* chore: bump electron@42.4.0
* chore: apply temp dir workaround for short paths
* chore: use 24.15.x for CI node
* chore: update nodejs build
* chore: bump electron@42.5.0
* fix: unblock playwright install on node 24.17
Node 24.16+ made Readable pause()/resume() a no-op on destroyed streams
which makes yauzl 2.x / extract-zip 2.x and older playwright extraction
hang forever.
- extensions/copilot: add "yauzl": "^3.3.1" override (was missed by #318682)
so electron and @vscode/vsce no longer resolve the broken yauzl 2.10, fixing the
hung `npm ci` in the Copilot and Extract chat-lib pipelines.
- extensions/copilot: bump electron ^39.8.5 -> ^42.5.0 so its install
script uses the native @electron-internal/extract-zip instead of extract-zip.
- bump @playwright/test ^1.56.1 -> ^1.61.1 so `playwright install`
uses the fixed extractor, unblocking the "Download Electron and
Playwright" step in all electron test pipelines.
* chore: update build
* agentHost: fix macOS sandbox smoke sentinel parsing
On macOS CI, the AgentHost sandbox smoke test resolves the shell to
/bin/sh, which uses the sentinel-based completion path. In that path, the
parser could consume the echoed sentinel command text
(`<<<COPILOT_SENTINEL_..._EXIT_$?>>>`) before the real numeric marker
arrived, causing a false `Exit code: -1` failure even though the command
later completed successfully.
Harden the sentinel parser to ignore echoed/non-numeric sentinel text
and use the latest complete numeric marker instead. Also force the
macOS AgentHost sandbox smoke test to use /bin/sh and assert that in the
suite log so local runs exercise the same path as CI.
Adds a regression test for echoed sentinel command text.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* chore: update screenshot baseline after playwright bump
* chore: bump distro
* chore: fix typecheck
* chore: bump distro
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Bump Copilot CLI packages to @github/copilot@1.0.64-1 and @github/copilot-sdk@1.0.3
* Resolve Agent Host Copilot CLI through @github/copilot/bin.copilot
* Materialize @github/copilot/sdk from @github/copilot-<platform> in extension postinstall
* Package @github/copilot-<platform>/copilot for Agent Host and linuxmusl
* Exclude Copilot optional native payloads from extension package
* Scan @github/copilot-*/copilot for Linux package dependencies
* Tighten Copilot SDK 1.0.64-1 attachment and RPC typings
* Increase Copilot SDK native binary scan test timeout
* Update amd64 deb deps for @github/copilot-linux-x64/copilot
* Update arm64 rpm deps for Copilot package layout
* Update x64 rpm deps for @github/copilot-linux-x64/copilot
* Try to fix windows smoke test
* Try to fix platform runtime files for agent host
* exclude copilot computer.node from agent host packaging
* Another attempt to try to get packaging right
* Should only try to load 1.0.64-1
* Try to fix packaing for windows, macos, deb deps
* Update armhf/arm64 deb and x64 rpm Copilot dependency baselines
* Copilot darwin ripgrep universal merge and arm64 rpm deps
* Restore target Copilot SDK prebuilds for built-in extension packaging
* see if changes to gulpfile.reh.ts would help
* dont mess with formatting
* Launch copilot cli from platform index.js and exclude SEA
* Avoid CPU-pegging process report in libc detection
detectLibc() called process.report.getReport() on every Linux process to
tell glibc from musl. That report serializes heap, native stack and libuv
state, and the network/socket enumeration can peg the CPU on busy hosts.
Detect cheapest-first instead: parse the ELF PT_INTERP dynamic-linker path
from the head of /proc/self/exe, then string-match the head of /usr/bin/ldd,
and only fall back to the process report (now with excludeNetwork = true to
skip the expensive libuv section, also inspecting sharedObjects). Default to
glibc when nothing is conclusive.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Read ELF64 offsets as 64-bit with safe-integer guards
Address PR review: e_phoff, p_offset and p_filesz are 64-bit fields in
ELF64. Read them via readBigUInt64LE through a bounded helper that rejects
values past Number.MAX_SAFE_INTEGER, validate e_phentsize covers a full
Elf64_Phdr, and widen the per-entry bounds check to the 8-byte p_filesz.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Use detect-libc package instead of hand-rolled libc detection
Replace the bespoke ELF/ldd/process-report probing in detectLibc() with the
detect-libc package (already present transitively, now a direct dependency).
