docs: harden login reachability schema

This commit is contained in:
zhaoyilun
2026-07-12 12:45:58 +08:00
parent 7718e2dd34
commit eeb59db9be
5 changed files with 148 additions and 38 deletions

View File

@@ -10,6 +10,28 @@
--- ---
## 2026-07-12 Current Next Node Correction
当前下一节点不再是泛化的 `N12-pre` 离线证据整理,也不是 A-route/RPA UI 演示。A-route/RPA 只保留为备选;主线继续走 B-route也就是面向登录态客户端的 `in_process_adapter_research` / `in_process_contract`
**当前主线节点B-route 登录可达性 schema/probe package。**
本节点的目标是在 2026-07-13 可登录环境执行前,把验证口径一次性补齐,避免明天反复采证。活动产物:
- `docs/source-discovery/2026-07-12-login-reachability-validation-items.md`
- `docs/source-discovery/2026-07-12-send-upload-deep-dive.md`
- `docs/source-discovery/2026-07-12-inprocess-adapter-static-map.md`
- `docs/source-discovery/capability-source-matrix.md`
本节点通过条件:
1. 登录验证清单包含 P0 项one-shot 测试目标、登录态 server/auth、in-process adapter 可达性、发送前后 sent-record 快照、sent-record 来源、结构化失败原因、消息/文件 ack 关联。
2. `isphere_send_message` 只在 direct/group 目标、`AppContextManager` / `Chat` / `XMPPConnection` 可达、sent-record 内容哈希/ack 关联通过后解除生产阻塞。
3. `isphere_send_file` 只在 `FileUploadPara``IFileTransfer.FileUpload``FileUploadResult.FileID``trans_UploadCompleted(fileId)` / `Chat.sendFileMessage`、文件 sent-record/ack 关联通过后解除生产阻塞。
4. 外部 sidecar 仍是 preview/probe-onlyA-route UIA/RPA 仍是 backup-only。
---
## 1. Node Tree ## 1. Node Tree
```text ```text
@@ -962,16 +984,16 @@ Every node must satisfy these rules:
## 4. Current Next Node ## 4. Current Next Node
Current guidance after N0-N15 remote updates is: Current guidance after the 2026-07-12 offline B-route audit and login-validation schema hardening is:
```text ```text
当前下一步:MCP 核心工具合同冻结 + 只读消息源 discovery + N12-pre 证据包整理 当前下一步:B-route 登录可达性 schema/probe package明天在可登录环境采集一次性证据
``` ```
Immediate next action: Immediate next action:
```text ```text
Use `docs/mcp-core-tools-contract.md` and `docs/mcp-core-business-plan.md` as the active business route. Prioritize `isphere_search_contacts`, `isphere_search_groups`, `isphere_receive_messages`, and `isphere_receive_files`, then move `isphere_send_message` and `isphere_send_file` into Stage D after source discovery and connector verification. Use `docs/source-discovery/2026-07-12-login-reachability-validation-items.md` as the active schema. Build the 2026-07-13 login reachability probe package around one-shot targets, runtime/server/auth state, in-process adapter reachability, before/after sent-record snapshots, structured failure reasons, and message/file ack correlation.
``` ```
N12-pre offline evidence remains pre-gate context. Existing UIA selector/report work is auxiliary evidence and fallback support only; the project core is MCP communication capability for contacts, groups, messages, and files. Business status: contact search, group search, receive messages, and receive file-list remain the stable MCP foundation. `isphere_send_message` and `isphere_send_file` are implemented as preview/contract paths, but production send/file remains blocked until logged-in B-route reachability and sent-record/ack correlation pass. N12-pre/offline evidence remains pre-gate context. Existing UIA selector/report/RPA work is auxiliary evidence and fallback support only; the project core is MCP communication capability for contacts, groups, messages, and files.

View File

@@ -2,56 +2,94 @@
Date: 2026-07-12 Date: 2026-07-12
Purpose: this is the operator-facing checklist for the 2026-07-13 logged-in environment. It is generated from the offline send/upload deep dive and should be used to build the one-shot reachability probe package. Purpose: this is the operator-facing checklist for the 2026-07-13 logged-in environment. It is generated from the offline send/upload deep dive and should be used to build the one-shot reachability probe package. P0 items are blocking; production send remains disabled until all relevant P0 evidence is collected and correlated.
## Operator rules
- Run the probe only after the target iSphere/IMPlatformClient session is visibly logged in.
- Use a pre-agreed direct test JID and optional group test JID; record them in the output JSON.
- Use one-shot test content and one safe small test file; record SHA256 hashes, not raw sensitive content.
- Capture before/after sent-record snapshots around the one-shot send/upload test.
- Do not mark production ready unless ack/sent-record correlation is machine-verifiable.
