Device posture#865
Merged
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
Implements “device posture” groundwork by introducing cross-platform posture signal collection in the Tauri client (Windows/macOS/Linux), wiring in new protobuf definitions, and persisting a per-location posture_check_required flag to support posture-gated connections.
Changes:
- Added an enterprise posture “inspector” module that gathers OS and security posture signals and maps them into
DevicePostureDataprotobuf messages. - Updated protobuf module layout/build scripts and added a DB migration + model field for
posture_check_requiredon locations. - Improved MFA mobile-approve UX by refreshing the QR/token when the proxy WebSocket closes/errors.
Reviewed changes
Copilot reviewed 43 out of 46 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| swift/extension/VPNExtension.xcodeproj/project.pbxproj | Bumps VPN extension marketing version to 1.6.9. |
| src/pages/client/types.ts | Adds placeholder note for future device posture data in client types. |
| src/pages/client/pages/ClientInstancePage/components/LocationsList/modals/MFAModal/MFAModal.tsx | Forces MfaMobileApprove remount per token and adds refresh handler wiring. |
| src/pages/client/pages/ClientInstancePage/components/LocationsList/modals/MFAModal/components/MfaMobileApprove/MfaMobileApprove.tsx | Refreshes MFA QR on WebSocket close/error; improves modal lifecycle handling. |
| src/pages/client/components/MfaModalProvider.tsx | Uses typed Tauri event keys for MFA trigger listener. |
| src-tauri/tauri.conf.json | Updates Windows signing config and bumps app version to 1.6.9. |
| src-tauri/src/utils.rs | Updates ClientPlatformInfo import path to new generated module layout. |
| src-tauri/src/tray.rs | Minor log formatting changes for MFA/connect errors. |
| src-tauri/src/service/mod.rs | Switches service proto include path to defguard.client.v1. |
| src-tauri/src/proto.rs | Introduces nested proto modules and adds posture/client_types protos; maps posture_check_required. |
| src-tauri/src/periodic/version.rs | Refactors update polling interval constant expression. |
| src-tauri/src/periodic/purge_stats.rs | Refactors stats purge interval constant expression. |
| src-tauri/src/log_watcher/global_log_watcher.rs | Uses hour-based duration helper for global log “from” window. |
| src-tauri/src/enterprise/periodic/config.rs | Updates imports to new client_types proto module path. |
| src-tauri/src/enterprise/mod.rs | Exposes new enterprise::inspector module. |
| src-tauri/src/enterprise/inspector/windows.rs | Adds Windows posture signal collection via WMI. |
| src-tauri/src/enterprise/inspector/tests/windows.rs | Adds Windows inspector tests (mostly ignored for dev machine). |
| src-tauri/src/enterprise/inspector/tests/mod.rs | Adds OS-gated inspector test module wiring. |
| src-tauri/src/enterprise/inspector/tests/macos.rs | Adds macOS inspector tests (some ignored). |
| src-tauri/src/enterprise/inspector/tests/linux.rs | Adds Linux inspector tests (some ignored). |
| src-tauri/src/enterprise/inspector/mod.rs | Core inspector logic; builds DevicePostureData and helper conversions. |
| src-tauri/src/enterprise/inspector/macos.rs | Adds macOS posture checks via fdesetup/csrutil. |
| src-tauri/src/enterprise/inspector/linux.rs | Adds Linux disk encryption detection via lsblk JSON parsing. |
| src-tauri/src/database/models/location.rs | Adds posture_check_required field and includes it in queries/inserts. |
| src-tauri/src/database/models/instance.rs | Updates instance conversions/equality to new client_types proto path. |
| src-tauri/src/commands.rs | Updates DeviceConfigResponse import and minor refactors in location-change detection. |
| src-tauri/src/apple.rs | Refactors channel type aliases for observer/VPN-state comms. |
| src-tauri/migrations/20260511093103_posture_check_required.sql | Adds DB column posture_check_required to location. |
| src-tauri/cli/src/bin/dg.rs | Updates CLI embedded protos and types to new module layout. |
| src-tauri/cli/build.rs | Updates CLI proto compilation paths/include roots. |
| src-tauri/Cargo.toml | Bumps crate version/rust-version; adds sysinfo and wmi; updates deps. |
| src-tauri/Cargo.lock | Lockfile updates for new/updated Rust dependencies. |
| src-tauri/build.rs | Updates proto compilation list to include posture + shared client_types protos. |
| src-tauri/.sqlx/query-ec008998cc09e79017a3edd82550df0afd4bd8488391475908272d9cf7c6dbd0.json | Updates sqlx query metadata to include posture_check_required. |
| src-tauri/.sqlx/query-865203f8f64866f1895aede956dfd8f373772e3c406f4482e6a4022a796cd46b.json | Updates sqlx query metadata to include posture_check_required. |
| src-tauri/.sqlx/query-858556d40a6fc015f2664045a00837ec18e3c0fd94b6ded74a60ac6edc57a5b3.json | Updates sqlx query metadata to include posture_check_required. |
| src-tauri/.sqlx/query-7b9f3c02d868a7da19beed6aad5ee22962668200b1ffb1fb7df967be5af0c50c.json | Updates sqlx query metadata for insert arg count/field. |
| src-tauri/.sqlx/query-50543a38f8f09cd45b16bf8b93d2ff42252aa0833f57c8ffa98e3471b9e663a1.json | Updates sqlx query metadata to include posture_check_required. |
| package.json | Bumps app version and updates JS dependencies. |
| biome.json | Updates Biome schema version and formatting config style. |
| .gitignore | Ignores *.provisionprofile files. |
| .github/workflows/release.yaml | Updates CI tooling versions/install steps and adjusts packaging steps. |
| .github/workflows/lint.yaml | Updates Node/pnpm setup and install flags in lint CI. |
| .github/workflows/build-macos.yaml | Updates pnpm action version and install flags in macOS build CI. |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
j-chmielewski
approved these changes
May 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements #842