Merge pull request #111 from swarit-stepsecurity/swarit/chore/up-ver-1.11.4

ashishkurmi · web-flow · commit 1580fa126f1e · 2026-05-26T01:39:33.000-07:00
chore(release): update to 1.11.4
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 See [VERSIONING.md](VERSIONING.md) for why the version starts at 1.8.1.
 
+## [1.11.4] - 2026-05-26
+
+### Added
+
+- **Authenticode-signed Windows binaries and MSIs**: release artifacts are now signed via Azure Trusted Signing, so installs no longer trip SmartScreen/EDR unsigned-binary heuristics on Windows.
+- **Feature gate for selective scanning**: new feature-gate mechanism allows disabling or enabling individual scanners at runtime, giving operators a way to scope what a deployment reports without rebuilding.
+- **Invocation method + in-flight status reporting**: telemetry now records how the agent was invoked (launchd / systemd / scheduled task / interactive) and emits structured per-phase status info while a scan is running.
+- **`$HOME` expansion in configured paths**: path-style config values now expand `$HOME` (and `~`) consistently across platforms.
+
+### Fixed
+
+- **Windows console window flashes during scheduled scans**: the scheduled task no longer pops a visible console window on each run.
+- **Telemetry post-phase is non-blocking**: post-phase telemetry submission can no longer stall scan completion if the backend is slow or unreachable; sandbox invocation tests added to cover the path.
+- **Canonicalised `$HOME`/`~` expansion**: path expansion now goes through `filepath.Join` so the resulting paths are normalised across `/`-vs-`\` and trailing-separator edge cases.
+
+### Changed
+
+- **Per-phase telemetry sub-progress incl. upload phase**: progress reporting now tracks sub-progress within each phase and adds an explicit upload phase, giving the dashboard finer-grained visibility into long-running scans.
+- **CI: on-demand test-binary + MSI workflow** added so non-release builds can be produced from a PR without cutting a tag.
+- **CI: msi-smoke workflow hardened** following StepSecurity best-practice review.
+
 ## [1.11.3] - 2026-05-21
 
 ### Added
@@ -181,6 +202,7 @@ First open-source release. The scanning engine was previously an internal enterp
 - Execution log capture and base64 encoding
 - Instance locking to prevent concurrent runs
 
+[1.11.4]: https://github.com/step-security/dev-machine-guard/compare/v1.11.3...v1.11.4
 [1.11.3]: https://github.com/step-security/dev-machine-guard/compare/v1.11.1...v1.11.3
 [1.11.1]: https://github.com/step-security/dev-machine-guard/compare/v1.11.0...v1.11.1
 [1.11.0]: https://github.com/step-security/dev-machine-guard/compare/v1.10.2...v1.11.0
diff --git a/examples/sample-output.json b/examples/sample-output.json
@@ -1,5 +1,5 @@
 {
-  "agent_version": "1.11.3",
+  "agent_version": "1.11.4",
   "scan_timestamp": 1741305600,
   "scan_timestamp_iso": "2026-03-07T00:00:00Z",
   "device": {
diff --git a/internal/buildinfo/version.go b/internal/buildinfo/version.go
@@ -3,7 +3,7 @@ package buildinfo
 import "fmt"
 
 const (
-	Version  = "1.11.3"
+	Version  = "1.11.4"
 	AgentURL = "https://github.com/step-security/dev-machine-guard"
 )
 

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`		`- "agent_version": "1.11.3",`
	`2`	`+ "agent_version": "1.11.4",`
`3`	`3`	`"scan_timestamp": 1741305600,`
`4`	`4`	`"scan_timestamp_iso": "2026-03-07T00:00:00Z",`
`5`	`5`	`"device": {`
Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ package buildinfo`
`3`	`3`	`import "fmt"`
`4`	`4`
`5`	`5`	`const (`
`6`		`- Version = "1.11.3"`
	`6`	`+ Version = "1.11.4"`
`7`	`7`	`AgentURL = "https://github.com/step-security/dev-machine-guard"`
`8`	`8`	`)`
`9`	`9`