feat: Windows VM phase 3 — golden image automation, CI guide, examples

[Eito-Test-Account]

Summary

• desktest init-windows command: Two-stage golden image builder — Stage 1 installs Windows 11 from ISO via Autounattend.xml (unattended, UEFI GPT, VirtIO drivers, TPM bypass, OpenSSH, auto-login), Stage 2 provisions dependencies via SSH (Python 3, PyAutoGUI, uiautomation, WinFsp + VirtIO-FS, agent scripts, scheduled task, system hardening)
• CI/CD integration guide (dev-docs/windows-ci-guide.md): GitHub Actions workflow YAML with explicit KVM/runner limitations, self-hosted runner setup, cloud nested virtualization matrix, golden image caching strategies, troubleshooting
• Windows Calculator example (examples/windows-calculator.json): Basic test exercising Calculator app interaction in a QEMU/KVM VM
• Documentation updates: All markdown files updated to reflect Windows support alongside macOS — README, CLAUDE.md, docs/ci.md, docs/macos-support.md, examples/README.md, skills/desktest-skill.md

New files

File	Purpose
src/init_windows.rs	Two-stage golden image provisioning (QEMU + SSH)
windows/Autounattend.xml	Unattended Windows 11 install config
windows/provision.ps1	PowerShell provisioning script
dev-docs/windows-ci-guide.md	CI/CD integration guide
examples/windows-calculator.json	Calculator test example

Modified files

File	Changes
src/cli.rs	InitWindows subcommand
src/main.rs	mod init_windows + dispatch
src/warnings.rs	warn_init_windows_resources()
src/preflight.rs	Windows VM status in desktest doctor
dev-docs/windows-support-plan.md	Phase 3 marked complete
CLAUDE.md, README.md, docs/ci.md, docs/macos-support.md, examples/README.md, skills/desktest-skill.md	Windows documentation

Test plan

• cargo build compiles cleanly (verified)
• desktest --help shows init-windows subcommand
• desktest init-windows --help shows all options (windows-iso, virtio-iso, output, disk-size, ram, cpus)
• desktest doctor shows Windows VM status line
• desktest validate examples/windows-calculator.json passes
• End-to-end init-windows on a Linux host with KVM (requires Windows ISO + VirtIO ISO)

🤖 Generated with Claude Code

[greptile-apps]

Greptile Summary

This PR completes Phase 3 of Windows VM support for desktest: it adds the desktest init-windows command, the unattended Windows 11 installation config (Autounattend.xml), the PowerShell provisioning script (provision.ps1), a CI/CD guide, and a Windows Calculator example. The implementation follows the established two-stage pattern used by init-macos and integrates cleanly with the existing session abstraction and preflight system.

Key changes:

• src/init_windows.rs — 773-line two-stage provisioner: Stage 1 uses QEMU + secondary ISO with Autounattend.xml for unattended OS install; Stage 2 SSHes into the provisioned VM to run provision.ps1 and deploy agent scripts
• windows/Autounattend.xml — UEFI GPT layout, VirtIO driver loading, TPM bypass, OpenSSH Server enablement, auto-login, and Stage 1 shutdown signal
• windows/provision.ps1 — Python 3, PyAutoGUI, WinFsp, vm-agent scheduled task, system hardening
• src/cli.rs + src/main.rs — InitWindows subcommand wired up
• src/preflight.rs + src/warnings.rs — desktest doctor and pre-run warnings for Windows VM
• Documentation updates across README, CLAUDE.md, docs/, examples/

All three findings are P2 (style/UX) with no correctness or data-integrity impact.

Confidence Score: 5/5

Safe to merge — all remaining findings are P2 style/UX improvements with no correctness or data-integrity impact.

