If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/SpaceTimee/Sheas-Cealer shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Missing license — unclear to depend on

• Last commit 2mo ago
• ⚠ Solo or near-solo (1 contributor active in recent commits)
• ⚠ No license — legally unclear to depend on
• ⚠ No CI workflows detected
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live SpaceTimee/Sheas-Cealer repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/SpaceTimee/Sheas-Cealer.

What it runs against: a local clone of SpaceTimee/Sheas-Cealer — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in SpaceTimee/Sheas-Cealer | Confirms the artifact applies here, not a fork | | 2 | Default branch master exists | Catches branch renames | | 3 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 4 | Last commit ≤ 93 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of SpaceTimee/Sheas-Cealer. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/SpaceTimee/Sheas-Cealer.git
#   cd Sheas-Cealer
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of SpaceTimee/Sheas-Cealer and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "SpaceTimee/Sheas-Cealer(\\.git)?\\b" \\
  && ok "origin remote is SpaceTimee/Sheas-Cealer" \\
  || miss "origin remote is not SpaceTimee/Sheas-Cealer (artifact may be from a fork)"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "App.xaml.cs" \\
  && ok "App.xaml.cs" \\
  || miss "missing critical file: App.xaml.cs"
test -f "Wins/MainWin.xaml.cs" \\
  && ok "Wins/MainWin.xaml.cs" \\
  || miss "missing critical file: Wins/MainWin.xaml.cs"
test -f "Proces/ClashProc.cs" \\
  && ok "Proces/ClashProc.cs" \\
  || miss "missing critical file: Proces/ClashProc.cs"
test -f "Models/CealHostRule.cs" \\
  && ok "Models/CealHostRule.cs" \\
  || miss "missing critical file: Models/CealHostRule.cs"
test -f "Consts/GlobalConst.cs" \\
  && ok "Consts/GlobalConst.cs" \\
  || miss "missing critical file: Consts/GlobalConst.cs"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 93 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~63d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/SpaceTimee/Sheas-Cealer"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Sheas Cealer is a WPF (.NET 8) desktop application for Windows that spoofs SNI (Server Name Indication) TLS extensions to evade network monitoring and censorship. It manipulates Chromium startup parameters to forge SNI fields, allowing users to disguise their HTTPS traffic destinations while conducting legitimate network research or defending against surveillance. Monolithic WPF application structure: Consts/ holds multilingual resource files and configuration constants (AppConst.cs, MainConst.cs, RulesConst.cs, etc.); Pages/ contains XAML UI pages (AboutPage, RulesPage, SettingsPage, ToolPage) with code-behind; Preses/ implements presenter pattern (AppPres.cs, MainPres.cs, GlobalPres.cs); Models/ defines data structures (CealHostRule, ClashConfig, ProcessStatus); Exts/ provides extensions (FileSystemWatcherExt); Convs/ handles value converters for XAML binding.

Chinese-speaking security researchers, network engineers, and users in censorship-heavy regions who need to conduct network security research or defend against illegal network monitoring without triggering detection. Contributors are developers familiar with C#, WPF, and network protocol manipulation.

Actively developed but explicitly marked as 'in development phase' (per README item 5). The codebase is substantial (82K+ lines of C#) with multilingual support and formal releases, but the project acknowledges it prioritizes stability in each release over feature completeness. Single maintainer (Space Time) with community QQ/Telegram groups suggests moderate maturity for specialized use.

Significant single-maintainer risk with Space Time as sole developer. The tool's purpose (circumventing network monitoring) carries legal and compliance risk depending on jurisdiction—users must explicitly agree to terms of service before use. No visible CI/CD pipeline or automated test suite in the file structure suggests testing may be manual. Reliance on external Cealing Host repository (Cealing-Host) for rule updates creates dependency on another project's maintenance.

Based on file structure: active development of multi-language support (resources for Chinese .resx and English .Designer.cs files in all modules), rules management system (RulesPage.xaml, RulesConst.cs), settings UI (SettingsPage.xaml with upstream mirror toggle), and tool integration (ToolPage.xaml). The project maintains sync with the upstream Cealing-Host repository and allows manual rule override.

Clone the repository: git clone https://github.com/SpaceTimee/Sheas-Cealer.git. Load Sheas-Cealer.csproj in Visual Studio 2022+ with .NET 8 SDK installed. Build with dotnet build or via Visual Studio. Refer to the Sheas Cealer Build wiki page for detailed build instructions.

Daily commands: After build in Visual Studio or dotnet build: run the compiled executable (typically in bin/Debug or bin/Release). No separate dev server; this is a desktop application. For packaged distribution, use the Setup.exe installer or extract the Zip version and run directly.

