chore(mdm): resolve conflict & address copilot comments

Author: shubham-stepsecurity

internal/detector/aicli.go

@@ -54,10 +54,10 @@ var cliToolDefinitions = []cliToolSpec{
 		},
 	},
 	{
-		Name:        "github-copilot-cli",
-		Vendor:      "Microsoft",
-		Binaries:    []string{"copilot", "gh-copilot"},
-		ConfigDirs:  []string{"~/.config/github-copilot"},
+		Name:       "github-copilot-cli",
+		Vendor:     "Microsoft",
+		Binaries:   []string{"copilot", "gh-copilot"},
+		ConfigDirs: []string{"~/.config/github-copilot"},
 	},
 	{
 		Name:       "microsoft-ai-shell",

internal/detector/ide.go

@@ -53,12 +53,12 @@ var ideDefinitions = []ideSpec{
 	},
 	{
 		AppName: "Claude", IDEType: "claude_desktop", Vendor: "Anthropic",
-		AppPath: "/Applications/Claude.app",
+		AppPath:  "/Applications/Claude.app",
 		WinPaths: []string{`%LOCALAPPDATA%\Programs\Claude`},
 	},
 	{
 		AppName: "Microsoft Copilot", IDEType: "microsoft_copilot_desktop", Vendor: "Microsoft",
-		AppPath: "/Applications/Copilot.app",
+		AppPath:  "/Applications/Copilot.app",
 		WinPaths: []string{`%LOCALAPPDATA%\Programs\Copilot`},
 	},
 }

internal/detector/nodescan.go

@@ -41,8 +41,9 @@ func NewNodeScanner(exec executor.Executor, log *progress.Logger, loggedInUser s
 }
 
 // shouldRunAsUser returns true when commands should be delegated to the logged-in user.
+// Only applies on Unix — RunAsUser uses sudo which is not available on Windows.
 func (s *NodeScanner) shouldRunAsUser() bool {
-	return s.exec.IsRoot() && s.loggedInUser != ""
+	return s.exec.GOOS() != "windows" && s.exec.IsRoot() && s.loggedInUser != ""
 }
 
 // runCmd runs a command, delegating to the logged-in user when running as root.
@@ -68,6 +69,7 @@ func (s *NodeScanner) runCmd(ctx context.Context, timeout time.Duration, name st
 }
 
 // runShellCmd runs a shell command string, delegating to the logged-in user when running as root.
+// Falls through to the platform-aware free function for the normal (non-delegation) path.
 func (s *NodeScanner) runShellCmd(ctx context.Context, timeout time.Duration, shellCmd string) (string, string, int, error) {
 	if s.shouldRunAsUser() {
 		ctx, cancel := context.WithTimeout(ctx, timeout)
@@ -81,7 +83,7 @@ func (s *NodeScanner) runShellCmd(ctx context.Context, timeout time.Duration, sh
 		}
 		return stdout, "", 0, nil
 	}
-	return s.exec.RunWithTimeout(ctx, timeout, "bash", "-c", shellCmd)
+	return runShellCmd(ctx, s.exec, timeout, shellCmd)
 }
 
 // checkPath checks if a binary is available, using the logged-in user's PATH when running as root.
@@ -165,7 +167,7 @@ func (s *NodeScanner) scanYarnGlobal(ctx context.Context) (model.NodeScanResult,
 
 	start := time.Now()
 	shellCmd := "cd " + platformShellQuote(s.exec, globalDir) + " && yarn list --json --depth=0"
-	stdout, stderr, exitCode, _ := runShellCmd(ctx, s.exec, 60*time.Second, shellCmd)
+	stdout, stderr, exitCode, _ := s.runShellCmd(ctx, 60*time.Second, shellCmd)
 	duration := time.Since(start).Milliseconds()
 
 	errMsg := ""
@@ -345,7 +347,7 @@ func (s *NodeScanner) scanProject(ctx context.Context, projectDir string) model.
 	for _, a := range args {
 		cmdStr += " " + a
 	}
-	stdout, stderr, exitCode, _ := runShellCmd(ctx, s.exec, 30*time.Second, cmdStr)
+	stdout, stderr, exitCode, _ := s.runShellCmd(ctx, 30*time.Second, cmdStr)
 	duration := time.Since(start).Milliseconds()
 
 	errMsg := ""

internal/detector/nodescan_test.go

@@ -12,7 +12,7 @@ import (
 
 func newTestScanner(exec *executor.Mock) *NodeScanner {
 	log := progress.NewLogger(false)
-	return NewNodeScanner(exec, log)
+	return NewNodeScanner(exec, log, "")
 }
 
 func TestNodeScanner_ScanNPMGlobal(t *testing.T) {

internal/executor/executor.go

@@ -9,6 +9,7 @@ import (
 	"os/user"
 	"path/filepath"
 	"runtime"
+	"strings"
 	"time"
 )
 

internal/executor/mock.go

@@ -290,9 +290,9 @@ type mockFileInfo struct {
 	dir  bool
 }
 
-func (fi *mockFileInfo) Name() string      { return fi.name }
-func (fi *mockFileInfo) Size() int64       { return fi.size }
-func (fi *mockFileInfo) IsDir() bool       { return fi.dir }
+func (fi *mockFileInfo) Name() string       { return fi.name }
+func (fi *mockFileInfo) Size() int64        { return fi.size }
+func (fi *mockFileInfo) IsDir() bool        { return fi.dir }
 func (fi *mockFileInfo) ModTime() time.Time { return time.Time{} }
 func (fi *mockFileInfo) Mode() os.FileMode  { return 0o644 }
 func (fi *mockFileInfo) Sys() any           { return nil }

