fix: add -IgnoreLanguageMode switch to bypass CLM check in WDAC-managed environments

src/powershell/private/core/Test-ZtLanguageMode.ps1

@@ -11,20 +11,43 @@ function Test-ZtLanguageMode {
 		Checks both the module's own session state (for real WDAC/AppLocker CLM)
 		and the global session state via the runspace proxy (for manual CLM testing).
 
+	.PARAMETER IgnoreLanguageMode
+		When specified, a Constrained Language Mode detection produces a warning instead of a
+		terminating error and returns $true, allowing the caller to proceed.
+		Use this only when your WDAC policy is configured to trust the module's signing certificate
+		and you understand that some functionality may still fail under true CLM.
+
 	.EXAMPLE
 		PS C:\> Test-ZtLanguageMode
 
 		Returns $true if running in Full Language Mode, $false otherwise.
+
+	.EXAMPLE
+		PS C:\> Test-ZtLanguageMode -IgnoreLanguageMode
+
+		Returns $true even if running in Constrained Language Mode, but prints a warning.
 	#>
 	[CmdletBinding()]
 	[OutputType([bool])]
-	param ()
+	param (
+		[switch]
+		$IgnoreLanguageMode
+	)
 
 	$fullLanguage = [System.Management.Automation.PSLanguageMode]::FullLanguage
 
 	# Check 1: Module's own language mode (works in real WDAC/AppLocker CLM where the module loads in CLM)
 	$languageMode = $ExecutionContext.SessionState.LanguageMode
 	if ($languageMode -ne $fullLanguage) {
+		if ($IgnoreLanguageMode) {
+			Write-PSFMessage -Level Warning -Message "PowerShell is running in $languageMode mode. Proceeding because -IgnoreLanguageMode was specified. Some functionality may fail."
+			Write-Host
+			Write-Host "⚠️  WARNING: PowerShell is running in $languageMode mode." -ForegroundColor Yellow
+			Write-Host "The -IgnoreLanguageMode switch was specified. The assessment will proceed, but some tests may" -ForegroundColor Yellow
+			Write-Host "fail or produce incomplete results if your WDAC policy does not fully trust this module." -ForegroundColor Yellow
+			Write-Host
+			return $true
+		}
 		Write-ZtLanguageModeError -LanguageMode $languageMode
 		return $false
 	}

src/powershell/public/Connect-ZtAssessment.ps1

@@ -31,6 +31,12 @@ function Connect-ZtAssessment {
 		The application will need to be configured to have the matching Application scopes, compared to the Delegate scopes and may need to be added into roles.
 		If this certificate is also used for connecting to Azure, it must come from a certificate store on the local computer.
 
+	.PARAMETER IgnoreLanguageMode
+		When specified, bypasses the Constrained Language Mode safety check and allows the connection to
+		proceed even when PowerShell reports a non-Full language mode (e.g. in WDAC-managed environments
+		where the module's signing certificate is trusted by policy).
+		WARNING: Some functionality may fail if CLM restrictions are truly in effect.
+
 
 	.EXAMPLE
 		PS C:\> Connect-ZtAssessment
@@ -93,10 +99,15 @@ function Connect-ZtAssessment {
 		# When specified, forces reconnection to services even if an existing connection is detected.
 		# This is useful to refresh the connection context and permissions.
 		[switch]
-		$Force
+		$Force,
+
+		# When specified, bypasses the Constrained Language Mode check. Use only in WDAC-managed environments
+		# where the session reports CLM but the module is trusted and runs with full capability.
+		[switch]
+		$IgnoreLanguageMode
 	)
 
-	if (-not (Test-ZtLanguageMode)) {
+	if (-not (Test-ZtLanguageMode -IgnoreLanguageMode:$IgnoreLanguageMode)) {
 		Stop-PSFFunction -Message "PowerShell is running in Constrained Language Mode, which is not supported." -EnableException $true -Cmdlet $PSCmdlet
 		return
 	}

src/powershell/public/Invoke-ZtAssessment.ps1

@@ -57,6 +57,12 @@ Tests that exceed this limit are recorded as timed out and execution continues w
 For Data pillar tests and other external-module/remoting-heavy operations, timeout is a
 best-effort interruption rather than a guaranteed hard stop of the underlying operation.
 
+.PARAMETER IgnoreLanguageMode
+When specified, bypasses the Constrained Language Mode safety check and allows the assessment to
+proceed even when PowerShell reports a non-Full language mode (e.g. in WDAC-managed environments
+where the module's signing certificate is trusted by policy).
+WARNING: Some tests may fail or return incomplete results if CLM restrictions are truly in effect.
+
 .EXAMPLE
 Invoke-ZtAssessment
 
@@ -181,7 +187,13 @@ function Invoke-ZtAssessment {
 		# If specified, suppresses automatic browser opening for both the progress dashboard and the final HTML report.
 		[Parameter(ParameterSetName = 'Default')]
 		[switch]
-		$NoBrowser
+		$NoBrowser,
+
+		# When specified, bypasses the Constrained Language Mode check. Use only in WDAC-managed environments
+		# where the session reports CLM but the module is trusted and runs with full capability.
+		[Parameter(ParameterSetName = 'Default')]
+		[switch]
+		$IgnoreLanguageMode
 	)
 
 	if ($script:ConnectedService -and $script:ConnectedService.Count -le 0) {
@@ -237,7 +249,7 @@ $titleLine
 	#region Preparation
 	Show-ZtiBanner
 
-	if (-not (Test-ZtLanguageMode)) {
+	if (-not (Test-ZtLanguageMode -IgnoreLanguageMode:$IgnoreLanguageMode)) {
 		Stop-PSFFunction -Message "PowerShell is running in Constrained Language Mode, which is not supported." -EnableException $true -Cmdlet $PSCmdlet
 		return
 	}