feat(capabilities): add power-user diagnostics

Author: RealWhyKnot

internal/capabilities/net.go

@@ -22,6 +22,7 @@ func RegisterNet(r *dispatch.Router) {
 	r.Register("net.firewall", netFirewall)
 	r.Register("net.wlan", netWlan)
 	r.Register("net.tls", netTLS)
+	r.Register("net.shares", netShares)
 }
 
 func netAdapters(ctx context.Context, _ map[string]json.RawMessage) (interface{}, error) {

internal/capabilities/net_probes.go

@@ -7,6 +7,8 @@ import (
 	"fmt"
 	"net"
 	"strconv"
+	"strings"
+	"time"
 
 	"github.com/RealWhyKnot/Handoff/internal/dispatch"
 )
@@ -17,6 +19,7 @@ import (
 func RegisterNetProbes(r *dispatch.Router) {
 	r.Register("net.ping", netPing)
 	r.Register("net.trace", netTrace)
+	r.Register("net.tcp-test", netTCPTest)
 }
 
 func validTarget(s string) bool {
@@ -72,3 +75,85 @@ func netTrace(ctx context.Context, args map[string]json.RawMessage) (interface{}
 		ConvertTo-Json -Compress -Depth 4`
 	return runPwshJSON(ctx, script)
 }
+
+type tcpTestOptions struct {
+	target    string
+	port      int
+	timeoutMS int
+}
+
+func parseTCPTestOptions(args map[string]json.RawMessage) (tcpTestOptions, error) {
+	opts := tcpTestOptions{timeoutMS: 5000}
+	if v, ok := args["target"]; ok {
+		_ = json.Unmarshal(v, &opts.target)
+	}
+	if v, ok := args["port"]; ok {
+		_ = json.Unmarshal(v, &opts.port)
+	}
+	if v, ok := args["timeout_ms"]; ok {
+		_ = json.Unmarshal(v, &opts.timeoutMS)
+	}
+	opts.target = strings.TrimSpace(opts.target)
+	if !validTarget(opts.target) {
+		return opts, fmt.Errorf("net.tcp-test: invalid 'target'")
+	}
+	if opts.port <= 0 || opts.port > 65535 {
+		return opts, fmt.Errorf("net.tcp-test: port must be 1-65535")
+	}
+	if opts.timeoutMS < 1000 {
+		opts.timeoutMS = 1000
+	}
+	if opts.timeoutMS > 30000 {
+		opts.timeoutMS = 30000
+	}
+	return opts, nil
+}
+
+func netTCPTest(ctx context.Context, args map[string]json.RawMessage) (interface{}, error) {
+	opts, err := parseTCPTestOptions(args)
+	if err != nil {
+		return nil, err
+	}
+
+	start := time.Now()
+	timeout := time.Duration(opts.timeoutMS) * time.Millisecond
+	result := map[string]interface{}{
+		"target":             opts.target,
+		"port":               opts.port,
+		"timeout_ms":         opts.timeoutMS,
+		"tcp_test_succeeded": false,
+	}
+
+	lookupCtx, lookupCancel := context.WithTimeout(ctx, timeout)
+	addrs, lookupErr := net.DefaultResolver.LookupIPAddr(lookupCtx, opts.target)
+	lookupCancel()
+	resolved := make([]string, 0, len(addrs))
+	for _, addr := range addrs {
+		resolved = append(resolved, addr.IP.String())
+	}
+	result["resolved_addresses"] = resolved
+	if lookupErr != nil {
+		result["error"] = lookupErr.Error()
+		result["elapsed_ms"] = time.Since(start).Milliseconds()
+		return result, nil
+	}
+	if len(resolved) > 0 {
+		result["remote_address"] = net.JoinHostPort(resolved[0], strconv.Itoa(opts.port))
+	}
+
+	dialCtx, dialCancel := context.WithTimeout(ctx, timeout)
+	conn, dialErr := (&net.Dialer{Timeout: timeout}).DialContext(dialCtx, "tcp", net.JoinHostPort(opts.target, strconv.Itoa(opts.port)))
+	dialCancel()
+	if dialErr != nil {
+		result["error"] = dialErr.Error()
+		result["elapsed_ms"] = time.Since(start).Milliseconds()
+		return result, nil
+	}
+	defer conn.Close()
+
+	result["tcp_test_succeeded"] = true
+	result["remote_address"] = conn.RemoteAddr().String()
+	result["local_address"] = conn.LocalAddr().String()
+	result["elapsed_ms"] = time.Since(start).Milliseconds()
+	return result, nil
+}

