Merge origin/release/13.2 into main#15191
Merged
joperezr merged 24 commits intomicrosoft:mainfrom Mar 17, 2026
Merged
Conversation
…Java pkcs12 trust certificate bundles) (microsoft#14756) * Add support for pkcs12 format certificate trust bundles * Update to set the OID Java expects on the certs in the pkcs12 collection * Fix failing test * Update to use an OID value instead of an empty sequence * Switch from a dedicated pkcs12 output type to a bundle extension method that can be used to add custom certificate bundle formats * Fix issues raised in PR review * Allow cert tests that don't require private keys to pass on Mac * Fix failing test due to IsContainer fix
…soft#15018) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: James Newton-King <james@newtonking.com> Fixes microsoft#14404
…Functions playground sample (microsoft#15155) * add new functions js sample * rename program.cs to apphost.cs * print yellow string to debug console when apphost stops * fix issue in playground ts functions apphost * fix copilot review comments: event hub connection name, api service env var, and package.json main field * reorganize: move TypeScript Azure Functions sample into playground/apps * rename: playground/apps to playground/TypeScriptApps * rename: AzureFunctionsEndToEnd.TypeScript to AzureFunctionsSample
* Revamp extension README for clarity and completeness * Add dashboard screenshot and placeholders for sidebar/command palette screenshots * Fix Azure Functions debugger info to reflect multi-language support * Fix Azure Functions: only C#, JS/TS, and Python debugging supported * Capitalize AppHosts in view name and related strings * Only capitalize AppHosts in the view name, keep lowercase elsewhere * Rename init command to 'Initialize Aspire in an existing codebase' * Remove TODO placeholders for screenshots * Wording tweak: 'most commonly used' settings * Point to Extension settings command instead of manual search * Address Copilot review: VS Code version prereq, dashboard browser details, MCP server wording * Fix .NET version: require .NET 10, not .NET 8
* Broaden infrastructure network rerun handling Expand the log-based override beyond the old build-step allowlist, keep test execution failures excluded from the override, and clarify the retry reason surfaced in job summaries. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Include matched pattern in rerun reason Surface the specific infrastructure-network pattern that matched so transient rerun summaries explain exactly why a job was considered retryable. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Improve transient rerun workflow summaries Make rerun analysis output more human-readable, render clickable summary links, show explicit skipped versus rerun outcomes, and surface failed attempt, rerun attempt, and PR comment links in the workflow summary. Also add an optional workflow_dispatch dry_run input so manual runs default to real reruns while still supporting inspection-only execution. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
… resolution (microsoft#15138) * feat: Enhance ReferenceExpression with conditional logic and server value resolution - Updated ReferenceExpression to support conditional expressions with fields for condition, matchValue, whenTrue, and whenFalse. - Introduced static method createConditional for creating conditional ReferenceExpressions. - Implemented getValue method to resolve the expression's value on the server, including cancellation support. - Registered handle wrapper for ReferenceExpression in base.ts to avoid duplication in generated SDK. - Added AppHostUsageError for better error handling in capability argument validation. - Improved async method handling in CapabilityDispatcher to support ValueTask. - Added tests for ReferenceExpression and ValueTask methods to ensure correct functionality and exports. * feat: Add support for ValueTask capabilities with background thread invocation * fix: Update capability identifiers from 'getValueAsync' to 'getValue' for consistency * fix: Update capability identifier from 'getValueAsync' to 'getValue' for consistency
…on (microsoft#15099) * Initial plan * Fix withNpm constraint: register concrete types under own key in compatibility map In BuildTypeCompatibilityMap, each concrete type was only registered under its interfaces and base types, but not under its own type ID. This meant that when expanding capabilities constrained to a base type like JavaScriptAppResource, the base type itself was missing from the expanded targets. For example, WithNpm<TResource>() where TResource : JavaScriptAppResource would only generate withNpm on NodeAppResource and ViteAppResource, but not on JavaScriptAppResource itself. The fix adds self-registration so base types with derived types are always included when expanding capabilities that target them directly. Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> * Add tests for JavaScript resource type expansion with npm and package manager methods * Update tests/Aspire.Hosting.CodeGeneration.TypeScript.Tests/AtsTypeScriptCodeGeneratorTests.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * feat: Add new container and project configuration methods - Implemented methods for configuring container resources, including: - `withBindMount`: Adds a bind mount. - `withEntrypoint`: Sets the container entrypoint. - `withImageTag`: Sets the container image tag. - `withImageRegistry`: Sets the container image registry. - `withImage`: Sets the container image with optional tag. - `withImageSHA256`: Sets the image SHA256 digest. - `withContainerRuntimeArgs`: Adds runtime arguments for the container. - `withLifetime`: Sets the lifetime behavior of the container resource. - `withImagePullPolicy`: Sets the container image pull policy. - `publishAsContainer`: Configures the resource to be published as a container. - `withDockerfile`: Configures the resource to use a Dockerfile. - `withContainerName`: Sets the container name. - `withBuildArg`: Adds a build argument from a parameter resource. - `withBuildSecret`: Adds a build secret from a parameter resource. - `withEndpointProxySupport`: Configures endpoint proxy support. - `withContainerNetworkAlias`: Adds a network alias for the container. - `publishAsConnectionString`: Publishes the resource as a connection string. - `withVolume`: Adds a volume. - Added similar methods for executable resources and project resources, including: - `publishAsDockerFile`: Publishes the executable as a Docker container. - `publishAsDockerFileWithConfigure`: Publishes an executable as a Docker file with optional container configuration. - `withExecutableCommand`: Sets the executable command. - `withWorkingDirectory`: Sets the executable working directory. - `withReplicas`: Sets the number of replicas for a project. - `disableForwardedHeaders`: Disables forwarded headers for the project. - `publishAsDockerFile`: Publishes a project as a Docker file with optional container configuration. * test: Update package manager methods test to assert minimum expected JS resource types --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> Co-authored-by: David Pine <david.pine@microsoft.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* always build file-based apps to prevent using cached version * respect KnownConfigNames.DebugSessionRunMode in project resources * dont use c# dev kit at all for builds * Add test for DebugSessionRunMode on project resources
…aged (microsoft#15149) These settings are no longer needed.