internal/lock/lock.go

@@ -57,4 +57,3 @@ func (l *Lock) Release() {
 		_ = os.Remove(l.path)
 	}
 }
-

internal/model/model.go

@@ -2,18 +2,18 @@ package model
 
 // ScanResult is the community-mode JSON output structure.
 type ScanResult struct {
-	AgentVersion     string        `json:"agent_version"`
-	AgentURL         string        `json:"agent_url"`
-	ScanTimestamp    int64         `json:"scan_timestamp"`
-	ScanTimestampISO string        `json:"scan_timestamp_iso"`
-	Device           Device        `json:"device"`
-	AIAgentsAndTools []AITool      `json:"ai_agents_and_tools"`
-	IDEInstallations []IDE         `json:"ide_installations"`
-	IDEExtensions    []Extension   `json:"ide_extensions"`
-	MCPConfigs       []MCPConfig   `json:"mcp_configs"`
-	NodePkgManagers  []PkgManager  `json:"node_package_managers"`
-	NodePackages     []any `json:"node_packages"`
-	Summary          Summary       `json:"summary"`
+	AgentVersion     string       `json:"agent_version"`
+	AgentURL         string       `json:"agent_url"`
+	ScanTimestamp    int64        `json:"scan_timestamp"`
+	ScanTimestampISO string       `json:"scan_timestamp_iso"`
+	Device           Device       `json:"device"`
+	AIAgentsAndTools []AITool     `json:"ai_agents_and_tools"`
+	IDEInstallations []IDE        `json:"ide_installations"`
+	IDEExtensions    []Extension  `json:"ide_extensions"`
+	MCPConfigs       []MCPConfig  `json:"mcp_configs"`
+	NodePkgManagers  []PkgManager `json:"node_package_managers"`
+	NodePackages     []any        `json:"node_packages"`
+	Summary          Summary      `json:"summary"`
 }
 
 type Device struct {
@@ -63,9 +63,9 @@ type MCPConfig struct {
 
 // MCPConfigEnterprise includes base64-encoded content for enterprise mode.
 type MCPConfigEnterprise struct {
-	ConfigSource       string `json:"config_source"`
-	ConfigPath         string `json:"config_path"`
-	Vendor             string `json:"vendor"`
+	ConfigSource        string `json:"config_source"`
+	ConfigPath          string `json:"config_path"`
+	Vendor              string `json:"vendor"`
 	ConfigContentBase64 string `json:"config_content_base64,omitempty"`
 }
 
@@ -86,13 +86,13 @@ type Summary struct {
 // NodeScanResult holds raw scan output for enterprise telemetry.
 // Used for both global packages and per-project scans.
 type NodeScanResult struct {
-	ProjectPath       string `json:"project_path"`
-	PackageManager    string `json:"package_manager"`
-	PMVersion         string `json:"package_manager_version"`
-	WorkingDirectory  string `json:"working_directory"`
-	RawStdoutBase64   string `json:"raw_stdout_base64"`
-	RawStderrBase64   string `json:"raw_stderr_base64"`
-	Error             string `json:"error"`
-	ExitCode          int    `json:"exit_code"`
-	ScanDurationMs    int64  `json:"scan_duration_ms"`
+	ProjectPath      string `json:"project_path"`
+	PackageManager   string `json:"package_manager"`
+	PMVersion        string `json:"package_manager_version"`
+	WorkingDirectory string `json:"working_directory"`
+	RawStdoutBase64  string `json:"raw_stdout_base64"`
+	RawStderrBase64  string `json:"raw_stderr_base64"`
+	Error            string `json:"error"`
+	ExitCode         int    `json:"exit_code"`
+	ScanDurationMs   int64  `json:"scan_duration_ms"`
 }

internal/output/pretty.go

@@ -11,8 +11,9 @@ import (
 	"github.com/step-security/dev-machine-guard/internal/model"
 )
 
-//nolint:errcheck // fmt.Fprint* to io.Writer; errors surface through the writer
 // Pretty writes human-readable formatted output.
+//
+//nolint:errcheck // fmt.Fprint* to io.Writer; errors surface through the writer
 func Pretty(w io.Writer, result *model.ScanResult, colorMode string) error {
 	c := setupColors(colorMode)
 

internal/progress/progress.go

@@ -8,12 +8,13 @@ import (
 )
 
 // Logger handles progress output to stderr.
-// Logging format matches the shell script:
-//   [scanning] message   — progress (suppressed in quiet mode)
-//   [error] message      — errors (never suppressed)
-//   ⠋ label... (Xms)     — spinner animation
-//   ✓ label (Xms)        — step done
-//   ○ label (skipped)    — step skipped
+// Logging format:
+//
+//	2006-01-02 15:04:05 [scanning] message   — progress (suppressed in quiet mode)
+//	2006-01-02 15:04:05 [error] message      — errors (never suppressed)
+//	⠋ label... (Xms)                         — spinner animation
+//	✓ label (Xms)                            — step done
+//	○ label (skipped)                        — step skipped
 type Logger struct {
 	quiet   bool
 	spinner *spinner
@@ -82,18 +83,18 @@ type spinner struct {
 }
 
 type stopMsg struct {
-	kind   string // "done" or "skip"
-	reason string
+	kind    string // "done" or "skip"
+	reason  string
 	elapsed time.Duration
 }
 
 var spinnerFrames = []string{"⠋", "⠙", "⠹", "⠸", "⠼", "⠴", "⠦", "⠧", "⠇", "⠏"}
 
 func newSpinner(label string) *spinner {
 	return &spinner{
-		label:  label,
+		label:     label,
 		startedAt: time.Now(),
-		stopCh: make(chan stopMsg, 1),
+		stopCh:    make(chan stopMsg, 1),
 	}
 }