internal/capabilities/net_shares.go

@@ -0,0 +1,128 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+package capabilities
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+)
+
+type netSharesOptions struct {
+	includeHidden   bool
+	includeSessions bool
+	maxResults      int
+}
+
+func parseNetSharesOptions(args map[string]json.RawMessage) netSharesOptions {
+	opts := netSharesOptions{
+		includeSessions: true,
+		maxResults:      200,
+	}
+	if v, ok := args["include_hidden"]; ok {
+		_ = json.Unmarshal(v, &opts.includeHidden)
+	}
+	if v, ok := args["include_sessions"]; ok {
+		_ = json.Unmarshal(v, &opts.includeSessions)
+	}
+	if v, ok := args["max_results"]; ok {
+		_ = json.Unmarshal(v, &opts.maxResults)
+	}
+	if opts.maxResults <= 0 {
+		opts.maxResults = 200
+	}
+	if opts.maxResults > 1000 {
+		opts.maxResults = 1000
+	}
+	return opts
+}
+
+func netShares(ctx context.Context, args map[string]json.RawMessage) (interface{}, error) {
+	opts := parseNetSharesOptions(args)
+	script := fmt.Sprintf(`
+$includeHidden = $%t
+$includeSessions = $%t
+$max = %d
+$errors = [ordered]@{}
+$shareEntries = @()
+$sessionEntries = @()
+$openFileEntries = @()
+
+try {
+    $shareArgs = @{ ErrorAction = 'Stop' }
+    if ($includeHidden) { $shareArgs['IncludeHidden'] = $true }
+    $shareEntries = Get-SmbShare @shareArgs |
+        Sort-Object Name |
+        Select-Object -First $max |
+        ForEach-Object {
+            [ordered]@{
+                name = [string]$_.Name
+                path = [string]$_.Path
+                description = [string]$_.Description
+                share_state = [string]$_.ShareState
+                share_type = [string]$_.ShareType
+                current_users = if ($null -ne $_.CurrentUsers) { [int]$_.CurrentUsers } else { $null }
+                special = [bool]$_.Special
+                encrypt_data = [bool]$_.EncryptData
+                caching_mode = [string]$_.CachingMode
+                folder_enumeration_mode = [string]$_.FolderEnumerationMode
+            }
+        }
+} catch {
+    $errors['shares'] = $_.Exception.Message
+}
+
+if ($includeSessions) {
+    try {
+        $sessionEntries = Get-SmbSession -ErrorAction Stop |
+            Sort-Object ClientComputerName, ClientUserName |
+            Select-Object -First $max |
+            ForEach-Object {
+                [ordered]@{
+                    session_id = [string]$_.SessionId
+                    client_computer_name = [string]$_.ClientComputerName
+                    client_user_name = [string]$_.ClientUserName
+                    num_opens = if ($null -ne $_.NumOpens) { [int]$_.NumOpens } else { $null }
+                    seconds_exists = if ($null -ne $_.SecondsExists) { [int64]$_.SecondsExists } else { $null }
+                    seconds_idle = if ($null -ne $_.SecondsIdle) { [int64]$_.SecondsIdle } else { $null }
+                    dialect = [string]$_.Dialect
+                }
+            }
+    } catch {
+        $errors['sessions'] = $_.Exception.Message
+    }
+
+    try {
+        $openFileEntries = Get-SmbOpenFile -ErrorAction Stop |
+            Sort-Object ClientComputerName, ShareRelativePath |
+            Select-Object -First $max |
+            ForEach-Object {
+                [ordered]@{
+                    file_id = [string]$_.FileId
+                    session_id = [string]$_.SessionId
+                    client_computer_name = [string]$_.ClientComputerName
+                    client_user_name = [string]$_.ClientUserName
+                    share_relative_path = [string]$_.ShareRelativePath
+                    permissions = [string]$_.Permissions
+                    locks = if ($null -ne $_.Locks) { [int]$_.Locks } else { $null }
+                }
+            }
+    } catch {
+        $errors['open_files'] = $_.Exception.Message
+    }
+}
+
+[ordered]@{
+    include_hidden = $includeHidden
+    include_sessions = $includeSessions
+    max = $max
+    share_count = @($shareEntries).Count
+    session_count = @($sessionEntries).Count
+    open_file_count = @($openFileEntries).Count
+    shares = @($shareEntries)
+    sessions = @($sessionEntries)
+    open_files = @($openFileEntries)
+    errors = $errors
+} | ConvertTo-Json -Compress -Depth 5
+`, opts.includeHidden, opts.includeSessions, opts.maxResults)
+	return runPwshJSON(ctx, script)
+}

