Initial commit: hello-agent — headless RustDesk-protocol-compatible Windows agent
build-windows / build-hello-agent-x64 (push) Successful in 5m41s
build-windows / build-hello-agent-x64 (push) Successful in 5m41s
A single-binary, Flutter-free remote-support agent that speaks the stock
RustDesk wire protocol. Designed for one-line MDM deployment against a
self-hosted rustdesk-server: a supporter using the unmodified rustdesk.exe
client connects, the controlled-side user gets a native Win32 approval
prompt, click Yes / No.
CLI surface
hello-agent.exe --install # register + start service
hello-agent.exe --uninstall # stop, delete, clean up
hello-agent.exe --config <BLOB> # admin-UI deploy string
hello-agent.exe --install --config <BLOB> # MDM one-liner
--config accepts both forms emitted by the rustdesk-server admin UI: the
reversed-base64 deploy string and the host=,key=,api=,relay= filename
form. Decoded via the upstream custom_server module, persisted via
hbb_common::config::Config::set_option.
Architecture
--service runs as a Session 0 LocalSystem service. It polls
WTSGetActiveConsoleSessionId and (re)spawns hello-agent.exe --server
into the active console session via librustdesk::platform::run_as_user,
handling the Session 0 → user-session token impersonation.
--server is the worker. It boots three concurrent components:
1. cm_popup: an IPC listener on the rustdesk `_cm` named pipe
2. librustdesk::start_server(true, false): the upstream protocol
stack — rendezvous mediator, NAT punch, IPC server, screen
capture, login validation, hbbs_http heartbeat / sysinfo sync
3. (implicit) ApproveMode::Click is pinned in config, so every
incoming connection routes through cm_popup
The popup mechanism reuses an existing upstream contract without any
patches to the protocol code: when a peer connects with no password,
Connection::start in the upstream code calls try_start_cm_ipc, which
ipc::connect-s the `_cm` pipe before falling back to spawning a Flutter
CM child. Since cm_popup is up first, step 1 succeeds; we read the
Data::Login{authorized:false} frame, show MessageBoxTimeoutW (Yes/No,
60s, top-most, system-modal), and reply Data::Authorize or Data::Close.
Source tree
src/main.rs CLI dispatcher + run_server() composition
src/cli.rs hand-rolled argv parser + unit tests
src/service.rs windows-service install/uninstall/dispatcher
src/config_import.rs --config blob decoding + persistence
src/cm_popup.rs _cm IPC listener + Win32 approval dialog
Vendoring
The upstream RustDesk crate is vendored under vendor/rustdesk/ — full
workspace including libs/{hbb_common, scrap, enigo, clipboard,
virtual_display, remote_printer}. This makes the build self-contained
(no submodules, no sibling-repo checkout in CI) and gives us freedom to
fork in a different direction later. Excluded from the vendor: .git,
target/, flutter/, appimage/, flatpak/, fastlane/, docs/, examples/,
ci/, build.py, Dockerfile, upstream README/CLAUDE/AGENTS/GEMINI.
One local divergence vs. upstream: vendor/rustdesk/src/lib.rs flips
`mod custom_server` → `pub mod custom_server` so config_import.rs can
call get_custom_server_from_string without going through the
ui_interface shim. Documented in README.md → "Re-syncing the vendored
copy".
CI
.gitea/workflows/build-windows.yml builds on a self-hosted Windows
runner with Rust 1.75, LLVM 15.0.6 (libclang for bindgen via libvpx-sys),
and a vcpkg cache. The vendored vcpkg.json drives x64-windows-static
deps. The workflow stages the resulting hello-agent.exe into
SignOutput\, reports authenticode signing status (warns on unsigned),
and uploads as artifact. ~15 min full build, faster on incremental.
Out of scope for this commit: Linux/macOS builds, code signing, MSI
packaging, coexistence with stock rustdesk on the same box (currently
shares the RustDesk APP_NAME and config dir).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
+62
@@ -0,0 +1,62 @@
|
||||
[package]
|
||||
name = "hello-agent"
|
||||
version = "0.1.0"
|
||||
edition = "2021"
|
||||
rust-version = "1.75"
|
||||
description = "Headless RustDesk-protocol-compatible support agent for Windows"
|
||||
publish = false
|
||||
|
||||
[[bin]]
|
||||
name = "hello-agent"
|
||||
path = "src/main.rs"
|
||||
|
||||
# The full RustDesk protocol stack is vendored under `vendor/rustdesk/`.
|
||||
# We consume it as a path dependency on the `librustdesk` crate (the rlib
|
||||
# crate-type in its Cargo.toml's [lib] section is what makes this work).
|
||||
#
|
||||
# We deliberately turn off rustdesk's `flutter` feature: we don't ship the
|
||||
# Flutter UI. We keep `hwcodec` for parity with the upstream Windows build
|
||||
# and `vram` for hardware-accelerated encoding paths.
|
||||
[dependencies]
|
||||
# The vendored rustdesk crate's [package] name is "rustdesk" but its [lib]
|
||||
# name is "librustdesk". `package = "rustdesk"` aliases it so we can keep
|
||||
# `use librustdesk::…` in source.
|
||||
librustdesk = { package = "rustdesk", path = "vendor/rustdesk", default-features = false, features = ["use_dasp", "hwcodec", "vram"] }
|
||||
hbb_common = { path = "vendor/rustdesk/libs/hbb_common" }
|
||||
|
||||
tokio = { version = "1", features = ["rt-multi-thread", "macros", "sync", "time", "io-util"] }
|
||||
log = "0.4"
|
||||
env_logger = "0.10"
|
||||
anyhow = "1"
|
||||
|
||||
[target.'cfg(target_os = "windows")'.dependencies]
|
||||
windows-service = "0.6"
|
||||
winapi = { version = "0.3", features = ["winuser", "wtsapi32", "processthreadsapi", "synchapi", "handleapi", "winbase"] }
|
||||
winreg = "0.11"
|
||||
|
||||
# Embed the icon and EXE metadata via the Windows resource compiler.
|
||||
# Same crate (and version) the vendored rustdesk uses for its own icon —
|
||||
# keeping them in lockstep avoids a duplicate `winres` in Cargo.lock.
|
||||
#
|
||||
# Unconditional rather than target-gated: build.rs runs on the *host* and
|
||||
# decides via `CARGO_CFG_TARGET_OS` whether the target is Windows. A
|
||||
# host-conditional build-dep would hide winres on a Linux/macOS host even
|
||||
# when cross-compiling to Windows.
|
||||
[build-dependencies]
|
||||
winres = "0.1"
|
||||
|
||||
# Match upstream's release profile so the resulting binary has the same
|
||||
# stripping / LTO behavior. Diverging here would surprise CI.
|
||||
[profile.release]
|
||||
lto = true
|
||||
codegen-units = 1
|
||||
panic = "abort"
|
||||
strip = true
|
||||
|
||||
# Mirror the [patch.crates-io] from the vendored rustdesk Cargo.toml. Cargo
|
||||
# only honors [patch] at the *outermost* workspace root, so we have to
|
||||
# repeat it here. (The Linux-only libxdo-sys-stub avoids requiring libxdo
|
||||
# on the build host; on Windows it's conditionally compiled out anyway, but
|
||||
# keeping the patch makes a future Linux build configuration easier.)
|
||||
[patch.crates-io]
|
||||
libxdo-sys = { path = "vendor/rustdesk/libs/libxdo-sys-stub" }
|
||||
Reference in New Issue
Block a user