Add BrowserUserDataMode to separate user data dir from profile

[davidfowl]

Description

Follow-up to #16310 (tracked browser logs). This PR separates "which Chromium user data directory to use" from "which profile inside that directory to use", then finishes the shared/adopted browser-host path so browser logs can keep state across AppHost runs and stream browser logs back to the dashboard.

The latest design uses persistent Aspire-managed browser data hives for both modes. Aspire no longer points at the user's real Edge/Chrome profile, and Isolated is no longer temp-per-session.

What's new

• Adds BrowserUserDataMode:
  • Shared (default): use a persistent Aspire-managed user data directory shared across all AppHosts on the machine for the selected browser, for example %LocalAppData%\Aspire\BrowserData\shared\<browser> on Windows.
  • Isolated: use a persistent Aspire-managed user data directory scoped to the current AppHost project, for example %LocalAppData%\Aspire\BrowserData\isolated\<AppHost:PathSha256>\<browser> on Windows.
• Adds WithBrowserLogs(..., userDataMode: ...) and configuration via Aspire:Hosting:BrowserLogs[:{ResourceName}]:UserDataMode.
• Keeps browser/profile/user-data-mode configuration precedence in BrowserConfiguration, with explicit builder overrides grouped in BrowserConfigurationOverrides.
• Adds BrowserUserDataPathResolver for the Aspire-managed hive layout and ChromiumBrowserResolver for OS/browser executable and profile directory resolution.
• Keeps profile as a profile directory selection inside the shared browser hive; profile with Isolated is rejected.
• Makes default browser selection mode-aware: shared mode prefers Edge when available; otherwise Chrome/Edge fallback behavior is preserved.
• Surfaces effective user-data mode, browser executable, browser host ownership, active sessions, last error, target URL, target id, and CDP endpoint in the browser logs resource properties.
• Adds resource logs for host resolution, host ownership/adoption, target attach, connection loss, reconnect attempts, reconnect exhaustion, and host termination.
• Refreshes ATS code-generation snapshots for TypeScript, Go, Python, Java, and Rust so generated SDKs include BrowserUserDataMode and the new withBrowserLogs argument.

Shared/adopted browser architecture

• Introduces BrowserHostRegistry, keyed by normalized (browser executable, user data root), with exactly-once BrowserHostLease release.
• Adds owned vs adopted browser hosts:
  • Owned hosts spawn Chromium with --remote-debugging-address=127.0.0.1 and --remote-debugging-port=0, write endpoint metadata, and leave the browser process running when the AppHost exits.
  • Adopted hosts reuse a previously validated debug-enabled browser endpoint and never terminate the browser process.
• Adds aspire-debug-endpoint.json discovery/validation. Metadata is treated as a hint, not truth: schema, executable path, user data root, PID liveness, profile compatibility, and /json/version are validated before adoption; stale metadata is deleted.
• Moves page ownership into per-target sessions. Each tracked launch creates or reuses a tab, attaches to that target, and disposes by calling Target.closeTarget only.
• Removes the active Browser.close path so shared/adopted browser sessions cannot accidentally close the browser.
• Adds target lifecycle handling for Target.targetDestroyed, Target.targetCrashed, Target.detachedFromTarget, and Inspector.detached, using the event payload (params.targetId / params.sessionId) for correlation.
• Adds code comments describing the roles of the host registry, endpoint discovery, owned/adopted hosts, target sessions, dashboard manager, CDP target discovery subscription, timeout choices, and browser endpoint probing.
• Adds component-level tests for protocol lifecycle parsing, real CDP connection command/response/event routing over an in-memory WebSocket, fake-CDP page-session startup/instrumentation/event routing/reconnect/target cleanup, running-session event logging/completion cleanup, target lifecycle completion mapping, host registry sharing/profile rejection/validated endpoint adoption, dashboard Last error clearing, endpoint metadata serialization, and adopted-browser resource diagnostics.

Behavior

effective UserDataMode	profile	behavior
Shared	omitted	use the machine-wide persistent Aspire-managed hive for the selected browser; Chromium picks the configured startup/default profile
Shared	set	use the machine-wide persistent Aspire-managed hive for the selected browser; force that profile via --profile-directory
Isolated	omitted	use the persistent per-AppHost Aspire-managed hive for the selected browser
Isolated	set	invalid; reject

Reliability notes

• Persistent Aspire-managed hives avoid the old "normal user browser already owns the real profile" singleton conflict.
• Browser processes are intentionally left running after AppHost shutdown; the next AppHost run adopts the existing debug-enabled browser via the sidecar/CDP endpoint.
• Endpoint startup fails fast if the browser process exits before writing DevToolsActivePort and logs trace diagnostics while waiting for a fresh endpoint file.
• Stale DevToolsActivePort and Aspire endpoint metadata are not reused blindly, and endpoint metadata preserves non-ASCII paths/profile names.
• WebSocket close is bounded.
• Browser process and target-session disposables are cleaned up on setup failures.
• Malformed endpoint metadata is treated as stale instead of crashing discovery.
• Malformed CDP lifecycle events without params are ignored consistently.
• Failed launches and failed target sessions keep a Last error property and unhealthy health report so the dashboard keeps the diagnostic visible even when another tracked browser session is still running.
• Dispose/cleanup paths are hardened so one failing session stop does not strand other sessions or registry cleanup, lease release timeouts do not bubble out of session disposal, and _stopCts is always disposed.

Validation

• ./restore.sh
• dotnet test tests/Aspire.Hosting.Tests/Aspire.Hosting.Tests.csproj -- --filter-class "*.BrowserLogsCdpProtocolTests" --filter-class "*.BrowserLogsCdpConnectionTests" --filter-class "*.BrowserConnectionDiagnosticsLoggerTests" --filter-class "*.BrowserPageSessionTests" --filter-class "*.BrowserLogsRunningSessionTests" --filter-class "*.ChromiumDevToolsActivePortParserTests" --filter-class "*.BrowserLogsSessionManagerTests" --filter-class "*.BrowserLogsBuilderExtensionsTests" --filter-not-trait "quarantined=true" --filter-not-trait "outerloop=true" — 69 passed after adding baseline page-session, deterministic reconnect, running-session glue, adoption, and in-memory CDP connection coverage.
• Stress-ran the new in-memory BrowserLogsCdpConnection test 20 times.
• Stress-ran the new BrowserLogsRunningSession glue test 20 times.
• Stress-ran the deterministic reconnect test 20 times.
• dotnet build src/Aspire.Hosting/Aspire.Hosting.csproj /p:TreatWarningsAsErrors=false
• dotnet test for TwoPassScanning_GeneratesWithEnvironmentOnTestRedisBuilder in TypeScript, Go, Python, Java, and Rust code-generation test projects — 5 passed.
• git diff --check
• BrowserTelemetry playground E2E on latest head fb3fd5c0b:
  • Started playground/BrowserTelemetry with aspire start --isolated.
  • First open-tracked-browser created an Owned Edge session and dashboard console logs showed browser console + network entries with marker browserlogs-e2e-1777265425.
  • Stopped/restarted the AppHost and confirmed the Edge process stayed running.
  • Second open-tracked-browser used Browser host ownership: Adopted, reused the same browser CDP endpoint, and dashboard console logs showed adopted-session console + network entries with marker browserlogs-adopt-e2e-1777265512.
• Reran transient failed CI jobs; PR checks are green.

Fixes # (issue)

Checklist

• Is this feature complete?
  • Yes. Ready to ship.
  • No. Follow-up changes expected.
• Are you including unit tests for the changes and scenario tests if relevant?
  • Yes
  • No
• Did you add public API?
  • Yes
    • If yes, did you have an API Review for it?
      • Yes
      • No
    • Did you add <remarks /> and <code /> elements on your triple slash comments?
      • Yes
      • No
  • No
• Does the change make any security assumptions or guarantees?
  • Yes
    • If yes, have you done a threat model and had a security review?
      • Yes
      • No
  • No
• Does the change require an update in our Aspire docs?
  • Yes
    • Link to aspire.dev issue:
      • New issue
  • No

[github-actions]

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 16457

Or

• Run remotely in PowerShell:

iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 16457"

[Copilot]

Pull request overview

Adds a new user-data directory selection mode for tracked browser log sessions, separating “which Chromium user data dir to use” from “which profile inside that dir to use” to support either reusing real browser state or running from a clean temporary state.