) * Make ATS analyzer opt-in Move the Aspire.Hosting analyzer DLL out of NuGet's auto-loaded analyzers path and gate activation behind an MSBuild property. Enable the property in-repo and add MSBuild tests covering default-off and opt-in behavior. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix analyzer opt-in for RepoRoot consumers Use an analyzer assembly existence check instead of RepoRoot to allow opted-in Arcade-based consumers to load the analyzer from the package. Add a regression test covering RepoRoot being set. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Split the ExportAnalyzer into its own analyzer library and include it in Aspire.Hosting. Most integration packages don't reference the Aspire.Hosting.AppHost nuget package, only Aspire.Hosting. So we need to include the analyzer there. * Revert previous changes. * Remove old tests * remove old test code * Rename EnableAspireExportAnalyzers to EnableAspireIntegrationAnalyzers Rename the MSBuild property that controls opt-in for the integration analyzer from EnableAspireExportAnalyzers to EnableAspireIntegrationAnalyzers to be consistent with the project name (Aspire.Hosting.Integration.Analyzers). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix up for latest code. Also move the build and analyzer logic into buildTransitive\net8.0 so it works transitively and this package only supports the current TFM, not all. * Centralize test Pkcs version Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix Hosting analyzer packaging Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove Pkcs changes --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Eric Erhardt <eric.erhardt@microsoft.com>
* Add 'aspire doctor fix' sub-command for automated environment repair Introduce IHealableEnvironmentCheck interface that environment checks can implement to support automated fix actions. DevCertsCheck is the first implementor, providing 'clean' and 'trust' actions that use the native CertificateManager fork instead of subprocess calls. Key changes: - IHealableEnvironmentCheck with HealAction/HealResult records and smart state-based evaluation via EvaluateAsync - DoctorFixCommand with dynamic sub-commands per healable check, --all flag, --format (table/json) output support - DevCertsCheck heal implementation using ICertificateToolRunner with shared code between check and heal paths - Doctor results updated to suggest 'aspire doctor fix certificates' instead of 'dotnet dev-certs' commands - Localizable resource strings for all user-facing text - Structured JSON output matching aspire doctor response format Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR review feedback - Fix ProgressDescription doc to say 'status message' not 'spinner' - Align EvaluateHealActions with doctor: multiple all-trusted certs no longer triggers destructive trust action - Route InteractionService output to stderr in dynamic sub-commands when --format json is requested (BaseCommand routing doesn't apply) - Use HealCommandName instead of HealCommandDescription in category header to avoid awkward 'Applying Fix ... fixes' text - Fix category inconsistency: single untrusted cert now uses 'environment' category like all other dev-cert results Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add CLI end-to-end tests for doctor fix commands Five E2E tests covering the doctor fix command: - Fix certificates with untrusted cert (evaluates and repairs) - Fix certificates with already trusted cert (reports no issues) - Fix --all with untrusted cert (evaluates all checks) - Explicit clean sub-command (removes certificates) - JSON format output (validates structured response) All tests use Docker terminal automation with SequenceCounter for deterministic prompt detection. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Refactor ICertificateToolRunner to sync, fix SSL_CERT_DIR detection, localize strings - Drop async from ICertificateToolRunner: all methods are synchronous (CertificateManager runs in-process, no subprocess needed) - Remove DevCertTrustLevel string constants, use CertificateManager.TrustLevel enum - Remove dead DotNetCliRunner.CheckHttpCertificateMachineReadableAsync - SSL_CERT_DIR fix: detect system OpenSSL cert dir via 'openssl version -d' instead of hardcoding /etc/ssl/certs; always prepend $SSL_CERT_DIR - Localize all DevCertsCheck result strings via DoctorCommandStrings - Keep CLI commands as format args (never localized) - Fix elevation permission strings for consistency - Update all test doubles to match new sync interface Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix E2E test: match actual 'No fixable issues' output string The DoctorFixCertificates_WithTrustedCert_ReportsNoIssues test was searching for 'No issues found' but the actual output is 'No fixable issues were identified.' from DoctorFixCommandStrings. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Replace aspire doctor fix with top-level aspire certificates command - Add CertificatesCommand with clean and trust subcommands - Remove DoctorFixCommand and IHealableEnvironmentCheck infrastructure - Remove DoctorFixCommandStrings resources and 13 XLF files - Remove HealCertificates* entries from DoctorCommandStrings - Update DevCertsCheck to recommend 'aspire certificates clean/trust' - Remove ICertificateToolRunner dependency from DevCertsCheck - Add CertificatesCommandStrings resources with XLF files - Replace DoctorFixCommandTests with CertificatesCommandTests - Replace DevCertsCheckHealTests with DevCertsCheckFixRecommendationTests - Update E2E tests to use aspire certificates clean/trust commands - All 1591 CLI tests pass Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Refactor CertificatesCommand: extract subcommands to DI, rename to certs - Extract CleanCommand and TrustCommand from nested classes to top-level CertificatesCleanCommand and CertificatesTrustCommand, registered in DI following the standard subcommand pattern (matching Secret, Telemetry, etc.) - Rename the CLI command from 'certificates' to 'certs' - Update doctor fix recommendations to reference 'aspire certs' commands - Update all tests and xlf localization notes * Introduce CertificateCleanResult class with MemberNotNullWhen attribute - Replace (bool, string?) tuple with CertificateCleanResult class - Add [MemberNotNullWhen(false, nameof(ErrorMessage))] so ErrorMessage is guaranteed non-null on failure - Surface exception details in clean failure output * Code review fixes: deduplicate helpers, handle user cancellation, remove unused types - Extract CertificateHelpers with shared IsSuccessfulTrustResult and OpenSSL detection - Handle UserCancelledTrustStep in trust command with specific warning message - Detect Windows cert store dialog cancellation (HResult 0x800704C7) in clean command - Add WasCancelled property to CertificateCleanResult - Remove unused DoctorFix types (DoctorFixResponse, DoctorFixActionResult, DoctorFixSummary) - Make CertificateServiceException internal - Add TrustCancelled and CleanCancelled resource strings with localization --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: James Newton-King <james@newtonking.com>
