fix: handle PowerShell Restricted execution policy in install script#1516
fix: handle PowerShell Restricted execution policy in install script#1516Br1an67 wants to merge 1 commit intoMoonshotAI:mainfrom
Conversation
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0a7683dff1
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
scripts/install.ps1
Outdated
| $currentPolicy = Get-ExecutionPolicy -Scope Process | ||
| if ($currentPolicy -eq "Restricted" -or $currentPolicy -eq "Undefined") { | ||
| Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force |
There was a problem hiding this comment.
At scripts/install.ps1:5-7, Get-ExecutionPolicy -Scope Process is typically Undefined unless the caller already set a process-level override. Because the Process scope takes precedence over CurrentUser and LocalMachine, this branch rewrites the current shell to RemoteSigned even on machines that intentionally use AllSigned or another non-default policy in those lower scopes. In the documented Invoke-RestMethod ... | Invoke-Expression flow that means the installer mutates the user's existing PowerShell session and can silently weaken a stricter local policy; checking the effective policy before changing it would avoid that regression.
Useful? React with 👍 / 👎.
scripts/install.ps1
Outdated
| Write-Host " Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process" -ForegroundColor Cyan | ||
| Write-Host "" | ||
| } | ||
| Read-Host "Press Enter to exit" |
There was a problem hiding this comment.
The new Read-Host makes the failure path unusable for any non-interactive invocation of install.ps1 (for example, from automation or a wrapper that starts PowerShell with -NonInteractive). In that mode Read-Host itself is a terminating error, so callers lose the original installation failure and never reach the intended exit 1. Since this script is published as a general bootstrapper, the catch block should either skip the prompt when no interactive host is available or avoid prompting entirely.
Useful? React with 👍 / 👎.
Wrap Install-Uv in try-catch so that when the default Restricted execution policy blocks Invoke-Expression, users see a clear error message with the remediation command instead of the PowerShell window silently closing. Also replace Write-Error with Write-Host for the uv-not-found check and add a 'Press any key to exit' prompt so users can read the error before the window closes. Fixes MoonshotAI#1513
Br1an67
force-pushed
the
fix/install-ps1-execution-policy
branch
from
0a7683d to
b5e6308
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b5e63087bc
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| Write-Host "" | ||
| Write-Host "Press any key to exit..." | ||
| $null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") | ||
| exit 1 |
There was a problem hiding this comment.
Checked docs/en/guides/getting-started.md:34-36: the documented Windows install flow pipes this script into Invoke-Expression inside the user's current PowerShell window. In that context, PowerShell's exit closes the current script or PowerShell instance, so this new exit 1 path now tears down the caller's shell on any bootstrap failure instead of returning them to the prompt after printing the remediation. That means users can lose session state/history and can't immediately run the suggested Set-ExecutionPolicy command in the same window.
Useful? React with 👍 / 👎.
2 participants
Related Issue
Resolve #1513
Description
On fresh Windows machines, PowerShell defaults to
Restrictedexecution policy. The install script uses$ErrorActionPreference = "Stop"and callsInvoke-Expressionto run the uv installer, but when the execution policy blocks it, the error propagates and terminates the script — causing the PowerShell window to close instantly without any error message.Changes:
RemoteSignedexecution policy for the current process only (safe, non-persistent — does not modify system or user policy)Read-Hostpause before exit so the window stays open on failure, allowing users to read the errorBefore: PowerShell window closes instantly with no feedback.
After: Error message is displayed with suggested fix, window stays open.
Checklist
make gen-changelogto update the changelog.make gen-docsto update the user documentation.