28 KiB
Go MCP Operator Runbook
This runbook is for the first Go MCP phase of isphere-ai-bridge. It lets an operator build and verify the Windows helper and the Go MCP server without reading the source code.
Current scope: expose four WinHelper observation operations, four business read tools, and two preview-only send tools through Go MCP. Read tools are isphere_receive_messages, isphere_search_contacts, isphere_search_groups, and isphere_receive_files list mode. Send tools are isphere_send_message and isphere_send_file preview/dry-run only; production send/file upload is blocked. Read tools use an empty default message source unless ISPHERE_PACKET_LOG_FILE points to an operator-local encrypted PacketReader log-line file or ISPHERE_PACKET_LOG_DIR points to an operator-local directory of encrypted PacketReader .log/.txt files. Contact/group display names can also be optionally enriched from an operator-local copied MsgLib.db through the bounded read-only MsgLibReadSidecar; receive messages can use copied DB rows only when the caller explicitly passes source_preference="msglib_readonly".
1. Prerequisites
Run all commands from the repository root:
cd E:\coding\codex\isphere-ai-bridge
Required local tools:
- Windows PowerShell.
- .NET Framework C# compiler used by
scripts\build-win-helper.ps1. - Go toolchain compatible with this module.
- A normal user desktop session; administrator rights are not required for the first phase.
Python is not required. Python MCP is not part of this path.
2. Build C# helper
The C# helper is the Windows/UI Automation execution layer. Build it with:
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\build-win-helper.ps1
Expected output includes "ok":true and writes:
runs\win-helper\ISphereWinHelper.exe
3. Verify C# helper
Run the helper verification script:
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-win-helper.ps1
Expected output includes "ok":true, helper version 0.4.0, a window scan count, send preflight smoke fields, and a UIA availability value.
4. Build Go MCP
Run tests first:
go test ./...
Build the Go MCP binary:
go build ./cmd/isphere-mcp
This creates the platform default binary in the repository root, for example:
isphere-mcp.exe
If you want a fixed operator path, use an explicit output path instead:
go build -o runs\go-mcp\isphere-mcp.exe ./cmd/isphere-mcp
5. Verify Go MCP
Run the repeatable smoke verification:
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-go-mcp.ps1
Expected final output includes:
{"ok":true}
The verification confirms:
- C# helper can be built.
- Go MCP binary can be built.
- MCP initialize/list/call flow works through the SDK harness.
- Exactly ten tools are exposed: four WinHelper observation tools plus
isphere_receive_messages,isphere_search_contacts,isphere_search_groups,isphere_receive_files, preview-onlyisphere_send_message, and preview-onlyisphere_send_file. win_helper_versionreturnsISphereWinHelper.isphere_receive_messagesis callable and returns an emptymessagesarray from the default empty source.isphere_receive_messagesreturns the contract-facingok,conversation,messages,next_cursor, andauditenvelope, while preserving legacy message aliases such asid,text, andtimestamp.- A synthetic configured-source smoke check proves
ISPHERE_PACKET_LOG_FILEcan driveisphere_receive_messagesend-to-end with one redacted fixture message. - A synthetic configured-directory smoke check proves
ISPHERE_PACKET_LOG_DIRcan driveisphere_receive_messages, contact search, group search, and file-list extraction from a temporary directory fixture. isphere_search_contactsis callable and returns JID-derived contact candidates from the same configured synthetic message fixture; exact ID/display/account matches rank before prefix/substring matches and case-insensitive duplicates are collapsed.isphere_search_groupsis callable and returns JID-derived group candidates from the configured synthetic groupchat fixture; exact ID/display-name matches rank before prefix/substring matches and case-insensitive duplicates are collapsed.isphere_receive_filesis callable in list mode and returns one file metadata candidate from the configured synthetic file-transfer fixture.isphere_send_messageis callable in preview mode and returnssend_status="planned"without raw content in the response; the default runtime still returnsexecution_mode="production"assend_status="blocked"andproduction_send_enabled=false.isphere_send_fileis callable in preview mode whenISPHERE_SEND_FILE_ALLOWED_DIRpoints to the allowed local directory; it returns file SHA256/size metadata only, does not return file content, and keeps production upload blocked withproduction_send_enabled=false.isphere_send_messagealso exposes sandbox-only connector metadata and idempotency state: duplicate reuse of the same key for the same target/content is detectable, while conflicting reuse of the same key for different content/target is blocked.- R6f adds a test-only fake/sandbox connector contract for accepted/failed connector outcomes. This is an injected unit-test boundary only; the production MCP server still registers no real connector and performs no real send.
