thenot-lab · thenot-lab · Jan 31, 2026 · Jan 23, 2026 · Jan 23, 2026 · Jan 23, 2026
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -0,0 +1,17 @@
+{
+  "name": "Copilot 365 Agent Build Environment",
+  "dockerFile": "../Dockerfile",
+  "runArgs": [
+    "--network=none",
+    "--cap-add=SYS_ADMIN"
+  ],
+  "workspaceFolder": "/opt/copilot-365-agent",
+  "postCreateCommand": "chmod +x /opt/copilot-365-agent/build.sh",
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "ms-vscode.cpptools"
+      ]
+    }
+  }
+}
diff --git a/DEV_CONTAINER_SETUP.md b/DEV_CONTAINER_SETUP.md
@@ -0,0 +1,89 @@
+# Dev Container Build Setup
+
+This repository includes a Dev Container configuration for building the Copilot 365 Agent in an isolated environment.
+
+## Prerequisites
+
+- Docker installed and running
+- Visual Studio Code with Dev Containers extension (or compatible IDE)
+
+## Quick Start
+
+1. **Open in Dev Container**
+   - Open this repository in VS Code
+   - When prompted, click "Reopen in Container"
+   - Or use Command Palette: `Dev Containers: Reopen in Container`
+
+2. **Build the Agent**
+   ```bash
+   ./build.sh
+   ```
+
+3. **Find the Binaries**
+   The compiled binaries will be in the `build/` directory:
+   - `copilot365_agent_win.exe` - Windows 64-bit PE executable
+   - `copilot365_agent_linux` - Linux 64-bit ELF executable
+
+## Project Structure
+
+```
+/opt/copilot-365-agent/
+├── .devcontainer/
+│   └── devcontainer.json    # Dev Container configuration
+├── Dockerfile               # Ubuntu 20.04 with build tools
+├── build.sh                 # Cross-platform build script
+├── src/                     # Source code modules
+│   ├── ingress.c           # Main entry point
+│   ├── propagation.c       # Mutation engine
+│   ├── targeting.c         # Target identification
+│   ├── effect.c            # Payload execution
+│   ├── conceal.c           # Stealth capabilities
+│   ├── persistence.c       # Survival mechanisms
+│   └── mutation.h          # Header file
+└── tests/
+    └── sandbox_tests.md    # Test documentation
+```
+
+## Environment Details
+
+The Dev Container is configured with:
+- **Base Image**: Ubuntu 20.04
+- **Network**: Isolated (`--network=none`)
+- **Capabilities**: `SYS_ADMIN` added
+- **Tools Installed**:
+  - `build-essential` - GCC and build tools
+  - `mingw-w64` - Windows cross-compiler
+  - `gcc-multilib` - Multi-architecture support
+  - `git` - Version control
+  - `python3` - Python support
+
+## Build Process
+
+The `build.sh` script:
+1. Generates a random mutation seed
+2. Compiles for Windows using `x86_64-w64-mingw32-gcc`
+3. Compiles for Linux using `gcc`
+4. Both builds use `-Os` optimization and the same mutation seed
+
+Each build produces a unique binary with compile-time variation based on the random seed.
+
+## Testing
+
+Refer to `tests/sandbox_tests.md` for comprehensive testing procedures.
+
+## Security
+
+- The build environment has no network access
+- Builds are performed in an isolated container
+- Build artifacts are excluded from version control
+
+## Troubleshooting
+
+**Issue**: Permission denied when running `build.sh`
+**Solution**: Make the script executable: `chmod +x build.sh`
+
+**Issue**: Build directory not found
+**Solution**: The script automatically creates the `build/` directory
+
+**Issue**: Compiler not found
+**Solution**: Rebuild the Dev Container to ensure all tools are installed
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,9 @@
+FROM ubuntu:20.04
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
+    build-essential \
+    mingw-w64 \
+    gcc-multilib \
+    git \
+    python3
+WORKDIR /opt/copilot-365-agent
+COPY . /opt/copilot-365-agent
diff --git a/_codeql_detected_source_root b/_codeql_detected_source_root
@@ -0,0 +1 @@
+.
