AptDiskwright Overview
AptDiskwright is a Windows 11 disk-planning and GPT/UEFI migration desktop application built around one operating rule, stated directly in its own AGENTS.md: "plan first, execute second, record everything."
:::danger Physical-disk mutation is intentionally disabled Live migration and any physical-disk mutation are switched off until disposable-VHD and bootable-VM qualification is complete. This isn't a missing feature — it's a deliberate safety gate the project has not yet cleared, and the codebase enforces it rather than just documenting it. :::
Who it's for
An operator who needs to plan disk repartitioning or GPT/UEFI migrations with real evidence trails — not a general consumer partitioning tool. The safety posture (stale-inventory rejection, mandatory validation, evidence-first design) assumes someone who wants to prove a migration was planned correctly before it touches a physical disk.
The core concept
The architecture is split cleanly along a trust boundary:
AptDiskwright.vbproj (WPF client) <-- unelevated, never runs as admin
│
│ authenticated named-pipe protocol (AptDiskwright.Engine.v1,
│ length-prefixed UTF-8 JSON)
▼
engine/ (C++ Windows service) <-- privileged, demand-start, the only
component allowed to touch storage
The client can never destructively act on a disk on its own — every privileged operation has to cross the named-pipe boundary into the engine, and the engine is the one component qualified (eventually) to run destructive operations.
The planning workflow itself is: capture a live disk inventory → author an operation plan with a dependency-ordered transaction queue → validate the plan (stale inventory, dependency cycles, and drive-letter conflicts are all blocking findings) → freeze the plan by binding it to a SHA-256 manifest → only then hand execution to the engine.
Why this shape
Disk migration tooling is exactly the kind of software where "it mostly works" isn't good enough — a wrong write to the wrong disk is unrecoverable. Splitting the unelevated planner from the privileged engine, requiring a frozen SHA-256-bound plan before any execution, and refusing to identify a destructive target by drive letter alone (drive letters can be reassigned between inventory capture and execution) are all safeguards against exactly the class of mistake that makes disk tools dangerous.