A vX.Y tag may point at a commit behind the main tip; --depth=1 only fetched
the tip, so git checkout of the tag commit failed (unable to read tree).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Extract the relevant CHANGELOG.md section as the release body instead of the
static "Auto-built from SHA": on a vX.Y tag take that version's section, else
the latest released version section.
- Publish step is now tag-aware: a vX.Y tag push builds, signs and publishes a
named non-prerelease (keeping the git tag); main/dispatch keep the rolling
'latest' prerelease. Body built with jq for safe escaping.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- CHANGELOG.md: switch to Keep a Changelog versioning ([Unreleased], [0.7], [0.6]).
- web/changelog/: new page that fetches CHANGELOG.md from Forgejo (raw API via the
/forgejo-api proxy) and renders it - single source of truth.
- Add Changelog to the nav on landing, navod and spec pages.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Bring the in-repo spec and Claude guide up to date: winget --source winget,
Network Discovery resource string, CZ+US keyboard, Atera under SYSTEM (no MFA),
Windows Update log formatting, Explorer AUMID pin, AccentPalette / all-profile
theme, BackInfo background color, and Azure Trusted Signing in CI.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- 04 profile: write AccentPalette (REG_BINARY, 8 shades derived from #223B47)
alongside AccentColor/AccentColorMenu. Without AccentPalette, Win11 ignores
the custom accent on Start/taskbar and falls back to the default - the cause
of "colors not applied everywhere". Also mirror the full theme + accent into
HKU\.DEFAULT (lock/welcome screen, system context) on top of the Default hive
and current user, so all profiles match. Mode stays Custom (dark system,
light apps); ColorPrevalence on for Start/taskbar and title bars/borders.
- BackInfo.ini: BackgroundColor 4668194 -> 2243399. BackInfo reads the value as
0xRRGGBB (RGB), not COLORREF/BGR, so #223B47 = 0x223B47 = 2243399; the BGR
value rendered with red/blue swapped.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- spec: Atera row now SYSTEM + /qn + no MFA; taskbar row notes Explorer is
pinned via AUMID to avoid the duplicate-instance / unpinnable bug.
- descriptions.json: update 02 Atera item and 04 taskbar item accordingly.
- navod: drop the obsolete "confirm Atera MFA" warning - it installs silently
under SYSTEM now.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- 04 profile: pin File Explorer via its AppUserModelID
(DesktopApplicationID="Microsoft.Windows.Explorer") instead of a hand-made
File Explorer.lnk to explorer.exe. The custom shortcut pinned as a separate
app - clicking it launched a second Explorer that did not group with the
running window, and the icon could not be unpinned normally. Stop creating
that .lnk.
- 02 software: install the Atera MSI under NT AUTHORITY\SYSTEM via a one-shot
scheduled task (msiexec /qn), then remove the task. Under SYSTEM the agent
registers silently with no interactive MFA window, so no technician input is
needed. MSI staged in C:\Windows\Temp (readable by SYSTEM).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The web docroot is mounted read-only; mount web/data read-write so the
release workflow's deploy.json refresh can write into the nginx container.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
docker_host auto-mount did not expose the socket on runner 6.3.1; mount it
explicitly so the deploy.json step's docker exec works.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Set container.docker_host to "" (auto-detect) instead of "-" so workflow
steps can reach the docker daemon - fixes the "Update deploy.json" step
that does `docker exec xetup-web`.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The step uses `docker exec xetup-web`, which needs the docker socket in the
job container (runner container.docker_host is "-", so it is absent). It runs
after the signed release is published and only refreshes a cosmetic "last
build" indicator, so its failure must not fail the build.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Lets the release workflow be re-run on demand (e.g. after rotating the
Trusted Signing secret) in addition to push-triggered builds.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- spec: document --source winget (msstore cert bypass), Atera service
detection, UCPD stop -> WARN on Win11 24H2, CZ+US keyboard layout,
Network Discovery resource string, clean Windows Update log output, and
the Trusted Signing step in the architecture section.
- descriptions.json: update 02-software (winget source, Atera) and
10-network (Network Discovery resource string); add the keyboard layout
item to 04-default-profile.
