ci: expand tagged test coverage and repair workflows

.github/workflows/ci.yaml

@@ -1,104 +1,118 @@
-name: ci
-
-on:
-  push:
-    branches: [dev]
-  pull_request:
-    branches: [dev]
-  workflow_dispatch:
-
-jobs:
-  unit:
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          submodules: recursive
-
+name: ci
+
+on:
+  push:
+    branches: [dev]
+  pull_request:
+    branches: [dev]
+  workflow_dispatch:
+
+jobs:
+  unit:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
           go-version: "1.24.13"
-          cache: true
-
-      - name: Go mod tidy
-        run: go mod tidy
-
-      - name: Go vet
-        run: go vet ./...
-
-      - name: Test inventory
-        run: go run ./scripts/testinventory -output dist/testing
-
-      - name: Go test
-        run: go test ./... -count=1 -timeout 300s
-
-      - name: Go build
-        run: go build ./...
-        env:
-          CGO_ENABLED: 0
-
-  race:
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          submodules: recursive
-
+          cache: false
+
+      - name: Go mod tidy
+        run: go mod tidy
+
+      - name: Go vet
+        run: go vet ./...
+
+      - name: Test inventory
+        run: go run ./scripts/testinventory -output dist/testing
+
+      - name: Go test
+        run: go test ./... -count=1 -timeout 300s
+
+      - name: Go build
+        run: go build ./...
+        env:
+          CGO_ENABLED: 0
+
+  race:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
           go-version: "1.24.13"
-          cache: true
-
-      - name: Go mod tidy
-        run: go mod tidy
-
-      - name: Race detection — core, parser, stream
-        run: >-
-          go test -race -count=1 -timeout 300s
-          ./server/internal/core
-          ./server/internal/parser/...
-          ./server/internal/stream
-
+          cache: false
+
+      - name: Go mod tidy
+        run: go mod tidy
+
+      - name: Race detection — core, parser, stream
+        run: >-
+          go test -race -count=1 -timeout 300s
+          ./server/internal/core
+          ./server/internal/parser/...
+          ./server/internal/stream
+
   mock_implant:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-        with:
-          submodules: recursive
-
+        with:
+          submodules: recursive
+
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
           go-version: "1.24.13"
-          cache: true
-
+          cache: false
+
       - name: Go mod tidy
         run: go mod tidy
 
+      - name: Discover mock implant packages
+        shell: bash
+        run: echo "MOCKIMPLANT_PACKAGES=$(go run ./scripts/testmatrix -layer mockimplant)" >> "$GITHUB_ENV"
+
+      - name: Show mock implant package selection
+        run: echo "$MOCKIMPLANT_PACKAGES"
+
       - name: Mock implant E2E tests
-        run: go test -tags=mockimplant ./server -count=1 -timeout 300s
+        run: go test -tags=mockimplant $MOCKIMPLANT_PACKAGES -count=1 -timeout 300s
 
   integration:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          submodules: recursive
-
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
           go-version: "1.24.13"
-          cache: true
-
+          cache: false
+
       - name: Go mod tidy
         run: go mod tidy
 
+      - name: Discover integration packages
+        shell: bash
+        run: echo "INTEGRATION_PACKAGES=$(go run ./scripts/testmatrix -layer integration)" >> "$GITHUB_ENV"
+
+      - name: Show integration package selection
+        run: echo "$INTEGRATION_PACKAGES"
+
       - name: Client/Server integration tests
-        run: go test -tags=integration ./server ./client/command/listener ./client/command/pipeline ./client/command/website ./client/command/sessions ./client/command/context -count=1 -timeout 300s
+        run: go test -tags=integration $INTEGRATION_PACKAGES -count=1 -timeout 300s

.github/workflows/realimplant.yaml

@@ -0,0 +1,46 @@
+name: realimplant
+
+on:
+  workflow_dispatch:
+
+jobs:
+  real_implant:
+    runs-on:
+      - self-hosted
+      - windows
+    env:
+      MALICE_REAL_IMPLANT_RUN: "1"
+      MALICE_REAL_IMPLANT_WORKSPACE: ${{ vars.MALICE_REAL_IMPLANT_WORKSPACE }}
+      MALICE_REAL_IMPLANT_BIN: ${{ vars.MALICE_REAL_IMPLANT_BIN }}
+      MALICE_REAL_IMPLANT_MUTANT: ${{ vars.MALICE_REAL_IMPLANT_MUTANT }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.24.13"
+          cache: false
+
+      - name: Validate real implant environment
+        shell: pwsh
+        run: |
+          if ([string]::IsNullOrWhiteSpace($env:MALICE_REAL_IMPLANT_BIN)) {
+            throw "Repository variable MALICE_REAL_IMPLANT_BIN is required."
+          }
+          if ([string]::IsNullOrWhiteSpace($env:MALICE_REAL_IMPLANT_MUTANT)) {
+            throw "Repository variable MALICE_REAL_IMPLANT_MUTANT is required."
+          }
+
+      - name: Go mod tidy
+        run: go mod tidy
+
+      - name: Real implant E2E tests
+        shell: pwsh
+        run: |
+          $packages = go run ./scripts/testmatrix -layer realimplant -format lines
+          $packages | ForEach-Object { Write-Host $_ }
+          go test -tags=realimplant $packages -count=1 -timeout 600s

client/command/testsupport/recorder.go

@@ -208,6 +208,10 @@ func (r *RecorderRPC) RefreshModule(ctx context.Context, in *implantpb.Request,
 	return r.taskResponse(ctx, "RefreshModule", in)
 }
 
+func (r *RecorderRPC) UnloadModule(ctx context.Context, in *implantpb.Request, opts ...grpc.CallOption) (*clientpb.Task, error) {
+	return r.taskResponse(ctx, "UnloadModule", in)
+}
+
 func (r *RecorderRPC) ExecuteModule(ctx context.Context, in *implantpb.ExecuteModuleRequest, opts ...grpc.CallOption) (*clientpb.Task, error) {
 	return r.taskResponse(ctx, "ExecuteModule", in)
 }
@@ -763,6 +767,7 @@ var methodTaskTypes = map[string]string{
 	"ListModule":     consts.ModuleListModule,
 	"LoadModule":     consts.ModuleLoadModule,
 	"RefreshModule":  consts.ModuleRefreshModule,
+	"UnloadModule":   consts.ModuleUnloadModule,
 	"ListAddon":      consts.ModuleListAddon,
 	"LoadAddon":      consts.ModuleLoadAddon,
 	"ExecuteAddon":   consts.ModuleExecuteAddon,