feat: Windows support

.github/workflows/ci.yaml

@@ -53,7 +53,8 @@ jobs:
             hooks/claude-code/target
             plugins/coding-agent-plugin/target
             tools/coding-agents-kit-ctl/target
-          key: ${{ runner.os }}-${{ matrix.arch }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+            tests/target
+          key: ${{ runner.os }}-${{ matrix.arch }}-cargo-${{ hashFiles('hooks/claude-code/Cargo.lock', 'plugins/coding-agent-plugin/Cargo.lock', 'tools/coding-agents-kit-ctl/Cargo.lock', 'tests/Cargo.lock') }}
           restore-keys: |
             ${{ runner.os }}-${{ matrix.arch }}-cargo-
 
@@ -74,6 +75,65 @@ jobs:
       - name: Run e2e tests
         run: make test-e2e
 
+  build-test-windows:
+    name: Build & Test (Windows ${{ matrix.arch }})
+    runs-on: ${{ matrix.runner }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - arch: x64
+            runner: windows-latest
+            vcpkg_triplet: x64-windows-static
+          - arch: arm64
+            runner: windows-11-arm
+            vcpkg_triplet: arm64-windows-static
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Install make
+        run: choco install make -y
+
+      - name: Install vcpkg curl
+        run: vcpkg install curl:${{ matrix.vcpkg_triplet }}
+
+      - name: Cache Cargo registry and build artifacts
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            hooks/claude-code/target
+            plugins/coding-agent-plugin/target
+            tools/coding-agents-kit-ctl/target
+            tests/target
+          key: ${{ runner.os }}-${{ matrix.arch }}-cargo-${{ hashFiles('hooks/claude-code/Cargo.lock', 'plugins/coding-agent-plugin/Cargo.lock', 'tools/coding-agents-kit-ctl/Cargo.lock', 'tests/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-${{ matrix.arch }}-cargo-
+
+      - name: Cache Falco build
+        uses: actions/cache@v4
+        with:
+          path: |
+            build/falco-*-windows-*
+            build/falco-src-*
+          key: falco-windows-${{ matrix.arch }}-${{ hashFiles('installers/windows/build-falco.ps1', 'installers/windows/falco-windows-*.patch') }}
+
+      - name: Build
+        run: make build
+
+      - name: Build Falco from source
+        run: make falco-windows-${{ matrix.arch }}
+
+      - name: Run interceptor tests
+        run: make test-interceptor
+
+      - name: Run e2e tests
+        run: make test-e2e
+
   build-test-macos:
     name: Build & Test (macOS ${{ matrix.arch }})
     runs-on: ${{ matrix.runner }}
@@ -103,7 +163,8 @@ jobs:
             hooks/claude-code/target
             plugins/coding-agent-plugin/target
             tools/coding-agents-kit-ctl/target
-          key: ${{ runner.os }}-${{ matrix.arch }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+            tests/target
+          key: ${{ runner.os }}-${{ matrix.arch }}-cargo-${{ hashFiles('hooks/claude-code/Cargo.lock', 'plugins/coding-agent-plugin/Cargo.lock', 'tools/coding-agents-kit-ctl/Cargo.lock', 'tests/Cargo.lock') }}
           restore-keys: |
             ${{ runner.os }}-${{ matrix.arch }}-cargo-
 

CLAUDE.md

@@ -6,7 +6,7 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
 
 **coding-agents-kit** is a runtime security layer for AI coding agents. It intercepts tool calls (shell commands, file writes, web requests, etc.) before execution, evaluates them against Falco security rules, and enforces allow/deny/ask verdicts in real time. It operates entirely in user space with no elevated privileges.
 
-The initial version targets **Claude Code** on **Linux and macOS**. The architecture is designed to accommodate other coding agents (e.g., Codex) in the future.
+The project targets **Claude Code** on **Linux, macOS, and Windows**. The architecture is designed to accommodate other coding agents (e.g., Codex) in the future.
 
 ## Architecture
 
@@ -37,7 +37,7 @@ The initial version targets **Claude Code** on **Linux and macOS**. The architec
 | **Interceptor** | `hooks/claude-code/` | Rust | Thin passthrough: reads hook JSON from stdin, wraps in envelope, sends to broker, maps verdict to stdout. No content interpretation. |
 | **Plugin** | `plugins/` | Rust (falco_plugin SDK) | Falco source+extract plugin with embedded broker. Parses events, extracts fields, feeds Falco, receives alerts, resolves verdicts. |
 | **Rules** | `rules/` | YAML (Falco rule language) | Vendor and local security policies. |
-| **Installer** | `installers/linux/`, `installers/macos/` | Shell | Platform-specific packaging, installation, hook registration, mode switching. |
+| **Installer** | `installers/linux/`, `installers/macos/`, `installers/windows/` | Shell/PowerShell | Platform-specific packaging, installation, hook registration, mode switching. |
 | **Skills** | `skills/` | Claude Code skill format | Coding agent skills for rule authoring, status, etc. |
 | **Tests** | `tests/` | TBD | Integration and E2E tests. |
 
