Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<h1 align="center">AppLens</h1>

<p align="center">
Read-only workstation inventory and desktop readiness reporting for client audits.
Local workstation inventory, readiness reporting, and consent-based Tune actions for client audits.
</p>

<p align="center">
Expand All @@ -21,16 +21,16 @@ AppLens is a local-first audit tool for understanding what is installed, running
The repository currently includes three surfaces:

- **AppLens**: cross-platform installed-app inventory scripts for Windows, macOS, and Linux.
- **AppLens-Tune**: read-only workstation diagnostics and tune-plan guidance for startup load, services, local dev tooling, local AI readiness, storage hotspots, and repo placement.
- **AppLens-Tune**: consent-based workstation tune actions for startup load, services, local dev tooling, local AI readiness, storage hotspots, and repo placement.
- **AppLens-desktop**: a CSI-branded Windows desktop app built with WinUI 3, .NET, and Windows App SDK for eventual Microsoft Store packaging.

## Safety Model

AppLens is intentionally conservative:

- read-only scans by default
- no admin prompt required for V1
- no automatic remediation
- AppLens scans are read-only by default
- AppLens-Tune actions require explicit selection and consent
- admin-bound Tune actions are blocked unless the app is elevated
- no telemetry, accounts, or cloud upload
- user-controlled report export
- default report redaction for user, machine, and profile-path details
Expand All @@ -39,7 +39,7 @@ AppLens is intentionally conservative:

AppLens-desktop is the Microsoft Store-oriented version of AppLens. It provides a local dashboard, machine summary, inventory review, tune diagnostics, and export options for JSON, Markdown, and local HTML reports.

AppLens-Tune guidance is included as a read-only tune plan with a readiness score, review categories, evidence, backup concepts, and verification steps. Proposed actions are modeled for future user-approved workflows, but AppLens-desktop V1 does not execute remediation.
AppLens-Tune is included as a tune plan with a readiness score, review categories, evidence, backup concepts, verification steps, and an action log. Supported Tune actions can run from the desktop app after explicit user approval; unsupported or admin-bound items are recorded instead of silently skipped.

Build and test:

Expand Down
53 changes: 28 additions & 25 deletions docs/AppLens-Tune-Product-Outline.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,23 +14,25 @@ The product should feel like a professional client-audit tool, not a generic PC

## V1 Positioning

AppLens-Tune V1 should remain read-only inside AppLens-desktop.
AppLens-Tune V1 is the consent-based action layer inside AppLens-desktop. AppLens remains the read-only evidence layer; AppLens-Tune turns selected plan items into user-approved actions and records what happened.

It should:

- collect workstation performance and startup evidence
- classify findings by review category
- explain why each finding matters
- export redacted reports
- prepare a tune plan without changing the system
- prepare a tune plan
- apply selected low-risk actions after explicit consent
- block unsupported or admin-required actions when prerequisites are not met
- export an action log with verification steps

It should not:

- disable services
- remove startup entries
- delete caches
- run actions without selection and consent
- delete user-owned documents or project data
- uninstall packages
- require admin rights
- change drivers, firmware, security settings, or network/firewall posture
- run background monitoring

## App Structure
Expand Down Expand Up @@ -114,9 +116,9 @@ Content:
- repo placement
- path and profile redaction

### 7. Tune Plan
### 7. Tune Plan And Actions

Purpose: prepare a safe action plan without executing it in V1.
Purpose: prepare a safe action plan and run selected supported actions only after consent.

Content:

Expand All @@ -127,6 +129,8 @@ Content:
- admin requirement
- rollback concept
- verification step
- execution state
- action log record

### 8. Reports

Expand Down Expand Up @@ -157,7 +161,7 @@ Core objects:
- `Finding`
- `TunePlanItem`

Future remediation objects:
Action objects:

- `ProposedAction`
- `ActionExecution`
Expand Down Expand Up @@ -211,11 +215,9 @@ Avoid aggressive labels such as "bad", "junk", or "bloat." The product should so
- Add manual verification checklist.
- Export comparison reports.

### Phase 5: Optional Remediation Research
### Phase 5: Broader Remediation Research

This phase should not ship until V1 is stable.

Requirements before any remediation:
Requirements before expanding beyond the first allowlist:

- explicit consent
- admin boundary detection
Expand All @@ -230,33 +232,34 @@ Requirements before any remediation:
The best first implementation slice is:

1. Add `TunePlanItem` to the backend model.
2. Generate tune plan items from existing read-only findings.
2. Generate tune plan items from existing scan findings.
3. Export those plan items in JSON, Markdown, and HTML.
4. Add unit tests and golden report coverage.
5. Show the tune plan in AppLens-desktop as read-only guidance.
4. Add executable action states and action-log records.
5. Show the tune plan in AppLens-desktop with selected-action execution.

