docs: trim safety constraints from mcp roadmap

This commit is contained in:
zhaoyilun
2026-07-09 22:02:26 +08:00
parent cfc7787cdd
commit e993ce15fb
8 changed files with 172 additions and 262 deletions

View File

@@ -2,7 +2,7 @@
This runbook is for the first Go MCP phase of `isphere-ai-bridge`. It lets an operator build and verify the Windows helper and the Go MCP server without reading the source code.
Current scope: expose four read-only WinHelper operations through Go MCP. This phase does not automate iSphere login and does not perform message or file actions.
Current scope: expose four WinHelper observation operations through Go MCP. Business contact/group/message/file tools are defined in the core MCP contract and implemented in later stages.
## 1. Prerequisites
@@ -92,8 +92,8 @@ The verification confirms:
- MCP initialize/list/call flow works through the SDK harness.
- Exactly four tools are exposed.
- `win_helper_version` returns `ISphereWinHelper`.
- No real iSphere login is required.
- No message/file/search action tool is present.
- Verification uses synthetic/local helper checks.
- Message/file/search business tools are covered by the core MCP contract, not this runbook phase.
## 6. Configure MCP client command
@@ -143,34 +143,25 @@ Only these four tools are allowed in the first phase:
Allowed parameters:
- `win_helper_version`: no business parameters.
- `win_helper_self_check`: no business parameters.
- `win_helper_version`: zero business parameters.
- `win_helper_self_check`: zero business parameters.
- `win_helper_scan_windows`: `include_all_visible` only.
- `win_helper_dump_uia`: `hwnd`, `max_depth`, `include_text`, `max_children` only.
## 8. Explicit non-goals and safety boundaries
## 8. Current tool surface and next-stage route
The current phase has these boundaries:
The current runbook verifies four WinHelper observation tools:
- no login automation
- no send message
- no send file
- no receive/download file
- no process injection
- no hook
- no memory reading
- no search contacts
- no open conversation
- no automatic login
- no credential, token, cookie, or private-key extraction
- no endpoint-security bypass or evasion
- no Python MCP fallback
- `win_helper_version`
- `win_helper_self_check`
- `win_helper_scan_windows`
- `win_helper_dump_uia`
Future send/file operations, if ever approved, must be behind explicit human approval and audit records. They are not implemented in this phase.
Core business tools for contacts, groups, messages, and files are defined in `docs/mcp-core-tools-contract.md`. Send/file capabilities enter the roadmap through that contract after source discovery, connector selection, preview metadata, execution metadata, and audit records are in place.
## 9. Real-login UIA capture procedure
This is a later real-login capture gate. Do not run it unless the operator has explicit approval for the real logged-in UIA capture step.
This is a later real-login capture gate used to collect live UI structure for connector work.
Procedure:
@@ -182,7 +173,7 @@ Procedure:
```
2. Manually open iSphere / IMPlatformClient.
3. Manually log in using the normal company-approved process.
3. Manually log in using the normal company login process.
4. Keep the main iSphere window visible.
5. Use `win_helper_scan_windows` to find the candidate window. Prefer read-only scan arguments such as:
@@ -201,7 +192,7 @@ Procedure:
}
```
7. Save approved evidence under:
7. Save selected evidence under:
```text
runs\real-loggedin-lab\uia-dumps\
@@ -209,12 +200,8 @@ Procedure:
8. Review and redact any sensitive content before sharing reports.
During this procedure, the operator must not click, type, send, upload, download, modify client state, or capture passwords/tokens.
## 10. If this outer-network environment cannot log in
Do not run or mark the original current-environment real-login UIA capture gate as passed.
iSphere is internal-network only. If the current repository environment is outside that network, use two separate routes:
1. **N12-pre offline evidence** for copied files and static analysis. Follow `docs/offline-evidence-intake-plan.md` and place packages under `runs\offline-evidence-intake\<evidence-id>\`.
@@ -242,8 +229,6 @@ powershell -NoProfile -ExecutionPolicy Bypass -File .\scripts\validate-n12r-retu
Keep the validation report outside `$captureRoot`; the returned package is evidence input and should remain unchanged.
Neither offline evidence nor N12R authorizes automatic login, search contacts, open conversation, send message, send file, receive file, injection, hook, memory reading, credential extraction, or endpoint-security bypass behavior.
## 11. Troubleshooting
- If C# helper build fails, run `scripts\build-win-helper.ps1` directly and check for missing .NET Framework reference assemblies.