- navod + index: note that xetup.exe is now digitally signed (publisher
X9.cz s.r.o.), so SmartScreen/UAC show a verified publisher.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add a signing step after the build that authenticates the Entra service
principal (client_credentials), fetches a Trusted Signing access token, and
signs xetup.exe with jsign using the X9.cz s.r.o. certificate profile plus an
RFC3161 timestamp (timestamp.acs.microsoft.com). jsign is pinned by version
and sha256. Trusted Signing certs are short-lived (~3 days); the timestamp
keeps the signature valid past expiry, so timestamping must succeed and the
step fails hard otherwise.
Only AZURE_CLIENT_SECRET needs to be set as a Forgejo Actions secret; the
non-secret identifiers are inlined in the workflow.
gitignore the local manual-signing helpers (sign*.sh) and the *.unsigned
build backup.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- 02/11 winget: add --source winget to every install; fresh Win11 ISOs
ship an App Installer with a stale pinned cert, so the msstore source
fails with 0x8a15005e and aborts the install. Forcing the winget source
bypasses msstore entirely.
- 10 network: enable Network Discovery by -Group "@FirewallAPI.dll,-32752"
(resource string) instead of -DisplayGroup "Network Discovery", which is
localized and failed on Czech Windows.
- 04 profile: set keyboard layout CZ primary + US secondary via
Set-WinUserLanguageList (current user) and Preload in the Default hive
and HKU\.DEFAULT (welcome screen / system accounts). Always applied.
- 02 software: verify Atera via the AteraAgent service (Get-Service) with a
path fallback incl. C:\ProgramData, since Atera no longer installs to a
fixed location.
- 12 windows-update: format Install-WindowsUpdate output via $_.Result/$_.Title
instead of logging the raw object (was spamming "System.__ComObject").
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Add download link + curl workaround for antivirus blocking
- Note that curl only downloads, xetup + Enter needed to run
- Split preflight checks into separate section with details
- Explain Product Key priority (OA3 > GVLK) and when to fill in
- Document config load/save buttons for per-client presets
- Add adminx9 account explanation (autologon for reboot cycle)
- Warn about Atera MFA popup during SW install
- Note that partial failures don't stop deployment - check summary
- Add troubleshooting section: Deploy.log path + local report.html
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Reflect all changes from d30767e in web documentation:
- Atera /qn -> /qb for MFA window support
- EditionID-based GVLK matching instead of OS caption
- New architecture rows: watchdog, reboot loop protection,
atomic state, email retry, hive unload retry, resume fix
- Corrected Windows Update reboot cycle description (exit 9)
- Winget parallel job timeout documentation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Critical fixes:
- Fix resume mode: StepsByIDs returned Enabled=false, all resume steps
would be SKIPPED (deployment could never resume after reboot)
- Add reboot loop protection: per-step retry counter (max 5) prevents
infinite reboot cycles when a step always exits with code 9
- Block reboot when state.Save() fails in resumePhase (prevents state
loss leading to full restart from scratch)
- Atomic state file write (write-to-tmp + rename) prevents JSON
corruption on BSOD/power loss mid-write
- Script watchdog: kills scripts after 30 min of no output (resets on
each line, so active long-running scripts are never killed)
- Fix copyFile: check Close() error explicitly instead of deferred
close that silently drops flush errors (e.g. disk full)
High severity:
- Cleanup() now logs errors instead of silently ignoring them
- Email report: 3 retries with backoff + always saves C:\X9\report.html
- Winget parallel jobs: 10 min timeout, kill hung jobs
- UCPD stop verification: 2s wait + state check before PDF association
- Atera installer: /qn -> /qb so MFA window can appear
- GVLK activation: match by EditionID (registry, not localized) instead
of fragile OS caption string matching
Medium severity:
- Default profile hive unload: retry loop (5 attempts, increasing delay)
- LayoutModification.xml: UTF-8 without BOM (PS 5.1 Set-Content adds BOM)
- Set-Reg SYSTEM task: try/finally ensures temp file + task cleanup
- Windows Update: @($available).Count for PS 5.1 single-result edge case
- config.json: add missing kmsServer field in activation section
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds docker-cli to build container (docker socket passed through by runner)
and writes sha + timestamp to xetup-web container after successful release.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Background jobs do not reliably inherit PATH from the parent session,
causing winget calls to fail silently. Now the resolved executable path
is passed explicitly as an argument into each Start-Job scriptblock.