@@ -283,7 +283,7 @@ The macOS implementation includes `is_service_loaded()` for idempotent start/sto
 
 - **Falco 0.43** — rule engine, running in `nodriver` mode (no kernel instrumentation)
 - **Rust** — interceptor and plugin (using `falco_plugin` crate v0.5.0)
-- **Platforms** — Linux (official Falco builds), macOS (Falco built from source with http_output patch)
+- **Platforms** — Linux (official Falco builds), macOS (Falco built from source with http_output patch), Windows (Falco built from source with http_output patch, system curl via vcpkg)
 
 ## Build & Development
 
@@ -301,12 +301,14 @@ Requires latest stable Rust (the falco_plugin SDK tracks latest stable as MSRV).
 ### Tests
 
 ```bash
-make test                   # Run all tests
+make test                   # Run all tests (Linux/macOS)
 make test-interceptor       # Interceptor unit tests (mock broker, no Falco needed)
 make test-e2e               # E2E tests (requires Falco in PATH, plugin, and interceptor built)
+make test-interceptor-windows  # Interceptor unit tests on Windows
+make test-e2e-windows          # E2E tests on Windows
 ```
 
-On Linux, use `make download-falco-linux` to download pre-built Falco binaries and `make falco-linux-bin-dir` to get the binary path. On macOS, use `make falco-macos` to build from source.
+On Linux, use `make download-falco-linux` to download pre-built Falco binaries and `make falco-linux-bin-dir` to get the binary path. On macOS, use `make falco-macos` to build from source. On Windows, use `make falco-windows` to build from source (requires vcpkg + MSVC).
 
 ### Packaging
 
@@ -320,6 +322,11 @@ make macos-aarch64          # Apple Silicon
 make macos-x86_64           # Intel (must run on Intel Mac)
 make macos-universal        # Fat binary (requires Rosetta + x86_64 Homebrew)
 make falco-macos            # Build only Falco (convenience target)
+
+# Windows (builds Falco from source, requires vcpkg + MSVC + WiX)
+make windows-x64            # x64 MSI package
+make windows-arm64          # arm64 MSI package
+make falco-windows          # Build only Falco (convenience target)
 ```
 
 ### Environment Variables

Makefile

@@ -5,9 +5,11 @@ ARCH := $(shell uname -m)
 .PHONY: all build build-interceptor build-plugin build-ctl \
 	download-falco-linux falco-linux-bin-dir \
 	falco-macos falco-macos-bin-dir \
+	falco-windows falco-windows-x64 falco-windows-arm64 \
 	test test-interceptor test-e2e \
 	linux linux-x86_64 linux-aarch64 \
 	macos macos-aarch64 macos-x86_64 macos-universal \
+	windows windows-x64 windows-arm64 \
 	clean help
 
 all: linux
@@ -44,13 +46,13 @@ falco-linux-bin-dir:
 ## Run all tests
 test: test-interceptor test-e2e
 
-## Run interceptor unit tests
-test-interceptor:
-	bash tests/test_interceptor.sh
+## Run interceptor unit tests (Rust, cross-platform)
+test-interceptor: build-interceptor
+	cd tests && cargo test --test interceptor -- --nocapture
 
-## Run end-to-end tests (requires Falco in PATH)
-test-e2e:
-	bash tests/test_e2e.sh
+## Run end-to-end tests (Rust, cross-platform, requires Falco built)
+test-e2e: build
+	cd tests && cargo test --test e2e --test e2e_monitor -- --nocapture
 
 ## Build Linux packages for all architectures
 linux: linux-x86_64 linux-aarch64
@@ -86,12 +88,35 @@ falco-macos:
 falco-macos-bin-dir:
 	@echo "build/falco-$(FALCO_VERSION)-darwin-$(subst arm64,aarch64,$(ARCH))"
 
+## Build Windows packages (must run on Windows)
+windows: windows-x64
+
+## Build Windows x64 MSI package
+windows-x64:
+	powershell -NoProfile -ExecutionPolicy Bypass -File installers/windows/package.ps1 -Arch x64
+
+## Build Windows arm64 MSI package
+windows-arm64:
+	powershell -NoProfile -ExecutionPolicy Bypass -File installers/windows/package.ps1 -Arch arm64
+
+## Build Falco from source for Windows (default: x64; requires vcpkg + MSVC)
+falco-windows: falco-windows-x64
+
+## Build Falco from source for Windows x64
+falco-windows-x64:
+	powershell -NoProfile -ExecutionPolicy Bypass -File installers/windows/build-falco.ps1 -Arch x64
+
+## Build Falco from source for Windows arm64
+falco-windows-arm64:
+	powershell -NoProfile -ExecutionPolicy Bypass -File installers/windows/build-falco.ps1 -Arch arm64
+
 ## Remove build artifacts
 clean:
 	rm -rf build/
 	-cd hooks/claude-code && cargo clean
 	-cd plugins/coding-agent-plugin && cargo clean
 	-cd tools/coding-agents-kit-ctl && cargo clean
+	-cd tests && cargo clean
 
 ## Show available targets
 help:
@@ -107,12 +132,16 @@ help:
 	@echo "  test               Run all tests"
 	@echo "  test-interceptor   Run interceptor unit tests"
 	@echo "  test-e2e           Run end-to-end tests (requires Falco in PATH)"
+	@echo "  (tests are cross-platform — same targets work on all platforms)"
 	@echo ""
 	@echo "Falco:"
 	@echo "  download-falco-linux  Download pre-built Falco binary (Linux only)"
 	@echo "  falco-linux-bin-dir   Print path to downloaded Falco binary directory"
 	@echo "  falco-macos           Build Falco from source (macOS only)"
 	@echo "  falco-macos-bin-dir   Print path to built Falco binary directory"
+	@echo "  falco-windows         Build Falco from source for Windows (default: x64)"
+	@echo "  falco-windows-x64    Build Falco from source for Windows x64"
+	@echo "  falco-windows-arm64  Build Falco from source for Windows arm64"
 	@echo ""
 	@echo "Package:"
 	@echo "  linux              Build Linux packages for all architectures (default)"
@@ -122,6 +151,9 @@ help:
 	@echo "  macos-aarch64      Build macOS Apple Silicon package"
 	@echo "  macos-x86_64       Build macOS Intel package (must run on Intel Mac)"
 	@echo "  macos-universal    Build macOS universal binary (requires Rosetta + x86_64 Homebrew)"
+	@echo "  windows            Build Windows x64 MSI package (default)"
+	@echo "  windows-x64        Build Windows x64 MSI package"
+	@echo "  windows-arm64      Build Windows arm64 MSI package"
 	@echo ""
 	@echo "Other:"
 	@echo "  clean              Remove all build artifacts"

README.md

@@ -4,7 +4,7 @@
 [![Sandbox](https://img.shields.io/badge/status-sandbox-red?style=for-the-badge)](https://github.com/falcosecurity/evolution/blob/main/REPOSITORIES.md#sandbox)
 
 [![License](https://img.shields.io/github/license/leogr/coding-agents-kit?style=flat-square)](LICENSE)
-![Platforms](https://img.shields.io/badge/platforms-linux%20%7C%20macOS-blue?style=flat-square)
+![Platforms](https://img.shields.io/badge/platforms-linux%20%7C%20macOS%20%7C%20Windows-blue?style=flat-square)
 ![Architectures](https://img.shields.io/badge/arch-x86__64%20%7C%20aarch64-blueviolet?style=flat-square)
 
 > **Experimental Preview** — This project is under active development and released as an early preview. Interfaces and behavior may change between releases. We welcome your [feedback](#feedback) to help shape its future.
@@ -74,6 +74,19 @@ bash install.sh
 
 The installer copies all components to `~/.coding-agents-kit/`, starts a systemd user service, and registers the hook automatically.
 
+### Windows
+
+Download the `.msi` installer from the [latest release](https://github.com/leogr/coding-agents-kit/releases/latest) and run:
+
+```powershell
+powershell -File Install-CodingAgentsKit.ps1
+```
+
+The installer deploys all components to `%LOCALAPPDATA%\coding-agents-kit\`, registers the Claude Code hook, and sets up auto-start on login.
+
+> [!NOTE]
+> x86_64 builds work on both x86_64 and ARM64 Windows (via emulation). See [`installers/windows/`](installers/windows/) for build prerequisites and details.
+
 ### Verify
 