It performs the same cheapest-first detection and sets process.report's
excludeNetwork flag internally, so the CPU-pegging libuv enumeration is still
avoided without us maintaining the ELF parser. Add detect-libc to the
hasNode import allowlist in eslint.config.js.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Declare detect-libc in remote/package.json
detectLibc() (via agentSdkDownloader) is reached from agentHostServerMain,
so the server/REH build requires detect-libc. It was only present in the
remote node_modules transitively (through @parcel/watcher); declare it
directly to match the root manifest and the direct import.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Rename detectLibc to detectLibcSync
Signal the blocking nature in the name and leave room for a future
promise-based detectLibc that wraps detect-libc's async family(). Update
the agentSdkDownloader consumer and the unit test.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* chore: update @github/copilot to version 1.0.63 in package.json and package-lock.json
* chore: update @github/copilot to version 1.0.63 in package.json and package-lock.json
* chore: update @github/copilot and @github/copilot-sdk to version 1.0.61 and 1.0.1 respectively
- Bump @github/copilot from 1.0.60 to 1.0.61 in package.json and package-lock.json
- Update @github/copilot-sdk from 1.0.0 to 1.0.1 in package.json and package-lock.json
- Modify postinstall script to copy tgrep files instead of sharp files
- Update tests to include tgrep binaries
- Change model in e2e tests from 'claude-opus-4.7' to 'gpt-5-mini'
* fix: add libm.so.6(GLIBC_2.27)(64bit) to referenceGeneratedDepsByArch
* Add tar to REH dependencies and eslint allowlist
The agent SDK downloader uses node-tar to extract the per-platform
SDK tarballs it downloads from product.json — pure JS, zero native
deps, so the agent host works on every server install footprint
without relying on a system tar binary.
* Distribute Claude and Codex agent SDKs via product.json
Adds IAgentSdkDownloader, which fetches the per-platform Claude
and Codex SDKs from a CDN configured through product.agentSdks
(populated by vscode-distro), verifies the sha256 anchored in
product.json, and caches the extracted root under userDataPath.
Providers register iff the SDK is available — either a dev override
env var or a product.agentSdks entry whose sha256 declares the
current platform. Falls through to today's no-op behavior in OSS
builds with neither.
Tracks microsoft/vscode-internalbacklog#7885.
* Fix lockfiles after merge resolve
The previous merge took upstream's @anthropic-ai/sdk@0.82.0 in
package.json but left the lock file's nested resolution tree
pointing at 0.102.0, so npm ci rejected the workspace. Re-resolve
via npm install. Also adds the remote/package-lock.json entry for
tar that was missed in the first commit.
* Address PR review feedback
- nodeAgentHostStarter: pass process.env (not the local shell-env
snapshot) to buildAgentSdkEnv so a developer's env-var dev override
actually wins over a settings value. Matches electronAgentHostStarter.
- agentSdkDownloader: write the .complete sentinel inside tmpDir BEFORE
the move so cache publish is atomic. A crash between move and
sentinel-write previously left a wedged cacheDir that subsequent runs
could not recover from (rename-loser path requires a valid sentinel).
- agentHostBootstrap: register RequestService with the DisposableStore
so its config-change listener is cleaned up at shutdown.
- agentSdkDownloader.test: build the fixture tarball via node-tar
(already a dep) instead of spawning the host tar binary; drops the
bsdtar/gnutar portability surface.
- agentHostMain: comment referenced the renamed VSCODE_AGENT_HOST_*_PATH
env var; corrected to VSCODE_AGENT_HOST_*_SDK_ROOT.
* Drop test-stub fields not present in @anthropic-ai/sdk 0.82
The earlier merge took upstream's @anthropic-ai/sdk@0.82.0 over the
stash's 0.102.0; some test stubs had been authored on a branch using
0.102.0 and reference fields that don't exist in 0.82
(output_tokens_details, estimated_tokens, diagnostics on BetaMessage).
Strip the optional fields — they're shape-only filler in the test
fixtures and aren't asserted on.
* chore: update @github/copilot to version 1.0.60 in package.json and package-lock.json
* chore: update @github/copilot to version 1.0.60 in package.json and package-lock.json
* test: update feature flag service creation in Copilot CLI tests
* Bump @github/copilot-sdk to 1.0.0-beta.8 (Written by Copilot)
Also bumps @github/copilot CLI to 1.0.55-3 to satisfy the SDK's
`^1.0.55-1` peer requirement.
Key SDK breaking changes adapted in `src/vs/platform/agentHost/`:
- `CopilotClientOptions`: `useStdio`/`cliPath`/`autoStart` →
`connection: RuntimeConnection.forStdio({ path })`; `remote` →
`enableRemoteSessions`.
- `SessionContext.cwd` → `workingDirectory`.
- `CopilotSession.getMessages()` → `getEvents()`,
`destroy()` → `disconnect()`.
- `PermissionRequest` is now a discriminated union; the host-side
`ITypedPermissionRequest` is no longer `extends PermissionRequest` but
a standalone bag-of-optionals interface so existing call sites continue
to work. Extended host signal with the new `extension-management` /
`extension-permission-access` kinds.
- `BaseHookInput`: `timestamp: number` → `Date`, `cwd` →
`workingDirectory`, new required `sessionId`.
- `Tool.handler` is now optional — tests use `tool.handler!(...)`.
- `ToolBinaryResult.type` narrowed to literal `'image' | 'resource'`.
- `AssistantUsageData.copilotUsage` and `ShutdownData.totalPremiumRequests`
removed; corresponding accumulation/trace code dropped.
Validation: 0 TS errors, layers check passes, all 1357 agent-host unit
tests pass. Real-SDK integration tests: 9/11 passing. Two failures
documented in the session plan:
- plan-mode session-state test times out (likely needs migration of the
`_enablePlanModeOnClient` shim to the new public
`SessionConfig.onExitPlanModeRequest`).
- subagent-routing test: `read_agent` now appears on the parent session
(likely a CLI 1.0.55 behavior change).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix broken @github/copilot-win32-x64 entry in remote/package-lock.json
The committed remote/package-lock.json had a malformed stub entry:
"node_modules/@github/copilot/node_modules/@github/copilot-win32-x64": {
"optional": true
}
with no version field, which caused npm install to crash with:
TypeError: Invalid Version:
at Node.canDedupe (.../@npmcli/arborist/lib/node.js:1137:32)
at PlaceDep.pruneDedupable (.../@npmcli/arborist/lib/place-dep.js:426:14)
Replaced with a proper top-level node_modules entry for
@github/copilot-win32-x64@1.0.55-3 (matches the resolution used for
the other platform optionals on the @github/copilot dep). This is what
npm naturally produces when regenerating the lockfile from scratch.
Fixes the failing 'Install dependencies' step on the macOS / Remote
CI job.
(Written by Copilot)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Bump deb amd64 libc6 floor to 2.15 for new @github/copilot runtime.node
The new @github/copilot 1.0.55-3 ships a Linux x64 runtime.node that
references GLIBC_2.15 (was GLIBC_2.14 in 1.0.49). dpkg-shlibdeps now
emits libc6 (>= 2.15) for amd64; update the reference list so the deb
prepare task no longer fails the build.
Only amd64 is affected: arm64 runtime.node GLIBC version set is
unchanged, and @github/copilot does not ship an armhf binary. The
overall libc6 floor for the package is still 2.28, so distro support
is unchanged.
