Skip to content

Enforce middleware accessibility rules: private rejected, internal scoped to assembly #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 9, 2025
Merged

Enforce middleware accessibility rules: private rejected, internal scoped to assembly #18

merged 4 commits into from
Nov 9, 2025
+189 −0

Conversation

Copy link
Contributor

Copilot AI commented Nov 9, 2025
edited
Loading

Private middleware cannot be used and must either be made internal/public or marked [FoundatioIgnore]. Internal middleware is only accessible within its defining assembly.

Changes

Diagnostic FMED006 - Emitted when private middleware is detected without [FoundatioIgnore]:

// Error: FMED006
private class MyMiddleware 
{
    public static void Before(object message) { }
}

// OK: Explicitly ignored
[FoundatioIgnore]
private class MyMiddleware { }

// OK: Internal middleware usable in same assembly
internal static class MyMiddleware { }

Cross-assembly filtering - MetadataMiddlewareScanner now excludes non-public middleware when scanning referenced assemblies marked with [assembly: FoundatioModule]. Only public middleware is discovered cross-assembly.

MiddlewareInfo tracking - Added DeclaredAccessibility and AssemblyName properties to enable proper visibility enforcement.

Tests Added

  • Private middleware without ignore → FMED006 error
  • Private middleware with [FoundatioIgnore] → no error
  • Internal middleware same-assembly → works
  • Internal/private middleware cross-assembly → filtered out
Original prompt

This section details on the original issue you should resolve

<issue_title>Non-public middleware should be only used where appropriate</issue_title>
<issue_description>In internal middleware class should only be used within the same project. A private middleware class should not be used and should create a build error if it's not marked as ignored.</issue_description>

Comments on the Issue (you are @copilot in this section)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI self-assigned this Nov 9, 2025
@CLAassistant
Copy link

CLAassistant commented Nov 9, 2025
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ ejsmith
❌ Copilot
You have signed the CLA already but the status is still pending? Let us recheck it.

github-code-quality[bot]
github-code-quality bot found potential problems Nov 9, 2025
View reviewed changes
Copilot AI changed the title [WIP] Fix non-public middleware usage in internal project Enforce middleware accessibility rules: private rejected, internal scoped to assembly Nov 9, 2025
Copilot AI requested a review from ejsmith November 9, 2025 05:38
Copilot finished work on behalf of ejsmith November 9, 2025 05:38
ejsmith and others added 2 commits November 8, 2025 23:40
@ejsmith @github-code-quality
Potential fix for pull request finding 'Useless assignment to local v…
48c1d11 
…ariable'

Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
@ejsmith @github-code-quality
Potential fix for pull request finding 'Useless assignment to local v…
4a6bf78 
…ariable'

Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
@ejsmith ejsmith marked this pull request as ready for review November 9, 2025 05:50
@ejsmith ejsmith merged commit f445340 into main Nov 9, 2025
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@github-code-quality github-code-quality[bot] github-code-quality[bot] left review comments

@ejsmith ejsmith ejsmith approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@ejsmith ejsmith

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Non-public middleware should be only used where appropriate

3 participants

@CLAassistant @ejsmith