-
-
Notifications
You must be signed in to change notification settings - Fork 784
Feat/uac policy #309
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
bensheed
wants to merge
159
commits into
CursorTouch:feat/uac-policy
Choose a base branch
from
bensheed:feat/uac-policy
base: feat/uac-policy
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Feat/uac policy #309
Changes from all commits
Commits
Show all changes
159 commits
Select commit
Hold shift + click to select a range
c715fc4
feat(cli): nest service commands under 'service secure-desktop'
claude fc4a3d6
docs: update remaining 'service install' references to 'service secur…
claude 5a1faad
fix: import Center in desktop/service.py for UAC tree builder
claude 8a546c9
feat(service): drop PromptOnSecureDesktop=0 install side-effect
claude ad7ce2b
feat(service): add WINDOWS_MCP_SECURE_DESKTOP_POLICY + server-side en…
claude 53f6593
feat(tools): add WaitForUACPrompt MCP tool
claude 61ff807
feat(desktop): route Type and Drag through service on Secure Desktop
claude 582605a
feat(service): replace NULL pipe DACL with SYSTEM + console-user ACL
claude a385ce2
feat(service): refuse install when binary path is user-writable
claude 735a92e
test(vm-e2e): in-VM MCP-client harness driving WaitForUACPrompt
claude e617ad1
test(vm-e2e): add path B — Linux-side HTTP MCP client driver
claude c8b8f72
fix(vm-e2e): correct vncdotool command name + reroute via Start menu
claude 6bdc0de
test(vm-e2e): add kickoff.bat launcher under tests/manual/vm_e2e
claude e6fc35c
test(vm-e2e): expand suite to actually click Yes + verify policy enfo…
claude abbb7f4
test(vm-e2e): mirror kickoff.bat as run-tests.bat (no underscores in …
claude e73467a
fix(vm-e2e): make bootstrap robust to MS Store python stub + subshell…
claude b0dad84
chore(vm-e2e): gitignore per-run artifacts (results.json, *.log)
claude a09b13f
fix(vm-e2e): force TLS 1.2 before downloading uv install script
claude 3154501
fix(vm-e2e): write run_all.log locally then mirror to share
claude 11b2ea4
fix(vm-e2e): drop winget+Python; let uv install/manage its own Python
claude bacb51a
fix(vm-e2e): accept all certs in test VM (sandbox MITM proxy)
claude 32fefcd
fix(vm-e2e): pre-stage uv + Python installer on share (proxy-free boo…
claude 41b9735
fix(vm-e2e): treat stderr from native commands as info, not error
claude 7bc9ada
fix(vm-e2e): UV_INSECURE_HOST to bypass MITM proxy for uv sync
claude 8b882fa
fix(cli): replace Unicode arrows/em-dashes with ASCII in click.echo
claude 2a7a068
fix(vm-e2e): stop+delete prior service before re-staging the repo
claude a73699b
fix(vm-e2e): enable UAC + reboot if dockur disabled it
claude d0deb3a
fix(vm-e2e): swallow schtasks stderr via cmd /c (avoid PS error promo…
claude 55ea7fa
test(vm-e2e): include MCP tool error/reason in WaitForUACPrompt asser…
claude 0101de5
fix(service): retry pipe Open on transient ERROR_FILE_NOT_FOUND
claude bbf1bd2
fix(vm-e2e): fire UAC trigger via schtasks /IT to escape elevation in…
claude dd39d7d
fix(vm-e2e): switch UAC trigger to runas /trustlevel for non-elevated…
claude 15c7cba
fix(vm-e2e): launch mcp_client.py at medium integrity via runas /trus…
claude e04643d
fix(vm-e2e): wrap medium-int test invocation in batch file (no nested…
claude c599241
fix(vm-e2e): force ConsentPromptBehaviorAdmin=2 so Windows binaries t…
claude 256a020
refactor(vm-e2e): split harness into one-time setup + verify-only test
claude d444dca
chore(vm-e2e): drop pre-refactor harness cruft
claude 38520c3
fix(service): wait_for_uac_prompt must attach to WinSta0 first
claude 32facab
fix(service): retry uia tree fetch + fix test.ps1 server probe
claude edbca0f
fix(vm-e2e): wait for WindowsMCPHost to actually stop before re-staging
claude 4de4654
feat(service): user-session worker for Winlogon UIA (Session 0 isolat…
claude 015e50d
fix(service): drop CREATE_NEW_CONSOLE from CreateProcessAsUser flags
claude 5cc2aa4
feat(service): UIAccess-signed worker for cross-integrity Winlogon UIA
claude 176498f
feat(service): route all UIA dispatch via user-session worker + VM bu…
claude 22ee931
feat(service): in-CLI build + self-sign of UIAccess worker
claude 787dd30
fix(service): use -File + named params for PowerShell calls
claude f6aa88d
fix(service): forward UV_INSECURE_HOST to pip when bootstrapping PyIn…
claude f88030d
fix(service): use uv pip install for PyInstaller bootstrap
claude 4f153f3
fix(service): search per-user uv install locations when bootstrapping…
claude 425c293
fix(service): drop --collect-submodules comtypes from PyInstaller build
claude d9d03d2
fix(service): aggressive --exclude-module for PyInstaller analysis
claude d17a468
fix(vm-e2e): add Defender exclusion for PyInstaller build path
claude aca9f1b
fix(vm-e2e): force fresh wheel + INFO-level pyinstaller, 15min timeout
claude 3af2dbc
fix(service): bootstrap pip via ensurepip in uv-managed venvs
claude 763696b
fix(service): flush pipe buffer before DisconnectNamedPipe
claude 1904082
fix(service): CreateEnvironmentBlock lives in win32profile, not win32…
claude 1dd44b7
chore(gitignore): ignore vm_e2e dev helpers
claude e181adf
test(vm-e2e): retry WindowsMCPHost check for up to 60s
claude 67dc466
diag(vm-e2e): dump WaitForUACPrompt payload to share
claude 4eaf261
test(vm-e2e): copy mcp_client.py from share each run
claude 7de3e6f
fix(service): fall back to read-only desktop access when ALL_ACCESS f…
claude 8737878
fix(service): open Winlogon by name in user-session worker
claude 2450ef8
fix(service): spawn user-session worker directly on Winlogon for read…
claude 2bf7d0a
revert(service): drop lpDesktop=winsta0\\winlogon attempt
claude 0731d06
fix(service): broker hands worker a Winlogon desktop handle via stdin
claude a411ff3
fix(service): pass proc_handle directly to DuplicateHandle
claude 68ffdcd
fix(service): force-replace PyInstaller bootloader manifest after build
claude acc01da
fix(service): preserve PyInstaller PKG overlay across manifest replace
claude 6050a01
fix(service): delete existing manifest before adding ours
claude 9a0018f
chore(gitignore): ignore d.bat dev helper
claude f128684
fix(service): set TokenUIAccess=1 on spawn token before CreateProcess…
claude 66f728e
chore(gitignore): ignore q.bat dev helper
claude 660f205
fix(service): enable SeTcbPrivilege before SetTokenInformation(TokenU…
claude d1d309e
fix(service): declare ctypes argtypes so OpenProcessToken accepts the…
claude 3134e0e
fix(service): use win32api for manifest replace + verify uiAccess=true
claude 5d98e46
fix(service): drop UpdateResource delete loop that returned ERROR_INT…
claude 9c2d2b6
fix(service): declare argtypes on SetTokenInformation + GetTokenInfor…
claude 2c1e255
fix(service): declare argtypes on user32 desktop+window-station APIs
claude 199107c
diag(service): log OpenDesktopW failure at INFO so we can see the gle
claude 6cdb38c
feat(service): broker enumerates consent.exe hwnd, worker walks via E…
claude e1465b0
diag(service): list all enumerated Winlogon windows so we can see why…
claude bc6de8b
fix(service): wait for consent.exe HWND before accepting worker tree
claude 1a35d0a
fix(service): spawn user-session worker directly on Winlogon for read…
claude b638e5b
fix(service): impersonate user token around EnumDesktopWindows on Win…
claude 563510e
feat(service): temporarily loosen Winlogon DACL so worker can attach
claude fe233c0
docs(secure-desktop): document Win11 Winlogon DACL limit hit by tree-…
claude 92ccace
feat(service): try UIAccess+UIA-events path before DACL loosen
claude f7960d3
chore(gitignore): ignore additional vm_e2e dev helpers
claude f041312
feat(service): layer six cross-desktop probes + consent.exe identity …
claude a0f7f34
feat(service): add screenshot-based UAC fallback for Win11 hardening
claude 614b5b4
build(uia-worker): keep PIL in the worker bundle for screenshot fallback
claude 20165a7
fix(service): screenshot fallback runs in broker, not worker
claude 6c9b45a
feat(uac): disable PromptOnSecureDesktop on install + detect consent.…
claude 9919278
diag(uac): readback PromptOnSecureDesktop after write + log live value
claude 3be88b6
fix(uac): also set ConsentPromptBehaviorAdmin=5 so secure-desktop dis…
claude e4186ea
docs(uac): record iter 7 finding -- Win 11 25H2 ignores dual-flag fix…
claude f00d03c
fix(uac): iter-8 -- try ConsentPromptBehaviorAdmin=4 instead of 5
claude a3ff126
test(uac): add iter-8 one-shot validator (CPB=4 in Dockur)
claude 503fb64
chore(gitignore): ignore iter-8 trigger + result artifacts
claude bd67a1e
test(uac): kill straggler venv processes before uv sync in iter-8 val…
claude 2d3f948
test(uac): widen consent.exe poll to 90s for KVM-disabled VMs
claude 538237c
test(uac): fix desktop-name probe charset (was producing garbage)
claude 09ae5d0
test(uac): add iter8-probe.ps1 -- fast UAC-trigger + desktop-probe only
claude d26a04d
docs(uac): iter-8 CPB=4 empirically confirmed on Win 11 25H2 Dockur
claude bcb048a
refactor(secure-desktop): delete UIA worker install pipeline (tier-1 …
claude 57cc4b4
refactor(secure-desktop): delete Winlogon fallback paths (tier-2/3 cl…
