This makes my mermaid markdown extension builtin. As part of this I've renamed `chat-mermaid-features` to the more generic `markdown-mermaid-features` since this once extension now contributes a consistent mermaid UX for chat, notebooks, and previews
Fixes#293028
- Move copilotChatSessions, remoteAgentHost, and agentHost providers from
contrib/ into a new contrib/providers/ subfolder for clearer separation
- Add ESLint layer rule 'contrib/providers/*/~' (before 'contrib/*/~') so
sibling contrib folders cannot import directly from providers
- Update all entry points (sessions.common.main.ts, sessions.desktop.main.ts,
sessions.web.main.ts) to reference new provider paths
- Port all upstream changes from origin/main to the new provider locations
- Add contrib/providers entry to build/lib/i18n.resources.json
- Rewrite docs: README.md, LAYOUT.md, LAYERS.md, SESSIONS.md, SKILL.md,
sessions.instructions.md; add source-code-organization, coding-guidelines,
and writing-tests instruction files; remove stale SESSIONS_PROVIDER.md and
AGENTS_CHAT_WIDGET.md
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* agentHost: enable @ file completions in new and existing sessions
* review and cleanup IAgentAttachment
* fix
* adopt latest changes and plumb through meta
* test
* fix build
* try
* refactor: remove sub application support
* chore: remove OS entries
* chore: update additional shortcut location on windows
* chore: show one time deprecation banner
* remove other indirect instances of embedded app
---------
Co-authored-by: Sandeep Somavarapu <sasomava@microsoft.com>
* Improve sessions list rendering on phone layout
- Phone-aware row height (76px) in SessionsTreeDelegate, refreshed on IsPhoneLayoutContext changes.
- Larger title/details fonts and roomier padding under .phone-layout.
- Card-style row margin/border-radius and centered icon alignment.
- Per-row toolbar always visible on touch; pulled out of the title-row flow with absolute positioning so 44px tap targets do not shift the details row.
- Stop pointer/click propagation at the toolbar container so action taps do not trigger the row open handler.
* Address PR review
- Stop Monaco Gesture tap from reaching the list when the user taps
an inline action on touch (DOM stopPropagation only covers mouse).
- Drop unsafe vertical margin on the absolutely positioned list row;
any inter-row spacing lives inside the row via padding/border.
- Refresh stale doc comments (row geometry, iteration cost, no-op
'2-line wrap' description).
* agents mobile: redesign changes/diff overlays with master-detail nav and syntax highlighting
- Add MobileChangesView: full-screen overlay listing all changed files with
codicon file-type icons, A/M/D pills, colored +N/-N counters and reactive
live updates via autorun over sessionsManagementService.activeSession.changes
- Rewrite MobileDiffView: prev/next navigation between sibling files (chevrons
+ horizontal swipe gesture), Monaco tokenization with regex fallback (4
token kinds: comment/string/keyword/number), 3px colored left-edge bar on
added/removed lines, sticky hunk headers, horizontal scroll fix
- Wire title-bar Changes pill to MOBILE_OPEN_CHANGES_VIEW_COMMAND_ID; single-
file sessions skip the list and open the diff directly (fewer taps)
- Add mobileDiffColors.ts: mobile-specific registerColor registrations for
agentsMobileDiff.{added,modified,deleted}Foreground; imported as side-effect
from mobileChangesView.ts so colors are available before any view renders
- Fix disposable leak: per-row gesture/click listeners use a rowsStore that
clears on every renderList call instead of accumulating in viewStore
- Fix merged-hunk rendering: track sub-change list per group, emit context
rows between adjacent sub-changes so unchanged lines aren't misclassified
- Update vscode-known-variables.json with new --vscode-agentsMobileDiff-*
theme tokens and --mobile-diff-{tok,added,modified,deleted} CSS vars
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* agents mobile: address Copilot reviewer feedback on PR #314433
- Fix deletion bug in single-file shortcut: reuse toRow/rowToDiffData
(now exported) from mobileChangesView.ts so modifiedURI stays undefined
for IChatSessionFileChange2 deletions instead of incorrectly falling back
to the v2 uri field
- Localize Action2 titles in mobileOverlayContribution.ts via localize2()
- Correct MOBILE.md: MobileChangesView uses codicons not ResourceLabels;
MobileDiffView uses async tokenizeToString + injected colorMap <style>,
with regex fallback emitting CSS-class spans (not inline style spans)
- Rewrite regex tokenizer comment to accurately describe the class-based
approach and per-theme CSS variable layering in mobileOverlayViews.css
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* themes: fix match highlight contrast in focused quick pick rows
Add list.focusHighlightForeground: #FFFFFF to the 2026 Dark and 2026
Light themes so search match highlights remain legible against the
saturated blue focused row background introduced in #313740.
