Furthened decomp work

ghidra_mcp_wishlist.md

@@ -9,6 +9,30 @@ Rules for keeping it useful:
 
 ## Remaining TODOs
 
+### Raw Patch Extraction From Live Ghidra Edits
+
+- Missing capability: export a machine-friendly raw patch plan from the current live program after verified byte edits, including NE relocation target changes.
+- Current fallback: manually translate selector-space Ghidra edits into raw file offsets, helper-window byte blocks, and relocation-record rewrites before re-encoding them in a PowerShell patcher.
+- Why it matters: the Regret hidden-debugger `debug menu 2.0` patch was proven in Ghidra first, but the usable deliverable had to become a raw `REGRET.EXE` patch because the available export processor path returned the original executable bytes instead of the modified image.
+- Proposed MCP behavior: add an endpoint that emits a structured patch plan for the selected program, including file offsets, original bytes, new bytes, relocation-record deltas, and selector-to-segment metadata for NE executables. A direct `export_patched_binary(...)` helper would also be useful if it can be proven reliable on the target processor path.
+- Latest status (2026-04-10): the full Regret runtime/helper plus `loosecannon` trigger patch had to be converted by hand into raw offsets `0xD2840..0xD28DC`, `0xD2C94`, `0xD2E0C`, `0xD2E14`, `0xD2E1C`, `0x7BB25`, `0x7BB15`, `0x7BB05`, and `0x7BAF5` after the live export path produced an unmodified EXE.
+
+### Explicit Write-Target Enforcement And Reporting
+
+- Missing capability: reliable enforcement and reporting of the exact target program for write-capable MCP operations.
+- Current fallback: re-read bytes immediately after each write, compare against the intended file on disk, and assume nothing from the returned `target_program` field when explicit selectors were provided.
+- Why it matters: during the Regret debugger patch session, `run_write_script(...)` results still reported `target_program=REGRET.EXE` even when `/Writable/REGRET-PATCHED.EXE` was passed explicitly, which made it harder to tell whether a write actually landed on the writable clone or silently fell back.
+- Proposed MCP behavior: when explicit selectors are provided, write-capable endpoints should either bind to that exact program and report the resolved full domain-file path, or fail with a structured target-mismatch error instead of proceeding with ambiguous status text.
+- Latest status (2026-04-10): the raw-write fallback only remained trustworthy because the session re-read the patched bytes from the writable target after every operation; the reported target text itself was not sufficient evidence.
+
+### Instruction-Overwrite Patching Without Script Fallbacks
+
+- Missing capability: patch over existing defined instructions on writable copies without dropping to custom write scripts that clear code units first.
+- Current fallback: use `run_write_script(...)` to clear the affected code units, write bytes manually, trigger disassembly, and then re-verify the result with readback helpers.
+- Why it matters: `patch_bytes_and_reanalyze(...)` refused several valid small Regret debugger edits with `Memory change conflicts with instruction`, even though the intended operation was a normal code-patch workflow on a writable copy.
+- Proposed MCP behavior: add an explicit instruction-overwrite mode to `patch_bytes_and_reanalyze(...)` for writable targets so the endpoint can clear the conflicting code units, apply the bytes, re-disassemble the region, and report the final instruction text in one machine-friendly result.
+- Latest status (2026-04-10): the active `loosecannon` fix at `1148:3743` only landed after falling back to a write script that manually cleared the code unit and forced redisassembly.
+
 ### Apply-Class-Layout Schema Parity
 
 - Missing capability: reliable minimal-payload use of `apply_class_layout(...)` during live class-lift batches.