dotnet
diff --git a/‎src/sdk/.editorconfig‎
Lines changed: 1 addition & 0 deletions b/‎src/sdk/.editorconfig‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/sdk/.github/copilot-instructions.md‎
Lines changed: 1 addition & 3 deletions b/‎src/sdk/.github/copilot-instructions.md‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎src/sdk/.github/workflows/backport.yml‎
Lines changed: 1 addition & 0 deletions b/‎src/sdk/.github/workflows/backport.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/sdk/.vscode/mcp.json‎
Lines changed: 1 addition & 1 deletion b/‎src/sdk/.vscode/mcp.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/sdk/CODEOWNERS‎
Lines changed: 4 additions & 4 deletions b/‎src/sdk/CODEOWNERS‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎src/sdk/Directory.Build.props‎
Lines changed: 3 additions & 0 deletions b/‎src/sdk/Directory.Build.props‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/sdk/cli.slnf‎
Lines changed: 1 addition & 1 deletion b/‎src/sdk/cli.slnf‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/sdk/documentation/general/dotnet-run-file.md‎
Lines changed: 61 additions & 119 deletions b/‎src/sdk/documentation/general/dotnet-run-file.md‎
Lines changed: 61 additions & 119 deletions
diff --git a/‎src/sdk/documentation/specs/dotnet-watch-for-maui.md‎
Lines changed: 119 additions & 0 deletions b/‎src/sdk/documentation/specs/dotnet-watch-for-maui.md‎
Lines changed: 119 additions & 0 deletions
@@ -173,6 +173,7 @@ file_header_template = Licensed to the .NET Foundation under one or more agreeme
 dotnet_code_quality.ca1802.api_surface = private, internal
 dotnet_code_quality.ca1822.api_surface = private, internal
 dotnet_code_quality.ca2208.api_surface = public
+dotnet_public_api_analyzer.require_api_files = true
 # Mark attributes with AttributeUsageAttribute
 dotnet_diagnostic.CA1018.severity = warning
 # Properties should not be write only
 
@@ -6,11 +6,9 @@ Coding Style and Changes:
 - Code should match the style of the file it's in.
 - Changes should be minimal to resolve a problem in a clean way.
 - User-visible changes to behavior should be considered carefully before committing. They should always be flagged.
-- When generating code, run `dotnet format` to ensure uniform formatting.
+- Only edit the files that are necessary to address the specific issue. Do not run `dotnet format` or make formatting changes to additional files.
 - Prefer using file-based namespaces for new code.
 - Do not allow unused `using` directives to be committed.
-- Commit your changes, and then format them.
-- Add the format commit SHA to the .git-blame-ignore-revs file so that the commit doesn't dirty git blame in the future
 - Use `#if NET` blocks for .NET Core specific code, and `#if NETFRAMEWORK` for .NET Framework specific code.
 
 Testing:
 
@@ -13,6 +13,7 @@ jobs:
   backport:
     uses: dotnet/arcade/.github/workflows/backport-base.yml@main
     with:
+        pr_labels: backport
         pr_description_template: |
           Backport of #%source_pr_number% to %target_branch%
 
 
@@ -1,6 +1,6 @@
 {
 	"servers": {
-		"ms.docs": {
+		"ms-docs": {
 			"url": "https://learn.microsoft.com/api/mcp",
 			"type": "http"
 		}
 
@@ -1,4 +1,4 @@
-# This is a comment.
+# This is a comment.
 # Each line is a file pattern followed by one or more owners.
 # Syntax: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-syntax
 
@@ -80,9 +80,9 @@
 /test/TestAssets/TestProjects/Watch*/ @tmat @dotnet/roslyn-ide
 /test/dotnet-watch.Tests/ @tmat @dotnet/roslyn-ide
 /test/Microsoft.AspNetCore.Watch.BrowserRefresh.Tests/ @dotnet/aspnet-blazor-eng
-/src/BuiltInTools/* @tmat @dotnet/roslyn-ide
-/src/BuiltInTools/BrowserRefresh @dotnet/aspnet-blazor-eng
-/src/BuiltInTools/AspireService @dotnet/aspnet-blazor-eng
+/src/Dotnet.Watch/ @tmat @dotnet/roslyn-ide
+/src/Dotnet.Watch/BrowserRefresh @dotnet/aspnet-blazor-eng
+/src/Dotnet.Watch/AspireService @dotnet/aspnet-blazor-eng
 
