Refactor bosh dir protection

[selzoc]

No description provided.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

Walkthrough

This pull request refactors Windows directory ACL protection into two distinct strategies. A new Protect-BoshDir function applies explicit filesystem permissions recursively to BOSH-specific directories using icacls, then disables inheritance only at the root. The existing Protect-Dir function is simplified to always apply cacls operations first, then conditionally disable inheritance. The Install-Agent sequence is updated to call Protect-BoshDir for C:\bosh and C:\var\vcap\bosh\bin, while Protect-Dir handles C:\var and C:\Windows\Panther. ACL validation in acceptance tests is split: general allowlist checking via Test-FolderAcls across multiple directories, and BOSH-specific write-access denial enforcement via a new Test-BoshDirAcls helper targeting BOSH paths only.

Suggested reviewers

• aramprice

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	No description was provided by the author; the pull request description field is empty.	Add a description explaining the rationale for the refactoring, the specific changes made, and why the new Protect-BoshDir function was introduced separately from Protect-Dir.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Refactor bosh dir protection' directly matches the main changes across the codebase, which involve reorganizing how BOSH directory protection is handled through new functions and modified ACL validation logic.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch refactor-bosh-dir-protection

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}