Refactor session/TUI flow, modernize Ruby 4 stack, and harden lsass dump fallback path

[giveen]

PR Title

Refactor session/TUI flow, modernize Ruby 4 stack, and harden lsass dump fallback path

PR Description

⚠️ Experimental Status (Important)

The TUI in this PR is highly experimental and is not production-usable right now.
It is an active refactor foundation for future work, and operator behavior/UX should be considered unstable.

Summary

This PR bundles today’s reliability and modernization work across command dispatch, connection/session flow, tooling, uploader behavior, and the in-progress TUI architecture.

Commits Included

• 53ecfd7
  Refactor session dispatch and harden connection/upload reliability
• 005ef15
  Modernize Ruby 4 stack, harden TUI/dispatcher, and stabilize bypass scripts
• 54b138e
  Refactor TUI flow and harden lsass_dump fallback/download

What Changed

• Reworked command handling into a stronger dispatcher-driven flow and reduced brittle logic in session command paths.
• Improved connection/session reliability and error surfacing during remote execution.
• Modernized Ruby 4 dependency/runtime compatibility and added migration support script/workflow.
• Expanded shell adapter and execution handling to be more resilient under noisy/partial remote output.
• Reworked TUI internals:
  • async command queue + worker approach,
  • improved input/render lifecycle,
  • controller wiring for menu/hotkeys/actions,
  • profile loading integration.
• Added/expanded state and controller components to support the evolving TUI architecture.
• Hardened uploader/downloader behavior for remote file handling and path resolution.
• Hardened lsass_dump workflow:
  • improved diagnostics when ProcDump fails,
  • fallback dump path via alternate method,
  • improved download resolution for generated dump artifacts.

Behavior Notes

• lsass_dump now has better operator-facing diagnostics and fallback behavior.
• In tested runs, fallback dump and retrieval path completed successfully when ProcDump path failed.
• TUI remains intentionally marked as experimental and should not be treated as stable.

Validation

• Focused spec runs passed during this work (notably TUI-related spec coverage).
• Manual runtime validation was performed for lsass_dump failure/fallback/retrieval flow.

Safety/Artifact Hygiene

• No secrets, dump artifacts, or executable binaries were committed as part of this PR.

Follow-up Work

• Continue TUI stabilization before claiming usability (input edge cases, pane behavior, UX consistency).
• Add targeted tests around dispatcher fallback and dump retrieval edge cases.
• Further reduce implicit behavior in command macro execution and increase deterministic error signaling.

[Copilot]

Pull request overview

This PR refactors the session command loop into a dispatcher-driven flow, introduces an experimental TUI architecture backed by shared AppState, and updates the Ruby dependency stack / WinRM integration for Ruby 4 compatibility.

Changes:

• Add CommandDispatcher + Execution helpers to centralize command handling and execution/streaming behavior.
• Introduce experimental TUI components (TUI, controller, AppState) and wire a --tui flag + profile loading helpers.
• Harden uploader/downloader path resolution and modernize Ruby dependencies / warning suppression.

Reviewed changes

Copilot reviewed 30 out of 34 changed files in this pull request and generated 17 comments.

Show a summary per file

File	Description
scripts/test_tui_flags.rb	Adds a helper script to test TUI flag scanning (currently references missing API).
scripts/test_tui_dashboard.rb	Adds a helper script to render the dashboard with a mock shell.
scripts/test_banner_mock.rb	Adds a helper script to test banner rendering with a mock shell.
scripts/migrate_ruby4_dependencies.sh	Adds a migration script to regenerate lockfile/install deps for Ruby 4 setup.
scripts/demo_tui_live.rb	Adds a TUI demo script (currently references missing API).
loot/session_test.log	Removes committed session test log artifact.
loot/placeholder.txt	Removes placeholder loot file.
lib/evil_ctf/utils.rb	Introduces centralized PowerShell single-quote escaping helper.
lib/evil_ctf/uploader/client.rb	Refactors upload/download flows, adds path resolution + AppState progress tracking.
lib/evil_ctf/uploader.rb	Updates fileops completion escaping and adds remote tmp cleanup helper.
lib/evil_ctf/tui_controller.rb	Adds controller layer for hotkeys, tools/macros, profiles, settings, transfers.
lib/evil_ctf/tui.rb	Adds large experimental TUI implementation (async queue + rendering + polling).
lib/evil_ctf/tools.rb	Modernizes bypass scripts/macros and shifts execution to Execution.run.
lib/evil_ctf/shell_wrapper.rb	Loads warning-silencing compat layer before WinRM initialization.
lib/evil_ctf/shell_adapter.rb	Adds internal file manager (upload/download) and extra requires.
lib/evil_ctf/session.rb	Reworks session flow: validation, dispatcher integration, optional TUI handoff, prompt normalization.
lib/evil_ctf/logger.rb	Switches to a persistent synced file handle + adds close.
lib/evil_ctf/execution.rb	Adds bounded-time execution and job-based streaming utility.
lib/evil_ctf/errors.rb	Adds ConnectionValidationFailed error type.
lib/evil_ctf/connection.rb	Refactors connection builder for keyword args and adds ConnectionValidator.
lib/evil_ctf/command_dispatcher.rb	Adds dispatcher with registered handlers (tools, enum, bypass, lsass dump fallback).
lib/evil_ctf/cli.rb	Adds --tui, profile loader usage, and pre-session connection validation.
lib/evil_ctf/banner.rb	Adds early TUI launch path from banner when enabled.
lib/evil_ctf/app_state.rb	Introduces shared thread-safe state container for TUI/session state.
lib/config/profiles.rb	Adds centralized profile discovery/loading helpers.
lib/compat/silence_warnings.rb	Adds targeted Warning suppression for WinRM “object_id” redefine noise.
evil-ctf	Adds wrapper script to run via bundle exec.
evil-ctf.rb	Adds root runner that executes EvilCTF::CLI.
bin/evil-ctf.rb	Loads silence_warnings and auto-requires bundler/setup for --tui.
Gemfile.lock	Updates locked gems/platforms and bundler metadata.
Gemfile	Loosens gem constraints and adds TTY deps in development.
.gitignore	Ignores bundler config and log output directories.
.github/instructions/todos.instructions.md	Adds repo instructions/todos metadata.
.github/copilot-instructions.md	Adds Copilot instruction/todo metadata.
.bundle/config	Removes committed bundler config.

Comments suppressed due to low confidence (1)

lib/evil_ctf/session.rb:172

• Session.run_session validates conn via EvilCTF::ConnectionValidator.validate(conn, ...) and then immediately calls conn.shell(:powershell). Since the validator currently closes/resets the passed-in connection, this flow is very likely to fail (shell creation on a closed connection). Either validate using a separate connection instance or update the validator to not dispose the conn it was given.

    # Validate connection and capture validation info
    validation_info = nil
    begin
      validation_info = EvilCTF::ConnectionValidator.validate(conn, timeout: 10)
      if validation_info[:ok]
        puts "[+] Connection validated: #{validation_info[:hostname]}"
      else
        puts "[!] Connection validation failed: #{validation_info[:error]}"
      end
    rescue => e
      validation_info = { ok: false, hostname: nil, error: "Validation error: #{e.message}" }
    end

    shell = nil
    begin
      shell = conn.shell(:powershell)