feat(windows): prepare packaging, signing, and release workflow for the current Windows native subset by oscarmackjr-twg · Pull Request #555 · nolabs-ai/nono

oscarmackjr-twg · 2026-04-01T01:08:22Z

Summary

This PR prepares Windows for a more credible release path around the native subset we already support.

It adds the packaging, signing, validation, and documentation work needed to ship that subset more cleanly and consistently.

This PR does not say that Windows is now at full feature parity with macOS. It is a release-readiness step for the Windows-native functionality that already exists today.

What This PR Adds

Clear installer strategy

This PR defines the Windows artifact strategy we actually support:

machine MSI
user MSI
zip

It also makes the upgrade story explicit:

machine MSI upgrades machine MSI
user MSI upgrades user MSI
zip installs are replaced manually by the operator

Unsupported migration paths are intentionally left out rather than implied.

Signing support in the release workflow

This PR adds the Windows signing path needed for release automation:

a PowerShell signing helper
release workflow steps for Windows signing
explicit failure if required signing inputs are missing

That means the release process now has a real place for Windows code signing, instead of treating it as an external manual afterthought.

MSI contract validation

This PR adds in-repo checks for the Windows installer contract we claim to support.

That includes:

user vs machine scope
stable upgrade behavior by scope
correct install locations
explicit MajorUpgrade
modify/repair intentionally disabled

This helps make installer behavior predictable and reviewable.

Better release and validation support

This PR also adds Windows-focused release-readiness support:

a Windows-native test harness
clearer RC validation guidance
updated docs so packaging and release behavior match the actual implementation

What This PR Means

This PR makes the current Windows-native subset more shippable.

It improves the operational side of Windows support:

how we package it
how we sign it
how we validate it
how we describe it

It does not mean Windows is now a full parity platform.

What Is Still Not at macOS Parity

Windows still has known gaps compared with macOS, including:

broader filesystem parity
richer network policy parity beyond the current supported subset
runtime trust interception
delegated open flows
shell is still unsupported on Windows
wrap is still unsupported on Windows
final promotion to first-class fully supported platform status

So the right way to read this PR is:

Windows release-readiness and packaging/signing work for the current native subset, not the full Windows alpha parity release.

Validation

Ran on Windows:

cargo fmt --all
cargo clippy --workspace --all-targets -- -D warnings -D clippy::unwrap_used
.\scripts\validate-windows-msi-contract.ps1 -BinaryPath .\target\debug\nono.exe
cargo test -p nono support_info_reports_consistent_partial_status -- --nocapture
cargo test -p nono-cli windows_setup_check_only_reports_live_profile_subset -- --nocapture
cargo test -p nono-cli windows_run_live_default_profile_executes_command -- --nocapture
cargo test -p nono-cli windows_run_live_codex_profile_fails_intentionally_with_backend_reason -- --nocapture

Notes for Review

This PR builds on the existing Windows native implementation branch, because the packaging/signing work only makes sense on top of that Windows base.
Service packaging is documented as a future or optional path, not as the default MSI behavior we ship today.
Promotion criteria are still future-state gates, not something this PR claims to complete.

Scope

This PR is intentionally focused on release-readiness for the current Windows-native subset.

It is not the final Windows alpha parity milestone.

gemini-code-assist

Code Review

This pull request introduces initial native support for Windows, implementing a preview subset that includes setup, dry-run validation, and direct execution with process containment and blocked-network enforcement. Key additions include a Windows Filtering Platform (WFP) backend service placeholder, supervisor IPC via named pipes, and handle brokering for resource transfer. Feedback identifies critical compilation errors due to the use of a non-existent GUID::from_u128 method in the windows-sys crate. Other recommendations include limiting stdin reading in the WFP service to prevent memory exhaustion, improving the idempotency of the setup runner, and adopting more idiomatic duplex named pipes for IPC. Security feedback also noted that the current string-based argument validation should be replaced by a more robust boundary for the full port.

