Release: web parallelism icons, SSMS extension, connect-dialog DB, hardening#365
Merged
Conversation
The signing step previously degraded to unsigned binaries when
SIGNPATH_API_TOKEN was absent, only emitting a ::warning::. Two problems:
- A genuinely missing/broken token would silently ship unsigned binaries
and the release would still succeed — discovered only via user SmartScreen
reports.
- Because GitHub echoes the full run: script into the log, the literal
"releasing unsigned binaries" text appears in every run's log regardless
of which branch executes, making `grep`-ing the log for signing status
misleading (the warning never actually fired on signed releases).
Make signing required instead: if the token is missing the job fails loudly
(::error:: + exit 1). The Upload/Sign/Replace steps now run unconditionally
(this workflow only fires on maintainer dev->main release merges, where the
secret is always available). Secret is read via env: rather than inline
${{ }} interpolation into the script.
Also bump microsoft/setup-msbuild@v2 -> @V3 to move off the deprecated
Node 20 runtime (v3 runs on Node 24).
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Adds a high-quality 128x128 gallery icon (downscaled from the app's EDD.icns DD mark) and an ARM64 InstallationTarget so ARM64 SSMS users can install the extension. Verified by building the VSIX with MSBuild and confirming the icon, <Icon> manifest entry, both amd64/arm64 targets, and the png content-type registration are all packaged. SSMS target version left at [17.0,) to keep supporting SSMS 18/19/20/21. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The Connect to Server dialog always tested connections against master and enumerated sys.databases to populate the database dropdown. For Azure SQL DB or Just-In-Time access the login often can't open master, so the test failed and the dropdown never populated, leaving no way to reach Connect. Add an optional "Initial database" field. When set, Test Connection connects directly to that database instead of master, ensures it stays selectable even under restricted permissions, and pre-selects it in the database dropdown. When empty, behavior is unchanged (connect to master, enumerate, pick). The database name is persisted on ServerConnection and restored for saved connections. Mirrors the DatabaseName field already used in PerformanceMonitor's Add/Edit Server dialog. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
PR #359 added an optional "Initial database" field to the Connect dialog and was meant to persist it on ServerConnection. BuildServerConnection set it and ApplySavedConnection restored it, but ConnectionStore.AddOrUpdate dropped it: the update branch copies fields onto the existing record one by one and never assigned DatabaseName. So the field was only saved on the very first connect to a brand-new server (the add branch persists the whole object) and silently discarded on every reconnect to a known server. That is exactly the reopened follow-up on #358: reconnecting to a previously used server left the Initial database field empty even though server name and credentials were remembered. It also meant a saved server could never have its initial database changed. Assign existing.DatabaseName from the incoming connection in the update branch so the field round-trips on every save. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The Prerequisites section listed the .NET 10 SDK as "required to build and run," contradicting the Download section's note that the pre-built binaries are self-contained and need no SDK. The SDK is only required when building from source; running the released zips does not need it. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Clarify .NET SDK is only needed to build from source (#361)
Parallel sub-agent review surfaced several real bugs; this batch fixes the
high-confidence, self-contained ones (each verified individually; build and
all 77 Core tests green):
Crashes / DoS:
- ShowPlanParser: guard recursion depth in ParseRelOp/ParseStatementAndChildren
and contain the tree walk, so hostile deeply-nested plan XML yields a
ParseError instead of an uncatchable StackOverflowException.
- Program.cs: single-instance file forwarding never worked (the mutex was
disposed as the method returned, so it always launched a duplicate). Detect
the running instance via the named pipe instead.
- MainWindow: add backoff to the pipe listener's catch so a second instance
can no longer spin it at 100% CPU.
- QuerySessionControl.Format: add a catch to the Format_Click async void
handler so a formatter exception no longer crashes the app.
Correctness:
- PlanAnalyzer: the "Cursor Missing LOCAL" rule looked for LOCAL before the
CURSOR keyword (where it is never legal) and fired on every cursor, including
ones already declared LOCAL. Match qualifiers between CURSOR and FOR.
- DarkTheme: define the missing ForegroundMutedBrush (#B0B6C0) referenced by
five call sites, and fix the code-behind fallback (was full foreground).
- HtmlExporter: detect all spill warning types ("Spill to TempDb"/"Spill
Occurred", not just "* Spill"), and lowercase severity with ToLowerInvariant
so the CSS classes survive non-invariant locales.
Security:
- PlanShare: generate share IDs with RandomNumberGenerator instead of
Random.Shared; the 8-char id is the only access control on a shared plan.
- CLI ConnectionHelper: keep Encrypt=Mandatory regardless of --trust-cert;
--trust-cert previously downgraded the connection to Optional (MITM-able).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…rdening Fix crashes, DoS, and security issues from Fable code review
PlanIconMapper returns subtype-specific icon names (parallelism_gather_streams, parallelism_distribute_streams, parallelism_repartition_streams) added in #283, but PlanViewer.Web/wwwroot/icons held a hand-copied snapshot that never received those three files, so the web app rendered broken image links for every Parallelism operator. wwwroot/icons must hold physical copies: Blazor's static web asset pipeline only serves files present under wwwroot at evaluation time (both linking from Core and copy-at-build fail to serve through the dev server). Add the three PNGs plus a build-time parity guard that fails the build if Core gains an operator icon not copied into wwwroot/icons, so this drift cannot recur. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Minor bump for the dev->main release: web Parallelism icon fix, connect-dialog initial database, SSMS extension VSIX gallery icon + ARM64 target, code-signing requirement, and Fable code-review hardening. Updates the version in all three tracked locations (Directory.Build.props, SSMS AssemblyInfo.cs, vsixmanifest). Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release merge of
devintomain.Included
Testing
CI
build-and-testgreen ondev. Web parallelism icons verified end-to-end via dev server and published static host.🤖 Generated with Claude Code