If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/OdysseusYuan/LKY_OfficeTools shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

AVOID — Looks unmaintained — solo project with stale commits

• GPL-3.0 licensed
• ⚠ Stale — last commit 2y ago
• ⚠ Solo or near-solo (1 contributor active in recent commits)
• ⚠ GPL-3.0 is copyleft — check downstream compatibility
• ⚠ No CI workflows detected
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live OdysseusYuan/LKY_OfficeTools repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/OdysseusYuan/LKY_OfficeTools.

What it runs against: a local clone of OdysseusYuan/LKY_OfficeTools — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in OdysseusYuan/LKY_OfficeTools | Confirms the artifact applies here, not a fork | | 2 | License is still GPL-3.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 837 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of OdysseusYuan/LKY_OfficeTools. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/OdysseusYuan/LKY_OfficeTools.git
#   cd LKY_OfficeTools
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of OdysseusYuan/LKY_OfficeTools and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "OdysseusYuan/LKY_OfficeTools(\\.git)?\\b" \\
  && ok "origin remote is OdysseusYuan/LKY_OfficeTools" \\
  || miss "origin remote is not OdysseusYuan/LKY_OfficeTools (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(GPL-3\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"GPL-3\\.0\"" package.json 2>/dev/null) \\
  && ok "license is GPL-3.0" \\
  || miss "license drift — was GPL-3.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "LKY_OfficeTools/OfficeTools.cs" \\
  && ok "LKY_OfficeTools/OfficeTools.cs" \\
  || miss "missing critical file: LKY_OfficeTools/OfficeTools.cs"
test -f "LKY_OfficeTools/Lib/Lib_OfficeDownload.cs" \\
  && ok "LKY_OfficeTools/Lib/Lib_OfficeDownload.cs" \\
  || miss "missing critical file: LKY_OfficeTools/Lib/Lib_OfficeDownload.cs"
test -f "LKY_OfficeTools/Lib/Lib_OfficeInstall.cs" \\
  && ok "LKY_OfficeTools/Lib/Lib_OfficeInstall.cs" \\
  || miss "missing critical file: LKY_OfficeTools/Lib/Lib_OfficeInstall.cs"
test -f "LKY_OfficeTools/Lib/Lib_OfficeActivate.cs" \\
  && ok "LKY_OfficeTools/Lib/Lib_OfficeActivate.cs" \\
  || miss "missing critical file: LKY_OfficeTools/Lib/Lib_OfficeActivate.cs"
test -f "LKY_OfficeTools/Lib/Lib_AppServiceHub.cs" \\
  && ok "LKY_OfficeTools/Lib/Lib_AppServiceHub.cs" \\
  || miss "missing critical file: LKY_OfficeTools/Lib/Lib_AppServiceHub.cs"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 837 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~807d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/OdysseusYuan/LKY_OfficeTools"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

LKY_OfficeTools is a Windows C# desktop application that automates downloading, installing, and activating the latest Microsoft Office versions with a single click. It detects OS architecture (x86/x64), handles multi-version cleanup, and performs legitimate KMS-based activation without modifying system files. The tool bundles Office ODT deployment, Aria2c downloader, and SaRA (Support and Recovery Assistant) SDK components. Monolithic console+WinForms desktop app: Common/ folder contains OS-level utilities (Com_ExeOS, Com_FileOS, Com_PrivilegeOS, Com_NetworkOS); Lib/ folder contains domain logic (Lib_OfficeDownload, Lib_OfficeInstall, Lib_OfficeActivate, Lib_Aria2c); Resource/ embeds config JSON (OfficeChannels.txt), process allowlists, and SDK bundles (.lotp format, likely encrypted payloads); entry point is OfficeTools.cs.

Windows users (individual and enterprise) who need to deploy fresh Office installations quickly on Windows 10 (1703+) or later; IT administrators managing clean system setups; developers wanting to understand Office automation and KMS activation mechanisms in C#.

Actively maintained with 5 copyright registrations (软著登字 nos. listed in README) and explicit support through Windows 10(1703) and later. No visible public CI/test suite in file structure; relies on manual testing on x86/x64 Windows variants. Repository appears stable for production Office deployment but lacks automated test infrastructure.

Single-maintainer project (Liu Kaiyuan) with no visible test automation, CI/CD pipeline, or issue tracking visible in file list. Tight coupling to Microsoft Office APIs and KMS activation mechanisms means Windows/Office updates could break functionality without regression tests. No dependency manifest visible—unclear if external packages (e.g., Aria2c, SaRA) are vendored or runtime-fetched, creating supply-chain risk.

No recent commit or PR data visible in provided metadata. Project claims active iteration and maintenance in README (© 2022–2024), but file structure shows stable feature set (download→install→activate pipeline complete). Likely in maintenance mode with periodic Windows/Office API updates rather than new feature development.

Clone the repo: git clone https://github.com/OdysseusYuan/LKY_OfficeTools.git. Open LKY_OfficeTools.sln in Visual Studio 2019+ (.NET Framework 4.x, inferred from App.config). Build the solution: dotnet build LKY_OfficeTools.sln or use Visual Studio IDE. Run LKY_OfficeTools.exe from the output folder with administrator privileges.

Daily commands: Command line: LKY_OfficeTools.exe (requires admin). GUI prompts user for: OS arch selection (x86/x64), Office components (Word, Excel, PowerPoint + optional Outlook, Teams, OneDrive, Visio, Project), activation confirmation. No CLI flags or config file override visible in file structure.

• LKY_OfficeTools/OfficeTools.cs — Main entry point and orchestrator—controls the entire application flow for downloading, installing, and activating Office.
• LKY_OfficeTools/Lib/Lib_OfficeDownload.cs — Core download engine using Aria2c; every contributor must understand how Office binaries are fetched and validated.
• LKY_OfficeTools/Lib/Lib_OfficeInstall.cs — Installation orchestrator that handles OS architecture detection, prerequisite validation, and silent Office deployment.
• LKY_OfficeTools/Lib/Lib_OfficeActivate.cs — Implements legitimate activation via KMS—the most legally and operationally sensitive component of the toolset.
• LKY_OfficeTools/Lib/Lib_AppServiceHub.cs — Central UI/service hub that coordinates all operations and manages user interaction and state display.
• LKY_OfficeTools/Common/Com_SystemOS.cs — System-level abstraction layer for OS detection, architecture checking, and platform-specific operations.
• LKY_OfficeTools/Lib/Lib_AppState.cs — Global application state machine tracking installation, activation, and error conditions throughout the lifecycle.

Add Support for a New Office Channel or Version

1. Update the Office channels metadata JSON in the bundled resource (LKY_OfficeTools/Resource/Json/OfficeChannels.txt)
2. If new components are available, register them in OfficeInfo detection logic (LKY_OfficeTools/Lib/Lib_OfficeInfo.cs)
3. Add channel-specific download URLs and validate in download module (LKY_OfficeTools/Lib/Lib_OfficeDownload.cs)
4. If installation behavior differs, extend the install orchestrator (LKY_OfficeTools/Lib/Lib_OfficeInstall.cs)
5. Test activation against the new version in activation module (LKY_OfficeTools/Lib/Lib_OfficeActivate.cs)

Add a New System Diagnostic Check

1. Implement the check logic in the appropriate Common module (e.g., Com_SystemOS, Com_PrivilegeOS, Com_ServiceOS) (LKY_OfficeTools/Common/Com_SystemOS.cs)
2. Expose the check result via Lib_AppState to track prerequisites (LKY_OfficeTools/Lib/Lib_AppState.cs)
3. Integrate the check into the main service hub initialization (LKY_OfficeTools/Lib/Lib_AppServiceHub.cs)
4. Add user-facing messaging for the check result (LKY_OfficeTools/Lib/Lib_AppMessage.cs)

