23 KiB
Current Status Card
Date: 2026-07-10
Branch: main
Loop base: e993ce1 docs: trim safety constraints from mcp roadmap
Remote base before local roadmap commits: b2d839e Merge branch 'codex/n15-report-hardening'
Business direction
项目核心不是继续做 UIA selector/report,而是通过 MCP 暴露 iSphere 的联系人、群组、消息、文件能力。
后续研发主线切换为 MCP 核心通信能力:搜索联系人、搜索群组、收发消息、收发文件。现有 UIA/selector/report 只作为底层辅助和证据,不再作为主线继续扩展。
Current completed state
- Go MCP foundation exists:
cmd/isphere-mcp,internal/mcpserver,internal/helperclient, andinternal/toolsbuild a stdio MCP server. - The current MCP surface exposes nine tools: four WinHelper observation tools, four read-oriented business tools, and one send-message preview-only tool:
win_helper_versionwin_helper_self_checkwin_helper_scan_windowswin_helper_dump_uiaisphere_receive_messagesisphere_search_contactsisphere_search_groupsisphere_receive_filesisphere_send_messagepreview/dry-run only; production is blocked
- C#
ISphereWinHelperexists undernative/ISphereWinHelperand uses theisphere.helper.v1stdin/stdout JSON contract. Helper0.4.0adds read-onlyprobe_send_entrypointsandprobe_send_uia_controlsfor R6a/C31 send connector preflight. scripts/verify-win-helper.ps1andscripts/verify-go-mcp.ps1provide repeatable local checks for the helper, nine-tool MCP surface, default empty-source receive/contact/group/file calls, send-message preview/production-blocked behavior, synthetic configured-file receive/contact/group/file smoke, and synthetic configured-directory receive/contact/group/file smoke.isphere_receive_messagesnow returns the contract-facingok,conversation,messages,next_cursor, andauditenvelope while retaining legacy parser-native message fields for compatibility.isphere_receive_messagesaccepts the read-contract argument set for the current local-readonly path:conversation_id,query,since,limit,include_attachment_metadata,source_preference,preview, and emptycursor.isphere_search_contactsandisphere_search_groupsaccept and validate the safe search-contract args for the current local-readonly path and can optionally enrich results from the env-configured C29MsgLib.dbdisplay-entity reader; default behavior remains log/JID-backed when MsgLib env vars are absent.isphere_receive_fileslist mode accepts and validates the safe file-list contract args for the current local-readonly path while keeping download blocked.isphere_send_messageaccepts the R6b preview/dry-run contract (target_type,target_id,content_text,content_sha256,idempotency_key,execution_mode) and returns planned preview metadata plus redacted audit metadata;execution_mode="production"returns blocked status with all side-effect flags false.native/MsgLibReadSidecarprovides a bounded x86 .NET read-only boundary forMsgLib.dbschema/display-source checks, bounded contact/group display-entity reads, message-source metadata, and sidecar-level bounded message listing;internal/msglibwraps it from Go, C30 wires display metadata as an optional MCP contact/group enrichment source, C39 adds a Go receive-source adapter aroundListMessages, C40 adds tool-level explicitmsglib_readonlysource selection, and C41 wires it through env configuration without changing the MCP default source.- N12-pre and N12R documents define safe offline evidence intake and internal-sandbox live UIA capture procedures.
- N13/N14/N15 produced selector catalog/report validation infrastructure, but those are supporting validation assets only.
What cannot be claimed externally
- The project has not yet implemented production message sending, file download, or file sending;
isphere_receive_messages,isphere_search_contacts,isphere_search_groups, andisphere_receive_fileslist mode have operator-local encrypted log-file/log-directory support but not a production ingestion path. - The project has not completed production iSphere integration.
- The project has not proven a stable real message source for the full business workflow beyond decrypted PacketReader log evidence and synthetic/redacted tests.
- The project has not implemented real message sending or real file upload. R6b adds preview/dry-run only; it does not prove send invocation, success/ack, or idempotent production behavior.
- N12-pre offline evidence is not N12 pass.
- N13/N14/N15 selector/report work is pre-business evidence, not finished contact/message/file capability.