Also treats exit code 3010 (success + reboot required) as OK.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Main page: add short intro paragraph describing what xetup does.
Spec page:
- Remove steps 05 (personalization) and 06 (scheduled-tasks) - both
scripts were deleted/merged into step 04
- Merge personalization items into step 04 card, retitle to
"Default Profile + Personalizace"
- Fix taskbar note: reference to krok 06 replaced with correct info
- Fix arch build command: add CGO_ENABLED=1, CC=mingw, -s -w flags
- Bump version to 0.5, date to 2026-04-17
- Remove step-05 and step-06 from JS STEP_SCRIPT mapping
descriptions.json:
- Update atera-agent-install: reflect download approach + MFA window
- Remove stale 05-personalization and 06-scheduled-tasks entries
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
MSI downloads fine via Invoke-WebRequest; MFA is an interactive window
shown by the installer itself during registration - accepted as normal
workflow. Bundled approach removed: assets/Atera/ dropped, no binary
maintenance needed.
Also closes CLAUDE.md open questions #2 (MFA resolved) and #3 (--resume
already removed from prereboot task).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Atera agent: download URL requires MFA in browser session, so
Invoke-WebRequest gets HTML instead of MSI. Changed to bundled
MSI from assets/Atera/ - download once from dashboard, no network
dependency. Graceful skip with log message when MSI not present.
Removed unused --resume argument from X9-Resume scheduled task
registration. Resume is detected via state file, not CLI flag.
CI pipeline: added mingw-w64-gcc and CGO_ENABLED=1 for Walk
cross-compilation (required since Walk migration from Fyne).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Both files were significantly outdated - referencing deleted scripts
(Deploy-Windows.ps1, 05-personalization, 06-scheduled-tasks,
07-desktop-info), wrong step ordering, completed TODOs listed as
planned, and missing new features (email report, pre-flight checks,
parallel winget, common.ps1).
Rewritten from scratch based on actual current code state.
No historical cruft, no "planned changes" that are already done.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Email report: HTML summary sent via SMTP2Go (mail-eu.smtp2go.com)
at the end of every deployment. Subject "xetup report HOSTNAME",
body contains per-step status table with timestamps. Non-blocking
(goroutine) so it doesn't delay the summary screen.
Pre-flight checks: admin rights, winget availability, network
connectivity (DNS resolve), and disk space verified before the
config form. Results shown as colored status lines at the top
of the GUI - red warnings tell the technician what's wrong
before starting a 30-minute deployment.
Parallel winget: 02-software.ps1 now launches all winget installs
as background jobs (Start-Job) and waits for all to complete.
7-Zip, Acrobat, OpenVPN run simultaneously instead of sequentially,
saving 3-5 minutes per deployment.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Root cause fix: runner.go passed config as unevaluated PS expression
via -File mode - scripts received a literal string instead of parsed
object. Changed to -ConfigPath; scripts load JSON themselves via
shared common.ps1 (Write-Log, Get-Feature, Load-Config).
GUI now regenerates runtime config before run so user selections
actually reach the scripts.
Merged 04-default-profile + 05-personalization into single script
(one hive load/unload, no Explorer restart, no hive contention).
Deleted Deploy-Windows.ps1 (xetup.exe is sole entry point),
06-scheduled-tasks.ps1 (tasks caused more harm than good),
07-desktop-info.ps1 (replaced by BackInfo long ago).
Step ordering: activation moved early, pcIdentity before WU
(exit 9 on rename only when rename actually happened).
Edge policies split into mandatory (telemetry, first-run) vs
recommended (UI preferences user can override).
Atera install uses Start-Process -Wait instead of fragile sleep.
