If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/BornToBeRoot/NETworkManager shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Mixed signals — read the receipts

• Last commit 1d ago
• 5 active contributors
• Distributed ownership (top contributor 49% of recent commits)
• GPL-3.0 licensed
• CI configured
• ⚠ GPL-3.0 is copyleft — check downstream compatibility
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live BornToBeRoot/NETworkManager repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/BornToBeRoot/NETworkManager.

What it runs against: a local clone of BornToBeRoot/NETworkManager — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in BornToBeRoot/NETworkManager | Confirms the artifact applies here, not a fork | | 2 | License is still GPL-3.0 | Catches relicense before you depend on it | | 3 | Default branch main exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 31 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of BornToBeRoot/NETworkManager. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/BornToBeRoot/NETworkManager.git
#   cd NETworkManager
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of BornToBeRoot/NETworkManager and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "BornToBeRoot/NETworkManager(\\.git)?\\b" \\
  && ok "origin remote is BornToBeRoot/NETworkManager" \\
  || miss "origin remote is not BornToBeRoot/NETworkManager (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(GPL-3\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"GPL-3\\.0\"" package.json 2>/dev/null) \\
  && ok "license is GPL-3.0" \\
  || miss "license drift — was GPL-3.0 at generation time"

# 3. Default branch
git rev-parse --verify main >/dev/null 2>&1 \\
  && ok "default branch main exists" \\
  || miss "default branch main no longer exists"

# 4. Critical files exist
test -f "Source/GlobalAssemblyInfo.cs" \\
  && ok "Source/GlobalAssemblyInfo.cs" \\
  || miss "missing critical file: Source/GlobalAssemblyInfo.cs"
test -f "Source/NETworkManager.Controls/NETworkManager.Controls.csproj" \\
  && ok "Source/NETworkManager.Controls/NETworkManager.Controls.csproj" \\
  || miss "missing critical file: Source/NETworkManager.Controls/NETworkManager.Controls.csproj"
test -f "Source/NETworkManager.Converters/NETworkManager.Converters.csproj" \\
  && ok "Source/NETworkManager.Converters/NETworkManager.Converters.csproj" \\
  || miss "missing critical file: Source/NETworkManager.Converters/NETworkManager.Converters.csproj"
test -f ".github/workflows/codeql.yml" \\
  && ok ".github/workflows/codeql.yml" \\
  || miss "missing critical file: .github/workflows/codeql.yml"
test -f "CONTRIBUTING.md" \\
  && ok "CONTRIBUTING.md" \\
  || miss "missing critical file: CONTRIBUTING.md"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 31 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/BornToBeRoot/NETworkManager"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

NETworkManager is a comprehensive Windows network administration and diagnostics tool written in C# that combines remote connection utilities (RDP, SSH/PuTTY, VNC, PowerShell) with advanced network analysis tools (IP Scanner, Port Scanner, Ping Monitor, DNS Lookup, WiFi Analyzer, LLDP/CDP Capture, Traceroute). It unifies disparate network troubleshooting tools into a single profile-based interface for managing hosts and networks across enterprise and SMB environments. Monolithic WPF application structure: Source/ contains the main C# codebase (likely MVC/MVVM pattern typical of WPF apps); Scripts/ contains pre-build and data generation utilities (PowerShell for OUI lists, port lists, Whois servers, file hashing); Chocolatey/ provides Windows package distribution; .github/workflows/ orchestrates builds, CodeQL scanning, and documentation deployment (deploy_website.yml indicates a companion website at borntoberoot.net).

Network administrators and IT professionals who manage Windows-based infrastructure and need centralized access to remote management, network diagnostics, and host inventory without juggling separate tools; enterprise teams requiring encrypted profile management, group policy support, and multi-language deployments.