(Written by Copilot)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* CAPI package update
* Missindg updates
* Missing lock
* Render cloud task history from typed events
- Extract shared session-event-to-chat-parts renderer into
chatSessions/common/sessionEventRenderer.ts so both the Copilot CLI
and Cloud Tasks providers produce identical tool/text formatting.
- Render Task API history via the shared renderer, remapping
custom_agent.* to the equivalent subagent.* names so tool cards,
bash terminal output, edits, search results, MCP results and
subagent groups all render the same way they do in the CLI.
- Match github.com/github/github-ui presentation by suppressing
intermediate assistant.message events that echo tool input/output
and only rendering the final summary message per turn.
* Address review: break circular dep & restore flush timing
- Inject CLI tool-event handlers (processStart/processComplete/
enrichSubagent/isEditToolCall/getEditedUris) into the shared
renderer via a ToolEventHandlers<T> bundle, so common/sessionEventRenderer
no longer imports from copilotcli/. Layering now only flows one way.
- Flush buffered assistant.message_delta chunks at the top of the
CLI loop for non-message events so the session.model_change /
assistant.usage guards see streamed text exactly the way the
pre-extraction code did.
* Missing lock changes
* Revert unintended copilot package manifest edits
* Revert unintended root package manifest edits
* remote package revert
* lock
---------
Co-authored-by: Dmitriy Vasyura <dmitriv@microsoft.com>
* Update @vscode/codicons to version 0.0.46-13 in package.json and package-lock.json
* Add 'developer-tools' icon to codicons library
---------
Co-authored-by: mrleemurray <mrleemurray@users.noreply.github.com>
* Bump Agent host Copilot CLI to 1.0.48
* Copilot Cli to 1.0.48 sdk to 1.0.0-beta.4
* Exclude pvrecorder, foundry-local-sdk, mxc-bin
* Parity for copilot/sharp
* Add back missing binary
* Update dependencies for public copilot cli sdk
* remove icu-native.node for now
* Remove win32-native.node, icu-native.node
* Bump both internal and public to 1.0.49
* Only copy required Copilot SDK prebuilds
* Fix Copilot SDK native binary handling
* draft version
* draft version
* adding mxc for windows sandboxing
* Potential fix for pull request finding
Merging readwritePaths
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* cleaning up PR
* cleaning up
* Run Windows MXC commands directly
* Pin MXC SDK lockfiles
* fixing tests and cleaning up env variables
* adding a flag for windows sandboxing as its experimental
* adding a flag for windows sandboxing as its experimental
* adding a flag for windows sandboxing as its experimental
---------
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* feat(copilot): opt-in HTTP cache for the Node fetch fetcher
Adds an opportunistic cache support to the Copilot Node fetch path. The cache
is strictly opt-in per request and composes with the existing VSCode proxy
and CA-injection patch.
- `__vscodeCreateFetchPatch({ interceptors })` lets the extension host
build a second proxy-aware `fetch` with extra undici interceptors. The
default `__vscodePatchedFetch` is unchanged.
- `NodeFetchFetcher` builds an undici cache interceptor once at
construction time and uses the factory to produce a `cachedFetch` that
routes through both the proxy patch and the cache. Requests are tagged
with an internal `__copilotCachePatch` marker (stripped before fetch);
unmarked requests keep going through the regular patched fetch. When
the host lacks the factory, caching is silently disabled so requests
never bypass the proxy patch.
- `FetchOptions.cache?: boolean` — opportunistic hint. Fetchers without
cache support ignore it; fallback to other fetchers is unaffected.
- `Response.cacheStatus` and `FetchTelemetryEvent.cacheStatus`:
`'hit' | 'stale-hit' | 'revalidated' | 'miss' | 'bypass'`.
- New setting `github.copilot.advanced.debug.nodeFetchCache`:
`'off' | 'memory' | 'persistent'` (default `'memory'`). `'persistent'`
uses undici's SQLite store under the extension's global storage
(`undici-cache.v1.sqlite`) when available, otherwise falls back to
memory.
- New `taggedCacheInterceptor` wraps `undici.interceptors.cache` and
stamps a private `VSCODE_CACHE_STATUS_HEADER` on the response so the
base fetcher can read the outcome without parsing undici internals.
- `BaseFetchFetcher` exposes an overridable `_buildRequestInit` hook and
reports `cacheStatus` on `Response` and `fetchTelemetry`.
Notes
- No behavior change for callers that don't set `cache: true`.
- The cache interceptor is constructed once per fetcher instance; the
composed dispatcher chain is reused so connection pooling is preserved.
- Depends on https://github.com/microsoft/vscode-proxy-agent/pull/100
For https://github.com/microsoft/vscode/issues/308310
* fix: undici integration tests
- drop the `age` header gate from classify(): undici's cache interceptor
only adds if-modified-since / if-none-match when revalidating a stored
entry, so `state.conditional` alone is a sufficient signal. The age header
is not guaranteed on a revalidated 200, which caused 'revalidated' to be
misreported as 'miss'.
- the etag integration test used
`cache-control: max-age=0, must-revalidate`, which undici treats as
already-stale on arrival and refuses to store (cache-handler.js bails when
`now >= absoluteStaleAt`), so there was nothing to revalidate on the second
call. Switch the origin to `public, max-age=60` and pass
`cache-control: no-cache` on the second request to drive undici's
needsRevalidation() path, which dispatches with if-none-match and serves
the cached body on 304.
* chore: fix lint
* chore: cleanup cache marker in favor of function arg
chore: update @vscode/codicons to version 0.0.46-11 in package.json and package-lock.json
Co-authored-by: mrleemurray <mrleemurray@users.noreply.github.com>
Replace @vscode/ripgrep with @vscode/ripgrep-universal which bundles all platform binaries in a single package. Non-target platform binaries are stripped at packaging time via getRipgrepExcludeFilter.
- Add shared rgDiskPath() helper in src/vs/base/node/ripgrep.ts
- Convert all ripgrep consumers to use the async helper
- Add getRipgrepExcludeFilter for build packaging
- Update prepareBuiltInCopilotRipgrepShim for new bin layout
- Update eslint allowed-modules and require-interceptor aliases
- Fix platform mapping for Alpine + armhf
- Handle arch-specific binaries in macOS universal build / verify-macho
chore: update @vscode/codicons version to 0.0.46-10 in package.json and package-lock.json
Co-authored-by: mrleemurray <mrleemurray@users.noreply.github.com>
* agentHost/claude: post-Phase-4 cleanup
- roadmap.md: mark Phase 4 as DONE, link merged PR #313780.
- phase4-plan.md: record live-system smoke completion in §7.8;
disabled-gate run skipped (covered by unit tests + env-var guard).
- claudeAgent.test.ts: drop gratuitous 'as unknown as' cast in the
CCAModel fixture (literal already matches CCAModelBilling exactly;
plan §7.4 forbids unsafe casts in tests).
* agentHost/claude: lock Phase 5 implementation plan
Handoff plan for Phase 5 (replace 7 throwing stubs in claudeAgent.ts).
Locked against post-PR-#313841 reality (provisional sessions,
onDidMaterializeSession, 30s empty-session GC) and the IAgent contract
on origin/main.
Decisions captured:
- Non-fork createSession is synchronous and in-memory; fork deferred
to Phase 6 (throws TODO).
- IClaudeAgentSdkService surface mirrors IAgent (no dir parameter on
listSessions); SDK loader caches resolved module, retries on
failure, logs once.
- listSessions joins SDK enumeration with workbench session DB
metadata via ISessionDataService; per-entry try/catch resilience.
- shutdown() routes per-session teardown through the same
SequencerByKey<string> used by disposeSession() so concurrent
shutdown/disposeSession cannot double-dispose a wrapper in Phase 6.
- 14 unit tests defined (12 lifecycle + 2 resolved-config), including
log-once contract and shutdown/disposeSession race guard.
* agentHost/claude: Phase 5 — IAgent provider skeleton
Lands the ClaudeAgent IAgent provider behind the
'chat.agentHost.claudeAgent.enabled' setting (env gate
VSCODE_AGENT_HOST_ENABLE_CLAUDE=1). Pins
@anthropic-ai/claude-agent-sdk@0.2.112 in workspace + remote/.
