CUIck Scan — Sensitive Data Scanner

A native Windows desktop application that recursively scans files for:

1. Sensitive data indicators: CUI / CTI / ITAR and related export-control markers.
2. DFARS-only mode: DFARS 252.204-7012, 7019, 7020, 7021 clause references.

Architecture

The UI has been rebuilt as a React SPA rendered inside a native window using WinForms + Microsoft Edge WebView2. All scanning logic is unchanged.

CUIckScan/
├── Program.cs            ← Entry point: starts API server, opens native window
├── MainForm.cs           ← Borderless WinForms window hosting WebView2
│                           (native drag, resize, min/max/close, OS dialogs)
├── ScanApiHost.cs        ← Embedded Kestrel server: REST API + SSE progress
│                           (scan control, native dialog endpoints, file ops)
├── CUIckScan.csproj      ← WinExe, WebView2 + embedded ASP.NET Core
│
├── Models/               ← Data models (unchanged from original)
├── Services/             ← Scan engine, pattern matching, state store (unchanged)
├── MockScanData/         ← Sample files for testing
│
├── ClientApp/            ← React SPA source (Vite + React)
│   ├── src/App.jsx       ← Full UI: talks to API, uses WebView2 interop
│   ├── vite.config.js    ← Dev server with API proxy
│   └── package.json
└── wwwroot/              ← Built SPA served by embedded Kestrel

How it works

1. Program.cs starts an embedded Kestrel web server on a random available port and opens a borderless WinForms window with a WebView2 control.
2. WebView2 renders the React SPA served from wwwroot/ by Kestrel.
3. The React UI communicates with the C# backend via:
   • REST API for scan operations, results, file export/copy/move.
   • Server-Sent Events (SSE) for real-time scan progress.
   • WebView2 postMessage for instant window operations (minimize, maximize, close, drag).
   • Native dialog endpoints that invoke real Windows dialogs (FolderBrowserDialog, OpenFileDialog, SaveFileDialog) on the UI thread.

Why WebView2 instead of Electron/Tauri?

• No bundled Chromium — WebView2 uses the Edge runtime already on Windows 10/11.
• No extra runtime — no Node.js (Electron) or Rust toolchain (Tauri) needed.
• Keeps the C# backend — all scanning logic stays in .NET, unchanged.
• ~5 MB overhead vs ~120 MB for Electron.
• Native OS dialogs — folder picker, file open/save use real Windows dialogs.

Features

• Native Windows desktop app with custom title bar
• Select scan root folder via native Windows folder picker
• Select scan mode (Sensitive Data vs DFARS clauses only)
• Configurable worker thread count (1–32)
• Recursive multi-threaded file scanning
• Real-time progress via SSE
• Pause / resume / cancel in-progress scans
• Persistent scan-state database (SQLite) — resume after restart
• Light / dark theme toggle (Ctrl+T)
• Filterable results list with detailed finding view
• Color-coded severity tags: CUI, CTI, ITAR, DFARS, Heuristic
• Export flagged file paths to CSV (native Save dialog)
• Copy or move flagged files (native Folder picker)
• Open / clear scan databases (native Open dialog)

Prerequisites

• Windows 10/11 (Edge WebView2 runtime pre-installed)
• .NET 8 SDK
• Node.js 18+ (for building the React frontend)

Quick Start

1. Build the React frontend

cd ClientApp
npm install
npm run build

2. Copy built files to wwwroot

# From the project root:
if (!(Test-Path wwwroot)) { mkdir wwwroot }
Copy-Item -Recurse -Force ClientApp\dist\* wwwroot\

Or on bash:

mkdir -p wwwroot && cp -r ClientApp/dist/* wwwroot/

3. Build and run

dotnet restore
dotnet run

The app will open as a native window. No browser needed.

Development Mode

For hot-reload during frontend development:

Terminal 1 — .NET backend:

dotnet run

Terminal 2 — Vite dev server:

cd ClientApp
npm install
npm run dev

During development, navigate WebView2 to http://localhost:3000 (the Vite dev server proxies API calls to Kestrel).

Build for Release

# Build React
cd ClientApp; npm install; npm run build; cd ..

# Copy to wwwroot
Copy-Item -Recurse -Force ClientApp\dist\* wwwroot\

# Publish as single file
dotnet publish -c Release -r win-x64 --self-contained -p:PublishSingleFile=true

The output in bin\Release\net8.0-windows\win-x64\publish\ is a single CUIckScan.exe with the React UI bundled.

API Reference

Method	Path	Description
GET	/api/scan/status	Current scan state + progress
GET	/api/scan/results	All flagged results with findings
GET	/api/scan/session	Check for existing saved session
GET	/api/scan/progress-stream	SSE stream for real-time progress
POST	/api/scan/start	Start new scan {rootPath, mode, threads}
POST	/api/scan/resume	Resume from saved database
POST	/api/scan/pause	Pause running scan
POST	/api/scan/unpause	Resume paused scan
POST	/api/scan/cancel	Cancel active scan
POST	/api/scan/open-db	Load results from DB {dbPath}
POST	/api/scan/clear-db	Delete current scan database
POST	/api/scan/export	Export flagged paths to CSV
POST	/api/scan/copy-files	Copy flagged files to target
POST	/api/scan/move-files	Move flagged files to target
POST	/api/dialogs/browse-folder	Open native folder picker
POST	/api/dialogs/open-file	Open native file dialog
POST	/api/dialogs/save-file	Open native save dialog