This slice is useful, low-risk, and directly prepares the product for a future approved remediation workflow.
This slice is useful, low-risk, and establishes AppLens-Tune as the hands while AppLens remains the eyes.

## Implementation Status

Implemented in the current backend:

- `TunePlanItem` and `ProposedAction` models.
- Read-only `TunePlanBuilder`.
- Future action states for user-consent and admin-required remediation.
- `TunePlanBuilder`.
- Action states for user-consent and admin-required remediation.
- JSON, Markdown, and HTML report output for tune plans.
- AppLens-desktop tune plan list.
- AppLens-desktop selected action workflow and action log.
- Allowlisted cache cleanup through the backend executor.
- Admin/startup/service action gates through the backend executor.
- Unit coverage for startup, service/admin, privacy, and report contract behavior.
- Local AI/autoresearch readiness profile in the backend contract.
- Read-only local AI signals in exports and tune-plan guidance.
- Local AI action kind for future benchmark/run workflows.

Still intentionally not implemented:

- service changes
- startup changes
- app uninstall
- cache deletion
- admin elevation
- rollback execution
- broad uninstaller/debloater behavior
- unattended local AI training
- rollback execution beyond recorded backup and verification details
- unattended training or model downloads

7 changes: 4 additions & 3 deletions docs/AppLensDesktop-Build.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,10 @@ The project is configured for MSIX tooling, Windows 10/11 19041+, and app versio

## V1 Guardrails

- Read-only scan only.
- No admin elevation.
- No remediation.
- Scans are local and user-triggered.
- Tune actions require explicit selection and consent.
- No unattended admin elevation.
- No broad remediation or app uninstall.
- No telemetry or cloud upload.
- Exports are user-triggered.
- Baseline scan does not shell out to PowerShell.
6 changes: 3 additions & 3 deletions docs/ROADMAP.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
## V1 Preview

- Cross-platform installed-app inventory scripts.
- Read-only AppLens-Tune workstation diagnostics.
- Readiness score and read-only tune plan guidance.
- AppLens-Tune workstation diagnostics.
- Readiness score and consent-based tune plan actions.
- WinUI 3 AppLens-desktop scaffold.
- Native C# collectors, rules, redaction, and report writers.
- JSON, Markdown, and local HTML export.
Expand All @@ -25,7 +25,7 @@
- Add richer report comparison views.
- Add signed release artifacts.
- Expand AppLens-Tune rules with more evidence-backed workstation checks.
- Keep remediation out of V1 unless it has explicit backup, consent, and rollback behavior.
- Expand AppLens-Tune actions only when they have explicit consent, backup detail, action logging, and verification behavior.

## AppLens-Tune Track

Expand Down
9 changes: 5 additions & 4 deletions docs/Store-Listing-Draft.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,22 +6,23 @@ AppLens-desktop

## Short Description

Read-only workstation inventory, diagnostics, and tune-plan guidance for client readiness reviews.
Local workstation inventory, diagnostics, and consent-based Tune actions for client readiness reviews.

## Description

AppLens-desktop helps users and consultants understand a Windows workstation before workflow, automation, or AI-readiness work begins.

The app scans locally and generates a workstation readiness view covering installed applications, startup entries, top processes, selected services, storage hotspots, developer tooling probes, and repo placement. AppLens-Tune guidance produces a read-only tune plan with evidence, risk, future action categories, backup concepts, and verification steps.
The app scans locally and generates a workstation readiness view covering installed applications, startup entries, top processes, selected services, storage hotspots, developer tooling probes, and repo placement. AppLens-Tune produces a tune plan with evidence, risk, action categories, backup concepts, verification steps, and an action log.

AppLens-desktop does not change system settings, remove applications, disable startup entries, stop services, delete files, upload data, create accounts, or run background monitoring. Reports are exported only when the user chooses to export them.
AppLens-desktop does not upload data, create accounts, run background monitoring, or act without user selection and approval. Reports are exported only when the user chooses to export them.

## Key Features

- Local workstation inventory.
- AppLens-Tune diagnostics.
- Readiness score and highlights.
- Read-only tune plan guidance.
- Consent-based tune plan actions.
- Action log export.
- JSON, Markdown, and HTML exports.
- Default redaction for user, machine, and profile-path details.
- Optional raw-detail export controlled by the user.
Expand Down
12 changes: 6 additions & 6 deletions docs/Store-Readiness-Checklist.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@
## Implemented For Store V1 Candidate

- WinUI 3 packaged app scaffold.
- Native C# read-only collectors.
- App inventory, tune diagnostics, readiness score, and tune plan.
- Native C# collectors.
- App inventory, tune diagnostics, readiness score, tune plan, and action log.
- JSON, Markdown, and local HTML exports.
- Default redaction with explicit raw-detail export option.
- Unit tests for rules, reports, readiness, and tune-plan behavior.
Expand All @@ -38,7 +38,7 @@

## Privacy Position

V1 is local-first and read-only. It collects workstation inventory and diagnostics only after the user runs a scan. It does not upload data, create accounts, run background services, change startup entries, change services, or perform remediation. Reports are exported only when the user chooses export.
V1 is local-first. It collects workstation inventory and diagnostics only after the user runs a scan. Supported AppLens-Tune actions require explicit user selection and approval, and action outcomes are recorded in the local action log. It does not upload data, create accounts, run background services, or act without user consent. Reports are exported only when the user chooses export.