- Verification uses synthetic/local helper checks and does not load raw N12-pre evidence.
- The deterministic verification path clears MsgLib env variables, so it proves the default no-MsgLib behavior remains stable.
- File download/cache mapping, production message send, and production file upload remain later-stage work.
6. Configure optional message source
By default, isphere_receive_messages is registered but uses an empty source, so it returns:
{"messages":[]}
To point the server at a local encrypted PacketReader log-line file, set:
$env:ISPHERE_PACKET_LOG_FILE = "E:\coding\codex\isphere-ai-bridge\runs\offline-evidence-intake\<evidence-id>\packet-reader-lines.txt"
The file must contain one encrypted Base64 log line per line. Blank lines are ignored. Keep this file under ignored runs/ paths or another operator-local location; do not commit raw logs or decrypted message content.
To point the server at a directory containing multiple local encrypted PacketReader files, set:
$env:ISPHERE_PACKET_LOG_DIR = "E:\coding\codex\isphere-ai-bridge\runs\offline-evidence-intake\<evidence-id>\raw\temp\PacketReader"
The directory loader recursively reads .log and .txt files, sorts paths deterministically, and ignores blank lines. Set only one source variable at a time: if both ISPHERE_PACKET_LOG_FILE and ISPHERE_PACKET_LOG_DIR are set, server startup fails fast as an ambiguous configuration.
Then start the MCP server normally. The command entry point uses ISPHERE_PACKET_LOG_FILE when the file variable is set, otherwise ISPHERE_PACKET_LOG_DIR when the directory variable is set. The repeatable verification script checks three paths: default empty source, a temporary synthetic encrypted fixture file, and a temporary synthetic encrypted fixture directory.
7. Configure optional MsgLib display-name enrichment and explicit DB receive
This is optional. It enriches contact/group display metadata and can also serve isphere_receive_messages from copied MsgLib.db rows when the caller explicitly chooses source_preference="msglib_readonly". It does not turn MsgLib.db into the default message source: empty or auto source preference still uses the PacketReader/log-backed source.
Build the bounded x86 sidecar first:
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\build-msglib-sidecar.ps1
Then configure all three MsgLib variables before starting the MCP server:
$env:ISPHERE_MSGLIB_SIDECAR_EXE = "E:\coding\codex\isphere-ai-bridge\runs\msglib-sidecar\MsgLibReadSidecar.exe"
$env:ISPHERE_MSGLIB_SQLITE_DLL = "<path-to-copied-System.Data.SQLite.dll>"
$env:ISPHERE_MSGLIB_DB = "<path-to-copied-MsgLib.db>"
Optional password override:
$env:ISPHERE_MSGLIB_PASSWORD = "123"
Rules:
- Set all of
ISPHERE_MSGLIB_SIDECAR_EXE,ISPHERE_MSGLIB_SQLITE_DLL, andISPHERE_MSGLIB_DB, or set none of them. Partial MsgLib config fails server startup. - Keep copied DB/provider files under ignored
runs/paths or another operator-local location. Do not commit them. MsgLibReadSidecaris read-only and bounded to schema/display/message-list operations. It does not send messages, download files, mutate DB rows, log in, hook processes, or return raw rows.source_preference="msglib_readonly"is required to read messages from copiedMsgLib.db;autoand empty source preference remain PacketReader/log-backed.- Standard
scripts\verify-go-mcp.ps1intentionally clears MsgLib variables to keep the default smoke deterministic.
Verify the optional provider path:
$env:ISPHERE_MSGLIB_SQLITE_DLL = "<path-to-copied-System.Data.SQLite.dll>"
$env:ISPHERE_MSGLIB_DB = "<path-to-copied-MsgLib.db>"
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-msglib-sidecar.ps1
Expected provider evidence contains provider_checked=true, a display_source_count, and sanitized display_entity_summaries with counts/source table names only.
Verify MCP-level optional enrichment, including receive-message display fields and explicit DB receive:
$env:ISPHERE_MSGLIB_SQLITE_DLL = "<path-to-copied-System.Data.SQLite.dll>"
$env:ISPHERE_MSGLIB_DB = "<path-to-copied-MsgLib.db>"
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-msglib-mcp-enrichment.ps1
Expected MCP evidence is sanitized and should include:
{
"ok": true,
"db_receive_smoke": true,
"db_receive_message_count": 5,
"db_receive_sources": ["msglib:tblPersonMsg"],
"receive_display_smoke": true,
"receive_sender_name_populated": true,
"receive_conversation_display_populated": true,
"printed_entity_values": false,
"message_body_values_printed": false,
"message_bodies_returned": false,
"file_paths_returned": false,
"raw_rows_returned": false
}
The optional MCP smoke internally uses copied-DB display metadata to build a synthetic encrypted PacketReader fixture and explicitly calls isphere_receive_messages with source_preference="msglib_readonly". The printed output must stay limited to counts, booleans, and msglib:<source_table> refs. It must not print entity values, JIDs, message body values, local DB paths, attachment paths, or raw rows.
8. Configure MCP client command
After building a stable binary, configure your MCP client to run the Go MCP executable as a stdio server.
Recommended command if using the fixed output path:
E:\coding\codex\isphere-ai-bridge\runs\go-mcp\isphere-mcp.exe
Recommended working directory:
E:\coding\codex\isphere-ai-bridge
Example client configuration shape:
{
"mcpServers": {
"isphere-ai-bridge": {
"command": "E:\\coding\\codex\\isphere-ai-bridge\\runs\\go-mcp\\isphere-mcp.exe",
"cwd": "E:\\coding\\codex\\isphere-ai-bridge"
}
}
}
If you used go build ./cmd/isphere-mcp without -o, point the command to:
E:\coding\codex\isphere-ai-bridge\isphere-mcp.exe
9. Allowed tools
These ten tools are currently allowed:
| Tool | Source/op | Purpose |
|---|---|---|
win_helper_version |
helper version |
Read helper version and protocol metadata. |
win_helper_self_check |
helper self_check |
Read desktop/UIA availability status. |
win_helper_scan_windows |
helper scan_windows |
Read visible window metadata or likely iSphere candidates. |
win_helper_dump_uia |
helper dump_uia |
Read a UI Automation tree for a specified window handle. |
isphere_receive_messages |
log-backed EncryptedPacketLogSource |
Read normalized messages from the configured PacketReader log source with a contract-shaped response envelope. The default server source is empty unless ISPHERE_PACKET_LOG_FILE or ISPHERE_PACKET_LOG_DIR is configured. |
isphere_search_contacts |
log-backed message JIDs plus optional MsgLib display enrichment | Search contact candidates extracted from sender/receiver bare JIDs in the configured message source, with deterministic exact-match-first ranking, case-insensitive de-duplication, and preserved source/raw_ref. |
isphere_search_groups |
log-backed groupchat JIDs plus optional MsgLib display enrichment | Search group candidates extracted from groupchat/conference/MUC bare JIDs in the configured message source, with deterministic exact-match-first ranking, case-insensitive de-duplication, and preserved source/raw_ref. |
isphere_receive_files |
log-backed file-transfer messages | List file metadata candidates extracted from file-transfer message bodies. Download/cache mapping is not implemented yet. |
isphere_send_message |
B-route preview/dry-run contract | Plan a text-message send with target/content hash/idempotency/audit metadata. Production send is blocked. |
isphere_send_file |
file-send preview/dry-run contract | Plan a file send with target/file SHA256/size/idempotency metadata. Production upload is blocked. |
Allowed parameters:
win_helper_version: zero business parameters.win_helper_self_check: zero business parameters.win_helper_scan_windows:include_all_visibleonly.win_helper_dump_uia:hwnd,max_depth,include_text,max_childrenonly.isphere_receive_messages:conversation_id,query,since,include_attachment_metadata,source_preference,preview,cursor,limitonly.sincemust be RFC3339/RFC3339Nano when supplied;source_preferencecurrently supports empty/auto/local_readonly;cursormust be empty until pagination is implemented.isphere_search_contacts:query,cursor,source_preference,include_inactive,limitonly.source_preferencecurrently supports empty/auto/local_readonly;cursormust be empty until pagination is implemented.isphere_search_groups:query,cursor,source_preference,include_archived,limitonly.source_preferencecurrently supports empty/auto/local_readonly;cursormust be empty until pagination is implemented.isphere_receive_files:conversation_id,message_id,file_id,name_contains,mode,output_dir,cursor,source_preference,preview,limitonly. C22 supportsmodeempty orlist;source_preferencecurrently supports empty/auto/local_readonly;cursorandoutput_dirmust be empty in current list-only mode; download is deferred.isphere_send_message:target_type,target_id,content_text,content_sha256,idempotency_key,execution_modeonly. R6b supportsexecution_modeempty/preview/dry_runas planned preview. The default runtime returnsexecution_mode="production"as blocked until sandbox-send evidence passes. R6f adds a GoSendMessageConnectorinterface for fake/sandbox tests so accepted, failed, duplicate, and conflict paths can be validated without login. The response and audit storecontent_sha256andidempotency_key_sha256, not raw message body or raw idempotency key.isphere_send_file:target_type,target_id,file_path,file_sha256,idempotency_key,execution_mode,previewonly.file_pathmust stay insideISPHERE_SEND_FILE_ALLOWED_DIR; preview computes/validatesfile_sha256andfile_size_bytes, returnsreal_send_attempted=false, and does not upload or return file content. The default runtime returnsexecution_mode="production"as blocked.
Optional send audit/idempotency paths:
$env:ISPHERE_SEND_AUDIT_PATH = "E:\coding\codex\isphere-ai-bridge\runs\send-audit\send-message-preview.jsonl"
$env:ISPHERE_SEND_IDEMPOTENCY_PATH = "E:\coding\codex\isphere-ai-bridge\runs\send-audit\send-message-idempotency.jsonl"
If ISPHERE_SEND_IDEMPOTENCY_PATH is set, the send preview path records hashed idempotency state. Reusing the same idempotency key for the same target/content sets duplicate_detected=true; reusing it for different content or target returns blocked metadata with conflict_detected=true. Raw message body and raw idempotency key are not stored in the JSONL state.
Send-file preview requires an explicit allowed directory. Put only the files you want the digital employee to plan against inside that directory:
$env:ISPHERE_SEND_FILE_ALLOWED_DIR = "E:\coding\codex\isphere-ai-bridge\runs\send-file-preview"
isphere_send_file rejects file_path values outside that directory. It computes file SHA256 and size, but does not upload, click, type, or return file content.
R6g adds a local diagnostic for replaying the redacted audit/idempotency files without opening iSphere:
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-send-audit-idempotency.ps1 `
-AuditPath $env:ISPHERE_SEND_AUDIT_PATH `
-IdempotencyPath $env:ISPHERE_SEND_IDEMPOTENCY_PATH
The diagnostic prints sanitized counts and booleans: audit_records, idempotency_records, duplicate_detected, conflict_detected, raw_body_present, and raw_idempotency_key_present. It exits non-zero if a raw message body field or raw idempotency-key field is found.
R6h centralizes the production-send gate. Default execution_mode="production" responses include machine-readable gate_reason_code and gate_reason_message. The valid gate codes are:
send_disabled_by_defaultsend_evidence_missingsend_connector_missingsend_gate_passed
ISPHERE_SEND_PRODUCTION_ENABLED=1 is recognized by the gate policy, but it is not sufficient by itself: the evidence gate and connector gate must also pass before production can be allowed. In the default MCP server path, production_send_enabled remains false.
R6l closes the current send-message production path after R6k: because strict_v2_pass=false, production send remains blocked even if ISPHERE_SEND_PRODUCTION_ENABLED=1 is set. In that state, the MCP response uses gate_reason_code="send_evidence_missing" and still reports all real side-effect flags as false.
