218 lines
6.4 KiB
Markdown
218 lines
6.4 KiB
Markdown
# Internal Sandbox Live Capture Plan
|
|
|
|
## 1. Purpose
|
|
|
|
This document replaces the unrealistic assumption that the current outer-network repository environment can log in to iSphere.
|
|
|
|
iSphere is an internal-network application. The current environment is an outer-network coordination and analysis environment. Therefore, live login and live UI Automation capture must happen in a separate internal-network test sandbox where the operator can manually open and log in to iSphere.
|
|
|
|
This path is named:
|
|
|
|
```text
|
|
N12R: Internal-sandbox live capture route
|
|
```
|
|
|
|
`N12R` is a practical replacement route for collecting live read-only UI evidence from the internal sandbox. It does not mean the original current-environment N12 gate has passed.
|
|
|
|
## 2. Environment roles
|
|
|
|
| Environment | Role | Allowed work |
|
|
| --- | --- | --- |
|
|
| Current outer-network repo environment | Coordination, planning, static/offline evidence analysis, report validation | Read docs, inspect copied evidence packages, generate reports, validate returned capture packages |
|
|
| Internal-network test sandbox | Manual iSphere login and live read-only capture | Build/verify helper, manually log in, run only read-only scan/dump capture, package results |
|
|
|
|
## 3. Current node state
|
|
|
|
Completed before this plan:
|
|
|
|
```text
|
|
N0-N11 First Go MCP / C# helper phase completed
|
|
N12-pre Offline evidence intake and reports for copied package zyl completed
|
|
```
|
|
|
|
Original true N12 remains blocked in the current environment because this environment cannot reach or log in to internal iSphere.
|
|
|
|
New route:
|
|
|
|
```text
|
|
N12R-0 Prepare internal-sandbox runbook and capture package contract
|
|
N12R-1 Internal sandbox verifies helper and Go MCP readiness
|
|
N12R-2 Operator manually opens and logs in to iSphere in the internal sandbox
|
|
N12R-3 Operator performs read-only live window scan and UIA dump
|
|
N12R-4 Operator packages redacted live capture outputs
|
|
N12R-5 Outer-network environment validates returned package
|
|
N12R-6 Review gate: decide whether selector design may start
|
|
```
|
|
|
|
No node may be skipped. Offline evidence never replaces live capture evidence.
|
|
|
|
## 4. Hard boundaries
|
|
|
|
The internal sandbox route only allows read-only evidence capture.
|
|
|
|
Allowed operations:
|
|
|
|
```text
|
|
win_helper_version
|
|
win_helper_self_check
|
|
win_helper_scan_windows
|
|
win_helper_dump_uia
|
|
```
|
|
|
|
Equivalent C# helper operations are also allowed only for capture fallback:
|
|
|
|
```text
|
|
version
|
|
self_check
|
|
scan_windows
|
|
dump_uia
|
|
```
|
|
|
|
Forbidden operations and designs:
|
|
|
|
```text
|
|
search contacts
|
|
open conversation
|
|
send message
|
|
send file
|
|
receive/download file
|
|
automatic login
|
|
using copied credentials
|
|
credential/token/cookie extraction
|
|
process injection
|
|
hook
|
|
memory reading
|
|
endpoint-security bypass/evasion
|
|
stealth/persistence
|
|
modifying the iSphere client
|
|
running copied executables from offline evidence packages
|
|
```
|
|
|
|
The operator must use normal manual login only.
