Skip to content

RandyNorthrup/S.A.K.-Utility

BranchesTags

Repository files navigation

S.A.K. Utility

Swiss Army Knife Utility — A portable Windows toolkit for PC technicians, IT pros, and sysadmins.

License: AGPL-3.0 C++23 Qt 6.5+ Windows 10/11 Build Version Tests

Migration · Maintenance · Recovery · Imaging · Deployment — one portable EXE.

Changelog

See CHANGELOG.md for the full version history.

Latest: v0.9.1.4 - AI assistant production hardening, portable MCP/provider bundling, manifest-gated app-control workflows, release readiness gates, clean-extract startup smoke checks, async/tooling cleanup, and portable runtime-state protections.

Highlights
100 % Portable No installer. Drop on a USB stick and go.
AI Assistant Codex-style AI workspace for technician chat, PC actions, multi-agent workflows, context attachments, reports, and artifacts.
Backup and Restore Step-by-step wizards with smart filtering, AES-256 encryption, NTFS permission handling, plus integrated screenshot settings and BitLocker key backup.
Diagnostics & Benchmarking SMART disk health, CPU/disk/memory benchmarks, stress testing, thermal monitoring, system maintenance tools, HTML/JSON/CSV reports.
Image Flasher Flash ISOs/IMGs to USB. Download Windows and Linux ISOs directly.
File Management Organize files by extension, find duplicates with parallel hashing, and grep-style content search with regex, metadata, archive, and binary/hex modes.
Application Management Scan installed apps, match to Chocolatey packages, bulk-install on a new PC. Offline deployment with direct installer downloads. Deep application removal with leftover scanning and registry snapshot diffs.
Network Management Diagnostic suite (ping, traceroute, MTR, DNS, port scan, bandwidth, WiFi, connections, firewall, shares), adapter inspector with ethernet backup/restore and network reset, WiFi QR code manager.
Email Tools Browse PST, OST, and MBOX email archives. Search, export (EML/CSV/VCF/ICS), contacts, calendar (month/week/day), attachments browser — no Outlook required. Multi-threaded OST/PST converter with 8 output formats including IMAP cloud upload.
Modern UI Windows 11-style rounded corners, custom splash screen, and responsive layouts.

Table of Contents

System Requirements

Minimum
OS Windows 10 (1809) or Windows 11
CPU x64 Intel or AMD
RAM 4 GB
Disk ~500 MB + working space
Privileges Standard user; elevates per-task via UAC when needed

Quick Start

1. Download the latest ZIP from Releases.
2. Extract anywhere (USB drive, desktop, network share).
3. Run sak_utility.exe — runs as a standard user; individual features prompt for elevation when needed.

Code Signing: Official release artifacts should be signed by the release workflow when Azure Trusted Signing credentials are available. Local and manual builds may be unsigned. Windows SmartScreen and Defender should recognize the signature automatically. Right-click sak_utility.exe → Properties → Digital Signatures to verify.

Features

AI Assistant

The AI Assistant panel is the first tab in S.A.K. Utility when SAK_ENABLE_AI_ASSISTANT is enabled. It provides a Codex-style technician workspace that can explain SAK capabilities, recommend workflows, collect evidence, run approved PC actions, and produce readable handoff reports.

Chat Workspace

  • Modern chat layout with right-aligned prompt bubbles and left-aligned assistant results
  • Expand/collapse support for long results and tool output
  • Prompt history navigation with Up/Down in the input box
  • Session picker with new chat and rename controls
  • Status bar integration for API key state, access mode, activity, workflow progress, and token usage
  • Details panel for active workflow/run state; artifacts button opens the current session artifact directory when content exists

OpenAI Integration

  • User-supplied OpenAI API key with encrypted app-local storage under the portable data/credentials/ directory
  • Load/clear key workflow with visible loaded/not-loaded status
  • Model list retrieval and selectable chat model
  • OpenAI Responses API client with conversation state, usage parsing, strict function-tool schemas, and citation parsing
  • Token usage meter for input, cached input, output, reasoning, and total token counts
  • Secret redaction for API keys, bearer tokens, GitHub tokens, AWS keys, Google keys, Slack tokens, Stripe keys, and common password=/secret=/token= assignments

Context and Instructions

  • Attach screenshots, documents, and other files as session context
  • Add Markdown instruction files as explicit instruction context
  • Color-coded context and instruction chips with remove controls
  • Per-session memory and transcript persistence under the portable data/ai_sessions/ directory
  • Session-specific artifact directories so logs, downloads, screenshots, and reports do not pollute other sessions

Local Tools and PC Actions

  • run_powershell for Windows automation, with optional elevation through SAK's existing per-task UAC helper
  • run_cmd for non-admin cmd.exe tasks
  • run_process for non-admin direct executable launches with explicit arguments
  • take_screenshot to capture the primary display into session artifacts
  • download_file for HTTPS downloads with SHA-256 evidence
  • Built-in sak_package_manager tool for app search, install, uninstall, upgrade, installed-version checks, and outdated-package checks before raw package-manager or vendor-web commands
  • Built-in sak_offline_downloader tool for offline installer downloads, direct installer retrieval, offline Chocolatey bundle creation, and offline bundle installation
  • Human approval prompts for risky or destructive actions, with restore-point offers when rollback may be needed
  • Stop/cancel handling across model calls, local tools, workflows, and subagents

Agent Roles and Workflows

  • Role-aware prompt/workflow library with technician-focused roles such as General Technician, Security Technician, System Cleanup, Deployment Technician, Network Technician, Printer Technician, and Reporting Technician
  • The assistant is aware of the workflow catalog and can describe what each workflow does, when to use it, required inputs, risk level, verification, reporting, cleanup, and expected artifacts
  • Multi-agent workflow orchestration with a main overseer, specialized subagents, shared session memory, phase tracking, cancellation, recovery policy, and human handoff when needed
  • Workflow resources can include prompts, instruction files, skills, required software, tool phases, troubleshooting guidance, verification steps, cleanup, and reporting requirements

Built-in Technician Workflows

Workflow Purpose
Full PC Health Check Collects system, storage, security, performance, and event-log evidence and summarizes device health
Drive Health Deep Check Performs read-only drive/volume/SMART-style diagnostics with fallback Windows storage evidence when counters are unavailable
Windows Update Repair Diagnoses update failures, checks services/logs/component store state, applies approved repairs, and verifies update health
Network Connectivity Repair Collects adapter/DNS/route/connectivity evidence, applies safe network repairs, and verifies connectivity
BSOD Investigation Collects crash, driver, event-log, and system evidence for stop-code analysis
Printer Troubleshooting Checks spooler, printer queue, driver, port, and connectivity state
Startup Performance Triage Reviews startup apps, services, boot symptoms, and high-impact processes
Security Advisory Check Reviews security posture and relevant advisories without making destructive changes
Malware and Virus Removal Runs a technician-guided malware triage/removal flow with evidence capture, approvals, verification, and cleanup
PC Cleanup, Bloatware, and Adware Removal Identifies unwanted software/startup clutter, removes approved items, verifies system state, and reports changes
Approved Bloatware/Adware Removal Removes a user-approved list with explicit verification and rollback-aware reporting
Clean Uninstall Uses SAK uninstall capabilities and leftover review for deeper application removal
Install App Now Uses SAK package management first, then verifies installation
Download Offline Installer Uses SAK offline downloader first and records installer paths/checksums
Build Offline Deployment Bundle Builds offline Chocolatey/deployment bundles with evidence and manifest output
Technician Tool-Assisted Task Structured workflow for using downloaded or bundled tools, then cleaning up after the job
Technician Service Report Converts session findings, evidence, actions, and verification into an easy-to-read customer/technician report

Reports and Artifacts

  • Report generation is manual and enabled only after reportable actions/results exist
  • User can choose report output location and format: HTML, Markdown, or plain text
  • Reports are technician handoffs: styled HTML leads with an executive summary, evidence snapshot, prioritized findings, risks/evidence gaps, and next steps; raw transcript excerpts are kept in an appendix
  • Reports evaluate the session transcript, evidence, workflow results, tool outputs, findings, risks, actions taken, verification status, and remaining recommendations
  • Reports include a link to the containing artifact directory when possible

Backup and Restore

Guided wizards for comprehensive user-profile migration with smart filtering, AES-256 encryption, and NTFS permission handling.

