Files
isphere-ai-bridge/docs/source-discovery/2026-07-10-returned-send-sandbox-analysis.md
2026-07-10 19:11:52 +08:00

3.7 KiB

Returned Send Sandbox Analysis

Date: 2026-07-10 Node: R6d returned sandbox evidence intake Returned package: C:\Users\zhaoy\Downloads\1631.zip Local intake copy: runs/returned-send-sandbox/1631/

Decision

Use this return package as partial R6d evidence only.

Business interpretation:

  • It is enough to continue the next engineering loop with a sandbox-only send connector shell, idempotency/audit hardening, and stricter returned-package validation.
  • It is not enough to enable production isphere_send_message.
  • It is not enough to start isphere_send_file production work.

Repository behavior remains:

production_send_enabled=false

Validator

Repeatable validation command:

powershell -NoProfile -ExecutionPolicy Bypass -File scripts\validate-returned-send-sandbox-package.ps1 -PackagePath C:\Users\zhaoy\Downloads\1631.zip

Fixture test:

powershell -NoProfile -ExecutionPolicy Bypass -File scripts\test-validate-returned-send-sandbox-package.ps1

Observed validator result:

{
  "partial_evidence_usable": true,
  "r6d_gate_pass": false,
  "capability_test_ok": true,
  "capability_tool_count": 9,
  "production_send_enabled": false,
  "content_hash_matches": true,
  "operator_observed_success": true,
  "do_not_send_second_time_confirmed": true,
  "has_before_probe": true,
  "has_after_probe": false,
  "missing_for_full_gate": [
    "manual_send_started_at_local",
    "manual_send_finished_at_local",
    "after_recorder_output"
  ],
  "decision": "partial_use_only"
}

Evidence received

The returned zip contains:

isphere-live-probe-20260710-162555.zip
RUN-RECORDING-SUITE.txt
SANDBOX-SEND-INPUTS..json
send-capability-test-package.txt

Notes:

  • SANDBOX-SEND-INPUTS..json has a double dot in the filename, but the validator accepts this pattern.
  • The target id is present but should stay redacted in committed docs.
  • The raw message body is not needed in committed docs; the validator checks the supplied SHA256 against the local returned JSON.
  • The capability-test transcript proves the offline-safe 9-tool package ran successfully and kept production send disabled.

Evidence that is usable now

Usable for next engineering loop:

  • explicit sandbox target fields are present;
  • content SHA256 matches the supplied test content;
  • idempotency key is present;
  • operator recorded observed success/sent-record text;
  • operator confirmed no second send;
  • one read-only live probe package was returned;
  • capability smoke passed with 9 tools and production_send_enabled=false.

This is enough to justify moving from "waiting for any returned send evidence" to:

  1. returned-package validator hardening;
  2. sandbox-only connector shell design;
  3. idempotency/audit persistence design;
  4. fake/sandbox connector tests.

Missing for full R6d pass

Missing:

  • manual_send_started_at_local;
  • manual_send_finished_at_local;
  • after-send recorder output;
  • standard return-evidence/before and return-evidence/after shape from make-return-zip.ps1.

Because these are missing, the full gate does not pass.

Current route decision

Proceed with "partial use" only:

R6d partial_use_only -> R6e sandbox-only send connector shell and idempotency audit hardening

Do not change the current MCP production-send response:

execution_mode="production" -> send_status="blocked"

What would make it full pass later

Ask the operator to return a corrected package only when convenient:

  1. run 02-run-after-recorder.bat;
  2. fill manual_send_started_at_local;
  3. fill manual_send_finished_at_local;
  4. run 03-make-return-zip.bat;
  5. return the generated isphere-send-sandbox-return-*.zip.

The current partial package can still be used for the next local development loop.