Skip to content

Rewrite VS extension using VisualStudio.Extensibility SDK for VS2022/2026 compatibility#720

Draft
Copilot wants to merge 21 commits intomainfrom
copilot/investigate-devskim-issue
Draft

Rewrite VS extension using VisualStudio.Extensibility SDK for VS2022/2026 compatibility#720
Copilot wants to merge 21 commits intomainfrom
copilot/investigate-devskim-issue

Conversation

Copy link
Contributor

Copilot AI commented Feb 4, 2026
edited
Loading

Rewrite the Visual Studio extension using the new VisualStudio.Extensibility SDK for Visual Studio 2022/2026 compatibility.

Problem

The VS2022 DevSkim extension was not functioning properly - the language server was not being activated when opening files. The root cause was that the legacy MEF-based ILanguageClient implementation using [ContentType("code")] did not properly trigger activation in Visual Studio.

Solution

Completely rewrote the extension using the modern VisualStudio.Extensibility SDK:

  • New architecture: Replaced legacy MEF-based ILanguageClient with LanguageServerProvider from the new VS Extensibility SDK
  • Proper activation: Uses DocumentFilter.FromDocumentType("text") for broad file type support
  • Process management: Implemented Windows Job Object to ensure the language server process is properly cleaned up when VS exits
  • Improved logging: Added diagnostic logging to help troubleshoot server startup issues
  • Code fixes & suppressions: Fixed issues with code actions and suppression comments

Changes

  • Removed legacy files: DevSkimLanguageClient.cs, SettingsChangedNotifier.cs, VisualStudioSettingsManager.cs, etc.
  • Added DevSkimExtension.cs - Extension entry point using new SDK
  • Added DevSkimLanguageServerProvider.cs - Language server provider implementation
  • Updated project file for new SDK dependencies

Testing

The extension now properly:

  1. Activates when opening supported file types
  2. Starts the DevSkim language server process
  3. Displays security diagnostics in the editor
  4. Provides code fixes and suppression actions
  5. Cleans up the server process when VS exits
Original prompt

investigate why the visual studio 2022 extension version of devskim is not functioning properly. It doesn't seem like when the extension is launched by visual studio that it is properly connecting to or communicating with the languge server. THe language server does work fine with visual studio code - but the clients are different and we had to implement some custom logic between the two modes. it may be prudent to research other visul studio extensions to find examples of perhaps something that may be a common issue. This etension is closely based on an older smple from the visual sutdio extensibility samples repo.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI assigned Copilot and gfs Feb 4, 2026
@gfs
Fix VS2022 extension by adding specific content type registrations
a19cd6f 
Visual Studio does not activate ILanguageClient for base content types like "code".
Each specific content type must be explicitly registered for the language client to
be activated when files of that type are opened.

Added content type registrations for: C/C++, CSharp, F#, JavaScript, TypeScript,
HTML, JSON, XML, XAML, Python, Ruby, Perl, PHP, Java, Go, Rust, SQL, Lua, Swift,
PowerShell, shellscript, yaml, plaintext.

Kept "code" as fallback for any types not explicitly listed.

Co-authored-by: gfs <98900+gfs@users.noreply.github.com>
Copilot AI changed the title [WIP] Investigate issues with DevSkim extension in Visual Studio 2022 Fix VS2022 extension activation by registering specific content types Feb 4, 2026
Copilot AI requested a review from gfs February 4, 2026 23:22
@gfs
Copy link
Contributor

gfs commented Feb 5, 2026

@copilot update description and title

Copy link
Contributor Author

Copilot AI commented Feb 5, 2026

@copilot update description and title

Updated the PR description to reflect the full scope of changes - rewriting the VS extension using the new VisualStudio.Extensibility SDK for VS 2022/2026 compatibility. The title should now be: "Rewrite VS extension using VisualStudio.Extensibility SDK"

Note: I can update the PR description but cannot directly modify the PR title. You may need to update the title manually to something like "Rewrite VS extension using VisualStudio.Extensibility SDK for VS2022/2026 compatibility".

Copilot AI changed the title Fix VS2022 extension activation by registering specific content types Rewrite VS extension using VisualStudio.Extensibility SDK for VS2022/2026 compatibility Feb 5, 2026
@gfs gfs requested a review from Copilot February 6, 2026 00:18
Copilot AI reviewed Feb 6, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR completely rewrites the Visual Studio extension using the modern VisualStudio.Extensibility SDK to fix activation issues in VS2022/2026. The legacy MEF-based ILanguageClient implementation was not properly triggering when files were opened, causing the extension to be non-functional.