Implemented in this phase:
* createSession - non-fork, in-memory wrapper only. Honors
config.session for restore. The fork path and SDK session
creation are deferred to Phase 6.
* listSessions - SDK is source of truth; per-session DB read
is a best-effort overlay (failure never excludes an entry).
* disposeSession / shutdown - routed through a per-session
SequencerByKey to serialize teardown.
* getDescriptor, getProtectedResources, models,
onDidSessionProgress, setClientCustomizations,
setClientTools, onClientToolCallComplete,
setCustomizationEnabled, authenticate, respondTo*Request -
minimal Phase-5 wiring.
Stubbed for Phase 6 (throw async 'TODO: Phase 6'):
sendMessage, abortSession, changeModel, getSessionMessages,
plus the createSession fork path.
Tests: 29 unit tests in claudeAgent.test.ts cover the
createSession restore-id path, listSessions overlay resilience,
dispose serialization, and stub surfaces.
Note: provisional / onDidMaterializeSession is intentionally
omitted in Phase 5 (see plan section 3.3.1) - the workbench needs
an immediate sessionAdded until the agent has real materialization
work, which arrives in Phase 6 alongside SDK query() startup.
* agentHost/claude: Phase 6 — sendMessage, single-turn, no tools
Implements the Phase 6 plan: provisional sessions materialize on first sendMessage, route a single-turn prompt through the Anthropic Claude Agent SDK's WarmQuery, and stream SDKMessages back as protocol AgentSignals via a pure mapSDKMessageToAgentSignals reducer.
Tools remain denied (canUseTool: 'deny'); fork moves to Phase 6.5; Plan Mode UI moves to Phase 7.
Highlights:
- ClaudeAgent.sendMessage routes through _sessionSequencer to collapse concurrent first sends into one materialize + N ordered sends.
- _materializeProvisional has two abort gates (post-startup + post-customizationDirectory write) so disposeSession landing mid-materialize cannot leak a WarmQuery subprocess.
- ClaudeAgentSession owns the prompt iterator + per-turn deferreds; mapSDKMessageToAgentSignals is a pure reducer with state owned by the session.
- IClaudeAgentSdkService gains startup() alongside listSessions().
Tests: 43 unit + 2 proxy-backed integration. Council-review fixes (C1 dispose race, C2 missing integration test, S1 cwd-less ratification) included.
* agentHost/claude: address PR review (listSessions resilience, dispose abort)
Two Copilot-reviewer comments on #314216:
1. listSessions: wrap _sdkService.listSessions() in try/catch. AgentService.listSessions fans out across providers via Promise.all; an SDK dynamic-import failure would otherwise nuke every other provider's session list. Now logs and returns [].
2. dispose: abort _provisionalSessions AbortControllers before super.dispose(). Previously a racing first sendMessage parked inside _writeCustomizationDirectory could pass the materialize abort gates and call _sessions.set on a disposed DisposableMap, orphaning the WarmQuery. Aborting first triggers the existing post-customization-write abort gate, which asyncDisposes the WarmQuery.
Tests: 2 new regressions (listSessions empty on SDK throw; agent.dispose() during racing materialize disposes the WarmQuery). 45/45 unit + 2/2 integration pass.
Picks up xterm.js commit 08ae141 (xtermjs/xterm.js#5826) which adds dispose / hasRenderer guards in OverviewRulerRenderer and cancels its pending requestAnimationFrame on dispose. This addresses the long-standing 'Cannot read properties of undefined (reading ''dimensions'')' crash tracked in microsoft/vscode#303546.
Robo
dileepyavan
Anthony Kim
Lee Murray
Tyler James Leonhardt
Don Jayamanne
Raymond Zhao
Megan Rogge
Rob Lourens
Osvaldo Ortega
Logan Ramos
Henning Dieterichs
Alexandru Dima
Bryan Chen
Peng Lyu
Bryan Chen