internal/capabilities/power_user_test.go

@@ -0,0 +1,156 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+package capabilities
+
+import (
+	"context"
+	"encoding/json"
+	"runtime"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/RealWhyKnot/Handoff/internal/dispatch"
+)
+
+func TestParseTCPTestOptionsDefaultsAndClamps(t *testing.T) {
+	opts, err := parseTCPTestOptions(rawArgs(t, map[string]interface{}{
+		"target":     " example.com ",
+		"port":       443,
+		"timeout_ms": 20,
+	}))
+	if err != nil {
+		t.Fatalf("parseTCPTestOptions err = %v", err)
+	}
+	if opts.target != "example.com" {
+		t.Fatalf("target = %q, want example.com", opts.target)
+	}
+	if opts.port != 443 {
+		t.Fatalf("port = %d, want 443", opts.port)
+	}
+	if opts.timeoutMS != 1000 {
+		t.Fatalf("timeoutMS = %d, want lower clamp", opts.timeoutMS)
+	}
+
+	opts, err = parseTCPTestOptions(rawArgs(t, map[string]interface{}{
+		"target":     "example.com",
+		"port":       443,
+		"timeout_ms": 60000,
+	}))
+	if err != nil {
+		t.Fatalf("parseTCPTestOptions high timeout err = %v", err)
+	}
+	if opts.timeoutMS != 30000 {
+		t.Fatalf("timeoutMS = %d, want upper clamp", opts.timeoutMS)
+	}
+}
+
+func TestParseTCPTestOptionsRejectsBadInput(t *testing.T) {
+	_, err := parseTCPTestOptions(rawArgs(t, map[string]interface{}{
+		"target": "example.com; rm",
+		"port":   443,
+	}))
+	if err == nil || !strings.Contains(err.Error(), "target") {
+		t.Fatalf("target err = %v, want validation", err)
+	}
+
+	_, err = parseTCPTestOptions(rawArgs(t, map[string]interface{}{
+		"target": "example.com",
+		"port":   70000,
+	}))
+	if err == nil || !strings.Contains(err.Error(), "port") {
+		t.Fatalf("port err = %v, want validation", err)
+	}
+}
+
+func TestStorageDriveLetterArgNormalizesAndRejectsBadInput(t *testing.T) {
+	got, err := storageDriveLetterArg(rawArgs(t, map[string]interface{}{
+		"drive_letter": " c: ",
+	}))
+	if err != nil {
+		t.Fatalf("storageDriveLetterArg err = %v", err)
+	}
+	if got != "C" {
+		t.Fatalf("drive letter = %q, want C", got)
+	}
+
+	_, err = storageDriveLetterArg(rawArgs(t, map[string]interface{}{
+		"drive_letter": "System",
+	}))
+	if err == nil || !strings.Contains(err.Error(), "single letter") {
+		t.Fatalf("storageDriveLetterArg err = %v, want validation", err)
+	}
+}
+
+func TestPowerUserBoundedArgs(t *testing.T) {
+	if got := resourceTopArg(rawArgs(t, map[string]interface{}{"top": 500})); got != 50 {
+		t.Fatalf("resourceTopArg = %d, want 50", got)
+	}
+	if got := resourceTopArg(rawArgs(t, map[string]interface{}{"top": 0})); got != 10 {
+		t.Fatalf("resourceTopArg zero = %d, want default", got)
+	}
+	if got := startupMaxResultsArg(rawArgs(t, map[string]interface{}{"max_results": 5000})); got != 2000 {
+		t.Fatalf("startupMaxResultsArg = %d, want 2000", got)
+	}
+	if got := startupMaxResultsArg(rawArgs(t, map[string]interface{}{"max_results": -1})); got != 300 {
+		t.Fatalf("startupMaxResultsArg negative = %d, want default", got)
+	}
+
+	shares := parseNetSharesOptions(rawArgs(t, map[string]interface{}{
+		"include_hidden":   true,
+		"include_sessions": false,
+		"max_results":      5000,
+	}))
+	if !shares.includeHidden || shares.includeSessions || shares.maxResults != 1000 {
+		t.Fatalf("parseNetSharesOptions = %#v, want hidden=true sessions=false max=1000", shares)
+	}
+}
+
+func TestRegisterAllIncludesPowerUserKinds(t *testing.T) {
+	r := dispatch.New()
+	RegisterAll(r, nil)
+	kinds := map[string]bool{}
+	for _, kind := range r.Kinds() {
+		kinds[kind] = true
+	}
+	for _, want := range []string{
+		"net.tcp-test",
+		"storage.volumes",
+		"sys.resources",
+		"startup.list",
+		"net.shares",
+		"sec.local-admins",
+	} {
+		if !kinds[want] {
+			t.Fatalf("registered kinds missing %s in %#v", want, r.Kinds())
+		}
+	}
+}
+
+func TestPowerUserPowerShellCapabilitiesSmoke(t *testing.T) {
+	if runtime.GOOS != "windows" {
+		t.Skip("PowerShell-backed smoke test requires Windows")
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
+	defer cancel()
+	cases := []struct {
+		name string
+		fn   func(context.Context, map[string]json.RawMessage) (interface{}, error)
+		args map[string]json.RawMessage
+	}{
+		{"storage.volumes", storageVolumes, rawArgs(t, map[string]interface{}{"drive_letter": "C"})},
+		{"sys.resources", sysResources, rawArgs(t, map[string]interface{}{"top": 3})},
+		{"startup.list", startupList, rawArgs(t, map[string]interface{}{"max_results": 5})},
+		{"sec.local-admins", secLocalAdmins, rawArgs(t, map[string]interface{}{})},
+		{"net.shares", netShares, rawArgs(t, map[string]interface{}{"max_results": 5})},
+	}
+	for _, tc := range cases {
+		res, err := tc.fn(ctx, tc.args)
+		if err != nil {
+			t.Fatalf("%s err = %v", tc.name, err)
+		}
+		if res == nil {
+			t.Fatalf("%s returned nil result", tc.name)
+		}
+	}
+}