The implementation is thorough and well-structured: prerequisite checks run before any side effects, child processes are cleaned up in both success and failure paths, the two-stage flow is clearly separated, and error messages are actionable. All three comments are P2: the example evaluator mismatch is cosmetic, the 120-second post-failure wait is a UX delay not a correctness bug, and the port-2222 conflict surfaces eventually via SSH timeout rather than immediately.

examples/windows-calculator.json (evaluator mismatch), src/init_windows.rs lines 429-439 (unconditional shutdown wait on failure)

Important Files Changed

Filename	Overview
src/init_windows.rs	Core two-stage provisioner: well-structured, clean error propagation, and proper child-process cleanup. Minor issue: a provisioning failure always incurs a 120-second wait because the shutdown guard is unconditional.
windows/Autounattend.xml	Correct UEFI GPT layout, VirtIO driver paths, hardware-check bypasses, and Stage-1 shutdown signal. Hardcoded credentials are intentional for a test VM.
windows/provision.ps1	Comprehensive provisioning script covering Python, pip packages, WinFsp, VirtIO-FS mount config, scheduled task, and system hardening. Hardcoded versions and credential stores are expected for golden-image tooling.
examples/windows-calculator.json	The evaluator only checks whether Calculator is running (process ID exists), but the stated goal is to verify that the computation result shows 100 — the metric doesn't actually validate the result.
src/cli.rs	Clean InitWindows subcommand addition with comprehensive help text and all required arguments.
src/preflight.rs	Adds informational Windows VM status line to desktest doctor, gracefully skipped on non-Linux hosts.
src/warnings.rs	Adds warn_init_windows_resources() consistent with the existing warn_init_macos_resources() pattern.
dev-docs/windows-ci-guide.md	Well-written CI guide with explicit KVM limitations, example workflow, self-hosted runner setup, cloud provider matrix, caching strategies, and troubleshooting table.
src/main.rs	Adds mod init_windows and Command::InitWindows dispatch, consistent with how InitMacos is handled.

Sequence Diagram

sequenceDiagram
    participant User
    participant CLI as desktest CLI
    participant S1 as Stage 1 (QEMU install)
    participant S2 as Stage 2 (QEMU + SSH)
    participant Win as Windows Guest

    User->>CLI: desktest init-windows --windows-iso ... --virtio-iso ...
    CLI->>CLI: preflight checks (QEMU, OVMF, swtpm, genisoimage, sshpass)
    CLI->>CLI: validate ISO paths, check output doesn't exist
    CLI->>CLI: find windows/ dir (scripts + Autounattend.xml)
    CLI->>CLI: create temp work_dir

    note over CLI,S1: Stage 1 — unattended OS install
    CLI->>S1: spawn swtpm (TPM emulator)
    CLI->>S1: genisoimage → autounattend.iso
    CLI->>S1: qemu-img create → output.qcow2
    CLI->>S1: spawn QEMU (Windows ISO + VirtIO ISO + autounattend.iso)
    S1->>Win: boot from CD-ROM
    Win->>Win: Autounattend.xml: partition, install OS, load VirtIO drivers
    Win->>Win: Enable OpenSSH Server, disable Defender
    Win->>Win: FirstLogonCommands: disable UAC, screensaver, set resolution
    Win->>S1: shutdown /s (signals Stage 1 complete)
    S1->>CLI: QEMU exits
    CLI->>CLI: kill swtpm

    note over CLI,S2: Stage 2 — SSH provisioning
    CLI->>S2: spawn swtpm (new TPM state)
    CLI->>S2: spawn QEMU (output.qcow2, hostfwd tcp::2222-:22)
    S2->>Win: boot installed Windows
    CLI->>CLI: wait_for_ssh() — poll localhost:2222 (3 min timeout)
    CLI->>Win: sshpass/scp — copy vm-agent.py, execute-action.py, get-a11y-tree.py, win-screenshot.py
    CLI->>Win: sshpass/scp — copy provision.ps1
    CLI->>Win: ssh — powershell -File C:\\Temp\\provision.ps1
    Win->>Win: install Python 3, pip packages, WinFsp
    Win->>Win: configure VirtIO-FS (Z:\\), deploy scripts, register scheduled task
    Win->>Win: disable UAC, Update, screensaver, configure auto-login
    Win->>S2: shutdown /s (signals Stage 2 complete, SSH exits 255)
    S2->>CLI: QEMU exits
    CLI->>CLI: kill swtpm, clean up work_dir
    CLI->>User: Golden image ready!

Loading

_{Reviews (2): Last reviewed commit: "fix: address PR review feedback — OVMF_V..." | Re-trigger Greptile}

[Eito-Test-Account]

@greptileai

[Eito-Test-Account]

@greptileai