vibecodingmachine-core 2026.2.20-438 → 2026.2.26-1739

package/src/agents/WindowsPermissionHandler.js

@@ -0,0 +1,518 @@
+/**
+ * Windows Permission Handler
+ * 
+ * Handles Windows-specific permission operations and elevation.
+ * Follows constitutional requirements: <555 lines, test-first approach.
+ */
+
+const { exec } = require('child_process');
+const fs = require('fs').promises;
+const os = require('os');
+
+/**
+ * Windows Permission Handler class
+ */
+class WindowsPermissionHandler {
+  /**
+   * Create permission handler instance
+   * @param {Object} options - Handler options
+   */
+  constructor(options = {}) {
+    this.logger = options.logger || null;
+    this.dryRun = options.dryRun || false;
+    this.autoElevate = options.autoElevate || false;
+    
+    // Windows-specific constants
+    this.isAdmin = this.checkIsAdmin();
+    this.platform = os.platform();
+  }
+
+  /**
+   * Check if running as administrator
+   * @returns {boolean} - Whether running as admin
+   */
+  checkIsAdmin() {
+    if (this.platform !== 'win32') {
+      return false;
+    }
+
+    try {
+      // Try to read a protected directory
+      fs.accessSync('C:\\Windows\\System32\\config', fs.constants.R_OK);
+      return true;
+    } catch (error) {
+      return false;
+    }
+  }
+
+  /**
+   * Request elevation for operations requiring admin privileges
+   * @param {string} operation - Description of operation
+   * @param {Function} callback - Function to execute with elevated privileges
+   * @returns {Promise<Object>} - Elevation result
+   */
+  async requestElevation(operation, callback) {
+    if (this.platform !== 'win32') {
+      return {
+        success: false,
+        error: 'Windows permission handler only works on Windows',
+        elevated: false
+      };
+    }
+
+    if (this.isAdmin) {
+      // Already running as admin, execute directly
+      try {
+        const result = await callback();
+        return {
+          success: true,
+          result,
+          elevated: false,
+          message: 'Operation completed with existing admin privileges'
+        };
+      } catch (error) {
+        return {
+          success: false,
+          error: error.message,
+          elevated: false
+        };
+      }
+    }
+
+    if (!this.autoElevate) {
+      return {
+        success: false,
+        error: 'Admin privileges required but auto-elevation is disabled',
+        elevated: false
+      };
+    }
+
+    // Create elevation script
+    const scriptContent = this.createElevationScript(operation, callback);
+    const scriptPath = await this.writeElevationScript(scriptContent);
+    
+    try {
+      const result = await this.executeElevatedScript(scriptPath);
+      return {
+        success: true,
+        result,
+        elevated: true,
+        message: 'Operation completed with elevated privileges'
+      };
+    } catch (error) {
+      return {
+        success: false,
+        error: error.message,
+        elevated: true
+      };
+    } finally {
+      // Cleanup script
+      await this.cleanupScript(scriptPath);
+    }
+  }
+
+  /**
+   * Create PowerShell elevation script
+   * @param {string} operation - Operation description
+   * @param {Function} callback - Callback function
+   * @returns {string} - PowerShell script content
+   */
+  createElevationScript(operation, callback) {
+    const callbackString = callback.toString();
+    
+    return `
+# Elevated PowerShell Script for: ${operation}
+param(
+    [string]$Operation = "${operation}",
+    [string]$Callback = '${callbackString.replace(/'/g, "''")}'
+)
+
+# Check if running as administrator
+$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
+
+if (-not $isAdmin) {
+    Write-Host "This script requires administrator privileges."