Updated config.json, tests, DefaultConfig to match current state.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add all Claude Code session JSONL files to .claude/sessions/ for
full conversation history archival. Ignore scheduled_tasks.lock and
web/data/deploy.json as runtime/CI-generated artifacts.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
xetup.exe now acts as an orchestrator across system reboots:
- PS scripts exit 9 to signal "reboot needed, re-run me" (WU) or
"done but reboot needed to finalize" (Dell BIOS)
- On exit 9: xetup saves state.json, ensures adminx9 account,
copies itself to stable path, enables autologon, registers
X9-Resume scheduled task (AtLogOn adminx9, RunLevel Highest)
- On resume: loads pending steps from state, continues seamlessly
with "Pokracuji po restartu..." label in the run window
- On completion: disables autologon, removes X9-Resume task,
deletes state file, shows summary with accumulated results
across all reboot rounds
New packages: internal/state, internal/prereboot
Script 12: simplified to exit 0 (done) or exit 9 (reboot needed)
Script 11: exit 9 when DCU exit code 1 (BIOS staged, reboot needed)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When X9-WindowsUpdate finds no more updates:
- Creates "! WU HOTOVO yyyy-MM-dd HH:mm.txt" on C:\Users\Public\Desktop
- Locks the workstation via one-shot task running as adminx9
(login screen = unambiguous visual signal for the operator)
- One-shot lock task self-deletes after 5 minutes
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
04-default-profile: Create File Explorer.lnk (and PowerShell.lnk for
admin profile) in C:\Users\Default\AppData\Roaming\...\Start Menu
before writing LayoutModification.xml. On a clean Windows 11 install
the System Tools folder is often missing from the Default profile,
which causes the taskbar pin to be silently skipped.
12-windows-update: Enable temporary autologon for adminx9 so the
machine logs in automatically after each update reboot without
operator intervention. AutoLogonCount=10 as safety cap.
Autologon is disabled (and DefaultPassword removed) by the
scheduled task when no more updates are found.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
BackInfo.ini:
- AutoBackground=0: don't read live desktop color during deployment;
Windows hasn't propagated the registry background color to the
live session yet, so AutoBackground reads black
- BackgroundColor=4668194: explicit COLORREF for #223B47
(was 2097152 = 0x200000 = RGB(0,0,32), near-black)
05-personalization.ps1:
- Add Explorer\Accent\AccentColorMenu = 0xFF473B22
- Add Explorer\Accent\StartColorMenu = 0xFF473B22
Windows taskbar reads AccentColorMenu for its color when
ColorPrevalence=1; DWM\AccentColor only controls title bars.
Without these keys the taskbar shows Windows default blue
(RGB 130, 232, 253 = Windows 11 "Steel" default accent).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
heal.sh now:
1. git fetch + reset --hard origin/main when remote is ahead
2. writes web/data/deploy.json (sha + timestamp) after each pull
3. nginx reload if web/ files changed
4. falls back to writing deploy.json on first run if missing
spec/index.html shows deployed commit SHA + timestamp in footer.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Steps pcIdentity and network had swapped Num+ScriptName values
and were listed after 11/12 instead of before them.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- 04-default-profile: default profile now pins Explorer+Edge (was empty),
preventing MS Store and other defaults from appearing in taskbar
- 03-system-registry: disable Edge new tab page quick links, background,
content feed (NewTabPageQuickLinksEnabled/BackgroundEnabled/AllowedBackgroundTypes)
- 05-personalization: set Wallpaper="" in default hive so new user accounts
get solid-color background instead of black fallback
- runner: add onStepStart callback, fires before each script launch
- gui: step progress strip in run phase — color-coded labels per step
(pending gray · / running blue ► / ok green ✓ / error red ✗ / skipped gray –)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
HKCR: is not available by default in PS sessions - must be explicitly
mounted via New-PSDrive before any registry operations on it.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Walk uses Win32 controls directly — works on VMware ESXi, Hyper-V and any VM
without GPU. No CGo, no MinGW needed.
- internal/gui/gui.go: 3-phase Walk declarative GUI (form → live run → summary)
- cmd/xetup/app.manifest: UAC requireAdministrator + ComCtl32 v6 + DPI awareness
- CI: remove MinGW, add rsrc generation step, simplified build
