Add banned API analyzer to guard the reference assembly surface#2447
Merged
Sergio0694 merged 2 commits intoJun 17, 2026
Merged
Conversation
Sergio0694
force-pushed
the
user/sergiopedri/ref-assembly-setup
branch
from
8d17cee to
a27b766
Compare
Base automatically changed from
user/sergiopedri/ref-assembly-setup
to
staging/winrt-runtime-ref-assembly
June 17, 2026 18:58
Add Microsoft.CodeAnalysis.BannedApiAnalyzers to central package versions and include it as a private analyzer when building the reference assembly. Add a BannedSymbols.txt listing the WindowsRuntimeImplementationOnlyMemberAttribute to prevent implementation-only types from being exposed in the published ref assembly. Rearrange and annotate the WinRT.Runtime.csproj property groups for implementation vs reference assembly builds, set RS0030 as an error to fail on leaked private APIs, and wire BannedSymbols.txt as an AdditionalFiles input for the analyzer.
Add #define WINDOWS_RUNTIME_IMPLEMENTATION_ONLY_FILE to several implementation-only sources (Activation/WindowsRuntimeActivationArgsReference.cs, WindowsRuntimeActivationFactoryCallback.cs, WindowsRuntimeActivationTypes.cs, Windows.Foundation/TrustLevel.cs) so they can be excluded from reference-assembly builds. Tidy WinRT.Runtime.csproj Compile Remove entries (self-closing tags / spacing) and add exclusion for Windows.UI.Xaml.Interop to ensure implementation-only folders are removed from reference builds.
Sergio0694
force-pushed
the
user/sergiopedri/banned-api-analyzer
branch
from
378d716 to
4237af9
Compare
manodasanW
approved these changes
Jun 17, 2026
Sergio0694
merged commit cadd7eb
into
staging/winrt-runtime-ref-assembly
11 checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the
Microsoft.CodeAnalysis.BannedApiAnalyzersanalyzer to the reference assembly build ofWinRT.Runtime, to enforce that no implementation-only types can leak into the public API surface. Also marks several implementation-only types that had been missed, so they are correctly stripped from the reference assembly.Motivation
WinRT.Runtimeships a custom reference assembly that strips out all private implementation detail types. Implementation-only types are marked with[WindowsRuntimeImplementationOnlyMember]and live in source files that opt out of the reference assembly build via#define WINDOWS_RUNTIME_IMPLEMENTATION_ONLY_FILE. Until now this relied entirely on manual discipline: if a type was not correctly marked or excluded, it would silently leak into the public reference assembly, leaking abstract members to downstream consumers and breaking reference projections.The banned API analyzer turns this into a compile-time guarantee. The marker attribute itself is added to the banned symbols list, so any implementation-only type that survives into the reference assembly build is immediately flagged. The diagnostic (
RS0030) is promoted to an error for the reference assembly build, so a leak fails the build even during local prototyping, catching the problem as early as possible.While enabling the analyzer, it surfaced a few implementation-only types that had been missed; those are now correctly excluded.
Changes
src/Directory.Packages.props: add theMicrosoft.CodeAnalysis.BannedApiAnalyzerspackage version.WinRT.Runtime.csproj: reference the banned API analyzer and includeBannedSymbols.txt(both only for the reference assembly build), promoteRS0030to an error in that build, and addWindows.UI.Xaml.Interop\**to the excluded implementation-only folders. The two configurationPropertyGroups are also reorganized under clearerSettings for the implementation/reference assemblyheaders.BannedSymbols.txt: new file banningWindowsRuntime.WindowsRuntimeImplementationOnlyMemberAttributein the reference assembly.WindowsRuntimeActivationArgsReference.cs,WindowsRuntimeActivationFactoryCallback.cs,WindowsRuntimeActivationTypes.cs,TrustLevel.cs: mark these previously-missed implementation-only sources with#define WINDOWS_RUNTIME_IMPLEMENTATION_ONLY_FILEso they are excluded from the reference assembly.