docs: validate msglib readonly schema path

This commit is contained in:
zhaoyilun
2026-07-10 02:36:42 +08:00
parent 8378935c90
commit b442138e5c
4 changed files with 196 additions and 17 deletions

View File

@@ -2039,12 +2039,12 @@ Static wrapper analysis result:
**Goal:** Validate whether copied `MsgLib.db` files can be opened read-only through the recovered wrapper connection flow, then extract schema/table/column metadata only.
**Planned files:**
**Files:**
- Modify: `docs/source-discovery/capability-source-matrix.md`
- Modify: `docs/current-status-card.md`
- Modify: `docs/superpowers/plans/2026-07-09-stage-c-log-backed-receive-messages-loop.md`
- Create: `docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md` if the probe yields non-trivial evidence.
- Ignored metadata under `runs/offline-evidence-intake/zyl-qqfile-20260709/metadata/`; do not commit DBs, raw rows, message bodies, personal values, or helper binaries.
- Create: `docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md`
- Ignored metadata under `runs/offline-evidence-intake/zyl-qqfile-20260709/metadata/`; no DBs, raw rows, message bodies, personal values, or helper binaries are committed.
**Planned behavior:**
- Use copied DB candidates under `runs/offline-evidence-intake/zyl-qqfile-20260709/extracted/msgdb-*` only.
@@ -2055,19 +2055,25 @@ Static wrapper analysis result:
- If direct bundled `System.Data.SQLite` open fails, record the exact exception and plan the next wrapper-assisted schema probe.
- Do not add write/send/file-download behavior.
- [ ] **Step 1: Build a read-only schema probe**
- [x] **Step 1: Build a read-only schema probe**
Create a temporary/ignored probe that references the bundled SQLite assembly and opens copied DB files read-only with password `123`.
Built an ignored C#/.NET Framework probe. The 64-bit probe failed during SQLite mixed-mode loading; the 32-bit probe succeeded with the bundled `System.Data.SQLite.dll`.
- [ ] **Step 2: Extract schema-only metadata**
- [x] **Step 2: Extract schema-only metadata**
Collect table names, column names/types, and safe row counts for candidate business tables. Do not dump message/contact/file rows.
Generated ignored schema metadata at:
- [ ] **Step 3: Record conclusion and next implementation slice**
```text
runs/offline-evidence-intake/zyl-qqfile-20260709/metadata/c26-msglib-schema-probe-x86.json
```
If schema open succeeds, write C27 as DB-backed contact/group display-name enrichment or DB-backed receive-message source design. If schema open fails, write C27 as wrapper-assisted open diagnosis.
All three copied DB candidates opened read-only with password `123`. The probe collected table names, column names/types, and safe row counts only.
- [ ] **Step 4: Verify and commit docs**
- [x] **Step 3: Record conclusion and next implementation slice**
Created `docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md` and rewrote C27 as a bounded x86 sidecar/helper contract loop.
- [x] **Step 4: Verify and commit docs**
Run:
@@ -2081,6 +2087,63 @@ Expected: all exit 0. Commit exact C26 docs only and rewrite the next loop from
---
## Loop C26 Result
Copied `MsgLib.db` read-only schema extraction result:
- The C25 password/connection hypothesis is validated: copied `MsgLib.db` files open with the bundled 32-bit `System.Data.SQLite.dll`, password `123`, and read-only mode.
- A 64-bit .NET probe failed at SQLite mixed-mode loading; the working production-shaped route should therefore be a dedicated x86 sidecar/helper, not direct Go SQLite access and not the current AnyCPU UIA helper path.
- All three copied DB candidates opened successfully and reported SQLite runtime `3.6.23.1`.
- Confirmed contact/display schema includes `TD_Roster`, `TD_CustomEffigy`, `tblRecent`, `tblChatLevel`, and `tblPersonMsg`.
- Confirmed group/member schema includes `tblMsgGroupPersonMsg`, `TD_WorkGroupAuth`, and `tblRecent`.
- Confirmed message schema includes `tblPersonMsg`, `tblMsgGroupPersonMsg`, and `TD_SystemMessageRecord`.
- Confirmed file metadata schema includes `TD_ReceiveFileRecord` and `TD_SendFileRecord`.
- No raw rows, message bodies, personal values, file paths, sends, writes, or DB mutations were performed or committed.
---
## Loop C27: Bounded x86 `MsgLib.db` sidecar/helper contract
**Goal:** Turn the validated C26 read-only DB path into the first production-shaped helper boundary for DB-backed display-name/source metadata, without exposing message bodies or adding write behavior.
**Planned files:**
- Modify or create docs that define the sidecar/helper JSON contract.
- Optionally create a minimal committed C# sidecar/helper skeleton if the contract can stay narrow and testable.
- Modify verification docs/scripts only if an executable smoke is added.
- Do not commit `System.Data.SQLite.dll`, copied DBs, raw rows, message bodies, personal values, file paths, or generated probe binaries.
**Planned behavior:**
- Treat the DB reader as a dedicated x86 .NET boundary because C26 proved 32-bit SQLite loading is required.
- Start with safe operations such as:
- `msglib_self_check`: validates provider load and read-only open against a copied DB path.
- `msglib_list_display_sources`: returns table/column availability and limited display-name source counts, not raw message content.
- Keep Go MCP as the coordinator and use a bounded process/helper contract for Windows/.NET DB access.
- Keep message-body reads, file downloads, sends, writes, hooks, injection, and DB mutation out of scope.
- [ ] **Step 1: Define the sidecar/helper contract**
Write the request/response envelope, allowed operations, path rules, limit rules, and redaction rules.
- [ ] **Step 2: Decide skeleton vs docs-only for this loop**
If the contract is stable enough, create a minimal C# x86 sidecar skeleton with self-check only. Otherwise keep C27 as a contract/design gate and make C28 the skeleton implementation.
- [ ] **Step 3: Update status/matrix/plan**
Record the implementation boundary and next code slice based on actual C27 output.
- [ ] **Step 4: Verify and commit**
Run the appropriate docs/code verification before commit:
```powershell
git diff --check
go test ./...
powershell -NoProfile -ExecutionPolicy Bypass -File scripts/verify-go-mcp.ps1
```
---
## Self-Review
- Spec coverage: the plan follows the user's cyclic requirement: plan first, implement one loop at a time, update the next loop after each result, and ask only on blockers.