Sr. Content Developer at Microsoft, working remotely in PA, TechBash conference organizer, former Microsoft MVP, Husband, Dad and Geek.
156795 stories
·
33 followers

1.0.68

1 Share

2026-07-01

  • Add support for the kimi-k2.7-code model
  • The focused field in the /mcp config form is marked with a "❯ " chevron, not color alone
  • Keep IDE tools available during transient IDE disconnects, returning a clear error while disconnected and recovering automatically when the IDE reconnects
  • Tab completion shows slash command aliases inline (e.g. /pr automerge|agentmerge)
  • Stop hooks from erroring and denying every tool when a session's working directory or git worktree has been deleted
  • Keep the footer model status in sync when reasoning effort or context tier changes
  • Avoid duplicate skill and command parse errors from symlinked scan roots
  • Update the Sessions sidebar branch after /cd and /worktree
  • Find agents and instructions under Win32 extended-length paths on Windows
  • Show descriptions for slash-command input choices
  • Prevent terminal corruption when copying selected timeline text on macOS
  • Fold symlinked sandbox paths into a single row
  • Browse, resume, and switch between sessions from the agents screen
  • Code review retries transient git failures when gathering changes
  • Skip malformed plugin manifests and keep loading valid plugins
  • Show plan budget details in the statusline and /usage for supported plans
  • Render Thai and Devanagari text correctly in clipped output
  • Keep file edits and patches within the sandbox filesystem policy
  • Preserve wrapped OSC 8 hyperlink IDs in terminal output
  • Let device-managed settings override server-managed settings
  • Keep embedded /skill tokens in skill prompt context
  • Let git commands work from repo subdirectories in the sandbox
  • PowerShell variable references no longer trigger content-policy refusals
  • Tell the agent when the working directory changes between turns so it uses the new directory for commands and relative paths
  • Default to a steady vertical-bar cursor in interactive sessions
  • Disable cursor blinking at startup without changing cursor shape
  • Reject sandbox path edits that conflict with symlinks in other lists
  • Keep the status line visible when the slash-command picker opens
  • Custom agents keep their tool filters in nested subagents
  • Preserve multibyte characters (emoji, accents, non-Latin text) in the /diagnose session log excerpt
Read the whole story
alvinashcraft
just a second ago
reply
Pennsylvania, USA
Share this story
Delete

Upcoming Change: NTLM Removal in Git (libcurl) – Impact to Azure DevOps Server Customers

1 Share

Overview

In September 2026, NTLM support will be removed from libcurl, which is used by Git for HTTP(S) operations. As a result, Git operations over HTTPS against Azure DevOps Server (on-premises) will stop working for customers who rely on NTLM authentication. This change is part of a broader industry move toward more secure authentication mechanisms.

Many environments may be affected even if they believe they are using Kerberos. This is because Negotiate (SPNEGO) authentication can silently fall back to NTLM when Kerberos is not properly configured, leading to unintentional dependency on NTLM.

If your environment currently depends on NTLM authentication, you will need to transition to a supported alternative before it is removed. Based on current guidance, customers should move to Kerberos authentication wherever possible and avoid continued reliance on NTLM, as it is deprecated and will not be supported going forward. While older Git client versions may temporarily continue to support NTLM, this approach is strongly discouraged due to security risks and its limited viability as a long-term solution. Moving away from NTLM also improves your organization’s security posture by eliminating legacy authentication protocols, strengthens compliance alignment with modern identity standards, and ensures future readiness as platforms continue to deprecate NTLM.

Who Is Impacted

This change primarily affects Azure DevOps Server customers in the following scenarios:

  • Environments where IIS is configured with both Negotiate and NTLM enabled, especially if NTLM remains available as a fallback.
  • Environments where Kerberos is not fully configured end-to-end, including missing or incorrect SPNs, DNS aliases, load balancer configuration, or delegation requirements.
  • Customers who believe they are using Kerberos but have not validated it, because SPNEGO/Negotiate can silently fall back to NTLM.
  • Clients or automation running in contexts where Kerberos cannot obtain a valid service ticket, such as non-domain-joined machines, workgroup machines, service accounts, build agents, or machines outside the corporate network without line of sight to a domain controller.
  • Environments that rely on older Git clients or temporary NTLM re-enable settings to keep Azure DevOps Server Git operations working.