What can be claimed externally
- The repository has a Go MCP + C# WinHelper foundation for controlled Windows-side read-only observation.
- The helper protocol boundary is explicit and keeps Windows/UIA work separate from the Go MCP service layer.
- The current code can support future MCP business tools by routing low-level Windows/UIA fallback work through a bounded helper layer.
- The project has repeatable verification scripts for the helper/MCP foundation and the current nine-tool surface.
- The project now has a corrected business contract and plan for core MCP communication tools, plus registered receive/contact/group/file-list read tools that can use
ISPHERE_PACKET_LOG_FILEfor one operator-local encrypted PacketReader log-line file orISPHERE_PACKET_LOG_DIRfor an operator-local directory of encrypted.log/.txtPacketReader files.
N13/N14/N15 positioning
N13/N14/N15 are pre-business validation results. They can help identify UI elements and validate reports if UI automation becomes necessary, but they are not the product route. New work should first validate real business capability sources and core MCP tool contracts.
Current loop
Current loop: R6c local online-sandbox evidence package prepared; next R6d returned sandbox evidence intake after package is run and returned.
Plan file: docs/superpowers/plans/2026-07-10-core-business-capabilities-roadmap.md.
Loop rule:
- Write or update the plan before coding.
- Implement one loop only.
- Verify, commit exact paths, then update the next loop based on actual results.
- Continue automatically while the next step is clear; ask the user only when blocked or when business direction changes.
Current loop output so far:
- C1:
internal/isphere/logcodec.DecryptLineandinternal/isphere/packetlog.ParseMessageLogfor redacted PacketReader message logs. - C2:
internal/isphere.EncryptedPacketLogSource.ReceiveMessagessource abstraction with synthetic/redacted encrypted fixtures. - C3:
isphere_receive_messagesMCP tool registration and server tool list update. - C4: repeatable operator verification and docs for the five-tool surface.
- C5: safe
ISPHERE_PACKET_LOG_FILEloader for operator-local encrypted PacketReader log lines. - C6: fixture-backed operator smoke for configured receive source.
- C7: log-backed contact candidate extraction from sender/receiver JIDs.
- C8:
isphere_search_contactsMCP registration and six-tool verification. - C9: group source evidence precheck confirmed groupchat/conference/MUC hits in ignored decrypted logs.
- C10: log-backed group candidate extraction from groupchat/conference JIDs.
- C11:
isphere_search_groupsMCP registration and seven-tool verification. - C12: file evidence precheck confirmed enough PacketReader/Smark evidence for file metadata listing, but not enough for real cache/download mapping.
- C13:
internal/isphere.ListFilesFromMessagesextracts synthetic/redacted file metadata candidates from normalized messages. - C14:
isphere_receive_filesMCP list mode registered and verify-go-mcp now covers eight tools plus default/configured file-list smoke. - C15:
isphere_send_messagesource precheck found no validated write connector; send implementation is blocked pending bridge/API, UIA action, or protocol evidence. - C16: configured PacketReader source hardening added
ISPHERE_PACKET_LOG_DIR, deterministic recursive.log/.txtdirectory loading, ambiguous file/dir config failure, and configured-directory receive/contact/group/file smoke verification. - C17:
isphere_receive_messagesoutput was aligned to the core read contract envelope and message fields while retaining legacy aliases; verify-go-mcp now asserts contract fields for configured file and directory source smokes. - C18:
isphere_receive_messagesgainedconversation_idandqueryfilters across source, MCP args, tests, and configured file/directory smoke verification. - C19:
isphere_receive_messagesgained RFC3339sincefiltering against PacketReader epoch-millisecond timestamps plus invalid-since error handling. - C20:
isphere_receive_messagesnow accepts and validates the remaining safe read-contract args, rejects unsupported source/cursor cases, and can suppress inline attachment metadata. - C21:
isphere_search_contactsandisphere_search_groupsnow accept and validate safe search-contract args, while rejecting unsupported source/cursor cases. - C22:
