Comprehensive code quality improvements and modernization

[Copilot]

This PR implements significant improvements to the Decoy repository to enhance code quality, safety, maintainability, and developer experience while maintaining full backward compatibility.

Key Improvements

🔧 Code Quality & Safety

• Centralized Configuration: Added config.h with all constants, version info, and settings in one place
• Enhanced Input Validation: Added null pointer checks and parameter validation throughout
• Buffer Safety: Implemented comprehensive snprintf return value checking and path length validation
• Bounds Checking: Added safety checks to prevent array overflow when process count exceeds MAX_PROCESSES
• Named Constants: Replaced all magic numbers (64, 2000ms timeouts, hardcoded paths) with meaningful constants

🏗️ Build System Modernization

• Modern CMake: Migrated from global include_directories() to target-based approach
• Library Structure: Created reusable decoy-common static library for shared code
• Cross-platform Support: Improved Windows-specific configuration with proper generator expressions
• Version Management: Integrated semantic versioning throughout the codebase

📚 Documentation & Developer Experience

• Help System: Added comprehensive -h/--help support with usage examples and interactive command reference
• Contributing Guidelines: Complete development setup instructions and contribution process (CONTRIBUTING.md)
• Changelog: Professional changelog following Keep a Changelog conventions (CHANGELOG.md)
• Code Style: Added .editorconfig for consistent formatting across different editors
• Enhanced Documentation: Improved function documentation with detailed parameter descriptions

🛡️ Security Enhancements

• Path Traversal Protection: Added validation to prevent directory traversal attacks in process names
• Safe String Operations: Enhanced buffer management with proper bounds checking
• Process Verification: Improved process identification and termination safety using centralized UUID constant

Example Usage Improvements

The help system now provides clear guidance:

$ decoy-manager --help
Decoy Manager v0.1.0
A lightweight Windows utility that creates dummy processes mimicking analysis tools.

Usage: decoy-manager [OPTIONS]

Options:
  -S, -s    Start all decoy processes and exit
  -T, -t    Terminate all decoy processes and exit
  -Q, -q    Quiet mode: start processes without output
  -h, --help, -?, /?    Show this help message

Technical Details

Before vs After: Configuration Management

Before:

static FakeProcess processes[64];  // Magic number
WaitForSingleObject(hProcess, 2000);  // Hardcoded timeout
snprintf(path, MAX_PATH, "processes\\%s", name);  // No validation

After:

static FakeProcess processes[MAX_PROCESSES];  // Named constant
WaitForSingleObject(hProcess, PROCESS_WAIT_TIMEOUT);  // Configurable
int ret = snprintf(path, MAX_PATH, "%s\\%s", PROCESSES_DIR, name);
if (ret < 0 || ret >= MAX_PATH) { /* handle error */ }  // Safe validation

CMake Modernization

The build system now uses target-based properties instead of global settings, making it more maintainable and following modern CMake best practices.

Backward Compatibility

All changes maintain full backward compatibility:

• Existing command-line arguments work unchanged
• Interactive mode behavior is preserved
• Process management functionality remains identical
• No breaking changes to user-facing features

This PR establishes a solid foundation for future development while significantly improving code quality and developer experience.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.