Agent-Logs-Url: https://github.com/microsoft/aspire/sessions/42367a1d-b584-439d-a6e1-5cde4d83ea53

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: joperezr <13854455+joperezr@users.noreply.github.com>

…ders (#16023)

* Remove telemetry API data limits and refactor URL builders

- Remove MaxQueryCount from TelemetryApiService, use int.MaxValue so
  storage queries return all data and limits are controlled by callers.
- Add TelemetryCommandHelpers.MaxTelemetryLimit (int.MaxValue) for CLI
  export and MCP tools to fetch all available telemetry data.
- Refactor DashboardUrls telemetry URL builders from params tuples to
  explicit named parameters matching MapTelemetryApi endpoints.
- Replace BuildQueryString with AddQueryString pattern for consistency.
- Update tests for new URL builder signatures and large limit scenarios.

* Add tests verifying limit returns most recent telemetry

Add GetSpans_WithLimit_ReturnsMostRecentSpans,
GetTraces_WithLimit_ReturnsMostRecentTraces, and
GetLogs_WithLimit_ReturnsMostRecentLogs tests to TelemetryApiServiceTests.

* Add comments explaining MCP tools fetch all data and limit later

* Fix missing System.Globalization using in TelemetryLogsCommand and TelemetrySpansCommand

---------

Co-authored-by: James Newton-King <james@newtonking.com>

…ication containers on Windows) (#16123)

* Fix issue 15806 ("aspire stop" is not cleaning up application containers) (#16006)

* Fix issue 15806

* Change default process start time check tolerance to 1 second

(to match the start time granularity used by the backchannel)

* Address code review feedback from Mitch

* Add ExecuteCommandUntilOutputAsync test helper

* Ensure containers are cleaned up by "aspire stop" command

* Improved check for container cleanup
# Conflicts:
#	src/Aspire.Cli/Program.cs

* Less frantic polling for results during CLI tests

Should fix #16076

* Fix formatting

…mat change (#16134)

* Fix Playwright CLI provenance verification for tag format change (#16087)

* Fix Playwright CLI provenance verification for tag format change

@playwright/cli 0.1.7 changed their git tag naming convention from
'v0.1.7' to '0.1.7' (dropped the 'v' prefix). This caused our
provenance verification to fail with WorkflowRefMismatch.

- Accept both tag formats (with and without 'v' prefix) in the
  validateWorkflowRef callback for forward/backward compatibility
- Add test verifying both tag formats pass validation

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add E2E test for aspire new with agent init and Playwright install

Exercises the full aspire new → agent init → Playwright CLI install
flow end-to-end, verifying no provenance verification errors appear.
This is the primary regression test for tag format changes in upstream
@playwright/cli releases.

The test accepts the agent init prompt (instead of declining), selects
Playwright CLI during skill selection, and fails fast if a provenance
verification error is detected during npm package installation.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add negative assertions for workflow ref validator

Verify the provenance validator rejects wrong versions and branch refs,
not just that it accepts the expected tag formats.

Addresses review feedback from @JamesNK.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Split the bundle payload pipeline step into three phases so that
aspire-managed goes through Arcade's signing infrastructure before
CreateLayout packs it into the bundle archive:

1. dotnet publish - produces the self-contained single-file binary
2. build.cmd/sh -restore -sign - Arcade signs it via ItemsToSign
3. Bundle.proj /t:_RestoreDcpPackage;_RunCreateLayout - creates the
   tar.gz archive with the already-signed binary

Changes:
- eng/Signing.props: Add FileSignInfo and ItemsToSign entries for
  aspire-managed.exe (Windows) and aspire-managed (Linux/macOS)
- eng/pipelines/templates/BuildAndTest.yml: Split bundle payload step
  into publish, sign, and layout steps per RID
- eng/pipelines/templates/build_sign_native.yml: Same restructuring
  for macOS/Linux native stage (sign step conditional on codeSign)

Fixes #15989

Co-authored-by: Jose Perez Rodriguez <joperezr@microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix CodeQL pipeline to build all code without publishing

The CodeQL pipeline (definition 1599) has been failing on main for
weeks due to two issues:

1. cibuild.cmd hardwires -publish, which triggers VSIX validation in
   Publishing.props expecting a .vsix file that was never built
   (BuildExtension defaults to false).

2. Stale release/* branches with unavailable SDK versions.

Fix by:
- Using build.cmd with explicit -restore -build flags only (no -test,
  -sign, -pack, or -publish) so all code is compiled for CodeQL
  analysis without publishing artifacts.
- Adding /p:BuildExtension=true and Node.js/yarn/vsce prerequisites
  so the VS Code extension is included in the analysis.
- Adding /p:SkipNativeBuild=true to skip slow native AOT CLI builds
  that aren't useful for CodeQL C#/TS analysis.
- Narrowing scheduled branches to main and release/13.2 only.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Increase native build+sign timeout to 60 minutes

The recent change to sign aspire-managed and aspire-cli separately added
extra time to the macOS native build jobs. The previous 40-minute timeout
was no longer sufficient, causing osx_x64 jobs to fail with worker timeout
errors on the main branch.

Increase the timeout from 40 to 60 minutes to accommodate the additional
signing steps.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Revert unintended changes to azure-pipelines-codeql.yml

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Jose Perez Rodriguez <joperezr@microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

…rt trust, and CI verification (#16215)

* Add macOS JIT entitlements and ad-hoc codesign step for aspire-managed

macOS hardened runtime blocks CoreCLR JIT (W^X memory mapping) unless the
binary carries com.apple.security.cs.allow-jit and related entitlements.
MicroBuild's MacDeveloperHardenWithNotarization signing preserves
entitlements from a prior ad-hoc signature, so we codesign with the
entitlements plist before Arcade signing.

This follows the same pattern used by dotnet/sdk for Roslyn managed
binaries (roslyn-entitlements.plist).

Fixes #16043

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Co-authored-by: joperezr <13854455+joperezr@users.noreply.github.com>

* Restore execute permissions on aspire-managed after MicroBuild signing

MicroBuild rewrites the binary file during signing, which resets Unix
file permissions to the default umask (typically 644). The execute bit
must be restored before CreateLayout packs the binary into the CLI
archive. Without this, macOS and Linux archives contain a non-executable
aspire-managed binary.

Fixes #16043

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Co-authored-by: joperezr <13854455+joperezr@users.noreply.github.com>

* Narrow non-interactive cert trust skip to macOS and Windows only

Backport of fbdac8a with conflict resolution:
- Added EnsureHttpCertificateExists() to ICertificateToolRunner and NativeCertificateToolRunner
- Added ICliHostEnvironment parameter to CertificateService constructor
- Updated CliTestHelper default CertificateServiceFactory to pass ICliHostEnvironment
- Added IsSuccessfulEnsureResult helper method
- Added TestCliHostEnvironment and new non-interactive test cases

Co-authored-by: joperezr <13854455+joperezr@users.noreply.github.com>

* Add CLI archive verification scripts

Add verify-cli-archive.sh (Linux/macOS) and verify-cli-archive.ps1
(Windows) scripts that validate a signed CLI archive by:
  1. Extracting the archive to a temp location
  2. Running 'aspire --version' to verify the binary executes
  3. Running 'aspire new aspire-starter' to test bundle self-extraction
     and project creation (exercises aspire-managed)
  4. Cleaning up temp state (backs up and restores ~/.aspire)

These scripts will be wired into the CI pipeline to catch signing and
permissions regressions before they reach users.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Co-authored-by: joperezr <13854455+joperezr@users.noreply.github.com>

* Wire CLI archive verification into CI pipelines

Add post-signing verification steps to both build_sign_native.yml
(macOS/Linux) and BuildAndTest.yml (Windows) that run the verification
scripts after the CLI archives are built and signed.

Verification runs for RIDs that can fully execute on the build agent:
  - macOS (Apple Silicon): osx-arm64 only
  - Linux (amd64): linux-x64 only
  - Windows: win-x64

This ensures that signing/permissions regressions (like the ones fixed
in this PR) are caught during the official build before release.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Co-authored-by: joperezr <13854455+joperezr@users.noreply.github.com>

* Address PR feedback: restore testability and fix scripts

- Restore mockable isNonInteractiveTrustSupported parameter in
  CertificateService for testability (was Func<bool> isWindows)
- Fix cert tests to use explicit mocks instead of OS-dependent assertions
- Move backup dir into VERIFY_TMPDIR to avoid orphaned temp dirs
- Fix BuildAndTest.yml comment to match actual script behavior

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Co-authored-by: joperezr <13854455+joperezr@users.noreply.github.com>

* Add EnsureHttpCertificateExists to shared TestCertificateToolRunner

The TestCertificateToolRunner in TestServices/ also needs to implement the
EnsureHttpCertificateExists method added to ICertificateToolRunner as part
of the backport.

Co-authored-by: joperezr <13854455+joperezr@users.noreply.github.com>

* Remove non-entitlement changes from backport

Keep only macOS entitlements plist and build_sign_native.yml
signing changes. Remove CI verification scripts, cert trust
changes, and related test updates.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add CI verification scripts for signed CLI archives

Restore BuildAndTest.yml wiring and verify-cli-archive scripts
to validate signed archives work correctly after signing.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Ankit Jain <radical@gmail.com>
Co-authored-by: joperezr <13854455+joperezr@users.noreply.github.com>
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Jose Perez Rodriguez <joperezr@microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix service discovery key generation and add per-endpoint service name support

Fix scheme key computation in service discovery environment variables:
- Endpoints named 'http'/'https' use the actual URI scheme as the key,
  correctly handling TLS upgrades (e.g., endpoint 'http' with scheme
  'https' produces services__svc__https__0).
- All other endpoint names (e.g., 'prometheus', 'management') use the
  endpoint name as the key, restoring the ability to differentiate
  multiple logical services from a single resource.

Add optional 'name' parameter to WithReference(EndpointReference):
- Allows custom service names for individual endpoint references,
  enabling scenarios like services__kafka-admin__admin__0.
- ApplyEndpoints now keys annotations on (resource, serviceName) to
  support multiple named references to the same resource.

Fix YARP destination address generation:
- Endpoints named 'http'/'https' use standard resolution without the
  underscore prefix (http://resourceName).
- Other endpoint names keep the named endpoint DNS-SD convention
  (http://_endpointName.resourceName), which now works correctly
  because the service discovery key uses the endpoint name.

Apply same scheme key fix to DevTunnels for consistency.

Fixes #15925

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix service discovery key generation for named endpoints

Fix scheme key computation in service discovery environment variables:
- Endpoints named 'http'/'https' use the actual URI scheme as the key,
  correctly handling TLS upgrades (e.g., endpoint 'http' with scheme
  'https' produces services__svc__https__0).
- All other endpoint names (e.g., 'prometheus', 'management') use the
  endpoint name as the key, restoring the ability to differentiate
  multiple logical services from a single resource.

Fix YARP destination address generation:
- Endpoints named 'http'/'https' use standard resolution without the
  underscore prefix (http://resourceName).
- Other endpoint names keep the named endpoint DNS-SD convention
  (http://_endpointName.resourceName), which now works correctly
  because the service discovery key uses the endpoint name.

Apply same scheme key fix to DevTunnels for consistency.

Fixes #15925

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add helper on endpoint to check for http/https name

* Regenerate CodeGeneration verified snapshots

Update TwoPassScanningGeneratedAspire snapshots for all polyglot
languages (Go, Java, Python, Rust, TypeScript) to include the new
EndpointReference.IsHttpSchemeNamedEndpoint property.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Update Docker Compose snapshot for named endpoint scheme keys

The custom1-custom4 endpoints now use their endpoint names as service
discovery keys instead of being indexed under the http scheme.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Update Kubernetes snapshots for named endpoint scheme keys

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Regenerate CodeGeneration verified snapshots for release/13.2

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Regenerate Kubernetes verified snapshot for release/13.2

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Avoid new public method in service release

* Update dev tunnel resource too

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

The osx-arm64 Verify CLI archive step hangs at 'Trusting certificates...'
during 'aspire new', consuming the entire 60 minute job timeout and
failing the release/13.2 build. Remove the step temporarily so that
official builds can complete. Re-enable once the dev-cert trust hang on
macOS hosted agents is resolved.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

…#16285)

The 'Verify CLI archive (win-x64)' step in BuildAndTest.yml is hanging/
timing out on Windows agents, similar to the osx-arm64 verification step
that was previously disabled in #16276. Disabling this step on release/13.2
to unblock the release pipeline. A follow-up will be needed to fix the
underlying hang in aspire new / dev-cert trust before re-enabling.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Agent-Logs-Url: https://github.com/microsoft/aspire/sessions/c6825566-596f-4eb1-a2d5-062238ac65e4

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: joperezr <13854455+joperezr@users.noreply.github.com>