…pphost in extension run, add off setting to enableAspireDashboardAutoLaunch (microsoft#15172) * VS Code extension improvements and CLI fixes * Address review: handle legacy boolean setting values and update XLF strings * Remove trailing period from 'Launch Aspire Dashboard'
* feat: Implement guest SDK generation for TypeScript starter projects * test: address TypeScript starter review feedback
…compliance (microsoft#14696) Add networkIsolationPolicy: Permissive,CFSClean2 to the 1ES pipeline template parameters in both official and unofficial pipeline definitions to resolve the [SFI-ES4.2.4] Network Isolation for CFS endpoints S360 KPI violation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
These directories are not product code and don't need to be scanned by CodeQL. Using path_classifiers to mark them as reference code so they are excluded from analysis results. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…microsoft#15181) * Show error message when Aspire CLI does not support describe command When 'aspire describe --follow' exits without producing valid data, show the errorWelcome view informing the user that the CLI version doesn't support this feature and needs updating. - Track whether describe ever received valid NDJSON data - If process exits without data, set error state to show errorWelcome - If process exits after receiving data, retry with backoff as before - Clear error state on refresh so the error page dismisses immediately * Address review: only error on non-zero exit, clear resources, regenerate XLF - Only treat 'no data received' as an error when exit code is non-zero; exit code 0 with no data means no AppHost is running (normal scenario). - Clear _workspaceResources when setting error so the errorWelcome page is guaranteed to display. - Regenerate aspire-vscode.xlf to reflect updated package.nls.json.
… for aspire init prompts (microsoft#15145) * Fix deployment E2E tests: replace blind timer with explicit WaitUntil for aspire init prompts The 12 failing deployment tests timed out waiting for 'Aspire initialization complete' because the blind 5-second Wait + Enter pattern missed the NuGet.config prompt. The language preference save and template setup now take longer, so the Enter fires before the NuGet.config prompt appears, leaving it stuck. Fix: - Update RunAspireInit helper to use aspire init --language csharp and explicitly WaitUntil the NuGet.config prompt (or init completion) appears instead of a blind 5-second timer - Replace inline aspire init sequences in all 12 failing tests with the shared RunAspireInit helper - Add stopOnFail: false to xunit.runner.json so all tests in a class run even if one fails Fixes: https://github.com/dotnet/aspire/actions/runs/22935754279 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Move AspireInit to shared Hex1bTestHelpers and rename from RunAspireInit Address PR review feedback: - Move the helper from DeploymentE2ETestHelpers to the shared Hex1bTestHelpers file (alongside AspireNew) so both CLI E2E and deployment E2E test projects can use it - Rename from RunAspireInit to AspireInit to avoid confusion with 'aspire run' Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Change Analyzer references to be consistent We have 2 analyzers, but we build and pack them differently. We should use the same pattern. * Refactor analyzer reference logic with opt-out property Remove unnecessary MSBuild attributes from the analyzer ProjectReference. Introduce SkipAspireIntegrationAnalyzersReference MSBuild property to control automatic referencing of Aspire.Hosting.Integration.Analyzers. Replace hardcoded project exclusions with property-based logic for improved maintainability. Set the property in AppHost and RemoteHost projects, and for Roslyn components. * Update unofficial pipeline to use windows.vs2026preview.scout.amd64 VM image The unofficial pipeline was still using the now-removed windows.vs2022preview.amd64 image, causing the build stage to be skipped. Updated to match the official pipeline's image. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Sync unofficial pipeline with official: add Node/yarn/vsce install steps The unofficial pipeline was missing the Node.js, yarn, and vsce installation steps that the official pipeline has before calling the BuildAndTest template. Since BuildAndTest uses /p:BuildExtension=true, the VS Code extension build requires these tools. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Jose Perez Rodriguez <joperezr@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
|
🚀 Dogfood this PR with:
curl -fsSL https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 15191Or
iex "& { $(irm https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 15191" |
Member
Author
|
CCing only the authors who touched the conflicted parts of |
Contributor
There was a problem hiding this comment.
Pull request overview
Merges origin/release/13.2 into main, bringing in updated Aspire Hosting/Dashboard behavior plus related tooling/test updates (CLI certificates commands, integration analyzers packaging, TypeScript SDK/codegen tweaks, VS Code extension UX improvements, and CI workflow enhancements).
Changes:
- Adds/ships Aspire Hosting integration analyzers (disabled by default via MSBuild property) and expands ATS capability/type handling (incl.
ReferenceExpressionand JavaScript resource expansion). - Updates Dashboard API enablement defaults/config/warnings and increases gRPC client max receive size.
- Adds new CLI
certssubcommands and improves polyglot AppHost/TypeScript starter flows; updates VS Code extension tree + dashboard auto-launch configuration.
Reviewed changes
Copilot reviewed 172 out of 181 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| tests/Shared/Hex1bTestHelpers.cs | Adds a reusable aspire init --language csharp terminal sequence for E2E tests. |
| tests/Infrastructure.Tests/WorkflowScripts/auto-rerun-transient-ci-failures.harness.js | Extends harness recorder + GitHub API stubs for comment link handling. |
| tests/Aspire.Hosting.Tests/MSBuildTests.cs | Adds MSBuild tests for integration analyzers default/opt-in behavior and helper to emit Directory.Build.* files. |
| tests/Aspire.Hosting.Tests/Dcp/DcpExecutorTests.cs | Adds coverage for debug session run mode mapping to launch configuration. |
| tests/Aspire.Hosting.Tests/Dashboard/DashboardResourceTests.cs | Updates expectations for dashboard configuration entries. |
| tests/Aspire.Hosting.Tests/Aspire.Hosting.Tests.csproj | Adds PKCS package dependency needed by new certificate bundle support/tests. |
| tests/Aspire.Hosting.RemoteHost.Tests/CapabilityDispatcherTests.cs | Adds tests for ValueTask and background-thread dispatch behavior. |
| tests/Aspire.Hosting.CodeGeneration.TypeScript.Tests/AtsTypeScriptCodeGeneratorTests.cs | Adds tests for ReferenceExpression wrapper placement + JS resource capability expansion. |
| tests/Aspire.Hosting.CodeGeneration.TypeScript.Tests/Aspire.Hosting.CodeGeneration.TypeScript.Tests.csproj | Adds JavaScript hosting project reference for JS expansion tests. |
| tests/Aspire.Hosting.Analyzers.Tests/Aspire.Hosting.Analyzers.Tests.csproj | References Integration.Analyzers project for analyzer test visibility. |
| tests/Aspire.Deployment.EndToEnd.Tests/VnetStorageBlobInfraDeploymentTests.cs | Replaces inline aspire init keystrokes with AspireInit helper. |
| tests/Aspire.Deployment.EndToEnd.Tests/VnetSqlServerInfraDeploymentTests.cs | Replaces inline aspire init keystrokes with AspireInit helper. |
| tests/Aspire.Deployment.EndToEnd.Tests/VnetKeyVaultInfraDeploymentTests.cs | Replaces inline aspire init keystrokes with AspireInit helper. |
| tests/Aspire.Deployment.EndToEnd.Tests/Helpers/DeploymentE2ETestHelpers.cs | Removes older RunAspireInit helper (superseded by shared helper). |
| tests/Aspire.Deployment.EndToEnd.Tests/AzureStorageDeploymentTests.cs | Replaces inline aspire init keystrokes with AspireInit helper. |
| tests/Aspire.Deployment.EndToEnd.Tests/AzureServiceBusDeploymentTests.cs | Replaces inline aspire init keystrokes with AspireInit helper. |
| tests/Aspire.Deployment.EndToEnd.Tests/AzureLogAnalyticsDeploymentTests.cs | Replaces inline aspire init keystrokes with AspireInit helper. |
| tests/Aspire.Deployment.EndToEnd.Tests/AzureKeyVaultDeploymentTests.cs | Replaces inline aspire init keystrokes with AspireInit helper. |
| tests/Aspire.Deployment.EndToEnd.Tests/AzureEventHubsDeploymentTests.cs | Replaces inline aspire init keystrokes with AspireInit helper. |
| tests/Aspire.Deployment.EndToEnd.Tests/AzureContainerRegistryDeploymentTests.cs | Replaces inline aspire init keystrokes with AspireInit helper. |
| tests/Aspire.Deployment.EndToEnd.Tests/AzureAppConfigDeploymentTests.cs | Replaces inline aspire init keystrokes with AspireInit helper. |
| tests/Aspire.Deployment.EndToEnd.Tests/AcaDeploymentErrorOutputTests.cs | Replaces inline aspire init keystrokes with AspireInit helper. |
| tests/Aspire.Deployment.EndToEnd.Tests/AcaCompactNamingDeploymentTests.cs | Replaces inline aspire init keystrokes with AspireInit helper. |
| tests/Aspire.Dashboard.Tests/Integration/TelemetryApiTests.cs | Removes redundant API-disabled test (covered elsewhere after config changes). |
| tests/Aspire.Dashboard.Tests/Integration/StartupTests.cs | Adds log/warning coverage and new API enabled matrix test. |
| tests/Aspire.Dashboard.Tests/Integration/IntegrationTestHelpers.cs | Enables API by default in test app configuration. |
| tests/Aspire.Dashboard.Tests/Integration/FrontendBrowserTokenAuthTests.cs | Updates log expectations to include API unsecured warning. |
| tests/Aspire.Cli.Tests/Utils/CliTestHelper.cs | Registers new certificates commands and updates template factory wiring. |
| tests/Aspire.Cli.Tests/TestServices/TestProjectLocator.cs | Adds settings-only AppHost lookup support for tests. |
| tests/Aspire.Cli.Tests/TestServices/TestLanguageDiscovery.cs | Supports injecting additional languages for polyglot test scenarios. |
| tests/Aspire.Cli.Tests/TestServices/TestCertificateToolRunner.cs | Updates test cert runner to new native certificate API surface. |
| tests/Aspire.Cli.Tests/TestServices/NoProjectFileProjectLocator.cs | Implements new GetAppHostFromSettingsAsync contract. |
| tests/Aspire.Cli.Tests/Commands/RunCommandTests.cs | Updates test project locators to satisfy new interface contract. |
| tests/Aspire.Cli.Tests/Commands/ExtensionInternalCommandTests.cs | Updates test project locators to satisfy new interface contract. |
| tests/Aspire.Cli.Tests/Commands/ExecCommandTests.cs | Updates test project locators to satisfy new interface contract. |
| tests/Aspire.Cli.Tests/Commands/CertificatesCommandTests.cs | Adds CLI help coverage for new certs command and subcommands. |
| tests/Aspire.Cli.EndToEnd.Tests/TypeScriptStarterTemplateTests.cs | Verifies TypeScript starter generation also restores/generated SDK artifacts. |
| src/Shared/KnownConfigNames.cs | Adds env var constant for dashboard API enablement. |
| src/Shared/DashboardConfigNames.cs | Adds config name wrapper for dashboard API enablement. |
| src/Directory.Build.targets | Switches analyzer reference over to Integration.Analyzers with skip knob for Roslyn components. |
| src/Aspire.Hosting/buildTransitive/Aspire.Hosting.targets | Adds transitive MSBuild logic to include integration analyzer when enabled. |
| src/Aspire.Hosting/Dashboard/DashboardEventHandlers.cs | Forces dashboard API enablement when hosting dashboard via AppHost. |
| src/Aspire.Hosting/Ats/AtsCapabilityScanner.cs | Fixes compatibility-map registration to include concrete types under their own type id. |
| src/Aspire.Hosting/Aspire.Hosting.csproj | Packs transitive targets + integration analyzer into Aspire.Hosting package. |
| src/Aspire.Hosting/ApplicationModel/ReferenceExpression.cs | Exports GetValueAsync for polyglot/ATS invocation. |
| src/Aspire.Hosting/ApplicationModel/CertificateTrustExecutionConfigurationGatherer.cs | Improves trust configuration context + supports custom bundle generators. |
| src/Aspire.Hosting/ApplicationModel/CertificateTrustConfigurationCallbackAnnotation.cs | Adds experimental API to create custom certificate bundles via callbacks. |
| src/Aspire.Hosting.RemoteHost/Program.cs | Removes RemoteHost executable entry point. |
| src/Aspire.Hosting.RemoteHost/Ats/CapabilityDispatcher.cs | Refactors async result unwrapping; adds ValueTask support. |
| src/Aspire.Hosting.RemoteHost/Aspire.Hosting.RemoteHost.csproj | Changes RemoteHost to non-packable (and no longer an exe). |
| src/Aspire.Hosting.Integration.Analyzers/Aspire.Hosting.Integration.Analyzers.csproj | Adds new integration analyzer project (netstandard2.0). |
| src/Aspire.Hosting.Integration.Analyzers/AnalyzerReleases.Unshipped.md | Adds analyzer rule tracking for ASPIREEXPORT* diagnostics. |
| src/Aspire.Hosting.Integration.Analyzers/AnalyzerReleases.Shipped.md | Initializes shipped analyzer tracking file. |
| src/Aspire.Hosting.CodeGeneration.TypeScript/Resources/base.ts | Adds ReferenceExpression.getValue() and registers a handle wrapper in base.ts. |
| src/Aspire.Hosting.CodeGeneration.TypeScript/AtsTypeScriptCodeGenerator.cs | Skips generating duplicate ReferenceExpression model in aspire.ts. |
| src/Aspire.Hosting.AppHost/Aspire.Hosting.AppHost.csproj | Skips integration analyzer reference for this packable SDK project. |
| src/Aspire.Hosting.Analyzers/AnalyzerReleases.Unshipped.md | Removes ASPIREEXPORT* entries (moved to Integration.Analyzers project). |
| src/Aspire.Dashboard/ServiceClient/DashboardClient.cs | Enlarges gRPC max receive size to 16MB. |
| src/Aspire.Dashboard/DashboardWebApplication.cs | Uses nullable Enabled flag safely to gate API warning. |
| src/Aspire.Dashboard/DashboardEndpointsBuilder.cs | Changes telemetry API mapping default to disabled unless enabled. |
| src/Aspire.Dashboard/Configuration/PostConfigureDashboardOptions.cs | Reads API enablement from config when not explicitly set. |
| src/Aspire.Dashboard/Configuration/DashboardOptions.cs | Updates docs: API enabled now defaults to false. |
| src/Aspire.Dashboard/Components/Layout/MainLayout.razor.cs | Updates API warning gating to nullable bool default behavior. |
| src/Aspire.Cli/Utils/FileSystemHelper.cs | Adds fast “find first file” helper for shallow workspace detection. |
| src/Aspire.Cli/Utils/EnvironmentChecker/DotNetSdkCheck.cs | Skips .NET SDK check when AppHost language is non-.NET (polyglot). |
| src/Aspire.Cli/Templating/CliTemplateFactory.cs | Updates factory dependencies (inject project factory); removes private process-run helpers. |
| src/Aspire.Cli/Templating/CliTemplateFactory.TypeScriptStarterTemplate.cs | Replaces npm install with aspire restore-style SDK generation for TS starter. |
| src/Aspire.Cli/Resources/xlf/DoctorCommandStrings.tr.xlf | Adds doctor strings for dev-certs diagnostics (TR). |
| src/Aspire.Cli/Resources/xlf/DoctorCommandStrings.ru.xlf | Adds doctor strings for dev-certs diagnostics (RU). |
| src/Aspire.Cli/Resources/xlf/DoctorCommandStrings.ko.xlf | Adds doctor strings for dev-certs diagnostics (KO). |
| src/Aspire.Cli/Resources/xlf/DoctorCommandStrings.it.xlf | Adds doctor strings for dev-certs diagnostics (IT). |
| src/Aspire.Cli/Resources/xlf/DoctorCommandStrings.fr.xlf | Adds doctor strings for dev-certs diagnostics (FR). |
| src/Aspire.Cli/Resources/xlf/DoctorCommandStrings.es.xlf | Adds doctor strings for dev-certs diagnostics (ES). |
| src/Aspire.Cli/Resources/xlf/DoctorCommandStrings.de.xlf | Adds doctor strings for dev-certs diagnostics (DE). |
| src/Aspire.Cli/Resources/xlf/CertificatesCommandStrings.zh-Hant.xlf | Adds localized strings for new certs command (zh-Hant). |
| src/Aspire.Cli/Resources/xlf/CertificatesCommandStrings.zh-Hans.xlf | Adds localized strings for new certs command (zh-Hans). |
| src/Aspire.Cli/Resources/xlf/CertificatesCommandStrings.tr.xlf | Adds localized strings for new certs command (TR). |
| src/Aspire.Cli/Resources/xlf/CertificatesCommandStrings.ru.xlf | Adds localized strings for new certs command (RU). |
| src/Aspire.Cli/Resources/xlf/CertificatesCommandStrings.pt-BR.xlf | Adds localized strings for new certs command (pt-BR). |
| src/Aspire.Cli/Resources/xlf/CertificatesCommandStrings.pl.xlf | Adds localized strings for new certs command (PL). |
| src/Aspire.Cli/Resources/xlf/CertificatesCommandStrings.ko.xlf | Adds localized strings for new certs command (KO). |
