feat(mdm): migrate script to go module#10
Merged
ashishkurmi merged 3 commits intostep-security:mainfrom Apr 3, 2026
Merged
Conversation
shubham-stepsecurity
force-pushed
the
sm/feat/migrate
branch
5 times, most recently
from
58c58e5 to
79f1277
Compare
shubham-stepsecurity
force-pushed
the
sm/feat/migrate
branch
from
79f1277 to
51fcbb0
Compare
ashishkurmi
reviewed
Apr 3, 2026
There was a problem hiding this comment.
Pull request overview
This PR migrates Dev Machine Guard from a shell script-based implementation toward a Go module + compiled binary, adding a Go build/test/lint/smoke workflow and updating release automation and documentation to reflect the new distribution model.
Changes:
- Introduces a Go CLI binary (
stepsecurity-dev-machine-guard) with community scan output (pretty/JSON/HTML) and enterprise telemetry mode. - Adds Go CI (lint/test/smoke), a Makefile build/test entrypoints, and GoReleaser-based release artifacts/signing.
- Updates README and examples to reflect binary installation and expanded CLI/configuration behavior.
Reviewed changes
Copilot reviewed 47 out of 48 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/test_smoke_go.sh | Adds smoke tests targeting the Go binary CLI behaviors and outputs |
| README.md | Updates installation, usage, configuration, and docs for the Go binary |
| Makefile | Adds build/test/lint/smoke targets for the Go module |
| internal/telemetry/telemetry.go | Implements enterprise telemetry collection + upload workflow |
| internal/telemetry/logcapture.go | Adds stderr capture for execution logs included in telemetry payload |
| internal/scan/scanner.go | Implements community-mode scan orchestration and output dispatch |
| internal/progress/progress.go | Adds progress logger and spinner behavior (quiet/verbose modes) |
| internal/output/pretty.go | Implements pretty terminal output formatter |
| internal/output/pretty_test.go | Adds unit tests for pretty output formatter |
| internal/output/json.go | Implements JSON output formatter |
| internal/output/json_test.go | Adds unit tests for JSON output formatter |
| internal/output/html.go | Implements self-contained HTML report generation |
| internal/output/html_test.go | Adds unit tests for HTML report generation |
| internal/model/model.go | Defines shared data model for scan results and telemetry structs |
| internal/lock/lock.go | Adds instance locking mechanism for scans/telemetry |
| internal/launchd/launchd.go | Adds launchd install/uninstall for scheduled enterprise scans |
| internal/executor/mock.go | Adds mock executor for unit tests |
| internal/executor/executor.go | Adds executor abstraction for OS interactions |
| internal/device/device.go | Adds device info collection (hostname/serial/os/user identity) |
| internal/device/device_test.go | Adds unit tests for device info collection |
| internal/detector/nodescan.go | Adds enterprise Node.js scanning with raw output capture/limits |
| internal/detector/nodeproject.go | Adds Node project discovery/counting + PM detection |
| internal/detector/nodepm.go | Adds Node package manager detection |
| internal/detector/nodepm_test.go | Adds tests for Node PM detection and PM inference |
| internal/detector/mcp.go | Adds MCP config detection and enterprise filtering/base64 encoding |
| internal/detector/mcp_test.go | Adds tests for MCP detection and filtering helpers |
| internal/detector/ide.go | Adds IDE/desktop app installation detection |
| internal/detector/ide_test.go | Adds tests for IDE detection |
| internal/detector/framework.go | Adds AI framework/runtime detection (incl. running-state checks) |
| internal/detector/framework_test.go | Adds tests for framework detection |
| internal/detector/extension.go | Adds IDE extension inventory collection |
| internal/detector/extension_test.go | Adds tests for extension dir parsing |
| internal/detector/aicli.go | Adds AI CLI tool detection |
| internal/detector/aicli_test.go | Adds tests for AI CLI tool detection |
| internal/detector/agent.go | Adds general-purpose AI agent detection (incl. Claude Cowork) |
| internal/detector/agent_test.go | Adds tests for agent detection and version gating |
| internal/config/config.go | Adds persisted config file support and interactive configuration |
| internal/config/config_test.go | Adds tests for config helpers/serialization and enterprise detection |
| internal/cli/cli.go | Adds CLI parsing for commands, output modes, and flags |
| internal/cli/cli_test.go | Adds CLI parsing tests |
| internal/buildinfo/version.go | Adds build/version metadata and build-time ldflags variables |
| go.mod | Introduces Go module definition and Go toolchain version |
| examples/sample-output.json | Updates sample output version field |
| cmd/stepsecurity-dev-machine-guard/main.go | Adds the binary entrypoint wiring CLI/config/scan/telemetry |
| .goreleaser.yml | Adds GoReleaser configuration for binary release artifacts |
| .gitignore | Ignores Go build artifacts and dist output |
| .github/workflows/release.yml | Updates release process to GoReleaser + signing + provenance |
| .github/workflows/go.yml | Adds Go CI workflow (lint/test/smoke) |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ashishkurmi
reviewed
Apr 3, 2026
shubham-stepsecurity
force-pushed
the
sm/feat/migrate
branch
from
84cf2c2 to
d96ec13
Compare
ashishkurmi
approved these changes
Apr 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Update machine guard to use Go binaries for MDM analysis
Type of change
Testing
./stepsecurity-dev-machine-guard.sh --verbose./stepsecurity-dev-machine-guard.sh --json | python3 -m json.toolRelated Issues