Summary
The dogfood .NET risk audits found several sync-over-async and cancellation-token-none paths. Some are likely compatibility wrappers, but they should be documented, narrowed, or converted where practical.
Evidence
Observed categories include:
cancellation-token-none on public/sync database convenience overloads such as DbWriter.BeginTransaction() and related write helpers.sync-over-async in paths such as McpServer.ProcessFrame, LspServer.Run, GitHelper.RunProcessCapturingResult, SymbolExtractionWorker.Invoke / WaitForTask, post-extraction hook callback worker, console UI, issue duplicate preflight, and suggestion-store boundaries.
Additional dogfood distribution:
dotnet-risk-patterns/cancellation-token-none found 32 hits in 17 production files.- Top files:
McpServer (5), DbWriter (4), DiffCommandRunner (3), ExportImportCommandRunner (3), HttpMcpTransport (3), DbContext (2), LspServer (2).
- Other files include
DbCommandRunner, GitHelper, IndexCommandRunner.FullScan, IndexCommandRunner.UpdateTargets, IssueDuplicatePreflight, QueryCommandRunner, SuggestionStore, DbReader, BackgroundTaskObserver, and AuditLogSink.
dotnet-risk-patterns/sync-over-async found 17 hits in 9 production files. Top files include ProgramRunner, McpServer, hook callback worker, symbol extraction worker, and LspServer.
Why it matters
For CLI tools these patterns may be acceptable in narrow places, but server/worker/database paths can become long-running. Non-cancellable or sync-blocked paths increase the chance of hangs, shutdown delays, starvation, or hidden timeout behavior.
Acceptance criteria
- Classify each production hit as intentional compatibility API, process/CLI boundary, test-only helper, or fix-needed path.
- Convert fix-needed paths to async/cancellable flow.
- Add comments or docs for intentionally retained sync wrappers.
- Add tests where behavior changes, especially cancellation and shutdown behavior.
Summary
The dogfood
.NETrisk audits found several sync-over-async and cancellation-token-none paths. Some are likely compatibility wrappers, but they should be documented, narrowed, or converted where practical.Evidence
Observed categories include:
cancellation-token-noneon public/sync database convenience overloads such asDbWriter.BeginTransaction()and related write helpers.sync-over-asyncin paths such asMcpServer.ProcessFrame,LspServer.Run,GitHelper.RunProcessCapturingResult,SymbolExtractionWorker.Invoke/WaitForTask, post-extraction hook callback worker, console UI, issue duplicate preflight, and suggestion-store boundaries.Additional dogfood distribution:
dotnet-risk-patterns/cancellation-token-nonefound 32 hits in 17 production files.McpServer(5),DbWriter(4),DiffCommandRunner(3),ExportImportCommandRunner(3),HttpMcpTransport(3),DbContext(2),LspServer(2).DbCommandRunner,GitHelper,IndexCommandRunner.FullScan,IndexCommandRunner.UpdateTargets,IssueDuplicatePreflight,QueryCommandRunner,SuggestionStore,DbReader,BackgroundTaskObserver, andAuditLogSink.dotnet-risk-patterns/sync-over-asyncfound 17 hits in 9 production files. Top files includeProgramRunner,McpServer, hook callback worker, symbol extraction worker, andLspServer.Why it matters
For CLI tools these patterns may be acceptable in narrow places, but server/worker/database paths can become long-running. Non-cancellable or sync-blocked paths increase the chance of hangs, shutdown delays, starvation, or hidden timeout behavior.
Acceptance criteria