## P0 items ## P0 items
### Define one-shot test targets and operator confirmation
- Category: test_rule
- Evidence to capture: direct JID, optional group JID, self-send/sandbox-account flag, operator confirmation, one-send-only flag, test content/file hash seed
- Unlocks: reliable ack and sent-record correlation
### Capture before/after sent-record snapshots
- Category: snapshot
- Evidence to capture: before count/last summary, after count/last summary, target ref, content hash or file hash, timestamp window
- Unlocks: machine-verifiable send result
### Identify sent-record and ack source paths
- Category: sent_record_source
- Evidence to capture: MessageCenter::OnMessageSended availability, PacketReader/SaveToDB/MsgLib source availability, MCP audit ref, ack/ref id if present
- Unlocks: production gate evidence
### Confirm in-process adapter reachability mode
- Category: adapter_reachability
- Evidence to capture: process bitness, CLR/.NET version, user/session id, loaded managed assemblies, same-process/managed-harness/injection requirement, stop-condition reason if blocked
- Unlocks: B-route implementation decision
### Confirm logged-in IMPlatformClient.exe process and loaded assemblies ### Confirm logged-in IMPlatformClient.exe process and loaded assemblies
- Category: runtime - Category: runtime
- Evidence to capture: process id, module list, loaded managed assemblies - Evidence to capture: process id, module list, loaded managed assemblies, login/user presence without leaking credentials
- Unlocks: all B-route adapter tests - Unlocks: all B-route adapter tests
### Confirm AppContextManager/IAppContextManager reachability ### Confirm AppContextManager/IAppContextManager reachability
- Category: runtime - Category: runtime
- Evidence to capture: type visible, instance path, SendTxtMessageByJid callable shape - Evidence to capture: type visible, instance path, SendTxtMessageByJid callable shape, direct/group chat type mapping
- Unlocks: text send high-level path - Unlocks: text send high-level path
### Confirm Chat/XMPPConnection authenticated state ### Confirm Chat/XMPPConnection authenticated state
- Category: runtime - Category: runtime
- Evidence to capture: Chat instance, XMPPConnection state, target JID mapping - Evidence to capture: Chat instance, XMPPConnection state, target JID mapping, group ChatRoom branch if target is group
- Unlocks: text and file message finalization - Unlocks: text and file message finalization
### Capture FileUploadPara required values without leaking token ### Capture FileUploadPara required values without leaking token
- Category: file_upload - Category: file_upload
- Evidence to capture: host, port, domain, local path presence, IsImg/IsPublic, token-present boolean/hash only - Evidence to capture: host, port, domain, local path presence, IsImg/IsPublic, token-present boolean/hash only, timeout/cache flags if visible
- Unlocks: upload_file probe - Unlocks: upload_file probe
### Confirm IFileTransfer/FileTransfer.FileUpload reachability ### Confirm IFileTransfer/FileTransfer.FileUpload reachability
- Category: file_upload - Category: file_upload
- Evidence to capture: service instance or constructor path, method signature, safe call readiness - Evidence to capture: service instance or constructor path, method signature, safe call readiness, HTTP status/failure channel mapping
- Unlocks: file upload - Unlocks: file upload
### Confirm FileUploadResult.FileID after safe test upload ### Confirm FileUploadResult.FileID after safe test upload
- Category: file_upload_result - Category: file_upload_result
- Evidence to capture: FileID present, size/name or URL/remote folder metadata, failure code if upload fails - Evidence to capture: FileID present, size/name or URL/remote folder metadata, HTTP status, service error code/message if upload fails
- Unlocks: send_file_message - Unlocks: send_file_message
### Confirm trans_UploadCompleted/SendFileMessage consumes FileID ### Confirm trans_UploadCompleted/SendFileMessage consumes FileID
- Category: send_file_message - Category: send_file_message
- Evidence to capture: FileID enters payload, Chat.sendFileMessage invoked, sent file record/ack - Evidence to capture: FileID enters payload, Chat.sendFileMessage invoked, sent file record/ack, failure reason if target/permission blocks
- Unlocks: production file send - Unlocks: production file send
### Capture structured failure reasons for every probe step
- Category: failure_reason
- Evidence to capture: step name, exception type, error code, message, offline/permission/target-not-found/token/file-size/file-type/network-timeout classification
- Unlocks: actionable next decision when probe fails
### Correlate sent record/ack with content hash or file hash ### Correlate sent record/ack with content hash or file hash
- Category: ack - Category: ack
- Evidence to capture: sent record timestamp, target ref, body/file metadata hash, ack/ref id - Evidence to capture: sent record source, timestamp, target ref, body/file metadata hash, ack/ref id, before/after snapshot diff
- Unlocks: production gate - Unlocks: production gate
## P1 items ## P1 items
@@ -59,7 +97,7 @@ Purpose: this is the operator-facing checklist for the 2026-07-13 logged-in envi
### Confirm group ChatRoom branch and permissions ### Confirm group ChatRoom branch and permissions
- Category: group - Category: group
- Evidence to capture: ChatRoom type, speech/upload permission state, group JID - Evidence to capture: ChatRoom type, speech/upload permission state, group JID, mute/permission failure reason
- Unlocks: group send/file send - Unlocks: group send/file send
### If B-route reachability fails, capture A-route UI evidence ### If B-route reachability fails, capture A-route UI evidence
@@ -68,8 +106,24 @@ Purpose: this is the operator-facing checklist for the 2026-07-13 logged-in envi
- Evidence to capture: window hwnd, rtbSendMessage, btnSend, screenshots, failure reason - Evidence to capture: window hwnd, rtbSendMessage, btnSend, screenshots, failure reason
- Unlocks: demo fallback only - Unlocks: demo fallback only
## Required output schema
Every probe run should emit JSON with these top-level sections:
- `run`: timestamp, machine, operator confirmation, one-shot flags.
- `targets`: direct JID, optional group JID, target type, source of target selection.
- `runtime`: process id, bitness, CLR/.NET version, user/session, loaded assemblies.
- `reachability`: AppContextManager, MessageScheduling, Chat, XMPPConnection, IFileTransfer, FileUploadPara, FileUploadResult, Chat.sendFileMessage.
- `server_auth`: host, port, domain, token_present, token_hash_prefix only, accessToken/clientId presence when visible.
- `snapshots`: before/after counts and last-record summaries for sent-record sources.
- `attempts`: probe-only, optional one-shot text, optional safe upload, optional file-message finalization.
- `failures`: structured failure code, exception type, message, classification, next action.
- `correlation`: content/file hash match, target match, timestamp window, ack/ref id.
## Pass criteria ## Pass criteria
- Text send can move forward when logged-in runtime exposes AppContextManager or MessageScheduling plus Chat/XMPPConnection and sent-record/ack correlation is possible. - Text send can move forward when logged-in runtime exposes AppContextManager or MessageScheduling plus Chat/XMPPConnection and sent-record/ack correlation is possible.
- File send can move forward when logged-in runtime exposes IFileTransfer/FileUpload, FileUploadPara values, FileUploadResult.FileID, and Chat.sendFileMessage finalization evidence. - File send can move forward when logged-in runtime exposes IFileTransfer/FileUpload, FileUploadPara values, FileUploadResult.FileID, and Chat.sendFileMessage finalization evidence.
- Production remains blocked if any P0 item is missing or only static evidence is available. - Production remains blocked if any P0 item is missing, if failure reasons are unstructured, or if only static evidence is available.
- Text production can move forward only when one-shot target, before/after snapshot, sent-record source, and content-hash/ack correlation all pass.
- File production can move forward only when FileUploadPara values, IFileTransfer reachability, FileUploadResult.FileID, file-message finalization, and file sent-record/ack correlation all pass.

