The in-content Restart button overflowed its fixed width. Move it into the wizard
footer's right slot (where Next/Apply sits) as a btn-primary; Routes owns the restart
shutdown now, DoneStep just shows the recovery key.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Hands-on VM testing showed auto-apply skipped the app picker entirely -- the user
couldn't review/adjust apps before install. Land first-run on the Apps step instead
(pre-checked with the collector flavour's defaults); the user adjusts then walks
Apps -> Prefs -> Apply -> Done. The collector already owns account + flavour, so
Welcome/Flavour are skipped. Reverses the earlier auto-apply behavior per operator
feedback.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Insert AppsStep as wizard index 2 (renumbering Account/Prefs/Apply/Done
to 3-6), load the app catalog alongside flavours, seed the per-role
default selection on entering the step, and register IAppCatalog in DI.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Found by reading the unencrypted VM disk after run #7:
1. Online branding never ran: Apply-Branding.ps1 had a UTF-8 em-dash in a Write-Warning
STRING; Windows PowerShell 5.1 (SetupComplete) reads .ps1 as ANSI, mangled it, broke
the string terminator -> whole script failed to parse -> lock/login/wallpaper branding
never re-applied. Fix: ASCII-ify the em-dash AND save the branding scripts UTF-8-with-BOM
so PS5.1 always decodes them correctly (verified parses under PS5.1 + PS7).
2. sm-bootstrap never removed: TearDownAsync used schtasks /tr with an inline -EncodedCommand,
which silently fails past the ~261-char /tr limit, so the cleanup task was never created
(confirmed NO_TASK on disk). Fix: Register-ScheduledTask (no length limit).
3. Done step: show a QR code of the BitLocker recovery key (QRCoder) for phone backup, and
lay key+QR side-by-side so the Restart button no longer overflows below the fold.
Verified: welcome solution builds, 29/29 tests; branding Pester 6/6 unit (offline-integration
needs elevation, runs in CI).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- BitLocker: remove -SkipHardwareTest so BitLocker validates the TPM+PIN unseal via
its hardware test on the next reboot (the wizard's end-of-flow reboot) before
encrypting — fixes the E_FVE_SECURE_BOOT_CHANGED / PCR-11 drop-to-recovery on the
first post-enroll boot. The PIN now works first time instead of needing recovery.
- Done step now DISPLAYS the 48-digit BitLocker recovery key (read from the file the
enrollment saves) with a 'save this' warning — previously it was never surfaced.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
AccountStep now exposes OnValidityChanged EventCallback<bool> and fires it at the end of every Validate() call (including OnInitialized). Routes.razor drops the @ref/IsValid polling pattern in favour of _accountValid updated via the callback + StateHasChanged, matching the existing OnRunningChanged pattern used by ApplyStep. Adds 5 bUnit regression tests covering: initial-invalid, all-valid, re-invalid on clear, short/non-numeric PIN, and pre-populated state on Back→Forward re-mount.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