The original list.highlightForeground (blue) is preserved for unfocused
rows, retaining the prior accessibility fix.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Use quick-pick-specific token for focused match highlights
Address review: instead of overriding the global `list.focusHighlightForeground`
(which would impact all lists/trees in the workbench, including those with
light tinted focus backgrounds in 2026 Light), introduce a new
`quickInputList.focusHighlightForeground` color token scoped to the
quick pick. Update quickInput.css to use the new token and set it to
white in the 2026 Dark and 2026 Light themes.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This prevents this annoying warning from getting printed all the time
```
[watch-copilot ] [watch:esbuild ] (node:12319) [MODULE_TYPELESS_PACKAGE_JSON] Warning: Module type of file:///Users/matb/projects/vscode/extensions/copilot/.esbuild.ts is not specified and it doesn't parse as CommonJS.
[watch-copilot ] [watch:esbuild ] Reparsing as ES module because module syntax was detected. This incurs a performance overhead.
[watch-copilot ] [watch:esbuild ] To eliminate this warning, add "type": "module" to /Users/matb/projects/vscode/extensions/copilot/package.json.
[watch-copilot ] [watch:esbuild ] (Use `node --trace-warnings ...` to show where the warning was created)
```
Co-authored-by: Copilot <copilot@github.com>
* Implement account policy gate for AI features
- Introduced AccountPolicyGateContribution to manage account policy state and notifications.
- Added support for "Require Approved Account" policy, restricting AI features based on account approval.
- Enhanced AccountPolicyService to handle gate state and reasons for unsatisfaction.
- Updated configuration for chat features to include policy definitions.
- Added tests to validate gate behavior under various account scenarios.
* Refactor account policy gate logic to focus on approved organizations and update related descriptions
* Add Account Policy Gate service and integrate with existing policy services
* Add account policy gate information to PolicyDiagnosticsAction
* Fix CI: layer violation, ESLint, i18n entry, policyData export
- Move ChatAccountPolicyGateActiveContext to services/policies/common to
avoid services-layer import from contrib (chatContextKeys re-exports).
- Replace 'in' operator in test helper with explicit undefined check.
- Add vs/workbench/services/policies entry to i18n.resources.json.
- Append ChatDisableAIFeatures and ChatApprovedAccountOrganizations to
build/lib/policies/policyData.jsonc.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add account policy settings for approved organizations and AI feature control
* Switch ChatApprovedAccountOrganizations to type:'array'
Use the platform's array-typed policy contract instead of a custom
comma-separated string format. Mirrors PolicyConfiguration's existing
normalisation: PolicyValue is always string|number|boolean, so array
policies arrive at the policy service as JSON-stringified arrays.
- chat.contribution.ts: type:'string' -> type:'array', items:string
- accountPolicyService: simpler parser (JSON.parse + Array.isArray)
- tests: pass arrays via JSON.stringify in setupGate helper
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Don't restrict policies during policyNotResolved boot window
When the user IS signed into an approved org but account-side policy
data hasn't loaded yet (policyNotResolved), skip applying restricted
values. Policies with `value` callbacks naturally return undefined
when policyData is null, so no account-level overrides slip through.
This eliminates:
- Transient 'Unable to write chat.disableAIFeatures' error on boot
- Flash of the gate notification that auto-dismisses seconds later
- Brief UI hide/show cycle as ChatDisableAIFeatures toggles
For stable restricted reasons (noAccount, wrongProvider, orgNotApproved)
restrictions still apply immediately.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add Contact Administrator and Learn More links to gate notification
Replace the 'Don't Show Again' button with:
- 'Contact Your informational guidanceAdministrator'
- 'Learn opens enterprise docs overview pageMore'
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Show approved organizations in gate notification
Add approved org list to IAccountPolicyGateInfo so the notification can
display which organizations the admin requires. Shown as a suffix like
'Approved organizations: github, microsoft.' when the list is concrete
(not the wildcard '*').
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Move 'contact your administrator' from button to message text
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix: check org membership before policyData resolution
Move the org-membership check before the policyData null check in
computeGateInfo. This ensures users NOT in an approved org are
restricted immediately (orgNotApproved), even while policy data is
loading. The policyNotResolved reason now only applies to users who
ARE in an approved making it safe to skip restrictions for thatorg
transient state without leaving a security gap.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Directly set chatSetupHidden context key when gate is restricted
entitlement pipeline to
force chat.disableAIFeatures=true (which has timing issues in the
multiplex policy service), directly toggle the chatSetupHidden context
key from the gate contribution. This is the same key that drives
sentiment.hidden across the entire chat UI.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Use IChatEntitlementService.setForceHidden to hide chat when gate restricted
Add setForceHidden(hidden) API to IChatEntitlementService so the gate
contribution can cleanly force the hidden state without fighting with
the entitlement context's own update cycle. The gate contribution calls
setForceHidden(true) when restricted and setForceHidden(false) when
satisfied/inactive.
Inside ChatEntitlementContext, _forceHidden is checked in
withConfiguration alongside the existing chat.disableAIFeatures
either one forces hidden: true on the state.setting
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix setForceHidden fallback when no ChatEntitlementContext
In Code OSS Dev (and any build without productService.defaultChatAgent),
ChatEntitlementContext is never created, so setForceHidden was a no-op.
Fall back to directly setting the chatSetupHidden context key when
the context is unavailable.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add trace logging to AccountPolicyGateContribution
Logs state, reason, and isRestricted on every gate apply so we can
diagnose why setForceHidden might not be taking effect.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Gate chat view on accountPolicyGateActive context key
The chat view's `when` clause had an OR with panelParticipantRegistered
that bypassed the hidden state once the Copilot extension registered.
Wrap the entire condition with accountPolicyGateActive.negate() so the
chat view is hidden whenever the gate is restricted, regardless of
extension registration state.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Re-show notification on account swap, include account name and org list
- Track dismissal by reason+account combo so swapping to a different
account (while still blocked) triggers a fresh notification.
- Show the current account name in the orgNotApproved message so the
user knows which account is being evaluated.
- Format approved org list as bulleted lines for readability.
- Vary message text by reason (noAccount vs orgNotApproved).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Generalize sessions blocked overlay for account policy gate
The sessions (Agents) app now shows a full-screen blocking overlay when
the account policy gate restricts access, reusing the same pattern as
the existing 'agent disabled' overlay.
- SessionsPolicyBlockedOverlay now accepts ISessionsBlockedOverlayOptions
with a reason enum (AgentDisabled | AccountPolicyGate) and optional
account name / approved organizations
- AccountPolicyGate variant shows 'Sign-In Required' title, approved org
list, contact admin text, and Sign In + Open VS Code buttons
- SessionsPolicyBlockedContribution listens to both ChatConfiguration and
IAccountPolicyGateService, prioritizing agent-disabled over gate
- Added CSS for org list and footer sections
- Updated component fixture with new variants for screenshot testing
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix notification formatting: use inline comma-separated org list
Notifications render as plain inline text, so the bullet-point and
newline formatting was collapsing into a single unreadable line.
Switch to a parenthesized comma-separated list instead.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix sessions overlay: remove workbench notification, handle gate natively
The workbench-layer AccountPolicyGateContribution (which shows a
notification toast) was imported in sessions.common.main.ts, causing
a notification to appear instead of the full-screen blocking overlay.
- Remove accountPolicyGate.contribution.js import from sessions
- SessionsPolicyBlockedContribution now handles context key,
setForceHidden, and telemetry directly (same as the workbench
contribution, but with an overlay instead of a notification)
- Overlay properly recreates on account changes
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Defer notification until account service has settled
On startup, computeGateInfo fires with reason=noAccount before the
default account service has loaded the persisted session. This caused
the notification to show 'Sign in...' even when the user was already
signed in but the account just hadn't loaded yet.