| src/Aspire.Cli/Resources/xlf/CertificatesCommandStrings.ja.xlf | Adds localized strings for new certs command (JA). |
| src/Aspire.Cli/Resources/xlf/CertificatesCommandStrings.it.xlf | Adds localized strings for new certs command (IT). |
| src/Aspire.Cli/Resources/xlf/CertificatesCommandStrings.fr.xlf | Adds localized strings for new certs command (FR). |
| src/Aspire.Cli/Resources/xlf/CertificatesCommandStrings.es.xlf | Adds localized strings for new certs command (ES). |
| src/Aspire.Cli/Resources/xlf/CertificatesCommandStrings.de.xlf | Adds localized strings for new certs command (DE). |
| src/Aspire.Cli/Resources/xlf/CertificatesCommandStrings.cs.xlf | Adds localized strings for new certs command (CS). |
| src/Aspire.Cli/Resources/DoctorCommandStrings.resx | Adds dev-certs doctor messages and formats. |
| src/Aspire.Cli/Resources/CertificatesCommandStrings.resx | Adds resource strings for new certs command. |
| src/Aspire.Cli/Projects/ProjectLocator.cs | Adds settings-only AppHost lookup API and silent mode. |
| src/Aspire.Cli/Projects/IGuestAppHostSdkGenerator.cs | Introduces interface for guest AppHost SDK generation. |
| src/Aspire.Cli/Projects/GuestAppHostProject.cs | Implements SDK generation interface for guest AppHosts. |
| src/Aspire.Cli/Program.cs | Registers new certificates commands in main CLI DI container. |
| src/Aspire.Cli/JsonSourceGenerationContext.cs | Removes dev-certs JSON model from generated context (no longer parsed). |
| src/Aspire.Cli/Interaction/BannerService.cs | Strips SemVer build metadata from displayed CLI version. |
| src/Aspire.Cli/DotNet/DotNetCliRunner.cs | Removes dotnet dev-certs machine-readable parsing/trust helpers. |
| src/Aspire.Cli/Commands/RunCommand.cs | Simplifies status message while connecting to AppHost. |
| src/Aspire.Cli/Commands/RootCommand.cs | Adds certs command to root CLI command set. |
| src/Aspire.Cli/Commands/CertificatesTrustCommand.cs | Adds certs trust command implementation (native cert manager). |
| src/Aspire.Cli/Commands/CertificatesCommand.cs | Adds certs command container with subcommands. |
| src/Aspire.Cli/Commands/CertificatesCleanCommand.cs | Adds certs clean command implementation. |
| src/Aspire.Cli/Certificates/NativeCertificateToolRunner.cs | Implements native certificate check/trust/clean via CertificateManager. |
| src/Aspire.Cli/Certificates/ICertificateToolRunner.cs | Updates interface to sync/native cert operations (check/trust/clean). |
| src/Aspire.Cli/Certificates/DevCertInfo.cs | Refactors certificate models + adds CertificateCleanResult. |
| src/Aspire.Cli/Certificates/CertificateHelpers.cs | Adds shared helpers for trust-result checking and OpenSSL dir detection. |
| src/Aspire.Cli/Certificates/CertificateGeneration/WindowsCertificateManager.cs | Improves cancellation detection for Windows trust prompts. |
| playground/TypeScriptApps/AzureFunctionsSample/TypeScriptFunctions/tsconfig.json | Adds Azure Functions TS sample config. |
| playground/TypeScriptApps/AzureFunctionsSample/TypeScriptFunctions/src/index.ts | Adds Azure Functions TS sample entrypoint. |
| playground/TypeScriptApps/AzureFunctionsSample/TypeScriptFunctions/src/functions/queueTrigger.ts | Adds queue trigger sample. |
| playground/TypeScriptApps/AzureFunctionsSample/TypeScriptFunctions/src/functions/httpTrigger.ts | Adds HTTP trigger sample. |
| playground/TypeScriptApps/AzureFunctionsSample/TypeScriptFunctions/src/functions/eventHubTrigger.ts | Adds EventHub trigger sample. |
| playground/TypeScriptApps/AzureFunctionsSample/TypeScriptFunctions/src/functions/blobTrigger.ts | Adds blob trigger sample. |
| playground/TypeScriptApps/AzureFunctionsSample/TypeScriptFunctions/package.json | Adds Azure Functions TS sample dependencies. |
| playground/TypeScriptApps/AzureFunctionsSample/TypeScriptFunctions/host.json | Adds Functions host config with OTEL telemetry mode. |
| playground/TypeScriptApps/AzureFunctionsSample/TypeScriptApiService/tsconfig.json | Adds TS API service config for sample. |
| playground/TypeScriptApps/AzureFunctionsSample/TypeScriptApiService/src/app.ts | Adds Express API service for sample scenario. |
| playground/TypeScriptApps/AzureFunctionsSample/TypeScriptApiService/package.json | Adds dependencies/scripts for TS API service. |
| playground/TypeScriptApps/AzureFunctionsSample/AppHost/tsconfig.json | Adds TS AppHost config (includes generated .modules). |
| playground/TypeScriptApps/AzureFunctionsSample/AppHost/package.json | Adds TS AppHost scripts/deps for sample. |
| playground/TypeScriptApps/AzureFunctionsSample/AppHost/apphost.ts | Adds TS AppHost wiring resources for Azure Functions sample. |
| playground/TypeScriptApps/AzureFunctionsSample/AppHost/apphost.run.json | Adds run profile env vars for TS AppHost sample. |
| playground/TypeScriptApps/AzureFunctionsSample/AppHost/.modules/.codegen-hash | Adds generated SDK hash for sample. |
| playground/TypeScriptApps/AzureFunctionsSample/.vscode/launch.json | Adds VS Code launch config for sample. |
| playground/TypeScriptAppHost/.modules/transport.ts | Adds client arg validation + usage error type/logic. |
| extension/src/views/AspireAppHostTreeProvider.ts | Adds hierarchical resource grouping + stable sorting in Aspire tree view. |
| extension/src/views/AppHostDataRepository.ts | Adds resource properties field and improves describe follow restart/error handling. |
| extension/src/utils/AspireTerminalProvider.ts | Adds yellow ANSI color constant. |
