From b442138e5c9f0dee745737792c9bc68b964367d0 Mon Sep 17 00:00:00 2001 From: zhaoyilun Date: Fri, 10 Jul 2026 02:36:42 +0800 Subject: [PATCH] docs: validate msglib readonly schema path --- docs/current-status-card.md | 7 +- ...07-10-msglib-readonly-schema-extraction.md | 115 ++++++++++++++++++ .../capability-source-matrix.md | 8 +- ...tage-c-log-backed-receive-messages-loop.md | 83 +++++++++++-- 4 files changed, 196 insertions(+), 17 deletions(-) create mode 100644 docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md diff --git a/docs/current-status-card.md b/docs/current-status-card.md index e5429c1..7adafb8 100644 --- a/docs/current-status-card.md +++ b/docs/current-status-card.md @@ -27,7 +27,7 @@ Remote base before local roadmap commits: `b2d839e Merge branch 'codex/n15-repor - `scripts/verify-win-helper.ps1` and `scripts/verify-go-mcp.ps1` provide repeatable local checks for the helper, eight-tool MCP surface, default empty-source receive/contact/group/file calls, synthetic configured-file receive/contact/group/file smoke, and synthetic configured-directory receive/contact/group/file smoke. - `isphere_receive_messages` now returns the contract-facing `ok`, `conversation`, `messages`, `next_cursor`, and `audit` envelope while retaining legacy parser-native message fields for compatibility. - `isphere_receive_messages` accepts the read-contract argument set for the current local-readonly path: `conversation_id`, `query`, `since`, `limit`, `include_attachment_metadata`, `source_preference`, `preview`, and empty `cursor`. -- `isphere_search_contacts` and `isphere_search_groups` accept and validate the safe search-contract args for the current local-readonly path, but display names/member data remain JID-derived/unknown until C26 validates copied `MsgLib.db` read-only schema access. +- `isphere_search_contacts` and `isphere_search_groups` accept and validate the safe search-contract args for the current local-readonly path, but display names/member data remain JID-derived/unknown until a bounded x86 `MsgLib.db` sidecar/helper is implemented. - `isphere_receive_files` list mode accepts and validates the safe file-list contract args for the current local-readonly path while keeping download blocked. - N12-pre and N12R documents define safe offline evidence intake and internal-sandbox live UIA capture procedures. - N13/N14/N15 produced selector catalog/report validation infrastructure, but those are supporting validation assets only. @@ -55,7 +55,7 @@ N13/N14/N15 are pre-business validation results. They can help identify UI eleme ## Current loop -Current loop: `Stage C / Loop C26 - copied MsgLib.db read-only schema extraction`. +Current loop: `Stage C / Loop C27 - bounded MsgLib sidecar/helper contract`. Plan file: `docs/superpowers/plans/2026-07-09-stage-c-log-backed-receive-messages-loop.md`. @@ -93,10 +93,11 @@ Current loop output so far: 23. C23: display-name enrichment was blocked because current committed evidence and ignored metadata do not validate a JID-to-display-name/group-title source; `MsgLib.db` remains the most likely next source but inspected copies are not directly readable as SQLite. 24. C24: `MsgLib.db` readability precheck found high-entropy non-SQLite files with a consistent wrapper/encryption signature; wrapper candidates include `HYHC.IMPP.DAL.dll`, `Utilities.Lib.SQLiteInteraction*.dll`, `Utilities.Lib.DBModel.dll`, and `RepairDatabase.exe`. 25. C25: static .NET wrapper analysis recovered the DAL open path: `HYHC.IMPP.DAL.IMPPDAL` configures `System.Data.SQLite` through `Utilities.Lib.DBSQLite`, sets `DatabaseName` to the DB path and `Password` to `123`, and exposes candidate display/message tables such as `TD_Roster`, `tblRecent`, `tblPersonMsg`, `tblMsgGroupPersonMsg`, and `TD_WorkGroupAuth`. +26. C26: copied `MsgLib.db` schema extraction succeeded through a 32-bit .NET `System.Data.SQLite` read-only probe with password `123`; all three copied DB candidates opened, with confirmed contact/group/message/file schema tables. ## Next business mainline -1. Run Stage C Loop C26: attempt copied `MsgLib.db` read-only schema extraction with the recovered wrapper password/connection flow; query schema and counts only, not message bodies/personal values. +1. Run Stage C Loop C27: define and implement the first bounded x86 `MsgLib.db` sidecar/helper contract for schema/display-name reads; keep message bodies, file downloads, sends, writes, and DB mutation out of scope. 2. Leave `isphere_send_message` blocked until bridge/API, UIA action-chain, or protocol connector evidence is validated. 3. Leave actual file download/cache mapping as a later connector node until a message-to-cache hash or client download source is validated. 4. Keep UIA selector/report work as fallback support, not as the primary roadmap. diff --git a/docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md b/docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md new file mode 100644 index 0000000..b12a358 --- /dev/null +++ b/docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md @@ -0,0 +1,115 @@ +# MsgLib.db copied read-only schema extraction + +Date: 2026-07-10 + +## Question + +Can copied `MsgLib.db` files be opened read-only with the wrapper password recovered in C25, and which schema fields should drive the next business read implementation? + +## Evidence checked + +Ignored C26 artifacts: + +- `runs/offline-evidence-intake/zyl-qqfile-20260709/metadata/c26-schema-probe-x86/` +- `runs/offline-evidence-intake/zyl-qqfile-20260709/metadata/c26-msglib-schema-probe-x86.json` + +Probe method: + +- referenced the bundled `System.Data.SQLite.dll` from the extracted iSphere client files; +- opened copied `MsgLib.db` files only; +- used the C25 recovered password `123`; +- forced read-only mode in the SQLite connection string; +- queried only `sqlite_master`, `PRAGMA table_info(...)`, and safe target-table row counts; +- did not dump message bodies, contact values, file paths, or raw rows. + +## Runtime finding + +- A 64-bit probe failed at CLR/SQLite mixed-mode loading. +- A 32-bit .NET Framework probe succeeded. +- Successful provider: `System.Data.SQLite`, version observed through the opened DB runtime as SQLite `3.6.23.1`. + +This means the production path should not assume Go can open this DB directly. The practical route is a dedicated x86 .NET read-only sidecar/helper that Go MCP calls through a bounded JSON contract. + +## Open result + +All three copied `MsgLib.db` candidates opened successfully with `Password=123` in read-only mode. + +| Copied DB | Open result | Table count | Notable safe counts | +| --- | --- | ---: | --- | +| DB A, about 12.2 MB | ok | 13 | `tblMsgGroupPersonMsg=2884`, `tblPersonMsg=2132`, `tblRecent=52`, `TD_SystemMessageRecord=469` | +| DB B, about 2.84 MB | ok | 23 | `tblMsgGroupPersonMsg=1048`, `tblPersonMsg=1209`, `tblRecent=80`, `tblChatLevel=105`, `TD_WorkGroupAuth=2`, `TD_SystemMessageRecord=314` | +| DB C, about 2.78 MB | ok | 13 | `tblMsgGroupPersonMsg=796`, `tblPersonMsg=1932`, `tblRecent=51`, `TD_SystemMessageRecord=228` | + +The counts above are schema-validation counts only. No row values were extracted into committed docs. + +## Confirmed business schema map + +### Contacts and display names + +Validated tables/columns: + +- `TD_Roster`: `JId`, `Domain`, `Nick`, `Ask`, `Subscription`, `Show`, `Status`, `GroupName`. +- `TD_CustomEffigy`: `PersonJid`, `PersonName`, `PersonSex`, `HeadImageSize`, `LocalPath`, `ServerUpdateTime`. +- `tblRecent`: `Id`, `PersonId`, `PersonName`, `ActionTime`, `FType`. +- `tblChatLevel`: present in the richer DB and already known from C25 model fields as `PersonId`, `PersonName`. +- `tblPersonMsg`: `SndPerson`, `SndPersonId`, `RecvPerson`, `RecvPersonId`, `ObjPerson`, `ObjPersonId`, plus message metadata fields. + +Recommended contact display-name priority for a future read source: + +1. `TD_Roster.Nick` by `TD_Roster.JId` when present. +2. `TD_CustomEffigy.PersonName` by `PersonJid` when present. +3. `tblRecent.PersonName` by `PersonId` for recent conversations. +4. `tblPersonMsg` sender/receiver/object display fields as fallback. +5. JID-derived fallback when DB display fields are absent. + +### Groups and member names + +Validated tables/columns: + +- `tblMsgGroupPersonMsg`: `MsgGroupId`, `MsgGroupName`, `SessionTitle`, `SessionPersonId`, `SessionPersonName`, `GroupType`, plus message metadata fields. +- `TD_WorkGroupAuth`: `SessionID`, `SessionStatus`, `SessionType`, `ApplyInfo`, `GroupJID`, `GroupName`, `SendPersonSex`, `ApplyDateTime`; richer DB also has `ChildGroupJid`. +- `tblRecent`: stores group recent entries through triggers using `PersonId = MsgGroupId`, `PersonName = MsgGroupName`, and `FType = GroupType`. + +Recommended group display/member priority: + +1. `tblMsgGroupPersonMsg.MsgGroupName` by `MsgGroupId`. +2. `tblRecent.PersonName` by `PersonId` where `FType` indicates group/discussion. +3. `TD_WorkGroupAuth.GroupName` by `GroupJID` for work-group authorization records. +4. `tblMsgGroupPersonMsg.SessionPersonId/SessionPersonName` for member-name enrichment. +5. JID-derived fallback when DB display fields are absent. + +### Receive messages + +Validated tables/columns: + +- `tblPersonMsg`: one-to-one message table, including ids, sender/receiver/object identities, text/body/content/version/read fields, timestamps, and receipt state. +- `tblMsgGroupPersonMsg`: group/discussion message table, including ids, sender identities, group ids/names, session title/member fields, message body/content/version/read fields, and timestamps. +- `TD_SystemMessageRecord`: system/auth message metadata. + +C27 should not read message bodies yet. The next code loop should first add a schema/display-name sidecar and only later add DB-backed message listing with strict limit/redaction controls. + +### File metadata + +Validated tables/columns: + +- `TD_ReceiveFileRecord`: `ReceiveMsgGuid`, `FileName`, `FileSize`, `FilePath`, `SourceID`, `SourceName`, `FileType`, `SendPersonJid`, `SendPersonName`, `SendTime`. +- `TD_SendFileRecord`: `SendMsgGuid`, `FileName`, `FileSize`, `FilePath`, `SourceID`, `SourceName`, `FileType`, `ReceivePersonJid`, `ReceivePersonName`, `ReceiveTime`. + +File download remains blocked until cache/download mapping is separately validated. + +## Decision + +C26 validates the DB path: + +> `MsgLib.db` can be opened from copied evidence with the bundled 32-bit `System.Data.SQLite.dll`, `Password=123`, and read-only mode. + +The project can now move from log-only read support toward DB-backed contact/group display-name enrichment. Because the working provider path is 32-bit .NET, the next implementation should be a bounded x86 .NET sidecar/helper rather than direct Go SQLite access. + +## Next slice + +Loop C27 should implement the first production-shaped DB bridge as a narrow helper/sidecar contract, not as broad message extraction: + +1. Build a committed contract for a read-only `MsgLib.db` schema/display-name sidecar. +2. Start with safe operations such as `msglib_self_check` and `msglib_list_display_sources` or equivalent. +3. Return only table availability, column availability, and display-name candidate maps with strict limits. +4. Keep message-body reads, file downloads, sends, writes, and DB mutation out of scope. diff --git a/docs/source-discovery/capability-source-matrix.md b/docs/source-discovery/capability-source-matrix.md index d1c0400..6394821 100644 --- a/docs/source-discovery/capability-source-matrix.md +++ b/docs/source-discovery/capability-source-matrix.md @@ -17,9 +17,9 @@ Schema notes: `docs/source-discovery/2026-07-09-n12-pre-zyl-schema-notes.md` | MCP tool | Primary source | Fallback source | Evidence file | Decision status | Next implementation slice | | --- | --- | --- | --- | --- | --- | -| `isphere_receive_messages` | decrypted `PacketReader.ProcessPacket` XMPP `` stanzas via `internal/isphere.EncryptedPacketLogSource`; configured by `ISPHERE_PACKET_LOG_FILE` or `ISPHERE_PACKET_LOG_DIR` | decrypted `Smark.SendReceive` transport stanzas; decrypted `SaveToDB` `Chat_OnMessageArrived` traces; copied `MsgLib.db` after C26 read-only schema/open validation | `docs/source-discovery/2026-07-09-n12-pre-zyl-schema-notes.md#field-mapping-evidence`; `docs/source-discovery/2026-07-10-dotnet-wrapper-static-analysis.md` | C20 supports and validates the current safe receive-message contract args; C25 recovered the likely `MsgLib.db` wrapper password/connection flow but DB open is not validated yet | C26 copied-DB read-only schema