 # Compatibility tools owned by runtime team
 /src/Compatibility/ @dotnet/area-infrastructure-libraries
 
@@ -27,6 +27,9 @@
     <OSName Condition="'$(OSName)' == '' AND $(PortableTargetRid) != ''">$(PortableTargetRid.Substring(0, $(PortableTargetRid.LastIndexOf('-'))))</OSName>
     <OSName Condition="'$(OSName)' == '' AND $(TargetRid) != ''">$(TargetRid.Substring(0, $(TargetRid.LastIndexOf('-'))))</OSName>
     <OSName Condition="'$(OSName)' == ''">$(HostOSName)</OSName>
+
+    <!-- Workaround for https://github.com/NuGet/Home/issues/14745 -->
+    <SDKAnalysisLevel>10.0.200</SDKAnalysisLevel>
   </PropertyGroup>
 
   <PropertyGroup>
 
@@ -2,7 +2,7 @@
   "solution": {
     "path": "sdk.slnx",
     "projects": [
-      "src\\BuiltInTools\\dotnet-watch\\dotnet-watch.csproj",
+      "src\\Dotnet.Watch\\dotnet-watch\\dotnet-watch.csproj",
       "src\\Cli\\dotnet\\dotnet.csproj",
       "src\\Cli\\Microsoft.DotNet.Cli.Utils\\Microsoft.DotNet.Cli.Utils.csproj",
       "test\\dotnet-new.IntegrationTests\\dotnet-new.IntegrationTests.csproj",
 
@@ -0,0 +1,119 @@
+# `dotnet watch` for .NET MAUI Scenarios
+
+## Overview
+
+This spec describes how `dotnet watch` provides Hot Reload for mobile platforms (Android, iOS), which cannot use the standard named pipe transport. Similar to how web applications already use websockets for reloading CSS and JavaScript, we will use the same model for mobile applications.
+
+## Transport Selection
+
+| Platform        | Transport  | Reason                                                                        |
+|-----------------|------------|-------------------------------------------------------------------------------|
+| Desktop/Console | Named Pipe | Existing implementation, Fast, local IPC                                      |
+| Android/iOS     | WebSocket  | Named pipes don't work over the network; `adb reverse` tunnels the connection |
+
+`dotnet-watch` detects WebSocket transport via the `HotReloadWebSockets` capability:
+
+```xml
+<ProjectCapability Include="HotReloadWebSockets" />
+```
+
+Mobile workloads (Android, iOS) add this capability to their SDK targets. This allows any workload to opt into WebSocket-based hot reload.
+
+## SDK Changes ([dotnet/sdk#52581](https://github.com/dotnet/sdk/pull/52581))
+
+### WebSocket Details
+
+`dotnet-watch` already has a WebSocket server for web apps: `BrowserRefreshServer`. This server:
+
+- Hosts via Kestrel on `https://localhost:<port>`
+- Communicates with JavaScript (`aspnetcore-browser-refresh.js`) injected into web pages
+- Sends commands like "refresh CSS", "reload page", "apply Blazor delta"
+
+For mobile, we reuse the Kestrel infrastructure but with a different protocol:
+
+| Server                     | Client                 | Protocol                                   |
+|----------------------------|------------------------|--------------------------------------------|
+| `BrowserRefreshServer`     | JavaScript in browser  | JSON messages for CSS/page refresh         |
+| `WebSocketClientTransport` | Startup hook on device | Binary delta payloads (same as named pipe) |
+
+The mobile transport (`WebSocketClientTransport`) composes a sealed `KestrelWebSocketServer` and speaks the same binary protocol as the named pipe transport, just over WebSocket instead.
+
+### WebSocket Authentication
+
+To prevent unauthorized processes from connecting to the hot reload server, `WebSocketClientTransport` uses RSA-based authentication identical to `BrowserRefreshServer`:
+
+1. **Server generates RSA key pair:** `SharedSecretProvider` creates a 2048-bit RSA key on startup
+2. **Public key exported:** The public key (X.509 SubjectPublicKeyInfo, Base64-encoded) is passed to the app via `DOTNET_WATCH_HOTRELOAD_WEBSOCKET_KEY`
+3. **Client encrypts secret:** The startup hook generates a random 32-byte secret, encrypts it with RSA-OAEP-SHA256 using the public key
+4. **Secret sent as subprotocol:** The encrypted secret is Base64-encoded (URL-safe: `-` for `+`, `_` for `/`, no padding) and sent as the WebSocket subprotocol header
+5. **Server validates:** `WebSocketClientTransport.HandleRequestAsync` decrypts the subprotocol value and accepts the connection only if decryption succeeds
+
+This ensures only processes that received the public key via the environment variable can connect. The URL-safe Base64 encoding is required because WebSocket subprotocol tokens cannot contain `+`, `/`, or `=` characters.
+
+**Environment variables:**
+- `DOTNET_WATCH_HOTRELOAD_WEBSOCKET_ENDPOINT` — WebSocket URL (e.g., `ws://127.0.0.1:5432`)
+- `DOTNET_WATCH_HOTRELOAD_WEBSOCKET_KEY` — RSA public key (Base64-encoded)
+
+### 1. WebSocket Capability Detection
+
+[ProjectGraphUtilities.cs](../../src/Dotnet.Watch/Watch/Build/ProjectGraphUtilities.cs) checks for the `HotReloadWebSockets` capability.
+
+### 2. MobileAppModel
+
+Creates a `DefaultHotReloadClient` with a `WebSocketClientTransport` instead of the default `NamedPipeClientTransport`.
+
+### 3. Environment Variables
+
+`dotnet-watch` launches the app via:
+
+```dotnetcli
+dotnet run --no-build \
+  -e DOTNET_WATCH=1 \
+  -e DOTNET_MODIFIABLE_ASSEMBLIES=debug \
+  -e DOTNET_WATCH_HOTRELOAD_WEBSOCKET_ENDPOINT=ws://127.0.0.1:<port> \
+  -e DOTNET_WATCH_HOTRELOAD_WEBSOCKET_KEY=<base64-encoded-rsa-public-key> \
+  -e DOTNET_STARTUP_HOOKS=<path to DeltaApplier.dll>
+```
+
+The port is dynamically assigned (defaults to 0, meaning the OS picks an available port) to avoid conflicts in CI and parallel test scenarios. The `DOTNET_WATCH_AGENT_WEBSOCKET_PORT` environment variable can override this if a specific port is needed.
+
+These environment variables are passed as `@(RuntimeEnvironmentVariable)` MSBuild items to the workload. See [dotnet-run-for-maui.md](dotnet-run-for-maui.md) for details on `dotnet run` and environment variables.
+
+## Android Workload Changes (Example Integration)
+
+### [dotnet/android#10770](https://github.com/dotnet/android/pull/10770) — RuntimeEnvironmentVariable Support
+
+Enables the Android workload to receive env vars from `dotnet run -e`:
+
+- Adds `<ProjectCapability Include="RuntimeEnvironmentVariableSupport" />`
+- Adds `<ProjectCapability Include="HotReloadWebSockets" />` to opt into WebSocket-based hot reload
+- Configures `@(RuntimeEnvironmentVariable)` items, so they will apply to Android.
+
+### [dotnet/android#10778](https://github.com/dotnet/android/pull/10778) — dotnet-watch Integration
+
+1. **Startup Hook:** Parses `DOTNET_STARTUP_HOOKS`, includes the assembly in the app package, rewrites the path to just the assembly name (since the full path doesn't exist on device)
+2. **Port Forwarding:** Runs `adb reverse tcp:<port> tcp:<port>` so the device can reach the host's WebSocket server via `127.0.0.1:<port>` (port is parsed from the endpoint URL)
+3. **Prevents Double Connection:** Disables startup hooks in `Microsoft.Android.Run` (the desktop launcher) so only the mobile app connects
+
+## Data Flow
+
+1. **Build:** `dotnet-watch` builds the project, detects `HotReloadWebSockets` capability
+2. **Launch:** `dotnet run -e DOTNET_WATCH_HOTRELOAD_WEBSOCKET_ENDPOINT=ws://127.0.0.1:<port> -e DOTNET_WATCH_HOTRELOAD_WEBSOCKET_KEY=<key> -e DOTNET_STARTUP_HOOKS=...`
+3. **Workload:** Android build tasks:
+   - Include the startup hook DLL in the APK
+   - Set up ADB port forwarding for the dynamically assigned port
+   - Rewrite env vars for on-device paths
+4. **Device:** App starts → StartupHook loads → `Transport.TryCreate()` reads env vars → `WebSocketTransport` encrypts secret with RSA public key → connects to `ws://127.0.0.1:<port>` with encrypted secret as subprotocol
+5. **Server:** `WebSocketClientTransport` validates the encrypted secret, accepts connection
+6. **Hot Reload:** File change → delta compiled → sent over WebSocket → applied on device
+
+## iOS
+
+Similar changes will be made in the iOS workload to opt into WebSocket-based hot reload:
+
+- Add `<ProjectCapability Include="HotReloadWebSockets" />`
+- Handle startup hooks and port forwarding similar to Android
+
+## Dependencies
+
+- **[runtime#123964](https://github.com/dotnet/runtime/pull/123964):** [mono] read `$DOTNET_STARTUP_HOOKS` — needed for Mono runtime to honor startup hooks (temporary workaround via `RuntimeHostConfigurationOption`)
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"servers": {`
`3`		`- "ms.docs": {`
	`3`	`+ "ms-docs": {`
`4`	`4`	`"url": "https://learn.microsoft.com/api/mcp",`
`5`	`5`	`"type": "http"`
`6`	`6`	`}`