View File

@@ -46,15 +46,20 @@ Offline deep dive confirms the remaining work is not generic sending code. The b
| Priority | Category | Validation item | Evidence to capture | Unlocks | | Priority | Category | Validation item | Evidence to capture | Unlocks |
| --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- |
| P0 | runtime | Confirm logged-in IMPlatformClient.exe process and loaded assemblies | process id, module list, loaded managed assemblies | all B-route adapter tests | | P0 | test_rule | Define one-shot test targets and operator confirmation | direct JID, optional group JID, self-send/sandbox-account flag, operator confirmation, one-send-only flag, test content/file hash seed | reliable ack and sent-record correlation |
| P0 | runtime | Confirm AppContextManager/IAppContextManager reachability | type visible, instance path, SendTxtMessageByJid callable shape | text send high-level path | | P0 | snapshot | Capture before/after sent-record snapshots | before count/last summary, after count/last summary, target ref, content hash or file hash, timestamp window | machine-verifiable send result |
| P0 | runtime | Confirm Chat/XMPPConnection authenticated state | Chat instance, XMPPConnection state, target JID mapping | text and file message finalization | | P0 | sent_record_source | Identify sent-record and ack source paths | MessageCenter::OnMessageSended availability, PacketReader/SaveToDB/MsgLib source availability, MCP audit ref, ack/ref id if present | production gate evidence |
| P0 | file_upload | Capture FileUploadPara required values without leaking token | host, port, domain, local path presence, IsImg/IsPublic, token-present boolean/hash only | upload_file probe | | P0 | adapter_reachability | Confirm in-process adapter reachability mode | process bitness, CLR/.NET version, user/session id, loaded managed assemblies, same-process/managed-harness/injection requirement, stop-condition reason if blocked | B-route implementation decision |
| P0 | file_upload | Confirm IFileTransfer/FileTransfer.FileUpload reachability | service instance or constructor path, method signature, safe call readiness | file upload | | P0 | runtime | Confirm logged-in IMPlatformClient.exe process and loaded assemblies | process id, module list, loaded managed assemblies, login/user presence without leaking credentials | all B-route adapter tests |
| P0 | file_upload_result | Confirm FileUploadResult.FileID after safe test upload | FileID present, size/name or URL/remote folder metadata, failure code if upload fails | send_file_message | | P0 | runtime | Confirm AppContextManager/IAppContextManager reachability | type visible, instance path, SendTxtMessageByJid callable shape, direct/group chat type mapping | text send high-level path |
| P0 | send_file_message | Confirm trans_UploadCompleted/SendFileMessage consumes FileID | FileID enters payload, Chat.sendFileMessage invoked, sent file record/ack | production file send | | P0 | runtime | Confirm Chat/XMPPConnection authenticated state | Chat instance, XMPPConnection state, target JID mapping, group ChatRoom branch if target is group | text and file message finalization |
| P0 | ack | Correlate sent record/ack with content hash or file hash | sent record timestamp, target ref, body/file metadata hash, ack/ref id | production gate | | P0 | file_upload | Capture FileUploadPara required values without leaking token | host, port, domain, local path presence, IsImg/IsPublic, token-present boolean/hash only, timeout/cache flags if visible | upload_file probe |
| P1 | group | Confirm group ChatRoom branch and permissions | ChatRoom type, speech/upload permission state, group JID | group send/file send | | P0 | file_upload | Confirm IFileTransfer/FileTransfer.FileUpload reachability | service instance or constructor path, method signature, safe call readiness, HTTP status/failure channel mapping | file upload |
| P0 | file_upload_result | Confirm FileUploadResult.FileID after safe test upload | FileID present, size/name or URL/remote folder metadata, HTTP status, service error code/message if upload fails | send_file_message |
| P0 | send_file_message | Confirm trans_UploadCompleted/SendFileMessage consumes FileID | FileID enters payload, Chat.sendFileMessage invoked, sent file record/ack, failure reason if target/permission blocks | production file send |
| P0 | failure_reason | Capture structured failure reasons for every probe step | step name, exception type, error code, message, offline/permission/target-not-found/token/file-size/file-type/network-timeout classification | actionable next decision when probe fails |
| P0 | ack | Correlate sent record/ack with content hash or file hash | sent record source, timestamp, target ref, body/file metadata hash, ack/ref id, before/after snapshot diff | production gate |
| P1 | group | Confirm group ChatRoom branch and permissions | ChatRoom type, speech/upload permission state, group JID, mute/permission failure reason | group send/file send |
| P1 | fallback | If B-route reachability fails, capture A-route UI evidence | window hwnd, rtbSendMessage, btnSend, screenshots, failure reason | demo fallback only | | P1 | fallback | If B-route reachability fails, capture A-route UI evidence | window hwnd, rtbSendMessage, btnSend, screenshots, failure reason | demo fallback only |
## Evidence by item ## Evidence by item

View File

@@ -45,8 +45,8 @@ Route rule: UIA helper / A-route / RPA is a backup route only. It can preserve d
| `isphere_search_contacts` | bare sender/receiver JIDs extracted from normalized log-backed messages loaded from configured PacketReader file or directory source | validated copied `MsgLib.db` tables: `TD_Roster`, `TD_CustomEffigy`, `tblRecent`, `tblChatLevel`, `tblPersonMsg`; decrypted roster/contact stanzas from `Smark.SendReceive`; UIA helper source if display names are still missing | `docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md`; `internal/isphere/contacts_test.go`; `internal/tools/isphere_contacts_test.go` | C34 documents optional MsgLib contact display enrichment; R2 adds deterministic exact-match-first ranking, case-insensitive de-duplication across log/MsgLib candidates, and preserves `source`/`raw_ref` | core contact search complete; optional richer fields later | | `isphere_search_contacts` | bare sender/receiver JIDs extracted from normalized log-backed messages loaded from configured PacketReader file or directory source | validated copied `MsgLib.db` tables: `TD_Roster`, `TD_CustomEffigy`, `tblRecent`, `tblChatLevel`, `tblPersonMsg`; decrypted roster/contact stanzas from `Smark.SendReceive`; UIA helper source if display names are still missing | `docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md`; `internal/isphere/contacts_test.go`; `internal/tools/isphere_contacts_test.go` | C34 documents optional MsgLib contact display enrichment; R2 adds deterministic exact-match-first ranking, case-insensitive de-duplication across log/MsgLib candidates, and preserves `source`/`raw_ref` | core contact search complete; optional richer fields later |