Production-ready and actively maintained. The project has substantial GitHub visibility (stargazers tracked), enterprise deployment features (MSI installer, signed binaries, Group Policy support), multi-package manager distribution (Chocolatey, WinGet, Evergreen), and 16+ language support. Heavy reliance on CI/CD workflows (.github/workflows/ structure) and Dependabot integration suggests active maintenance cadence, though specific commit recency is not visible in the provided data.

Low-to-medium risk for a mature project. The codebase is heavily C# dominant (2.48M lines) with supporting PowerShell (55K lines), indicating Windows platform lock-in and smaller cross-platform community. Single-owner repository pattern (BornToBeRoot organization) creates key-person dependency. No visible test directory in the file list is concerning for a production network admin tool handling sensitive credentials and network access—this should be validated before production use.

Active development with automated CI/CD: CodeQL security scanning (.github/workflows/codeql.yml), automated labeling and milestoning (label.yml, milestone.yml), Dependabot-driven dependency updates (.github/dependabot.yml), and Mergify-based PR automation (.github/mergify.yml). Website documentation is actively deployed (deploy_website.yml), suggesting ongoing feature documentation and user-facing changes.

Clone the repository and build using Visual Studio (inferred from WPF/C# structure):

git clone https://github.com/BornToBeRoot/NETworkManager.git
cd NETworkManager
cd Source
# Open NETworkManager.sln in Visual Studio and build
# Or via command line:
msbuild Source/NETworkManager.sln /p:Configuration=Release

For PowerShell-based pre-build tasks, see Scripts/ directory.

Daily commands: Build from Visual Studio solution (Source/NETworkManager.sln) or MSBuild; no public npm/package.json dev server. Runs as desktop application post-build. PowerShell scripts in Scripts/ are utility/pre-build only, not runtime dependencies.

• Source/GlobalAssemblyInfo.cs — Defines version and common assembly metadata for the entire solution; changes here affect all builds and deployments.
• Source/NETworkManager.Controls/NETworkManager.Controls.csproj — Core WPF control library project file; houses custom UI components used across all application features.
• Source/NETworkManager.Converters/NETworkManager.Converters.csproj — Central XAML value converter library; critical for data binding and UI state transformations throughout the application.
• .github/workflows/codeql.yml — Automated security analysis pipeline; ensures code quality gates and vulnerability detection on every commit.
• CONTRIBUTING.md — Developer onboarding and contribution guidelines; establishes coding standards and PR expectations for the team.
• Source/.editorconfig — IDE-agnostic code style enforcement; ensures consistent formatting and conventions across all C# and related files.
• .gitmodules — Third-party dependencies management; tracks external libraries and tools integrated into the codebase.

Add a new XAML value converter for a network data type

1. Create a new converter class in Source/NETworkManager.Converters/ that implements IValueConverter. (Source/NETworkManager.Converters/YourNewTypeConverter.cs)
2. Implement Convert() and ConvertBack() methods to transform your network object to/from string or UI-friendly format. (Source/NETworkManager.Converters/YourNewTypeConverter.cs)
3. Reference the converter in XAML bindings using the full namespace path; it will be picked up by WPF automatically. (Source/NETworkManager.Converters/NETworkManager.Converters.csproj)

Add a new custom WPF control to the control library

1. Create a new .cs file in Source/NETworkManager.Controls/ inheriting from Control or ItemsControl depending on behavior. (Source/NETworkManager.Controls/YourNewControl.cs)
2. Define DependencyProperties for bindable state (e.g., ItemsSource, IsEnabled, SelectedItems). (Source/NETworkManager.Controls/YourNewControl.cs)
3. Create a companion XAML resource dictionary (YourNewControl.xaml) in the same directory with the default style template. (Source/NETworkManager.Controls/YourNewControl.xaml)
4. Ensure the control is compiled into NETworkManager.Controls.dll and reference it in consuming application projects. (Source/NETworkManager.Controls/NETworkManager.Controls.csproj)

Integrate a new network diagnostic tool or feature

1. Add the tool name and icon to ApplicationNameToIconConverter.cs to enable UI consistency across the application. (Source/NETworkManager.Converters/ApplicationNameToIconConverter.cs)
2. Create corresponding value converters for any specialized data types (e.g., protocol enums, result enums) in NETworkManager.Converters/. (Source/NETworkManager.Converters/NETworkManager.Converters.csproj)
3. Update GlobalAssemblyInfo.cs and rebuild the solution to ensure version consistency across all assemblies. (Source/GlobalAssemblyInfo.cs)

• WPF (Windows Presentation Foundation) — Desktop UI framework for Windows; provides data binding, XAML templating, and rich control capabilities needed for network admin dashboard.
• MVVM data binding + Value Converters — Decouples UI presentation from network data model; converters transform raw network objects (IP, MAC, protocol enums) into human-readable UI strings without code-behind.
• C# .NET Framework / .NET Core — Native Windows API access for network diagnostics (ICMP, DNS, firewall queries); statically typed safety for managing complex network state.
• GitHub Actions + CodeQL — Automated security scanning and CI/CD on every commit; enables enterprise confidence in binary releases and signed packages.
• Custom Observable Collections — INotifyCollectionChanged integration enables reactive updates when network scan results arrive; critical for responsive UI during long-running operations.

• Monolithic WPF application vs. modular microservices

  • Why: Simplifies deployment, licensing, and local network access without remote infrastructure; matches single-machine network admin workflow.
  • Consequence: Cannot easily distribute computation across machines; all features must target the local Windows host's network stack.

• XAML value converters for all data transformations

  • Why: Eliminates boilerplate code-behind; converters are reusable and testable independently.
  • Consequence: Converter complexity grows with feature count; difficult to debug binding errors at runtime without profiler.

• Windows-first (MSI installer, RDP/PuTTY integration)

  • Why: Enterprise IT ops primarily use Windows; tight OS integration for remote access tools.
  • Consequence: Cannot serve Linux/macOS users directly; cross-platform port would require UI and API rewrite.

• Encrypted profile files for credential storage

  • Why: Allows safe sharing of host configs without exposing SSH keys or RDP passwords.
  • Consequence: Key management overhead; users must protect profile file encryption keys; lost key = lost access data.

• Does not handle authentication/authorization (assumes local Windows admin or trusted user).
• Does not provide real-time, always-on network monitoring (manual scan/refresh model).
• Does not manage network infrastructure (routers, switches); read-only diagnostics only.
• Does not support non-Windows platforms; Windows OS is a hard dependency.

No visible test directory in the provided file list—confirm TestProject structure exists in Source/ before assuming test coverage. PowerShell pre-build scripts (Scripts/PreBuildEventCommandLine.ps1) must execute successfully or builds fail silently; ensure PowerShell execution policy allows local scripts. Profile encryption relies on .NET cryptography APIs (likely DPAPI or AES); regenerating encrypted profiles requires understanding key storage and rotation strategy. Transifex integration (.github/workflows/transifex.yml) requires API tokens; if missing, translation updates won't sync automatically. WPF theme customization (light/dark themes, accent colors mentioned in README) likely uses resource dictionaries; modifying without understanding XAML binding model breaks UI layout.