extraction | -| `isphere_search_contacts` | bare sender/receiver JIDs extracted from normalized log-backed messages loaded from configured PacketReader file or directory source | `MsgLib.db` tables after C26 read-only validation: `TD_Roster`, `tblRecent`, `tblChatLevel`, `tblPersonMsg`; decrypted roster/contact stanzas from `Smark.SendReceive`; UIA helper source if display names are still missing | `docs/source-discovery/2026-07-10-dotnet-wrapper-static-analysis.md` | C25 recovered the static wrapper path and candidate contact/display-name tables; direct copied-DB read is still unvalidated | C26 copied-DB read-only schema extraction with recovered wrapper password | -| `isphere_search_groups` | decrypted `PacketReader.ProcessPacket` `type="groupchat"` stanzas and conference/MUC JIDs loaded from configured PacketReader file or directory source | `MsgLib.db` tables after C26 read-only validation: `tblMsgGroupPersonMsg`, `TD_WorkGroupAuth`, `tblRecent`; UIA helper source if group display names are still missing | `docs/source-discovery/2026-07-10-dotnet-wrapper-static-analysis.md`; C9 ignored-log scan: PacketReader 86 groupchat/86 conference hits; Smark 24 groupchat/658 conference/631 muc hits | C25 recovered the static wrapper path and candidate group/member display fields; direct copied-DB read is still unvalidated | C26 copied-DB read-only schema extraction with recovered wrapper password | +| `isphere_receive_messages` | decrypted `PacketReader.ProcessPacket` XMPP `` stanzas via `internal/isphere.EncryptedPacketLogSource`; configured by `ISPHERE_PACKET_LOG_FILE` or `ISPHERE_PACKET_LOG_DIR` | decrypted `Smark.SendReceive` transport stanzas; decrypted `SaveToDB` `Chat_OnMessageArrived` traces; copied `MsgLib.db` through a future x86 read-only sidecar/helper | `docs/source-discovery/2026-07-09-n12-pre-zyl-schema-notes.md#field-mapping-evidence`; `docs/source-discovery/2026-07-10-dotnet-wrapper-static-analysis.md` | C20 supports and validates the current safe receive-message contract args; C26 validates copied `MsgLib.db` read-only open/schema, but DB-backed message listing is not implemented yet | C27 bounded x86 MsgLib sidecar/helper contract for safe display/schema reads | +| `isphere_search_contacts` | bare sender/receiver JIDs extracted from normalized log-backed messages loaded from configured PacketReader file or directory source | validated copied `MsgLib.db` tables: `TD_Roster`, `TD_CustomEffigy`, `tblRecent`, `tblChatLevel`, `tblPersonMsg`; decrypted roster/contact stanzas from `Smark.SendReceive`; UIA helper source if display names are still missing | `docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md` | C26 validates read-only DB open/schema with the recovered wrapper password; product code still needs a bounded x86 sidecar/helper before DB-backed display names can be exposed | C27 bounded x86 MsgLib sidecar/helper contract | +| `isphere_search_groups` | decrypted `PacketReader.ProcessPacket` `type="groupchat"` stanzas and conference/MUC JIDs loaded from configured PacketReader file or directory source | validated copied `MsgLib.db` tables: `tblMsgGroupPersonMsg`, `TD_WorkGroupAuth`, `tblRecent`; UIA helper source if group display names are still missing | `docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md`; C9 ignored-log scan: PacketReader 86 groupchat/86 conference hits; Smark 24 groupchat/658 conference/631 muc hits | C26 validates read-only DB open/schema with the recovered wrapper password; product code still needs a bounded x86 sidecar/helper before DB-backed group/member names can be exposed | C27 bounded x86 MsgLib sidecar/helper contract | | `isphere_receive_files` | decrypted `PacketReader.ProcessPacket` file-transfer message stanzas via `internal/isphere.ListFilesFromMessages` and `isphere_receive_files` list mode; configured PacketReader file or directory source; `zyl\importal\` cache entries remain unlinked | decrypted `Smark.SendReceive` and `SaveToDB` traces for file-reference reconciliation; future UIA/client connector for download | `docs/source-discovery/2026-07-09-n12-pre-zyl-schema-notes.md#c12-file-transfer-evidence-precheck` | C22 verifies safe file-list