Add a New Command-Line Option

1. Parse the new argument in the command handler (LKY_OfficeTools/Lib/Lib_AppCommand.cs)
2. Store the parsed option in the global state object (LKY_OfficeTools/Lib/Lib_AppState.cs)
3. Implement the corresponding business logic in the relevant Lib_* module (LKY_OfficeTools/Lib/Lib_OfficeDownload.cs)
4. Update logging to capture the option execution path (LKY_OfficeTools/Lib/Lib_AppLog.cs)

• C# / .NET Framework with Windows Forms — Native Windows desktop application enabling tight OS integration, direct registry/service access, and process management required for Office lifecycle control.
• Aria2c (bundled binary) — Lightweight, multi-threaded, resumable download engine; avoids dependency on heavy SDKs while providing robust parallel fetching of large Office binaries.
• KMS (Key Management Service) activation — Legitimate, non-invasive activation method that does not modify system files or install backdoors; operates within Microsoft's own activation infrastructure.
• Office Deployment Toolkit (ODT) bundling — Leverages Microsoft's official silent installation engine; ensures compatibility and reduces complexity of custom installation logic.
• JSON-based channel metadata — Decouples Office version/channel definitions from code; allows rapid version updates by simply refreshing metadata without recompilation.

• Windows-only, no Linux/macOS support
  • Why: Office itself is Windows-native; attempting cross-platform support would require emulation or licensing violations.
  • Consequence: undefined

1. KMS Activation Prerequisites: Lib_OfficeActivate.cs requires network access and valid KMS server connectivity; if behind corporate proxy or airgapped, activation fails silently. 2. Architecture Lock: Tool refuses to coexist with mismatched x86/x64 Office; uninstall prompts are destructive and non-recoverable. 3. Admin Elevation: Must run as Administrator; no graceful degradation for limited user contexts. 4. .lotp Format Mystery: SDK payload files (Activate.lotp, Aria2c.lotp, ODT.lotp, SaRA.lotp) are proprietary encrypted; cannot be edited/updated manually. 5. Windows 10 < 1703 Incompatible: Older versions silently rejected; no version check feedback before attempting install. 6. Office Processes Allowlist: Resource/Office_Processes.list must match running Office PIDs exactly; mismatch causes false process-kill warnings.

• KMS (Key Management Service) Activation — Core mechanism in Lib_OfficeActivate.cs; understanding KMS protocol (port 1688, 180-day grace, volume licensing) is essential to modify or debug Office license validation
• Microsoft Office Deployment Tool (ODT) & Office Configuration XML — Lib_OfficeInstall.cs invokes ODT for silent install; XML config syntax controls which components are installed and auto-updates; critical for customizing deployments
• User Access Control (UAC) Elevation & P/Invoke — Com_PrivilegeOS.cs uses Windows API interop to request admin rights; Office install/activation require elevated context; essential for understanding privilege escalation flow
• Metalink & Torrent-Like Multi-Source Downloads — Aria2c (integrated in Lib_Aria2c.cs) supports metalink files for parallel, resumable downloads of large Office ISO payloads; reduces single-point-of-failure risk for CDN
• Process Enumeration & Termination (Windows WMI/Win32API) — Lib_OfficeProcess.cs and Com_ExeOS.cs enumerate/kill Office processes before install to avoid file-in-use errors; requires precise PID matching against Resource/Office_Processes.list
• Office Architecture (x86 vs x64) Registry Heuristics — Lib_OfficeInfo.cs detects installed Office arch via registry keys (HKLM\Software\Microsoft\Office); tool blocks mixed-arch installs per Microsoft policy; understanding registry layout prevents false positives
• Signed Executables & Certificate Pinning (Resource/PublisherCert.cer) — Tool validates Microsoft-signed Office installers using embedded publisher certificate; Lib_AppSignCert.cs verifies payload authenticity; protects against malicious CDN injection