Changes:

• Introduces BrowserUserDataMode (Shared default / Isolated) and threads it through WithBrowserLogs(...), configuration resolution, and resource properties.
• Updates browser launch behavior to use the real user data directory in Shared mode, including profile directory resolution via directory entries and Chromium “Local State” metadata.
• Expands unit tests to cover user data mode defaults/overrides and profile directory resolution behaviors.

Show a summary per file

File	Description
tests/Aspire.Hosting.Tests/BrowserLogsSessionManagerTests.cs	Adds coverage for profile directory resolution (case-insensitive + Local State display-name mapping + ambiguity).
tests/Aspire.Hosting.Tests/BrowserLogsBuilderExtensionsTests.cs	Adds coverage for default Shared mode, config parsing, explicit override precedence, and Isolated + profile rejection.
src/Aspire.Hosting/BrowserLogs/BrowserLogsRunningSession.cs	Implements user-data-mode-aware user data dir selection and profile directory resolution; passes resolved directory name to --profile-directory.
src/Aspire.Hosting/BrowserLogs/BrowserLogsResource.cs	Adds the public BrowserUserDataMode enum and stores resolved/override mode on the resource.
src/Aspire.Hosting/BrowserLogs/BrowserLogsBuilderExtensions.cs	Extends public API + configuration parsing/validation and surfaces “User data mode” as a resource property.

Copilot's findings

• Files reviewed: 5/5 changed files
• Comments generated: 1

[github-actions]

Re-running the failed jobs in the CI workflow for this pull request because 1 job was identified as retry-safe transient failures in the CI run attempt.
GitHub was asked to rerun all failed jobs for that attempt, and the rerun is being tracked in the rerun attempt.
The job links below point to the failed attempt jobs that matched the retry-safe transient failure rules.

• Tests / Hosting-1 / Hosting-1 (windows-latest) - Job-level runner or infrastructure failure matched the transient allowlist.

[JamesNK]

The ratio of code to unit tests for this feature concerns me. More tests that verify a baseline of this feature works would be good.

[davidfowl]

The ratio of code to unit tests for this feature concerns me. More tests that verify a baseline of this feature works would be good.

Unit tests are not going to determine if this feature works (though I'll add any low hanging fruit). Still need to figure out how to automate end to end testing this one. We're going to need to actually invest in playwright tests (I know how much you love those).

[davidfowl]

Consolidated BrowserLogs smoke-test/update

Consolidating the previous Windows smoke-test notes and the follow-up usability thread into one current status update.

What changed after the previous run

The earlier comments were based on the intermediate design where Shared meant the user's real Edge/Chrome profile and Isolated meant a temporary profile. That exposed the expected Chromium singleton problem when Edge was already open normally.

The PR has since been updated so both modes use persistent Aspire-managed browser data hives instead:

• Shared: machine-wide per browser, e.g. %LocalAppData%\Aspire\BrowserData\shared\<browser>.
• Isolated: per AppHost + browser, e.g. %LocalAppData%\Aspire\BrowserData\isolated\<AppHost:PathSha256>\<browser>.

That means the default Shared path no longer points at the user's real Edge/Chrome profile, so the old "normal browser already owns the real profile" out-of-box failure is superseded by the new design. The browser is also intentionally left running when the AppHost exits, and later AppHost runs adopt it through the sidecar/CDP endpoint.

The latest review feedback was also addressed:

• Session-manager disposal catches per-session StopAsync failures and still disposes locks/session factory.
• Browser host lease release timeout was raised to cover browser startup lock contention and release timeout cancellation is swallowed at the lease boundary.
• Running-session cleanup now always disposes _stopCts in finally.

Latest validation

• Earlier Windows PR CLI smoke on faa9cbb passed the basic tracked-browser scenarios and identified the real-profile Shared-mode usability issue.
• Latest BrowserTelemetry playground E2E on fb3fd5c0b:
  • First open-tracked-browser created an Owned Edge session.
  • Browser console and network logs flowed to web-browser-logs.
  • After AppHost stop/start, the Edge process stayed running.
  • The next open-tracked-browser used Browser host ownership: Adopted, reused the same browser CDP endpoint, and still streamed console/network logs.
• Reran the transient failed CI jobs; PR checks are now green.

[JamesNK]

3 issues found (all in the dispose/cleanup path): 2 resource leaks from unhandled exceptions in dispose sequences, 1 timeout mismatch between lease release and lock hold time. All are edge-case correctness issues in the new browser host lifecycle management.

[github-actions]

🎬 CLI E2E Test Recordings — 76 recordings uploaded (commit fb3fd5c)

View all recordings

Status	Test	Recording
❔	AddPackageInteractiveWhileAppHostRunningDetached	▶️ View Recording
❔	AddPackageWhileAppHostRunningDetached	▶️ View Recording
❔	AgentCommands_AllHelpOutputs_AreCorrect	▶️ View Recording
❔	AgentInitCommand_DefaultSelection_InstallsSkillOnly	▶️ View Recording
❔	AgentInitCommand_MigratesDeprecatedConfig	▶️ View Recording
❔	AspireAddPackageVersionToDirectoryPackagesProps	▶️ View Recording
❔	AspireUpdateRemovesAppHostPackageVersionFromDirectoryPackagesProps	▶️ View Recording
❔	Banner_DisplayedOnFirstRun	▶️ View Recording
❔	Banner_DisplayedWithExplicitFlag	▶️ View Recording
❔	Banner_NotDisplayedWithNoLogoFlag	▶️ View Recording
❔	CertificatesClean_RemovesCertificates	▶️ View Recording
❔	CertificatesTrust_WithNoCert_CreatesAndTrustsCertificate	▶️ View Recording
❔	CertificatesTrust_WithUntrustedCert_TrustsCertificate	▶️ View Recording
❔	ConfigSetGet_CreatesNestedJsonFormat	▶️ View Recording
❔	CreateAndRunAspireStarterProject	▶️ View Recording
❔	CreateAndRunAspireStarterProjectWithBundle	▶️ View Recording
❔	CreateAndRunEmptyAppHostProject	▶️ View Recording
❔	CreateAndRunJavaEmptyAppHostProject	▶️ View Recording
❔	CreateAndRunJsReactProject	▶️ View Recording
❔	CreateAndRunPythonReactProject	▶️ View Recording
❔	CreateAndRunTypeScriptEmptyAppHostProject	▶️ View Recording
❔	CreateAndRunTypeScriptStarterProject	▶️ View Recording
❔	CreateJavaAppHostWithViteApp	▶️ View Recording
❔	CreateTypeScriptAppHostWithViteApp_UsesConfiguredToolchain	▶️ View Recording
❔	DashboardRunWithOtelTracesReturnsNoTraces	▶️ View Recording
❔	DeployK8sBasicApiService	▶️ View Recording
❔	DeployK8sWithGarnet	▶️ View Recording
❔	DeployK8sWithMongoDB	▶️ View Recording
❔	DeployK8sWithMySql	▶️ View Recording
❔	DeployK8sWithPostgres	▶️ View Recording
❔	DeployK8sWithRabbitMQ	▶️ View Recording
❔	DeployK8sWithRedis	▶️ View Recording
❔	DeployK8sWithSqlServer	▶️ View Recording
❔	DeployK8sWithValkey	▶️ View Recording
❔	DeployTypeScriptAppToKubernetes	▶️ View Recording
❔	DescribeCommandResolvesReplicaNames	▶️ View Recording
❔	DescribeCommandShowsRunningResources	▶️ View Recording
❔	DetachFormatJsonProducesValidJson	▶️ View Recording
❔	DetachFormatJsonProducesValidJsonWhenRestartingExistingInstance	▶️ View Recording
❔	DoListStepsShowsPipelineSteps	▶️ View Recording
❔	DocsCommand_RendersInteractiveMarkdownFromLocalSource	▶️ View Recording
❔	DoctorCommand_DetectsDeprecatedAgentConfig	▶️ View Recording
❔	DoctorCommand_TypeScriptAppHostReportsMissingConfiguredToolchain	▶️ View Recording
❔	DoctorCommand_WithSslCertDir_ShowsTrusted	▶️ View Recording
❔	DoctorCommand_WithoutSslCertDir_ShowsPartiallyTrusted	▶️ View Recording
❔	DotnetToolInstall_CreateAndRunAspireStarterProject	▶️ View Recording
❔	GlobalMigration_HandlesCommentsAndTrailingCommas	▶️ View Recording
❔	GlobalMigration_HandlesMalformedLegacyJson	▶️ View Recording
❔	GlobalMigration_PreservesAllValueTypes	▶️ View Recording
❔	GlobalMigration_SkipsWhenNewConfigExists	▶️ View Recording
❔	GlobalSettings_MigratedFromLegacyFormat	▶️ View Recording
❔	InitTypeScriptAppHost_AugmentsExistingViteRepoAtRoot	▶️ View Recording
❔	InvalidAppHostPathWithComments_IsHealedOnRun	▶️ View Recording
❔	LegacySettingsMigration_AdjustsRelativeAppHostPath	▶️ View Recording
❔	LogsCommandShowsResourceLogs	▶️ View Recording
❔	OtelLogsReturnsStructuredLogsFromStarterAppCore	▶️ View Recording
❔	PsCommandListsRunningAppHost	▶️ View Recording
❔	PsFormatJsonOutputsOnlyJsonToStdout	▶️ View Recording
❔	PublishWithConfigureEnvFileUpdatesEnvOutput	▶️ View Recording
❔	PublishWithDockerComposeServiceCallbackSucceeds	▶️ View Recording
❔	PublishWithoutOutputPathUsesAppHostDirectoryDefault	▶️ View Recording
❔	RestoreGeneratesSdkFiles	▶️ View Recording
❔	RestoreGeneratesSdkFiles_WithConfiguredToolchain	▶️ View Recording
❔	RestoreRefreshesGeneratedSdkAfterAddingIntegration	▶️ View Recording
❔	RestoreSupportsConfigOnlyHelperPackageAndCrossPackageTypes	▶️ View Recording
❔	RunFromParentDirectory_UsesExistingConfigNearAppHost	▶️ View Recording
❔	SecretCrudOnDotNetAppHost	▶️ View Recording
❔	SecretCrudOnTypeScriptAppHost	▶️ View Recording
❔	StagingChannel_ConfigureAndVerifySettings_ThenSwitchChannels	▶️ View Recording
❔	StartAndWaitForTypeScriptSqlServerAppHostWithNativeAssets	▶️ View Recording
❔	StopAllAppHostsFromAppHostDirectory	▶️ View Recording
❔	StopAllAppHostsFromUnrelatedDirectory	▶️ View Recording
❔	StopNonInteractiveMultipleAppHostsShowsError	▶️ View Recording
❔	StopNonInteractiveSingleAppHost	▶️ View Recording
❔	StopWithNoRunningAppHostExitsSuccessfully	▶️ View Recording
❔	UnAwaitedChainsCompileWithAutoResolvePromises	▶️ View Recording

---

_{📹 Recordings uploaded automatically from CI run #24976401472}

[aspire-repo-bot]

Pull request created: #753

Generated by PR Documentation Check

[aspire-repo-bot]

A draft documentation PR has been opened on microsoft/aspire.dev to cover the BrowserUserDataMode changes in this PR.

Target branch: main (falling back to main because release/13.3 does not exist on microsoft/aspire.dev)

What was documented (branch: docs/browser-logs-user-data-mode):

• New page src/frontend/src/content/docs/app-host/browser-logs.mdx
  • WithBrowserLogs usage with C# and TypeScript AppHost examples
  • BrowserUserDataMode.Shared (default) vs BrowserUserDataMode.Isolated — explains persistent Aspire-managed hives, browser adoption across AppHost runs, and the machine-wide vs per-project data directory distinction
  • Browser selection (msedge, chrome, explicit executable path) and the mode-aware defaults
  • profile parameter with the Isolated-rejection note
  • Configuration via Aspire:Hosting:BrowserLogs[:ResourceName]:{Browser,Profile,UserDataMode}
  • Experimental feature caution (ASPIREBROWSERLOGS001)
• Sidebar entry added under AppHost → Resource types

The draft PR needs human review before merging — in particular, TypeScript withBrowserLogs option bag shape and any dashboard screenshots you'd like to add.

Note

🔒 Integrity filter blocked 4 items

The following items were blocked because they don't meet the GitHub integrity level.

• #740 list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #667 list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #656 list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #593 list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

Generated by PR Documentation Check for issue #16457 · ● 3.9M · ◷