claude 0ebef5f
refactor(secure-desktop): drop now-orphan helpers (tier-4 cleanup)
claude 0427650
docs(secure-desktop): trim iter-history prose from code docstrings
claude 9af4cff
fix(desktop): remove stale is_secure_desktop_active call sites
claude 96fff94
chore(gitignore): ignore fix-and-restart.bat VM helper
claude bf6f6e5
test(mcp_client): strip & accelerator when finding Yes/No buttons
claude 13757f5
test(mcp_client): dump full UAC tree to share when Yes button not found
claude b4b2870
test(mcp_client): print UAC tree dump to stderr (Path write to UNC si…
claude bd02db8
fix(uac): poll until consent.exe dialog appears in UIA tree
claude 0bab554
fix(uac): walk consent.exe via ElementFromHandle (cross-integrity)
claude 1f44807
test(mcp_client): write timestamped UAC tree dumps + ship broker log
claude b3d109b
diag(uac): bake worker lookup outcome into tree _diag so client can s…
claude 9d45563
chore(gitignore): exclude transient diagnostic bats + dump artifacts
claude 50f8da3
diag(mcp_client): include first 25 node names in failure detail
claude c4a668f
fix(uac): walk every visible HWND owned by consent.exe, not just the …
claude f07a37b
fix(uac): enumerate consent.exe's child windows too, not just top-level
claude c73b654
fix(uac): FindAll(ProcessId=consent_pid) to reach UIA-only buttons
claude aa350fd
diag(mcp_client): also write per-run timestamped results-allow_all-HH…
claude a3051c7
diag(mcp_client): surface worker _diag on WaitForUACPrompt assertion too
claude 6c81895
fix(uac): GetFocusedElement + walk-up to find consent.exe's button tree
claude 8c5bbc8
fix(uac): strategy A -- capture consent.exe via UIA FocusChanged events
claude 2302a24
chore(gitignore): untrack copylog.bat, ignore per-run e2e dumps
claude 2fe03b4
fix(uac): correct SendInput INPUT struct size for x64 (cbSize must be…
claude a9fb40b
chore(gitignore): ignore diag.bat + diag-out.txt deploy artifacts
claude 43dbcad
chore(gitignore): also ignore restart-host.bat
claude b71ecac
chore(gitignore): ignore copy-host-log.bat
claude 05df3f9
chore(gitignore): ignore dump-host-log.bat
claude 5799e3b
fix(uac): don't bail on transient Winlogon -- consent.exe check first
claude 23310c2
fix(uac): probe Yes/No via ElementFromPoint when walker has no children
claude 8a164ed
chore(lint): drop unused 'h' variable in point-probe helper
claude 8f01bd4
Revert "chore(lint): drop unused 'h' variable in point-probe helper"
claude 7a1915a
Revert "fix(uac): probe Yes/No via ElementFromPoint when walker has n…
claude 872844e
fix(uac): synthesize Yes/No nodes from dialog bbox when XAML hidden f…
claude 9cd21c8
fix(uac): correct synthesized Yes/No coords from observed Win 11 dial…
claude ee6b8ed
diag(uac): include synth-buttons outcome in node _diag
claude 17c2523
fix(uac): route Click through UIAccess worker when target is consent.exe
claude ffa0264
fix(uac): SendInput mouse-click fallback in uia_click_at for XAML but…
claude 3875ae0
chore(gitignore): ignore /run-setup.bat vm_e2e dev launcher
claude 811052d
fix(uac): pipe DACL boot race -- fall back to INTERACTIVE, not Admini…
claude 78e4668
test(vm_e2e): retry uv sync in setup.ps1 to survive proxy timeouts
claude bf2cdaf
test(vm_e2e): 300s server-wait + self-diagnostics on server-not-up
claude a8c9fad
test(vm_e2e): faster UAC trigger + longer WaitForUACPrompt wait
claude 04a15a2
chore(gitignore): ignore uac-diag.txt / server-diag.txt diagnostic dumps
claude a119641
fix(uac): bound WaitForUACPrompt worker loop by deadline; readable ho…
claude bf2ef1b
fix(uac): synthesize Yes/No on every consent-window path, not just El…
claude 5e2a8fc
chore(gitignore): ignore redeploy-worker.bat dev helper
claude 3f0e651
chore(gitignore): ignore copy-hostlog.bat + installed-sha.txt dev art…
claude 824fd7f
fix(uac): stop uia_get_tree timing out to an empty tree on slow VMs
claude fc73ce7
fix(uac): don't let ElementFromPoint type error skip the SendInput click
claude 481cdf5
refactor(uac): remove dead speculative code from secure-desktop path
claude 274a58a
test(vm_e2e): sync installed package from share before reboot-test
claude 969369f
fix(uac): enforce consent policy on every host-routed click
claude 936b228
chore(uac): drop test harness + docs from merge scope
claude 13199e2
Merge pull request #1 from bensheed/claude/fix-windows-mcp-236-Ei1uJ
bensheed File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
5. Policy denial masked click
🐞 Bug≡ CorrectnessAgent Prompt
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools