Add AGENTS.md with comprehensive build and test documentation#1627
Merged
Conversation
Co-authored-by: TimHess <3947063+TimHess@users.noreply.github.com>
Co-authored-by: TimHess <3947063+TimHess@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Add agents.md and related JavaScriptEncoder changes
Add AGENTS.md with build/test documentation
Nov 25, 2025
Member
|
@copilot review the commit history in #1571 to see the JavaScriptEncoder changes from Also, the Steeltoe Azure Container Registry allows anonymous pulls and no agent will have credentials that work with it. Update Agents.md accordingly |
…h UnicodeRanges and update AGENTS.md for Azure Container Registry Co-authored-by: TimHess <3947063+TimHess@users.noreply.github.com>
Contributor
Author
Done. Changed JavaScriptEncoder from |
Copilot
AI
changed the title
Add AGENTS.md with build/test documentation
Add AGENTS.md and improve JavaScriptEncoder configuration
Nov 26, 2025
TimHess
reviewed
Nov 26, 2025
…code style validation section Co-authored-by: TimHess <3947063+TimHess@users.noreply.github.com>
TimHess
reviewed
Nov 26, 2025
…TS.md Co-authored-by: TimHess <3947063+TimHess@users.noreply.github.com>
Copilot
AI
changed the title
Add AGENTS.md and improve JavaScriptEncoder configuration
Add AGENTS.md with comprehensive build and test documentation
Nov 26, 2025
Contributor
Summary - All Code Coverage (ubuntu-latest)
|
Co-authored-by: TimHess <3947063+TimHess@users.noreply.github.com>
Copilot
AI
changed the title
Add AGENTS.md with comprehensive build and test documentation
Add AGENTS.md and scope JavaScriptEncoder to RouteMappings endpoint
Nov 26, 2025
Member
|
@copilot add some more content for agents.md In general: For build troubleshooting: When writing tests: |
Co-authored-by: TimHess <3947063+TimHess@users.noreply.github.com>
Contributor
Author
Added the requested content to AGENTS.md including:
(commit fb6b63a) |
bart-vmware
reviewed
Nov 27, 2025
Co-authored-by: Bart Koelman <104792814+bart-vmware@users.noreply.github.com>
- also add some more context around tests
bart-vmware
reviewed
Dec 2, 2025
Co-authored-by: Bart Koelman <104792814+bart-vmware@users.noreply.github.com>
Co-authored-by: Bart Koelman <104792814+bart-vmware@users.noreply.github.com>
…Options to ExpectedJsonSerializerOptions Co-authored-by: TimHess <3947063+TimHess@users.noreply.github.com>
Co-authored-by: TimHess <3947063+TimHess@users.noreply.github.com>
Copilot
AI
changed the title
Add AGENTS.md and scope JavaScriptEncoder to RouteMappings endpoint
Add AGENTS.md with comprehensive build and test documentation
Dec 2, 2025
…opilot/add-agents-md-and-js-encoder
…rements Co-authored-by: TimHess <3947063+TimHess@users.noreply.github.com>
bart-vmware
approved these changes
Dec 2, 2025
|
bart-vmware
added a commit
that referenced
this pull request
May 29, 2026
* Bump Steeltoe version from 4.0.0 to 4.0.1. > [!TIP] > Close and reopen this pull request to run status checks. * Remove placeholder packages that were added to help migrate from 3.x (#1590) * Update README.md * Fixed: Without any configuration, an app listening on both https and http would be registered as non-secure (but with the https port number) in Consul (#1596) * Service Discovery: Expose Instance ID in IServiceInstance (#1597) * Exclude Aspire service discovery resolver from internal HttpClient used by Eureka (#1598) * Set templated=false for all management endpoints * Expose secure/non-secure URIs on service instance, optimize Eureka (#1604) * Expose secure/non-secure uris on service instance * Optimize returned instances from Eureka * Optimize NuGet package restore (#1605) * Optimize NuGet package restore Don't query for all packages in all feeds * Trigger component builds on nuget.config change * Lower the level of recurring logging to reduce noise in apps (#1608) * Reduce the level of recurring logging to reduce noise in apps * Remove redundant ? * Log at Info level only the first time * Update places where BindConfiguration is called, which registers anonymous delegates, and is thus not safe to be called multiple times. (#1609) With a pre-check in place, several Try* methods behind it can be replaced for efficiency, but only if: - The implementation is an internal type and does not implement a public interface - The implementation type is not shared between Steeltoe components * Capture more diagnostics when memory dump test fails, sync Steeltoe logs with CLR dump logs (#1610) * Update dump dependencies, fix gcdump (#1611) * Update dependent package versions to capture dumps * Fixed: assembly load exception during gcdump in consuming app Steeltoe employs a trick to download the gcdump assembly without referencing it (because adding a PackageReference to a tool package is not possible). The same needs to be done in consuming apps. * Add public method to convert InstanceInfo to EurekaServiceInstance (#1613) * Update Steeltoe for .NET 10 (#1615) * Update to latest Sonar version * Fix IDE0340: Use unbound generic type * Fix IDE0031: Null check can be simplified, add suppression to workaround Sonar bug * Update to new R# major version * Install .NET 10 in workflows, update setup-dotnet version * Resharper: use field keyword * Add net10.0 to target frameworks in test projects * Run tests against .NET 10 in workflows * Adapt for breaking change in JsonStreamConfigurationProvider * Suppress new warning in tests: CA1873 Avoid potentially expensive logging * Suppress obsolete warnings for WebHostBuilder/WebHost * Adapt test for new ForwardedHeadersOptions.KnownIPNetworks property * Adapt test for cleaned logging * Adapt for changed SQL Server connection string (EF Core 10 adds the app name) * Add workaround for missing stable/unstable packages for EF Core 10 * Remove the need for some suppressions * Sync up with ConfigurationSchemaGenerator changes in Aspire v13 * Remove redundant Sonar suppression * Package updates * Multi-target Steeltoe against net8.0/net10.0 * Address new issues after multi-targeting * Increase cibuild timeouts * Fix gcdump publish and transitive references (#1619) * Fix gcdump publish and transitive references * Remove comment * Fix actuators when used with UsePathBase (#1618) * Dispose CapturingLoggerProvider in tests * Remove redundant typeof(...).FullName in string interpolations * Log warning on configureMiddleware false with custom middleware * Add support for UsePathBase in actuators * Apply suggestions from code review Co-authored-by: Tim Hess <tim.hess@broadcom.com> --------- Co-authored-by: Tim Hess <tim.hess@broadcom.com> * Remove middleware warning, it's not reliable (#1625) * Prepare for updating tests, small fixes (#1628) * Bump GHA versions * Update R#, tweak code cleanup - Address breaking change: version is no longer printed - Build upfront - Do not check for updates - Skip NuGet vulnerability checks - Skip roslyn analyzers * Fix test isolation for memory dumps * Fixed: Redis security tests did not run on net10.0 * Reuse shared settings for ConfigurationSchemaGeneratorTests * Replace test categories for OS filter with xUnit attributes * Do not skip Redis test on macOS * Increase timeout for flaky test on Windows * Review feedback: remove extended timeout * Review feedback: rename skip attributes * Review feedback: remove skipFilter * Review feedback: rename skip attributes in comments * Add AGENTS.md with comprehensive build and test documentation (#1627) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Bart Koelman <104792814+bart-vmware@users.noreply.github.com> * Accept null tags/meta in Consul responses (#1631) * Various test fixes (#1633) * Fix broken tests in WSL2 on Ubuntu * Run tests for all frameworks in single command, explicitly use VSTest mode * Add diagnostics to investigate intermittent hostname lookup failures on macOS * Add workaround to enable hang/crashdumps on macOS * Reduce hang timeout (otherwise component job is killed before dump is uploaded) * TEST: Add new tests to verify coverage diff * Revert "TEST: Add new tests to verify coverage diff" This reverts commit 28263c5. * TEST: Add test that crashes with StackOverflowException * Revert "TEST: Add test that crashes with StackOverflowException" This reverts commit 4f84d3c. * TEST: Add test that never completes * Revert "TEST: Add test that never completes" This reverts commit 251ca8d. * Fixed: unable to discover tests in WSL Based on xunit/xunit#3457 (comment) * Configuration Schema Generator: Port changes from microsoft/aspire#13529 (#1634) * Fix scoped ASP.NET health checks, correct AddHealthContributor docs (#1636) * Create a service scope for each ASP.NET health check, correct AddHealthContributor documentation * Update src/Management/test/Endpoint.Test/Actuators/Health/HealthAggregationTest.