feat: validate receive files list args

This commit is contained in:
zhaoyilun
2026-07-10 01:43:11 +08:00
parent b1891dd6cd
commit fce1232f21
7 changed files with 155 additions and 16 deletions

View File

@@ -1816,19 +1816,19 @@ Implemented and verified in this loop:
- Accept empty `output_dir` in list mode; reject non-empty `output_dir` unless/until download mode is implemented to avoid implying files were written.
- Keep mode empty/`list` only; continue rejecting `download`.
- [ ] **Step 1: Write failing file MCP arg tests**
- [x] **Step 1: Write failing file MCP arg tests**
Extend `internal/tools/isphere_files_test.go` with accepted safe args and rejected unsupported source/cursor/output/download cases.
- [ ] **Step 2: Implement file arg validation**
- [x] **Step 2: Implement file arg validation**
Reuse local-readonly source/cursor validation and add output/download list-mode checks.
- [ ] **Step 3: Update verification and docs**
- [x] **Step 3: Update verification and docs**
Update `scripts/verify-go-mcp.ps1`, runbook, status card, matrix, and this plan.
- [ ] **Step 4: Run full verification and commit**
- [x] **Step 4: Run full verification and commit**
Run:
@@ -1843,6 +1843,58 @@ Expected: all exit 0. Remove any generated root `isphere-mcp.exe` after build. C
---
## Loop C22 Result
Implemented and verified in this loop:
- `isphere_receive_files` list mode now accepts safe contract args `cursor`, `source_preference`, `preview`, and `output_dir`.
- It accepts empty/`auto`/`local_readonly` source preference and rejects unsupported connector selections until those sources exist.
- It accepts empty cursor and rejects non-empty cursor until pagination exists.
- It accepts empty `output_dir` in list mode and rejects non-empty `output_dir` to avoid implying a download/write happened.
- It continues to reject `download` mode until message-to-cache/download mapping is validated.
- `scripts/verify-go-mcp.ps1` now exercises file-list safe args in default and configured source smokes.
---
## Loop C23: Contact/group display-name source precheck
**Goal:** Decide whether the current N12-pre evidence contains a safe source for human-readable contact/group display names, because current contact/group tools expose JID-derived identities only.
**Planned files:**
- Modify: `docs/source-discovery/capability-source-matrix.md`
- Modify: `docs/current-status-card.md`
- Modify: `docs/superpowers/plans/2026-07-09-stage-c-log-backed-receive-messages-loop.md`
- Optionally create a focused source-discovery note under `docs/source-discovery/` if evidence is non-trivial.
- Optionally create ignored metadata under `runs/`; do not commit raw logs or user content.
**Planned behavior:**
- Inspect committed schema notes and ignored metadata/log summaries for roster/contact display names, group display names, aliases, departments, or conversation-title fields.
- If evidence is enough, write C24 as a source implementation loop for display-name enrichment.
- If evidence is not enough, keep JID-only behavior explicit and choose the next business-read hardening node.
- Do not add write/send/file-download behavior.
- [ ] **Step 1: Inspect current evidence**
Use committed source-discovery docs first; only inspect ignored local summaries/counts if needed. Do not commit raw evidence.
- [ ] **Step 2: Update matrix/status and next loop**
Record whether display-name enrichment can proceed and rewrite C24 accordingly.
- [ ] **Step 3: Verify and commit docs**
Run:
```powershell
git diff --check
go test ./...
powershell -NoProfile -ExecutionPolicy Bypass -File scripts/verify-go-mcp.ps1
```
Expected: all exit 0. Commit exact C23 paths only and rewrite the next loop from actual results.
---
## Self-Review
- Spec coverage: the plan follows the user's cyclic requirement: plan first, implement one loop at a time, update the next loop after each result, and ask only on blockers.