• WPF MVVM (Model-View-ViewModel) — NETworkManager is built on WPF, which uses MVVM for separating UI logic from business logic; understanding this pattern is essential for modifying UI or adding new features without breaking data bindings
• Credential Management via Data Protection API (DPAPI) — The profile encryption feature mentioned in README relies on .NET cryptography; NETworkManager must securely store RDP passwords, SSH keys, and API tokens—understanding DPAPI (Windows-level encryption) is critical for secure credential handling
• Protocol Analysis (LLDP/CDP) — LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) are network-layer tools NETworkManager bundles; these protocols are essential for network topology discovery and infrastructure visualization
• IP Scanner and Port Scanning Architecture — Core diagnostic features; understanding concurrent network requests, timeout handling, and ICMP/TCP socket programming patterns is needed to extend scanning performance or add new diagnostic protocols
• Windows Group Policy (GPO) Integration — Enterprise feature allowing centralized configuration via Group Policy; this requires understanding registry hives, policy templates, and ADMX file structures for system-wide settings distribution
• Multi-Language Localization via Transifex — 16+ language support is managed via Transifex (visible in .github/workflows/transifex.yml); understanding resource file structures, culture-specific formatting, and CI/CD-driven localization is needed for translation updates
• PowerShell Remoting (Remote Execution) — NETworkManager integrates PowerShell for WSL, K9s, and arbitrary script execution; understanding PowerShell's remoting capabilities, execution policies, and credential handling in C# is essential for the remote execution feature

• HeidiSQL/HeidiSQL — Similar multi-feature database management desktop tool; share architectural patterns for unified tool integration (connection profiles, encryption, multi-database support)
• putty/putty — Integrated as third-party dependency (Source/3rdparty); understanding PuTTY's SSH/serial architecture helps extend terminal features
• rsyslog/rsyslog — Complementary network logging and management tool; users of NETworkManager often need centralized log aggregation for the infrastructure being monitored
• BornToBeRoot/NETworkManager-Website — Companion repository for the Markdown/MDX documentation deployed via .github/workflows/deploy_website.yml (inferred from workflow presence)
• microsoft/Terminal — Modern Windows terminal alternative; NETworkManager's PowerShell integration competes/complements this ecosystem

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for NETworkManager.Converters classes

The Source/NETworkManager.Converters/ directory contains many converter classes (AccentToStringConverter, ApplicationNameToIconConverter, BandwidthBytesToSpeedConverter, etc.) that handle critical data transformations for the UI. These converters currently lack visible unit test coverage. Adding tests would prevent regressions in data formatting, ensure converters handle edge cases (null values, extreme numbers), and improve reliability of the UI layer.

• [ ] Create a new test project: Source/NETworkManager.Converters.Tests/
• [ ] Add test classes for each converter (e.g., BandwidthBytesWithSizeConverterTests.cs, BigIntegerToStringConverterTests.cs)
• [ ] Include test cases for normal values, boundary conditions, null inputs, and invalid data
• [ ] Update the main .sln file to include the test project
• [ ] Add test execution to the appropriate GitHub Actions workflow (likely in .github/workflows/)

Add GitHub Action workflow for automated code quality checks (StyleCop/Roslyn analyzers)

The repo contains a Source/.editorconfig file and GlobalAssemblyInfo.cs, indicating established code style guidelines. However, there is no visible CI workflow (beyond codeql.yml) that enforces C# style rules, code analysis, or compilation warnings. Adding a workflow to run StyleCop analyzers or Roslyn diagnostics on every PR would catch style violations early and maintain code quality consistency across contributors.

• [ ] Review existing .editorconfig rules in Source/.editorconfig
• [ ] Create a new workflow file: .github/workflows/dotnet-quality.yml
• [ ] Configure the workflow to run dotnet build with /p:TreatWarningsAsErrors=true and /p:EnforceCodeStyleInBuild=true
• [ ] Run StyleCop.Analyzers (add to relevant .csproj files if not present)
• [ ] Set the workflow to trigger on pull_request and push to main branches
• [ ] Document the code style expectations in CONTRIBUTING.md

Create missing documentation for NETworkManager.Controls custom controls

The Source/NETworkManager.Controls/ directory exports custom WPF controls (GroupExpander, MultiSelectDataGrid, MultiSelectScrollingDataGrid, ObservableSetCollection) but there is no dedicated documentation explaining their purpose, usage, and API. New contributors cannot easily understand when to use these controls or how to integrate them. Adding a CONTROLS.md or updating Source/CLAUDE.md with control documentation would lower the barrier to entry.