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update R# code style settings (#1637) * Clear non-indented HTML tags (used to be: html,body,thead,tbody,tfoot), hide hint to add return statement before local function * Reformat RazorPagesTestWebApp * Rename job 'analyze' to 'build' in workflow (#1638) * Make skipped tests appear on test summary instead of hiding them entirely (#1641) * Update .gitignore (#1643) * Add .NET runtime information to /info actuator endpoint (#1640) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Tim Hess <tim.hess@broadcom.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Enable skipping ASP.NET health checks at actuator endpoint (#1644) * Enable skipping AspNet health checks at actuator endpoint * Rename tag to ExcludeFromHealthActuator * build Steeltoe 4.1 * Package updates (#1646) * Run public-api-mark-shipped.ps1 (#1647) * Bump Steeltoe version from 4.1.0 to 4.1.1. (#1648) > [!TIP] > Close and reopen this pull request to run status checks. Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * Fix awkward sentences in comments (#1650) * Fix awkward sentences in comments * Update src/Discovery/src/Eureka/DynamicPortAssignmentHostedService.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update src/Common/src/Logging/BootstrapLoggerFactory.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Use source generators for logging and regular expressions (#1652) * Use logger source generator, cleanup log messages * Use regex source generator, optimize flags * Update to latest Sonar analyzer to match analysis in Sonar Cloud * Update to latest R# version * Revert switch to extension method syntax * Fix broken documentation in Steeltoe 4.x (#1655) * Use json source generator (#1656) * Eureka: Add unit test for ToString on JSON objects * Eureka: Remove unused type * Eureka: Improve existing serialization tests * Eureka: Use JSON source generator * Eureka: Use source generator for ToString debug methods * HttpClients: Use JSON source generator * Replace JsonSerializer usage from certificate tests with simple string replacement * SpringBootAdmin client: Use JSON source generator * Cloud foundry middleware: gracefully handle failure to parse permissions response; don't assume that read_basic_data is always true * Switch to v3 of cloud controller API for permission checks * CloudFoundry actuator middleware: Use JSON source generator * Actuator port middleware: Use JSON source generator * Loggers actuator fixes: Respect serializer options when reading request body, correct nullability, correct invalid tests (don't assume RESET command if unable to parse request body) * Add missing [JsonPropertyName] to JSON-serialized types because 1) this guards against wire-level breaking changes when renaming properties and 2) the names are dictated by Spring, so configuring a global casing policy must not change them * Revert "Switch to v3 of cloud controller API for permission checks" This reverts commit 34914d0. * Fix broken log level reset in Spring Boot Admin The proper way to RESET is sending an empty JSON object, see https://docs.spring.io/spring-boot/api/rest/actuator/loggers.html. * Revert "SpringBootAdmin client: Use JSON source generator" This reverts commit ad5898f. * Add test for loggers reset from Apps Manager * Fix broken build netsdk 10.0.200, fix green builds on failure (#1657) * Fix broken build on .NET SDK v10.0.200 Fixes occurrences of the following errors: error IDE0370: Suppression is unnecessary (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/style-rules/ide0370) * Fix GHA: Overall build was reported Green if jobs have failures * Test: build failure must abort the job and report outcome Red * Revert "Test: build failure must abort the job and report outcome Red" This reverts commit 9ee4528. * Test: test failure must upload results and report outcome Red * Revert "Test: test failure must upload results and report outcome Red" This reverts commit e20a39c. * Test: report failure must abort the job and report outcome Red * Revert "Test: report failure must abort the job and report outcome Red" This reverts commit 5009453. * Fix binding options against null values (#1663) * Fix binding options against null values * Added test for empty string * Fix Eureka Dynamic Port Assignment overriding user-configured ports (#1666) - Detect explicitly configured eureka:instance:port or eureka:instance:securePort to avoid overwriting - Add public UseAspNetCoreUrls property (default: true, to match Consul) to allow disabling dynamic port detection. - Consul optimization: evaluate if port should be set by Steeltoe before collecting listen addresses Made-with: Cursor * Config Server stability improvements (#1667) * Remove duplicate tests * Update tests using Sandbox to use MemoryFileProvider (and without delay), to reduce test flakiness * Update existing test to verify precedence between options and appsettings * Make ConfigServerClientOptions reactive to configuration changes `ConfigServerClientOptions` are now re-evaluated from initial options + configuration on every settings change, instead of being mutated in-place. This prevents stale or torn reads when the provider runs concurrently (e.g. polling timer vs reload). Key changes: - The provider clones options on each configuration reload, starting from the initial options passed via code, then applying configuration on top. This ensures code-level defaults are restored when keys are removed from configuration. - Client settings (spring:cloud:config:*) are no longer written into the provider's data dictionary, eliminating a circular feedback loop where the provider's own output could influence its input. - Discovery lookup results are tracked separately and applied on top of the options snapshot at load time, rather than mutating shared state. - Client certificate configuration is moved from the source's `Build` method into `ConfigureConfigServerClientOptions`, so it participates in the options pipeline. - `ConfigServerClientOptions.Clone()` is introduced to produce isolated snapshots, preventing tearing when options are read during a concurrent reload. A bug was fixed that prevented using global certificates. - An internal `HttpClientHandler` parameter is threaded through the source and builder extensions, enabling direct handler injection for tests without reflection. - `IOptionsChangeTokenSource<ConfigServerClientOptions>` is registered in DI so that `IOptionsMonitor` properly triggers on configuration changes. * Improve test coverage * Fix references to Config Server in comments * Fix threading bugs and resource leaks in Config Server provider The provider had several concurrency and lifecycle issues: - Vault token renewal timers were created unboundedly on every HTTP request that carried a token, leaking timers that were never disposed. Vault renewal is now managed as a single timer with the same lifecycle as the polling timer. - Timer management, handler configuration, and disposal could race with each other without synchronization. A lifecycle lock now guards these operations, while non-blocking try-enter locks prevent timer callbacks from queueing up. - The HTTP client handler's certificates were reconfigured on every HTTP request, racing with concurrent requests sharing the same handler. Certificate and validation configuration is now applied once per settings change under the lifecycle lock, with certificates cleared before re-adding to prevent unbounded accumulation across reloads. - Options cloning did not copy the certificate issuer chain, losing intermediate CA certificates across reloads. - Disposal is now coordinated via a volatile flag so that in-flight timer callbacks and Load() calls exit gracefully instead of throwing unobserved exceptions. * Fixed: use latest options snapshot during discovery in Config Server * Fixed: preserve original stack trace when load throws * Fix Config Server health contributor to act on a consistent snapshot * Fix torn reads in _lastDiscoveryLookupResult * Fixed: act on single snapshot of _httpClientHandler * Refresh discovery during polled reload and fix lazy initialization race Polled configuration reloads now refresh the discovery service lookup before fetching from Config