| `isphere_search_groups` | decrypted `PacketReader.ProcessPacket` `type="groupchat"` stanzas and conference/MUC JIDs loaded from configured PacketReader file or directory source | validated copied `MsgLib.db` tables: `tblMsgGroupPersonMsg`, `TD_WorkGroupAuth`, `tblRecent`; UIA helper source if group display names are still missing | `docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md`; `internal/isphere/groups_test.go`; `internal/tools/isphere_groups_test.go`; C9 ignored-log scan: PacketReader 86 groupchat/86 conference hits; Smark 24 groupchat/658 conference/631 muc hits | C34 documents optional MsgLib group display enrichment; R2 adds deterministic exact-match-first ranking, case-insensitive de-duplication across log/MsgLib candidates, and preserves `source`/`raw_ref` | core group search complete; optional member/owner hierarchy later | | `isphere_search_groups` | decrypted `PacketReader.ProcessPacket` `type="groupchat"` stanzas and conference/MUC JIDs loaded from configured PacketReader file or directory source | validated copied `MsgLib.db` tables: `tblMsgGroupPersonMsg`, `TD_WorkGroupAuth`, `tblRecent`; UIA helper source if group display names are still missing | `docs/source-discovery/2026-07-10-msglib-readonly-schema-extraction.md`; `internal/isphere/groups_test.go`; `internal/tools/isphere_groups_test.go`; C9 ignored-log scan: PacketReader 86 groupchat/86 conference hits; Smark 24 groupchat/658 conference/631 muc hits | C34 documents optional MsgLib group display enrichment; R2 adds deterministic exact-match-first ranking, case-insensitive de-duplication across log/MsgLib candidates, and preserves `source`/`raw_ref` | core group search complete; optional member/owner hierarchy later |
| `isphere_receive_files` | decrypted `PacketReader.ProcessPacket` file-transfer message stanzas via `internal/isphere.ListFilesFromMessages` and `isphere_receive_files` list mode; configured PacketReader file or directory source; `zyl\importal\<hash>` cache entries remain unlinked | MsgLib `TD_ReceiveFileRecord` safe metadata through explicit copied-DB path; decrypted `Smark.SendReceive` and `SaveToDB` traces for file-reference reconciliation; future UIA/client connector for download | `docs/source-discovery/2026-07-09-n12-pre-zyl-schema-notes.md#c12-file-transfer-evidence-precheck`; `docs/source-discovery/2026-07-10-file-download-mapping-precheck.md`; `docs/source-discovery/2026-07-10-file-cache-mapping-diagnostic.md`; `docs/source-discovery/2026-07-10-file-download-mapping-v2.md`; `docs/reports/2026-07-10-business-goals-smoke.md` | C22 verifies safe file-list contract args; R10 proves resolver scoring with fixture accepted matches; R11 adds structured download preview with `blocked`/`planned` status and side-effect flags false; R13/R14 confirms list is ready but real download is still blocked. | blocked for real download pending accepted real cache mapping and copy gate; list mode is complete | | `isphere_receive_files` | decrypted `PacketReader.ProcessPacket` file-transfer message stanzas via `internal/isphere.ListFilesFromMessages` and `isphere_receive_files` list mode; configured PacketReader file or directory source; `zyl\importal\<hash>` cache entries remain unlinked | MsgLib `TD_ReceiveFileRecord` safe metadata through explicit copied-DB path; decrypted `Smark.SendReceive` and `SaveToDB` traces for file-reference reconciliation; future UIA/client connector for download | `docs/source-discovery/2026-07-09-n12-pre-zyl-schema-notes.md#c12-file-transfer-evidence-precheck`; `docs/source-discovery/2026-07-10-file-download-mapping-precheck.md`; `docs/source-discovery/2026-07-10-file-cache-mapping-diagnostic.md`; `docs/source-discovery/2026-07-10-file-download-mapping-v2.md`; `docs/reports/2026-07-10-business-goals-smoke.md` | C22 verifies safe file-list contract args; R10 proves resolver scoring with fixture accepted matches; R11 adds structured download preview with `blocked`/`planned` status and side-effect flags false; R13/R14 confirms list is ready but real download is still blocked. | blocked for real download pending accepted real cache mapping and copy gate; list mode is complete |
| `isphere_send_message` | B-route selected: `in_process_adapter_research` after offline reverse. Static call path is confirmed through `AppContextManager.SendTxtMessageByJid(...)`, `MessageScheduling.SendChatMessage(...)`, `Chat.SendMessage`, and `XMPPConnection.send`, but no existing IPC/plugin/local HTTP send bridge is confirmed; default MCP tool still exposes preview/dry-run unless an explicit connector mode is configured | A-route fallback is now implemented for UI action: `ISPHERE_SEND_CONNECTOR_MODE=uia_rpa` calls WinHelper `uia_send_message` against a configured HWND, writes `rtbSendMessage`, and clicks `btnSend`; this stays backup-only and network/protocol replay remains deferred | `docs/source-discovery/2026-07-10-send-message-source-precheck.md`; `docs/source-discovery/2026-07-10-send-message-connector-selection.md`; `docs/source-discovery/2026-07-10-send-sidecar-b-first-plan.md`; `docs/source-discovery/2026-07-10-returned-live-probe-analysis.md`; `docs/source-discovery/2026-07-10-send-connector-preflight.md`; `docs/source-discovery/2026-07-10-send-sandbox-gate.md`; `docs/source-discovery/2026-07-10-returned-send-sandbox-analysis.md`; `docs/source-discovery/2026-07-10-returned-send-sandbox-analysis-v2.md`; `docs/source-discovery/2026-07-10-returned-send-sent-record-diagnostic.md`; `docs/source-discovery/2026-07-11-a-route-uia-send.md`; `docs/source-discovery/2026-07-11-a-route-open-real-chat-window.md`; `docs/source-discovery/2026-07-12-broute-text-send-static-map.md`; `docs/source-discovery/2026-07-12-broute-bridge-static-map.md`; `docs/source-discovery/2026-07-12-offline-broute-reverse-decision.md`; `docs/source-discovery/2026-07-12-inprocess-adapter-static-map.md`; `docs/source-discovery/2026-07-12-send-upload-deep-dive.md`; `docs/source-discovery/2026-07-12-login-reachability-validation-items.md`; `internal/tools/isphere_send_message_test.go`; `cmd/isphere-capability-smoke/main.go`; `docs/reports/2026-07-10-business-goals-smoke.md` | R6f-R6l define connector contract, audit/idempotency replay, production gate, B-route shell, strict-v2 package, and explicit production closure. R10a validates two returned sent-record packages as manual-only evidence. A-route adds local UI action readiness: synthetic window proof plus real offline `frmP2PChat` open/write/click target proof. Offline B-route reverse confirms the send call path but rejects existing IPC/plugin-first for this evidence set; business delivery is still not verified because local runtime is offline and no success/ack or sent-record hash evidence has passed. | B-route now exposes only the `in_process_contract` connector mode for request-shape/audit validation; next work is the 2026-07-13 login reachability probe covering AppContextManager/IAppContextManager, Chat/XMPPConnection, target JID mapping, and sent-record/content-hash/ack correlation; keep external sidecar preview/probe-only and A-route UI action backup-only; production remains blocked until those P0 items pass | | `isphere_send_message` | B-route selected: `in_process_adapter_research` after offline reverse. Static call path is confirmed through `AppContextManager.SendTxtMessageByJid(...)