| extension/src/test/rpc/interactionServiceTests.test.ts | Updates tests for new dashboard auto-launch enum values. |
| extension/src/test/appHostTreeView.test.ts | Updates resource shape in test helpers to include properties. |
| extension/src/server/interactionService.ts | Adds settings action, refresh command, and enum/legacy handling for dashboard auto-launch. |
| extension/src/loc/strings.ts | Adds localized strings for settings label and apphost termination notification. |
| extension/src/debugger/languages/dotnet.ts | Simplifies build logic (always build before launch). |
| extension/src/debugger/AspireDebugSession.ts | Emits terminal message when apphost terminates; minor tracker refactor. |
| extension/package.nls.json | Updates localized descriptions and config enum strings. |
| extension/package.json | Changes dashboard auto-launch config from boolean -> enum string. |
| extension/loc/xlf/aspire-vscode.xlf | Adds/updates localization entries for new config + strings. |
| eng/pipelines/azure-pipelines.yml | Adds 1ES network isolation settings. |
| eng/pipelines/azure-pipelines-unofficial.yml | Updates pool image and installs Node/yarn/vsce before build/test template. |
| eng/Versions.props | Adds central version property for System.Security.Cryptography.Pkcs. |
| docs/ci/auto-rerun-transient-ci-failures.md | Updates doc to reflect workflow_dispatch rerun behavior and dry-run input. |
| Directory.Packages.props | Adds central package version entry for System.Security.Cryptography.Pkcs. |
| Aspire.slnx | Adds Integration.Analyzers and Aspire.Managed project entries. |
| .github/workflows/auto-rerun-transient-ci-failures.yml | Adds manual dry-run input and enables workflow_dispatch reruns. |
| .CodeQL.yml | Excludes playground/tests from CodeQL scanning. |
Files not reviewed (5)
- playground/TypeScriptApps/AzureFunctionsSample/AppHost/package-lock.json: Language not supported
- playground/TypeScriptApps/AzureFunctionsSample/TypeScriptApiService/package-lock.json: Language not supported
- playground/TypeScriptApps/AzureFunctionsSample/TypeScriptFunctions/package-lock.json: Language not supported
- src/Aspire.Cli/Resources/CertificatesCommandStrings.Designer.cs: Language not supported
- src/Aspire.Cli/Resources/DoctorCommandStrings.Designer.cs: Language not supported
Comments suppressed due to low confidence (10)
src/Shared/DashboardConfigNames.cs:1
- The new config name is introduced as
DashboardAspireApiEnabledName, but test changes in this PR referenceDashboardConfigNames.DashboardApiEnabledName(e.g., IntegrationTestHelpers.cs). This is likely a compile break and/or inconsistent naming. Consider renaming this field toDashboardApiEnabledName(and optionally keepingDashboardAspireApiEnabledNameas an obsolete alias) to align with existing naming patterns (DashboardAIDisabledName,DashboardMcp...Name) and to match call sites.
src/Aspire.Hosting/Dashboard/DashboardEventHandlers.cs:1 - This unconditionally forces the dashboard API enabled via environment variable, which prevents users from disabling it through configuration/environment overrides. If the intent is 'enable by default when hosted by AppHost' rather than 'always on', consider only setting this value when it isn't already present (or when the configuration key is unset), so an explicit
falsecan still be respected.
tests/Aspire.Hosting.Tests/MSBuildTests.cs:1 - These test-generated MSBuild files embed Windows-style path separators (
\\) intoProjectReference/Importpaths. On non-Windows test agents this can break project loading / imports. Prefer using forward slashes in MSBuild XML paths (MSBuild accepts/on Windows too) or construct paths viaPath.Combine(...)and normalize to/before writing to the .csproj/targets content.
tests/Aspire.Hosting.Tests/MSBuildTests.cs:1 - These test-generated MSBuild files embed Windows-style path separators (
\\) intoProjectReference/Importpaths. On non-Windows test agents this can break project loading / imports. Prefer using forward slashes in MSBuild XML paths (MSBuild accepts/on Windows too) or construct paths viaPath.Combine(...)and normalize to/before writing to the .csproj/targets content.
tests/Aspire.Hosting.Tests/MSBuildTests.cs:1 - These test-generated MSBuild files embed Windows-style path separators (
\\) intoProjectReference/Importpaths. On non-Windows test agents this can break project loading / imports. Prefer using forward slashes in MSBuild XML paths (MSBuild accepts/on Windows too) or construct paths viaPath.Combine(...)and normalize to/before writing to the .csproj/targets content.
src/Aspire.Cli/Utils/EnvironmentChecker/DotNetSdkCheck.cs:1 - The XML doc says this method 'Only returns true when a settings file is found and the apphost is a .NET project', but the implementation also returns
truebased on a shallow filesystem scan when there is no settings file. Either update the doc comment to reflect the fallback behavior, or change the logic to match the documented contract.
src/Aspire.Cli/Utils/FileSystemHelper.cs:1 - Catching all exceptions here can mask unexpected failures (e.g.,
ArgumentExceptionfrom invalid patterns/root,PathTooLongException, etc.) and make diagnosis harder. Consider catching specific expected IO exceptions (e.g.,UnauthorizedAccessException,IOException) and letting unexpected exceptions bubble/log (or at least include debug logging) so genuine bugs don't get silently swallowed.
src/Aspire.Cli/Commands/CertificatesCleanCommand.cs:1 - The clean command returns
ExitCodeConstants.FailedToTrustCertificatesfor both cancel and failure paths. Even if you intentionally reuse the same exit code, the name is misleading for callers/telemetry and future maintainers. Consider introducing aFailedToCleanCertificates(and potentiallyCancelledCertificateClean) exit code, or at least add a comment explaining why 'trust' exit codes are reused for 'clean'.
src/Aspire.Hosting/ApplicationModel/CertificateTrustExecutionConfigurationGatherer.cs:1 - The documentation says
CustomBundlesFactoriesis keyed by the bundle's relative path under the root certificates path, butCreateCustomBundle(...)stores generators keyed by a generated bundle id (and not a relative path). Please align the doc with the actual key semantics, or change the stored key to match the documented 'relative path' contract.
src/Aspire.Hosting.RemoteHost/Aspire.Hosting.RemoteHost.csproj:1 - This project no longer sets
OutputType=Exeand is markedIsPackable=false(and Program.cs is removed in this PR), which changes the produced artifact from a distributable server executable to a non-packable library. If this project is still expected to produce the pre-built remote host server for bundle/polyglot scenarios, this would be a breaking operational change; consider documenting the new packaging/execution path or restoring an explicit entry point/artifact where required.
Member
Author
|
@copilot Why are the Cli.EndtoEnd tests failing here? Did we mess up something in the conflict resolution? |
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Member
Author
|
Pushed a follow-up fix for the red CLI/polyglot jobs to this PR. What I changed:
Why this was needed:
Failures this explains:
Validation I ran locally:
This does not explain the separate |
joperezr
approved these changes
Mar 13, 2026
| KeyPath = ReferenceExpression.Create($"{serverAuthCertificatesBasePath}/{cert.Thumbprint}.key"), | ||
| PfxPath = ReferenceExpression.Create($"{serverAuthCertificatesBasePath}/{cert.Thumbprint}.pfx"), | ||
| }) | ||
| .AddExecutionConfigurationGatherer(new OtlpEndpointReferenceGatherer()) |
Member
There was a problem hiding this comment.
@danegsta @karolz-ms Can you double check that the changes on this file are correct for main? I believe this was one of the ones that had merge conflicts so would be good to double check.
Contributor
Contributor
There was a problem hiding this comment.
I am going to try to merge these two manually, stay tuned.
Contributor
| Task<EnsureCertificatesTrustedResult> EnsureCertificatesTrustedAsync(CancellationToken cancellationToken); | ||
| } | ||
|
|
||
| internal sealed partial class CertificateService( |
Member
There was a problem hiding this comment.
@danegsta can you double check and ensure the changes on this file are correct?
| var systemCertDirs = new List<string>(); | ||
|
|
||
| if (TryGetOpenSslCertsDirectory(out var openSslCertsDir)) | ||
| if (CertificateHelpers.TryGetOpenSslDirectory(out var openSslDir)) |
| @@ -505,14 +459,71 @@ public void Register( | |||
|
|
|||
| private static async Task<object?> InvokeMethodAsync(MethodInfo method, object? target, object?[] methodArgs, bool runSyncOnBackgroundThread) | |||
Member
There was a problem hiding this comment.
@IEvangelist Can you take a look at this file? We should make sure we aren't undoing #14784 by mistake.
Contributor
|
The transient CI rerun workflow requested reruns for the following jobs after analyzing the failed attempt.
|
Member
Author
|
Non-trivial conflict resolved: I took the That preserves the updated user-secrets / |
Member
Author
|
Non-trivial conflict resolved: I took the The conflict was between the older fluent |
Member
|
Merging this in to prevent further disalignment. We can iterate on main if there are things that need to be fixed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
origin/release/13.2intomain13.2side for the one content conflict we hit during the mergerelease/13.2Conflict fixes
There was one content conflict in
src/Aspire.Hosting/Dcp/DcpExecutor.cs.origin/mainandorigin/release/13.2had diverged in the container tunnel/startup sequencing in that file. Rather than keep a hybrid resolution, I compared both sides and resolved the file in favor of theorigin/release/13.2implementation, since13.2is currently carrying the active development for this area.That means the merge keeps the
13.2flow for:RunApplicationAsyncFollow-up fix for red CLI/polyglot jobs
After the merge, the red
Cli.EndToEnd-*jobs and allPolyglot SDK Validationjobs were not caused byDcpExecutor.They were caused by the backmerged native certificate path from
release/13.2(CertificateService/NativeCertificateToolRunner). On Linux,TrustHttpCertificate()was callingEnsureAspNetCoreHttpsDevelopmentCertificate(trust: true), which probesStoreLocation.LocalMachine+StoreName.Myand fails on Unix withPlatformNotSupportedException.This branch now fixes that by keeping the existing Windows behavior but using a Linux-specific CurrentUser-only path in
NativeCertificateToolRunner:TrustCertificate()without enumeratingLocalMachine\MyRemaining failures
Hosting-2andHosting.Azureare still separate Hosting/DCP regressions and are not explained by the certificate issue.Validation
./restore.sh./dotnet.sh test tests/Aspire.Hosting.Tests/Aspire.Hosting.Tests.csproj -- --filter-class "*.DcpExecutorTests" --filter-not-trait "quarantined=true" --filter-not-trait "outerloop=true"dotnet test tests/Aspire.Cli.Tests/Aspire.Cli.Tests.csproj -- --filter-class "*.CertificateServiceTests" --filter-class "*.NativeCertificateToolRunnerTests" --filter-not-trait "quarantined=true" --filter-not-trait "outerloop=true"Result:
75DcpExecutorTestspassed,0failed8CLI certificate tests passed,0failedCC @danegsta @davidfowl @karolz-ms @JamesNK @afscrome @ReubenBond @MermaidIsla