Which component(s) does this affect?
Problem Statement
Lite is a WPF GUI app whose collectors only run inside the GUI (CollectionBackgroundService is started from MainWindow.Loaded; Program.Main always calls app.Run()). Unattended collection therefore requires a dedicated user with autologon and a persistent interactive desktop session — a security/compliance concern. There's no way to run Lite collection under a service identity, including a gMSA with auto-rotating credentials. Full edition's headless option (SQL Agent jobs) requires deploying objects into each monitored instance, which is exactly what Lite's agentless model avoids.
Proposed Solution
- Extract the collection core (CollectionBackgroundService, RemoteCollectorService, DuckDbInitializer, ServerManager, ScheduleManager, archival/retention) into a shared library + a new headless host (.NET Worker) registered as a Windows Service via UseWindowsService(), runnable under LocalSystem / a service account / a gMSA.
- Keep the WPF app as a viewer: remove its in-process collector startup; have it read the store. Resolve the DuckDB single-writer constraint by opening read-only (custom connection factory + WAL reader isolation) or by querying the service's MCP/localhost endpoint.
- Ship as an optional service package so the current single-process Lite stays supported (backward compatible).
Use Case
Acceptance criteria: service installs and runs under LocalSystem and a gMSA, starts at boot with no logon, survives reboot; reads servers.json + Credential Manager under the service identity (ACLs verified); the viewer renders dashboards against a store the service is actively writing, with no corruption; schedule/retention edits are honored by the service; existing desktop mode unchanged.
Alternatives Considered
Currently, my setup is:
- dedicated account running Lite
- additional settings for surviving restart and auto-start
- additional settings (ssh) to expose the MCP server to remote users
- if more then one dev wants to see the dashboard, a team call can be made as only one can log into the dedicated account
Additional Context
Change size: Medium — new host project + refactor to a shared collection assembly; the hard parts are cross-process DuckDB access and credential/ACL access under a service account, both needing careful testing.
Note for reviewers: Full edition already offers headless collection via SQL Agent with a read-only Dashboard; weigh pointing service-account users there vs. investing in a Lite service mode (the latter preserves Lite's agentless advantage).
Which component(s) does this affect?
Problem Statement
Lite is a WPF GUI app whose collectors only run inside the GUI (CollectionBackgroundService is started from MainWindow.Loaded; Program.Main always calls app.Run()). Unattended collection therefore requires a dedicated user with autologon and a persistent interactive desktop session — a security/compliance concern. There's no way to run Lite collection under a service identity, including a gMSA with auto-rotating credentials. Full edition's headless option (SQL Agent jobs) requires deploying objects into each monitored instance, which is exactly what Lite's agentless model avoids.
Proposed Solution
Use Case
Acceptance criteria: service installs and runs under LocalSystem and a gMSA, starts at boot with no logon, survives reboot; reads servers.json + Credential Manager under the service identity (ACLs verified); the viewer renders dashboards against a store the service is actively writing, with no corruption; schedule/retention edits are honored by the service; existing desktop mode unchanged.
Alternatives Considered
Currently, my setup is:
Additional Context
Change size: Medium — new host project + refactor to a shared collection assembly; the hard parts are cross-process DuckDB access and credential/ACL access under a service account, both needing careful testing.
Note for reviewers: Full edition already offers headless collection via SQL Agent with a read-only Dashboard; weigh pointing service-account users there vs. investing in a Lite service mode (the latter preserves Lite's agentless advantage).