Changelog¶

LuminalShine release notes are mirrored from github.com/NortheBridge/luminalshine/releases and regenerated on every documentation build. For installer downloads, asset checksums, and the source diff for any release, follow the tag link in that release’s entry below.

Releases are listed newest first. Both GA and pre-release versions appear — pre-releases are tagged accordingly in each entry’s metadata line.

26.05.0-rc4¶

Tag: 26.05.0-rc4 · Released: 2026-05-26 · Pre-release

LuminalShine 26.05.0 Release Candidate 4 (RC4)¶

Danger

This release ships CVE-2026-32253 / GHSA-ph75-mgxh-mv57 (Critical, CVSS 9.8) — an upstream cert-chain authentication bypass that allowed network-reachable attackers to impersonate paired Moonlight clients and reach /launch with input injection on a SYSTEM-level service. All LuminalShine hosts should upgrade immediately. See the Security section below for details. We have posted seperate Security Advisory as GHSA-8gq2-8vfv-fqx7

Danger

This release ships GHSA-52q6-5x97-2747 (Moderate, CVSS 6.3) — The protection is incidental, not enforced. There is no <util:PermissionEx> in packaging/windows/wix/custom_actions.wxs, no SetNamedSecurityInfo call anywhere, and the code in src/config.cpp / src/file_handler.cpp creates the file with no security descriptor. Off-default conditions break it: OEM gold images with loosened ProgramData DACLs, plugins running as non-SYSTEM that pre-create the directory, manual user copies into ProgramData, etc. If write access ever exists, src/process.cpp reads cmd/elevated:true with no integrity check and src/platform/windows/misc.cpp launches via CreateProcessAsUserW with the linked admin token → non-admin → Administrator EoP. All LuminalShine hosts should upgrade immediately. See the Security section below for details.

Note

Existing installs migrate transparently. sunshine_credentials.json is renamed in place to luminalshine_credentials.json on first launch after upgrade, with the original archived as sunshine_credentials.json.deprecated-<UTC> for forensic recovery. Paired Moonlight clients, the Windows Credential Manager admin entry, and the apps list are unaffected.

General¶

New: Session Details panel + Session History card. The Dashboard now records every streaming session you run. A new LuminalShineSessionMonitor Windows service captures per-session metadata (client, codec, resolution, FPS, bitrate, HDR / YUV4:4:4 flags) along with 1Hz host CPU + RAM samples, persists them under %ProgramData%\LuminalShine\sessions\, and serves them back to the Web UI. The Session History card on the Dashboard lists every recorded session (active sessions float to the top with a LIVE pulse; ended sessions follow in reverse chronological order). Clicking a row opens a right-edge slide-out drawer with live uPlot charts grouped under three tabs — Stream / Connection / Host — plus Disconnect, Export JSON, and Delete actions. The monitor service is independent from the streaming hot path: it runs in its own process with SYSTEM-only named-pipe ingest, a kernel-assigned ephemeral localhost port, and a fire-and-forget producer that can never block encoding or stream delivery.
New: Per-session recording opt-out (Settings → Capture → session_monitor, default on). When off, the producer is muted but the sidecar service stays running, so toggling the setting back on resumes recording immediately.
New: “Clear Session History” gesture on the Troubleshooting page. Wipes the on-disk archive while leaving the sidecar’s in-memory ring buffer intact (so the Web UI repopulates from live state). The MSI uninstall now removes the session archive by default; opt-out via msiexec /x ... KEEPSESSIONDATA=1 for migration scenarios.
TypeScript toolchain bump to TypeScript 6.0.3 and vue-tsc 3.3.1. No user-visible behavior change.
README badges: release version, commits-since-release, GitHub downloads, code size, stars, license, and CI status are now surfaced at the top of the project README for repo navigation.

Windows 11 General Availability¶

No GA-channel-specific items this release. GA hosts pick up everything in Security and Hotfixes below.

Windows 11 Insider Preview¶

No Insider-Preview-specific items this release. Insider Preview Canary / Dev hosts pick up everything in Security and Hotfixes below.

Security¶

CVE-2026-32253 / GHSA-ph75-mgxh-mv57 (Critical, CVSS 9.8) — fixed. Closes the upstream Sunshine cert-chain authentication bypass that let a network-reachable attacker present a self-signed leaf chained to a self-generated CA and be accepted as a paired Moonlight client. From there, the attacker could call /launch or /resume and stream — with input injection — under the SYSTEM service identity. Two layered changes ship:
- Removed the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY fast-path in openssl_verify_cb, mirroring upstream Sunshine v2026.516.143833.
- Added a leaf-signature pin in the Moonlight HTTPS verify lambda: after the OpenSSL chain verifier accepts a peer, its leaf signature must also exactly match an entry in client_root.named_devices. Defense-in-depth — any future regression in the verify callback cannot grant access to an unpaired peer.
- Regression coverage added in tests/unit/test_cert_chain.cpp.
ProgramData config-directory hardening. The files under %ProgramData%\LuminalShine\config\ (apps.json, sunshine.conf, the paired-clients store, the credentials file) include paths and command lines that the SYSTEM service trusts at CreateProcessAsUserW time. Default Windows ACL inheritance happens to keep Users non-writable on a vanilla install, but the protection was incidental rather than enforced. Layered defense now ships:
- PROTECTED DACL (SYSTEM and Administrators Full, Users Read+Execute) and a System mandatory integrity label are applied at every service start via SetNamedSecurityInfoW. Self-repairing — incorrect ACLs from OEM gold images, prior tooling, or BIOS-image deployments are corrected on the next service start.
- HMAC-SHA256 tamper detection on apps.json with a sidecar .sig file. The HMAC key is sealed via the TPM 2.0 (Microsoft Platform Crypto Provider KSP) when available, and falls back to DPAPI-LocalMachine otherwise. The active backend (tpm / dpapi-lm / unavailable) is logged once at startup. On HMAC mismatch the suspect file is renamed to <file>.tamper-<UTC> and the service seeds defaults rather than load attacker-supplied content.
- sunshine_credentials.json → luminalshine_credentials.json (flag-day rename) with one-shot in-place migration so existing installs never lose admin credentials. The original is archived as .deprecated-<UTC>.
- Per the threat-model review: no install-time TPM gate. DPAPI-LocalMachine fallback covers TPM-less hosts (BIOS-disabled TPM, vTPM-less VMs, Insider Preview registry-bypass installs) without weakening the security ceiling for the same-machine-tamper threat model.

Hotfixes¶

No Hotfixes-specific items this release. Insider Preview Canary / Dev hosts pick up everything above.

Automated release for 26.05.0-rc4.

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.05.0-rc3.hfx4…26.05.0-rc4

26.05.0-rc3.hfx4¶

Tag: 26.05.0-rc3.hfx4 · Released: 2026-05-24 · Pre-release

LuminalShine 26.05.0 Update Release Candidate 3 Hotfix 4¶

Important

LuminalShine 26.05.0 RC3 is a substantial release to prepare for Authenticode. Please be aware that there are changes such as installing to %ProgramFiles%\NortheBridge\LuminalShine and %ProgramData%\LuminalShine\.

Danger

Changes in this release may break LuminalShine if it doesn’t migrate properly. Re-run the installer if this happens in order to resolve the issue. If your issue isn’t resolved, submit an issue for further guidance.

Tip

LuminalShine Credentials, which are stored in the Windows Credential Manager via use of the TPM 2.0, seamlessly transition to the Authenticode version of LuminalShine. If you encounter a lockout from the Admin Interface, run "C:\Program Files\NortheBridge\LuminalShine" --reset-admin-credentials to reset the Admin Credentials to “First Run” state. You will not lose any device pairings or settings.

General¶

The platform layer now exposes a dedicated log_dir() accessor parallel to appdata(). Today it forwards to the existing data directory on Linux and macOS, and resolves to a separate logs subtree on Windows. Cross-platform callers route through a single API so any future log-location change on other platforms is a one-line implementation flip.

Windows 11 General Availability¶

Install location moved to C:\Program Files\NortheBridge\LuminalShine\. Previous installs at C:\Program Files\Sunshine\ are migrated transparently by MSI MajorUpgrade — service registration, firewall rules, Start Menu shortcuts, the Reconfigure shortcut, and the registry DisplayIcon all retarget without manual intervention. The NortheBridge\ parent directory is removed on uninstall if no other NortheBridge product owns it.
Upgrade dialog now defaults to the new install path. A previously installed copy at C:\Program Files\Sunshine\ (or any other path containing \Sunshine\) is automatically relocated to C:\Program Files\NortheBridge\LuminalShine\ on upgrade. Both the interactive BrowseDlg suggestion and silent msiexec /quiet installs honor the new path, so the new binaries land at the new location without manual intervention. Custom install paths that do not contain \Sunshine\ are preserved as user choices.
Pinned taskbar, desktop, and user-Start-Menu shortcuts are repointed during upgrade. A new Repoint-LegacyShortcuts step in the installer walks every user profile on the machine and rewrites any .lnk whose target path or filename referenced the prior install. Rewrites are best-effort and never block the upgrade.
Logs split into %ProgramData%\LuminalShine\logs\ (sibling of the existing config\ directory). Existing *.log and rollover *.log.N / *.bak files migrate in place on first launch after upgrade. The in-app log viewer, log-export endpoint, and helper-log enumeration all follow the new root automatically.
Executables renamed for brand consistency and to namespace generic tool names out of collisions with anything else on a user’s PATH:
- sunshine.exe → luminalshine.exe
- sunshinesvc.exe → luminalshinesvc.exe
- sunshine_display_helper.exe → luminalshine_display_helper.exe
- sunshine_wgc_capture.exe → luminalshine_wgc_capture.exe
- dxgi-info.exe → luminalshine-dxgi-info.exe
- audio-info.exe → luminalshine-audio-info.exe
- playnite-launcher.exe → luminalshine-playnite-launcher.exe
Windows service renamed from SunshineService to LuminalShineService. Autostart, service account, and ServiceInstall metadata are preserved across the rename; the prior sunshinesvc and SunshineService registrations are cleaned up automatically during upgrade.
TPM-sealed admin credentials and paired-client list are unaffected by the rename. The Windows Credential Manager entry (LuminalShine/AdminCredentials) and the TPM-bound key (LuminalShineAdminCredentialsKey) were already brand-neutral; the ResetAdminCredentials action remains gated on NOT UPGRADINGPRODUCTCODE so the MajorUpgrade sequence never wipes the vault.
New Start Menu shortcut: “Reset LuminalShine Admin Password”. If the saved Web UI admin login ever ends up in an unauthenticable state, you can recover with one click: launch the shortcut, confirm the prompt, and your next visit to https://localhost:47990 will show a fresh first-time setup screen. Paired Moonlight clients, the apps list, and all other settings are preserved — only the admin login is reset.
Service self-heal on unreadable admin credential. If the stored admin credential is ever found in a broken state (empty WCM blob, unparseable JSON, missing required fields), the service now logs a warning, erases the bad entry, and presents first-time setup on next browser visit instead of presenting an un-authenticable login form. TPM unseal failures are not auto-erased — those can be transient, and the new Reset Admin Password shortcut handles that case explicitly.
Named system objects renamed so a LuminalShine install coexists cleanly on a host that also has an upstream Sunshine-family product running:
- Single-instance mutexes → Global\LuminalShineDisplayHelper / Local\LuminalShineDisplayHelper
- Display-helper IPC pipe → luminalshine_display_helper
- Display-event window class → LuminalShineDisplayEventWindow
- NVAPI per-app profile → LuminalShineStream (keyed on luminalshine.exe)
- Scheduled task author / trigger ID → LuminalShine Display Helper / LuminalShineDisplayHelperLogonTrigger
Display-helper IPC pipe name is now a single shared constant in display_settings_client.h, eliminating the prior risk of client and server drifting apart when the literal was spelled independently on each side.
Crash-dump bundle generation recognises both the new luminalshine_* filenames and the legacy sunshine_* filenames, so a bundle assembled immediately after upgrade still includes any pre-migration .dmp files that Windows hasn’t aged out yet. The diagnostic log-collection helper now probes both the new NortheBridge\LuminalShine\config\logs\ install location and the legacy Sunshine\config\logs\ for older logs you may want to attach to a bug report.
Log export and helper-log lookup walk both the new LuminalShine\ and legacy Sunshine\ per-user appdata subdirectories. Logs from helpers that ran before the rename remain discoverable.
Display-helper process cleanup matches both new and legacy helper executable names. A stale pre-upgrade helper is terminated reliably before the new helper takes its single-instance mutex.
Service launch path hardened. luminalshinesvc.exe now resolves the main host binary via an absolute path derived from its own module location, instead of relying on the SCM’s current-working-directory inheritance. This removes an occasional silent launch failure observed on hosts where the service’s effective CWD was not the install root.
MSI process-kill list now covers both new and legacy executable names. Upgrades from a prior install and reinstalls on a host already running the new binaries both kill the right processes before file replacement, so neither path leaves files mapped through reboot.
NVIDIA per-app driver profile is created/updated automatically on first launch as LuminalShineStream keyed on luminalshine.exe, carrying the same GPU power-mode behaviour as before. A pre-existing SunshineStream profile from a prior install becomes a cosmetic entry in NVIDIA Control Panel that no longer matches any running process and can be removed manually if desired.

Windows 11 Insider Preview¶

No Insider-specific changes in this release. The general-availability migration applies identically on Insider Preview hosts, and the upgrade-time process-kill / display-helper-cleanup hardening above incidentally addresses several edge cases that surfaced most often on Insider builds.

Hotfixes¶

MSI upgrade dialog defaulted to the legacy C:\Program Files\Sunshine\ path instead of the new NortheBridge\LuminalShine\ location. Root cause: WIXUI_INSTALLDIR makes Windows Installer persist the prior install’s ARPINSTALLLOCATION across upgrades and AppSearch re-seeds INSTALL_ROOT from it, overriding CMake’s new Directory-table default. Without an explicit override, both interactive BrowseDlg and silent msiexec /quiet upgrades would have laid the new binaries down at the legacy path — new brand, legacy location. Fixed with a Type-51 SetProperty that fires after AppSearch and only when INSTALL_ROOT still contains \Sunshine\, so fresh installs and post-26.05.1 upgrades remain no-ops.
Bootstrapper UI default install path also showed the legacy C:\Program Files\Sunshine\ even on fresh installs. The bootstrapper resolved its default from a hardcoded \Sunshine constant that was missed in the rename, and pre-existing installs registered at the legacy path bled through into the BrowseDlg textbox. Now reflects the canonical NortheBridge\LuminalShine path; legacy-path detection mirrors the MSI SetProperty so the UI and the actual install behaviour converge.
Web UI returned 404s on every asset; the encoder failed to start. The service binary, when launched by the Service Control Manager, inherited C:\Windows\System32 as its working directory. Relative asset paths (assets/web/index.html, assets/shaders/directx/*.hlsl, assets/desktop.png, etc.) resolved against System32 and were not found, producing a broken login form and a Platform-init failure with HRESULT 0x80070003. The main host now anchors its working directory to the executable’s install root at startup before any relative-path lookup runs.
Bootstrapper “Browse” button silently did nothing on hosts where the modern Windows shell folder picker (IFileOpenDialog) failed to instantiate — most commonly observed under certain RDP configurations and on hosts with non-standard COM registration. The button now falls back to the classic FolderBrowserDialog if the modern picker errors out, and surfaces a diagnostic dialog if both pickers fail rather than appearing dead.
The --reset-admin-credentials CLI subcommand worked, but every shipped invocation of it didn’t. The argument dispatcher only recognises subcommands prefixed with --, but the WiX uninstall action’s ResetAdminCredentials custom action and the bundled documentation both invoked it as a bare reset-admin-credentials. As a result the manual-uninstall credential-clear path was a silent no-op in every release through 26.05.0-rc3.hfx3. Both invocations now route correctly through the dispatcher; the new Start Menu “Reset LuminalShine Admin Password” shortcut provides a discoverable in-product alternative to ever needing the CLI.

Automated release for 26.05.0-rc3.hfx4.

Contributors¶

@NorthernLights

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.05.0-rc2…26.05.0-rc3.hfx4

26.05.0-rc2¶

Tag: 26.05.0-rc2 · Released: 2026-05-20 · Pre-release

LuminalShine 26.05.0 Update Release Candidate 2¶

Danger

LuminalShine now requires the Windows Credential Store and the Trusted Platform Module (TPM 2.0).

Important

This Release Candidate is being considered for the first Stable Release. Please report any issues you encounter so we can determine if this Release Candidate will be the first Stable Release.

General¶

Argon2id KDF for admin credentials, replacing single-round SHA-256. Parameters: m=64 MiB, t=3, p=1, tuned for ~100 ms login latency. Versioned record format with transparent SHA-256 → Argon2id upgrade on the next successful login (5b3fa207).
cred_store abstraction decouples credential storage from the file backend, enabling per-platform storage drivers (a7953f5a).
Windows Credential Manager backend stores the credential blob in the per-machine vault (DPAPI-sealed under the SYSTEM master key, TPM-bound by default on Windows 11). One-shot migration from the legacy sunshine_credentials.json file, plus a “Reset Admin Credentials” card in Troubleshooting (2f61739b).
Linux libsecret + macOS Keychain backends with silent file-backend fallback on Linux when the Secret Service is unreachable (eec5d7b9).
TPM-bound credential sealing on Windows via the Microsoft Platform Crypto Provider — non-exportable RSA-2048 key wraps the AES-256-GCM credential key. Default ON; opt-out toggle in Settings → Files. An attacker who acquires the raw WCM bytes cannot decrypt them without the original TPM device (dc661c80).
MSI uninstall clears the WCM entry + TPM key by default (KEEPADMINCREDENTIALS=1 opts out). New crypto::secure_wipe helper wipes intermediate plaintext credential buffers at every load/save/verify call site. Pairings live in sunshine_state.json and are preserved across every credential reset (f29b3564).
Playnite auto-sync default flipped from ON to OFF — fresh installs no longer auto-publish a Playnite library without an explicit opt-in.
Steam Library Integration: VDF parser + Steam path discovery + multi-file app loader. The Moonlight app list now merges apps.json + steam_apps.json + nonsg_apps.json in canonical display order: Desktop → Steam → user-added apps.json entries → Steam Games → Non-Steam Games (cddb4813).
Steam library auto-sync scans every installed Steam game via appmanifest_*.acf across all Steam library folders, writes steam_apps.json, surfaces games in Moonlight under a dedicated “Steam Games” section. 30-second background polling means new installs appear automatically. Launch via steam://rungameid/<appid>. New “Steam Library” Settings tab placed above Playnite with master toggle, family-share inclusion sub-toggle, and a “Clear Steam Library Cache” Troubleshooting card. Default OFF (3942c19b).
Non-Steam shortcuts auto-sync scans every Steam user’s shortcuts.vdf (binary VDF parsing), surfaces “Add a Non-Steam Game” entries under a “Non-Steam Games” section. Independent toggle in the same Settings tab. Default OFF (ff87cfa1).
AMD AMF capability probe + /api/health/amd-encoder endpoint. Native probe of amfrt64.dll reports per-codec hardware encoder instance counts so the UI can offer codec-specific options only when the active GPU actually supports them (654b6975).
amd_split_encode config option exposed in the Settings UI with Auto / Enabled / Disabled modes — surfaces only when an AMD adapter is active (f4d963b6).
AMD dual-VCN split frame encoding wired into the AV1 and HEVC AMF paths so RDNA 3 7900-series and RDNA 4 9070-series cards encode each frame on both hardware encoder instances in parallel; single-VCN parts silently fall back to single-tile (6b25f4bb).
amd_split_encode default flipped to Auto so users on dual-VCN cards get the latency win without having to opt in (a1d396b7).
DLSS / DLSS Frame Generation / DLAA detection at session start with a soft, one-shot informational tip when 4K HDR + NVENC + AI render modules are detected in the foreground game. Tone is helpful, not a warning (6239a62b).
Log extraction enhancements for the Troubleshooting page — richer filtering and surfacing for diagnostic logs (d5c28cc5).
PowerShell 5.1 minimum / PowerShell 7 recommended is now documented in the System Requirements table, with a link to Microsoft’s official PowerShell 7 GitHub repo (2ff05a09).
Release artifact naming standardised to LuminalShine_x64-*: LuminalShine_x64-installer.exe, LuminalShine_x64-portable.zip, LuminalShine_x64-debuginfo.7z. The raw MSI is built every run but stays in the CI artifact bundle rather than being attached to the public release page (15d11f53, 9ca08ccb).

Windows 11 General Availability¶

SudoVDA recovery ladder (Phase 3 of the TDR remediation plan) — new in-place two-level recovery for SudoVDA when a GPU TDR wedges the display stack. Level 1 recycles the SudoVDA user handle (closeVDisplayDevice → initVDisplayDriver); Level 2 does a PnP disable + enable on the SudoVDA root device (root\sudomaker\sudovda), equivalent to the Device Manager right-click. Scoped to the SudoVDA HWID only; MTT VDD and other devices are never touched. New “Restart Virtual Display Driver” escape hatch added to the Troubleshooting page so users can fire Level 1 + Level 2 manually without waiting for the auto-recovery branch (84550135).

Windows 11 Insider Preview¶

WDDM reset recovery (Phase 4 of the TDR remediation plan) — new Level 3 recovery via Ctrl+Win+Shift+B for when SudoVDA Level 1 + Level 2 cannot bring the display stack back, usually because the WDDM context itself is stuck mid-TDR-recovery rather than anything wrong with SudoVDA. SYSTEM-context callers cannot SendInput into the interactive session, so the keystroke is routed through display_settings_helper, which already runs in the user session. New IPC frame type WddmReset = 9, 15-minute per-process cooldown to prevent runaway escalation, sleeps 3 seconds for Windows to settle, then recycles the SudoVDA handle so the next AddVirtualDisplay opens a fresh kernel binding against the recovered display port. The auto-recovery ladder escalates Level 1 → 2 → 3; the manual “Restart Virtual Display Driver” button still tops out at Level 2 so the user’s desktop never gets blanked without a less-disruptive remedy having been tried first (1eff52a3).
Pre-flight D3D11 health check at session start (Phase 5 of the TDR remediation plan) — detects a stuck WDDM context before the first frame is captured and triggers the recovery ladder proactively instead of failing into a black stream (1eff52a3).

Hotfixes¶

MSI installer: SudoVDA driver installation no longer silently fails on PowerShell 5.1-only hosts. The POWERSHELL_PATH MSI property defaulted to a literal [SystemFolder]\WindowsPowerShell\v1.0\powershell.exe placeholder that MSI’s one-level property formatter never recursively expanded, causing every PS-launching deferred custom action — including the SudoVDA install.ps1 post-step and installer-migrations.ps1 — to spawn a path that didn’t exist (0x80070002 ERROR_FILE_NOT_FOUND). Now resolved via two ordered SetProperty Type-51 immediate CAs that anchor PS 5.1 first, then override to PS 7 when detected. Affected installs can recover by running an MSI Repair after upgrading (87c262b1).
Settings UI: log extraction grep / awk commands fixed for improved Troubleshooting log parsing on locales that previously produced truncated output (a1386cf6).
Build: forward-declare check_content_type so the Windows test build compiles cleanly when the function is used before its definition in confighttp.cpp (f96b7e37).
Build: sunshine_t aggregate initialiser converted to C++20 designated initialisers and OSSL_KDF_NAME_ARGON2ID replaced with its canonical string literal so the credential-hardening series compiles under the MSYS2 UCRT64 / clang 16.1 / gnu++23 toolchain used by the coverage CI (c4be3a43).
Build: #include <cstdint> added to the src/steam/ TUs so the Steam Library Integration compiles on libstdc++ 16 (which does not transitively include <cstdint> via <algorithm> / <optional>). Non-WebRTC test-build -Wunused-* warnings silenced via [[maybe_unused]] (141fa1b7).

Automated release for 26.05.0-rc2.

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.05.0-rc1…26.05.0-rc2

26.05.0-rc1¶

Tag: 26.05.0-rc1 · Released: 2026-05-18 · Pre-release

LuminalShine 26.05.0 Update Release Candidate 1 (RC1)¶

Note

This is the first Release Candidate release of LuminalShine. Depending on extensive testing, this may be released as the first “Release” version.

This release lands the full GPU TDR (Timeout Detection and Recovery) remediation plan as four cooperating layers: detect the failure unambiguously, bound the session-shutdown window, recover the SudoVDA virtual display in place without ever falling back to a different driver, and warn proactively when the at-risk workload pattern is present. The driver-level interaction between sustained AV1 NVENC streaming, DLSS / DLAA / Frame Generation, and 4K HDR — which has been the dominant cause of mid-session black screens on RTX 40 / 50 series — is now addressed at every layer LuminalShine controls.

General¶

Streams no longer freeze for minutes after a GPU crash. When the encoder hits the post-TDR D3D11CreateDevice retry exhaustion, the session unwinds within ~10 seconds and the Moonlight client receives an immediate, intelligible failure instead of staring at a frozen image. Previously the recovery loop could leave the session wedged for ~2.5 minutes before the 10-second hang watchdog fired.
New “GPU / Display Stack Health” card in the Troubleshooting view. Shows the count of TDR-class events recorded since the process started, when the most recent one fired, which subsystem detected it (encoder D3D11, Desktop Duplication probe, virtual-display enumeration, or QueryDisplayConfig), and the underlying HRESULT. Refreshes on login and on demand.
Recovery-aware session gate. New streaming sessions are refused while LuminalShine is mid-recovery from a TDR, so reconnects don’t pile up against a stuck display stack. The client sees a clean disconnect and retries cleanly once the recovery completes.
Single high-signal log line for every TDR escalation. Each incident emits one GPU TDR escalated to WDDM stack failure line tagged with the source subsystem so support readers can grep one symptom instead of correlating five.
New /api/health/tdr and /api/health/render-stack endpoints. Power users and dashboards can poll the same data the Troubleshooting card surfaces.

Windows 11 General Availability¶

SudoVDA auto-recovery ladder. When the display stack is wedged, LuminalShine now escalates through a two-level in-place recovery sequence keyed on SudoVDA’s hardware ID — the user-mode driver handle is recycled first; if that’s not enough, the SudoVDA root device is PnP-disabled and re-enabled (the equivalent of right-clicking the device in Device Manager, but run from the SYSTEM service). Cooldown-gated: 15 seconds for the cheap recycle, 5 minutes for the disable/enable. MTT VDD and unrelated UMDF drivers are never touched.
“Restart Virtual Display Driver” recovery button in Troubleshooting. A one-click escape hatch that runs the PnP disable+enable on demand, ignoring the auto-recovery cooldowns. Useful when you suspect SudoVDA is wedged but the auto-recovery hasn’t fired yet. Includes a confirmation dialog because it tears down any active streaming session bound to the virtual display.
“Show Diagnostic” support button in Troubleshooting. Opens a modal with the full SudoVDA PnP status — device-present flag, instance ID, hardware IDs, parsed CM_PROB status, last recovery attempt and outcome — with a Copy-to-clipboard action. Replaces “open Device Manager and screenshot it” for support tickets.
“Virtual Display Adapter Failure detected” banner. Persistent warning across the top of the Troubleshooting view whenever the GPU / WDDM stack is mid-recovery, so the user sees what’s happening before scrolling to the cards.
Pre-flight D3D11 health check at session start. Before launching the encoder thread, LuminalShine runs a single D3D11CreateDevice probe (~5 ms) to confirm the GPU stack is healthy. If it returns DXGI_ERROR_UNSUPPORTED or DXGI_ERROR_DEVICE_REMOVED, the session is refused with a clear log line — no more sessions hanging in display init after sleep/wake or after a TDR the recovery-recent flag has already aged out.
Streaming environment tip when DLSS / DLAA / Frame Generation is detected alongside 4K HDR NVENC. LuminalShine walks foreground processes for nvngx_dlss.dll, nvngx_dlssg.dll, nvngx_dlaa.dll and, when found alongside a 4K HDR 10-bit NVENC session, emits a single soft tip per (codec, resolution, HDR) tuple: a friendly heads-up that the combined Tensor + NVENC workload is a known driver-level interaction (not a LuminalShine defect), with a suggestion that switching to HEVC sometimes rides out concurrent workloads more smoothly. Surfaces as a system-tray toast plus a compact “Streaming environment” card in Troubleshooting. No action is required from the user — it’s an FYI, not a warning.
System-tray notification on TDR detection. One toast per 2-minute cooldown so a single incident doesn’t fire repeatedly.

Windows 11 Insider Preview¶

WDDM reset (Ctrl + Win + Shift + B) as recovery Level 3. When the cheaper recovery levels can’t bring SudoVDA back — the canonical fingerprint of the WUDFHostProblem2 / HostTimeout pattern on Insider Preview channels — LuminalShine now synthesises the Windows built-in graphics-driver-reset keystroke. The request is routed through the existing display helper process (which runs in the user’s interactive session and has the desktop integrity level required for SendInput) so SYSTEM-context callers can trigger it safely. After the keystroke is dispatched, the SudoVDA user handle is recycled and the next AddVirtualDisplay opens a fresh kernel binding against the recovered display port.
Rate-limited at 15 minutes per process. A permanently broken adapter is never hammered in a tight loop — but a single in-session wedge that survives Levels 1 and 2 of the ladder will be cleared without the user reaching for their keyboard.
Manual recovery button never triggers WDDM reset unprompted. The “Restart Virtual Display Driver” button caps at the PnP-cycle level (Level 2) because Level 3 momentarily blanks the entire desktop. Auto-recovery still escalates all the way to Level 3 when needed.
The previously-stuck install pattern (TDR followed by a 2.5-minute frozen reconnect) is now handled end to end. Detect → bound shutdown → ladder recovery → pre-flight gate on the next attempt. The Moonlight client should never see a multi-minute black screen again after a single TDR.

Automated release for 26.05.0-rc1.

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.05.0-beta.7…26.05.0-rc1

26.05.0-beta.7¶

Tag: 26.05.0-beta.7 · Released: 2026-05-16 · Pre-release

LuminalShine 26.05.0 Update Beta 7¶

Tip

This is the final Beta version before we enter the Release Candidate Stage.

Important

Update to this version as soon as possible. It resolves a critical bug with pairings not being retained by LuminalShine.

General¶

Pairings now persist through a corrupted state file. nvhttp::save_state previously short-circuited and returned the moment it couldn’t parse the existing sunshine_state.json — which meant that on a broken install, every new pair was silently dropped before the atomic write and the rotating .bak had a chance to fire. The save path now flows through the same recovery-aware loader as the read path: if both the primary and .bak are unusable, an empty tree is used and the corrupt file is overwritten with valid new content. New pairings stick.
Stacked brand-mark in the navigation header. The web UI’s top-left identity block now stacks “LuminalShine” over “NortheBridge Foundation” in the gitdocs.northebridge.com type style, with the Sunshine logo on the left wearing a soft cyan halo. Product name leads; foundation attribution stays visible without dominating the nav.
“Reset Stored Pairings” escape hatch in Troubleshooting. New POST /api/state/reset endpoint (auth-gated) and matching button in the Troubleshooting view. Archives the current sunshine_state.json, luminalshine_state.json, and their .bak siblings to .corrupt-<UTC-timestamp> (kept on disk for forensics), clears in-memory pairings, generates a new host UUID, and writes a fresh empty state. Admin credentials are NOT touched — login survives the reset. Use this when the auto-recovery paths can’t resolve a corruption on their own.

Windows 11 General Availability¶

Upgrades no longer race the running service. The installer now stops the LuminalShine service unconditionally on every upgrade and repair, not just on basic/silent (UILevel < 5) installs. The previous gating meant interactive upgrades had to rely on Windows Restart Manager to detect file-in-use, which is unreliable when Defender holds a scan handle on sunshine.exe. The result was sporadic “Access Denied” rollbacks of the whole MSI transaction, leaving LuminalShine in an unusable state.
Service stop retries with backoff. The PowerShell stop block retries Stop-Service up to 5 times with 1-second backoff so transient Stopping states from SCM can’t leak past file replacement. The companion process kill list now also includes sunshine_display_helper and display_helper, both of which were observed holding sunshine_*.dll open across upgrades.
Migration failures can no longer roll back an install. RunInstallerMigrations is now flagged Return="ignore", so a best-effort config migration that hits a sharing violation or transient error never tears down the MSI transaction. The C++ runtime carries the same migration logic as a safety net on first launch.
Runtime migration refuses to import corrupt JSON. platf::appdata() now validates each *.json file before copying it from the legacy <INSTALL_ROOT>\config\ directory into %ProgramData%\LuminalShine\config\. Zero-byte and unparseable files are skipped with a Warning: appdata: skipping unparseable JSON during migration: ... log line, so a corrupt state file from a previous broken install doesn’t propagate into the new location.
Self-heal for a stuck install. When sunshine_state.json exists at exactly zero bytes AND no .bak is present, LuminalShine now deletes the empty file on startup so the next save can write cleanly. Targets the exact stuck signature produced by the previous beta’s silent-abort bug — no manual elevation or File Explorer surgery needed.
Visible migration diagnostics. Every std::filesystem::copy failure (Access Denied, sharing violation, antivirus quarantine, disk full) is now logged through BOOST_LOG instead of being silently swallowed. The installer’s PowerShell migration script also tees its full output to %TEMP%\luminalshine-installer-migration.log so the next install incident is diagnosable from a single file.

Windows 11 Insider Preview¶

Interactive-UI upgrades on Insider Preview no longer hit “Access Denied” during the install routine. The combination of the unconditional service stop, the retry/backoff loop, the broadened process kill list, and the non-fatal migration flag closes the exact MSI rollback path that left LuminalShine in an unusable state on flight upgrades. The fix is concentrated at the points where Insider Preview servicing and Defender are most likely to be holding scan handles or staged-file replacements: just before InstallFiles, and around RunInstallerMigrations.
Corrupt state files from a prior broken upgrade no longer follow you forward. Earlier flight cycles could leave a zero-byte sunshine_state.json in C:\Program Files\Sunshine\config\ that the installer would faithfully copy into the new %ProgramData%\LuminalShine\config\ location. The runtime migration now validates each JSON file before copying — and if a previous install already deposited an empty file at the new location, the self-heal on next launch removes it so the first new pair can write a clean state plus a fresh .bak.
The previously-stuck installation self-recovers on first launch. No manual cleanup is required: the empty sunshine_state.json is removed, the next pair attempt writes valid state, the .bak chain finally bootstraps, and every subsequent boot is protected by the recovery loader. If anything else ever wedges it again, the new “Reset Stored Pairings” button in Troubleshooting is the manual lever.

Automated release for 26.05.0-beta.7.

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.05.0-beta.6…26.05.0-beta.7

26.05.0-beta.6¶

Tag: 26.05.0-beta.6 · Released: 2026-05-15 · Pre-release

LuminalShine 26.05.0 Update Beta 6¶

Important

It is recommended to update to this version ASAP, as it resolves a critical issue where pairings of devices are lost.

Tip

This is a potential release to become Release Candidate 1.

General¶

Aurora-glass Web UI. The Vue web interface (https://localhost:47990) has been redesigned to match the NortheBridge Foundation brand at gitdocs.northebridge.com. New deep-navy aurora background with cyan/violet/teal halos, frosted-glass cards and modals, Inter typography, gradient-text headings, and a brand-mark pill in the header. The light theme has been retired; the UI is now dark-only with the “Alexa+ Cyan” accent throughout.
Crash-safe state writes. All persistent state (pairings, admin credentials, web session tokens, API tokens, snapshot exclusions, apps) is now written atomically with an fsync barrier before rename, so a power loss or sudden shutdown mid-write can never surface a zero-byte file on the next boot. Every successful save also refreshes a sibling .bak copy.
Automatic recovery from corrupted state. When a state file fails to parse — whether from a torn write, a Windows servicing reboot, or external interference — LuminalShine now transparently falls back to the most recent .bak, restores it to the primary location, and continues. The previous build silently treated an unreadable state file as “empty,” which could wipe pairings on the next save.
Publisher metadata corrected. CI-built installers and binaries now identify their publisher as NortheBridge Foundation consistently (previously some CI artifacts shipped as just “NortheBridge”). The Windows registry “Publisher” string, the in-app “Package Publisher” log line, and the WiX installer manifest all match.

Windows 11 General Availability¶

Config moved to %ProgramData%\LuminalShine\config\. State files (sunshine_state.json, luminalshine_state.json, sunshine_credentials.json, apps.json, sunshine.conf) no longer live under C:\Program Files\Sunshine\config\. The new location sidesteps UAC VirtualStore redirection — previously, files written by the SYSTEM service and files written by user-context tools could end up in two different views of the same path, producing confusing “credentials reset” or “lost pairings” symptoms.
One-time automatic migration. On the first launch after upgrade, LuminalShine copies your existing pairings, credentials, apps, and configuration from the legacy location into the new one. The copy is idempotent and never overwrites existing data — if you’ve already started the new build, your current configuration is preserved.
Installer-side migration. The MSI/EXE installer also runs the same migration during upgrade, so users who run the installer twice (or who reinstall over an existing install) get their pairings in place immediately on first launch — no first-run handoff window.

Windows 11 Insider Preview¶

Pairings now survive flight upgrades. The most disruptive symptom on Insider Preview builds — pairings disappearing overnight after a Windows Update or servicing reboot — is fixed at the root cause. Cumulative updates and Insider Preview flight installs can stage Program Files subdirectories using rename/replace operations that briefly leave files at zero bytes; with config in %ProgramData%, those operations don’t touch LuminalShine state at all.
Belt-and-suspenders recovery for servicing windows. Even when the new location is touched (e.g. by Defender quarantining or a third-party “cleanup” tool), the new .bak rotation and recovery path automatically restore the last known-good state on the next boot, with a Warning: log line so you can see recovery happened. The previous build would silently start with empty pairings and then immediately overwrite the .bak on the first save, sealing the loss.
Faster diagnosis of remaining state issues. Write failures now log specifically through the statefile: channel (e.g. statefile: atomic rename failed: …, statefile: recovered <path> from backup), and the SessionTokenManager/ApiTokenManager write paths route through the same atomic helper, so the recurring failed writing state file: write error lines that appeared in Insider Preview logs are addressed by the same fix that protects pairings.

Automated release for 26.05.0-beta.6.

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.05.0-beta.5…26.05.0-beta.6

26.05.0-beta.5¶

Tag: 26.05.0-beta.5 · Released: 2026-05-14 · Pre-release

LuminalShine 26.05 Update Beta 5¶

Important

It is recommended to update to this version of LuminalShine as soon as possible. It corrects a critical bug that may cause loss of LuminalShine Pairings and Administrative Access.

General¶

No General changes in this build.

Windows 11 General Availability¶

Critical fix: admin credentials and Moonlight pairings no longer reset on service restart. Two separate failure modes were corrupting the host state file: a write race between the credentials-save path (save_user_creds) and the pairings-save path (save_state), both targeting sunshine_state.json with inconsistent locking, and non-atomic file writes that could leave a truncated file behind if a concurrent operation interrupted the write. Concurrent pair events landing in the window between the credentials handler’s read and write would silently roll back any pairings added in that window, and a partial write would cause the next startup to reject the file outright — wiping credentials, the unique host ID, and every paired device.
Atomic writes. State and credentials file writes now go through a temp-file-plus-rename path (MoveFileExW on NTFS). Concurrent readers and crash recovery see either the full prior contents or the full new contents — never a partial file.
Mutex coverage. save_user_creds, reload_user_creds, and the password-change HTTP handler now all serialize against the same lock that save_state already used. Pair events and credential changes can no longer interleave destructively.
Defensive read-back. After saving a new password the host immediately re-hashes the supplied password against the salt it just wrote, compares it to in-memory state, and returns a 500 “Failed to persist new credentials” if they don’t match — so a write that succeeded on the API surface but failed at the filesystem (permissions, antivirus quarantine, etc.) is now reported at save time instead of silently failing at the next login.
Separate credentials file. Admin credentials now live in their own sunshine_credentials.json next to sunshine_state.json instead of sharing the file with pairings. Existing installs are migrated automatically on first launch: any legacy username/salt/password at the top of sunshine_state.json is moved to the new file and stripped from the state file. Idempotent — once the dedicated file exists, the migration is skipped forever.
Regression coverage. New unit suite locks down the atomic-write contract (replaces target, leaves no .tmp, creates parent dirs), the migration round-trip (creds moved, legacy keys removed, paired devices under root.named_devices preserved), and migration idempotency.

Windows 11 Insider Preview¶

No Insider-specific changes in this build. The credentials fix applies equally to GA and Insider hosts.

Automated release for 26.05.0-beta.5.

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.05.0-beta.4…26.05.0-beta.5

26.05.0-beta.4¶

Tag: 26.05.0-beta.4 · Released: 2026-05-13 · Pre-release

LuminalShine 26.05.0 Update Beta 4¶

Note

LuminalShine is currently pre-release software. Please report any issues on GitHub Issues.

General¶

Render GitHub release notes on the Dashboard as Markdown. The “Release Notes” panel that pops out from the update banner used to display the raw Markdown source (bold, # headings, link). It now renders proper formatting — headings, lists, bold/italic, links, tables, task lists, syntax-highlighted code blocks (via highlight.js with GitHub-dark colors), and GitHub-style autolinks for @username and #issue references — all sanitized through DOMPurify so untrusted release-body content can never inject script. Links open in a new tab so the Dashboard never gets navigated away from.
About page with diagnostics, accessible from the navigation. A new read-only page that surfaces, in copy-friendly form: version / commit / branch, GPU vendor and VRAM, driver versions and dates, encoder probe results (H.264 / HEVC / AV1 with YUV444), reference-frame-invalidation support, virtual display backend status, HDR state on each connected display, Windows OS version and edition, and the Windows Insider channel and ring when applicable. Designed to be screenshotted or copied straight into a support ticket or GitHub issue.
High Performance Streaming card on the Dashboard. New one-click profile that retunes virtual display, display automation, double-refresh workaround, encoder preset, NVENC HAGS, and minimum CPU thread count for high-end host setups. Vendor-aware: NVENC settings on NVIDIA, AMF analogs on AMD, QuickSync analogs on Intel. Snapshots the user’s prior settings to local storage on enable, with explicit “Restore Previous User Settings” and “Restore to Default” actions on the card. Tested on an NVIDIA Blackwell 5080-class GPU, Intel Core i9-12900KS, 64 GB RAM, Wi-Fi 6E to Wi-Fi 5 Moonlight clients, and 10 Gbps host networking.
Correct “Windows 11” labeling in diagnostics. On Windows 11 hosts, the About page (and any other consumer of the platform product-name metadata, including support bundles) was showing “Windows 10 Pro” / “Windows 10 Enterprise” / etc. because Microsoft deliberately leaves the registry’s ProductName value as “Windows 10 X” on Windows 11 for application-compatibility reasons. The product name now disambiguates by build number (≥ 22000 → Windows 11) and rewrites the marketing prefix accordingly. Idempotent: if Microsoft ever updates the registry value natively, the rewrite becomes a no-op.
Web UI dark palette swap. Dark theme accent moved from Indigo to Alexa Cyan to align with the LuminalShine brand identity.

Windows 11 General Availability¶

Wix bootstrapper sticky-footer layout. The Install / Update / Uninstall / Close buttons in the installer’s bootstrapper window are now always visible. Previously, when the install section grew (driver chooser, currently-installed banner, tips, status), the content card pushed the footer row past the visible window bottom. Content above now scrolls; the footer stays pinned. Window minimum width was bumped 760 → 880 px (target 920 px) so the worst-case button row no longer clips the rightmost actions.
Wix bootstrapper UI accent. The installer’s accent color is swapped from Indigo to Alexa Cyan to match the web UI’s brand direction.
Streamlined installer downloads. The standalone .msi is no longer published as a separate release artifact. The bootstrapper .exe already contains the MSI as its embedded payload, so end users get a single installer (LuminalShine-Windows-AMD64-installer.exe) and the portable archive (LuminalShine-Windows-AMD64-portable.zip). No behavior change — installing the .exe writes the same Windows Installer database that the MSI did.

Windows 11 Insider Preview¶

No Insider-specific changes in this build. All recent stability work for Canary builds (D3D11CreateDevice TDR backoff, SudoVDA/MTT QueryDisplayConfig handle reset, progressive WGC helper handshake) shipped in the previous release. This build’s user-facing changes apply equally to GA and Insider hosts.

Automated release for 26.05.0-beta.4.

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.05.0-beta.3…26.05.0-beta.4

LuminalShine 26.05.0 (Beta 3)¶

Tag: 26.05.0-beta.3 · Released: 2026-05-09 · Pre-release

LuminalShine 26.05 Update Beta 3¶

General¶

Rebranded to NortheBridge Foundation across the build system, MSI publisher metadata, README, contributing docs, system-tray strings, and Playnite plugin author. The earlier “NortheBridge North America” identity is preserved as a historical footnote in the README.
System-tray context menu entry renamed: “Open Sunshine” → “Open LuminalShine”. The auto-comment template that asks users to export logs from a GitHub issue was updated to match the new menu label.
Pre-Release and General Availability updates are now both queried by default. The setting description explains that Windows Insider Preview builds may require a Pre-Release version to be installed; the toggle is still available if you want to restrict to stable channel only.
New About page at /about, reachable from the navigation bar. Surfaces a screenshot-friendly diagnostics snapshot — LuminalShine version + commit, OS edition + channel + version, per-GPU driver info (vendor, model, VRAM, driver version, driver date, graphics API), encoder availability (H.264 / HEVC / AV1 / YUV444), per-display HDR support and current state, virtual-display backend + version + status, hostname / port / active stream count. Two action buttons copy the full set as either plain text or fenced Markdown for issue templates.
Update checks now succeed on Windows hosts with a busy root certificate store. schannel rejected the previously-built CA bundle when it crossed 1 MiB. The bundle is now deduplicated by SHA-256 fingerprint, filtered to actual trust anchors (BasicConstraints + KeyUsage.keyCertSign), and size-capped, with CURLSSLOPT_NATIVE_CA preferred up front so most builds skip materializing a bundle entirely.
Cleaner support logs at startup. The NVENC encoder probe’s expected “GPU doesn’t support AV1 YUV444” + “NvEncUnregisterAsyncEvent: NV_ENC_ERR_DEVICE_NOT_EXIST” pairs no longer log at Error level on every cold boot — the YUV444-not-supported message is now Warning (still visible but not alarming), and the cleanup-after-aborted-init NV_ENC_ERR_DEVICE_NOT_EXIST case is filtered to Debug. The // Ignore any errors mentioned above // workaround comment that papered over the noise is no longer needed.
Build infrastructure overhaul. GitHub Actions workflows migrated to Node.js 24 ahead of the 16 September 2026 deprecation deadline (msys2/setup-msys2 → v2.31.1, softprops/action-gh-release → v3.0.0, vmactions/freebsd-vm → v1.4.5, LizardByte/actions/* → v2026.417.35446). The Web UI build step now uses the official MSVC-built Windows Node.js binary from actions/setup-node instead of MSYS2’s mingw-w64 nodejs, eliminating a std::bad_weak_ptr crash class affecting npm ci and vite build — relevant for anyone building from source.

Windows General Availability¶

Wix Bootstrapper action buttons are now always visible. Earlier revisions used Auto-sized rows on a Top-aligned card, which let tall content push the Install / Update / Remove / Quit buttons below the visible window — buttons existed in the visual tree (still focusable via Tab + Enter) but rendered off-screen. The card is now a sticky-footer layout: content area scrolls if needed, action buttons stay anchored at the bottom. Window minimum width also bumped to 880 px so the wide reconfigure-mode “Switch virtual display driver” button row no longer clips on the right edge.
Wix Bootstrapper defaults to SudoVDA with rewritten explanatory descriptions for both SudoVDA and MTT VDD radio options. The text spells out which driver to pick for which Windows build, and the installer’s pre-existing detection of an already-installed driver continues to pre-select that option on upgrade or reconfigure.
Driver detection in the web interface now returns a real status instead of perpetually showing “unknown.” On a typical desktop host (physical monitor present, no active stream yet), the virtual-display driver status was never updated from its initial UNKNOWN state until streaming actually started. The metadata endpoint now lazy-probes the driver on first hit, and the Audio/Video tab re-fetches metadata on backend selection change plus exposes a “Re-check driver” button next to the status indicator.
D3D11 device creation now survives a transient post-TDR window. When the GPU recovers from a Timeout Detection and Recovery event, D3D11CreateDevice returns DXGI_ERROR_UNSUPPORTED (0x887A0004) for several seconds while the kernel rebuilds the driver state. The previous one-shot calls in both the encoder bringup path and the Desktop Duplication test path treated this as a hard failure, ending streaming sessions in a recovery loop. A new D3D11CreateDeviceWithRecovery helper retries those transient HRESULTs with exponential backoff (1 s → 2 s → 4 s → 8 s, ~15 s budget) before giving up. A successful retry logs an info-level “recovered after N attempts” line for triage.
Slow-start streaming sessions take seconds, not 14 seconds. The WGC capture helper handshake used a fixed 3-second budget per attempt, and a slow process spawn (antivirus inspection, slow user-token resolution) was being treated as a deadlock — the parent process would terminate the helper and relaunch in a loop until something stuck. The first attempt of each session keeps the tight 3 s budget so a real deadlock still fails fast; once a timeout has been observed in this process, subsequent attempts use a 6 s budget that catches the slow-start case in one retry instead of four.
Encode-wait timeout log lines now carry diagnostic context. A new info-level line is emitted just before the existing error, reporting session age, current frame index vs last successfully-encoded frame index, time since the previous successful encode, configured frame shape (resolution, buffer format), and the force-IDR flag. Paired with the new D3D11 retry log it makes “GPU hung mid-stream and recovered” a single visible trace in support bundles instead of “we suddenly stopped getting packets and don’t know why.”

Windows Insider Preview¶

The OS display config API stall after a NVENC TDR is now self-healing. On Insider Preview channels, QueryDisplayConfig returns ERROR_NOT_SUPPORTED (Win32 50) for several seconds after a GPU TDR — long enough that the libdisplaydevice submodule’s internal 9-attempt retry loop runs out and reports failure, leaving LuminalShine unable to resolve the active virtual display on resume. Previously this caused the resume loop to spin until the user killed the process. When the device-enumeration call returns nullopt three times in a row, LuminalShine now closes and reopens the SudoVDA / MTT VDD handle (which on Windows triggers a device-stack rebuild that frees QDC from its post-TDR stuck state) and retries enumeration once. Rate-limited to once per 30 seconds so a permanently-broken driver can’t be bounced in a tight loop.
Stream sessions now survive the Blackwell + Insider Preview NVENC TDR cascade end-to-end. This release ships the full recovery chain: when NVENC hangs on a long-running 4K@120 AV1 HDR session, the timeout-context telemetry records what state the encoder was in, the D3D11 retry helper waits out the kernel’s TDR window instead of failing on the first re-create, the virtual-display reset path rescues the OS display API from its ERROR_NOT_SUPPORTED stuck state, and the helper-handshake backoff keeps the subsequent reconnect from cold-starting into a deadlock loop. The four pieces work together; in isolation each only addresses part of the failure pattern.
Wix Bootstrapper now warns about Insider Preview encoder constraints. The SudoVDA radio button description in the installer and reconfigure flows now explicitly calls out: on Windows Insider Preview builds, SudoVDA only supports HEVC and AV1 encoding (with or without HDR). The MTT VDD description and tooltip mirror this — if you plan to stream using H.264 on an Insider build, choose the MTT Virtual Display Driver instead. SudoVDA remains the default selection.
About page detects the Insider channel and reports it correctly. On a Canary, Dev, Beta, or Release Preview host the page shows the channel name as a status badge and reports the OS version as Build NNNNN (the meaningful number on Insider) rather than a stale 24H2-style identifier. On a GA host the badge reads “Release (GA)” and the version uses the standard display-version format.

Automated release for 26.05.0-beta.3.

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.05.0-beta.2…26.05.0-beta.3

LuminalShine Code Architecture: @NorthernLights

26.05.0-beta.2¶

Tag: 26.05.0-beta.2 · Released: 2026-05-09 · Pre-release

LuminalShine 26.05 Update Beta 2¶

General¶

Update checks now succeed on Windows hosts that have a busy root certificate store. The Windows trust store loader used to dump every cert from LOCAL_MACHINE\ROOT and CURRENT_USER\ROOT (commonly ~1,260 entries with heavy duplication) into a CA bundle that exceeded curl’s 1 MiB schannel limit, breaking GitHub release queries with schannel: CA file exceeds max size of 1048576 bytes. The bundle is now deduplicated by SHA-256 fingerprint, filtered to actual trust anchors (BasicConstraints CA: TRUE + KeyUsage keyCertSign), and size-capped — and CURLSSLOPT_NATIVE_CA is preferred up front so most builds skip materializing a bundle entirely. Boot-time log now reports trust-anchor count plus how many certs were filtered out for visibility into future regressions. (commit 0fadd32b)
Cleaner support logs at startup. The NVENC encoder probe deliberately tries AV1 + YUV444 first, expects it to fail on consumer GeForce hardware, and falls back to YUV420. That benign path used to produce six Error-level log lines per cold boot — papered over with a literal // Ignore any errors mentioned above // comment in the log itself. The two specific messages from this path (gpu doesn’t support YUV444 encode and NvEncUnregisterAsyncEvent failed: NV_ENC_ERR_DEVICE_NOT_EXIST during cleanup-after-aborted-init) have been demoted to warning and debug respectively. Real session-time encoder failures still surface at error. (commit 2cb79875)
System-tray context-menu entry now reads “Open LuminalShine”. Right-clicking the taskbar icon previously surfaced “Open Sunshine” — leftover from the upstream fork. The auto-comment that tells users how to export logs from a GitHub issue was updated to match. (commit 8783f15e)

Windows GA¶

D3D11 device creation now survives a transient post-TDR window. When the GPU recovers from a Timeout Detection and Recovery event, D3D11CreateDevice returns DXGI_ERROR_UNSUPPORTED (0x887A0004) or DXGI_ERROR_DEVICE_REMOVED (0x887A0005) for several seconds while the kernel rebuilds the driver state. The previous one-shot calls in both the encoder bringup path and the Desktop Duplication test path treated this as a hard failure, which under sustained encode load reliably ended streaming sessions in a recovery loop. A new D3D11CreateDeviceWithRecovery helper retries those two transient HRESULTs with exponential backoff (1s → 2s → 4s → 8s, ~15s total budget) before giving up. Non-transient failures still return immediately. A successful retry logs an info-level “recovered after N attempts” line for triage. (commit d529912f)
Slow-start streaming sessions take seconds, not 14 seconds. The WGC capture helper handshake used a fixed 3-second budget per attempt, and a slow process spawn (antivirus inspection of the helper exe, slow user-token resolution) was being treated as a deadlock — the parent process would terminate the helper and relaunch in a loop until something stuck. Fix: per-process consecutive-timeout tracker. The first attempt of each session keeps the tight 3-second budget so a real deadlock still fails fast; once a timeout has been observed in this process, subsequent attempts use a 6-second budget that catches the slow-start case in one retry instead of four. Counter resets on a successful handshake. (commit ac5dfeb7)
Encode-wait timeout log lines now carry diagnostic context. When NVENC stops returning packets, the previous one-line error gave no signal about whether the timeout was a transient bubble or the leading edge of a TDR. A new info-level line emitted just before the error reports session age, frame index vs last successfully-encoded frame index, time since the previous successful encode, the configured frame shape (resolution + buffer format), and the force-IDR flag — paired with the new D3D11 retry log it makes “GPU hung mid-stream and recovered” a single visible trace in support bundles. (commit 63d47022)

Windows Insider Preview¶

The OS display config API stall after a NVENC TDR is now self-healing. On Insider Preview channels, QueryDisplayConfig returns ERROR_NOT_SUPPORTED (Win32 50) for several seconds after a GPU TDR — long enough that the libdisplaydevice submodule’s internal 9-attempt retry loop runs out and reports failure to LuminalShine, which then can’t resolve the active virtual display on resume. Previously this caused the resume loop to spin until the user killed the process. Fix: when the device-enumeration call returns nullopt three times in a row, LuminalShine now closes and reopens the SudoVDA / MTT VDD handle (which on Windows triggers a device-stack rebuild that frees QDC from its post-TDR stuck state) and retries enumeration once. The reset is rate-limited to once per 30 seconds so a permanently-broken driver can’t be bounced in a tight loop. (commit ad1b8e58)
Stream sessions now survive the Blackwell + Insider Preview NVENC TDR cascade end-to-end. This release ships the full recovery chain: when NVENC hangs on a long-running 4K@120 AV1 HDR session (the failure observed in the 2026-05-08 support logs), the timeout-context telemetry (B6) records what state the encoder was in, the D3D11 retry helper (B1) waits out the kernel’s TDR window instead of failing on the first re-create, the virtual-display reset path (B2) rescues the OS display API from its ERROR_NOT_SUPPORTED stuck state, and the helper-handshake backoff (B4) keeps the subsequent reconnect from cold-starting into a deadlock loop. (commits 63d47022, d529912f, ad1b8e58, ac5dfeb7)

Automated release for 26.05.0-beta.2.

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.05.0-beta.1…26.05.0-beta.2

26.05.0-beta.1¶

Tag: 26.05.0-beta.1 · Released: 2026-05-01 · Pre-release

LuminalShine 26.05 Update Beta 1¶

This is the initial release foundation of LuminalShine, featuring 26.04.0-alpha.7’s features, updates, and improvements in addition to the following general maintenance fixes:

General Changes

Update README.md for LuminalShine
Added SECURITY.md and Revised Supported Version of LuminalShine
Revised Contributing Guidelines
Revised Localization Details
Updated Preferred IDE to VSCode
Update Publisher Handling to “NortheBridge Software Foundation”

Windows General Availability & Windows Insider Preview Changes

Increase the size of the Wix Bootstrapper Installation / Update / Uninstallation Runtime
Enhanced Driver Status Handling

Automated release for 26.05.0-beta.1.

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.04.0-alpha.7…26.05.0-beta.1

26.04.0-alpha.7¶

Tag: 26.04.0-alpha.7 · Released: 2026-04-30 · Pre-release

LuminaryShine Release 26.04 Update Alpha 7¶

General Fixes

Added SEH Handling for a number of features that openly required it for thread safety
Updated LuminaryShine to use NortheBridge Linking
Non-Windows Platform Support is deprecated (Going forward, LuminaryShine will support Windows on x64 for now)
Refactored “dead code” from the original code base of LuminaryShine

Windows (24H2 and Main Release Branch)

Resolved issues with LuminaryShine’s Installer, preventing the entire executable from being viewable
Added MTT VDD as a Display Driver Option in case a fallback is required. View Roadmap for LuminaryShine VDA

Windows Insider Preview Builds (Canary, Dev, Beta)

Resolved an issue with DXGI to allow Windows Canary Builds 28957 or later and current Windows Insider Preview Builds to stream using LuminaryShine (Note: You must use either HEVC or AV1. The thread dies when using H.264, and that is a Microsoft issue.)

Roadmap

Complete the transition of initial documentation to LuminaryShine
Examine H.264 Incompatibility
Replace SudoVDA and MTT VDD with LuminaryShine Virtual Display Adapter
Sign all Code Releases with a Codesigning Certificate

Automated release for 26.04.0-alpha.7.

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.04.0-alpha.6…26.04.0-alpha.7

26.04.0-alpha.6¶

Tag: 26.04.0-alpha.6 · Released: 2026-04-30 · Pre-release

Automated release for 26.04.0-alpha.6.

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.04.0-alpha.5…26.04.0-alpha.6

26.04.0-alpha.5¶

Tag: 26.04.0-alpha.5 · Released: 2026-04-29 · Pre-release

Automated release for 26.04.0-alpha.5.

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.04.0-alpha.4…26.04.0-alpha.5

26.04.0-alpha.4¶

Tag: 26.04.0-alpha.4 · Released: 2026-04-29 · Pre-release

Pre-Alpha Early Access Software

Foundation for mutli-VDD Support. Use the latest LuminalShine in order to experience a modern Sunshine game host experience.

Automated release for 26.04.0-alpha.4.

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.04.0-alpha.3…26.04.0-alpha.4

26.04.0-alpha.3¶

Tag: 26.04.0-alpha.3 · Released: 2026-04-29 · Pre-release

Pre-Alpha Early Access Software

Alpha 3 contains the foundation for the installation system and should not be used due to an error installing virtual display drivers. Please use Alpha 4 instead.

Automated release for 26.04.0-alpha.3.

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.04.0-alpha.2…26.04.0-alpha.3

26.04.0-alpha.2¶

Tag: 26.04.0-alpha.2 · Released: 2026-04-29 · Pre-release

Pre-Alpha Early Access Software

This Alpha contains the foundation for all fixes related to Windows 11 Insider Preview and the current Windows 11 25H2 Builds butt does not expose them. Please use Alpha 3.

Automated release for 26.04.0-alpha.2.

Full Changelog: https://github.com/NortheBridge/luminalshine/compare/26.04.0-alpha.1…26.04.0-alpha.2

26.04.0-alpha.1¶

Tag: 26.04.0-alpha.1 · Released: 2026-04-29 · Pre-release

Pre-Alpha Early Access Software

Automated release for 26.04.0-alpha.1.

Full Changelog: https://github.com/NortheBridge/luminalshine/commits/26.04.0-alpha.1