oscarmackjr-twg · 2026-04-02T03:25:38Z

Current branch state since the last review pass:

support-messaging contract is now pinned by Windows integration tests
the host-sensitive runtime-root test was stabilized so hosts that cannot prepare a managed low-integrity runtime root skip
that assertion instead of failing the suite spuriously
the WIN-1706 maintainer package now includes both post-decision paths, concrete execution checklists, design impact, and a note that full CI is configured in ci.yml, but is not attaching to this fork PR head beyond DCO + Conventional Commit Title

Squash of the Windows Epic milestone (phases 1–8) onto v0.30.1 baseline. All commits authored by oscarmackjr-twg unless otherwise noted. ## What this adds **Core sandbox (crates/nono/src/sandbox/windows.rs)** - WindowsFilesystemPolicy / WindowsFilesystemRule with exact-file grants, write-only directory rules, Windows-aware path comparison, and policy-preprocessed override_deny **Execution strategy (crates/nono-cli/src/exec_strategy_windows/)** - Job Object + WFP sandbox supervisor (mod.rs, supervisor.rs) - ConPTY-based interactive shell with resize/Ctrl-C forwarding (launch.rs) - WFP network backend for blocked-network enforcement (network.rs) - Restricted token support (restricted_token.rs) **Windows-specific CLI modules** - pty_proxy_windows.rs: ConPTY proxy for shell sessions - session_commands_windows.rs: attach/detach/list for Windows agents - terminal_approval_windows.rs: approval prompts over ConPTY - trust_intercept_windows.rs: trust intercept shim - open_url_runtime_windows.rs: Windows URL opener - windows_wfp_contract.rs: WFP policy contract types - startup_runtime.rs: Windows startup/detach runtime **IPC and supervisor (crates/nono/src/supervisor/socket_windows.rs)** - Named-pipe IPC for supervisor ↔ child communication **Packaging and release** - scripts/build-windows-msi.ps1: MSI packaging via WiX v4 - scripts/sign-windows-artifacts.ps1: Authenticode signing - scripts/validate-windows-msi-contract.ps1: upgrade contract validation - .github/workflows/ci.yml: Windows CI job (cross-compile + unit tests) - .github/workflows/release.yml: Windows artifact upload to releases **Documentation (docs/cli/development/windows-*.mdx)** - Security model, network enforcement, supervisor IPC, signing guide, installer strategy, filesystem parity contract, feature gap matrix, preview pilot/validation, promotion criteria, release candidate checklist **Tests** - tests/integration/test_network_wfp.sh: WFP enforcement integration test - scripts/tests/test_windows_attach/detach.ps1: session attach/detach Signed-off-by: oscarmackjr-twg <oscar.mack.jr@gmail.com>

Squash of 212 commits on windows-squash that delivered Windows/Unix parity for everyday CLI usage, network policy, and developer tooling. Milestone: v2.0 Windows Gap Closure (tag `v2.0` on source branch). Shipped 2026-04-18. See .planning/milestones/v2.0-ROADMAP.md for the full 11-phase, 29-plan archive. Scope: - Phase 5: Windows detach readiness fix (WaitNamedPipeW readiness probe in run_detached_launch). - Phase 6: WFP enforcement activation — SID-based kernel filtering promoted to primary network backend; driver gate removed; duplicate activation path cleaned. - Phase 7: Quick wins — `nono wrap` (Direct strategy + Job Object + WFP) and `nono logs` / `nono inspect` / `nono prune` session commands on Windows. - Phase 8: Interactive `nono shell` via ConPTY (CreatePseudoConsole) inside Job Object + WFP sandbox on Windows 10 build 17763+. - Phase 9: Port-granular WFP policy (--allow-port with bind/connect independence) + proxy credential injection (--network-profile / --credential / --upstream-proxy). - Phase 10: `nono learn` on Windows via ETW (ferrisetw + Win32-format path conversion, file + network events, admin-gated). - Phase 11 (stretch): Runtime capability expansion over named pipe with constant-time token auth + interactive approval. - Phase 12: Milestone bookkeeping cleanup. - Phase 13: v2.0 human verification UAT — 10 items resolved to terminal verdicts (3 pass, 7 waived). - Phase 14: v2.0 fix pass (detached-console-grandchild partial fix + help-text correction + runbook flag repair). - Phase 15: Detached Console + ConPTY architecture investigation — direction-b closure of the v2.0 carry-forward (gated PTY-disable + null-token + AppID WFP on detached Windows path only). 5-row smoke gate pass; 4 Phase 13 UAT items promoted to pass. Also includes earlier upstream sync work (WSL2 feature matrix + security hardening, release 0.26.0-0.29.1 bookkeeping, keystore file:// URI support, macOS proxy NO_PROXY fix, other fork maintenance) that lived on the same branch. Security-critical notes: - Direction-b scoped waivers for detached Windows path: Low-IL isolation waived on detached path (Job Object + filesystem sandbox remain primary); per-session-SID WFP replaced by AppID WFP on detached path (still kernel-enforced; requires nono-wfp-service). Non-detached path keeps WRITE_RESTRICTED + session-SID + ConPTY unchanged. - WRITE_RESTRICTED narrows the restricting-SID access-check gate to writes only so DLL loads and console init aren't blocked. - All paths canonicalized at grant time; path-component comparison (not string starts_with) used throughout to prevent `/home-evil/...` style escapes. 191 files changed, +50,204 / -5,244. Supersedes pre-squash branches: - pr/windows-epic12-clean-v2 (PR nolabs-ai#555) - pr555/windows-epic12-clean-v3 (PR nolabs-ai#583) - win-101-windows-build-foundation (PR nolabs-ai#530) Signed-off-by: oscarmackjr-twg <oscar.mack.jr@gmail.com>

