#25 (Apr 14, 2026, 1:35:27 PM)

Debugger (#1410)

* Add debugger backend.

This adds on a debugger to the evaluation loop, that allows for pausing,
saving state, then resuming from saved state.

* DAP debug server, multi-thread debugging, and iterative interpreter debug support

   - Add MSDebugServer implementing the Debug Adapter Protocol over TCP,
     with launch/attach modes, breakpoints, step-over/step-in/step-out,
     variable inspection, exception breakpoints, and watch expressions
   - Add multi-thread DAP support: register/unregister threads, per-thread
     pause states, sync and async stepping modes (sync blocks in place,
     async snapshots state and resumes on a new thread)
   - Refactor DebugContext into a full thread-aware debug state manager with
     per-thread StepMode, ThreadDebugState, and a thread registry for DAP
   - Add DaemonManager lifecycle listeners and thread-aware waitForThreads,
     so the debug session stays alive while background threads run
   - Extract spawnExecutionThread() to centralize execution thread lifecycle
     (run, await daemons, signal completion) in one place
   - Fix StackTraceManager thread affinity: remove isDebugAdopted flag so
     background threads (x_new_thread) get their own STM instead of sharing
     the main thread's, which was corrupting call depth for step-over
   - Fix skippingResume flag: clear unconditionally on source line change
     rather than requiring shouldStop=true, which blocked step-over returns
   - Add StackTraceFrame.getTarget() for debugger source mapping
   - Add Breakpoint condition/hitCount/logMessage support
   - Wire up cmdline interpreter (--debug flag) and lang server for DAP
   - Add DAPTestHarness and dual sync/async integration tests for step-over
     and multi-thread step-over scenarios
   - Add debugger dependency (lsp4j.debug) to pom.xml

* Add logpoint support

* Add attach mode and KEYPAIR security

* Add docs and final touches

* Debug infrastructure: managed mode, hit-count dedup, and comprehensive tests

- Enable managed execution mode in CommandHelperPlugin so the debug
   session survives script completion on embedded (Minecraft) servers
- Fix hit-count breakpoint deduplication: multiple AST nodes on the same
   source line no longer increment the hit counter more than once per
   visit. Uses column-based caching in ThreadDebugState to distinguish
   "same line, different node" from "new loop iteration, same first node"
- Add evaluateBreakpointCondition() to DebugContext with per-thread
   cache-aware hit-count and condition evaluation
- Add Breakpoint.getHitCount() getter
- Add MSDebugServer managed mode support: setManagedExecution(),
   startedOnHostMainThread capture, resumeOnHostMainThread() for
   resuming on the server main thread, dynamic scripting mode flag
   in evaluate handler
- Add 21 new DAP integration tests (39 total) covering: managed mode
   step-over, thread events, disconnect; variables/scopes; CArray
   expansion (indexed, associative, nested); evaluate expressions;
   exception breakpoints; conditional and hit-count breakpoints;
   step-in, step-out, step-in targets; disconnect resumes execution

* Fix flakey test
(commit: fbe26dd)

Bump ajv, @typespec/compiler, @typespec/http, @typespec/openapi, @typespec/openapi3 and @typespec/versioning (#1413)

Bumps [ajv](https://github.com/ajv-validator/ajv) to 8.18.0 and updates ancestor dependencies [ajv](https://github.com/ajv-validator/ajv), [@typespec/compiler](https://github.com/microsoft/typespec), [@typespec/http](https://github.com/microsoft/typespec), [@typespec/openapi](https://github.com/microsoft/typespec), [@typespec/openapi3](https://github.com/microsoft/typespec) and [@typespec/versioning](https://github.com/microsoft/typespec). These dependencies need to be updated together.