Backup Wizard — Scan and select user profiles, customize per-user data categories (Desktop, Documents, AppData, browsers, email, and more), configure filters, compression, and encryption, then execute with real-time progress and cancellation support.

Restore Wizard — Map source users to destination users (auto-map or manual), configure merge behavior, select data categories, handle NTFS permissions, and restore with detailed logging.

Quick Tools — Integrated one-click actions:

Tool Description
Screenshot Settings Captures screenshots of Windows Settings panels for documentation
BitLocker Key Backup Exports BitLocker recovery keys for all encrypted volumes

Application Management

Two subtabs — App Installation and Advanced Uninstall — under one panel.

App Installation

Scan installed apps, match them to Chocolatey packages, and bulk-install on a new PC.

  1. Scan — Queries HKLM/HKCU Uninstall registry keys; extracts name, version, publisher.
  2. MatchPackageMatcher with curated mappings (high/medium/low/manual confidence).
  3. Backup — Optional data backup via UserProfileBackupWizard (browser profiles, IDE settings, etc.).
  4. Export — JSON migration report portable to the target machine.
  5. Install — Embedded Chocolatey with retry logic and exponential backoff.
  6. RestoreUserProfileRestoreWizard maps source paths to target paths and restores data.

Offline Deploy — Build deployment bundles for air-gapped or bandwidth-limited environments:

Mode Description
Build Bundle Downloads .nupkg packages with internalized dependencies for offline Chocolatey install
Direct Download Downloads the actual installer binaries (EXE/MSI) directly — supports URL-based, embedded-binary, and meta-package patterns

Includes preset package lists (Office PC, Developer, Media, etc.) and curated package catalogs with search.

Advanced Uninstall

Deep application removal with leftover scanning, cleanup, and system protection.

Program Enumeration

  • Win32 apps (HKLM, HKLM\WOW6432Node, HKCU Uninstall registry keys)
  • UWP / Microsoft Store apps
  • Windows provisioned apps
  • View filters: All, Win32 Only, UWP Only, Bloatware Only, Orphaned Only

Uninstall Modes

Mode Description
Standard Runs the native uninstaller with optional auto-cleanup of detected leftovers
Forced Bypasses the native uninstaller — removes registry entries and leftover artifacts directly
Batch Queue multiple programs and process sequentially with full logging

Leftover Scanner

  • Three depth levels: Safe (common paths/registry), Moderate (broader pattern matching), Advanced (deep scan with registry diff)
  • Detects: files, folders, registry keys/values, services, scheduled tasks, firewall rules, startup entries, shell extensions
  • Risk-level color coding: Safe (green), Review (yellow), Risky (red)
  • Registry Snapshot Engine — captures pre/post uninstall diffs to detect leftover changes

Cleanup & Deletion

  • Select All, Select Safe Only, Deselect All, or manual per-item selection
  • Recycle Bin support — files routed via SHFileOperationW with FOF_ALLOWUNDO (registry and service entries are always permanent)
  • Locked file handling — files that cannot be removed are automatically scheduled for deletion on reboot via MoveFileExW with MOVEFILE_DELAY_UNTIL_REBOOT
  • User notification of reboot-pending items

Uninstall Settings

Group Options
Leftover Selection Select all leftovers by default vs. safe only
Deletion Behavior Send deleted files to Recycle Bin (toggle)
System Protection Auto-create restore point before uninstall
Default Scan Level Safe / Moderate / Advanced
Display Show system components in the program list

Context Menu — Uninstall, Forced Uninstall, Add to Queue, Open Install Location, Copy Program Name, Copy Uninstall Command, Show Properties, Remove Registry Entry

Benchmark and Diagnostics

Comprehensive hardware diagnostics, performance benchmarking, and stability testing with bundled smartmontools for SMART analysis.

Hardware Inventory

  • CPU: model, cores, threads, base/max clock
  • Memory: total capacity, slot usage
  • Storage: model, capacity, interface (SATA/NVMe/USB), media type
  • GPU: model, VRAM, driver version
  • OS: name, build number

SMART Disk Health

  • Queries all physical drives via bundled smartctl.exe (smartmontools 7.4)
  • Health status (Healthy / Warning / Critical / Failed)
  • Temperature, power-on hours, raw attributes
  • Attribute-level detail with threshold monitoring

Benchmarks

Benchmark Metrics
CPU Single-thread and multi-thread scores, matrix multiply, compression throughput, prime computation
Disk Sequential read/write, random 4K IOPS (read and write), queue-depth scoring
Memory Read/write bandwidth, random-access latency

Stress Testing

  • Configurable duration
  • CPU stress (all-core compute + floating-point)
  • Memory stress (pattern write/verify for ECC error detection)
  • Disk stress (sustained sequential I/O with direct writes)
  • Real-time thermal monitoring with auto-abort at configurable limit
  • Error-count abort thresholds

System Maintenance — Integrated one-click actions:

Tool Description
Optimize Power Settings Applies High Performance / Ultimate Performance plan
Verify System Files sfc /scannow + DISM /RestoreHealth
Check Disk Errors chkdsk with bad-sector scan
Generate System Report Comprehensive report: OS, hardware, storage, network, drivers, event logs, installed programs (HTML)

Full Suite Mode

  • One-click sequential run: Hardware Scan → SMART Analysis → CPU Benchmark → Disk Benchmark → Memory Benchmark → Stress Test → Report Generation
  • Step-by-step progress with live status

Report Export

  • HTML — Styled report with hardware summary, SMART health, benchmark scores, and stress test results
  • JSON — Machine-readable structured data for automation
  • CSV — RFC 4180 compliant, importable into Excel or data pipelines

Image Flasher

Create bootable USB drives from disk images.

  • Formats: ISO, IMG, WIC, ZIP, GZ, BZ2, XZ, DMG, DSK
  • Windows ISO download directly from Microsoft via UUP Dump API (multiple editions, languages, x64/ARM64)
  • Linux ISO download with built-in distro catalog:
    • Ubuntu Desktop, Ubuntu Server, Linux Mint Cinnamon
    • Kali Linux
    • SystemRescue, Clonezilla, GParted Live, ShredOS
    • Ventoy (multi-boot USB creator)
  • Windows USB Creator — NTFS format, ISO extraction, bootsect.exe boot sector, UEFI structure, verification of critical files
  • Generic writer — Raw sector I/O with streaming decompression (bootable for Linux and other ISOs)
  • Safety: System-drive protection, multi-select for parallel flash

File Management

Three subtabs — File Organizer, Duplicate Finder, and Advanced Search — under one panel.

File Organizer

Organize files by extension into configurable categories.

  • Default categories: Images, Documents, Audio, Video, Archives, Code — fully customizable with user-defined extensions
  • Collision handling: rename, skip, or overwrite
  • Preview mode — see what would happen without moving anything
  • Confirmation dialog before destructive operations (shows file count and collision strategy)
  • Category validation — detects empty mappings and duplicate category names
  • Reset to Defaults — one-click restore of built-in category mappings

Duplicate Finder

Detect duplicate files via content-based hashing.

  • MD5 hash-based duplicate detection with configurable minimum-size filtering
  • Multi-directory recursive scan with duplicate directory prevention
  • Parallel hashing with configurable thread count (auto-detects ideal thread count)
  • Summary: duplicate count, wasted space, scrollable results for large scans

Cross-Operation Safety

  • Organizer and duplicate finder share mutual locking — running one disables the other to prevent conflicts
  • Cancel support for both operations

Advanced Search

Enterprise-grade grep-style file content search with a three-panel interface: file explorer, results tree, and preview pane.