Server, enabling detection of server address changes between polling intervals. Unlike initial load, polled reload does not apply FailFast or retry semantics. Fixed a race where concurrent calls to LoadInternalAsync could create multiple ConfigServerDiscoveryService instances, each constructing their own temporary DI container and discovery clients. * Fix change callback accumulation on repeated configuration reloads Each configuration reload re-registered a new change callback via RegisterChangeCallback, without disposing the previous one. Rapid reloads could accumulate stale callbacks, causing redundant OnSettingsChanged invocations on multiple threads. Replaced with a single ChangeToken.OnChange registration in the constructor, which automatically handles re-registration and is disposed on shutdown. * Fix HttpClientHandler mutation race and timer disposal race Replace shared mutable HttpClientHandler with a per-request factory, eliminating the race where OnSettingsChanged reconfigured a handler concurrently in use by HTTP requests. Production code creates and disposes a fresh handler per request; tests inject a factory for mocking. Replace _isDisposed flag with CancellationToken-based shutdown, enabling in-flight HTTP requests in timer callbacks to terminate promptly on disposal instead of running to completion. * Fix threadpool starvation during retries * Fix timer callbacks potentially using stale options when settings change * Fix stale reads in ConfigServerDiscoveryService * Add overloads to post-configure Config Server options * Cleanup existing tests * Various fixes - Improved log messages (and don't log multiple times), fix exception stack traces - Don't remote-fetch twice at startup (load + timer that immediately fired) - Moved options bind and remote-fetch from constructor to Load, fix combination with placeholder * Increase timeout to reduce failures in CI * Update src/Configuration/test/ConfigServer.Test/ConfigServerConfigurationProviderTest.Loading.cs Co-authored-by: Tim Hess <tim.hess@broadcom.com> * Review feedback: replace overrule with override * Review feedback: Change initial to default options * Review feedback: remove redundant settings in test * Review feedback: adjust test name * Review feedback: remove duplicate configuration * Review feedback: reformat JSON snippets in tests --------- Co-authored-by: Tim Hess <tim.hess@broadcom.com> * Update versions of GitHub Actions (#1668) * Update versions of GitHub Actions * Test: artifact download and package signing * Revert "Test: artifact download and package signing" This reverts commit 459cb31. * Update AssemblyInfo.cs files to include logging categories for all Steeltoe assemblies (#1669) * Bump non-exposed NuGet dependencies (#1670) * Add IDiscoveryClient.InstancesFetched event (#1672) * Add IDiscoveryClient.InstancesFetched event * Consul: don't use UseNetworkInterfaces to determine ports (reverts change from #1666) * Cleanup queries, fix case insensivity * Follow-up changes for new `IDiscoveryClient.InstancesFetched` event (#1677) * Fixed: Adapt EurekaDiscoveryClient.InstancesFetched event args match what's returned by GetInstancesAsync: - Keyed by VIP addresses instead of app names - Take ReturnUpInstancesOnly into account - Don't return an empty collection when no instances are found * Adapt load balancers to ignore duplicate URIs * Gracefully handle when unable to fetch access token in Eureka and Config Server (#1679) * Update to ReSharper v2026.1 (#1681) * Update to R# v2026.1.0.1 * Fix R# warning: Member can be private * Fix R# warning: Type can be internal * Fix R# warning: Type is never used * Fix R# warning: Method return value is never used * Fix R# warning: Captured variable is disposed in the outer scope * Fix R# warning: Convert into method group * Fix R# warning: Use nameof * Fix R# warning: Type is never instantiated * Fix R# warning: Short-lived HttpClient * Fix R# warning: Missing doc-comment on public type * Fix R# warning: auto-property is never used * Fix CA1859: Use concrete types when possible for improved performance * Cleanup sandbox types * R#: Move inline suppressions for AccessToDisposedClosure in tests to .editorconfig (#1682) * Move inline suppressions for AccessToDisposedClosure