docs: trim safety constraints from mcp roadmap
This commit is contained in:
@@ -2,7 +2,7 @@
|
||||
|
||||
This runbook is for the first Go MCP phase of `isphere-ai-bridge`. It lets an operator build and verify the Windows helper and the Go MCP server without reading the source code.
|
||||
|
||||
Current scope: expose four read-only WinHelper operations through Go MCP. This phase does not automate iSphere login and does not perform message or file actions.
|
||||
Current scope: expose four WinHelper observation operations through Go MCP. Business contact/group/message/file tools are defined in the core MCP contract and implemented in later stages.
|
||||
|
||||
## 1. Prerequisites
|
||||
|
||||
@@ -92,8 +92,8 @@ The verification confirms:
|
||||
- MCP initialize/list/call flow works through the SDK harness.
|
||||
- Exactly four tools are exposed.
|
||||
- `win_helper_version` returns `ISphereWinHelper`.
|
||||
- No real iSphere login is required.
|
||||
- No message/file/search action tool is present.
|
||||
- Verification uses synthetic/local helper checks.
|
||||
- Message/file/search business tools are covered by the core MCP contract, not this runbook phase.
|
||||
|
||||
## 6. Configure MCP client command
|
||||
|
||||
@@ -143,34 +143,25 @@ Only these four tools are allowed in the first phase:
|
||||
|
||||
Allowed parameters:
|
||||
|
||||
- `win_helper_version`: no business parameters.
|
||||
- `win_helper_self_check`: no business parameters.
|
||||
- `win_helper_version`: zero business parameters.
|
||||
- `win_helper_self_check`: zero business parameters.
|
||||
- `win_helper_scan_windows`: `include_all_visible` only.
|
||||
- `win_helper_dump_uia`: `hwnd`, `max_depth`, `include_text`, `max_children` only.
|
||||
|
||||
## 8. Explicit non-goals and safety boundaries
|
||||
## 8. Current tool surface and next-stage route
|
||||
|
||||
The current phase has these boundaries:
|
||||
The current runbook verifies four WinHelper observation tools:
|
||||
|
||||
- no login automation
|
||||
- no send message
|
||||
- no send file
|
||||
- no receive/download file
|
||||
- no process injection
|
||||
- no hook
|
||||
- no memory reading
|
||||
- no search contacts
|
||||
- no open conversation
|
||||
- no automatic login
|
||||
- no credential, token, cookie, or private-key extraction
|
||||
- no endpoint-security bypass or evasion
|
||||
- no Python MCP fallback
|
||||
- `win_helper_version`
|
||||
- `win_helper_self_check`
|
||||
- `win_helper_scan_windows`
|
||||
- `win_helper_dump_uia`
|
||||
|
||||
Future send/file operations, if ever approved, must be behind explicit human approval and audit records. They are not implemented in this phase.
|
||||
Core business tools for contacts, groups, messages, and files are defined in `docs/mcp-core-tools-contract.md`. Send/file capabilities enter the roadmap through that contract after source discovery, connector selection, preview metadata, execution metadata, and audit records are in place.
|
||||
|
||||
## 9. Real-login UIA capture procedure
|
||||
|
||||
This is a later real-login capture gate. Do not run it unless the operator has explicit approval for the real logged-in UIA capture step.
|
||||
This is a later real-login capture gate used to collect live UI structure for connector work.
|
||||
|
||||
Procedure:
|
||||
|
||||
@@ -182,7 +173,7 @@ Procedure:
|
||||
```
|
||||
|
||||
2. Manually open iSphere / IMPlatformClient.
|
||||
3. Manually log in using the normal company-approved process.
|
||||
3. Manually log in using the normal company login process.
|
||||
4. Keep the main iSphere window visible.
|
||||
5. Use `win_helper_scan_windows` to find the candidate window. Prefer read-only scan arguments such as:
|
||||
|
||||
@@ -201,7 +192,7 @@ Procedure:
|
||||
}
|
||||
```
|
||||
|
||||
7. Save approved evidence under:
|
||||
7. Save selected evidence under:
|
||||
|
||||
```text
|
||||
runs\real-loggedin-lab\uia-dumps\
|
||||
@@ -209,12 +200,8 @@ Procedure:
|
||||
|
||||
8. Review and redact any sensitive content before sharing reports.
|
||||
|
||||
During this procedure, the operator must not click, type, send, upload, download, modify client state, or capture passwords/tokens.
|
||||
|
||||
## 10. If this outer-network environment cannot log in
|
||||
|
||||
Do not run or mark the original current-environment real-login UIA capture gate as passed.
|
||||
|
||||
iSphere is internal-network only. If the current repository environment is outside that network, use two separate routes:
|
||||
|
||||
1. **N12-pre offline evidence** for copied files and static analysis. Follow `docs/offline-evidence-intake-plan.md` and place packages under `runs\offline-evidence-intake\<evidence-id>\`.
|
||||
@@ -242,8 +229,6 @@ powershell -NoProfile -ExecutionPolicy Bypass -File .\scripts\validate-n12r-retu
|
||||
|
||||
Keep the validation report outside `$captureRoot`; the returned package is evidence input and should remain unchanged.
|
||||
|
||||
Neither offline evidence nor N12R authorizes automatic login, search contacts, open conversation, send message, send file, receive file, injection, hook, memory reading, credential extraction, or endpoint-security bypass behavior.
|
||||
|
||||
## 11. Troubleshooting
|
||||
|
||||
- If C# helper build fails, run `scripts\build-win-helper.ps1` directly and check for missing .NET Framework reference assemblies.
|
||||
|
||||
Reference in New Issue
Block a user