Files
isphere-ai-bridge/docs/internal-sandbox-live-capture-plan.md

6.4 KiB

Internal Sandbox Live Capture Plan

1. Purpose

This document replaces the unrealistic assumption that the current outer-network repository environment can log in to iSphere.

iSphere is an internal-network application. The current environment is an outer-network coordination and analysis environment. Therefore, live login and live UI Automation capture must happen in a separate internal-network test sandbox where the operator can manually open and log in to iSphere.

This path is named:

N12R: Internal-sandbox live capture route

N12R is a practical replacement route for collecting live read-only UI evidence from the internal sandbox. It does not mean the original current-environment N12 gate has passed.

2. Environment roles

Environment Role Allowed work
Current outer-network repo environment Coordination, planning, static/offline evidence analysis, report validation Read docs, inspect copied evidence packages, generate reports, validate returned capture packages
Internal-network test sandbox Manual iSphere login and live read-only capture Build/verify helper, manually log in, run only read-only scan/dump capture, package results

3. Current node state

Completed before this plan:

N0-N11    First Go MCP / C# helper phase completed
N12-pre   Offline evidence intake and reports for copied package zyl completed

Original true N12 remains blocked in the current environment because this environment cannot reach or log in to internal iSphere.

New route:

N12R-0  Prepare internal-sandbox runbook and capture package contract
N12R-1  Internal sandbox verifies helper and Go MCP readiness
N12R-2  Operator manually opens and logs in to iSphere in the internal sandbox
N12R-3  Operator performs read-only live window scan and UIA dump
N12R-4  Operator packages redacted live capture outputs
N12R-5  Outer-network environment validates returned package
N12R-6  Review gate: decide whether selector design may start

No node may be skipped. Offline evidence never replaces live capture evidence.

4. Hard boundaries

The internal sandbox route only allows read-only evidence capture.

Allowed operations:

win_helper_version
win_helper_self_check
win_helper_scan_windows
win_helper_dump_uia

Equivalent C# helper operations are also allowed only for capture fallback:

version
self_check
scan_windows
dump_uia

Forbidden operations and designs:

search contacts
open conversation
send message
send file
receive/download file
automatic login
using copied credentials
credential/token/cookie extraction
process injection
hook
memory reading
endpoint-security bypass/evasion
stealth/persistence
modifying the iSphere client
running copied executables from offline evidence packages

The operator must use normal manual login only.

5. N12R package contract

Returned live capture packages should be placed in this repository under:

runs/internal-sandbox-live-capture/<capture-id>/

Recommended package shape:

runs/internal-sandbox-live-capture/<capture-id>/
  metadata/
    source-notes.txt
    os-version.txt
    process-list.txt
    repo-status.txt
    verification-summary.txt
  helper/
    version.json
    self-check.json
  windows/
    scan-windows.json
    selected-window.json
  uia/
    dump-uia-main.json
    dump-uia-main-redacted.json
  notes/
    operator-notes.txt

Optional files:

  helper/
    verify-win-helper-output.txt
  mcp/
    verify-go-mcp-output.txt
    mcp-client-config.txt
  screenshots/
    main-window-redacted.png

Do not include passwords, tokens, cookies, private keys, full message bodies, or unrelated business documents.

6. Required package notes

metadata/source-notes.txt must include:

capture_id: <capture-id>
source_environment: internal-network test sandbox
operator: <name or role>
capture_time_local: <YYYY-MM-DD HH:mm:ss timezone>
iSphere manually logged in: yes
client opened before capture: yes
main window visible: yes
operations used: version, self_check, scan_windows, dump_uia
forbidden actions performed: no
this package is N12R live evidence, not current-environment N12 pass

notes/operator-notes.txt should include:

What client was opened: <iSphere / IMPlatformClient>
How login was performed: manual normal company process
Any MFA/SSO used: yes/no, no secrets included
Selected window reason: <title/process/class/score>
Redactions applied: <brief list>
Any capture problems: <brief list>

7. Acceptance conditions for N12R

N12R package validation passes only if all are true:

  1. Package is under runs/internal-sandbox-live-capture/<capture-id>/.
  2. metadata/source-notes.txt exists and states this came from an internal-network test sandbox.
  3. Notes state iSphere was manually logged in and the main window was visible.
  4. helper/version.json exists and reports ISphereWinHelper.
  5. helper/self-check.json exists and indicates desktop/UIA availability.
  6. windows/scan-windows.json exists and includes an iSphere / IMPlatformClient candidate window.
  7. windows/selected-window.json records the selected candidate window metadata.
  8. uia/dump-uia-main.json exists and contains a UI Automation root tree.
  9. Redacted copy uia/dump-uia-main-redacted.json exists before broad sharing.
  10. No evidence suggests clicking, typing, sending, uploading, downloading, automatic login, injection, hook, memory reading, or bypass behavior.

8. What N12R does not authorize

N12R does not authorize selector implementation or action tools by itself. It only provides live UI structure evidence.

After N12R package validation, the next step is a review gate:

Review whether selector design may start.

Selector design, if approved later, must begin as a separate written plan. It must still avoid message sending, file transfer, automatic login, injection, hook, memory reading, and bypass behavior unless an explicit later plan changes the project boundary.

9. Relationship to existing offline evidence

Existing package:

runs/offline-evidence-intake/zyl/

Existing reports:

runs/offline-evidence-intake-reports/zyl/

Those reports remain useful for:

application inventory
local data discovery
static evidence analysis
MsgLib format hypotheses
timeline and redaction planning

They do not replace N12R live UIA capture. Offline evidence is context only.