• YerongAI/Office-Tool — Direct competitor: also automates Office download/install/activation on Windows; different UI (XAML) and activation backend, useful reference for feature parity
• microsoft/ODT — Upstream dependency: Office Deployment Tool is the official Microsoft framework this tool wraps; source of truth for silent install syntax
• microsoft/Microsoft-Activation-Scripts — Ecosystem companion: alternative KMS activation approach; shows different C# patterns for Office license management
• aria2/aria2 — Embedded dependency: Aria2c is vendored or called as subprocess by Lib_Aria2c.cs; understanding aria2 options improves download reliability
• OdysseusYuan/Lib_Aria2c — Author's own repo (if public): likely contains reusable Aria2c wrapper code extracted from this project; check for shared patterns

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add comprehensive error handling and logging tests for Com_*.cs utility classes

The Common folder contains 9 critical utility classes (Com_ExeOS.cs, Com_FileOS.cs, Com_NetworkOS.cs, etc.) that handle system operations but appear to lack unit tests. These are foundational to Office download/install/activation workflows. Adding tests would catch regressions in critical paths like privilege elevation (Com_PrivilegeOS.cs), network operations (Com_NetworkOS.cs), and file operations (Com_FileOS.cs) which directly impact user success rates.

• [ ] Create LKY_OfficeTools.Tests project in the solution alongside LKY_OfficeTools.csproj
• [ ] Add unit tests for Com_PrivilegeOS.cs covering admin privilege detection and elevation scenarios
• [ ] Add unit tests for Com_NetworkOS.cs covering network availability checks and timeout handling
• [ ] Add unit tests for Com_FileOS.cs covering file I/O edge cases (permissions, disk space, path validation)
• [ ] Add unit tests for Com_SystemOS.cs covering OS version detection and architecture identification (critical for x86/x64 deployment)

Create GitHub Actions workflow for multi-platform build and release validation

The repo lacks CI/CD pipelines despite shipping binary releases (LKY_OfficeTools_v*.zip). Given the tool's critical role in Office deployment across Windows versions and architectures, an automated build workflow would prevent regressions. Currently, builds likely happen manually on developer machines, risking broken releases. A workflow should validate both x86 and x64 builds and verify signature validity against PublisherCert.cer.

• [ ] Create .github/workflows/build-release.yml to compile LKY_OfficeTools.sln on Windows runners
• [ ] Add build matrix for both x86 and x64 architectures to catch architecture-specific bugs early
• [ ] Validate app.manifest (Properties/app.manifest) and digital signature using PublisherCert.cer
• [ ] Verify all embedded resources (Resource/SDK/*.lotp, Resource/Json/OfficeChannels.txt, logo.ico) are included in build output
• [ ] Configure automated tagging and release artifact generation for GitHub Releases

Add XML documentation and generate API docs for Lib_*.cs public interfaces

The Lib folder contains 15 core library files (Lib_OfficeDownload.cs, Lib_OfficeInstall.cs, Lib_OfficeActivate.cs, etc.) that likely expose public APIs but appear undocumented. New contributors struggle to understand the activation flow, download orchestration, or service hub interactions. Adding XML doc comments and generating docs would lower the barrier to contribution and reduce support burden from maintainer.

• [ ] Add XML documentation comments (///) to all public classes and methods in Lib_OfficeDownload.cs, Lib_OfficeInstall.cs, and Lib_OfficeActivate.cs
• [ ] Document the activation workflow sequence across Lib_OfficeActivate.cs and Lib_AppServiceHub.cs with examples
• [ ] Add XML docs to Lib_Aria2c.cs explaining how download parallelization works and configuration options
• [ ] Configure DocFX or Sandcastle to auto-generate HTML documentation from XML comments
• [ ] Add generated docs to repo (docs/ folder) or publish to GitHub Pages for community visibility

• Add comprehensive unit tests for Common/ utilities (Com_FileOS.cs, Com_NetworkOS.cs, Com_ExeOS.cs) which currently have no visible test coverage. Start with file operation mocking in Com_FileOS for download path validation.
• Create a config schema validator: Resource/Json/OfficeChannels.txt has no schema enforcement; add JSON Schema + validation in a new Lib_ConfigValidation.cs to catch malformed channel metadata before runtime errors.
• Document the .lotp format reverse-engineering in a DEVELOPMENT.md file. The SDK payloads (Activate.lotp, Aria2c.lotp) are undocumented; clarify encryption method, extraction process, and update procedure for maintainability.

