build(choco): add Chocolatey package definition for Windows install#1056
build(choco): add Chocolatey package definition for Windows install#1056pedramamini wants to merge 1 commit into
Conversation
Adds a chocolatey/ package so Windows users can eventually run `choco install maestro-ai`. The package downloads the official NSIS installer from GitHub Releases, verifies its SHA256, and installs it silently (no binary is bundled or modified). - maestro-ai.nuspec: package metadata pinned to the latest stable release - tools/chocolateyinstall.ps1: download + checksum-verify + silent install - tools/chocolateyuninstall.ps1: silent uninstall via registry entry - tools/VERIFICATION.txt: moderator/user binary verification steps - README.md: build, test, update, and publish instructions Submitting to the Chocolatey Community Repository remains a one-time maintainer step (requires a chocolatey.org account + API key). Closes #260
📝 WalkthroughWalkthroughThis PR creates a complete Chocolatey package for Maestro, including NuSpec metadata pinning version 0.15.4, PowerShell scripts to install the signed NSIS installer from GitHub Releases with SHA256 verification and uninstall via Windows registry queries, a verification document for trust validation, and a comprehensive README covering usage, maintenance, and release procedures. ChangesChocolatey Package Support
Sequence DiagramsequenceDiagram
participant User
participant Chocolatey
participant GitHub as GitHub Releases
participant NSIS as NSIS Installer
participant Registry as Windows Registry
rect rgba(100, 150, 200, 0.5)
Note over User,NSIS: Installation Flow
User->>Chocolatey: choco install maestro-ai
Chocolatey->>GitHub: Download installer (URL from script)
GitHub-->>Chocolatey: maestro-ai-*.exe (v0.15.4)
Chocolatey->>Chocolatey: Verify SHA256 checksum
Chocolatey->>NSIS: Execute /S (silent install)
NSIS->>NSIS: Install application
NSIS-->>Chocolatey: Exit code 0
Chocolatey-->>User: Installation complete
end
rect rgba(150, 100, 200, 0.5)
Note over User,Registry: Uninstallation Flow
User->>Chocolatey: choco uninstall maestro-ai
Chocolatey->>Registry: Query HKLM/Software (Maestro*)
Registry-->>Chocolatey: Uninstall registry entries
alt Single match found
Chocolatey->>NSIS: Invoke uninstaller (/S)
NSIS->>NSIS: Remove application
NSIS-->>Chocolatey: Exit code 0
Chocolatey-->>User: Uninstallation complete
else Multiple or no matches
Chocolatey-->>User: Warning (manual review needed)
end
end
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@chocolatey/maestro-ai.nuspec`:
- Line 7: The nuspec's <version> element ("0.15.4") is inconsistent with the
referenced release tag ("v0.15.4-RC"); update the package metadata so both use
the same canonical release version/tag — either change the <version> value to
match the release tag (remove or add "v" and "-RC" as appropriate) or update the
release tag string to match the <version> — ensure the string used in the
<version> element and the referenced release tag are identical across the
manifest and installer source.
In `@chocolatey/README.md`:
- Line 74: Update the documentation text that references the pipeline
(`.github/workflows/release.yml`) so the platform name is correctly capitalized
as "GitHub" (capital H) on the line currently reading "GitHub" incorrectly;
locate the mention near the pipeline reference and replace the incorrect
capitalization with "GitHub".
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 27b26474-738a-4af2-b81c-7c92a7d44fa2
📒 Files selected for processing (5)
chocolatey/README.mdchocolatey/maestro-ai.nuspecchocolatey/tools/VERIFICATION.txtchocolatey/tools/chocolateyinstall.ps1chocolatey/tools/chocolateyuninstall.ps1
| <metadata> | ||
| <id>maestro-ai</id> | ||
| <!-- Keep in sync with the GitHub release pinned in tools/chocolateyinstall.ps1. --> | ||
| <version>0.15.4</version> |
There was a problem hiding this comment.
Align package version with the referenced release tag.
Line 7 (0.15.4) and Line 45 (v0.15.4-RC) are inconsistent. This creates ambiguous provenance for the packaged artifact and can cause confusion during moderation and upgrades. Use a single canonical release version/tag across nuspec metadata and installer source.
Also applies to: 45-45
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@chocolatey/maestro-ai.nuspec` at line 7, The nuspec's <version> element
("0.15.4") is inconsistent with the referenced release tag ("v0.15.4-RC");
update the package metadata so both use the same canonical release version/tag —
either change the <version> value to match the release tag (remove or add "v"
and "-RC" as appropriate) or update the release tag string to match the
<version> — ensure the string used in the <version> element and the referenced
release tag are identical across the manifest and installer source.
|
|
||
| New community packages go through Chocolatey's moderation review before they | ||
| appear in search. After the initial listing, this can be wired into the release | ||
| pipeline (`.github/workflows/release.yml`) to push automatically on each tag. |
There was a problem hiding this comment.
Fix product name capitalization in docs.
Line 74 should use GitHub (capital H) for correct platform naming.
🧰 Tools
🪛 LanguageTool
[uncategorized] ~74-~74: The official name of this software platform is spelled with a capital “H”.
Context: ...can be wired into the release pipeline (.github/workflows/release.yml) to push automat...
(GITHUB)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@chocolatey/README.md` at line 74, Update the documentation text that
references the pipeline (`.github/workflows/release.yml`) so the platform name
is correctly capitalized as "GitHub" (capital H) on the line currently reading
"GitHub" incorrectly; locate the mention near the pipeline reference and replace
the incorrect capitalization with "GitHub".