Collected data may include:

Expand All @@ -56,9 +56,9 @@ Default exports redact user, machine, and profile path details. The UI has an ex

## Certification Notes

- Keep Tune remediation out of V1.
- Avoid admin prompts.
- Keep broad remediation and app uninstall out of V1.
- Avoid unattended admin prompts.
- Avoid driver/service installation.
- Avoid automatic upload or telemetry.
- Do not claim Microsoft certification or affiliation.
- Note in certification comments that all probes are read-only and user-triggered.
- Note in certification comments that scans are local and user-triggered, and Tune actions require explicit approval.
28 changes: 16 additions & 12 deletions docs/Store-V1-Scope.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,24 +2,25 @@

## Goal

Store V1 is a read-only Windows desktop app that helps a non-technical user generate a workstation readiness report without using GitHub, PowerShell, or command-line tools.
Store V1 is a local Windows desktop app that helps a non-technical user generate a workstation readiness report and run selected AppLens-Tune actions with explicit approval.

## Included

- WinUI 3 packaged desktop app.
- Native C# backend collectors.
- Installed app inventory.
- AppLens-Tune diagnostics.
- AppLens-Tune diagnostics and selected action workflow.
- Readiness score and highlights.
- Read-only tune plan guidance.
- Tune plan guidance.
- Action log export.
- JSON, Markdown, and local HTML exports.
- Redaction by default for user, machine, and profile-path details.
- Explicit raw-detail export option.
- MSIX package smoke build.

## Read-Only Tune Plan
## Consent-Based Tune Actions

The app may describe future actions, but it does not execute them in V1.
The app may execute selected supported actions only after user consent. Unsupported, risky, or admin-bound items are blocked and recorded in the action log.

Modeled future action types:

Expand All @@ -34,17 +35,20 @@ Modeled future action types:
V1 execution state:

- `ReadOnlyOnly`
- `FutureUserConsent`
- `FutureAdminRequired`
- `RequiresUserConsent`
- `RequiresAdmin`
- `Completed`
- `Failed`
- `RolledBack`
- `Unsupported`

## Explicitly Out Of Scope For Store V1

- uninstalling apps
- changing startup entries
- changing or stopping services
- deleting files or caches
- admin elevation
- unapproved actions
- broad app uninstall/debloat behavior
- deleting user documents or project data
- driver, firmware, firewall, or security policy changes
- unattended admin elevation
- background monitoring
- telemetry
- cloud upload
Expand Down
13 changes: 6 additions & 7 deletions docs/Tomorrow-Handoff.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,15 @@

## Current State

AppLens-desktop is usable locally as a read-only Store V1 candidate.
AppLens-desktop is usable locally as a scan-and-tune candidate.

Implemented:

- installed app inventory
- AppLens-Tune diagnostics
- readiness score and highlights
- read-only tune plan guidance
- consent-based tune plan actions
- action log export
- JSON, Markdown, HTML, and bundle export
- default redaction with explicit raw-detail option
- MSIX smoke package generation
Expand Down Expand Up @@ -48,9 +49,7 @@ This runs restore, tests, package smoke build, lists generated MSIX artifacts, a
## Keep Out Of V1

- app uninstall
- startup changes
- service changes
- cache deletion
- admin elevation
- automatic remediation
- unapproved startup, service, or cache changes
- unattended admin elevation
- automatic remediation without action logs

4 changes: 2 additions & 2 deletions src/AppLens.Backend/ReadinessSummaryBuilder.cs
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ private static List<string> BuildHighlights(
{
var highlights = new List<string>
{
"Read-only Store V1: no settings, services, startup entries, apps, or files were changed."
"AppLens scanned locally. AppLens-Tune actions require explicit user consent."
};

highlights.Add(score >= 85
Expand All @@ -71,7 +71,7 @@ private static List<string> BuildHighlights(

if (adminRequiredCount > 0)
{
highlights.Add($"{adminRequiredCount} item(s) are admin-bound and intentionally left as guidance.");
highlights.Add($"{adminRequiredCount} item(s) require an elevated AppLens-Tune session before action.");
}

if (startupEnabledCount > 0)
Expand Down
Loading
Loading