  • Text content search — Line-by-line search with configurable context window (0–10 lines before/after)
  • Regex support — Full QRegularExpression engine with case-sensitive, whole-word, and multiline options
  • Regex Pattern Library — 8 built-in patterns (emails, URLs, IPv4, phone numbers, dates, hex, numbers, words) plus custom user-defined patterns with JSON persistence
  • Binary/hex search — Search binary files for text or hex patterns with hex-context display
  • Image metadata search — Search EXIF/GPS metadata in image files
  • File metadata search — Search metadata in PDF, Office, audio/video files
  • Archive search — Search inside ZIP/EPUB archives with deflate decompression (handles real-world .docx, .xlsx, .pptx, .odt, .epub)
  • File explorer — Drive and directory navigation with lazy-loading tree, context menus
  • Results tree — Grouped by file with 8 sort modes (path, match count, file size, date modified)
  • Preview pane — Monospace file preview with yellow/orange match highlighting, previous/next navigation with wrapping, line numbers with >>> match indicators
  • Search history — Last 50 searches persisted via ConfigManager

Network Management

Three-tab network panel covering diagnostics, adapter configuration, and WiFi credential management.

Network Diagnostics

10-tool diagnostic suite with report generation.

Tool Capabilities
Ping Configurable count, timeout, interval, packet size; per-reply stats with min/max/avg/jitter aggregation
Traceroute Max hops, hostname resolution; per-hop RTT table
MTR Continuous ping + traceroute with cycle-by-cycle stats: loss %, avg/best/worst/jitter per hop
DNS Lookup Query by record type, custom DNS server, reverse lookup, multi-server comparison, flush DNS cache
Port Scanner Preset port lists + custom ranges, concurrent scanning, banner grabbing, timeout control
Bandwidth iPerf3 client + server mode; HTTP speed test; bidirectional and multi-stream testing
WiFi Analyzer Scan nearby networks with signal/channel/security; continuous scanning; channel utilization analysis
Active Connections TCP/UDP connection monitor with process info, auto-refresh, process/port filters
Firewall Auditor Enumerate all Windows Firewall rules; detect conflicts and coverage gaps; filter by direction/action
Network Share Browser Discover SMB shares on a host; test access permissions

Report Generation

  • HTML — Styled report with all cached diagnostic results and adapter info
  • JSON — Machine-readable structured data
  • Technician name, ticket number, and notes metadata fields

Network Adapters

Adapter inspector with ethernet backup, restore, and network reset.

  • Enumerates all network adapters (Ethernet, WiFi, Virtual)
  • Full configuration display: IPv4/IPv6 addresses, subnet masks, gateways, DHCP status, DNS servers, MAC address, driver info, link speed, traffic statistics
  • Copy adapter configuration to clipboard
  • Capture adapter IP/DNS/gateway settings to a portable JSON file
  • Restore settings to the same or a different adapter on any machine via netsh commands
  • Supports DHCP and static configurations, primary and secondary DNS servers
  • Cross-machine portability — back up on one PC, restore on another
  • Reset Network Settings — One-click reset: flushes DNS, resets TCP/IP stack, Winsock, firewall, and adapters

WiFi Manager

WiFi credential manager with QR code generator and cross-platform network profile export.

Network Details — Enter Location label, SSID, Password (show/hide toggle), Security type (WPA/WPA2/WPA3, WEP, Open), and Hidden network flag.

Saved Networks Table — Store multiple WiFi configs with search/filter, inline editing, and tri-state select-all. Save/load entire table to/from JSON.

QR Code Generation

  • Single-network QR for immediate phone/tablet connection
  • Batch QR export wizard (PNG/PDF/JPG/BMP) with optional location header banner
  • WiFi QR payload format with HIGH error correction (30%)

Script & Profile Export

  • Generate Windows .cmd batch scripts using netsh (single or batch)
  • Add selected networks directly to Windows known WiFi profiles via netsh WLAN profile XML
  • Generate macOS .mobileconfig plist files (single or multiple networks per profile)

Windows Integration — Scan existing Windows known profiles and import them into the table for backup/management.

Email Tools

Browse, search, and export data from Outlook PST/OST archives and MBOX mailboxes — no Outlook or MAPI libraries required.

Supported Formats

  • PST — Outlook Personal Storage (Unicode and ANSI)
  • OST — Outlook Offline Storage
  • MBOX — RFC 4155 (Thunderbird, Apple Mail, Linux mail clients)

File Scanner — Automatically discovers PST/OST/MBOX files in common locations (user home, desktop, recent paths); select which to open.

Folder Tree — Navigable hierarchy with typed icons (Inbox, Sent Items, Drafts, Deleted Items, Junk Email, Calendar, Contacts, etc.)

Item List — Sortable table with Subject, From, Date, Size, Type, and attachment indicator.

Preview Pane — Four tabs:

Tab Content
Content HTML/plain-text email body; contact details; task descriptions; sticky note text
Headers RFC 5322 message headers (monospace)
Properties MAPI property names and values for forensics/analysis
Attachments File list with individual or batch save

Search — Full-text search across subjects, bodies, senders, recipients, and attachment names. Filter by item type, date range, has-attachment, and folder scope.

Contacts Dialog — Searchable address book with sortable columns (name, email, company, phone) and export to VCF or CSV.

Calendar Dialog — Three view modes (month, week, day) with event highlighting, half-hour grid lines, and column separators. Navigate by date, click events to view details, and export to ICS or CSV.

Attachments Browser — Scans all emails in the mail file and presents every attachment in a searchable, filterable list. Type filter (images, documents, archives, etc.), filename search, and right-click context menu with Save Attachment, View Containing Email (navigates to the source message), and Copy Filename.

Export Formats

Format Use Case
EML RFC 5322 email files (Outlook, Thunderbird compatible)
CSV Emails, contacts, calendar, or tasks as spreadsheet data
VCF vCard 3.0 contact files
ICS iCalendar appointments/events
TXT Plain-text sticky notes
Attachments Batch extract with optional filtering and inline-image skip

OST Converter

Multi-threaded bulk OST/PST conversion engine integrated as a second tab in the Email Tools panel.

Supported Output Formats

Format Description
PST Outlook Personal Storage (Unicode)
EML RFC 5322 email files
MSG Outlook message files
MBOX Unix mailbox format
DBX Outlook Express format
HTML Styled HTML email archives
PDF PDF email archives
IMAP Upload Direct upload to IMAP servers (Office 365, Gmail, Yahoo)

Key Features

  • Multi-threaded conversion with configurable worker count (1–8 threads)
  • Deleted item recovery (soft and hard delete scanning)
  • PST splitting for large archives with configurable size limits
  • IMAP cloud upload with PLAIN, LOGIN, and XOAUTH2 authentication
  • Advanced filtering by date range, folder, sender, and subject
  • Corruption handling with automatic recovery
  • Metadata preservation across all output formats
  • Detailed conversion reporting

Settings

Settings are configured per-panel — each panel that needs configuration provides its own settings dialog or inline controls.

Panel Settings
Backup and Restore Default backup location, confirmation prompts, notification preferences, logging, compression
Advanced Uninstall Leftover selection defaults, deletion behavior, system protection (restore points), scan level, system component visibility
Image Flasher Flash settings, verification options

Security

Layer Implementation
File encryption AES-256-CBC via Windows BCrypt with PBKDF2 key derivation
Secure memory SecureString / SecureBuffer — zero-fill on destruction, page locking via VirtualLock
Input validation Path sanitization, IP/port validation, Chocolatey name format checks
Elevation Per-task elevation via elevated helper process with Named Pipes IPC; asInvoker manifest with on-demand UAC prompts
AI credential storage OpenAI API key encrypted with Windows DPAPI and stored in the portable app data/credentials/ directory with owner-only file permissions
AI evidence safety AI session data, transcripts, logs, downloads, screenshots, reports, and artifacts stay under portable app data/ai_sessions/; model-bound command output is capped and secrets are redacted

All crypto uses the Windows BCrypt API (FIPS 140-2 validated provider).

Building from Source

Prerequisites

Tool Version
Visual Studio 2022 v17+ with Desktop development with C++
CMake 3.28+
Qt 6.5+ MSVC 2019 64-bit
vcpkg Latest (for zlib, bzip2, liblzma)

Build

git clone https://github.com/RandyNorthrup/S.A.K.-Utility.git
cd S.A.K.-Utility

# Configure
cmake -B build -G "Visual Studio 17 2022" -A x64 `
  -DCMAKE_PREFIX_PATH="C:/Qt/6.5.3/msvc2019_64"

# Optional: explicitly toggle the AI Assistant panel
# -DSAK_ENABLE_AI_ASSISTANT=ON  # default

# Build
cmake --build build --config Release --parallel

# Bundle smartmontools (required for SMART diagnostics)
powershell -ExecutionPolicy Bypass -File scripts/bundle_smartmontools.ps1

# Run
.\build\Release\Release\sak_utility.exe

Code Signing (Optional)

Local builds can be signed via Azure Trusted Signing:

# One-time: log in to Azure
az login

# Sign after building
powershell -ExecutionPolicy Bypass -File scripts/sign-exe.ps1

# Or enable automatic signing on every build:
cmake -B build -G "Visual Studio 17 2022" -A x64 `
  -DCMAKE_PREFIX_PATH="C:/Qt/6.5.3/msvc2019_64" `
  -DSAK_CODE_SIGN=ON
cmake --build build --config Release

Requires Azure CLI and access to the Azure Trusted Signing account. CI builds sign release artifacts only when the signing credentials are configured.

Release Readiness Gates

Release candidates must pass the aggregate readiness gate before publication:

$version = (Get-Content VERSION -Raw).Trim()
$packageName = "SAK-Utility-v$version"
powershell -ExecutionPolicy Bypass -File scripts/stage_portable_release.ps1 `
  -BuildDir build\Release `
  -PackageName $packageName
powershell -ExecutionPolicy Bypass -File scripts/create_release_archive.ps1 `
  -BuildDir build\Release `
  -PackageName $packageName
$extract = "build\Release\clean-readiness-extract"
Remove-Item -Recurse -Force $extract -ErrorAction SilentlyContinue
New-Item -ItemType Directory -Force -Path $extract | Out-Null
Expand-Archive -LiteralPath "build\Release\$packageName-Windows-x64.zip" -DestinationPath $extract -Force
powershell -ExecutionPolicy Bypass -File scripts/check_release_readiness.ps1 `
  -PackageRoot $extract `
  -RequireSignedPackage

For unsigned local preflight builds, omit -RequireSignedPackage; signed package validation remains required before publication.

This verifies secret scanning, blocking-pattern rules, third-party license documentation, Qt resource manifests, portable package contents, startup E2E smoke, and Authenticode signatures. See docs/RELEASE_READINESS.md and docs/SECURITY_THREAT_MODEL.md.

Dependencies

Library License Purpose
Qt 6.5+ LGPL v3 UI framework (Core, Widgets, Concurrent, Network, Xml; Gui linked transitively via Widgets)
zlib zlib License Compression and ZIP archive decompression (deflate)
bzip2 BSD-style bzip2 compression
liblzma 0BSD / Public Domain xz/LZMA compression
qrcodegen MIT QR code generation (bundled source)
win32-mcp-server MIT Bundled portable MCP server for manifest-gated Windows desktop observation/automation
Context7 MCP MIT Remote documentation MCP provider; no bundled code; no app API key
Microsoft Learn MCP Microsoft Learn Terms Remote Microsoft documentation MCP provider; no bundled code; no app API key
smartmontools GPLv2 SMART disk health analysis (bundled smartctl.exe)
iPerf3 BSD 3-Clause LAN bandwidth testing (bundled iperf3.exe)
Chocolatey Apache 2.0 Embedded package manager
Windows BCrypt OS component AES-256, PBKDF2, SHA-256

Full license texts: THIRD_PARTY_LICENSES.md

Testing

cmake --build build --config Release --target RUN_TESTS

Automated tests cover AI assistant clients, MCP HTTP parsing, provider registry, workflow store/evals, orchestration, subagents, tool policy/dispatch, execution broker, cancellation, run state, trace store, credential redaction, Advanced Search, Advanced Uninstall (types, controller, leftover scanner, registry snapshot engine), Network Diagnostics (types, utils, report generation), Email Inspector (PST/OST parsing, MBOX parsing, email types, search, export, profile manager, report generator), OST Converter (types, controller, PST splitter, integration), Offline Deployment (install script parsing, NuGet API, script rewriting, package builder), Elevation (tier classification, IPC protocol, task dispatcher, mixed-tier operations, UX components, hardening), diagnostics, security, encryption, configuration, ISO download, and quick action validation.

Configuration

Settings are stored at %APPDATA%\SAK\Utility\ in INI format.

AI Assistant sessions and credentials are intentionally portable-app local:

Path Purpose
<app>/data/credentials/openai_api_key.dpapi.json Encrypted OpenAI API key
<app>/data/ai_sessions/ Session manifests, transcripts, usage, memory, run state, artifacts, downloads, screenshots, and reports
<app>/data/ai/providers/ Portable AI provider registry overrides
<app>/data/ai/app_manifests/ Portable app-control manifests for scanner/tool workflows
<app>/data/ai/workflows/ User-added workflow templates

The provider gateway exposes Microsoft Learn and Context7 public documentation lookups through HTTP MCP, plus bundled Win32 MCP calls through the portable tools/mcp/win32-mcp-server/win32-mcp-server.exe. Win32 MCP access follows the selected AI access mode: observation tools are read-only, interactive tools use the interactive profile, and high-risk tools require the existing high-risk handling path. Supported app-manifest actions can run through the same gateway; for example, the Microsoft Defender manifest exposes quick/full scan and definition update actions while SUPERAntiSpyware scan actions remain manual until a validated non-interactive workflow exists.

Key Settings

[QuickActions]
backup_location=C:/SAK_Backups

Contributing

See CONTRIBUTING.md for coding standards, commit conventions, and PR workflow.

Quick summary:

  1. Fork -> feature branch -> PR
  2. C++23, camelCase methods, m_ member prefix
  3. Conventional commits (feat:, fix:, docs:, etc.)
  4. Tests for core logic

Roadmap

Planned Features (detailed plans in docs/)

  • File Converter Tab — Universal offline file conversion for documents, images, audio, video, spreadsheets, and PDFs with batch processing and quality controls. Adds a new tab to the File Management panel. See FILE_CONVERTER_TAB_PLAN.md.
  • macOS Bootable USB — Create macOS bootable USB drives from macOS installer images. See MACOS_BOOTABLE_USB_PLAN.md.

License

This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0) — see LICENSE for the full text.

Third-party dependency licenses are documented in THIRD_PARTY_LICENSES.md.

Acknowledgments

  • Qt — Cross-platform UI framework (LGPL v3)
  • qrcodegen — QR code generator by Project Nayuki (MIT)
  • win32-mcp-server — Portable Windows automation MCP server (MIT)
  • Context7 MCP — Remote code documentation MCP provider (MIT source; no app API key required)
  • Microsoft Learn MCP — Remote Microsoft documentation MCP provider
  • aria2 — Multi-connection download manager (GPLv2)
  • UUPMediaCreator — UUP-to-ISO converter by OSTooling (MIT)
  • wimlib / libwim — WIM image library by Eric Biggers (LGPL v3, bundled with UUPMediaConverter)
  • smartmontools — SMART disk diagnostics (GPLv2)
  • iPerf3 — LAN bandwidth testing (BSD 3-Clause)
  • Icons8 — UI icons (Icons8 Free License with attribution)
  • Chocolatey — Windows package manager (Apache 2.0)
  • zlib — Compression library (zlib License)
  • bzip2 — Compression library (BSD-style)
  • XZ Utils — LZMA compression (0BSD / Public Domain)
  • vcpkg — C++ dependency manager (MIT)
  • CMake — Build system (BSD 3-Clause)
  • Microsoft — Windows BCrypt API, PowerShell, Windows SDK, ADK tools (cdimage, imagex, bcdedit, cabarc)

Author

Randy Northrup GitHub · S.A.K.-Utility

Support

About

**Swiss Army Knife (S.A.K.) Utility** S.A.K. Utility is a Windows-only desktop application designed for PC technicians who need to migrate systems, backup user profiles, and manage files during PC repairs, upgrades, and replacements.

Resources

Readme

License

View license

Contributing

Contributing
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 28

v0.9.1.4 Latest
May 22, 2026
+ 27 releases

Packages

 
 
 

Contributors

Languages