These configurations may continue to work today because NTLM is available as a fallback, but they are at risk of breaking once NTLM support is removed from Git/libcurl. Customers should validate whether Kerberos is actually being used and remediate any fallback to NTLM before September 2026.

What you need to do

To prepare for this change, we recommend the following steps:

1. Determine if you are using NTLM

Customers should validate whether their Git connections are using Kerberos or NTLM. Azure DevOps Server accepts both via Windows Integrated Authentication, and “Negotiate” can silently fall back to NTLM, so a working connection doesn’t reveal which is in use. Recent Git for Windows builds disable NTLM by default, so connections that relied on it will now fail.

Recommended actions:

1. Look for the NTLM warning

  • If a remote Git operation shows an NTLM warning message then the connection is using NTLM

GCM NTLM warning message

  • Likewise, if your operation fails with the following error message from Git on the terminal then you are attempting to use NTLM

Warning: Due to its cryptographic weaknesses, NTLM authentication has been disabled in Git by default. You can re-enable it for trusted servers by running: git config set >http.http://localhost:8080.allowNTLMAuth true

2. Check the Kerberos ticket cache

  • Run a remote Git operation the check for a service ticket for the server:
klist purg 
git fetch 
klist

A ticket with Server: HTTP/tfs.contoso.com confirms Kerberos; no such ticket means NTLM (or auth failed).

3. Inspect the HTTP trace from Git

  • Enable request tracing and run a remote operation:
set GIT_TRACE_CURL=1
set GIT_TRACE_REDACT=0
git fetch 2> trace.txt

In the trace.txt file if you see the Authorization: line NTLM TlRMT… this means that NTLM is being used. If you see Negotiate <token></token> then to confirm the token is for a Kerberos negotiation you can run this small PowerShell command to inspect the token:

$token = "paste the token from the Authorization: Negotiate line here"; $b=[Convert]::FromBase64String($token -replace '\s'); if([Text.Encoding]::ASCII.GetString($b) -match 'NTLMSSP'){'NTLM'}elseif([BitConverter]::ToString($b) -match '2A-86-48-86-F7-12-01-02-02'){'Kerberos'}else{'Unknown'}

2. Ensure Kerberos is fully working by September 2026

To avoid disruption, ensure Kerberos authentication is correctly configured end-to-end.

This includes:

  • Proper Service Principal Names (SPNs)
  • Domain controller connectivity from client machines
  • Correct IIS configuration

With recent Git improvements, Kerberos support is becoming easier to use without additional configuration.

3. Plan for NTLM fallback removal

NTLM fallback, including fallback through SPNEGO/Negotiate, will no longer be available once NTLM support is removed from Git/libcurl. Customers should plan now to remove any dependency on NTLM and validate that Kerberos works end-to-end.

Recommended planning guidance:

  • Do not rely on NTLM fallback as a long-term mitigation.
  • Do not plan to re-enable NTLM after removal; there will be no supported way to continue using it.
  • Avoid downgrading Git to retain NTLM support, as this introduces security risk and only delays remediation.
  • For workgroup-joined environments or clients where Kerberos is not feasible, evaluate SSH authentication for Git operations, if SSH is supported and enabled in the Azure DevOps Server deployment.
  • Validate Kerberos now and address any configuration gaps before September 2026.

If you have questions or need help preparing for this change, please reach out through your usual Azure DevOps support channels.

The post Upcoming Change: NTLM Removal in Git (libcurl) – Impact to Azure DevOps Server Customers appeared first on Azure DevOps Blog.

Read the whole story
alvinashcraft
38 seconds ago
reply
Pennsylvania, USA
Share this story
Delete

Daily Reading List – July 1, 2026 (#816)

1 Share

We’ve somehow got both tomorrow and Friday off for our Independence Day holiday. I’ll still probably do a reading list both days. I’m sure the anticipation will keep you up tonight.

[article] “Code should be regenerated, not maintained”: Codeplain makes the case for spec-driven development. I’d imagine that for most people, this approach breaks a lot of things. Which might not be a bad thing.

[article] Five tools to bolster your AI coding stack. Good list. Covers things like testing environments, validation tools, and security services.

[blog] Get started with the Claude apps gateway for Google Cloud. If you care about performance, you probably already point to Anthropic models hosted on Google Cloud. Now you can run their new apps gateway here too and get enterprise management.

[article] How top PMs increase their leverage with AI. This has a framework you might apply to a few different disciplines, not just PM.