`, `MessageScheduling.SendChatMessage(...)`, `Chat.SendMessage`, and `XMPPConnection.send`, but no existing IPC/plugin/local HTTP send bridge is confirmed; default MCP tool still exposes preview/dry-run unless an explicit connector mode is configured | A-route fallback is now implemented for UI action: `ISPHERE_SEND_CONNECTOR_MODE=uia_rpa` calls WinHelper `uia_send_message` against a configured HWND, writes `rtbSendMessage`, and clicks `btnSend`; this stays backup-only and network/protocol replay remains deferred | `docs/source-discovery/2026-07-10-send-message-source-precheck.md`; `docs/source-discovery/2026-07-10-send-message-connector-selection.md`; `docs/source-discovery/2026-07-10-send-sidecar-b-first-plan.md`; `docs/source-discovery/2026-07-10-returned-live-probe-analysis.md`; `docs/source-discovery/2026-07-10-send-connector-preflight.md`; `docs/source-discovery/2026-07-10-send-sandbox-gate.md`; `docs/source-discovery/2026-07-10-returned-send-sandbox-analysis.md`; `docs/source-discovery/2026-07-10-returned-send-sandbox-analysis-v2.md`; `docs/source-discovery/2026-07-10-returned-send-sent-record-diagnostic.md`; `docs/source-discovery/2026-07-11-a-route-uia-send.md`; `docs/source-discovery/2026-07-11-a-route-open-real-chat-window.md`; `docs/source-discovery/2026-07-12-broute-text-send-static-map.md`; `docs/source-discovery/2026-07-12-broute-bridge-static-map.md`; `docs/source-discovery/2026-07-12-offline-broute-reverse-decision.md`; `docs/source-discovery/2026-07-12-inprocess-adapter-static-map.md`; `docs/source-discovery/2026-07-12-send-upload-deep-dive.md`; `docs/source-discovery/2026-07-12-login-reachability-validation-items.md`; `internal/tools/isphere_send_message_test.go`; `cmd/isphere-capability-smoke/main.go`; `docs/reports/2026-07-10-business-goals-smoke.md` | R6f-R6l define connector contract, audit/idempotency replay, production gate, B-route shell, strict-v2 package, and explicit production closure. R10a validates two returned sent-record packages as manual-only evidence. A-route adds local UI action readiness: synthetic window proof plus real offline `frmP2PChat` open/write/click target proof. Offline B-route reverse confirms the send call path but rejects existing IPC/plugin-first for this evidence set; business delivery is still not verified because local runtime is offline and no success/ack or sent-record hash evidence has passed. | B-route now exposes only the `in_process_contract` connector mode for request-shape/audit validation; next work is the 2026-07-13 login reachability probe using `docs/source-discovery/2026-07-12-login-reachability-validation-items.md` as the active schema: one-shot direct/group target rule, AppContextManager/IAppContextManager and Chat/XMPPConnection reachability, in-process adapter reachability mode, before/after sent-record snapshots, sent-record source identification, structured failure reasons, and content-hash/ack correlation; keep external sidecar preview/probe-only and A-route UI action backup-only; production remains blocked until those P0 items pass |
| `isphere_send_file` | B-route selected after offline reverse: managed file send is upload-first through `OffLineFileSend.sendFile()`, `FileUploadPara`, `IMPP.Service*.dll` `IFileTransfer.FileUpload(...)`, then chat file-message finalization through `trans_UploadCompleted(fileId)`, `MessageScheduling.SendFileMessage`, and `Chat.sendFileMessage(...)`; current MCP tool exposes preview/dry-run only | A-route file fallback is not implemented yet; real offline UIA dump did not expose stable `btnSendFile`, so the fallback slice remains toolbar/menu locator discovery; native `TcpFileTransfer.dll` is not the first B-route bridge because managed upload/message flow is now mapped | `docs/source-discovery/2026-07-10-send-message-source-precheck.md`; `docs/source-discovery/2026-07-10-send-message-connector-selection.md`; `docs/source-discovery/2026-07-10-send-sidecar-b-first-plan.md`; `docs/source-discovery/2026-07-10-returned-live-probe-analysis.md`; `docs/source-discovery/2026-07-10-send-connector-preflight.md`; `docs/source-discovery/2026-07-10-send-file-sandbox-gate.md`; `docs/source-discovery/2026-07-11-a-route-open-real-chat-window.md`; `docs/source-discovery/2026-07-12-broute-file-send-static-map.md`; `docs/source-discovery/2026-07-12-broute-bridge-static-map.md`; `docs/source-discovery/2026-07-12-offline-broute-reverse-decision.md`; `docs/source-discovery/2026-07-12-inprocess-adapter-static-map.md`; `docs/source-discovery/2026-07-12-send-upload-deep-dive.md`; `docs/source-discovery/2026-07-12-login-reachability-validation-items.md`; `internal/tools/isphere_files_test.go`; `docs/reports/2026-07-10-business-goals-smoke.md` | R7 registers send-file preview as the tenth MCP tool; R8 adds audit/idempotency duplicate/conflict hardening without raw file paths/content; R9 builds and verifies the online send-file evidence package; R13/R14 confirms preview is ready and production upload remains blocked. Offline B-route reverse confirms upload-first/file-message-second and shows file id/auth/runtime reachability are the blockers. A-route real-window work confirms file-button automation still needs a separate locator node. | blocked until the login reachability probe proves `FileUploadPara` host/port/domain/local path/token presence, logged-in access to `IFileTransfer.FileUpload`, returned `FileUploadResult.FileID`, and `Chat.sendFileMessage` finalization; production file upload/send remains blocked until online upload plus sent-record/ack evidence exists; A-route locator remains backup-only | | `isphere_send_file` | B-route selected after offline reverse: managed file send is upload-first through `OffLineFileSend.sendFile()`, `FileUploadPara`, `IMPP.Service*.dll` `IFileTransfer.FileUpload(...)`, then chat file-message finalization through `trans_UploadCompleted(fileId)`, `MessageScheduling.SendFileMessage`, and `Chat.sendFileMessage(...)