contract args; no log-to-cache/download mapping yet | defer download mapping; precheck contact/group display-name evidence | | `isphere_send_message` | none validated yet | existing bridge/API/local service preferred; UIA write connector only after internal-sandbox action evidence; network/protocol connector only after protocol discovery | `docs/source-discovery/2026-07-10-send-message-source-precheck.md` | C15 blocked: contract exists, but no committed bridge/API/local service, helper write op, UIA action chain, or protocol connector is validated | do not implement write behavior; harden existing read source configuration | | `isphere_send_file` | none validated yet | depends on send-message connector plus outbound file/upload evidence | `docs/source-discovery/2026-07-10-send-message-source-precheck.md` | blocked behind `isphere_send_message` connector selection and file upload/source policy | defer until send-message connector is validated | @@ -39,4 +39,4 @@ Start Stage C with a narrow log-backed `isphere_receive_messages` source abstrac ## Deferred source work -`MsgLib.db` is no longer treated as ordinary SQLite. C25 recovered the likely wrapper route (`System.Data.SQLite` plus DB config password `123`), but C26 must still validate a copied read-only DB open and schema extraction before any DB-backed production read source is implemented. +`MsgLib.db` has a validated copied read-only open path through the bundled 32-bit `System.Data.SQLite.dll` and password `123`. Because the working provider path is x86 .NET, DB-backed production reads should enter through a bounded sidecar/helper contract rather than direct Go SQLite access. diff --git a/docs/superpowers/plans/2026-07-09-stage-c-log-backed-receive-messages-loop.md b/docs/superpowers/plans/2026-07-09-stage-c-log-backed-receive-messages-loop.md index 94cef0a..52a3c18 100644 --- a/docs/superpowers/plans/2026-07-09-stage-c-log-backed-receive-messages-loop.md +++ b/docs/superpowers/plans/2026-07-09-stage-c-log-backed-receive-messages-loop.md @@ -2039,12 +2039,12 @@ Static wrapper analysis result: **Goal:** Validate whether copied `MsgLib.db` files can be opened read-only through the recovered wrapper connection flow, then extract schema/table/column metadata only. -**Planned files:** +**Files:** - Modify: `docs/source-discovery/capability-source-matrix.md` - Modify: `docs/current-status-card.md` - Modify: `docs/superpowers/plans/2026-07-09-stage-c-log-backed-receive-messages-loop.md` -- Create: `docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md` if the probe yields non-trivial evidence. -- Ignored metadata under `runs/offline-evidence-intake/zyl-qqfile-20260709/metadata/`; do not commit DBs, raw rows, message bodies, personal values, or helper binaries. +- Create: `docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md` +- Ignored metadata under `runs/offline-evidence-intake/zyl-qqfile-20260709/metadata/`; no DBs, raw rows, message bodies, personal values, or helper binaries are committed. **Planned behavior:** - Use copied DB candidates under `runs/offline-evidence-intake/zyl-qqfile-20260709/extracted/msgdb-*` only. @@ -2055,19 +2055,25 @@ Static wrapper analysis result: - If direct bundled `System.Data.SQLite` open fails, record the exact exception and plan the next wrapper-assisted schema probe. - Do not add write/send/file-download behavior. -- [ ] **Step 1: Build a read-only schema probe** +- [x] **Step 1: Build a read-only schema probe** -Create a temporary/ignored probe that references the bundled SQLite assembly and opens copied DB files read-only with password `123`. +Built an ignored C#/.NET Framework probe. The 64-bit probe failed during SQLite mixed-mode loading; the 32-bit probe succeeded with the bundled `System.Data.SQLite.dll`. -- [ ] **Step 2: Extract schema-only metadata** +- [x] **Step 2: Extract schema-only metadata** -Collect table names, column names/types, and safe row counts for candidate business tables. Do not dump message/contact/file rows. +Generated ignored schema metadata at: -- [ ] **Step 3: Record conclusion and next implementation slice** +```text +runs/offline-evidence-intake/zyl-qqfile-20260709/metadata/c26-msglib-schema-probe-x86.json +``` -If schema open succeeds, write C27 as DB-backed contact/group display-name enrichment or DB-backed receive-message source design. If schema open fails, write C27 as wrapper-assisted open diagnosis. +All three copied DB candidates opened read-only with password `123`. The probe collected table names, column names/types, and safe row counts only. -- [ ] **Step 4: Verify and commit docs** +- [x] **Step 3: Record conclusion and next implementation slice** + +Created `docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md` and rewrote C27 as a bounded x86 sidecar/helper contract loop. + +- [x] **Step 4: Verify and commit docs** Run: @@ -2081,6 +2087,63 @@ Expected: all exit 0. Commit exact C26 docs only and rewrite the next loop from --- +## Loop C26 Result + +Copied `MsgLib.db` read-only schema extraction result: + +- The C25 password/connection hypothesis is validated: copied `MsgLib.db` files open with the bundled 32-bit `System.Data.SQLite.dll`, password `123`, and read-only mode. +- A 64-bit .NET probe failed at SQLite mixed-mode loading; the working production-shaped route should therefore be a dedicated x86 sidecar/helper, not direct Go SQLite access and not the current AnyCPU UIA helper path. +- All three copied DB candidates opened successfully and reported SQLite runtime `3.6.23.1`. +- Confirmed contact/display schema includes `TD_Roster`, `TD_CustomEffigy`, `tblRecent`, `tblChatLevel`, and `tblPersonMsg`. +- Confirmed group/member schema includes `tblMsgGroupPersonMsg`, `TD_WorkGroupAuth`, and `tblRecent`. +- Confirmed message schema includes `tblPersonMsg`, `tblMsgGroupPersonMsg`, and `TD_SystemMessageRecord`. +- Confirmed file metadata schema includes `TD_ReceiveFileRecord` and `TD_SendFileRecord`. +- No raw rows, message bodies, personal values, file paths, sends, writes, or DB mutations were performed or committed. + +--- + +## Loop C27: Bounded x86 `MsgLib.db` sidecar/helper contract + +**Goal:** Turn the validated C26 read-only DB path into the first production-shaped helper boundary for DB-backed display-name/source metadata, without exposing message bodies or adding write behavior. + +**Planned files:** +- Modify or create docs that define the sidecar/helper JSON contract. +- Optionally create a minimal committed C# sidecar/helper skeleton if the contract can stay narrow and testable. +- Modify verification docs/scripts only if an executable smoke is added. +- Do not commit `System.Data.SQLite.dll`, copied DBs, raw rows, message bodies, personal values, file paths, or generated probe binaries. + +**Planned behavior:** +- Treat the DB reader as a dedicated x86 .NET boundary because C26 proved 32-bit SQLite loading is required. +- Start with safe operations such as: + - `msglib_self_check`: validates provider load and read-only open against a copied DB path. + - `msglib_list_display_sources`: returns table/column availability and limited display-name source counts, not raw message content. +- Keep Go MCP as the coordinator and use a bounded process/helper contract for Windows/.NET DB access. +- Keep message-body reads, file downloads, sends, writes, hooks, injection, and DB mutation out of scope. + +- [ ] **Step 1: Define the sidecar/helper contract** + +Write the request/response envelope, allowed operations, path rules, limit rules, and redaction rules. + +- [ ] **Step 2: Decide skeleton vs docs-only for this loop** + +If the contract is stable enough, create a minimal C# x86 sidecar skeleton with self-check only. Otherwise keep C27 as a contract/design gate and make C28 the skeleton implementation. + +- [ ] **Step 3: Update status/matrix/plan** + +Record the implementation boundary and next code slice based on actual C27 output. + +- [ ] **Step 4: Verify and commit** + +Run the appropriate docs/code verification before commit: + +```powershell +git diff --check +go test ./... +powershell -NoProfile -ExecutionPolicy Bypass -File scripts/verify-go-mcp.ps1 +``` + +--- + ## Self-Review - Spec coverage: the plan follows the user's cyclic requirement: plan first, implement one loop at a time, update the next loop after each result, and ask only on blockers.