Weekly .NET Roundup: Support deadlines, agents in CI, MAUI UI

Welcome to this week's .NET Roundup. Microsoft set a clear planning deadline with .NET 8 and .NET 9 ending support on November 10, 2026, pushing teams to budget upgrade work toward .NET 10 and revisit TargetFramework and dependency constraints. On the AI tooling side, the focus shifted from chat-based demos to repeatable workflows: MCP-powered build diagnostics in GitHub Actions, practical auditing and OpenTelemetry for agent governance, and patterns for building tools (Functions, search) with safer data access. We also saw platform-focused updates like SkiaSharp 4 for .NET MAUI, a C# preview feature for closed class hierarchies, Azure Blob client-side integrity checks reaching GA, and a useful warning about ambiguous routes when inheriting ASP.NET Core controllers.

This Week's Overview

.NET support timelines and upgrade pressure

Building on last week's emphasis on servicing fixes and staying current with supported runtimes, Microsoft put a firm date on the next support cliff: both .NET 8 and .NET 9 reach end of support on November 10, 2026. After that, you lose security fixes and official support, so the practical path for most teams is to retarget to .NET 10 to stay supported through November 2028 (the next LTS window). The announcement is a reminder that even if you standardized on .NET 8 LTS, your planning horizon is now tied to that 2026 cutoff, and upgrade work needs to be scheduled like any other operational dependency.

That date also landed amid renewed complaints that .NET's “long-term support” is not long enough for large organizations with slower validation cycles. The DevClass piece connects the short LTS window to real behaviors teams fall into: staying on .NET Framework longer than intended, or holding libraries back on .NET Standard 2.0 targets to avoid breaking older apps. If you own platform libraries, this is the week to revisit your TargetFramework strategy, publish an internal upgrade calendar, and sanity-check dependencies that might pin you to older runtimes (including data providers and native/OS-integrated packages).

Agentic .NET workflows: MCP, governance, and practical tooling

This week connected multiple strands of “agents in .NET” into a more end-to-end story: run tool-based AI in your dev workflow (MCP), instrument and audit what agents do (governance + telemetry), and build real tools (search, Azure Functions) with safer data access patterns. The common theme is moving beyond chat into repeatable, reviewable workflows that fit CI and production constraints.

Build diagnostics in CI with the Microsoft Binlog MCP Server

Following last week's introduction of the Microsoft Binlog MCP Server for interactive build-log investigation, Microsoft showed how to run it inside GitHub Actions so a PR failure can automatically trigger analysis of MSBuild binlogs and post a root-cause comment with suggestions. The key shift is that the “agent” is embedded in CI, not a developer's IDE session, so the output becomes part of the code review trail and can reduce time spent manually downloading and inspecting binlogs.

The post also catalogs related Binlog MCP tools and includes evaluation results comparing tool-based setups to a no-tools baseline. For .NET teams with flaky builds, complex MSBuild graphs, or multi-project solutions, this pattern is most useful when you standardize binlog capture in CI and make the MCP analysis an always-on step for failed builds.

Auditing and OpenTelemetry telemetry for Agent Governance Toolkit

Building on last week's thread about making agent behavior observable and policy-driven, a separate tutorial walked through adding auditing and OpenTelemetry-based telemetry to Microsoft's Agent Governance Toolkit (AGT) using a .NET Core sample. Governance events are written to Azure Blob Storage using Append Blob (a practical choice for immutable, append-only audit trails), while metrics and traces are exported to Application Insights for operational visibility.

The post includes policy examples (including direct allow/deny evaluation), KQL queries to interrogate the data in Application Insights, and guidance on sanitizing sensitive data before it lands in audit logs. If you are prototyping agent tooling internally, this is a concrete template for meeting basic compliance expectations early: you can prove what the agent did, when, and under which policy decision, without relying on “best effort” logging.

Building and exposing agent tools: search, Azure Functions, and safer data access

After last week's focus on OpenAI-compatible endpoints and middleware “production shape” for agents, two hands-on videos focused on tool-building plumbing: one creates a web-search tool using SearXNG in Docker Desktop and calls it from a .NET Agent Framework agent, paired with a locally hosted model via Ollama. That combination is a practical pattern for teams that want tool calling without sending prompts to a hosted model, while still keeping search results available to the agent at runtime.

Another video demonstrates exposing a .NET Azure Function as an MCP tool using Visual Studio 2026, creating a Functions project with an McpToolTrigger, then validating it with MCP Inspector. Together, these examples make MCP “tool endpoints” feel more like normal .NET services: something you can build, deploy, and test, then hand to an agent runtime to call.

On the safety side, Agent Framework's Agent Harness guidance adds guardrails around working with local and remote data: file access tools, human approvals (including standing approvals and auto-approval rules), and durable memory stored either on disk or in Microsoft Foundry memory. In practice, this pushes agent apps toward explicit permissioning and auditable user intent, which matters once agents can touch real files or business data.

Architectures for agents: Orleans and durable multi-agent workflows

Continuing last week's push from “agent demos” toward durable, production-friendly patterns, the .NET AI Community Standup made the case for Orleans as a foundation for AI agents, especially when you need stateful, long-running conversations and reliable coordination of distributed workloads. Orleans' virtual actor model maps naturally to “entities with state and behavior” (for example, an agent per user or per case), and it helps with persistence and concurrency without forcing you to hand-roll coordination logic.

On the applied side, an On .NET Live episode showcased Archaios, an AI-powered archaeology exploration platform that processes large LiDAR datasets and integrates satellite data via Google Earth Engine. The pipeline uses .NET with Azure Durable Functions plus Semantic Kernel-based multi-agent workflows to orchestrate long-running steps and collaborative reasoning, which is a useful reference if you are building agents that must run reliably over large datasets and long durations.

UI and graphics: SkiaSharp 4 lands for .NET MAUI

SkiaSharp 4.148.0 shipped as the first stable release of v4, updating the underlying Skia engine to m148 and focusing on a mix of new capabilities and cleanup. The release highlights new font and image features (including OpenType variable fonts and Animated WebP support), plus API and lifecycle fixes that should reduce edge-case friction for apps that render across platforms.

For .NET MAUI developers, the stable v4 line matters because SkiaSharp often sits on critical rendering paths (custom drawing, charts, image processing), and upgrades can affect both correctness and performance. Microsoft also called out measured performance gains and provided a preview channel update, which is useful if you want to test m148 behavior before committing across your app fleet.

The MAUI Community Standup episode complements the release post with a developer-focused walkthrough of what changed and what it means for MAUI apps, then rounds up community activity like MAUI UI July, recent releases, and contributions. If you maintain a MAUI app with SkiaSharp-based controls, this is a good week to plan a controlled upgrade and validate font rendering, animation behavior, and any platform-specific drawing differences.

Language and runtime: C# closed class hierarchies in .NET 11 preview

Building on last week's .NET 11 Preview 5 coverage, Andrew Lock continued his .NET 11 preview series with a deep dive into “closed class hierarchies” (preview 5), a C# feature that restricts inheritance to a single assembly. That constraint enables better exhaustiveness checking in switch expressions because the compiler can reason about all possible derived types without assuming that unknown subclasses might exist elsewhere.

The post covers how to enable the preview feature, how it is represented via compiler attributes, and what limitations still apply. For library authors, this is an additional design tool between “open inheritance” and “fully sealed”: you can allow extension inside your own assembly while keeping external consumers from subclassing, which can make refactoring and pattern matching safer over time.

Storage SDKs: Azure Blob Storage client-side integrity checks reach GA

Azure Blob Storage added GA support for client-side, end-to-end data integrity using CRC64-NVME checksums integrated into the latest Azure Storage Blob SDKs. The important nuance is “client-side” and “end-to-end”: the SDK can compute checksums and verify them transactionally so you can detect corruption or transmission issues without building your own checksum layer around uploads and downloads.

The announcement covers how transactional checksum verification works, performance considerations, minimum SDK versions, and how to migrate from MD5-based approaches. If you have .NET services moving large blobs (media, backups, ML datasets), this is a good prompt to check your SDK versions and decide whether to turn on checksum validation for critical paths, especially where you already pay the cost of retries and want more certainty about payload integrity.

ASP.NET Core routing: inherited controllers and ambiguous attribute routes

Rick Strahl documented a sharp edge in ASP.NET Core MVC: inheriting controllers that use attribute routing can lead to duplicate route registration and ambiguous matches that surface as 500 errors. The issue often shows up when you compose applications with AddApplicationPart or share a concrete base controller across multiple derived controllers, because MVC discovers and registers routes for both the base type and the derived types.

Two practical fixes are highlighted. The simplest is to make base controllers abstract so they are opt-in for routing and do not get registered as actionable endpoints, while a more advanced option suppresses base-controller action descriptors via an IActionDescriptorProvider when concrete inheritance is required. If you have a controller inheritance pattern for shared endpoints (or are building a modular app), this is worth testing in an integration environment because the failure mode is runtime-only and can be confusing to diagnose from logs.

Packaging and developer tooling automation on Windows

WinApp CLI got a detailed walkthrough for giving unpackaged .NET desktop apps Windows package identity and producing signed MSIX packages. The flow includes dotnet run integration, winapp pack for packaging, and a VS Code extension that supports an F5 run/debug loop via launch.json and build tasks, which is useful if your team is standardizing on VS Code but still needs Windows App SDK-style packaging and identity features.

On the automation side, Mads Kristensen shared a repeatable GitHub Actions workflow for building Visual Studio extensions, stamping VSIX versions, and publishing artifacts to both a VSIX Gallery and the Visual Studio Marketplace. If you ship internal extensions (or maintain public ones), this is the kind of pipeline hardening that reduces “it works on my machine” release issues and makes versioning and publishing steps auditable.

Other .NET News

Building on last week's VS Code + Copilot “agent mode” and configuration improvements, Microsoft published a Visual Studio Code walkthrough that sets up an agentic workflow directly in the editor, including installation, signing in to Microsoft Foundry, and a quick UI tour. If you are evaluating agent tooling for your team, the practical takeaway is where the “agent mode” lives in VS Code and what the onboarding steps look like for developers.

The Cozy AI Kitchen series wrapped with a reflective finale that revisits core concepts like Semantic Kernel, embeddings, tokens, and agents using creative metaphors. It is less about shipping code this week and more about giving teams shared language for discussing agent architectures and trade-offs.