|
|
|
|
## 5. N12R package contract
|
|
|
|
Returned live capture packages should be placed in this repository under:
|
|
|
|
```text
|
|
runs/internal-sandbox-live-capture/<capture-id>/
|
|
```
|
|
|
|
Recommended package shape:
|
|
|
|
```text
|
|
runs/internal-sandbox-live-capture/<capture-id>/
|
|
metadata/
|
|
source-notes.txt
|
|
os-version.txt
|
|
process-list.txt
|
|
repo-status.txt
|
|
verification-summary.txt
|
|
helper/
|
|
version.json
|
|
self-check.json
|
|
windows/
|
|
scan-windows.json
|
|
selected-window.json
|
|
uia/
|
|
dump-uia-main.json
|
|
dump-uia-main-redacted.json
|
|
notes/
|
|
operator-notes.txt
|
|
```
|
|
|
|
Optional files:
|
|
|
|
```text
|
|
helper/
|
|
verify-win-helper-output.txt
|
|
mcp/
|
|
verify-go-mcp-output.txt
|
|
mcp-client-config.txt
|
|
screenshots/
|
|
main-window-redacted.png
|
|
```
|
|
|
|
Do not include passwords, tokens, cookies, private keys, full message bodies, or unrelated business documents.
|
|
|
|
## 6. Required package notes
|
|
|
|
`metadata/source-notes.txt` must include:
|
|
|
|
```text
|
|
capture_id: <capture-id>
|
|
source_environment: internal-network test sandbox
|
|
operator: <name or role>
|
|
capture_time_local: <YYYY-MM-DD HH:mm:ss timezone>
|
|
iSphere manually logged in: yes
|
|
client opened before capture: yes
|
|
main window visible: yes
|
|
operations used: version, self_check, scan_windows, dump_uia
|
|
forbidden actions performed: no
|
|
this package is N12R live evidence, not current-environment N12 pass
|
|
```
|
|
|
|
`notes/operator-notes.txt` should include:
|
|
|
|
```text
|
|
What client was opened: <iSphere / IMPlatformClient>
|
|
How login was performed: manual normal company process
|
|
Any MFA/SSO used: yes/no, no secrets included
|
|
Selected window reason: <title/process/class/score>
|
|
Redactions applied: <brief list>
|
|
Any capture problems: <brief list>
|
|
```
|
|
|
|
## 7. Acceptance conditions for N12R
|
|
|
|
N12R package validation passes only if all are true:
|
|
|
|
1. Package is under `runs/internal-sandbox-live-capture/<capture-id>/`.
|
|
2. `metadata/source-notes.txt` exists and states this came from an internal-network test sandbox.
|
|
3. Notes state iSphere was manually logged in and the main window was visible.
|
|
4. `helper/version.json` exists and reports `ISphereWinHelper`.
|
|
5. `helper/self-check.json` exists and indicates desktop/UIA availability.
|
|
6. `windows/scan-windows.json` exists and includes an iSphere / IMPlatformClient candidate window.
|
|
7. `windows/selected-window.json` records the selected candidate window metadata.
|
|
8. `uia/dump-uia-main.json` exists and contains a UI Automation root tree.
|
|
9. Redacted copy `uia/dump-uia-main-redacted.json` exists before broad sharing.
|
|
10. No evidence suggests clicking, typing, sending, uploading, downloading, automatic login, injection, hook, memory reading, or bypass behavior.
|
|
|
|
## 8. What N12R does not authorize
|
|
|
|
N12R does not authorize selector implementation or action tools by itself. It only provides live UI structure evidence.
|
|
|
|
After N12R package validation, the next step is a review gate:
|
|
|
|
```text
|
|
Review whether selector design may start.
|
|
```
|
|
|
|
Selector design, if approved later, must begin as a separate written plan. It must still avoid message sending, file transfer, automatic login, injection, hook, memory reading, and bypass behavior unless an explicit later plan changes the project boundary.
|
|
|
|
## 9. Relationship to existing offline evidence
|
|
|
|
Existing package:
|
|
|
|
```text
|
|
runs/offline-evidence-intake/zyl/
|
|
```
|
|
|
|
Existing reports:
|
|
|
|
```text
|
|
runs/offline-evidence-intake-reports/zyl/
|
|
```
|
|
|
|
Those reports remain useful for:
|
|
|
|
```text
|
|
application inventory
|
|
local data discovery
|
|
static evidence analysis
|
|
MsgLib format hypotheses
|
|
timeline and redaction planning
|
|
```
|
|
|
|
They do not replace N12R live UIA capture. Offline evidence is context only.
|