Normalize dependencies to .NET 10.0.5 and make marker-v1 signature self-describing#37
Closed
sharpninja wants to merge 1 commit intodevelopfrom
Closed
Normalize dependencies to .NET 10.0.5 and make marker-v1 signature self-describing#37sharpninja wants to merge 1 commit intodevelopfrom
sharpninja wants to merge 1 commit intodevelopfrom
Conversation
…lf-describing - Bump all EF Core, ASP.NET Core, and Microsoft.Extensions packages to 10.0.5 - Upgrade Npgsql.EntityFrameworkCore.PostgreSQL to 10.0.1 (EF Core 10 track) - Pin Microsoft.Build family to 18.0.2 to override vulnerable 17.12.6 transitive dep from Nuke.Common - Remove redundant Microsoft.Extensions.Http ref from McpServer.Services (provided by framework ref) - Add SignaturePayloadFields array and Format constant to MarkerFileService as single source of truth for marker-v1 canonical payload - Embed fields list and format string in generated AGENTS-README-FIRST.yaml signature block so any agent can reconstruct HMAC-SHA256 without consulting source code - Add FR-MCP-081 and TR-MCP-SEC-005 requirements - Update CLAUDE.md session start instructions to mandate module usage or fields-list-driven manual verification - Add three new MarkerFileServiceTests covering field order alignment, YAML fields emission, and encoding contract Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Owner
Author
|
Closed — PR should have been created in Azure DevOps only. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Microsoft.Extensions.*packages from 9.x to 10.0.5, upgradesNpgsql.EntityFrameworkCore.PostgreSQLto 10.0.1 (EF Core 10 track), pinsMicrosoft.Buildfamily to 18.0.2 to override a vulnerable 17.12.6 transitive dep fromNuke.Common, and removes a redundantMicrosoft.Extensions.Httpref fromMcpServer.Services(already provided by the ASP.NET Core framework reference).SignaturePayloadFields(27-field ordered array) andMarkerSignatureFormatconstant toMarkerFileServiceas the single source of truth for themarker-v1canonical payload. The generatedAGENTS-README-FIRST.yamlnow embeds the field list and encoding contract directly in thesignatureblock so any agent can reconstruct and verify the HMAC-SHA256 without consulting server source code or helper modules. Fixes the root cause of the trust bootstrap failure diagnosed in this session.Initialize-McpSessionor fields-list-driven manual verification instead of inferred payload shapes.MarkerFileServiceTestscovering field/payload order alignment, YAML fields emission, and encoding contract.Test plan
./build.ps1 Test— all 1292 tests pass (668 unit + 580 Repl.Core + 44 Build), 0 failures./build.ps1 UpdateService— service deployed, health HTTP 200, workspace health OK🤖 Generated with Claude Code