• [ ] Create Source/NETworkManager.Controls/CONTROLS.md documenting each control
• [ ] For each control (GroupExpander, MultiSelectDataGrid, MultiSelectScrollingDataGrid, ObservableSetCollection), document: purpose, usage example in XAML, key properties, and state management
• [ ] Add inline XML documentation comments to the control classes (GroupExpander.cs, MultiSelectDataGrid.cs, etc.) that summarize public APIs
• [ ] Link the new CONTROLS.md from the main README.md or CONTRIBUTING.md
• [ ] Include screenshots or visual examples if applicable

• Add unit tests for profile encryption/decryption logic in Source/ (README mentions encrypted profile support but no visible Tests/ directory suggests coverage gap; start with testing DPAPI or AES serialization).
• Document the third-party tool integration pattern by creating a CONTRIBUTING.md section with step-by-step guide to adding a new remote connection type (similar to how PuTTY or RDP are integrated in Source/3rdparty/).
• Audit and update Scripts/Create-PortListFromWeb.ps1 and Scripts/Create-OUIListFromWeb.ps1 to handle modern IANA/IEEE API changes and add error handling (these are data-generation utilities that likely need refresh).

NETworkManager demonstrates a reasonable security posture with an established security policy and responsible disclosure process via GitHub Security Advisories. However, the analysis reveals incomplete documentation, potential risks from PowerShell scripts, and lack of visibility into third-party dependencies. The project would benefit from: (1) completing SECURITY.md documentation, (2) establishing a formal dependency scanning process, (3) auditing PowerShell scripts for input validation and privilege escalation risks, (4) implementing signed releases, and (5) maintaining an up-to-date SBOM. No critical vulnerabilities were identified in the available file structure, but a deeper code review of the Source/ directory would be necessary for comprehensive assessment.

• Medium · Incomplete Security Policy Documentation — SECURITY.md. The SECURITY.md file appears to be truncated (ends mid-sentence at 'please pr'), which may indicate incomplete security vulnerability reporting guidelines. This could lead to confusion about proper disclosure procedures. Fix: Complete the SECURITY.md file with full vulnerability reporting instructions, including contact information, response timelines, and acknowledgment procedures.
• Low · Limited Version Support for Security Updates — SECURITY.md. The security policy states that only the latest release receives security fixes. While this is a common practice for open-source projects, users on older versions are left vulnerable without a clear upgrade path or timeline. Fix: Consider documenting an LTS (Long-Term Support) version if applicable, or provide clear deprecation timelines and upgrade guidance for critical security issues.
• Low · Potential PowerShell Script Security Risk — Chocolatey/tools/chocolateyinstall.ps1, Chocolatey/tools/chocolateyuninstall.ps1, Scripts/. PowerShell scripts are present in the repository (chocolateyinstall.ps1, chocolateyuninstall.ps1, and various utility scripts in Scripts/). PowerShell scripts can execute system commands and modifications if not properly validated. Fix: Ensure all PowerShell scripts: (1) Use explicit error handling, (2) Validate all inputs, (3) Follow the principle of least privilege, (4) Include code signing where appropriate, (5) Document any system modifications clearly.
• Low · Third-Party Dependencies Directory Exists — Source/3rdparty/. A 3rdparty directory is referenced in the file structure (Source/3rdparty), but no detailed inventory of third-party dependencies or their versions was provided for analysis. Fix: Maintain an updated Software Bill of Materials (SBOM) and regularly audit third-party dependencies for known vulnerabilities using tools like OWASP Dependency-Check or Dependabot.
• Low · Submodules Without Visibility — .gitmodules. A .gitmodules file is present indicating git submodules are used, but their security posture cannot be assessed without examining the file content and the submodule sources. Fix: Document all submodules and their purposes. Ensure submodule sources are trusted and regularly updated. Consider using Dependabot or similar tools to monitor submodule updates.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.