{"slug": "disbatch-turn-a-powershell-batch-script-into-a-gui-with-a-risk-analyzer", "title": "Disbatch – turn a PowerShell/batch script into a GUI, with a risk analyzer", "summary": "Disbatch, a new Windows tool, converts PowerShell and batch scripts into graphical user interfaces with a built-in risk analyzer. The self-contained executable generates controls from script parameters, analyzes scripts for risky behavior, and runs them in an embedded terminal. The tool, built quickly with AI assistance, is released as a personal project with caution advised due to lack of hardening and extensive testing.", "body_md": "**Give your scripts an instant GUI.** Point Disbatch at a `.ps1`\n\n(or `.bat`\n\n/`.cmd`\n\n)\nand it reads the script's parameters, generates the matching controls — folder\npickers, checkboxes, dropdowns, number and text fields — statically analyses the\nscript for risky behaviour, and runs it inside a live embedded terminal with a\nprogress bar. One self-contained Windows `.exe`\n\n, **100% offline**, no runtime to\ninstall.\n\n⚠️ \"Vibecoded\" — use with caution.Disbatch was built quickly and iteratively (largely with an AI coding assistant) as a personal project. It works, but it hasnotbeen hardened, audited, or extensively tested. Run it at your own risk — especially when pointing it at scripts you don't fully trust. The built-in risk analyzer is a heuristic aid,nota security guarantee.\n\n**Open a script → get a GUI.** Every control is generated from the script's\n`param()`\n\nblock; the live command preview shows exactly what will run.\n\n**Built-in risk analysis.** Risky lines are tinted inline, and the panel lists\nevery finding (Warning / Caution) with its line — click one to jump to it.\n*(Heuristic, not antivirus.)*\n\n**Risk-gated Run.** When the analyzer flags Warning-level patterns, Run stays\ndisabled until you tick the acknowledgment — and required fields must be filled\nfirst. *(Heuristic, not antivirus.)*\n\n**The mapper.** Fix what auto-detection missed — change a control's type/label,\nmark it required, edit dropdown options, add custom controls, and bind each to\nthe exact `$variable`\n\n/ `%N`\n\ntoken in the script.\n\n**Batch files too.** A `.bat`\n\n's `%1`\n\n/ `%2`\n\nare detected as ordered arguments.\n\n**Pick-to-bind.** Adding or fixing a control? Click the exact `$variable`\n\n(or a\n`%N`\n\nin a batch file) it should drive — the green chips mark every bindable\ntoken, so there's no guessing.\n\n**Read-only preview + analysis** — the Script tab pairs a soft-wrapping preview\nwith the findings panel (this demo is clean: 0 findings).\n\n**A real embedded terminal** (the same ConPTY mechanism Windows Terminal uses)\nis live from launch, with Pause / Stop / Clear and a progress bar.\n\n**Auto-generated UI**— a PowerShell`param()`\n\nblock (read by PowerShell's own AST parser — parsed, never executed) or a`.bat`\n\n's`%1`\n\n/`%2`\n\npositional args becomes a form, no config required.**Two tabs****Script**— read-only, soft-wrapping preview with risky lines tinted inline and a risk-analysis panel + metrics. Click a finding to jump to its line.**Controls**— the generated form, a live command preview (with** Copy**), and Run.\n\n**Embedded ConPTY terminal**— a real, interactive PowerShell terminal (the same pseudo-console mechanism Windows Terminal uses), rendered inside the app. Run sends the composed command into it; you can also type in it directly.**Pause / Resume** freezes the running script exactly where it is (OS-level thread suspend) and continues from that point;**Stop** sends Ctrl+C;**Clear** wipes the screen.\n\n**Risk analyzer**— flags risky capabilities (download-and-run, encoded commands, keyboard hooks, persistence, shadow-copy deletion, …) at two levels:**Warning**(gates the Run button until you acknowledge) and** Caution**(FYI). Click a chip to filter.*Heuristic, not antivirus*— expect false positives and false negatives.**Mapper**— fix what auto-detection missed: change a control's type/label, mark it required, add custom controls, and** pick-to-bind**by clicking the exact`$variable`\n\n/`%N`\n\n/`set VAR`\n\n/`$env:VAR`\n\ntoken in the script. Fill dropdown options by hand.**Hints & remembered values**— per-script notes and your last-used input values are saved to a`<script>.disbatch.json`\n\nsidecar next to the script.**Progress bar**— driven by an opt-in`@progress`\n\n/`@status`\n\nprotocol.**Drag-and-drop** a script onto the window to open it.**Dark, offline, single exe**— no telemetry, no network calls, nothing to install. (It does write one local file: the per-script`.disbatch.json`\n\nsidecar described below.)\n\nA `.ps1`\n\n's `param()`\n\nblock is read with **PowerShell's own parser** (the same AST\nPSScriptAnalyzer uses): Disbatch *parses* the script — it never runs it — and stays\noffline (a local PowerShell call, no network). A built-in regex parser is the\nfallback for when PowerShell can't be invoked.\n\n| PowerShell | Control |\n|---|---|\n`[switch]$Recurse` |\ncheckbox |\n`[ValidateSet(\"A\",\"B\")][string]$X` |\ndropdown |\n`[int]$Threads = 4` |\nnumber field (4) |\n`[string]$InputFolder` |\nfolder picker |\n`[string]$LogFile` / `...Path` |\nfile picker |\n`[string]$Name` |\ntext field |\n`[Parameter(Mandatory)]` |\nrequired * |\n\nBatch files expose their `%1`\n\n, `%2`\n\n, … as ordered arguments. Anything auto-detection\ngets wrong, fix in the **mapper** (✏ Edit controls on the Controls tab). Defaults\npre-fill the controls; mandatory parameters must be set before Run.\n\nPrint these from your script and Disbatch drives the bar (the lines also appear in the terminal):\n\n``` php\nWrite-Host \"@progress 42\"           # 0-100 -> progress bar\nWrite-Host \"@status Copying files\"  # -> status label\necho @progress 42\necho @status Copying files\n```\n\nSaved next to the script, holding team-shareable hints, your mapper control definitions, and remembered input values. Commit it alongside the script and whoever opens it next gets the same hints and controls.\n\n⚠️ The sidecar stores your entered values in plaintext.Disbatch willnotsave (and masks in the UI) values for parameters whose name looks sensitive —`password`\n\n,`secret`\n\n,`token`\n\n,`apikey`\n\n,`credential`\n\n, … — but that is a heuristic, not a guarantee.Review the file before committing, and add`*.disbatch.json`\n\nto your`.gitignore`\n\nif it could ever hold something you wouldn't put in version control. (A value you type also appears in the on-screen command preview and in the terminal / PowerShell history when the script runs — inherent to passing it as a command-line argument.)\n\nRequires the Rust toolchain (the repo pins the MSVC toolchain via\n`rust-toolchain.toml`\n\n).\n\n``` php\ncargo run --release      # build + launch\ncargo build --release    # -> target\\release\\disbatch.exe (single file)\n```\n\nTry `examples\\demo.ps1`\n\n(every control type), `examples\\analyzer-demo.ps1`\n\n(the risk\nanalyzer + pick-to-bind), `examples\\batch-demo.bat`\n\n(positional args), or\n`examples\\parser-clean.ps1`\n\n/ `examples\\parser-tricky.ps1`\n\n(the PowerShell-AST parser\nvs. its regex fallback), then **Run**.\n\nSeeing the parser fall back.Detection uses a local PowerShell process. If it ever misbehaves you can force the regex fallback with the environment variable`DISBATCH_NO_AST=1`\n\n— the status note then reads \"(regex fallback)\". Open`examples\\parser-tricky.ps1`\n\nwith and without it set to see the difference (a`ValidateSet`\n\ndropdown the fallback can't reproduce).\n\nDisbatch makes running scripts frictionless — which is exactly when it's easy to run\nsomething you shouldn't. The risk analyzer is a speed-bump and an informed-consent\nlayer; it is **not** a replacement for antivirus, and obfuscated code can evade it.\nRead what a script does before you run it.\n\n- Batch\n`set /p`\n\n/`set VAR=`\n\nauto-detection (today only`%N`\n\nauto-detects; env vars are reachable via the mapper's pick-to-bind). - Whole-process-tree pause (today Pause freezes the shell; child processes it spawned keep running).\n- Recent-files list and reopen-last-script.\n\n[MIT](/SlashRevet/disbatch/blob/main/LICENSE) © 2026 SlashRevet", "url": "https://wpnews.pro/news/disbatch-turn-a-powershell-batch-script-into-a-gui-with-a-risk-analyzer", "canonical_source": "https://github.com/SlashRevet/disbatch", "published_at": "2026-06-17 06:18:12+00:00", "updated_at": "2026-06-17 06:22:47.026515+00:00", "lang": "en", "topics": ["developer-tools", "ai-tools", "ai-safety"], "entities": ["Disbatch", "PowerShell", "Windows", "ConPTY"], "alternates": {"html": "https://wpnews.pro/news/disbatch-turn-a-powershell-batch-script-into-a-gui-with-a-risk-analyzer", "markdown": "https://wpnews.pro/news/disbatch-turn-a-powershell-batch-script-into-a-gui-with-a-risk-analyzer.md", "text": "https://wpnews.pro/news/disbatch-turn-a-powershell-batch-script-into-a-gui-with-a-risk-analyzer.txt", "jsonld": "https://wpnews.pro/news/disbatch-turn-a-powershell-batch-script-into-a-gui-with-a-risk-analyzer.jsonld"}}