• App.xaml.cs — Application entry point and lifetime management; initializes core services, theme management, and window orchestration.
• Wins/MainWin.xaml.cs — Primary UI window with multi-tab navigation; hosts all presenters and coordinates user interactions across Rules, Settings, Tools, and About pages.
• Proces/ClashProc.cs — Core proxy process manager; wraps Clash executable lifecycle, configuration patching, and process state synchronization.
• Models/CealHostRule.cs — Data model for SNI spoofing rules; central abstraction for rule validation, serialization, and upstream synchronization.
• Consts/GlobalConst.cs — Global configuration constants and resource paths; defines process names, file locations, and system integration defaults.
• Utils/AdminPermissionElevator.cs — Privilege elevation utility; required for Host file manipulation and network-level proxy configuration on Windows.
• Sheas-Cealer.csproj — Project file specifying .NET 8 framework, WPF dependencies, and build configuration; defines deployment model and platform targets.

Add a new SNI spoofing rule validation step

1. Define validation logic in Utils/CealHostRuleValidator.cs by adding a new method (e.g., CheckCIDRRange) (Utils/CealHostRuleValidator.cs)
2. Call the new validator in Preses/RulesPres.cs when importing or editing rules (Preses/RulesPres.cs)
3. Add localized error message to Consts/RulesMultilangConst.resx (English) and .zh.resx (Chinese) (Consts/RulesMultilangConst.resx)

Add a new UI Settings toggle option

1. Add setting key to Consts/SettingsConst.cs (e.g., SETTING_NEW_FEATURE_ENABLED) (Consts/SettingsConst.cs)
2. Add a ToggleButton control to Pages/SettingsPage.xaml with binding to SettingsPres property (Pages/SettingsPage.xaml)
3. Add backing property and persistence logic in Preses/SettingsPres.cs to read/write Props/Settings.settings (Preses/SettingsPres.cs)
4. Add localized label text to Consts/SettingsMultilangConst.resx and .zh.resx (Consts/SettingsMultilangConst.resx)

Integrate a new external proxy process type

1. Create a new process wrapper (e.g., Proces/VPN Proc.cs) following ClashProc.cs pattern (Proces/ClashProc.cs)
2. Add process status enum to Models/ProcessStatus.cs (Models/ProcessStatus.cs)
3. Register process lifecycle in Preses/MainPres.cs and add UI toggle in Pages/ToolPage.xaml.cs (Preses/MainPres.cs)
4. Add config constant (path, exe name) to Consts/GlobalConst.cs (Consts/GlobalConst.cs)

• .NET 8 + WPF — Native Windows desktop framework with modern runtime; enables privilege elevation, Host file manipulation, and hardware-level proxy interception without compatibility overhead.
• Clash proxy engine (external process) — Battle-tested YAML-based proxy with rule engine, DNS spoofing, and SOCKSv5 support; offloads complex routing logic rather than reimplementing.
• Host file modification + HTTP/SOCKS proxy chain — Two-layer DNS/SNI interception: Host file spoofs domains at OS level; Clash intercepts and reroutes traffic to upstream. Avoids VPN-style kernel driver complexity.
• XAML resource dictionaries + WPF data binding — Declarative theme switching and property binding reduce boilerplate; supports light/dark mode without code duplication.

• Windows-only (no Linux/macOS native builds)

  • Why: Host file access and SYSTEM-level proxy configuration require Windows-specific APIs; cross-platform would require platform-specific modules.
  • Consequence: Larger addressable user base is limited; Linux users directed to fork/alternative projects. Simpler codebase without abstraction layers.

• External Clash process rather than in-process proxy library

  • Why: Clash binary is mature, regularly updated, and decoupled from this app's release cycle.
  • Consequence: Requires bundling/downloading Clash executable; adds process management overhead; cleaner separation of concerns.

• Local rule file + manual upstream sync button vs. real-time auto-sync

  • Why: Avoids network latency blocking UI; gives users explicit control over when rules update.
  • Consequence: Rules can become stale; requires user awareness to stay current. Simpler architecture avoids background

No visible .gitignore exceptions or special build artifacts—standard .NET build output. Multilingual support requires updating both .resx (resource file) and .Designer.cs (generated code) in tandem; mismatched pairs will cause string lookup failures. The application depends on the external Cealing-Host repository for rule updates; offline builds may lack current spoofing rules. No visible appsettings.json or environment variable configuration—configuration appears hardcoded in Consts/ files. Windows-only (Win10+) with no cross-platform abstractions, so porting requires significant refactoring.

