discovery/2026-07-10-send-message-connector-selection.md`; `docs/source-discovery/2026-07-10-send-sidecar-b-first-plan.md`; `docs/source-discovery/2026-07-10-returned-live-probe-analysis.md`; `docs/source-discovery/2026-07-10-send-connector-preflight.md`; `internal/tools/isphere_send_message_test.go` | R6b registers `isphere_send_message` preview/dry-run only. Preview validates target/content hash/idempotency, returns `send_status="planned"`, connector metadata, redacted audit metadata, and all side-effect flags false. Production returns `send_status="blocked"` and `production_send_enabled=false` in verification. No real send, success/ack, or production idempotency behavior is proven. | next: R6c online sandbox-send evidence gate; production send remains blocked |
|
||||
| `isphere_send_file` | B-route selected after send-message probe: managed offline-file path through `OffLineFileSend.sendFile()`, `IMPP.Service*.dll` `IFileTransfer.FileUpload(...)`, and `Chat.sendFileMessage(...)` | A-route fallback: constrained UI/RPA upload/send-file flow; native `TcpFileTransfer.dll` is a later candidate only after managed path is rejected | `docs/source-discovery/2026-07-10-send-message-source-precheck.md`; `docs/source-discovery/2026-07-10-send-message-connector-selection.md`; `docs/source-discovery/2026-07-10-send-sidecar-b-first-plan.md`; `docs/source-discovery/2026-07-10-returned-live-probe-analysis.md`; `docs/source-discovery/2026-07-10-send-connector-preflight.md` | R6a/C31 metadata confirms `FileTransfer.FileUpload`, `FileTransfer.AsynFileUpload`, `OffLineFileSend.sendFile`, and `Chat.sendFileMessage` candidates. File-send remains blocked behind message-send sandbox evidence plus later upload/file-message dry-run evidence. | next: wait for R6c sandbox-send evidence, then file-send upload preflight |
|
||||
| `isphere_send_message` | B-route selected: running-client sidecar / in-process connector, preferring `AppContextManager.SendTxtMessageByJid(...)` or `MessageScheduling.SendChatMessage(...)` over the unimplemented `SendP2PMessage(...)` interface path; current MCP tool exposes preview/dry-run only | A-route fallback: constrained UI/RPA wrapper only if B cannot pass runtime probe, entrypoint availability, dynamic observation, and idempotent dry-run gates; network/protocol replay remains deferred | `docs/source-discovery/2026-07-10-send-message-source-precheck.md`; `docs/source-discovery/2026-07-10-send-message-connector-selection.md`; `docs/source-discovery/2026-07-10-send-sidecar-b-first-plan.md`; `docs/source-discovery/2026-07-10-returned-live-probe-analysis.md`; `docs/source-discovery/2026-07-10-send-connector-preflight.md`; `docs/source-discovery/2026-07-10-send-sandbox-gate.md`; `internal/tools/isphere_send_message_test.go` | R6c prepares the online sandbox evidence package because local login is unavailable. `runs/send-sandbox-gate-package.zip` can collect before/after read-only recorder outputs around one manual sandbox send, but no returned evidence has been analyzed yet. Production remains blocked. | next: R6d returned sandbox evidence intake after user returns the package |
|
||||
| `isphere_send_file` | B-route selected after send-message probe: managed offline-file path through `OffLineFileSend.sendFile()`, `IMPP.Service*.dll` `IFileTransfer.FileUpload(...)`, and `Chat.sendFileMessage(...)` | A-route fallback: constrained UI/RPA upload/send-file flow; native `TcpFileTransfer.dll` is a later candidate only after managed path is rejected | `docs/source-discovery/2026-07-10-send-message-source-precheck.md`; `docs/source-discovery/2026-07-10-send-message-connector-selection.md`; `docs/source-discovery/2026-07-10-send-sidecar-b-first-plan.md`; `docs/source-discovery/2026-07-10-returned-live-probe-analysis.md`; `docs/source-discovery/2026-07-10-send-connector-preflight.md`; `docs/source-discovery/2026-07-10-send-sandbox-gate.md` | R6a/C31 metadata confirms `FileTransfer.FileUpload`, `FileTransfer.AsynFileUpload`, `OffLineFileSend.sendFile`, and `Chat.sendFileMessage` candidates. File-send remains blocked behind returned message-send sandbox evidence plus later upload/file-message dry-run evidence. | next: wait for R6d, then file-send upload preflight |
|
||||
|
||||
## Stage C entry rule
|
||||
|
||||
@@ -42,4 +43,4 @@ Start Stage C with a narrow log-backed `isphere_receive_messages` source abstrac
|
||||
|
||||
## Deferred source work
|
||||
|
||||
`MsgLib.db` has a validated copied read-only open path through the bundled 32-bit `System.Data.SQLite.dll` and password `123`. C27 adds `MsgLibReadSidecar` as the bounded x86 .NET reader boundary, C28 adds the Go `internal/msglib` process client, C29 adds bounded `display_entities` extraction, C30 wires it as optional contact/group MCP enrichment, C31 proves real copied-DB MCP enrichment with sanitized output, C32 reuses it for receive-message display fields, C33 proves that receive display path through a real copied-DB MCP smoke without printing entity values, C34 documents the operator setup/verification path, C35 maps MsgLib message tables to receive-message contract fields without reading row values, C36 adds metadata-only `message_sources` readiness, C37 defines the bounded DB-backed receive-source design, C38 implements sidecar/Go-wrapper `list_messages` with sanitized verification, C39 adds a Go adapter from MsgLib list results to the receive-message domain model, C40 adds explicit tool-level `msglib_readonly` source selection, C41 wires env-configured explicit MsgLib receive with optional sanitized smoke, R1 documents source reconciliation keys, and R2 hardens contact/group search ranking and de-duplication. The active roadmap is `docs/superpowers/plans/2026-07-10-core-business-capabilities-roadmap.md`; next step is R6c online sandbox-send evidence gate.
|
||||
`MsgLib.db` has a validated copied read-only open path through the bundled 32-bit `System.Data.SQLite.dll` and password `123`. C27 adds `MsgLibReadSidecar` as the bounded x86 .NET reader boundary, C28 adds the Go `internal/msglib` process client, C29 adds bounded `display_entities` extraction, C30 wires it as optional contact/group MCP enrichment, C31 proves real copied-DB MCP enrichment with sanitized output, C32 reuses it for receive-message display fields, C33 proves that receive display path through a real copied-DB MCP smoke without printing entity values, C34 documents the operator setup/verification path, C35 maps MsgLib message tables to receive-message contract fields without reading row values, C36 adds metadata-only `message_sources` readiness, C37 defines the bounded DB-backed receive-source design, C38 implements sidecar/Go-wrapper `list_messages` with sanitized verification, C39 adds a Go adapter from MsgLib list results to the receive-message domain model, C40 adds explicit tool-level `msglib_readonly` source selection, C41 wires env-configured explicit MsgLib receive with optional sanitized smoke, R1 documents source reconciliation keys, and R2 hardens contact/group search ranking and de-duplication. The active roadmap is `docs/superpowers/plans/2026-07-10-core-business-capabilities-roadmap.md`; next step is R6d returned sandbox evidence intake after the online package is returned.
|
||||
|
||||
Reference in New Issue
Block a user