in tests to .editorconfig * Run code cleanup * Convert to .slnx format (#1683) * Convert to .slnx format * Fix R# generated/ignored code * Revert "R#: Move inline suppressions for AccessToDisposedClosure in tests to .editorconfig (#1682)" Reverting because this breaks the R# formatting engine. By reading R# settings from .editorconfig (which takes precedence over .DotSettings), many R# rule severities are lowered or turned off entirely. The lowered severities in .editorconfig exist as a fallback for other IDEs only. The removal of the `public` modifier on IDiscoveryClient.InstancesFetched` is not reverted by this commit. * Connectors: add option to turn off the built-in post-processors (#1680) * Add property to disable built-in post-processors, including sample code for binding third-party brokers * Update links to supported service brokers * Review feedback: adapt documentation * Bugfix: preserve custom query string parameters in local RabbitMQ URI; relax other parsers to allow unknown parameters to support third-party brokers * Refactor to allow multiple CloudFoundryServiceBindingConfigurationSources in configuration, each scoped to a subset of post-processors * Fix broken build * Review feedback: filter already registered post-processors * Tweak vulnerability checks (fix broken builds) (#1684) * Turn off vulnerability checks (we have `scan-vulnerable-dependencies.yml` for that) * Use `dotnet list package --vulnerable --include-transitive` to detect vulnerable packages * Make Sonar aware of vulnerable packages * Bump OpenTelemetry dependencies to fix vulnerabilities (#1685) * Turn off vulnerability checks (we have `scan-vulnerable-dependencies.yml` for that) * Use `dotnet list package --vulnerable --include-transitive` to detect vulnerable packages * Make Sonar aware of vulnerable packages * Bump OpenTelemetry dependencies to fix vulnerabilities * Normalize line endings (#1689) * Fix invalid links (#1690) * Fix invalid links * Fix more links * Hide transitive vulnerabilities in tests (#1692) * Don't report transitive vulnerabilities in tests during local builds * Hide transitive vulnerabilities in tests during cibuild * Address flaky tests (#1691) - Prevent extra SBA refresh request after refresh is disabled - Address race condition in thread dump test - Catch network-related SQLServer connection error - Remove retry from eureka server timeout - More buffer for infra around health aggregator parallelization test (allow +1s for +3s work) * Package updates (#1694) * Update ReSharper * Update MongoDB.Driver * Update coverlet.collector * Update Microsoft.IdentityModel.Protocols.OpenIdConnect / Microsoft.IdentityModel.Tokens These are exposed dependencies. Bumping not to latest, but just a higher minor that fixes sanitizing logs to avoid leaking sensitive data. * Update Microsoft.NET.Test.Sdk * Update MySql.Data * Update SonarAnalyzer.CSharp (new rules: S8367, S8368, S8380, S8381) * TEST: Detect coverage diff in Sonar * Revert "TEST: Detect coverage diff in Sonar" This reverts commit f3fae6a. * Fix flaky certificate tests failing with InvalidOperationException (#1697) The tests used `using Task` on a poll task that was still running when the `WaitAsync` timeout expired, causing `Task.Dispose()` to throw `InvalidOperationException` instead of a meaningful timeout failure. Replace polling with `IOptionsMonitor.OnChange` and a `TaskCompletionSource`, registering the listener before triggering the file change to avoid race conditions. * Fix CA1873: Potentially expensive logging (#1695) * Fix CA1873: Potentially expensive logging * Refactor UriExtensions.ToMaskedString into MaskedUri struct with implicit conversion * Mask request URLs in HTTP exchanges actuator * Ignore case when comparing Connector configuration keys (#1700) * Update ReSharper to v2026.1.2 (#1702) * Remove suppression for CA1848: Use the LoggerMessage delegates (#1704) Follow-up for #1652. * Fix crash on shutdown: trying to unregister app that never registered (#1705) Snapshot from sample logs before the fix (press Ctrl+C on running FortuneTellerWeb): ```text dbug: Steeltoe.Discovery.Eureka.EurekaClient[868536339] HTTP DELETE request to 'http://localhost:8761/eureka/apps/STEELTOE.SAMPLES.FORTUNETELLERWEB/JVBD4M3%3ASteeltoe.Samples.FortuneTellerWeb%3A7233' returned