`; current MCP tool exposes preview/dry-run only | A-route file fallback is not implemented yet; real offline UIA dump did not expose stable `btnSendFile`, so the fallback slice remains toolbar/menu locator discovery; native `TcpFileTransfer.dll` is not the first B-route bridge because managed upload/message flow is now mapped | `docs/source-discovery/2026-07-10-send-message-source-precheck.md`; `docs/source-discovery/2026-07-10-send-message-connector-selection.md`; `docs/source-discovery/2026-07-10-send-sidecar-b-first-plan.md`; `docs/source-discovery/2026-07-10-returned-live-probe-analysis.md`; `docs/source-discovery/2026-07-10-send-connector-preflight.md`; `docs/source-discovery/2026-07-10-send-file-sandbox-gate.md`; `docs/source-discovery/2026-07-11-a-route-open-real-chat-window.md`; `docs/source-discovery/2026-07-12-broute-file-send-static-map.md`; `docs/source-discovery/2026-07-12-broute-bridge-static-map.md`; `docs/source-discovery/2026-07-12-offline-broute-reverse-decision.md`; `docs/source-discovery/2026-07-12-inprocess-adapter-static-map.md`; `docs/source-discovery/2026-07-12-send-upload-deep-dive.md`; `docs/source-discovery/2026-07-12-login-reachability-validation-items.md`; `internal/tools/isphere_files_test.go`; `docs/reports/2026-07-10-business-goals-smoke.md` | R7 registers send-file preview as the tenth MCP tool; R8 adds audit/idempotency duplicate/conflict hardening without raw file paths/content; R9 builds and verifies the online send-file evidence package; R13/R14 confirms preview is ready and production upload remains blocked. Offline B-route reverse confirms upload-first/file-message-second and shows file id/auth/runtime reachability are the blockers. A-route real-window work confirms file-button automation still needs a separate locator node. | blocked until the login reachability probe proves `FileUploadPara` host/port/domain/local path/token presence or hash-only token evidence, logged-in access to `IFileTransfer.FileUpload`, returned `FileUploadResult.FileID`, `trans_UploadCompleted(fileId)` / `Chat.sendFileMessage` finalization, structured failure reasons, before/after sent-record snapshots, and file hash/ack correlation; production file upload/send remains blocked until online upload plus sent-record/ack evidence exists; A-route locator remains backup-only |
## Stage C entry rule ## Stage C entry rule
@@ -63,4 +63,4 @@ Start Stage C with a narrow log-backed `isphere_receive_messages` source abstrac
## Deferred source work ## Deferred source work
`MsgLib.db` has a validated copied read-only open path through the bundled 32-bit `System.Data.SQLite.dll` and password `123`. C27 adds `MsgLibReadSidecar` as the bounded x86 .NET reader boundary, C28 adds the Go `internal/msglib` process client, C29 adds bounded `display_entities` extraction, C30 wires it as optional contact/group MCP enrichment, C31 proves real copied-DB MCP enrichment with sanitized output, C32 reuses it for receive-message display fields, C33 proves that receive display path through a real copied-DB MCP smoke without printing entity values, C34 documents the operator setup/verification path, C35 maps MsgLib message tables to receive-message contract fields without reading row values, C36 adds metadata-only `message_sources` readiness, C37 defines the bounded DB-backed receive-source design, C38 implements sidecar/Go-wrapper `list_messages` with sanitized verification, C39 adds a Go adapter from MsgLib list results to the receive-message domain model, C40 adds explicit tool-level `msglib_readonly` source selection, C41 wires env-configured explicit MsgLib receive with optional sanitized smoke, R1 documents source reconciliation keys, and R2 hardens contact/group search ranking and de-duplication. R6j/R6k confirm the send-message strict-v2 production gate is still not passed; R10a confirms the returned sent-record packages are manual-only evidence and do not unlock production send; R10/R11 define file-download resolver/preview behavior while keeping real copy blocked; R12 adds receive-source reconciliation without changing default routing; R13/R14 publish business-goals smoke and the release-candidate status. A-route now proves UI write/click readiness against synthetic and real offline chat windows, but not online delivery. The active B-route follow-up is now the login reachability probe path in `docs/source-discovery/2026-07-12-login-reachability-validation-items.md`, generated from `docs/source-discovery/2026-07-12-send-upload-deep-dive.md`: validate logged-in adapter reachability before production send/file work. A-route RPA remains backup-only under `docs/superpowers/plans/2026-07-11-a-route-rpa-send.md`. `MsgLib.db` has a validated copied read-only open path through the bundled 32-bit `System.Data.SQLite.dll` and password `123`. C27 adds `MsgLibReadSidecar` as the bounded x86 .NET reader boundary, C28 adds the Go `internal/msglib` process client, C29 adds bounded `display_entities` extraction, C30 wires it as optional contact/group MCP enrichment, C31 proves real copied-DB MCP enrichment with sanitized output, C32 reuses it for receive-message display fields, C33 proves that receive display path through a real copied-DB MCP smoke without printing entity values, C34 documents the operator setup/verification path, C35 maps MsgLib message tables to receive-message contract fields without reading row values, C36 adds metadata-only `message_sources` readiness, C37 defines the bounded DB-backed receive-source design, C38 implements sidecar/Go-wrapper `list_messages` with sanitized verification, C39 adds a Go adapter from MsgLib list results to the receive-message domain model, C40 adds explicit tool-level `msglib_readonly` source selection, C41 wires env-configured explicit MsgLib receive with optional sanitized smoke, R1 documents source reconciliation keys, and R2 hardens contact/group search ranking and de-duplication. R6j/R6k confirm the send-message strict-v2 production gate is still not passed; R10a confirms the returned sent-record packages are manual-only evidence and do not unlock production send; R10/R11 define file-download resolver/preview behavior while keeping real copy blocked; R12 adds receive-source reconciliation without changing default routing; R13/R14 publish business-goals smoke and the release-candidate status. A-route now proves UI write/click readiness against synthetic and real offline chat windows, but not online delivery. The active B-route follow-up is now the login reachability probe path in `docs/source-discovery/2026-07-12-login-reachability-validation-items.md`, generated from `docs/source-discovery/2026-07-12-send-upload-deep-dive.md`: validate logged-in adapter reachability with one-shot targets, structured failure reasons, before/after sent-record snapshots, in-process adapter reachability mode, and message/file ack correlation before production send/file work. A-route RPA remains backup-only under `docs/superpowers/plans/2026-07-11-a-route-rpa-send.md`.

View File

@@ -224,15 +224,20 @@ $itemResults = foreach ($item in $items) {
} }
$newValidationItems = @( $newValidationItems = @(
[pscustomobject]@{ priority = "P0"; category = "runtime"; item = "Confirm logged-in IMPlatformClient.exe process and loaded assemblies"; evidence = "process id, module list, loaded managed assemblies"; unlocks = "all B-route adapter tests" }, [pscustomobject]@{ priority = "P0"; category = "test_rule"; item = "Define one-shot test targets and operator confirmation"; evidence = "direct JID, optional group JID, self-send/sandbox-account flag, operator confirmation, one-send-only flag, test content/file hash seed"; unlocks = "reliable ack and sent-record correlation" },
[pscustomobject]@{ priority = "P0"; category = "runtime"; item = "Confirm AppContextManager/IAppContextManager reachability"; evidence = "type visible, instance path, SendTxtMessageByJid callable shape"; unlocks = "text send high-level path" }, [pscustomobject]@{ priority = "P0"; category = "snapshot"; item = "Capture before/after sent-record snapshots"; evidence = "before count/last summary, after count/last summary, target ref, content hash or file hash, timestamp window"; unlocks = "machine-verifiable send result" },
[pscustomobject]@{ priority = "P0"; category = "runtime"; item = "Confirm Chat/XMPPConnection authenticated state"; evidence = "Chat instance, XMPPConnection state, target JID mapping"; unlocks = "text and file message finalization" }, [pscustomobject]@{ priority = "P0"; category = "sent_record_source"; item = "Identify sent-record and ack source paths"; evidence = "MessageCenter::OnMessageSended availability, PacketReader/SaveToDB/MsgLib source availability, MCP audit ref, ack/ref id if present"; unlocks = "production gate evidence" },
[pscustomobject]@{ priority = "P0"; category = "file_upload"; item = "Capture FileUploadPara required values without leaking token"; evidence = "host, port, domain, local path presence, IsImg/IsPublic, token-present boolean/hash only"; unlocks = "upload_file probe" }, [pscustomobject]@{ priority = "P0"; category = "adapter_reachability"; item = "Confirm in-process adapter reachability mode"; evidence = "process bitness, CLR/.NET version, user/session id, loaded managed assemblies, same-process/managed-harness/injection requirement, stop-condition reason if blocked"; unlocks = "B-route implementation decision" },
[pscustomobject]@{ priority = "P0"; category = "file_upload"; item = "Confirm IFileTransfer/FileTransfer.FileUpload reachability"; evidence = "service instance or constructor path, method signature, safe call readiness"; unlocks = "file upload" }, [pscustomobject]@{ priority = "P0"; category = "runtime"; item = "Confirm logged-in IMPlatformClient.exe process and loaded assemblies"; evidence = "process id, module list, loaded managed assemblies, login/user presence without leaking credentials"; unlocks = "all B-route adapter tests" },
[pscustomobject]@{ priority = "P0"; category = "file_upload_result"; item = "Confirm FileUploadResult.FileID after safe test upload"; evidence = "FileID present, size/name or URL/remote folder metadata, failure code if upload fails"; unlocks = "send_file_message" }, [pscustomobject]@{ priority = "P0"; category = "runtime"; item = "Confirm AppContextManager/IAppContextManager reachability"; evidence = "type visible, instance path, SendTxtMessageByJid callable shape, direct/group chat type mapping"; unlocks = "text send high-level path" },
[pscustomobject]@{ priority = "P0"; category = "send_file_message"; item = "Confirm trans_UploadCompleted/SendFileMessage consumes FileID"; evidence = "FileID enters payload, Chat.sendFileMessage invoked, sent file record/ack"; unlocks = "production file send" }, [pscustomobject]@{ priority = "P0"; category = "runtime"; item = "Confirm Chat/XMPPConnection authenticated state"; evidence = "Chat instance, XMPPConnection state, target JID mapping, group ChatRoom branch if target is group"; unlocks = "text and file message finalization" },
[pscustomobject]@{ priority = "P0"; category = "ack"; item = "Correlate sent record/ack with content hash or file hash"; evidence = "sent record timestamp, target ref, body/file metadata hash, ack/ref id"; unlocks = "production gate" }, [pscustomobject]@{ priority = "P0"; category = "file_upload"; item = "Capture FileUploadPara required values without leaking token"; evidence = "host, port, domain, local path presence, IsImg/IsPublic, token-present boolean/hash only, timeout/cache flags if visible"; unlocks = "upload_file probe" },
[pscustomobject]@{ priority = "P1"; category = "group"; item = "Confirm group ChatRoom branch and permissions"; evidence = "ChatRoom type, speech/upload permission state, group JID"; unlocks = "group send/file send" }, [pscustomobject]@{ priority = "P0"; category = "file_upload"; item = "Confirm IFileTransfer/FileTransfer.FileUpload reachability"; evidence = "service instance or constructor path, method signature, safe call readiness, HTTP status/failure channel mapping"; unlocks = "file upload" },
[pscustomobject]@{ priority = "P0"; category = "file_upload_result"; item = "Confirm FileUploadResult.FileID after safe test upload"; evidence = "FileID present, size/name or URL/remote folder metadata, HTTP status, service error code/message if upload fails"; unlocks = "send_file_message" },
[pscustomobject]@{ priority = "P0"; category = "send_file_message"; item = "Confirm trans_UploadCompleted/SendFileMessage consumes FileID"; evidence = "FileID enters payload, Chat.sendFileMessage invoked, sent file record/ack, failure reason if target/permission blocks"; unlocks = "production file send" },
[pscustomobject]@{ priority = "P0"; category = "failure_reason"; item = "Capture structured failure reasons for every probe step"; evidence = "step name, exception type, error code, message, offline/permission/target-not-found/token/file-size/file-type/network-timeout classification"; unlocks = "actionable next decision when probe fails" },
