Enhance/native hw detection#2
Merged
Merged
Conversation
…ci, display, and bluetooth components Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
…B metadata - Add lsusb -v, cpupower frequency-info, and cpupower idle-info collectors - Parse and merge richer USB descriptor data (class, power, interfaces) - Parse cpupower frequency/idle output for driver, governor, boost, idle states - Emit new CPU properties: frequency/idle driver, governor, boost, idle state summary - Emit new USB properties: product name, serial, power, interface classes, configuration/interface counts - Emit additional battery/power supply telemetry (voltage, current, energy, charge, scope, design capacity %) - Update tests for extended hardware metadata extraction and normalization Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
…ter and connector metadata Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
… EDID decode command support and diagnostics Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
…noisy stderr warnings - Add probeOptionalLinuxCommand to detect optional command availability (e.g. edid-decode) before execution - Suppress command-warning diagnostics for generic stderr when stdout is usable - Update SECURITY.md and THREAT_MODEL.md to document new commands and evidence properties - Export getInstallHint for install diagnostics - Add test for noisy stderr suppression in runCommand Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
…smem command diagnostics and document command diagnostic handling Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
There was a problem hiding this comment.
Pull request overview
This PR significantly expands the Linux native hardware detection capabilities of cdx-hbom, adding a broad range of new collectors and parsers for Thunderbolt, modems, DRM info, UPower, fwupd, EDID-decode, cpupower, and verbose USB, along with a new command diagnostics infrastructure that classifies command failures and provides install hints. It also introduces a controlled sudo -n retry path for privileged enrichment and merges new sources into existing hardware components.
Changes:
- New Linux command collectors and parsers (
lsusb -v,cpupower frequency/idle,drm_info,upower --dump,fwupdmgr,boltctl,mmcli,edid-decode) feeding new component classes (thunderbolt-device, modem, firmware-device) and enriching existing ones. - Command diagnostic infrastructure in
src/common/command.jswith failure classification (missing-command, permission-denied, partial-support, timeout), install hints, suppression of low-value noise, and optionalsudo -nretry gated by aprivilegefield on eachCommandSpec. - Documentation, threat model, README, and CLI changes to surface the new properties, privilege model, and per-command diagnostics on stderr.
Reviewed changes
Copilot reviewed 10 out of 12 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/linux/common/index.js | Adds new parsers, merge helpers, and component creators for Thunderbolt, modems, DRM info, UPower, fwupd, EDID-decode, and lshw enrichment. |
| src/linux/common/commands.js | Adds new command specs and a privilege field used by the runner; includes the edid-decode template spec. |
| src/common/command.js | Implements failure classification, install hints, suppressed-diagnostic handling, and sudo -n retry for optional/required privileged commands. |
| bin/cdx-hbom.js | Emits aggregated command diagnostics to stderr without polluting JSON stdout. |
| index.js | Wires new collectors and diagnostics into the public build entry. |
| test/linux.test.js | Adds comprehensive parser and end-to-end build tests for all new enrichment paths. |
| test/command.test.js | New tests covering classification, install hints, and sudo retry behavior. |
| test/commands.test.js | Tests new command specs and their privilege/purpose metadata. |
| docs/hardware-properties.md | Documents newly emitted properties across enriched component classes. |
| docs/THREAT_MODEL.md / SECURITY.md / README.md | Documents the privilege model, diagnostics surface, and new collectors. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…per-device and per-interface runtime substitution Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.