Changes:

  • Replaced legacy MEF architecture with new VisualStudio.Extensibility SDK's LanguageServerProvider
  • Implemented proper settings management using the new SDK's settings API with localized string resources
  • Added Windows Job Object support for reliable language server process cleanup
  • Enhanced code actions/fixes handling for VS compatibility
  • Removed legacy files and simplified the project structure

Reviewed changes

Copilot reviewed 40 out of 42 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
devskim-server-log20260205.txt ⚠️ Debug log file - should not be committed
Microsoft.DevSkim.sln Removed unnecessary project configurations (SourceGenerator, ManualGenerator) and platform targets
DevSkimExtension.cs New extension entry point using VS Extensibility SDK
DevSkimLanguageServerProvider.cs New language server provider implementation with process management and settings handling
DevSkimSettingDefinitions.cs Settings definitions using new SDK's declarative API
string-resources.json Localized display names and descriptions for all settings
Microsoft.DevSkim.VisualStudio.csproj Modernized project file using SDK-style format with new dependencies
Program.cs (LanguageServer) Added support for initializationOptions to receive settings from VS client
CodeActionHandler.cs New handler for textDocument/codeAction requests (VS compatibility)
TextDocumentSyncHandler.cs Enhanced to register code fixes with CodeActionHandler
StaticScannerSettings.cs Added proper default initialization for scanner options
PortableScannerSettings.cs Added default values for settings properties
Multiple deleted files Removed legacy MEF-based files, old settings management, and generator projects
.gitignore Added Server folder to ignore list
Files not reviewed (1)
  • DevSkim-DotNet/Microsoft.DevSkim.VisualStudio/Properties/Resources.Designer.cs: Language not supported
Comments suppressed due to low confidence (5)

DevSkim-DotNet/Microsoft.DevSkim.LanguageServer/Program.cs:44

  • These lines contain debug/test code that should be removed before merging:
  1. Line 43: Unused variable thing with a hardcoded URL
  2. Line 44: MD5.Create() is called but never used, and MD5 is a deprecated cryptographic algorithm

This appears to be leftover debug code. Please remove these lines as they serve no functional purpose and the MD5 usage triggers security concerns even though it's not actually being used.

        var thing = "http://test.com";
        MD5 mD5 = MD5.Create();

DevSkim-DotNet/Microsoft.DevSkim.VisualStudio/DevSkimLanguageServerProvider.cs:390

  • Replace this call with a call to managed code if possible.
                NativeMethods.SetInformationJobObject(_jobHandle, 9 /* JobObjectExtendedLimitInformation */, pExtendedInfo, (uint)length);

DevSkim-DotNet/Microsoft.DevSkim.VisualStudio/DevSkimLanguageServerProvider.cs:409

  • Replace this call with a call to managed code if possible.
                NativeMethods.AssignProcessToJobObject(_jobHandle, process.Handle);

DevSkim-DotNet/Microsoft.DevSkim.VisualStudio/DevSkimLanguageServerProvider.cs:435

  • Minimise the use of unmanaged code.
        public static extern bool SetInformationJobObject(SafeHandle hJob, int jobObjectInfoClass, IntPtr lpJobObjectInfo, uint cbJobObjectInfoLength);

DevSkim-DotNet/Microsoft.DevSkim.VisualStudio/DevSkimLanguageServerProvider.cs:438

  • Minimise the use of unmanaged code.
        public static extern bool AssignProcessToJobObject(SafeHandle hJob, IntPtr hProcess);

DevSkim-DotNet/Microsoft.DevSkim.VisualStudio/DevSkimExtension.cs Outdated

using global::Microsoft.Extensions.DependencyInjection;
using global::Microsoft.VisualStudio.Extensibility;
using System.Security.Cryptography;
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The using System.Security.Cryptography; import on line 8 is unused and should be removed. There's no cryptographic code in this file.