isphere_receive_fileslist mode now accepts and validates safe contract args, rejects unsupported source/cursor/output/download cases, and keeps download blocked. - C23: display-name enrichment was blocked because current committed evidence and ignored metadata do not validate a JID-to-display-name/group-title source;
MsgLib.dbremains the most likely next source but inspected copies are not directly readable as SQLite. - C24:
MsgLib.dbreadability precheck found high-entropy non-SQLite files with a consistent wrapper/encryption signature; wrapper candidates includeHYHC.IMPP.DAL.dll,Utilities.Lib.SQLiteInteraction*.dll,Utilities.Lib.DBModel.dll, andRepairDatabase.exe. - C25: static .NET wrapper analysis recovered the DAL open path:
HYHC.IMPP.DAL.IMPPDALconfiguresSystem.Data.SQLitethroughUtilities.Lib.DBSQLite, setsDatabaseNameto the DB path andPasswordto123, and exposes candidate display/message tables such asTD_Roster,tblRecent,tblPersonMsg,tblMsgGroupPersonMsg, andTD_WorkGroupAuth. - C26: copied
MsgLib.dbschema extraction succeeded through a 32-bit .NETSystem.Data.SQLiteread-only probe with password123; all three copied DB candidates opened, with confirmed contact/group/message/file schema tables. - C27: added
native/MsgLibReadSidecarwith protocolisphere.msglib.v1, x86 build/verify scripts, and safeself_check,schema_summary, anddisplay_sourcesoperations; evidence-backed smoke returned 8 display-source candidates without row/message values. - C28: added
internal/msglibGo client wrapper for the sidecar protocol with env config, fake-sidecar unit tests, timeout handling, structured sidecar errors,SelfCheck, andDisplaySources; no MCP tool wiring or message/display row reads yet. - C29: added bounded
display_entitiessupport across the x86 sidecar, Go client, and verification script; evidence-backed verification returned sanitized contact/group counts and source-table names only, with no message bodies, file paths, raw rows, sends, writes, hooks, or injection. - C30: wired
DisplayEntitiesintoisphere_search_contactsandisphere_search_groupsas an optional env-configured enrichment source with fake-source tests; default MCP verification now clears MsgLib env to keep the standard smoke deterministic. - C31: added optional
scripts/verify-msglib-mcp-enrichment.ps1; real copied-DB MCP smoke returned sanitized contact/group counts and MsgLib source refs without printing names, JIDs, message bodies, file paths, or raw rows. - C32:
isphere_receive_messagescan now use the optional MsgLib display-entity source to fill safesender_nameandconversation.display_namefields while preserving message text/content/attachment behavior. - C33: optional real copied-DB MCP smoke now also constructs a synthetic encrypted PacketReader fixture from internally selected MsgLib contact/group metadata and verifies receive-message display enrichment through MCP; output stays sanitized to counts, booleans, and
msglib:<source_table>refs only. - C34:
docs/go-mcp-runbook.mdnow documents the operator setup path for optional MsgLib display-name enrichment, including the required env vars, partial-config failure rule, standard no-MsgLib verification, optional provider smoke, optional MCP enrichment smoke, and sanitized output boundaries. - C35:
docs/source-discovery/2026-07-10-msglib-message-source-precheck.mdmapstblPersonMsg,tblMsgGroupPersonMsg,TD_SystemMessageRecord, receipt, recent, and file-record schema columns to the futureisphere_receive_messagescontract; decision is metadata-onlymessage_sourcessidecar first, not body-returning DB listing yet. - C36: added metadata-only MsgLib
message_sourcesacross the x86 sidecar, Go wrapper, and sidecar verification; evidence-backed smoke returned six message-source summaries with source/table/role/availability/row-count metadata only. - C37:
docs/source-discovery/2026-07-10-db-backed-receive-source-design.mddefines the bounded DB-backed receive-message design: sidecar oplist_messages, hard limit, no cursor initially, explicitinclude_body, no raw rows, no file path values, PacketReader remains default until reconciliation. - C38: added sidecar/Go-wrapper
list_messages, clamped to1..50, cursor rejected, optional attachment metadata without path/download refs, and copied-DB verification withinclude_body=false; printed evidence is only count/source-table/safety booleans. - C39: added
