v1.58.6.0 fix: fallback execution via bun run on Windows Smart App Control#2127
Open
salluexez wants to merge 3 commits into
Open
v1.58.6.0 fix: fallback execution via bun run on Windows Smart App Control#2127salluexez wants to merge 3 commits into
salluexez wants to merge 3 commits into
Conversation
|
Merging to
After your PR is submitted to the merge queue, this comment will be automatically updated with its status. If the PR fails, failure details will also be posted here |
There was a problem hiding this comment.
Pull request overview
Addresses Windows 11 Smart App Control (SAC) blocking Bun-produced unsigned tool executables by updating resolver discovery to prefer .exe on Windows and adding runtime validation with automatic fallback to running the TypeScript CLIs via bun run.
Changes:
- Updated resolver generators (
scripts/resolvers/*) to prefer.exeon Windows and to fall back tobun run <tool>/src/cli.tswhen the compiled binary can’t execute. - Regenerated multiple
SKILL.mdfiles to include the new setup/validation logic. - Bumped version and updated user-facing documentation (README/CLAUDE/CHANGELOG) to describe SAC behavior and troubleshooting.
Reviewed changes
Copilot reviewed 25 out of 26 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| VERSION | Bumps repo version to 1.58.6.0. |
| package.json | Bumps npm package version to 1.58.6.0. |
| CHANGELOG.md | Adds 1.58.6.0 release notes describing SAC fallback behavior. |
| README.md | Documents Windows SAC behavior and Bun fallback in the Windows note. |
| CLAUDE.md | Adds SAC + Git Bash troubleshooting and explains fallback mechanism. |
| browse/bin/find-browse | Updates Windows discovery to include .exe resolution (plus shim delegation). |
| scripts/resolvers/browse.ts | Generates updated browse setup block (prefer .exe, validate, Bun fallback). |
| scripts/resolvers/design.ts | Generates updated design + embedded browse setup blocks with fallback. |
| scripts/resolvers/make-pdf.ts | Generates updated make-pdf setup block (prefer .exe, validate, Bun fallback). |
| browse/SKILL.md | Regenerated setup block to prefer .exe and fall back to bun run when blocked. |
| make-pdf/SKILL.md | Regenerated setup block to prefer .exe and fall back to bun run when blocked. |
| benchmark/SKILL.md | Regenerated browse resolver setup block with .exe preference and Bun fallback. |
| canary/SKILL.md | Regenerated browse resolver setup block with .exe preference and Bun fallback. |
| devex-review/SKILL.md | Regenerated browse resolver setup block with .exe preference and Bun fallback. |
| design-consultation/SKILL.md | Regenerated browse/design resolver setup blocks with .exe preference and Bun fallback. |
| design-html/SKILL.md | Regenerated browse/design resolver setup blocks with .exe preference and Bun fallback. |
| design-review/SKILL.md | Regenerated browse/design resolver setup blocks with .exe preference and Bun fallback. |
| design-shotgun/SKILL.md | Regenerated browse/design resolver setup blocks with .exe preference and Bun fallback. |
| land-and-deploy/SKILL.md | Regenerated browse resolver setup block with .exe preference and Bun fallback. |
| office-hours/SKILL.md | Regenerated browse resolver setup block with .exe preference and Bun fallback. |
| open-gstack-browser/SKILL.md | Regenerated browse resolver setup block with .exe preference and Bun fallback. |
| pair-agent/SKILL.md | Regenerated browse resolver setup block with .exe preference and Bun fallback. |
| plan-design-review/SKILL.md | Regenerated browse/design resolver setup blocks with .exe preference and Bun fallback. |
| qa/SKILL.md | Regenerated browse resolver setup block with .exe preference and Bun fallback. |
| qa-only/SKILL.md | Regenerated browse resolver setup block with .exe preference and Bun fallback. |
| setup-browser-cookies/SKILL.md | Regenerated browse resolver setup block with .exe preference and Bun fallback. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+122
to
+126
| if command -v bun >/dev/null 2>&1 && [ -f "\$_ROOT/${ctx.paths.localSkillRoot}/browse/src/cli.ts" ]; then | ||
| B="bun run \$_ROOT/${ctx.paths.localSkillRoot}/browse/src/cli.ts" | ||
| B_OK=1 | ||
| elif command -v bun >/dev/null 2>&1 && [ -f "\$HOME${ctx.paths.browseDir.replace(/^~/, '').replace(/\/dist$/, '/src')}/cli.ts" ]; then | ||
| B="bun run \$HOME${ctx.paths.browseDir.replace(/^~/, '').replace(/\/dist$/, '/src')}/cli.ts" |
Comment on lines
+808
to
+812
| if command -v bun >/dev/null 2>&1 && [ -f "\$_ROOT/${ctx.paths.localSkillRoot}/design/src/cli.ts" ]; then | ||
| D="bun run \$_ROOT/${ctx.paths.localSkillRoot}/design/src/cli.ts" | ||
| D_OK=1 | ||
| elif command -v bun >/dev/null 2>&1 && [ -f "\$HOME${ctx.paths.designDir.replace(/^~/, '').replace(/\/dist$/, '/src')}/cli.ts" ]; then | ||
| D="bun run \$HOME${ctx.paths.designDir.replace(/^~/, '').replace(/\/dist$/, '/src')}/cli.ts" |
Comment on lines
+36
to
+40
| if command -v bun >/dev/null 2>&1 && [ -f "\$_ROOT/${ctx.paths.localSkillRoot}/make-pdf/src/cli.ts" ]; then | ||
| P="bun run \$_ROOT/${ctx.paths.localSkillRoot}/make-pdf/src/cli.ts" | ||
| P_OK=1 | ||
| elif command -v bun >/dev/null 2>&1 && [ -f "\$HOME${ctx.paths.makePdfDir.replace(/^~/, '').replace(/\/dist$/, '/src')}/cli.ts" ]; then | ||
| P="bun run \$HOME${ctx.paths.makePdfDir.replace(/^~/, '').replace(/\/dist$/, '/src')}/cli.ts" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR fixes a Windows 11 Smart App Control (SAC) compatibility issue where the bundled unsigned executables (
browse.exe,design.exe, andpdf.exe) may be blocked from running.The fix preserves the existing workflow while providing a safe fallback when Windows prevents execution:
.exebinaries during Windows executable discovery.bun run <tool>/src/cli.ts) when execution is blocked by Smart App Control.README.mdandCLAUDE.md.This solution does not bypass Windows security features. Instead, it uses the code-signed Bun runtime to execute the TypeScript sources when bundled binaries cannot be launched.
Changes
Binary Discovery
browse/bin/find-browseto prioritize.exeexecutables on Windows.Runtime Fallback
Added runtime validation to the generated setup blocks for:
browsedesignmake-pdfIf the bundled executable cannot be launched (for example, when blocked by Windows Smart App Control), the resolver automatically falls back to:
This ensures the tools remain functional without requiring users to disable Windows security features.
Documentation
Updated:
README.mdCLAUDE.mdwith Smart App Control troubleshooting and fallback behavior.
Testing
Automated Verification
434/434)SKILL.mdfiles verifiedCurrent Coverage
Covered
Remaining Test Gaps
The following Windows-specific scenarios are not currently covered by automated tests:
.exediscovery on WindowsThese scenarios require Windows-specific behavior that is difficult to reproduce reliably in the existing cross-platform test environment.
Backward Compatibility
This change is fully backward compatible.
Test Plan
434/434)SKILL.mdfiles verified