• SNI (Server Name Indication) Spoofing — The core technique this entire project implements; understanding how SNI leaks hostname information in TLS handshakes and how Chromium parameter manipulation conceals it is essential to using and modifying this tool
• TLS/SSL Protocol Extensions — SNI is a TLS extension field; grasping how extensions carry metadata during the TLS handshake explains why spoofing SNI evades network monitoring
• Chromium Browser Startup Parameters — Sheas Cealer exploits Chromium's command-line parameter features to inject spoofed SNI values; understanding --proxy-server and related flags is key to how the tool functions
• WPF Model-View-Presenter (MVP) Pattern — The codebase uses Preses/ classes as presenters; understanding MVP separation of concerns (Preses/ for logic, Pages/ for UI, Models/ for data) is critical for adding features without breaking the UI layer
• .NET Resource Localization (.resx files) — The project uses paired .resx and .Designer.cs files for Chinese/English multilingual support; contributing UI text requires understanding how .resx resource files map to generated C# properties
• XAML Data Binding and Value Converters — Pages/ use XAML bindings to Preses/ data and Convs/ converters (e.g., SettingsUpstreamMirrorEnabledToggleButtonIsEnabledConv.cs) to transform values; modifying UI logic requires understanding this declarative binding architecture
• Network Proxy Configuration (Clash Format) — Models/ClashConfig.cs suggests integration with Clash proxy configuration format; understanding how proxy rules are serialized and applied helps extend rule management features

• SpaceTimee/Cealing-Host — Upstream repository of SNI spoofing rules that Sheas Cealer loads and synchronizes; essential companion for maintaining current rule definitions
• SpaceTimee/Sheas-Cealer-Droid — Android port of Sheas Cealer; users needing mobile SNI spoofing would use this alongside the desktop version
• SpaceTimee/Sheas-Dop — DNS anti-pollution resolver integrated as a sub-project; complements SNI spoofing with encrypted DNS queries to avoid DNS-level censorship
• SpaceTimee/Sheas-Nginx — Pixiv Nginx launcher for testing SNI spoofing effectiveness; often used in conjunction with Sheas Cealer for verifying rule coverage
• SpaceTimee/Bot-CealingCat — Telegram bot providing Sheas Cealer rule updates and support; extends the project's ecosystem for distributed rule management

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for Models and Converters

The repo contains multiple model classes (Models/CealHostRule.cs, Models/ClashConfig.cs, Models/ProcessStatus.cs) and converter classes (Convs/SettingsUpstreamMirrorEnabledToggleButtonIsEnabledConv.cs) but no visible test project. These are critical data transformation components that deserves test coverage to prevent regressions, especially for CealHostRule parsing and ClashConfig serialization which are core to SNI spoofing functionality.

• [ ] Create a new xUnit or NUnit test project (e.g., Sheas-Cealer.Tests.csproj)
• [ ] Add unit tests for Models/CealHostRule.cs covering rule parsing edge cases
• [ ] Add unit tests for Models/ClashConfig.cs covering config deserialization
• [ ] Add unit tests for Convs/SettingsUpstreamMirrorEnabledToggleButtonIsEnabledConv.cs binding conversion
• [ ] Add test cases for Models/ProcessStatus.cs state transitions

Create GitHub Actions CI/CD workflow for multi-configuration builds

The repo targets Windows 10+ with .NET 8 and has platform-specific process handlers (Proces/ClashProc.cs, Proces/BrowserProc.cs, Proces/NginxProc.cs), but lacks automated build validation. A workflow should verify builds succeed across different Windows versions and configurations before release, reducing manual testing burden.

• [ ] Create .github/workflows/build.yml with matrix strategy for Windows Server 2019, 2022
• [ ] Add .NET 8 SDK setup and restore NuGet dependencies
• [ ] Add WPF build steps (dotnet build with -c Release -p:Platform=x64)
• [ ] Add artifact upload for successful Release builds
• [ ] Create .github/workflows/release.yml to automate version tagging and GitHub release creation on push to main

Document Preseter/Converter architecture with code comments and add missing multilingual constants

The Preses folder uses a presenter pattern (AppPres.cs, MainPres.cs, RulesPres.cs, etc.) and multilingual resources are scattered across Consts/ with .resx files for Chinese and English, but some UI features lack corresponding constants. Specifically, process management (BrowserProc, ClashProc, NginxProc) and tool page features appear to have no associated multilingual strings defined in Consts/ToolMultilangConst.resx.

• [ ] Add XML documentation comments to Preses/MainPres.cs, Preses/RulesPres.cs explaining the presenter-to-view-model binding pattern
• [ ] Create Consts/ToolMultilangConst.resx and Consts/ToolMultilangConst.zh.resx with strings for Pages/ToolPage.xaml features
• [ ] Add missing process status strings (e.g., 'Running', 'Stopped', 'Error') to GlobalMultilangConst for Proces/ classes
• [ ] Document the lifecycle of Proces classes (initialization, startup, shutdown) in code comments
• [ ] Add README section explaining the MVP (Model-View-Presenter) architecture used in this WPF application

• Add unit tests for Models/ classes (CealHostRule.cs, ClashConfig.cs, ProcessStatus.cs) which have no visible test coverage; tests would validate rule parsing and data model serialization
• Improve English documentation in Pages/ code-behind files and Preses/ presenters by adding XML doc comments (///) for public methods; currently only Consts have multilingual docs
• Add a rules validation utility to RulesPage.xaml.cs that checks CealHostRule format before upload to prevent malformed rules from being applied

• High · SNI Spoofing Tool - Potential Misuse for Censorship Circumvention — Project root - README.md, App purpose. The application is explicitly designed as an SNI (Server Name Indication) spoofing tool. While the README claims legitimate use for 'resisting illegal network surveillance and network security research', SNI spoofing is commonly used to circumvent content filtering and censorship systems. The disclaimer stating 'no intention to bypass censorship' may not provide legal protection in jurisdictions with strict regulations. Fix: Add comprehensive legal disclaimers for each target jurisdiction. Implement usage logging and warning dialogs. Consider restricting distribution to specific regions where the tool's use is explicitly legal.
• High · Missing Dependency Manifest — Sheas-Cealer.csproj - Missing dependency details. No package.json, .csproj dependencies section, or NuGet packages.config content was provided. Unable to verify if third-party libraries contain known vulnerabilities, outdated versions, or malicious packages. Fix: Provide complete dependency manifest. Implement automated vulnerability scanning using tools like OWASP Dependency-Check, Snyk, or NuGet vulnerability scanner. Pin dependency versions and regularly audit for CVEs.
• Medium · Unvalidated External Rule Sources — Proces/ - UpdateRules functionality (inferred), RulesPres.cs, RulesPage.xaml.cs. The application mentions fetching rules from 'Cealing Host repository' and has an 'update upstream rules' feature. No evidence of cryptographic signature verification or checksum validation for downloaded rules, creating potential for man-in-the-middle attacks or compromised rule injection. Fix: Implement GPG signature verification for downloaded rules. Use HTTPS with certificate pinning. Store checksums of trusted rule sources. Validate rule syntax before applying. Implement rollback capability for corrupted rules.
• Medium · Potential Unencrypted Configuration Storage — Props/Settings.Designer.cs, Props/Settings.settings, SettingsPres.cs. Settings are stored using .NET Settings API (Props/Settings.Designer.cs). The README indicates users can configure upstream URLs and other sensitive parameters. No evidence of encryption for stored credentials or sensitive configuration values. Fix: Encrypt sensitive settings using DPAPI (Data Protection API) on Windows. Never store credentials in plaintext. Use secure credential storage mechanisms. Implement proper key management for configuration encryption.
• Medium · Admin Elevation Without User Confirmation — Utils/AdminPermissionElevator.cs. AdminPermissionElevator.cs suggests the application requests elevated privileges. Insufficient visibility into when and why elevation occurs, potentially allowing privilege escalation attacks if the application itself is compromised. Fix: Implement explicit user confirmation dialogs before elevation. Log all elevation requests with timestamps. Use minimal privilege principle - only elevate for necessary operations. Consider using Windows service for privileged operations instead of direct elevation.
• Medium · Process Execution and Management — Proces/BrowserProc.cs, Proces/ClashProc.cs, Proces/NginxProc.cs. Multiple process management classes (BrowserProc.cs, ClashProc.cs, NginxProc.cs) suggest launching external processes. Risk of command injection if user input isn't properly sanitized before passing to process execution. Fix: Never construct command lines by string concatenation. Use ProcessStartInfo with Arguments parameter separately. Validate and sanitize all user inputs. Whitelist allowed executables and paths. Run external processes with minimal privileges.
• Medium · Input Validation Gaps — Valids/SettingsUpstreamUrlTextBoxTextValid.cs, Valids/SettingsExtraArgsTextBoxTextValid.cs, Valids/SettingsBrowserPathTextBoxTextValid.cs. Input validation classes exist (Valids/) but coverage is unclear. SettingsUpstreamUrlTextBoxTextValid and SettingsExtraArgsTextBoxTextValid suggest validation occurs only in UI layer, which can be bypassed. Fix: Implement server-side validation logic (or in-process business logic layer, not UI). Validate upstream URLs using URI parsing and whitelist validation. Validate file paths against allowed directories. Use regex for complex inputs with careful anchor usage.
• Low · No Evidence of Security Headers or — undefined. undefined Fix: undefined

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.