Fix: set context key + setForceHidden immediately (fail-closed), but
defer the notification until the first onDidChangeGateInfo event, which
fires after the account service has had time to resolve. A 5-second
fallback timer ensures the notification still appears if the gate
never transitions.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix gate stuck on noAccount: re-evaluate after account init barrier
DefaultAccountService.setDefaultAccountProvider sets currentDefaultAccount
via provider.refresh() but does NOT fire onDidChangeDefaultAccount for
the initial load. This caused computeGateInfo() to permanently stay on
noAccount even though the user was signed in.
Fix: await getDefaultAccount() (which waits for the init barrier) then
re-evaluate the gate. This ensures the gate transitions from noAccount
to the correct state once the persisted session loads.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add 'Sign into an approved GitHub account' to notification messages
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Regenerate policyData.jsonc to match array type for ChatApprovedAccountOrganizations
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Remove ChatDisableAIFeatures policy registration
This policy was dead enforcement is handled by setForceHiddencode
and the accountPolicyGateActive context key, not the policy pipeline.
Regenerated policyData.jsonc.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address code review: fix duplicate IPC, remove unused import
- Remove duplicate updatePolicyDefinitions call on managed policy service.
AccountPolicyService now uses a read-only reference (managedPolicyReader)
for getPolicyValue/onDidChange only. MultiplexPolicyService handles
pushing definitions to all child services. (Reviews #1 & #4)
- Remove unused Emitter import and void workaround in test file (Review #2)
- Removed the fail-closed try/catch that was guarding the now-removed
updatePolicyDefinitions call (Review # the duplicate call that could3
fail-open is gone entirely)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Remove JSDoc from currentDefaultAccount interface addition
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Revert sessions overlay will revisit approachchanges
Reverts all changes to the sessions (Agents) policyBlocked overlay,
CSS, fixture, and contribution. Re-adds the workbench-layer
accountPolicyGate.contribution import so sessions still gets the
notification + context key + telemetry.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Restore sessions overlay with loading state for transient restrictions
Bring back the generalized sessions overlay with three states:
- AgentDisabled: existing 'Agents Disabled' message (unchanged)
- Loading: just the logo + animated progress bar for transient
states (noAccount before account loads, policyNotResolved)
blocks the UI without showing an incorrect message
- AccountPolicyGate: 'Sign-In Required' with sign-in button,
org list, and contact admin footer for stable restrictions
(orgNotApproved, wrongProvider)
The loading state uses the same progress bar animation as the
welcome/walkthrough overlay. This avoids the flash of 'Agents
Disabled' that appeared during the fail-closed transient window
when the user IS actually in an approved org.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Don't show overlay for noAccount/ let welcome screen handle sign-inwrongProvider
When the user hasn't signed in yet (noAccount) or is signed into the
wrong provider (wrongProvider), the sessions welcome/walkthrough screen
already handles the sign-in flow. Showing our 'Agents Disabled' or
loading overlay on top would block the user from signing in.
Only show the overlay for:
- orgNotApproved: user signed in but wrong org (stable restriction)
- policyNotResolved: loading bar while waiting for policy data
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Remove 'Open VS Code' button from account policy gate overlay
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix: don't show 'Agents Disabled' when gate is forcing restrictedValue
When the account policy gate is active, it forces chat.agent.enabled
to false via restrictedValue. The overlay was checking that config
first and incorrectly showing 'Agents Disabled'. Now we skip the
agent-disabled check when the gate is active, since the value is
being artificially restricted by our own not by an admingate
explicitly disabling agents.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Defer all stable gate-blocked states to welcome screen
When the account policy gate is unsatisfied for any user-actionable reason
(noAccount, wrongProvider, orgNotApproved), don't show the policy-blocked
overlay. Instead, defer to the sessions welcome/walkthrough screen so the
user can sign in or switch accounts via the standard sign-in flow.
The Loading overlay is still shown during the transient PolicyNotResolved
state to prevent flashing the welcome screen while data is in flight.
Removes the now-dead AccountPolicyGate overlay variant and its supporting
code (organizations list, footer styles, fixtures).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Show AccountPolicyGate overlay for orgNotApproved only
When the user is definitively signed into a non-approved org, show the
custom Sign-In Required overlay with org list and switch-account button.
noAccount/wrongProvider still defer to the welcome screen.
PolicyNotResolved still shows the loading bar.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix boot-race test to match managed policy reader pattern
The test was relying on AccountPolicyService calling updatePolicyDefinitions
on the managed service, but that no longer happens (the MultiplexPolicyService
handles it). Updated the test to explicitly seed the managed service and
Restricted after seeding.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address PR review feedback
- Fix setForceHidden signature in test mocks to match interface
- Include approvedOrganizations in gateInfoChanged detection
- Replace raw setTimeout with disposableTimeout for proper cleanup
- Fix AgentDisabled overlay: suppress only when gate forces the value,
not when gate is merely active (handles Satisfied+AgentDisabled case)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Polish ChatApprovedAccountOrganizations policy description
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Trim self-explanatory comments
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The Authorization header was constructed as 'Basic ' + base64(token), which
GitHub rejects because Basic auth requires base64(username:password). The
malformed header caused all GitHub API requests to fail with HTTP 403,
which the fetch wrapper masks with a misleading 'you may be rate limited'
message.
This was tolerable on GitHub-hosted runners because their IPs aren't
aggressively rate limited unauthenticated, but on the new 1ES Azure-hosted
runners (shared outbound IPs) the 60 req/hr unauthenticated limit is hit
immediately, breaking core-ci on every PR.
Switch to the Bearer scheme, which is the correct format for both
GITHUB_TOKEN and PATs.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Refine animated chat input working border
- Refactor animated ring to a ::before pseudo-element with mask trick so it
can fade in/out via opacity when the .working class toggles
- Slow the spin from 1.2s to 3s for a calmer cadence
- Replace the static pulsing box-shadow with a 3-step keyframed glow that
cycles through the same three theme colors as the conic ring, in sync
with the spin (so the halo appears to emanate from the gradient)
- Drop the now-unused --chat-input-working-fill override in sessions and
the matching entry in the stylelint allowlist
* feat(chat): add working border colors for chat input in light and dark themes
* feat(chat): update working border colors for chat input
* Update src/vs/workbench/contrib/chat/browser/widget/media/chat.css
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* feat(chat): add transition effect to chat input container
---------
Co-authored-by: mrleemurray <mrleemurray@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* developer joy animation around input box
* add back removed stuff
* don't show border while stuff is working
* better css
* add color components and cleanup
* progress border
* Agents: extract BaseAgentHostSessionsProvider to share local/remote logic (Written by Copilot)
Extracts the shared session/config/adapter/notification flow from
LocalAgentHostSessionsProvider and RemoteAgentHostSessionsProvider into
a new abstract BaseAgentHostSessionsProvider plus a single concrete
AgentHostSessionAdapter (with an options bag for variation points), both
under src/vs/sessions/contrib/agentHost/browser/.
The local provider drops from 1164 to 186 LOC. The remote provider
drops from 1457 to 395 LOC, retaining the connection-lifecycle surface
(setConnection / clearConnection / setAuthenticationPending /
setConnectionStatus / setOutputChannelId), the well-known agent-type
mapping, and the remote folder picker. Public API and behavior are
unchanged; both providers' existing test suites pass unmodified.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Agents: merge localAgentHost contrib into agentHost contrib (Written by Copilot)
The base provider already lives in src/vs/sessions/contrib/agentHost/.
Move the local provider, contribution, and test in alongside it so the
local agent host and the shared base sit in one folder. The remote
provider stays in its own contrib because it carries substantially more
machinery.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Clear _currentNewSessionStatus alongside other draft state in createNewSession (Written by Copilot)
Addresses Copilot review feedback: when createNewSession throws before
_createNewSessionForType runs (no matching sessionType, validation
failure), the previous draft's status observable would otherwise be
left around. Reset it with the rest of the draft state.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Vijay Upadya
Matt Bierner
Sandeep Somavarapu
Lee Murray
dileepyavan
Robo
Henning Dieterichs
Connor Peet
Connor Peet
Dmitriy Vasyura
Osvaldo Ortega
vs-code-engineering[bot]
Hawk Ticehurst
Christof Marti
Alexandru Dima
Alex Dima
Justin Chen
Johannes
mrleemurray
Josh Spicer
Michael Lively
Anthony Kim
Ladislau Szomoru
Rob Lourens
Paul