[pscustomobject]@{ priority = "P0"; category = "ack"; item = "Correlate sent record/ack with content hash or file hash"; evidence = "sent record source, timestamp, target ref, body/file metadata hash, ack/ref id, before/after snapshot diff"; unlocks = "production gate" },
[pscustomobject]@{ priority = "P1"; category = "group"; item = "Confirm group ChatRoom branch and permissions"; evidence = "ChatRoom type, speech/upload permission state, group JID, mute/permission failure reason"; unlocks = "group send/file send" },
[pscustomobject]@{ priority = "P1"; category = "fallback"; item = "If B-route reachability fails, capture A-route UI evidence"; evidence = "window hwnd, rtbSendMessage, btnSend, screenshots, failure reason"; unlocks = "demo fallback only" } [pscustomobject]@{ priority = "P1"; category = "fallback"; item = "If B-route reachability fails, capture A-route UI evidence"; evidence = "window hwnd, rtbSendMessage, btnSend, screenshots, failure reason"; unlocks = "demo fallback only" }
) )
@@ -332,7 +337,15 @@ $validation.Add("# Login Reachability Validation Items")
$validation.Add("") $validation.Add("")
$validation.Add("Date: 2026-07-12") $validation.Add("Date: 2026-07-12")
$validation.Add("") $validation.Add("")
$validation.Add("Purpose: this is the operator-facing checklist for the 2026-07-13 logged-in environment. It is generated from the offline send/upload deep dive and should be used to build the one-shot reachability probe package.") $validation.Add("Purpose: this is the operator-facing checklist for the 2026-07-13 logged-in environment. It is generated from the offline send/upload deep dive and should be used to build the one-shot reachability probe package. P0 items are blocking; production send remains disabled until all relevant P0 evidence is collected and correlated.")
$validation.Add("")
$validation.Add("## Operator rules")
$validation.Add("")
$validation.Add("- Run the probe only after the target iSphere/IMPlatformClient session is visibly logged in.")
$validation.Add("- Use a pre-agreed direct test JID and optional group test JID; record them in the output JSON.")
$validation.Add("- Use one-shot test content and one safe small test file; record SHA256 hashes, not raw sensitive content.")
$validation.Add("- Capture before/after sent-record snapshots around the one-shot send/upload test.")
$validation.Add("- Do not mark production ready unless ack/sent-record correlation is machine-verifiable.")
$validation.Add("") $validation.Add("")
$validation.Add("## P0 items") $validation.Add("## P0 items")
$validation.Add("") $validation.Add("")
@@ -354,11 +367,27 @@ foreach ($v in $newValidationItems | Where-Object { $_.priority -eq "P1" }) {
$validation.Add("- Unlocks: $($v.unlocks)") $validation.Add("- Unlocks: $($v.unlocks)")
$validation.Add("") $validation.Add("")
} }
$validation.Add("## Required output schema")
$validation.Add("")
$validation.Add("Every probe run should emit JSON with these top-level sections:")
$validation.Add("")
$validation.Add("- ``run``: timestamp, machine, operator confirmation, one-shot flags.")
$validation.Add("- ``targets``: direct JID, optional group JID, target type, source of target selection.")
$validation.Add("- ``runtime``: process id, bitness, CLR/.NET version, user/session, loaded assemblies.")
$validation.Add("- ``reachability``: AppContextManager, MessageScheduling, Chat, XMPPConnection, IFileTransfer, FileUploadPara, FileUploadResult, Chat.sendFileMessage.")
$validation.Add("- ``server_auth``: host, port, domain, token_present, token_hash_prefix only, accessToken/clientId presence when visible.")
$validation.Add("- ``snapshots``: before/after counts and last-record summaries for sent-record sources.")
$validation.Add("- ``attempts``: probe-only, optional one-shot text, optional safe upload, optional file-message finalization.")
$validation.Add("- ``failures``: structured failure code, exception type, message, classification, next action.")
$validation.Add("- ``correlation``: content/file hash match, target match, timestamp window, ack/ref id.")
$validation.Add("")
$validation.Add("## Pass criteria") $validation.Add("## Pass criteria")
$validation.Add("") $validation.Add("")
$validation.Add("- Text send can move forward when logged-in runtime exposes AppContextManager or MessageScheduling plus Chat/XMPPConnection and sent-record/ack correlation is possible.") $validation.Add("- Text send can move forward when logged-in runtime exposes AppContextManager or MessageScheduling plus Chat/XMPPConnection and sent-record/ack correlation is possible.")
$validation.Add("- File send can move forward when logged-in runtime exposes IFileTransfer/FileUpload, FileUploadPara values, FileUploadResult.FileID, and Chat.sendFileMessage finalization evidence.") $validation.Add("- File send can move forward when logged-in runtime exposes IFileTransfer/FileUpload, FileUploadPara values, FileUploadResult.FileID, and Chat.sendFileMessage finalization evidence.")
$validation.Add("- Production remains blocked if any P0 item is missing or only static evidence is available.") $validation.Add("- Production remains blocked if any P0 item is missing, if failure reasons are unstructured, or if only static evidence is available.")
$validation.Add("- Text production can move forward only when one-shot target, before/after snapshot, sent-record source, and content-hash/ack correlation all pass.")
$validation.Add("- File production can move forward only when FileUploadPara values, IFileTransfer reachability, FileUploadResult.FileID, file-message finalization, and file sent-record/ack correlation all pass.")
Write-Utf8NoBomLf $validationFullPath ($validation -join "`n") Write-Utf8NoBomLf $validationFullPath ($validation -join "`n")