Skip to content

[DRAFT][WIP] Feature/unigetui package broker#1797

Draft
Vladyslav Nikonov (vnikonov-devolutions) wants to merge 20 commits into
masterfrom
feature/unigetui-package-broker
Draft

[DRAFT][WIP] Feature/unigetui package broker#1797
Vladyslav Nikonov (vnikonov-devolutions) wants to merge 20 commits into
masterfrom
feature/unigetui-package-broker

Conversation

@vnikonov-devolutions

@vnikonov-devolutions Vladyslav Nikonov (vnikonov-devolutions) commented May 25, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Implements UniGetUI package broker (Also see UniGetUI WIP branch Devolutions/UniGetUI#4826)

This is still in early DRAFT, but can be compiled/tested for further development.

Implemented

  • Policy parsing (both json and yaml), evaluation, JSON scheme generation.
  • Dry-run executor
  • Windows executor/command builder for winget; needs refining but implements most of the functionality
  • Elevated/non elevated execution with user impersonation.
  • Made some updated to initial PoC schema - cleaned up, renamed and restructured some fields, added new request/response for polling operation status

Not implemented yet

  • HTTP API scheme generation
  • ACL-based security for pipes, signature check
  • Other managers except winget
  • Move Client nuget to gateway repo, keep schema in sync

Steps to run this branch:

  • Compile and replace DevolutionsAgent.exe from this branch.
  • Add new agent config fields:
  • "PackageBroker":{"Enabled":true, "PolicyPath": "C:/path/to/policy.json"}
  • Create empty UseAgentBroker file at %LOCALAPPDATA%/UniGetUI/Configuration (UniGetUI uses file-based config)
  • Start Agent
  • Start UniGetUI, test

@pacmancoder
feat(agent): add unigetui-broker crate for package policy evaluation
52ae8d8 
Implements the UniGetUI package broker protocol:
- Policy evaluation engine matching the spec in UniGetUI policies/
- WinGet command-line builder from validated request fields
- HTTP/1.1 server over named pipe transport (Windows)
- Dry-run executor for testing, real executor for production
- Standalone test binary for development without the full agent service

The broker validates requests against admin-authored policies before
constructing elevated package manager commands. It never executes
client-supplied command text directly.

Supported: WinGet install/update/uninstall operations.
Other managers return 'not supported' for now.
@pacmancoder
feat(agent): integrate unigetui-broker as managed agent task
cac5cf0
@pacmancoder
feat(agent): uniget ui broker refactoring
54153f9
@pacmancoder
feat(agent): fix uniget broker
bd2621f
@github-actions

github-actions Bot commented May 25, 2026

Copy link
Copy Markdown

Let maintainers know that an action is required on their side

  • Add the label release-required Please cut a new release (Devolutions Gateway, Devolutions Agent, Jetsocat, PowerShell module) when you request a maintainer to cut a new release (Devolutions Gateway, Devolutions Agent, Jetsocat, PowerShell module)

  • Add the label release-blocker Follow-up is required before cutting a new release if a follow-up is required before cutting a new release

  • Add the label publish-required Please publish libraries (`Devolutions.Gateway.Utils`, OpenAPI clients, etc) when you request a maintainer to publish libraries (Devolutions.Gateway.Utils, OpenAPI clients, etc.)

  • Add the label publish-blocker Follow-up is required before publishing libraries if a follow-up is required before publishing libraries

@pacmancoder
WIP refactoring
123b7fb
@pacmancoder
WIP refactoring round 2
abb1460
@pacmancoder
Refined model
79c2d84
@pacmancoder
Implemented new request to query installation status
f84069b
@pacmancoder
WIP: Fixed operation execution tracking
f21a726
@pacmancoder
WIP: updated schema and executor logic
bb7d94e
@pacmancoder
Ignore LoC for sample/asset files
9972d88
@pacmancoder
WIP: Update schema to use PascalCase
3a0c835
@pacmancoder
WIP: PS5/PWSH managers support
9a4e317
@pacmancoder
WIP: Implemented missing operation options, minor refactoring
d0dc141
@pacmancoder
WIP: schema consistency changes
5d04080
@pacmancoder
WIP: powershell changes
b1f70ed
@pacmancoder
WIP: winapi safety comment
e5b135e
@pacmancoder @claude
feat(unigetui-broker): axum+aide server + OpenAPI/C# client pipeline
21e31ca 
Refactor the broker HTTP server from raw hyper to axum + aide served over
the named pipe (matching the PEDM pattern), preserving all behavior: header
validation, audit mode, policy validity window, the kill/pre/main/post
execution plan, operation tracker, media types and status codes.

server::openapi() emits an OpenAPI 3.1 document from the existing schemars
schemas (no duplication), and injects PolicyDocument as a component so the
generated C# client also gets strongly-typed policy models.

Wire the broker into tools/generate-openapi (target "unigetui-broker") and
add crates/unigetui-broker/openapi/ with the committed spec and the C#
generator config mirroring PEDM (openapi-generator-cli csharp, httpclient).

Generating the C# client itself requires a JRE (openapi-generator-cli is a
Java tool); run openapi/generate_all.ps1 on a machine with Java.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@pacmancoder
WIP: C# client for agent broker
5f72448
@pacmancoder
WIP: CI changes
911d300
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vnikonov-devolutions @pacmancoder