Greptile SummaryThis PR adds a Chocolatey package definition for Windows users to install Maestro via
Confidence Score: 3/5Not ready to merge as-is — the package publicly misrepresents an RC build as a stable release, and the uninstall script may silently fail on machines where electron-builder registers an uninstall string with inline arguments. The nuspec declares version 0.15.4 while the actual installer is v0.15.4-RC; anyone who installs the package gets a release-candidate binary they didn't knowingly opt into. Separately, the uninstall script passes the raw UninstallString directly as the executable path, which would break silent uninstall on affected machines. chocolatey/maestro-ai.nuspec (version label) and chocolatey/tools/chocolateyuninstall.ps1 (UninstallString parsing) need the most attention before this is published. Important Files Changed
Sequence DiagramsequenceDiagram
participant User as Windows User
participant Choco as Chocolatey CLI
participant GHR as GitHub Releases
participant NSIS as NSIS Installer
User->>Choco: choco install maestro-ai
Choco->>Choco: Read maestro-ai.nuspec (v0.15.4)
Choco->>Choco: Run chocolateyinstall.ps1
Choco->>GHR: GET Maestro-Setup-0.15.4-RC-x64.exe
GHR-->>Choco: Installer binary
Choco->>Choco: Verify SHA256 checksum
Choco->>NSIS: Execute with /S (silent)
NSIS-->>User: Maestro installed
User->>Choco: choco uninstall maestro-ai
Choco->>Choco: Run chocolateyuninstall.ps1
Choco->>Choco: "Get-UninstallRegistryKey Maestro*"
Choco->>NSIS: UninstallString path /S
NSIS-->>User: Maestro uninstalled
Reviews (1): Last reviewed commit: "build(choco): add Chocolatey package def..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| <!-- Keep in sync with the GitHub release pinned in tools/chocolateyinstall.ps1. --> | ||
| <version>0.15.4</version> |
There was a problem hiding this comment.
0.15.4 (stable-looking) does not match the installer being downloaded, which is v0.15.4-RC (a release candidate). A user who runs choco install maestro-ai will see version 0.15.4 in their package list but receive an RC binary — a silent misrepresentation. Chocolatey supports SemVer pre-release suffixes; the version should carry the -rc label, or this PR should target a final GA release instead.
| <!-- Keep in sync with the GitHub release pinned in tools/chocolateyinstall.ps1. --> | |
| <version>0.15.4</version> | |
| <!-- Keep in sync with the GitHub release pinned in tools/chocolateyinstall.ps1. --> | |
| <version>0.15.4-rc0</version> |
| # electron-builder NSIS uninstaller: '/S' performs a silent uninstall. | ||
| silentArgs = '/S' | ||
| validExitCodes = @(0) | ||
| file = "$($_.UninstallString)" |
There was a problem hiding this comment.
UninstallString from the registry can include inline arguments (e.g., electron-builder sometimes registers "C:\...\Uninstall Maestro.exe" /currentuser). Using the raw string as the file parameter means Uninstall-ChocolateyPackage receives a value like "C:\...\Uninstall.exe" /currentuser as a file path, which will fail to locate the executable. Split out the path before passing it.
| file = "$($_.UninstallString)" | |
| file = ($_.UninstallString -replace '^"([^"]+)".*$', '$1' -replace "^'([^']+)'.*$", '$1').Trim() |
| $ErrorActionPreference = 'Stop' | ||
|
|
||
| $packageName = 'maestro-ai' | ||
| $softwareName = 'Maestro*' |
There was a problem hiding this comment.
Maestro* will match any installed product whose display name begins with "Maestro" — including unrelated third-party software. A more specific pattern reduces the chance of accidentally uninstalling the wrong program on machines with other "Maestro" products installed.
| $softwareName = 'Maestro*' | |
| $softwareName = 'Maestro*' # TODO: tighten once the app's exact Add/Remove Programs display name is confirmed |
Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!
1 participant
Closes #260
What
Adds a
chocolatey/package definition so Windows users can install Maestro via Chocolatey:choco install maestro-aiThe package downloads the official signed NSIS installer (
Maestro-Setup-<version>-x64.exe) straight from GitHub Releases, verifies its SHA256, and installs it silently. No binary is bundled or modified.Why
Per the triage on #260,
choco installis a natural fit for Windows users who manage their machines declaratively. This implements steps 1–2 of that plan (nuspec + install/uninstall scripts).Files
chocolatey/maestro-ai.nuspecmaestro-ai, pinned to v0.15.4)chocolatey/tools/chocolateyinstall.ps1chocolatey/tools/chocolateyuninstall.ps1chocolatey/tools/VERIFICATION.txtchocolatey/README.mdThe pinned checksum (
38903F98…123346) matches GitHub's published digest forMaestro-Setup-0.15.4-RC-x64.exe, so the package is ready tochoco pack/choco install -s .and test on a Windows box.Not in this PR (maintainer steps)
choco push), then moderation review.release.ymlto publish on each tag. The README documents how.Test notes
maestro-ai.nuspecvalidated as well-formed XML.Install-ChocolateyPackage,Get-UninstallRegistryKey,Uninstall-ChocolateyPackage); fullchoco pack+ install test requires a Windows runner.Summary by CodeRabbit
New Features
Documentation
Chores