Merge branch 'main' into fix/defaultinterpreterpath-workspacefolder-global

Author: eleanorjboyd

build/azure-pipeline.npm.yml

@@ -20,7 +20,12 @@ parameters:
       - preview
 
   - name: publishPackage
-    displayName: 🚀 Publish to npm
+    displayName: 🚀 Publish npm
+    type: boolean
+    default: false
+
+  - name: publishToConsumptionFeed
+    displayName: 📡 Publish to msft_consumption feed
     type: boolean
     default: false
 
@@ -56,6 +61,18 @@ variables:
       value: next
     ${{ else }}:
       value: latest
+  - name: AzureArtifactsFeedUrl
+    value: 'https://pkgs.dev.azure.com/azure-public/vside/_packaging/python-environments/npm/registry/'
+  # Same URL without the https:// prefix (used in .npmrc auth lines)
+  - name: AzureArtifactsFeedUrlNoProtocol
+    value: 'pkgs.dev.azure.com/azure-public/vside/_packaging/python-environments/npm/registry/'
+  # Managed Identity service connection for Azure Artifacts auth (shared with Pylance)
+  - name: AzureServiceConnection
+    value: 'PylanceSecureVsIdePublishWithManagedIdentity'
+  - name: ConsumptionFeedUrl
+    value: 'https://pkgs.dev.azure.com/azure-public/vside/_packaging/msft_consumption/npm/registry/'
+  - name: ConsumptionFeedUrlNoProtocol
+    value: 'pkgs.dev.azure.com/azure-public/vside/_packaging/msft_consumption/npm/registry/'
 
 extends:
   template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate
@@ -97,30 +114,111 @@ extends:
                   targetFolder: $(Build.ArtifactStagingDirectory)
 
       - stage: Publish
-        displayName: Publish to npm
+        displayName: Publish to Azure Artifacts
         dependsOn: Build
         condition: and(succeeded(), eq('${{ parameters.publishPackage }}', 'true'))
         jobs:
           - job: PublishPackage
             displayName: Publish $(PackageName)
-            steps:
-              - task: DownloadPipelineArtifact@2
-                displayName: Download build artifact
-                inputs:
+            templateContext:
+              type: releaseJob
+              isProduction: true
+              inputs:
+                - input: pipelineArtifact
                   artifactName: npm-package
-                  targetPath: $(Build.ArtifactStagingDirectory)/npm-package
+                  targetPath: $(Pipeline.Workspace)/npm-package
+            steps:
+              - checkout: none
 
               - task: NodeTool@0
                 inputs:
                   versionSpec: '22.21.1'
                 displayName: Select Node version
 
-              - bash: echo '//registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}' > .npmrc
-                workingDirectory: $(Build.SourcesDirectory)/pythonEnvironmentsApi
-                displayName: Configure npm auth
+              # Acquire a short-lived AAD token via Managed Identity (no stored secrets)
+              # SEE https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-security-configuration/configuration-guides/pat-burndown-guidance
+              - task: AzureCLI@2
+                displayName: Acquire AAD token via Managed Identity
+                inputs:
+                  azureSubscription: '$(AzureServiceConnection)'
+                  scriptType: 'pscore'
+                  scriptLocation: 'inlineScript'
+                  inlineScript: |
+                    $token = az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv
+                    Write-Host "##vso[task.setvariable variable=AzdoToken;issecret=true]$token"
+
+              - powershell: |
+                  @"
+                  registry=$(AzureArtifactsFeedUrl)
+                  always-auth=true
+                  "@ | Out-File -FilePath .npmrc
+
+                  @"
+                  ; begin auth token
+                  //$(AzureArtifactsFeedUrlNoProtocol):username=VssSessionToken
+                  //$(AzureArtifactsFeedUrlNoProtocol):_authToken=$env:AZDO_TOKEN
+                  //$(AzureArtifactsFeedUrlNoProtocol):email=not-used@example.com
+                  ; end auth token
+                  "@ | Out-File -FilePath $HOME/.npmrc
+                env:
+                  AZDO_TOKEN: $(AzdoToken)
+                displayName: Create .npmrc files
+
+              - powershell: |
+                  $tgz = Get-ChildItem "$(Pipeline.Workspace)/npm-package/*.tgz" | Select-Object -First 1
+                  if (-not $tgz) {
+                      Write-Error "No .tgz file found in $(Pipeline.Workspace)/npm-package/"
+                      exit 1
+                  }
+                  Write-Host "Publishing: $($tgz.FullName)"
+                  if ("$(npmTag)" -eq "next") {
+                      npm publish $tgz.FullName --registry $(AzureArtifactsFeedUrl) --tag next --ignore-scripts
+                  } else {
+                      npm publish $tgz.FullName --registry $(AzureArtifactsFeedUrl) --ignore-scripts
+                  }
+                displayName: npm publish (${{ parameters.quality }})
+
+      - stage: PublishConsumption
+        displayName: Publish package to msft_consumption feed
+        dependsOn: Publish
+        condition: and(not(failed()), eq('${{ parameters.publishToConsumptionFeed }}', 'true'))
+        jobs:
+          - job: PullToConsumption
+            displayName: Pull $(PackageName) to msft_consumption
+            steps:
+              - checkout: none
+
+              - task: NodeTool@0
+                inputs:
+                  versionSpec: '22.21.1'
+                displayName: Select Node version
 
-              - bash: npm publish $(Build.ArtifactStagingDirectory)/npm-package/*.tgz --tag $(npmTag) --access public --ignore-scripts
-                displayName: Publish to npm (${{ parameters.quality }})
-                workingDirectory: $(Build.SourcesDirectory)/pythonEnvironmentsApi
+              - task: AzureCLI@2
+                displayName: Acquire AAD token via Managed Identity
+                inputs:
+                  azureSubscription: '$(AzureServiceConnection)'
+                  scriptType: 'pscore'
+                  scriptLocation: 'inlineScript'
+                  inlineScript: |
+                    $token = az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv
+                    Write-Host "##vso[task.setvariable variable=AzdoToken;issecret=true]$token"
+
+              - powershell: |
+                  @"
+                  registry=$(ConsumptionFeedUrl)
+                  always-auth=true
+                  "@ | Out-File -FilePath .npmrc
+
+                  @"
+                  ; begin auth token
+                  //$(ConsumptionFeedUrlNoProtocol):username=VssSessionToken
+                  //$(ConsumptionFeedUrlNoProtocol):_authToken=$env:AZDO_TOKEN
+                  //$(ConsumptionFeedUrlNoProtocol):email=not-used@example.com
+                  ; end auth token
+                  "@ | Out-File -FilePath $HOME/.npmrc
                 env:
-                  NODE_AUTH_TOKEN: $(NpmAuthToken)
+                  AZDO_TOKEN: $(AzdoToken)
+                displayName: Create .npmrc files
+
+              - script: npm i -g $(PackageName)@$(npmTag) --registry $(ConsumptionFeedUrl)
+                displayName: Pull to msft_consumption

build/azure-pipeline.stable.yml

@@ -112,7 +112,7 @@ extends:
           project: 'Monaco'
           definition: 593
           buildVersionToDownload: 'latestFromBranch'
-          branchName: 'refs/heads/release/2026.2'
+          branchName: 'refs/heads/release/2026.4'
           targetPath: '$(Build.SourcesDirectory)/python-env-tools/bin'
           artifactName: 'bin-$(buildTarget)'
           itemPattern: |

src/common/telemetry/constants.ts

@@ -50,6 +50,30 @@ export enum EventNames {
      */
     ENVIRONMENT_DISCOVERY = 'ENVIRONMENT_DISCOVERY',
     MANAGER_READY_TIMEOUT = 'MANAGER_READY.TIMEOUT',
+    /**
+     * Telemetry event for individual manager registration failure.
+     * Fires once per manager that fails during registration (inside safeRegister).
+     * Properties:
+     * - managerName: string (e.g. 'system', 'conda', 'pyenv', 'pipenv', 'poetry', 'shellStartupVars')
+     * - errorType: string (classified error category from classifyError)
+     */
+    MANAGER_REGISTRATION_FAILED = 'MANAGER_REGISTRATION.FAILED',
+    /**
+     * Telemetry event fired when the setup block appears to be hung.
+     * A watchdog timer fires after a deadline; if the setup completes normally,
+     * the timer is cancelled and this event never fires.
+     * Properties:
+     * - failureStage: string (which phase was in progress when the watchdog fired)
+     */
+    SETUP_HANG_DETECTED = 'SETUP.HANG_DETECTED',
+    /**
+     * Telemetry event for when a manager skips registration because its tool was not found.
+     * This is an expected outcome (not an error) and is distinct from MANAGER_REGISTRATION_FAILED.
+     * Properties:
+     * - managerName: string (e.g. 'conda', 'pyenv', 'pipenv', 'poetry')
+     * - reason: string ('tool_not_found')
+     */
+    MANAGER_REGISTRATION_SKIPPED = 'MANAGER_REGISTRATION.SKIPPED',
 }
 
 // Map all events to their properties
@@ -62,10 +86,17 @@ export interface IEventNamePropertyMapping {
     [EventNames.EXTENSION_ACTIVATION_DURATION]: never | undefined;
     /* __GDPR__
        "extension.manager_registration_duration": {
-           "duration" : { "classification": "SystemMetaData", "purpose": "FeatureInsight", "owner": "eleanorjboyd" }
+           "duration" : { "classification": "SystemMetaData", "purpose": "FeatureInsight", "owner": "eleanorjboyd" },
+           "result" : { "classification": "SystemMetaData", "purpose": "FeatureInsight", "owner": "StellaHuang95" },
+           "failureStage" : { "classification": "SystemMetaData", "purpose": "FeatureInsight", "owner": "StellaHuang95" },
+           "errorType" : { "classification": "SystemMetaData", "purpose": "FeatureInsight", "owner": "StellaHuang95" }
        }
     */
-    [EventNames.EXTENSION_MANAGER_REGISTRATION_DURATION]: never | undefined;
+    [EventNames.EXTENSION_MANAGER_REGISTRATION_DURATION]: {
+        result: 'success' | 'error';
+        failureStage?: string;
+        errorType?: string;
+    };
 
     /* __GDPR__
         "environment_manager.registered": {
@@ -239,4 +270,36 @@ export interface IEventNamePropertyMapping {
         managerId: string;
         managerKind: 'environment' | 'package';
     };
+
+    /* __GDPR__
+        "manager_registration.failed": {
+            "managerName": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "owner": "StellaHuang95" },
+            "errorType": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "owner": "StellaHuang95" }
+        }
+    */
+    [EventNames.MANAGER_REGISTRATION_FAILED]: {
+        managerName: string;
+        errorType: string;
+    };
+
+    /* __GDPR__
+        "setup.hang_detected": {
+            "failureStage": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "owner": "StellaHuang95" },
+            "<duration>": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "isMeasurement": true, "owner": "StellaHuang95" }
+        }
+    */
+    [EventNames.SETUP_HANG_DETECTED]: {
+        failureStage: string;
+    };
+
+    /* __GDPR__
+        "manager_registration.skipped": {
+            "managerName": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "owner": "StellaHuang95" },
+            "reason": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "owner": "StellaHuang95" }
+        }
+    */
+    [EventNames.MANAGER_REGISTRATION_SKIPPED]: {
+        managerName: string;
+        reason: 'tool_not_found';
+    };
 }

src/common/utils/asyncUtils.ts

@@ -1,4 +1,7 @@
 import { traceError } from '../logging';
+import { EventNames } from '../telemetry/constants';
+import { classifyError } from '../telemetry/errorClassifier';
+import { sendTelemetryEvent } from '../telemetry/sender';
 
 export async function timeout(milliseconds: number): Promise<void> {
     return new Promise<void>((resolve) => setTimeout(resolve, milliseconds));
@@ -13,5 +16,9 @@ export async function safeRegister(name: string, task: Promise<void>): Promise<v
         await task;
     } catch (error) {
         traceError(`Failed to register ${name} features:`, error);
+        sendTelemetryEvent(EventNames.MANAGER_REGISTRATION_FAILED, undefined, {
+            managerName: name,
+            errorType: classifyError(error),
+        });
     }
 }

src/extension.ts

@@ -17,6 +17,7 @@ import { clearPersistentState, setPersistentState } from './common/persistentSta
 import { newProjectSelection } from './common/pickers/managers';
 import { StopWatch } from './common/stopWatch';
 import { EventNames } from './common/telemetry/constants';
+import { classifyError } from './common/telemetry/errorClassifier';
 import {
     logDiscoverySummary,
     sendEnvironmentToolUsageTelemetry,
@@ -522,13 +523,34 @@ export async function activate(context: ExtensionContext): Promise<PythonEnviron
      * Below are all the contributed features using the APIs.
      */
     setImmediate(async () => {
+        let failureStage = 'nativeFinder';
+        // Watchdog: fires if setup hasn't completed within 120s, indicating a likely hang
+        const SETUP_HANG_TIMEOUT_MS = 120_000;
+        let hangWatchdogActive = true;
+        const clearHangWatchdog = () => {
+            if (!hangWatchdogActive) {
+                return;
+            }
+            hangWatchdogActive = false;
+            clearTimeout(hangWatchdog);
+        };
+        const hangWatchdog = setTimeout(() => {
+            if (!hangWatchdogActive) {
+                return;
+            }
+            hangWatchdogActive = false;
+            traceError(`Setup appears hung during stage: ${failureStage}`);
+            sendTelemetryEvent(EventNames.SETUP_HANG_DETECTED, start.elapsedTime, { failureStage });
+        }, SETUP_HANG_TIMEOUT_MS);
+        context.subscriptions.push({ dispose: clearHangWatchdog });
         try {
             // This is the finder that is used by all the built in environment managers
             const nativeFinder: NativePythonFinder = await createNativePythonFinder(outputChannel, api, context);
             context.subscriptions.push(nativeFinder);
             const sysMgr = new SysPythonManager(nativeFinder, api, outputChannel);
             sysPythonManager.resolve(sysMgr);
             // Each manager registers independently — one failure must not block the others.
+            failureStage = 'managerRegistration';
             await Promise.all([
                 safeRegister(
                     'system',
@@ -547,17 +569,23 @@ export async function activate(context: ExtensionContext): Promise<PythonEnviron
                 safeRegister('shellStartupVars', shellStartupVarsMgr.initialize()),
             ]);
 