 ```bash
@@ -184,10 +197,10 @@ The skill guides Claude through writing the rule, placing it in the right direct
 |-------|----------|--------|
 | [Claude Code](https://docs.anthropic.com/en/docs/claude-code) | Linux (x86_64, aarch64) | Supported |
 | [Claude Code](https://docs.anthropic.com/en/docs/claude-code) | macOS (Apple Silicon, Intel) | Supported |
+| [Claude Code](https://docs.anthropic.com/en/docs/claude-code) | Windows (x86_64, ARM64) | Supported |
 | [Codex](https://openai.com/index/codex/) | Linux, macOS | Planned |
-| — | Windows | Planned |
 
-We are actively working on expanding agent and platform support. [Codex](https://openai.com/index/codex/) integration and Windows support are next on the roadmap.
+We are actively working on expanding agent and platform support. [Codex](https://openai.com/index/codex/) integration is next on the roadmap.
 
 ## Building from Source
 
@@ -233,6 +246,23 @@ See [`installers/macos/`](installers/macos/) for details.
 
 </details>
 
+<details>
+<summary><strong>Windows</strong></summary>
+
+Requires: Rust (latest stable), Visual Studio 2022+ with C++ workload, CMake 3.24+, vcpkg with curl, .NET Runtime 8+, WiX Toolset v4.
+
+```powershell
+powershell -File installers\windows\package.ps1 -Version 0.1.0
+```
+
+Output: `build/out/coding-agents-kit-0.1.0-windows-x64.msi`
+
+> Falco is built from source on the first run (~10 min). Subsequent builds use the cached binary.
+
+See [`installers/windows/`](installers/windows/) for detailed prerequisites and build options.
+
+</details>
+
 <details>
 <summary><strong>Individual Components</strong></summary>