status 404 in attempt 1. info: Steeltoe.Discovery.Eureka.EurekaClient[601900377] HTTP DELETE request to 'http://localhost:8761/eureka/apps/STEELTOE.SAMPLES.FORTUNETELLERWEB/JVBD4M3%3ASteeltoe.Samples.FortuneTellerWeb%3A7233' failed with status 404: '{"timestamp":"2026-05-28T11:15:52.686+00:00","status":404,"error":"Not Found","path":"/eureka/apps/STEELTOE.SAMPLES.FORTUNETELLERWEB/JVBD4M3%3ASteeltoe.Samples.FortuneTellerWeb%3A7233"}'. warn: Steeltoe.Discovery.Eureka.EurekaDiscoveryClient[1003466929] Deregister failed during shutdown. Steeltoe.Discovery.Eureka.Transport.EurekaTransportException: Failed to execute request on all known Eureka servers. ``` * Fix management port isolation bypass * Use HttpContext.Connection.LocalPort when evaluating management port * Management port must be less than 65536 * Fix Eureka DataCenterInfo poisoning * Enhance /env sanitizer - Add .*connectionstring.* to default keys to sanitize - Env actuator: sanitize connection strings and embedded credentials - Mask values containing Password= or Pwd= (case-insensitive) - Redact user:password@ sequences in URI-like values --------- Co-authored-by: Bart Koelman <104792814+bart-vmware@users.noreply.github.com> * Require FULL Permissions on /env, /threaddump, /heapdump by default * Fix Vault token leak on HTTP redirect - log when a redirect happens to avoid silent failure - add tests to verify auto-redirects are not followed --------- Co-authored-by: Bart Koelman <104792814+bart-vmware@users.noreply.github.com> * Harden temporary files written by MySQL/PostgreSQL Connectors * Create temp file with user-only access * Delete temporary cert files * Fix unexpected OAEP algorithm downgrade - add integration test with Config Server - move non-hex salt theory data to AesTextDecryptorTest - add docker-compose for integration tests to repo root * Placeholder resolution should only be logged at trace-level --------- Co-authored-by: Bart Koelman <104792814+bart-vmware@users.noreply.github.com> * Add expiration to JWT/OpenID keys caching Refactor cache invalidation for JWT keys and tests --------- Co-authored-by: Tim Hess <tim.hess@broadcom.com> * Update for next Steeltoe release v4.2 * Move unshipped APIs to shipped * Fix Sonar GHA workflow to adapt for Config Server docker changes * Fix Sonar GHA workflow * Fix branch ref in status badge * Fix additional links to main in status badges --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Tim Hess <tim.hess@broadcom.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Resurrects documentation from closed PR #1571. Adds
AGENTS.mdto repository root with comprehensive build and test instructions for developers and CI/CD agents.AGENTS.md Contents
General Guidelines
global.jsonunless explicitly asked toNuGet.configfiles unless explicitly asked toPrerequisites and Build
dotnet buildanddotnet testcommands for quick iteration; full solution build in Release mode for final validation.github/workflows/Steeltoe.All.ymlfor detailed test procedures including environment-specific filters and test categories[FactSkippedOnPlatform]and[TheorySkippedOnPlatform]instead of trait categoriescleanupcode.ps1and.github/workflows/verify-code-style.yml)Troubleshooting
/p:TreatWarningsAsErrors=false)Based on
.github/workflows/Steeltoe.All.ymlworkflow commands.Code Changes
ManagementOptionsTest.cs- RenamedDefaultJsonSerializerOptionstoExpectedJsonSerializerOptionsto better reflect that these are the expected serializer settings that tests assert against, not the default system settingsThe JavaScriptEncoder remains configured with
UnsafeRelaxedJsonEscapinginConfigureManagementOptions.csas originally designed, which is required for the route mappings actuator to make generic method signatures human-readable (e.g., backticks in generic type names).Branch Updates
Merged latest changes from main branch, including updates to test attributes that replace
[Trait("Category", "SkipOnMacOS")]with[FactSkippedOnPlatform(nameof(OSPlatform.OSX))].Fixes #1571
Quality checklist
If your change affects other repositories, such as Documentation, Samples and/or MainSite, add linked PRs here.
Original prompt
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.