Skip to content

fix(vscode): Guard against bundle download corruption (#9294) [hotfix/v5.961]#9347

Merged
lambrianmsft merged 1 commit into
Azure:hotfix/v5.961from
lambrianmsft:cherry-pick/v5.961/9294
Jul 1, 2026
Merged

fix(vscode): Guard against bundle download corruption (#9294) [hotfix/v5.961]#9347
lambrianmsft merged 1 commit into
Azure:hotfix/v5.961from
lambrianmsft:cherry-pick/v5.961/9294

Conversation

@lambrianmsft

@lambrianmsft lambrianmsft commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Cherry-pick of #9289's predecessor — #9294 fix(vscode): Guard against bundle download corruption — into hotfix/v5.961.

Source PR: #9294
Source commit: 4fb46025c19936049f5174ec83fdb4d6b613ad5d
Target branch: hotfix/v5.961

Commit Type

  • feature - New functionality
  • fix - Bug fix
  • refactor - Code restructuring without behavior change
  • perf - Performance improvement
  • docs - Documentation update
  • test - Test-related changes
  • chore - Maintenance/tooling

Risk Level

  • Low - Minor changes, limited scope
  • Medium - Moderate changes, some user impact
  • High - Major changes, significant user/system impact

What & Why

Microsoft.Azure.Functions.ExtensionBundle.Workflows is downloaded from a CDN at extension activation. When the CDN occasionally returns a truncated zip, the extension cached the partial file and failed later in opaque ways. There was also no way to test against an unreleased bundle locally, no fallback when a private/experimental CDN was misconfigured, and no user-visible signal during activation downloads.

This PR adds end-to-end integrity verification (size + MD5), opt-in experimental bundle settings with a public-CDN safety net, and withProgress notifications so the user sees what is happening (and why a redownload is occurring).

Impact of Change

  • Users: Bundles are verified against Content-Length and Content-MD5 on download, and against an MD5 sidecar on every activation. Corrupt local copies are detected and replaced automatically. Users see a progress notification during downloads and a warning toast immediately before a corruption-triggered redownload, so silent activation hangs are gone. Three new VS Code settings (useExperimentalExtensionBundle, experimentalExtensionBundleSourceUri, experimentalExtensionBundleVersion) let users point at unreleased bundle builds without losing the public-CDN safety net. Bundles are now verified and repaired automatically for users.
  • Developers: New downloadFileWithVerification, verifyLocalBundleHash, fetchExpectedMd5, and isMissingPackageError helpers in integrity.ts. bundleFeed.ts gains a DownloadReason-driven withProgress wrapper used at every download call site, plus a private-to-public CDN fallback chain that only triggers on "package missing" errors (4xx / DNS), never on integrity failures. New E2E phase bundleintegrityonly exercised via run-e2e.js.
  • System: One extra HEAD request per activation to validate the local sidecar. No change to the public CDN contract. The MD5 sidecar lives next to the bundle so a manually-deleted bundle directory self-heals.

Test Plan

  • Unit tests added/updated
  • E2E tests added/updated
  • Manual testing completed
  • Tested in: VS Code extension host (Windows), public Azure CDN, simulated experimental source override. 66 bundleFeed unit tests + 1065 vscode-designer extension-unit tests passing. New bundleintegrityonly live E2E phase 4/4 passing.

Contributors

Screenshots/Videos

Cherry-pick of PR Azure#9294 (4fb4602) onto hotfix/v5.961.
Scope limited to the shippable vs-code-designer runtime fix and its unit tests.
Excludes graphify-out artifacts, .squad knowledge, E2E test-infra/new E2E tests,
CI workflow, and docs churn that the hotfix branch does not carry.

(cherry picked from commit 4fb4602)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🤖 AI PR Validation Report

PR Review Results

Thank you for your submission! Here's detailed feedback on your PR title and body compliance:

PR Title

  • Current: fix(vscode): Guard against bundle download corruption (#9294) [hotfix/v5.961]
  • Issue: No blocking issue. The title is specific, descriptive, and clearly identifies the area and intent of the change.
  • Recommendation: None required.

Commit Type

  • Properly selected (fix).
  • Only one commit type is selected, which is correct.

⚠️ Risk Level

  • The submitted risk label is risk:medium, but the change set is large and touches bundle integrity, download/retry behavior, startup flow, onboarding, settings, and multiple validation paths. I advise a higher risk level: high.
  • Recommendation: Update the PR body risk selection to High and consider changing the label to risk:high if this PR will be re-submitted.

What & Why

  • Current: Detailed and clear explanation of the corruption issue, the integrity verification changes, and the experimental bundle fallback behavior.
  • Issue: No blocking issue.
  • Recommendation: None required.

Impact of Change

  • The section is filled out with useful detail for users, developers, and system impact.
  • Recommendation: If you revise the risk level, you may want to briefly mention the startup/onboarding behavior changes more explicitly for users and developers, but this is optional.
    • Users: Good as written.
    • Developers: Good as written.
    • System: Good as written.

Test Plan

  • Unit tests, E2E tests, and manual testing are all checked, and the diff backs this up with new/updated tests.
  • The test plan passes.

Contributors

  • Blank, which is allowed.
  • Recommendation only: consider adding contributors if anyone else helped with the design or implementation.

Screenshots/Videos

  • Not required for this change because it is primarily behavioral and test-oriented rather than visual.
  • No action needed.

Summary Table

Section Status Recommendation
Title
Commit Type
Risk Level ⚠️ Raise from Medium to High
What & Why
Impact of Change
Test Plan
Contributors Optional credit only
Screenshots/Videos

Overall: the PR body passes, but the advised risk is higher than the submitter estimated. Please update the Risk Level to High (and the corresponding label if applicable).


Last updated: Wed, 01 Jul 2026 22:11:33 GMT

@lambrianmsft lambrianmsft merged commit daf0db8 into Azure:hotfix/v5.961 Jul 1, 2026
18 of 22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

pr-validated risk:medium Medium risk change with potential impact

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants