fix: harden hardware identifier collection across all platforms (#14)

* chore: ai config

* chore: ai config

* fix: remove unnecessary workflow

* fix: filter OEM placeholder in Windows PowerShell fallback paths

PowerShell fallbacks for CPU, system UUID, and disk serials were returning
"To be filled by O.E.M." as a valid identifier — only motherboard serial
handled it. Centralize filtering in parsePowerShellValue /
parsePowerShellMultipleValues so every PowerShell-backed collector rejects
OEM placeholders consistently with the wmic path.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: harden Linux CPU and disk serial collection

Three correctness bugs in the Linux collector:

1. parseCPUInfo returned ":::" when /proc/cpuinfo was empty or contained
   no recognized fields, silently contributing a fixed string to the
   machine ID and reducing entropy. Now returns ErrNotFound so the
   caller records a proper component error.

2. linuxDiskSerials, linuxDiskSerialsLSBLK, and linuxDiskSerialsSys did
   not filter the BIOS "To be filled by O.E.M." placeholder, unlike the
   motherboard path which uses isValidSerial. Route all disk serial
   candidates through isValidSerial so the placeholder is rejected
   consistently.

3. linuxDiskSerials returned (nil, nil) when both lsblk and /sys/block
   failed, making "no disks on this system" indistinguishable from
   "collection is broken." It now returns ErrNotFound only when both
   backends errored AND no valid serial was produced.

Also parameterize sysBlockDir via a package-private variable so
linuxDiskSerialsSys can be tested against a fake /sys/block tree built
with t.TempDir().

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* test: add args-aware overrides to mockExecutor

The existing mock keys registered outputs and errors by command name
only, which made it impossible to test code that invokes the same
command with different arguments (e.g. two sysctl subcommands on
macOS). Add setOutputForArgs / setErrorForArgs that take precedence
over the name-only maps so such flows can be exercised deterministically.
Existing setOutput / setError behavior is unchanged.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: reject null UUIDs and lock Apple Silicon CPU path on darwin

macOSHardwareUUID accepted "00000000-0000-0000-0000-000000000000" from
either system_profiler or ioreg, letting a null UUID contribute to the
machine ID on hardware where firmware hasn't programmed a real one.
Reject the null UUID in both the system_profiler path (falling back to
ioreg) and the ioreg path (returning ParseError/ErrNotFound).

Also add Apple Silicon and Intel CPU tests that use the new args-aware
mock executor to exercise the exact production paths that were
previously impossible to test:

  - brand_string = "Apple M1 Pro", features = "" → "Apple M1 Pro:"
    (trailing colon preserved for license activation compatibility).
  - brand_string + non-empty features → "brand:features".
  - brand_string OK but features errors → degraded "brand" result.

The degraded path is intentionally preserved to avoid invalidating
existing license activations; a new doc comment on macOSCPUInfo
explains the divergence, and TestMacOSCPUInfoBrandOKFeaturesErrorDegrades
locks the behavior in so any future change fails loudly.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: christiangda

.github/copilot-instructions.md

@@ -33,10 +33,10 @@ Since this is a library build in native go, the files are mostly organized follo
 ## Code Style
 
 - Follow Go's idiomatic style defined in
-  - #fetch https://google.github.io/styleguide/go/guide
-  - #fetch https://google.github.io/styleguide/go/decisions
-  - #fetch https://google.github.io/styleguide/go/best-practices
-  - #fetch https://golang.org/doc/effective_go.html
+  - <https://google.github.io/styleguide/go/guide>
+  - <https://google.github.io/styleguide/go/decisions>
+  - <https://google.github.io/styleguide/go/best-practices>
+  - <https://golang.org/doc/effective_go.html>
 - Use meaningful names for variables, functions, and packages.
 - Keep functions small and focused on a single task.
 - Use comments to explain complex logic or decisions.