+            failureStage = 'envSelection';
             await applyInitialEnvironmentSelection(envManagers, projectManager, nativeFinder, api);
 
             // Register manager-agnostic terminal watcher for package-modifying commands
+            failureStage = 'terminalWatcher';
             registerTerminalPackageWatcher(api, terminalActivation, outputChannel, context.subscriptions);
 
             // Register listener for interpreter settings changes for interpreter re-selection
+            failureStage = 'settingsListener';
             context.subscriptions.push(
                 registerInterpreterSettingsChangeListener(envManagers, projectManager, nativeFinder, api),
             );
 
-            sendTelemetryEvent(EventNames.EXTENSION_MANAGER_REGISTRATION_DURATION, start.elapsedTime);
+            sendTelemetryEvent(EventNames.EXTENSION_MANAGER_REGISTRATION_DURATION, start.elapsedTime, {
+                result: 'success',
+            });
+            clearHangWatchdog();
             try {
                 await terminalManager.initialize(api);
                 sendManagerSelectionTelemetry(projectManager);
@@ -570,11 +598,16 @@ export async function activate(context: ExtensionContext): Promise<PythonEnviron
                 traceError('Post-initialization tasks failed:', postInitError);
             }
         } catch (error) {
+            clearHangWatchdog();
             traceError('Failed to initialize environment managers:', error);
             sendTelemetryEvent(
                 EventNames.EXTENSION_MANAGER_REGISTRATION_DURATION,
                 start.elapsedTime,
-                undefined,
+                {
+                    result: 'error',
+                    failureStage,
+                    errorType: classifyError(error),
+                },
                 error instanceof Error ? error : undefined,
             );
             // Show a user-friendly error message

src/features/interpreterSelection.ts

@@ -106,10 +106,27 @@ async function resolvePriorityChainCore(
     // PRIORITY 3: User-configured python.defaultInterpreterPath
     const userInterpreterPath = getUserConfiguredSetting<string>('python', 'defaultInterpreterPath', scope);
     if (userInterpreterPath) {
-        if (!scope && userInterpreterPath.includes('${workspaceFolder}')) {
-            traceVerbose(
-                `${logPrefix} Skipping workspace-scoped defaultInterpreterPath during global resolution: ${userInterpreterPath}`,
-            );
+        const expandedInterpreterPath = resolveVariables(userInterpreterPath, scope);
+        if (expandedInterpreterPath.includes('${')) {
+            if (scope) {
+                // Workspace scope: unresolved variables are a genuine configuration error
+                traceWarn(
+                    `${logPrefix} defaultInterpreterPath '${userInterpreterPath}' contains unresolved variables, falling back to auto-discovery`,
+                );
+                const error: SettingResolutionError = {
+                    setting: 'defaultInterpreterPath',
+                    configuredValue: userInterpreterPath,
+                    reason: l10n.t('Path contains unresolved variables'),
+                };
+                errors.push(error);
+            } else {
+                // Global scope: workspace-specific variables like ${workspaceFolder} can't resolve here.
+                // This is expected when a workspace-level setting uses workspace variables —
+                // the per-folder chain handles them correctly. Silently skip to auto-discovery.
+                traceVerbose(
+                    `${logPrefix} defaultInterpreterPath '${userInterpreterPath}' contains workspace-specific variables, skipping for global scope`,
+                );
+            }
         } else {
             const expandedInterpreterPath = resolveVariables(userInterpreterPath, scope);
             if (expandedInterpreterPath.includes('${')) {