ofek · 2026-06-10T23:00:02Z

Hello there! Is there still an ongoing effort to support Windows natively?

mogul · 2026-06-15T20:41:31Z

Is there still an ongoing effort to support Windows natively?

I was just wondering this myself and found my way here... I really want to use nono as a lighter-weight and more usable alternative to Docker's sbx, but the missing Windows-native isolation is a blocker for my organization. The nono website says "OS Sandbox: Kernel isolation for Linux, macOS, and Windows":

"Windows" actually means "WSL2"; this is pretty misleading! But I think there's a path via LPAC etc to making that statement true, so I'd love to see this PR and related work proceed!🙏

github-actions Bot added the feature label Apr 1, 2026

gemini-code-assist Bot reviewed Apr 1, 2026

View reviewed changes

oscarmackjr-twg force-pushed the pr/windows-epic12-clean-v2 branch from ba7a76b to e820a1a Compare April 1, 2026 14:34

oscarmackjr-twg mentioned this pull request Apr 2, 2026

feat(windows): add native preview foundation #530

Closed

oscarmackjr-twg force-pushed the pr/windows-epic12-clean-v2 branch 5 times, most recently from af265f4 to 0372a48 Compare April 6, 2026 03:29

oscarmackjr-twg force-pushed the pr/windows-epic12-clean-v2 branch from fe0fa47 to 13f9ca3 Compare April 10, 2026 02:45

oscarmackjr-twg mentioned this pull request Apr 21, 2026

feat(windows): windows gap closure (v2.0 milestone) #725

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(windows): prepare packaging, signing, and release workflow for the current Windows native subset#555

feat(windows): prepare packaging, signing, and release workflow for the current Windows native subset#555
oscarmackjr-twg wants to merge 1 commit into
nolabs-ai:mainfrom
OscarMackJr:pr/windows-epic12-clean-v2

oscarmackjr-twg commented Apr 1, 2026

Uh oh!

gemini-code-assist Bot left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

oscarmackjr-twg commented Apr 2, 2026

Uh oh!

ofek commented Jun 10, 2026

Uh oh!

mogul commented Jun 15, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Uh oh!

Conversation

oscarmackjr-twg commented Apr 1, 2026

Summary

What This PR Adds

Clear installer strategy

Signing support in the release workflow

MSI contract validation

Better release and validation support

What This PR Means

What Is Still Not at macOS Parity

Validation

Notes for Review

Scope

Uh oh!

gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

oscarmackjr-twg commented Apr 2, 2026

Uh oh!

ofek commented Jun 10, 2026

Uh oh!

mogul commented Jun 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

mogul commented Jun 15, 2026 •

edited

Loading