[blog] Driving the Agent Quality Flywheel from Your Coding Agent. Build better agents by running better evals. Here’s a skill you can install that gets you further along.

[blog] GenPage: Towards End-to-End Generative Homepage Construction at Netflix. Cool details from Netflix on their generative UIs, with fine-tuned models underneath.

[article] .NET’s long-term support is not long-term enough, dev complains. I’m sure it’s tough to keep up with nonstop language updates. I’d be surprised if the answer will be “support for longer” or “slow down.” Related.

[blog] AI shouldn’t shrink headcount. It should shrink teams. There are downstream implications of the “smaller, faster teams” push. Doesn’t mean you shouldn’t do it, but be prepared.

[blog] Gemini Spark updates: macOS launch, connected apps and more. Personal agents are here for everyone. It’ll take time to figure out what to do with them!

[blog] Hugging Face and Cerebras bring Gemma 4 to real-time voice AI. Cool demo from the team at Hugging Face.

[blog] Faster Gemma 4 on MLX with multi-token prediction. Another Gemma-related item from the community, this time from Ollama.

Want to get this update sent to you every day? Subscribe to my RSS feed or subscribe via email below:



Read the whole story
alvinashcraft
43 seconds ago
reply
Pennsylvania, USA
Share this story
Delete

TeamCity 2026.1.2 and 2025.11.6 Are Now Available

1 Share

Today we’re releasing two bug-fix updates for TeamCity On-Premises 2025.11 and 2026.1 servers. The 2026.1.2 update addresses a little over 10 issues, including the following:

  • Stop build command from the server may cancel the step set to be always executed;
  • Personal builds fail during agent-side checkout when unshelving certain Perforce changelists;
  • Premature AWS credentials expiration;
  • Using slashes in AWS S3 bucket prefixes leads to a signature mismatch.

Version 2025.11.6 focuses exclusively on resolving security issues and does not include general bug fixes. To keep your server secure, we strongly recommend installing this update.

See TeamCity 2026.1.2 Release Notes and TeamCity 2025.11.6 Release Notes for the complete list of resolved issues.

Why update?

Staying up to date with minor releases ensures your TeamCity instance benefits from the following:

  • Performance improvements.
  • Better compatibility with integrations.
  • Faster, more stable builds.
  • Enhanced security for your workflows.

Compatibility

TeamCity 2026.1.2 shares the same data format as all 2026.1.x releases. You can upgrade or downgrade within this series without the need for backup and restoration.

How to upgrade

  1. Use the automatic update feature in your current TeamCity version.
  2. Download the latest version directly from the JetBrains website.
  3. Pull the updated TeamCity Docker image.

Need help?

Thank you for reporting issues and providing feedback! If you have questions or run into any problems, please let us know via the TeamCity Forum or Issue Tracker.

Happy building!

Read the whole story
alvinashcraft
48 seconds ago
reply
Pennsylvania, USA
Share this story
Delete

Beta SDKs for the 2026-07-28 MCP Spec Release Candidate Are Here

1 Share

The MCP protocol is about to undergo its biggest revision since launch. As you might’ve seen from our recent release candidate announcement, the new protocol revision goes stateless, removing the initialize handshake and the protocol-level session, and completing the plan we laid out in The Future of MCP Transports. If you’re building MCP servers, you can now scale them using a simple round-robin load balancer, removing the need to manage sticky sessions and to store shared sessions. For client developers, new patterns, like Multi Round-Trip Requests (MRTR) enable a whole new range of possibilities for server-to-client interactions. You can check out the full changelog to see what’s coming.

Starting today you can test all the forthcoming updates to the protocol with all four Tier 1 SDKs, led by Python v2 and TypeScript v2, with Go and C# betas also available. We encourage you to run the beta SDKs against your real workloads and tell us what breaks as we inch closer to the actual spec revision. The new protocol specification will be launched on July 28, 2026.

Three-layer stack: the MCP specification at the base, SDKs (Python, TypeScript, Go, C#, and more) in the middle, and clients and servers built on top.

Your existing server keeps working

First, we want to reassure you that for existing clients and servers nothing breaks today, and nothing breaks on July 28 either. This is merely the date when the normative specification text is published and is not a switch-off for any implementers relying on the current protocol version.

The SDK beta releases exist so you can test the protocol changes and give us feedback before the new specification is locked. For any critical workloads, the stable SDK releases remain the recommended versions.

You might’ve seen that some of the SDKs, like Python and TypeScript, have also switched to v2. Those are new major versions, so moving your own code onto them is a breaking change, and one you can take on your own schedule; it is separate from anything that happens on July 28. Once v2 ships, the TypeScript SDK will continue shipping v1.x bug fixes and security updates for at least six months, and the Python v1.x branch continues to receive critical bug fixes and security patches.

Trying a beta is safe because it is opt-in at every step. Installing the Python, Go, or C# SDK without explicitly requesting a pre-release still resolves to a stable version; the TypeScript v2 packages are new package names with no stable release yet, so installing them is itself the opt-in. In the TypeScript and Go SDKs, the opt-in extends to the wire: upgrading does not by itself change what your server speaks over HTTP. Serving 2026-07-28 is an explicit choice you make when you wire up the transport. A Python or C# server picks up the new revision on upgrade instead: a Python v2 server answers both protocol revisions from one endpoint, and the C# preview’s HTTP transport defaults to the new stateless mode. And clients that speak 2026-07-28 fall back to the initialize handshake when they reach a server on 2025-11-25 or earlier, so old servers and new clients keep interoperating.

If you want to make sure your own users are not caught out:

  • If you publish a library that depends on the Python mcp package, add an upper bound now (for example mcp>=1.27,<2) so the stable v2 release does not surprise your users.
  • When you test a beta, pin the exact version. Public APIs may still change between the beta and the stable releases.

What beta SDKs implement

All four beta releases implement the core protocol changes from the release candidate, with each release’s notes detailing which changes are covered. The RC announcement covers the changes in depth, but if you’re curious about the short version:

  • The stateless core (SEP-2575, SEP-2567). Every request is self-describing, capabilities come from server/discover, and any server instance can handle any request.
  • Multi Round-Trip Requests (MRTR) (SEP-2322). Tools can return InputRequiredResult to ask the user something mid-call, and the client retries with the answers. No long-lived stream required!
  • Routable transport headers (SEP-2243). Mcp-Method rides on every request, and Mcp-Name on requests that name a tool, resource, or prompt, so gateways and rate limiters can route without parsing bodies.
  • Authorization hardening, including iss validation per RFC 9207 (SEP-2468), application_type in Dynamic Client Registration (SEP-837), scope accumulation on step-up (SEP-2350), and credential binding to the issuing authorization server (SEP-2352). The application_type change is the one desktop and CLI clients will feel: authorization servers stop defaulting them to "web" and rejecting their localhost redirects.
  • Standard error codes (SEP-2164). A missing resource now returns JSON-RPC -32602 instead of the MCP-custom -32002. If your client matches on the literal value, you should update it.
  • Deprecation annotations (SEP-2577) on roots, sampling, and logging. This is advisory only, as the deprecated methods, types, and capability flags keep working in this release and in every specification version published within a year of it.

The full protocol text is in the draft specification, and the changelog lists every change against 2025-11-25.

Python: mcp v2

The v2 line is a rework of the package you already know: FastMCP becomes MCPServer, and the decorator API carries over. A complete server still looks like this:

from mcp.server import MCPServer

mcp = MCPServer("Demo")


@mcp.tool()
def add(a: int, b: int) -> int:
    """Add two numbers."""
    return a + b


@mcp.resource("greeting://{name}")
def greeting(name: str) -> str:
    """Greet someone by name."""
    return f"Hello, {name}!"

As in v1, there is no JSON Schema to write, as idiomatic Python constructs take over. Install the beta with an exact pin, since unpinned installs stay on v1.x:

uv add "mcp[cli]==2.0.0b1"
# or
pip install "mcp[cli]==2.0.0b1"

If you have a v1 server today, the migration guide walks through every breaking change.

On the protocol side, the beta speaks 2026-07-28 end to end: servers answer the new server/discover method, and the client’s default mode probes it and falls back to initialize on older servers. Upgrading your server does not strand existing clients: a v2 server answers the legacy initialize handshake alongside server/discover, so clients on 2025-11-25 keep connecting. You can test all of it in-process: pass your MCPServer instance directly to Client (async with Client(mcp) as client:) and it connects in memory, the same pattern as FastAPI’s TestClient. No subprocess, no port. The SDK documentation has the tutorial and the full API reference.

TypeScript: split packages

TypeScript v2 retires the monolithic @modelcontextprotocol/sdk package in favor of focused ones, like @modelcontextprotocol/server for servers, @modelcontextprotocol/client for clients, plus thin adapters for Node.js, Express, Hono, and Fastify. It is ESM-only and runs on Node.js 20+, Bun, and Deno. Tool schemas now use Standard Schema, so you can bring Zod v4, Valibot, ArkType, or any compatible library.

You can bootstrap a minimal server like this:

import { McpServer } from "@modelcontextprotocol/server";
import { StdioServerTransport } from "@modelcontextprotocol/server/stdio";
import * as z from "zod/v4";

const server = new McpServer({ name: "greeting-server", version: "1.0.0" });

server.registerTool(
  "greet",
  {
    description: "Greet someone by name",
    inputSchema: z.object({ name: z.string() }),
  },
  async ({ name }) => ({
    content: [{ type: "text", text: `Hello, ${name}!` }],
  }),
);

async function main() {
  const transport = new StdioServerTransport();
  await server.connect(transport);
}

main();

To install any of the packages, you can use the now-familiar npm commands:

npm install @modelcontextprotocol/server@beta
npm install @modelcontextprotocol/client@beta

For HTTP deployments, which is where the stateless protocol pays off, createMcpHandler from @modelcontextprotocol/server is the entry point. It serves 2026-07-28 per request and handles 2025-11-25 traffic from the same endpoint, with the adapter packages connecting it to Node.js, Express, Hono, and Fastify.

Migrating from v1 is mostly mechanical, and there is a codemod that does the boring parts for you, including the rename from .tool() to registerTool and the error-type renames. You can get it with:

npx @modelcontextprotocol/codemod@beta v1-to-v2 .

The repository ships two guides that will help you along the way:

While it might seem confusing, these two are standalone steps - you can move to v2 now and turn on the new protocol revision when you are ready. The v2 API documentation covers the rest.

Go and C#

The Go and C# betas take a slightly gentler path - there is no package split and no rework of the API you use day to day.

The Go SDK ships 2026-07-28 support in v1.7.0-pre.1, on the same module path as the version you are already using:

go get github.com/modelcontextprotocol/go-sdk@v1.7.0-pre.1

Serving the new revision over HTTP is the same explicit choice as in TypeScript: the streamable HTTP transport accepts 2026-07-28 only when you set StreamableHTTPOptions.Stateless = true. Leave it unset and clients negotiate down to 2025-11-25. The release notes walk through every protocol change and the SDK documentation will cover the updated API.

The C# beta, in turn, is released as the 2.0.0-preview.1 version of the ModelContextProtocol packages:

dotnet add package ModelContextProtocol --prerelease

Stable v1.x APIs keep working in v2. The breaking changes are confined to the capabilities the specification deprecates (roots, sampling, and logging), which are marked [Obsolete] with pointers to their replacements, and to experimental APIs whose contracts changed as the specification settled. The preview release notes include a per-SEP implementation table, and the SDK documentation will have the updated API reference once the package is stable.

Give us your feedback

We’re a mere four weeks away until the specification is final. We need your help to make the release smoother!

  1. Install a beta in a branch of your server and run your real traffic against it, not just the happy path.

  2. If you operate behind a gateway or load balancer, serve the stateless path and see whether your routing still needs anything the protocol no longer provides. In TypeScript that path is createMcpHandler; in Go, set StreamableHTTPOptions.Stateless = true; in Python, the v2 HTTP app answers both protocol revisions from one endpoint.

  3. File what you find. SDK problems go to the issue tracker for the SDK you are using:

    And if you spot issues with the protocol itself, go to the specification repository.

It’s worth noting that public APIs may still change between the betas and the stable releases, so pin exact versions. Your feedback in the next four weeks is what they will be built from. And if you have other feedback or want to engage with SDK maintainers, join our contributor Discord.

We’re excited to see what you build!

Read the whole story
alvinashcraft
57 seconds ago
reply
Pennsylvania, USA
Share this story
Delete

Why we built ADK 2.0

1 Share
Answering the questions of "why we built ADK 2.0". This explains the rationale, some of the features, and why a developer should consider upgrading. This will be published the day after ADK go 2.0 launches.
Read the whole story
alvinashcraft
9 hours ago
reply
Pennsylvania, USA
Share this story
Delete
Next Page of Stories