docs: add N12R internal sandbox handoff workflow
This commit is contained in:
@@ -426,6 +426,36 @@ True N12 can start only when all of these are true:
|
||||
|
||||
If the current environment still cannot log in, only N12-pre offline analysis is allowed. N12 remains blocked and must not be marked passed.
|
||||
|
||||
## 8.1 Reality update: internal-sandbox live capture route
|
||||
|
||||
As of 2026-07-08, the repository environment is outside the internal network, while iSphere / IMPlatformClient is internal-network only. Therefore the active live-capture route is not current-environment N12. It is:
|
||||
|
||||
```text
|
||||
N12R: Internal-sandbox live capture route
|
||||
```
|
||||
|
||||
Use these documents for N12R:
|
||||
|
||||
```text
|
||||
docs/internal-sandbox-live-capture-plan.md
|
||||
docs/internal-sandbox-operator-runbook.md
|
||||
docs/n12r-return-package-validation-checklist.md
|
||||
```
|
||||
|
||||
N12-pre offline packages continue to support static file inventory and offline analysis. N12R packages support live read-only UIA evidence collected from an internal-network test sandbox after manual login.
|
||||
|
||||
Returned N12R packages should be placed under:
|
||||
|
||||
```text
|
||||
runs/internal-sandbox-live-capture/<capture-id>/
|
||||
```
|
||||
|
||||
Do not mix N12-pre and N12R semantics:
|
||||
|
||||
- `runs/offline-evidence-intake/<evidence-id>/` is copied-file offline evidence only.
|
||||
- `runs/internal-sandbox-live-capture/<capture-id>/` is live read-only UIA capture from the internal sandbox.
|
||||
- Neither route authorizes automatic login, sending, receiving, injection, hook, memory reading, or endpoint-security bypass.
|
||||
|
||||
## 9. Coordinator request checklist for the user
|
||||
|
||||
Use this final user-facing request. It intentionally avoids asking the user to understand JSON.
|
||||
@@ -461,4 +491,4 @@ notes/copy-notes.txt 简单写明从哪里复制、是否登录后复制
|
||||
- 这只是 N12-pre 离线证据,不是 N12 通过。
|
||||
- 不需要生成 manifest/scan/dump JSON;那些是高级可选路径。
|
||||
- 不要做自动登录、发送消息、发送文件、接收文件、注入、hook、读内存或规避安防。
|
||||
```
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user