10. Current tool surface and next-stage route
The current runbook verifies ten tools:
win_helper_versionwin_helper_self_checkwin_helper_scan_windowswin_helper_dump_uiaisphere_receive_messagesisphere_search_contactsisphere_search_groupsisphere_receive_filesisphere_send_messageisphere_send_file
The current log-backed business read tools have parser/source/tool registration and an empty default server source. Raw N12-pre evidence remains under ignored runs/ paths and is not committed. The current command entry point can read an operator-local encrypted PacketReader log-line file via ISPHERE_PACKET_LOG_FILE or a directory of .log/.txt files via ISPHERE_PACKET_LOG_DIR; this is still not a production ingestion claim because raw evidence remains local and uncommitted. isphere_receive_messages now exposes contract-facing fields for digital-employee consumption while preserving older aliases for compatibility, supports conversation_id, keyword query, and RFC3339 since filtering, and validates the remaining safe contract args without pretending unsupported connectors/pagination exist. Contact and group search also accept the safe local-readonly contract args, rank exact matches before prefix/substring matches, collapse case-insensitive duplicates across log-derived candidates and optional MsgLibReadSidecar display metadata, and preserve source/raw_ref; receive-message sender_name and conversation.display_name can use that same optional metadata when MsgLib env is configured. isphere_receive_files supports list mode with safe contract arg validation; download/cache mapping remains deferred. isphere_send_message supports preview/dry-run metadata, sandbox-only connector-shell metadata, duplicate/conflict idempotency detection, redacted audit, and a test-only SendMessageConnector contract for fake accepted/failed outcomes; isphere_send_file now exposes preview/dry-run file SHA256/size planning behind ISPHERE_SEND_FILE_ALLOWED_DIR with all upload/send side-effect flags false. The default MCP server still has no real message/file connector and production send/file upload remains blocked until dynamic observation, full evidence gates, and controlled sandbox connector passes prove success/ack behavior.
Core business tools for contacts, groups, messages, and files are defined in docs/mcp-core-tools-contract.md. Send-message preview metadata and audit records are now in place; send-file preview metadata is in place with allowed-directory validation. Production message send and file upload still wait for later online sandbox evidence gates.
11. Real-login UIA capture procedure
This is a later real-login capture gate used to collect live UI structure for connector work.
Procedure:
-
Build and verify first:
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-win-helper.ps1 powershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-go-mcp.ps1 -
Manually open iSphere / IMPlatformClient.
-
Manually log in using the normal company login process.
-
Keep the main iSphere window visible.
-
Use
win_helper_scan_windowsto find the candidate window. Prefer read-only scan arguments such as:{ "include_all_visible": true } -
Use
win_helper_dump_uiaon the selectedhwnd, for example:{ "hwnd": "0x001A0B2C", "max_depth": 8, "include_text": true, "max_children": 80 } -
Save selected evidence under:
runs\real-loggedin-lab\uia-dumps\ -
Review and redact any sensitive content before sharing reports.
12. If this outer-network environment cannot log in
iSphere is internal-network only. If the current repository environment is outside that network, use two separate routes:
- N12-pre offline evidence for copied files and static analysis. Follow
docs/offline-evidence-intake-plan.mdand place packages underruns\offline-evidence-intake\<evidence-id>\. - N12R internal-sandbox live capture for real logged-in UIA evidence. Follow
docs/internal-sandbox-live-capture-plan.mdanddocs/internal-sandbox-operator-runbook.md; place returned packages underruns\internal-sandbox-live-capture\<capture-id>\.
N12R is the active live-capture route when login is only possible in an internal-network test sandbox. The UIA capture procedure still uses only the four helper observation tools:
win_helper_version
win_helper_self_check
win_helper_scan_windows
win_helper_dump_uia
The MCP server also registers the log-backed read tools (isphere_receive_messages, isphere_search_contacts, isphere_search_groups, and isphere_receive_files), but their default source is empty and they should not be used as N12R UIA evidence collection.
After receiving an N12R package, validate it with docs/n12r-return-package-validation-checklist.md before using it as evidence for selector-design review. Prefer the scripted read-only validator:
$captureRoot = "runs\internal-sandbox-live-capture\<capture-id>"
$reportRoot = "runs\internal-sandbox-live-capture-reports"
New-Item -ItemType Directory -Force -Path $reportRoot | Out-Null
powershell -NoProfile -ExecutionPolicy Bypass -File .\scripts\validate-n12r-return-package.ps1 `
-PackageRoot $captureRoot `
-ReportPath (Join-Path $reportRoot "<capture-id>-validation.md")
Keep the validation report outside $captureRoot; the returned package is evidence input and should remain unchanged.
13. R6c online sandbox send evidence package
The local development machine cannot log in to iSphere. Do not attempt to prove production send locally.
To prepare the online/internal sandbox evidence package:
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\package-send-sandbox-gate.ps1
Verify the package locally:
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-send-sandbox-gate-package.ps1
Expected output includes:
{
"ok": true,
"local_login_required": false,
"online_sandbox_required": true,
"production_send_enabled": false
}
Generated package:
runs\send-sandbox-gate-package.zip
Send that zip to the online/internal sandbox operator. The operator must follow OPERATOR-STEPS.md inside the package:
- fill
SANDBOX-SEND-INPUTS.json; - run
RUN-RECORDING-SUITE.batfor the guided full flow, or run01-run-before-recorder.bat; - manually send exactly one sandbox message in the official client;
- fill
success_ack_or_sent_record; - continue the guided flow, or run
02-run-after-recorder.bat; - continue the guided flow, or run
03-make-return-zip.bat; - return the generated zip.
The package also contains RECORDING-PACKAGE-MANIFEST.json, run-before-recorder.bat, run-after-recorder.bat, compute-content-hash.ps1, make-return-zip.ps1, and the read-only recorder under recorder\.
Production isphere_send_message remains blocked until the returned package is analyzed.
14. Returned sandbox package validation
When a returned package comes back, validate it before treating it as evidence:
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\validate-returned-send-sandbox-package.ps1 -PackagePath C:\Users\zhaoy\Downloads\1631.zip
For R6j strict-v2 packages, use:
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\validate-returned-send-sandbox-package.ps1 -ZipPath C:\Users\zhaoy\Downloads\isphere-send-sandbox-return-20260710-180000.zip -StrictV2
The current partial returned package C:\Users\zhaoy\Downloads\1631.zip validates as:
{
"partial_evidence_usable": true,
"r6d_gate_pass": false,
"strict_v2_pass": false,
"production_send_enabled": false,
"decision": "partial_use_only"
}
Use partial_use_only to continue local sandbox-only connector-shell and idempotency/audit work. Do not enable production send from a partial package. Full pass still requires after-recorder output, manual send timestamps, and the R6j strict-v2 fields: operator_started_at_local, operator_clicked_send_at_local, operator_observed_success_at_local, before_recorder_present, after_recorder_present, success_ack_or_sent_record_present, and duplicate_second_send_attempted=false.
The fixture test for the current partial package is:
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\test-validate-returned-send-sandbox-package.ps1
15. Offline capability-test package
Use this second package when you want to test the current capability surface without logging in and without any real send.
Build and verify it locally:
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\package-send-capability-test.ps1
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-send-capability-test-package.ps1
Generated package:
runs\send-capability-test-package.zip
Inside the extracted package, run:
run-capability-test.bat
Expected final JSON includes:
{
"ok": true,
"tool_count": 10,
"helper_name": "ISphereWinHelper",
"send_preview_tool_present": true,
"production_send_enabled": false,
"send_file_preview_tool_present": true,
"send_file_production_enabled": false,
"local_login_required": false,
"no_real_send": true
}
This package includes isphere-capability-smoke.exe and runs\win-helper\ISphereWinHelper.exe. It verifies the ten-tool MCP surface, fixture-backed receive/search/file-list behavior, send preview, send-file preview, and the production-send/file-upload blocks. It does not log in, click, type, upload, hook, inject, or send.
16. Troubleshooting
- If C# helper build fails, run
scripts\build-win-helper.ps1directly and check for missing .NET Framework reference assemblies. - If
win_helper_versionfails, rerunpowershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-win-helper.ps1first. - If Go MCP verification fails, rerun
go test ./...andpowershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-go-mcp.ps1. - If a client cannot start the MCP server, confirm the configured command points to the built
.exeand the working directory is the repository root.