Suggested change
using System.Security.Cryptography;

Copilot uses AI. Check for mistakes.
@gfs
Copy link
Contributor

gfs commented Feb 6, 2026

@copilot apply changes based on the comments in this thread

Copilot AI and others added 2 commits February 6, 2026 00:36
@gfs
Address code review feedback: use Select() and remove unused code
3d185d9 
- Replace foreach loop with .Select() in CodeActionHandler.cs
- Remove unused MD5 and test code from Program.cs

Co-authored-by: gfs <98900+gfs@users.noreply.github.com>
@gfs
Merge branch 'copilot/investigate-devskim-issue' of https://github.co…
f36a241 
…m/microsoft/DevSkim into copilot/investigate-devskim-issue
@gfs
Add documentation for P/Invoke usage in Job Object code
ed6cf52 
- Added XML documentation explaining why native interop is necessary
- Added code analysis suppression with justification
- Changed method visibility to internal for better encapsulation

Co-authored-by: gfs <98900+gfs@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Feb 6, 2026

@copilot apply changes based on the comments in this thread

Applied changes in commit ed6cf52:

  1. CodeActionHandler.cs - Already addressed in previous commit (3d185d9): replaced foreach with .Select()
  2. Program.cs - Already addressed in previous commit: removed unused MD5 code
  3. DevSkimLanguageServerProvider.cs - Added XML documentation explaining why P/Invoke is required for Windows Job Objects (no managed .NET equivalent exists), added code analysis suppression with justification, and changed methods to internal visibility

The P/Invoke code for Job Objects cannot be replaced with managed code because .NET doesn't provide a managed API for this Windows kernel feature. The native interop is necessary to ensure child processes are terminated when VS exits unexpectedly.

@gfs gfs requested a review from Copilot February 6, 2026 00:44
Copilot AI reviewed Feb 6, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 42 out of 44 changed files in this pull request and generated 4 comments.

Files not reviewed (1)
  • DevSkim-DotNet/Microsoft.DevSkim.VisualStudio/Properties/Resources.Designer.cs: Language not supported
Comments suppressed due to low confidence (4)

DevSkim-DotNet/Microsoft.DevSkim.VisualStudio/DevSkimLanguageServerProvider.cs:390

  • Replace this call with a call to managed code if possible.
                NativeMethods.SetInformationJobObject(_jobHandle, 9 /* JobObjectExtendedLimitInformation */, pExtendedInfo, (uint)length);

DevSkim-DotNet/Microsoft.DevSkim.VisualStudio/DevSkimLanguageServerProvider.cs:409

  • Replace this call with a call to managed code if possible.
                NativeMethods.AssignProcessToJobObject(_jobHandle, process.Handle);

DevSkim-DotNet/Microsoft.DevSkim.VisualStudio/DevSkimLanguageServerProvider.cs:442

  • Minimise the use of unmanaged code.
        internal static extern bool SetInformationJobObject(SafeHandle hJob, int jobObjectInfoClass, IntPtr lpJobObjectInfo, uint cbJobObjectInfoLength);

DevSkim-DotNet/Microsoft.DevSkim.VisualStudio/DevSkimLanguageServerProvider.cs:445

  • Minimise the use of unmanaged code.
        internal static extern bool AssignProcessToJobObject(SafeHandle hJob, IntPtr hProcess);

@gfs
Update ESLint ecosystem to v9, resolving 6 of 8 npm deprecation warn…
2d8c0a7 
…ings (eslint, @humanwhocodes/config-array, @humanwhocodes/object-schema,

  rimraf, glob@7, inflight). Remaining 2 warnings are transitive deps of @vscode/vsce.

   - Upgrade eslint ^8.8.0 → ^9.0.0
   - Upgrade @typescript-eslint/eslint-plugin and parser ^5.10.1 → ^8.0.0
   - Add typescript-eslint package for flat config support
   - Replace .eslintrc.js + .eslintignore with eslint.config.mjs
   - Update lint script to remove deprecated --ext flag
   - Auto-fix lint errors in client/devSkimFixer.ts (var→const, missing semicolon)
   - Remove stale eslint-disable directive in devskimSettings.ts
@gfs
Add CancellationTokenSource for graceful subscription cancellation
2fc2b72 
- Added class-level _disposeCts that is cancelled in Dispose method
- Updated SubscribeAsync calls to use _disposeCts.Token instead of CancellationToken.None
- Added try/catch for OperationCanceledException to handle disposal during initialization

Co-authored-by: gfs <98900+gfs@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@gfs gfs Awaiting requested review from gfs

At least 1 approving review is required to merge this pull request.

Assignees

@gfs gfs

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gfs