internal/isphere.MsgLibMessageSource, an injected-provider adapter that mapsmsglib.ListMessagesresults into the existing receive-message domain model, preserving explicit source refs and attachment metadata while leaving MCP default PacketReader behavior unchanged. - C40: added tool-level explicit receive source selection: empty/
auto/local_readonlystill use the primary PacketReader/log-backed source, whilesource_preference="msglib_readonly"uses a configured MsgLib receive source and is rejected when not configured. - C41: wired env-configured MsgLib client into both display enrichment and explicit receive selection; optional copied-DB MCP smoke now proves
source_preference="msglib_readonly"returns sanitized count/source evidence while standardverify-go-mcp.ps1remains deterministic. - R5b/C30-live: analyzed returned live-probe package
isphere-live-probe-20260710-121958; confirmed one x86IMPlatformClient.exe4.1.2.6842, live server endpoint evidence, installed B-route DLL presence, active localMsgLib.dbpath shape, and A-route UIA selectors for search/draft/send/file menu. Production send remains blocked because the probe did not prove runtime entrypoint reachability or send success/ack mapping and the captured chat panels report an offline-send blocker. - R6a/C31: added WinHelper
0.4.0read-onlyprobe_send_entrypointsandprobe_send_uia_controls, wired the live recorder to emitsend_entrypoints_preflight.jsonandsend_uia_controls_preflight.json, and verified that copied install metadata reports all 5 required B-route entrypoints available while the synthetic UIA classifier reportsA_ROUTE_OFFLINE_BLOCKED. Production send/file upload remains blocked pending preview/dry-run, dynamic observation, idempotency/audit, and one approved sandbox send. - R6b: added
isphere_send_messagepreview/dry-run only. The tool validatestarget_type,target_id,content_sha256, andidempotency_key, returns connector metadataimplatform-sidecar/preview, appends redacted JSONL audit events without raw message body or raw idempotency key, and returnssend_status="blocked"for production with all side-effect flags false.verify-go-mcp.ps1now verifies the 9-tool surface and provessend_preview_tool_present=trueandproduction_send_enabled=false. - R6c: because the local machine cannot log in, prepared an online/internal sandbox evidence package instead of attempting local send. Added
scripts/package-send-sandbox-gate.ps1,scripts/verify-send-sandbox-gate-package.ps1, anddocs/source-discovery/2026-07-10-send-sandbox-gate.md; local verification generatesruns/send-sandbox-gate-package.zipwith the read-only recorder, before/after scripts, sandbox input template, SHA256 helper, expected-return checklist, and return-zip helper.
Recompiled business roadmap
The active plan is now organized around the four business goals rather than the old technology-led C-loop:
- Search contacts and search groups: harden result quality, ranking, de-duplication, and richer fields.
- Receive/send messages: reconcile PacketReader and MsgLib receive sources first; then discover and validate a send-message connector.
- Receive/send files: map received file metadata to cache/download behavior first; send-file remains behind the send connector plus upload evidence.
- Keep UIA selector/report work as fallback support, not as the primary roadmap.
R1 receive-message source reconciliation precheck is complete:
- Created
docs/source-discovery/2026-07-10-receive-message-reconciliation-precheck.md. - Decision: do not change default receive routing yet; empty/
autoremains PacketReader/log-backed andmsglib_readonlyremains explicit. - R1 next node was R2 contact/group search quality hardening.
R2 contact/group search quality hardening is complete:
- Search contacts now has deterministic exact-match-first ranking and case-insensitive de-duplication for log/JID candidates and optional MsgLib display enrichment.
- Search groups now has deterministic exact-match-first ranking and case-insensitive de-duplication for groupchat/conference candidates and optional MsgLib display enrichment.
- MCP output still preserves
sourceandraw_ref; no send or download behavior was introduced. - Next node: R3 receive-file download mapping precheck.
R3 receive-file download mapping precheck is complete:
- Created
docs/source-discovery/2026-07-10-file-download-mapping-precheck.md. - Decision: do not implement download mode yet; current evidence supports list mode and DB attachment metadata, but not a validated cache/download mapping.
- Next node: R3b file cache mapping diagnostic with sanitized counts only.
R3b file cache mapping diagnostic is complete:
- Added
scripts/verify-file-cache-mapping.ps1and a fixture test script. - Real sanitized diagnostic found 166 MsgLib received-file records and 11 cache/archive candidates, but 0 filename/source-id/cache matches.
- Decision: R4 receive-file download implementation is blocked until better cache evidence or a UI/client download connector is available.
- Next node: R5 send-message connector discovery.
R5 send-message connector discovery is complete:
- Created
docs/source-discovery/2026-07-10-send-message-connector-selection.md. - No connector was selected: no bridge/API/local service, no UIA write action chain, and no network/protocol send evidence is currently validated.
- R6 send-message implementation and R7/R8 send-file work are blocked until a connector evidence package is supplied.
R5b returned live-probe evidence intake is complete:
- Created
docs/source-discovery/2026-07-10-returned-live-probe-analysis.md. - Runtime evidence now proves a real x86
IMPlatformClient.exeprocess, version4.1.2.6842, install path family, and live TCP connection. - The live install contains B-route candidate binaries including
IMPlatformClient.exe,smack.dll,IMPP.Interface.dll,IMPP.Service*.dll,IMPP.UI.dll,TcpFileTransfer.dll,INetwork.dll, andIOClientNetwork.dll. - The live process did not show
IMPP.*,smack.dll, or file-transfer assemblies as currently loaded modules, so B2 runtime entrypoint reachability is still unproven. - UIA evidence now locates main search edit
skinAlphaTxt, chat send documentrtbSendMessage, send buttonbtnSend, and发送文件menu controls, but both chat captures include the offline-send message您已处于离线状态,无法发送消息,请上线后再次尝试!. - Decision: move from generic “waiting for connector evidence” to R6a/C31 non-mutating send connector preflight. Keep
isphere_send_messageandisphere_send_fileproduction behavior blocked.
R6a/C31 non-mutating send connector preflight is complete:
- Created
docs/source-discovery/2026-07-10-send-connector-preflight.md. - Added helper
probe_send_entrypoints, which checks installed/copiedIMPlatformClient.exe,smack.dll, andIMPP.Service.dllmetadata only. - Added helper
probe_send_uia_controls, which classifies search/edit/send/file controls and offline-blocked state without clicking or typing. - Local copied-install metadata reports
required_available_count=5,all_required_available=true, andb_route_entrypoint_preflight="pass". - Synthetic UIA smoke reports
A_ROUTE_OFFLINE_BLOCKED, proving the classifier can preserve the offline blocker as a first-class route state. - Decision: next node is R6b B-route preview/dry-run contract. Keep production
isphere_send_messageandisphere_send_fileblocked until a later online sandbox send proves success/ack and idempotency behavior.
R6b B-route preview/dry-run contract is complete:
- Added
internal/tools/isphere_send_message.goand tests. - Registered
isphere_send_messagein the Go MCP server as preview/dry-run only. - Preview returns
ok=true,send_status="planned", target ref, content SHA256, idempotency key SHA256, connector metadata, audit metadata, and all side-effect flags false. - Production returns
ok=false,send_status="blocked", a clear blocked reason, and all side-effect flags false. ISPHERE_SEND_AUDIT_PATHcan override the local audit JSONL path; the default path is ignored underruns/send-audit/send-message-preview.jsonl.- Standard MCP smoke now verifies 9 tools and confirms production send is not enabled.
- Decision: next node is R6c online sandbox-send evidence gate. Do not implement production send until one approved sandbox send proves success/ack or sent-record evidence and duplicate idempotency protection.
R6c local preparation for online sandbox-send evidence is complete:
- Local login is still unavailable, so no local live send was attempted.
- Created
docs/source-discovery/2026-07-10-send-sandbox-gate.md. - Added package script
scripts/package-send-sandbox-gate.ps1. - Added verification script
scripts/verify-send-sandbox-gate-package.ps1. - Verified package output:
runs/send-sandbox-gate-package.zip. - Package requires an online/internal sandbox operator to run before/after read-only recorder captures around exactly one manual sandbox send.
- Production
isphere_send_messageandisphere_send_fileremain blocked until the returned package proves success/ack or sent-record evidence and no second send. - Next node: R6d returned sandbox evidence intake after the package is run and returned.