.github/workflows/main.yml

@@ -0,0 +1 @@
+.github/copilot-instructions.md

CLAUDE.md

@@ -17,6 +17,11 @@ var (
 	ioregSerialRe = regexp.MustCompile(`"IOPlatformSerialNumber"\s*=\s*"([^"]+)"`)
 )
 
+// nullUUID is the all-zero UUID that some firmware implementations return
+// when no real hardware UUID is programmed. It must be rejected so it
+// cannot contribute to the machine ID.
+const nullUUID = "00000000-0000-0000-0000-000000000000"
+
 // spHardwareDataType represents the JSON output of `system_profiler SPHardwareDataType -json`.
 type spHardwareDataType struct {
 	SPHardwareDataType []spHardwareEntry `json:"SPHardwareDataType"`
@@ -90,17 +95,22 @@ func collectIdentifiers(ctx context.Context, p *Provider, diag *DiagnosticInfo)
 }
 
 // macOSHardwareUUID retrieves hardware UUID using system_profiler with JSON parsing.
+// Null UUIDs (all zeros) are rejected so the fallback path is triggered.
 func macOSHardwareUUID(ctx context.Context, executor CommandExecutor, logger *slog.Logger) (string, error) {
 	output, err := executeCommand(ctx, executor, logger, "system_profiler", "SPHardwareDataType", "-json")
 	if err == nil {
 		uuid, parseErr := extractHardwareField(output, func(e spHardwareEntry) string {
 			return e.PlatformUUID
 		})
 		if parseErr == nil {
-			return uuid, nil
-		}
-
-		if logger != nil {
+			if uuid == nullUUID {
+				if logger != nil {
+					logger.Debug("system_profiler returned null UUID, falling back")
+				}
+			} else {
+				return uuid, nil
+			}
+		} else if logger != nil {
 			logger.Debug("system_profiler UUID parsing failed", "error", parseErr)
 		}
 	}
@@ -114,6 +124,7 @@ func macOSHardwareUUID(ctx context.Context, executor CommandExecutor, logger *sl
 }
 
 // macOSHardwareUUIDViaIOReg retrieves hardware UUID using ioreg as fallback.
+// Null UUIDs (all zeros) are rejected with ErrNotFound.
 func macOSHardwareUUIDViaIOReg(ctx context.Context, executor CommandExecutor, logger *slog.Logger) (string, error) {
 	output, err := executeCommand(ctx, executor, logger, "ioreg", "-d2", "-c", "IOPlatformExpertDevice")
 	if err != nil {
@@ -122,6 +133,14 @@ func macOSHardwareUUIDViaIOReg(ctx context.Context, executor CommandExecutor, lo
 
 	match := ioregUUIDRe.FindStringSubmatch(output)
 	if len(match) > 1 {
+		if match[1] == nullUUID {
+			if logger != nil {
+				logger.Debug("ioreg returned null UUID")
+			}
+
+			return "", &ParseError{Source: "ioreg output", Err: ErrNotFound}
+		}
+
 		return match[1], nil
 	}
 
@@ -182,6 +201,13 @@ func macOSSerialNumberViaIOReg(ctx context.Context, executor CommandExecutor, lo
 // producing "ChipType:" — this trailing colon is preserved for backward
 // compatibility with existing license activations.
 // Falls back to system_profiler chip_type only if sysctl fails entirely.
+//
+// Known quirk: if machdep.cpu.brand_string succeeds but machdep.cpu.features
+// errors (e.g. transient syscall failure under sandboxing), the result
+// degrades to just cpuBrand instead of "cpuBrand:features". This produces a
+// different hash for the same machine across calls. The divergence is
+// preserved intentionally — changing it would invalidate every existing
+// license activation generated under the current behavior.
 func macOSCPUInfo(ctx context.Context, executor CommandExecutor, logger *slog.Logger) (string, error) {
 	// Primary: sysctl (backward compatible)
 	output, err := executeCommand(ctx, executor, logger, "sysctl", "-n", "machdep.cpu.brand_string")