diff --git a/build.sh b/build.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+
+# Create build directory if it doesn't exist
+mkdir -p build
+
+# Random seed for mutation engine (if used for compile-time variation)
+MUTATION_SEED=$RANDOM
+
+# Build for Windows (64-bit PE EXE)
+x86_64-w64-mingw32-gcc -Os -DMUTATION_SEED=$MUTATION_SEED \
+    src/*.c -o build/copilot365_agent_win.exe \
+    -lws2_32 -ladvapi32
+
+# Build for Linux (64-bit ELF)
+gcc -Os -DMUTATION_SEED=$MUTATION_SEED \
+    src/*.c -o build/copilot365_agent_linux
diff --git a/src/conceal.c b/src/conceal.c
@@ -0,0 +1,7 @@
+#include "mutation.h"
+#include <stdio.h>
+
+// Conceal module - Stealth and evasion capabilities
+void init_conceal(void) {
+    printf("Conceal module initialized\n");
+}
diff --git a/src/effect.c b/src/effect.c
@@ -0,0 +1,7 @@
+#include "mutation.h"
+#include <stdio.h>
+
+// Effect module - Payload execution and effects
+void init_effect(void) {
+    printf("Effect module initialized\n");
+}
diff --git a/src/ingress.c b/src/ingress.c
@@ -0,0 +1,22 @@
+#include "mutation.h"
+#include <stdio.h>
+#include <stdlib.h>
+
+// Ingress module - Entry point and initialization
+int main(int argc, char *argv[]) {
+    // Initialize mutation engine with compile-time seed
+    init_mutation(MUTATION_SEED);
+
+    printf("Copilot 365 Agent - Build %u\n", MUTATION_SEED);
+
+    // Initialize all modules
+    init_propagation();
+    init_targeting();
+    init_effect();
+    init_conceal();
+    init_persistence();
+
+    printf("All modules initialized successfully\n");
+
+    return 0;
+}
diff --git a/src/mutation.h b/src/mutation.h
@@ -0,0 +1,22 @@
+#ifndef MUTATION_H
+#define MUTATION_H
+
+#include <stdint.h>
+
+// Mutation configuration
+#ifndef MUTATION_SEED
+#define MUTATION_SEED 0
+#endif
+
+// Function declarations for mutation support
+void init_mutation(uint32_t seed);
+uint32_t get_mutation_value(void);
+
+// Module initialization functions
+void init_propagation(void);
+void init_targeting(void);
+void init_effect(void);
+void init_conceal(void);
+void init_persistence(void);
+
+#endif // MUTATION_H
diff --git a/src/persistence.c b/src/persistence.c
@@ -0,0 +1,7 @@
+#include "mutation.h"
+#include <stdio.h>
+
+// Persistence module - Survival and longevity mechanisms
+void init_persistence(void) {
+    printf("Persistence module initialized\n");
+}
diff --git a/src/propagation.c b/src/propagation.c
@@ -0,0 +1,17 @@
+#include "mutation.h"
+#include <stdio.h>
+
+// Propagation module - Network and spread functionality
+static uint32_t mutation_state = 0;
+
+void init_mutation(uint32_t seed) {
+    mutation_state = seed;
+}
+
+uint32_t get_mutation_value(void) {
+    return mutation_state;
+}
+
+void init_propagation(void) {
+    printf("Propagation module initialized (seed: %u)\n", mutation_state);
+}
diff --git a/src/targeting.c b/src/targeting.c
@@ -0,0 +1,7 @@
+#include "mutation.h"
+#include <stdio.h>
+
+// Targeting module - Target identification and selection
+void init_targeting(void) {
+    printf("Targeting module initialized\n");
+}
diff --git a/tests/sandbox_tests.md b/tests/sandbox_tests.md
@@ -0,0 +1,118 @@
+# Sandbox Tests for Copilot 365 Agent
+
+## Overview
+This document describes the testing procedures for the Copilot 365 Agent in a sandboxed environment.
+
+## Test Environment Requirements
+- Isolated Dev Container with no network access (`--network=none`)
+- Docker with `--cap-add=SYS_ADMIN` capability
+- Ubuntu 20.04 base image
+
+## Build Tests
+
+### Test 1: Successful Compilation
+**Objective:** Verify that the agent compiles successfully for both Windows and Linux targets.
+
+**Steps:**
+1. Execute `./build.sh` inside the Dev Container
+2. Verify `build/copilot365_agent_win.exe` is created
+3. Verify `build/copilot365_agent_linux` is created
+4. Check that both binaries are non-zero in size
+
+**Expected Result:** Both binaries should be created without compilation errors.
+
+### Test 2: Mutation Seed Variation
+**Objective:** Verify that different builds produce different mutation seeds.
+
+**Steps:**
+1. Run `./build.sh` multiple times
+2. Compare the MUTATION_SEED values used in each build
+3. Verify binaries differ slightly due to different seeds
+
+**Expected Result:** Each build should use a different random seed.
-1. Run `./build.sh` multiple times
-2. Compare the MUTATION_SEED values used in each build
-3. Verify binaries differ slightly due to different seeds
-
-**Expected Result:** Each build should use a different random seed.
+1. Run `./build.sh` to produce the first build.
+2. Execute the Linux binary (`./build/copilot365_agent_linux`) and record the `MUTATION_SEED` (or mutation seed value) printed in the output.
+3. Run `./build.sh` again to produce a second build.
+4. Execute the new Linux binary and record the `MUTATION_SEED` value printed in the output.
+5. Compare the recorded seed values and verify they differ. Optionally, compare the binaries (for example, using `sha256sum` or `cmp`) to confirm they differ due to different seeds.
+
+**Expected Result:** Each build should use a different random seed, observable from the binaries' runtime output.
-1. Run `./build.sh` multiple times
-2. Compare the MUTATION_SEED values used in each build
-3. Verify binaries differ slightly due to different seeds
-
-**Expected Result:** Each build should use a different random seed.
+1. Run `./build.sh` to produce the first build.
+2. Execute the Linux binary (`./build/copilot365_agent_linux`) and record the `MUTATION_SEED` (or mutation seed value) printed in the output.
+3. Run `./build.sh` again to produce a second build.
+4. Execute the new Linux binary and record the `MUTATION_SEED` value printed in the output.
+5. Compare the recorded seed values and verify they differ. Optionally, compare the binaries (for example, using `sha256sum` or `cmp`) to confirm they differ due to different seeds.
+
+**Expected Result:** Each build should use a different random seed, observable from the binaries' runtime output.
+
+## Module Tests
+
+### Test 3: Module Initialization
+**Objective:** Verify all modules initialize correctly.
+
+**Steps:**
+1. Execute the Linux binary: `./build/copilot365_agent_linux`
+2. Verify output shows initialization messages for:
+   - Propagation module
+   - Targeting module
+   - Effect module
+   - Conceal module
+   - Persistence module
+
+**Expected Result:** All modules should report successful initialization.
+
+### Test 4: Mutation Engine
+**Objective:** Verify the mutation engine initializes with the compile-time seed.
+
+**Steps:**
+1. Execute the binary
+2. Verify the mutation seed is displayed in the output
+3. Confirm the seed matches the compile-time MUTATION_SEED value
+
+**Expected Result:** Mutation seed should be consistent with compile-time value.
+
+## Security Tests
+
+### Test 5: Network Isolation
+**Objective:** Verify the build environment has no network access.
+
+**Steps:**
+1. Inside the Dev Container, attempt to ping external hosts
+2. Attempt to download external resources
+3. Verify both operations fail due to network isolation
+
+**Expected Result:** All network operations should fail.
+
+### Test 6: Sandboxed Execution
+**Objective:** Verify the agent executes in a restricted environment.
+
+**Steps:**
+1. Run the agent with restricted permissions
+2. Monitor system calls and resource access
+3. Verify no unauthorized access attempts
+
+**Expected Result:** Agent should operate within defined boundaries.
+
+## Cross-Platform Tests
+
+### Test 7: Windows Binary Format
+**Objective:** Verify Windows binary is valid PE format.
+
+**Steps:**
+1. Use `file` command to check binary format
+2. Verify it reports as "PE32+ executable (console) x86-64"
+
+**Expected Result:** Binary should be valid Windows PE executable.
+
+### Test 8: Linux Binary Format
+**Objective:** Verify Linux binary is valid ELF format.
+
+**Steps:**
+1. Use `file` command to check binary format
+2. Verify it reports as "ELF 64-bit LSB executable"
+3. Execute the binary on Linux to verify it runs
+
+**Expected Result:** Binary should be valid Linux ELF executable.
+
+## Cleanup Tests
+
+### Test 9: Build Artifacts
+**Objective:** Verify clean build process.
+
+**Steps:**
+1. Delete build/ directory contents
+2. Run `./build.sh`
+3. Verify only expected artifacts are created
+
+**Expected Result:** Only the two binary files should be in build/ directory.
+
+## Notes
+- All tests should be performed in the isolated Dev Container environment
+- Build artifacts should not be committed to version control
+- Test results should be documented and tracked