[dotnet-watch] http transport for mobile

[jonathanpeppers]

Context: #52492

dotnet watch for .NET MAUI Scenarios

Overview

This implements dotnet watch / Hot Reload for mobile platforms (Android, iOS), which cannot use the standard named pipe transport. Similar to how web applications already use websockets for reloading CSS and JavaScript, we use the same model for mobile applications.

Transport Selection

Platform	Transport	Reason
Desktop/Console	Named Pipe	Existing implementation, Fast, local IPC
Android/iOS	WebSocket	Named pipes don't work over the network; adb reverse tunnels the connection

dotnet-watch detects WebSocket transport via the HotReloadWebSockets capability:

<ProjectCapability Include="HotReloadWebSockets" />

Mobile workloads (Android, iOS) add this capability to their SDK targets. This allows any workload to opt into WebSocket-based hot reload.

SDK Changes

Architecture

Both named pipe and WebSocket transports now share a common ClientTransport abstraction consumed by DefaultHotReloadClient:

• NamedPipeClientTransport — existing local IPC path
• WebSocketClientTransport — new path for mobile, composes a sealed KestrelWebSocketServer

The agent side mirrors this with a Transport base class (NamedPipeTransport / WebSocketTransport).

WebSocket Details

dotnet-watch already has a WebSocket server for web apps: BrowserRefreshServer. This server:

• Hosts via Kestrel on a local HTTP or HTTPS endpoint (e.g., http://127.0.0.1:<port> or https://localhost:<port>)
• Communicates with JavaScript (aspnetcore-browser-refresh.js) injected into web pages
• Sends commands like "refresh CSS", "reload page", "apply Blazor delta"

For mobile, we reuse the Kestrel infrastructure but with a different protocol:

Server	Client	Protocol
BrowserRefreshServer	JavaScript in browser	JSON messages for CSS/page refresh
WebSocketClientTransport	Startup hook on device	Binary delta payloads (same as named pipe)

WebSocketClientTransport composes a sealed KestrelWebSocketServer (shared with BrowserRefreshServer) and speaks the same binary protocol as the named pipe transport, just over WebSocket instead. Static asset updates (CSS) are also supported.

WebSocket Authentication

To prevent unauthorized processes from connecting to the hot reload server, WebSocketClientTransport uses RSA-based authentication identical to BrowserRefreshServer:

1. Server generates RSA key pair: SharedSecretProvider creates a 2048-bit RSA key on startup
2. Public key exported: The public key (X.509 SubjectPublicKeyInfo, Base64-encoded) is passed to the app via DOTNET_WATCH_HOTRELOAD_WEBSOCKET_KEY
3. Client encrypts secret: The startup hook generates a random 32-byte secret, encrypts it with RSA-OAEP-SHA256 using the public key
4. Secret sent as subprotocol: The encrypted secret is URL-encoded (WebUtility.UrlEncode) and sent as the WebSocket subprotocol header — same encoding as BrowserRefreshServer
5. Server validates: WebSocketClientTransport.HandleRequestAsync decodes and decrypts the subprotocol value, accepting the connection only if decryption succeeds

HTTPS Support

KestrelWebSocketServer supports binding both HTTP and HTTPS ports simultaneously via the securePort parameter. When AgentWebSocketSecurePort is configured, the server binds a WSS endpoint alongside the WS endpoint.

Environment Variables

dotnet-watch launches the app via:

dotnet run --no-build \
  -e DOTNET_WATCH=1 \
  -e DOTNET_MODIFIABLE_ASSEMBLIES=debug \
  -e DOTNET_WATCH_HOTRELOAD_WEBSOCKET_ENDPOINT=ws://127.0.0.1:<port> \
  -e DOTNET_WATCH_HOTRELOAD_WEBSOCKET_KEY=<base64-encoded-rsa-public-key> \
  -e DOTNET_STARTUP_HOOKS=<path to DeltaApplier.dll>

The port is dynamically assigned (defaults to 0, meaning the OS picks an available port) to avoid conflicts in CI and parallel test scenarios. The DOTNET_WATCH_AGENT_WEBSOCKET_PORT environment variable can override this if a specific port is needed. DOTNET_WATCH_AGENT_WEBSOCKET_SECURE_PORT optionally enables WSS.

These environment variables are passed as @(RuntimeEnvironmentVariable) MSBuild items to the workload. See dotnet-run-for-maui.md for details on dotnet run and environment variables.

Android Workload Changes (Example Integration)

dotnet/android#10770 — RuntimeEnvironmentVariable Support

Enables the Android workload to receive env vars from dotnet run -e:

• Adds <ProjectCapability Include="RuntimeEnvironmentVariableSupport" />
• Adds <ProjectCapability Include="HotReloadWebSockets" /> to opt into WebSocket-based hot reload
• Configures @(RuntimeEnvironmentVariable) items, so they will apply to Android.

dotnet/android#10778 — dotnet-watch Integration

1. Startup Hook: Parses DOTNET_STARTUP_HOOKS, includes the assembly in the app package, rewrites the path to just the assembly name (since the full path doesn't exist on device)
2. Port Forwarding: Runs adb reverse tcp:<port> tcp:<port> so the device can reach the host's WebSocket server via 127.0.0.1:<port> (port is parsed from the endpoint URL)
3. Prevents Double Connection: Disables startup hooks in Microsoft.Android.Run (the desktop launcher) so only the mobile app connects

Data Flow

1. Build: dotnet-watch builds the project, detects HotReloadWebSockets capability
2. Launch: dotnet run -e DOTNET_WATCH_HOTRELOAD_WEBSOCKET_ENDPOINT=ws://127.0.0.1:<port> -e DOTNET_WATCH_HOTRELOAD_WEBSOCKET_KEY=<key> -e DOTNET_STARTUP_HOOKS=...
3. Workload: Android build tasks:a
   • Include the startup hook DLL in the APK
   • Set up ADB port forwarding for the dynamically assigned port
   • Rewrite env vars for on-device paths
4. Device: App starts → StartupHook loads → Transport.TryCreate() reads env vars → WebSocketTransport encrypts secret with RSA public key → connects to ws://127.0.0.1:<port> with encrypted secret as subprotocol
5. Server: WebSocketClientTransport validates the encrypted secret, accepts connection
6. Hot Reload: File change → delta compiled → sent over WebSocket → applied on device

iOS

Similar changes will be made in the iOS workload to opt into WebSocket-based hot reload:

• Add <ProjectCapability Include="HotReloadWebSockets" />
• Handle startup hooks and port forwarding similar to Android

Dependencies

• runtime#123964: [mono] read $DOTNET_STARTUP_HOOKS — needed for Mono runtime to honor startup hooks (temporary workaround via RuntimeHostConfigurationOption)

[Copilot]

Pull request overview

This PR adds a WebSocket-based hot reload transport to dotnet watch to support mobile scenarios (Android/iOS) where named pipes aren’t viable, selecting the transport via a new HotReloadWebSockets project capability.

Changes:

• Add WebSocket transport selection for hot reload (capability detection + mobile app model) and plumb a configurable port via environment options.
• Implement WebSocket server/client plumbing for hot reload (watch side Kestrel WebSocket server + agent-side WebSocket transport) while reusing the existing binary delta protocol.
• Add a new test project + test coverage validating WebSocket transport selection and hot reload behavior.

Reviewed changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
test/dotnet-watch.Tests/HotReload/MobileHotReloadTests.cs	Adds end-to-end test verifying WebSocket hot reload path is selected and works.
test/TestAssets/TestProjects/WatchMobileApp/WatchMobileApp.csproj	New test asset project that opts into WebSocket transport via HotReloadWebSockets capability.
test/TestAssets/TestProjects/WatchMobileApp/Program.cs	New test app used by dotnet watch tests to validate hot reload output changes.
test/Microsoft.Extensions.DotNetDeltaApplier.Tests/HotReloadClientTests.cs	Updates agent/client tests to use the new transport abstraction and listener.
src/BuiltInTools/Watch/UI/IReporter.cs	Adds a new debug descriptor to log “Application kind: WebSockets.”
src/BuiltInTools/Watch/Context/EnvironmentVariables.cs	Adds env var names + parsing for the hot reload HTTP port override and WebSocket endpoint name.
src/BuiltInTools/Watch/Context/EnvironmentOptions.cs	Adds HotReloadHttpPort option and wires it to environment variable reading.
src/BuiltInTools/Watch/Build/ProjectGraphUtilities.cs	Adds capability-based detection for WebSocket hot reload projects.
src/BuiltInTools/Watch/Build/BuildNames.cs	Introduces ProjectCapability.HotReloadWebSockets constant.
src/BuiltInTools/Watch/AppModels/MobileAppModel.cs	New app model that creates a MobileHotReloadClient (WebSocket-based).
src/BuiltInTools/Watch/AppModels/HotReloadAppModel.cs	Selects the mobile/WebSocket app model when capability is present.
src/BuiltInTools/HotReloadClient/Web/KestrelWebSocketServer.cs	New Kestrel-hosted WebSocket server base used by mobile hot reload.
src/BuiltInTools/HotReloadClient/MobileHotReloadClient.cs	Implements watch-side WebSocket hot reload client + server coordination.
src/BuiltInTools/HotReloadAgent.Host/Transport.cs	Introduces a transport abstraction for agent communications.
src/BuiltInTools/HotReloadAgent.Host/NamedPipeTransport.cs	Moves named-pipe specifics behind the new Transport abstraction.
src/BuiltInTools/HotReloadAgent.Host/WebSocketTransport.cs	Adds WebSocket transport implementation for the agent startup hook.
src/BuiltInTools/HotReloadAgent.Host/Listener.cs	Refactors the listener to work over the new transport abstraction (pipe or WebSocket).
src/BuiltInTools/HotReloadAgent.Host/StartupHook.cs	Switches startup hook connection logic to choose transport from env vars.
src/BuiltInTools/HotReloadAgent.Data/AgentEnvironmentVariables.cs	Adds DOTNET_WATCH_HOTRELOAD_WEBSOCKET_ENDPOINT constant.
documentation/specs/dotnet-watch-for-maui.md	Adds a spec describing capability detection, env vars, and workload integration points.

[tmat]

Finished another pass. Just a few minor comments.

[tmat]

/ba-g Linux CI leg is broken.