Updates `ajv` from 8.12.0 to 8.18.0
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](https://github.com/ajv-validator/ajv/compare/v8.12.0...v8.18.0)

Updates `@typespec/compiler` from 0.55.0 to 1.10.0
- [Release notes](https://github.com/microsoft/typespec/releases)
- [Commits](https://github.com/microsoft/typespec/compare/typespec@0.55.0...typespec-stable@1.10.0)

Updates `@typespec/http` from 0.55.0 to 1.10.0
- [Release notes](https://github.com/microsoft/typespec/releases)
- [Commits](https://github.com/microsoft/typespec/compare/typespec@0.55.0...typespec-stable@1.10.0)

Updates `@typespec/openapi` from 0.55.0 to 1.10.0
- [Release notes](https://github.com/microsoft/typespec/releases)
- [Commits](https://github.com/microsoft/typespec/compare/typespec@0.55.0...typespec-stable@1.10.0)

Updates `@typespec/openapi3` from 0.55.0 to 1.10.0
- [Release notes](https://github.com/microsoft/typespec/releases)
- [Commits](https://github.com/microsoft/typespec/compare/typespec@0.55.0...typespec-stable@1.10.0)

Updates `@typespec/versioning` from 0.55.0 to 0.80.0
- [Release notes](https://github.com/microsoft/typespec/releases)
- [Commits](https://github.com/microsoft/typespec/compare/typespec@0.55.0...@typespec/versioning@0.80.0)

---
updated-dependencies:
- dependency-name: ajv
  dependency-version: 8.18.0
  dependency-type: indirect
- dependency-name: "@typespec/compiler"
  dependency-version: 1.10.0
  dependency-type: direct:production
- dependency-name: "@typespec/http"
  dependency-version: 1.10.0
  dependency-type: direct:production
- dependency-name: "@typespec/openapi"
  dependency-version: 1.10.0
  dependency-type: direct:production
- dependency-name: "@typespec/openapi3"
  dependency-version: 1.10.0
  dependency-type: direct:production
- dependency-name: "@typespec/versioning"
  dependency-version: 0.80.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(commit: 3d62662)

fix: pom.xml to reduce vulnerabilities (#1405)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMMICROSOFTSQLSERVER-13821835

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
(commit: 1b47f92)

Bump com.microsoft.sqlserver:mssql-jdbc (#1404)

Bumps [com.microsoft.sqlserver:mssql-jdbc](https://github.com/Microsoft/mssql-jdbc) from 12.6.1.jre11 to 12.6.5.jre11.
- [Release notes](https://github.com/Microsoft/mssql-jdbc/releases)
- [Changelog](https://github.com/microsoft/mssql-jdbc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Microsoft/mssql-jdbc/commits)

---
updated-dependencies:
- dependency-name: com.microsoft.sqlserver:mssql-jdbc
  dependency-version: 12.6.5.jre11
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(commit: 66b102f)

Convert wiki to markdown in LangServ
(commit: 730f316)

Fix Debugger links
(commit: 06ccfdd)

Replace RSAEncrypt with SSHKeyPair supporting Ed25519/ECDSA/RSA; (#1414)

- Replace RSAEncrypt with SSHKeyPair, which uses java.security.Signature
   (sign/verify) instead of Cipher (encrypt/decrypt), enabling support
   for Ed25519 and ECDSA in addition to RSA
- Update DebugAuthenticator to use SSHKeyPair.verify()
- Update key-gen tool with -t flag for key type selection (default: Ed25519),
   dynamically listing supported types from the KeyType enum
- Replace RSAEncryptTest with parameterized SSHKeyPairTest covering all
   three key types
- Only advertise declaration, definition, and hover LSP capabilities
   when StaticAnalysis is globally enabled, fixing spurious "error
   analyzing included file" diagnostics for users with SA off
- Remove setLocalEnable(true) calls from LangServModel that were
   forcing SA on regardless of user config
(commit: eda1f13)

Fix which env bind uses
(commit: 9039fe8)

Revert build 622+.

Several incompatibilities with extensions were introduced, so these
changes are going to be reverted, and reintroduced after a version bump
to 3.3.6.
(commit: ac51418)