+    exit 1
+}
+
+try {
+    # Execute the callback function
+    $result = & ([ScriptBlock]::Create([string]::Concat('return ', $Callback)))
+    
+    # Return result as JSON
+    $result | ConvertTo-Json -Depth 10
+    exit 0
+} catch {
+    Write-Host "Error: $($_.Exception.Message)"
+    exit 1
+}
+    `.trim();
+  }
+
+  /**
+   * Write elevation script to temporary file
+   * @param {string} scriptContent - Script content
+   * @returns {Promise<string>} - Script file path
+   */
+  async writeElevationScript(scriptContent) {
+    const tempDir = os.tmpdir();
+    const scriptName = `elevate-${Date.now()}.ps1`;
+    const scriptPath = `${tempDir}\\${scriptName}`;
+    
+    await fs.writeFile(scriptPath, scriptContent, 'utf8');
+    
+    if (this.logger) {
+      this.logger.debug('Created elevation script', { scriptPath });
+    }
+    
+    return scriptPath;
+  }
+
+  /**
+   * Execute elevated script
+   * @param {string} scriptPath - Path to script
+   * @returns {Promise<Object>} - Execution result
+   */
+  async executeElevatedScript(scriptPath) {
+    return new Promise((resolve, reject) => {
+      const powershell = 'powershell.exe';
+      const args = [
+        '-ExecutionPolicy', 'Bypass',
+        '-WindowStyle', 'Hidden',
+        '-File', `"${scriptPath}"`
+      ];
+
+      if (this.dryRun) {
+        resolve({ message: 'Dry run: would execute elevated script', args });
+        return;
+      }
+
+      const child = exec(`${powershell} ${args.join(' ')}`, {
+        cwd: process.cwd(),
+        env: { ...process.env }
+      });
+
+      let stdout = '';
+      let stderr = '';
+
+      child.stdout?.on('data', (data) => {
+        stdout += data.toString();
+      });
+
+      child.stderr?.on('data', (data) => {
+        stderr += data.toString();
+      });
+
+      child.on('close', (code) => {
+        if (code === 0) {
+          try {
+            const result = JSON.parse(stdout);
+            resolve(result);
+          } catch (parseError) {
+            reject(new Error(`Failed to parse elevated script result: ${parseError.message}`));
+          }
+        } else {
+          reject(new Error(`Elevated script failed with code ${code}: ${stderr}`));
+        }
+      });
+
+      child.on('error', (error) => {
+        reject(new Error(`Failed to execute elevated script: ${error.message}`));
+      });
+    });
+  }
+
+  /**
+   * Cleanup temporary script
+   * @param {string} scriptPath - Path to script
+   */
+  async cleanupScript(scriptPath) {
+    try {
+      await fs.unlink(scriptPath);
+      
+      if (this.logger) {
+        this.logger.debug('Cleaned up elevation script', { scriptPath });
+      }
+    } catch (error) {
+      if (this.logger) {
+        this.logger.warn('Failed to cleanup elevation script', { 
+          scriptPath, 
+          error: error.message 
+        });
+      }
+    }
+  }
+
+  /**
+   * Check file permissions
+   * @param {string} filePath - Path to file
+   * @returns {Promise<Object>} - Permission information
+   */
+  async checkFilePermissions(filePath) {
+    const result = {
+      exists: false,
+      readable: false,
+      writable: false,
+      executable: false,
+      owner: null,
+      permissions: null,
+      error: null
+    };
+
+    try {
+      const stats = await fs.stat(filePath);
+      result.exists = true;
+      result.permissions = stats.mode;
+      
+      // Check read permissions
+      await fs.access(filePath, fs.constants.R_OK);
+      result.readable = true;
+      
+      // Check write permissions
+      await fs.access(filePath, fs.constants.W_OK);
+      result.writable = true;
+      
+      // Check execute permissions
+      await fs.access(filePath, fs.constants.X_OK);
+      result.executable = true;
+      
+    } catch (error) {
+      result.error = error.message;
+      
+      // Partial information might still be available
+      if (error.code !== 'ENOENT') {
+        try {
+          const stats = await fs.stat(filePath);
+          result.exists = true;
+          result.permissions = stats.mode;
+        } catch (statError) {
+          // No file information available
+        }
+      }
+    }
+
+    return result;
+  }
+
+  /**
+   * Grant file permissions
+   * @param {string} filePath - Path to file
+   * @param {Object} permissions - Permissions to grant
+   * @returns {Promise<Object>} - Grant result
+   */
+  async grantFilePermissions(filePath, permissions = {}) {
+    const { readable = true, writable = true, executable = false } = permissions;
+    
+    const result = {
+      success: false,
+      grantedPermissions: [],
+      errors: []
+    };
+
+    if (this.platform !== 'win32') {
+      result.errors.push('Permission granting only supported on Windows');
+      return result;
+    }
+
+    try {
+      // Use icacls to modify permissions
+      const commands = [];
+      
+      if (readable) {
+        commands.push(`icacls "${filePath}" /grant "${process.env.USERNAME || 'Everyone'}":R`);
+        result.grantedPermissions.push('read');
+      }
+      
+      if (writable) {
+        commands.push(`icacls "${filePath}" /grant "${process.env.USERNAME || 'Everyone'}":W`);
+        result.grantedPermissions.push('write');