• High · Potential Code Injection via External SDK Files — LKY_OfficeTools/Resource/SDK/. The application loads external SDK files (.lotp files) from the Resource/SDK directory without apparent signature verification or sandboxing. These files (Activate.lotp, Aria2c.lotp, ODT.lotp, SaRA.lotp) could be modified or replaced to execute arbitrary code. Fix: Implement cryptographic signature verification for all SDK files before loading. Use embedded resources instead of external files, or implement a secure update mechanism with integrity checks.
• High · Privilege Escalation Risk via Administrative Operations — LKY_OfficeTools/Common/Com_PrivilegeOS.cs. The application performs Office installation and activation which require administrative privileges. The Com_PrivilegeOS.cs module handles privilege escalation, but without visible code review, there's risk of privilege escalation vulnerabilities or UAC bypass techniques. Fix: Ensure minimal privilege operations, implement proper UAC handling, request only necessary privileges, and log all administrative operations for audit trails.
• High · Unverified Network Downloads without Pinning — LKY_OfficeTools/Common/Com_NetworkOS.cs, LKY_OfficeTools/Common/Com_WebOS.cs. The application downloads Office installation files and external resources via Com_NetworkOS.cs and Com_WebOS.cs without apparent SSL certificate pinning or checksum verification visible in the file structure. Fix: Implement SSL/TLS certificate pinning, verify SHA-256/SHA-512 checksums of downloaded files against a secure manifest, and use HTTPS exclusively.
• Medium · Potential Command Injection via External Processes — LKY_OfficeTools/Common/Com_ExeOS.cs. The Com_ExeOS.cs module executes external processes (aria2c, SaRA, ODT). If command arguments are not properly sanitized or validated, command injection attacks are possible. Fix: Use parameterized process creation APIs instead of shell interpretation, validate and sanitize all user inputs before passing to external processes, use allowlists for executable paths.
• Medium · Hardcoded Activation Credentials or Keys Risk — LKY_OfficeTools/Lib/Lib_OfficeActivate.cs, LKY_OfficeTools/Resource/SDK/Activate.lotp. The Lib_OfficeActivate.cs and Resource/SDK/Activate.lotp modules handle Office activation. Embedded activation keys or credentials in code/resources could be extracted and abused. Fix: Never embed activation keys or credentials. If using legitimate Microsoft APIs, use proper OAuth2 flows. Implement secure key management and consider server-side activation validation.
• Medium · Unvalidated File Operations and Path Traversal — LKY_OfficeTools/Common/Com_FileOS.cs. Com_FileOS.cs handles file operations for Office installation. Without proper path validation, directory traversal attacks could lead to unauthorized file access or modification. Fix: Validate all file paths using canonicalization, implement allowlists for writable directories, reject paths containing '..', and use Path.GetFullPath() with validation.
• Medium · Missing Input Validation in Configuration Parsing — LKY_OfficeTools/Resource/Json/OfficeChannels.txt. OfficeChannels.txt and configuration files are parsed without visible input validation. JSON/configuration injection attacks could modify installation behavior. Fix: Implement strict JSON schema validation, use safe JSON parsing libraries with size limits, validate all configuration values against whitelists.
• Medium · Insufficient Logging and Audit Trail — LKY_OfficeTools/Lib/Lib_AppLog.cs. Lib_AppLog.cs exists but the security-critical operations (privilege escalation, external downloads, activation) may not have comprehensive audit logging visible. Fix: Log all security-critical operations with timestamps and user context, implement log rotation, use cryptographic log integrity, prevent log tampering.
• Low · Certificate Validation in Publisher — undefined. PublisherCert. Fix: undefined

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.