Skip to content

fix(windows): stop console window flashes during scheduled scans#104

Merged
ashishkurmi merged 1 commit into
step-security:mainfrom
ashishkurmi:swarit/fix/windows
May 22, 2026
Merged

fix(windows): stop console window flashes during scheduled scans#104
ashishkurmi merged 1 commit into
step-security:mainfrom
ashishkurmi:swarit/fix/windows

Conversation

@ashishkurmi
Copy link
Copy Markdown
Member

@ashishkurmi ashishkurmi commented May 22, 2026

The schtasks /create action used to invoke the agent via a cmd /c wrapper, which produced a visible cmd.exe flash on every scheduled fire. This change:

  • Drops the cmd /c wrapper; the task now invokes the agent (or the GUI-subsystem launcher) directly, with --install-dir / filelog handling moved into the binary.
  • Adds cmd/stepsecurity-dev-machine-guard-task — a small GUI-subsystem launcher .exe used by the MSI install layout so Windows does not allocate a console for the scheduled task.
  • Adds internal/winproc to suppress subprocess console flashes via CREATE_NO_WINDOW for child processes spawned by the agent.
  • Wires the launcher binary into the MSI WiX manifest, .goreleaser config, Makefile, and the msi-smoke / release workflows.
  • Adds Windows-side test coverage for schtasks, winproc, and the IDE detector.

What does this PR do?

Type of change

  • Bug fix
  • Enhancement
  • Documentation

Testing

  • Tested on macOS (version: ___)
  • Binary runs without errors: ./stepsecurity-dev-machine-guard --verbose
  • JSON output is valid: ./stepsecurity-dev-machine-guard --json | python3 -m json.tool
  • No secrets or credentials included
  • Lint passes: make lint
  • Tests pass: make test

Related Issues

@swarit-stepsecurity @ashishkurmi
fix(windows): stop console window flashes during scheduled scans
94624db 
The schtasks /create action used to invoke the agent via a cmd /c
wrapper, which produced a visible cmd.exe flash on every scheduled
fire. This change:

- Drops the cmd /c wrapper; the task now invokes the agent (or the
  GUI-subsystem launcher) directly, with --install-dir / filelog
  handling moved into the binary.
- Adds cmd/stepsecurity-dev-machine-guard-task — a small
  GUI-subsystem launcher .exe used by the MSI install layout so
  Windows does not allocate a console for the scheduled task.
- Adds internal/winproc to suppress subprocess console flashes via
  CREATE_NO_WINDOW for child processes spawned by the agent.
- Wires the launcher binary into the MSI WiX manifest, .goreleaser
  config, Makefile, and the msi-smoke / release workflows.
- Adds Windows-side test coverage for schtasks, winproc, and the IDE
  detector.
@ashishkurmi ashishkurmi merged commit 85f35b8 into step-security:main May 22, 2026
11 checks passed
@ashishkurmi ashishkurmi mentioned this pull request May 22, 2026
Closed
9 tasks
@swarit-stepsecurity swarit-stepsecurity mentioned this pull request May 23, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@varunsh-coder varunsh-coder varunsh-coder approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ashishkurmi @varunsh-coder @swarit-stepsecurity