+      }
+      
+      if (executable) {
+        commands.push(`icacls "${filePath}" /grant "${process.env.USERNAME || 'Everyone'}":X`);
+        result.grantedPermissions.push('execute');
+      }
+
+      for (const command of commands) {
+        if (this.dryRun) {
+          result.grantedPermissions.push('dry-run');
+          continue;
+        }
+
+        await this.executeCommand(command);
+      }
+
+      result.success = true;
+      
+      if (this.logger) {
+        this.logger.info('Granted file permissions', {
+          filePath,
+          grantedPermissions: result.grantedPermissions
+        });
+      }
+
+    } catch (error) {
+      result.errors.push(error.message);
+      
+      if (this.logger) {
+        this.logger.error('Failed to grant file permissions', {
+          filePath,
+          error: error.message
+        });
+      }
+    }
+
+    return result;
+  }
+
+  /**
+   * Check directory permissions
+   * @param {string} dirPath - Path to directory
+   * @returns {Promise<Object>} - Permission information
+   */
+  async checkDirectoryPermissions(dirPath) {
+    const result = {
+      exists: false,
+      readable: false,
+      writable: false,
+      traversable: false,
+      permissions: null,
+      error: null
+    };
+
+    try {
+      const stats = await fs.stat(dirPath);
+      result.exists = true;
+      result.permissions = stats.mode;
+      
+      // Check read permissions
+      await fs.access(dirPath, fs.constants.R_OK);
+      result.readable = true;
+      
+      // Check write permissions
+      await fs.access(dirPath, fs.constants.W_OK);
+      result.writable = true;
+      
+      // Check traverse permissions
+      await fs.access(dirPath, fs.constants.X_OK);
+      result.traversable = true;
+      
+    } catch (error) {
+      result.error = error.message;
+      
+      if (error.code !== 'ENOENT') {
+        try {
+          const stats = await fs.stat(dirPath);
+          result.exists = true;
+          result.permissions = stats.mode;
+        } catch (statError) {
+          // No directory information available
+        }
+      }
+    }
+
+    return result;
+  }
+
+  /**
+   * Execute command with proper error handling
+   * @param {string} command - Command to execute
+   * @returns {Promise<Object>} - Execution result
+   */
+  async executeCommand(command) {
+    return new Promise((resolve, reject) => {
+      exec(command, (error, stdout, stderr) => {
+        if (error) {
+          reject(error);
+        } else {
+          resolve({ stdout, stderr });
+        }
+      });
+    });
+  }
+
+  /**
+   * Get permission recommendations
+   * @param {string} filePath - Path to analyze
+   * @returns {Promise<Object>} - Recommendations
+   */
+  async getPermissionRecommendations(filePath) {
+    const permissions = await this.checkFilePermissions(filePath);
+    const recommendations = {
+      needsElevation: false,
+      suggestedActions: [],
+      warnings: []
+    };
+
+    if (!permissions.exists) {
+      recommendations.suggestedActions.push('File does not exist - check path');
+      return recommendations;
+    }
+
+    if (!permissions.readable) {
+      recommendations.needsElevation = true;
+      recommendations.suggestedActions.push('Run as administrator to read file');
+      recommendations.warnings.push('File is not readable');
+    }
+
+    if (!permissions.writable) {
+      recommendations.needsElevation = true;
+      recommendations.suggestedActions.push('Run as administrator to modify file');
+      recommendations.warnings.push('File is not writable');
+    }
+
+    // Check if file is in protected directory
+    const protectedPaths = [
+      'C:\\Windows',
+      'C:\\Program Files',
+      'C:\\Program Files (x86)',
+      'C:\\ProgramData'
+    ];
+
+    const normalizedPath = filePath.toLowerCase();
+    const isInProtectedPath = protectedPaths.some(protected => 
+      normalizedPath.startsWith(protected.toLowerCase())
+    );
+
+    if (isInProtectedPath) {
+      recommendations.needsElevation = true;
+      recommendations.suggestedActions.push('Administrator privileges required for protected directories');
+      recommendations.warnings.push('File is in protected system directory');
+    }
+
+    return recommendations;
+  }
+
+  /**
+   * Get current permission status
+   * @returns {Object} - Current status
+   */
+  getCurrentStatus() {
+    return {
+      platform: this.platform,
+      isAdmin: this.isAdmin,
+      autoElevate: this.autoElevate,
+      dryRun: this.dryRun,
+      username: process.env.USERNAME || 'Unknown',
+      canElevate: this.platform === 'win32' && !this.isAdmin
+    };
+  }
+
+  /**
+   * Configure permission handler
+   * @param {Object} config - Configuration options
+   */
+  configure(config = {}) {
+    if (config.autoElevate !== undefined) this.autoElevate = config.autoElevate;
+    if (config.dryRun !== undefined) this.dryRun = config.dryRun;
+    
+    if (this.logger) {
+      this.logger.info('Updated permission handler configuration', {
+        autoElevate: this.autoElevate,
+        dryRun: this.dryRun
+      });
+    }
+  }
+}
+
+module.exports = WindowsPermissionHandler;