Use encoded PowerShell commands for Windows inventory

apps/desktop/src-tauri/src/agent.rs

@@ -676,6 +676,8 @@ fn collect_linux_extended() -> serde_json::Value {
 
 #[cfg(target_os = "windows")]
 fn collect_windows_extended() -> serde_json::Value {
+    use base64::engine::general_purpose::STANDARD;
+    use base64::Engine as _;
     use std::os::windows::process::CommandExt;
     use std::process::Command;
     const CREATE_NO_WINDOW: u32 = 0x08000000;
@@ -721,19 +723,29 @@ fn collect_windows_extended() -> serde_json::Value {
         serde_json::from_str(trimmed).ok()
     }
 
+    fn encode_ps_script(script: &str) -> String {
+        let mut bytes = Vec::with_capacity(script.len() * 2);
+        for unit in script.encode_utf16() {
+            bytes.extend_from_slice(&unit.to_le_bytes());
+        }
+        STANDARD.encode(bytes)
+    }
+
     fn ps(cmd: &str) -> Option<serde_json::Value> {
-        let ps_cmd = format!(
-            "$ErrorActionPreference='SilentlyContinue'; {} | ConvertTo-Json -Depth 4 -Compress",
+        let script = format!(
+            "$ErrorActionPreference='SilentlyContinue';$ProgressPreference='SilentlyContinue';$result = ({});if ($null -eq $result) {{ return }};$json = $result | ConvertTo-Json -Depth 4 -Compress;if ([string]::IsNullOrWhiteSpace($json)) {{ return }};[Console]::OutputEncoding = [System.Text.Encoding]::UTF8;$json;",
             cmd
         );
+        let encoded = encode_ps_script(&script);
         let out = Command::new("powershell")
             .creation_flags(CREATE_NO_WINDOW)
             .arg("-NoProfile")
-            .arg("-WindowStyle")
-            .arg("Hidden")
             .arg("-NoLogo")
-            .arg("-Command")
-            .arg(ps_cmd)
+            .arg("-NonInteractive")
+            .arg("-ExecutionPolicy")
+            .arg("Bypass")
+            .arg("-EncodedCommand")
+            .arg(encoded)
             .output()
             .ok()?;
         if out.stdout.is_empty() {