* build: bump @vscode/gulp-electron to 1.41.3
Brings in microsoft/vscode-gulp-electron#42 which adds retry-with-backoff
around transient network errors when downloading Electron, fixing build
breaks like getaddrinfo ENOTFOUND release-assets.githubusercontent.com.
NOTE: package-lock.json will be regenerated once 1.41.3 is published.
Do not merge until then.
* Sync package-lock.json with package.json after updating @vscode/gulp-electron to 1.41.3.
* agentHost/claude: post-Phase-4 cleanup
- roadmap.md: mark Phase 4 as DONE, link merged PR #313780.
- phase4-plan.md: record live-system smoke completion in §7.8;
disabled-gate run skipped (covered by unit tests + env-var guard).
- claudeAgent.test.ts: drop gratuitous 'as unknown as' cast in the
CCAModel fixture (literal already matches CCAModelBilling exactly;
plan §7.4 forbids unsafe casts in tests).
* agentHost/claude: lock Phase 5 implementation plan
Handoff plan for Phase 5 (replace 7 throwing stubs in claudeAgent.ts).
Locked against post-PR-#313841 reality (provisional sessions,
onDidMaterializeSession, 30s empty-session GC) and the IAgent contract
on origin/main.
Decisions captured:
- Non-fork createSession is synchronous and in-memory; fork deferred
to Phase 6 (throws TODO).
- IClaudeAgentSdkService surface mirrors IAgent (no dir parameter on
listSessions); SDK loader caches resolved module, retries on
failure, logs once.
- listSessions joins SDK enumeration with workbench session DB
metadata via ISessionDataService; per-entry try/catch resilience.
- shutdown() routes per-session teardown through the same
SequencerByKey<string> used by disposeSession() so concurrent
shutdown/disposeSession cannot double-dispose a wrapper in Phase 6.
- 14 unit tests defined (12 lifecycle + 2 resolved-config), including
log-once contract and shutdown/disposeSession race guard.
* agentHost/claude: Phase 5 — IAgent provider skeleton
Lands the ClaudeAgent IAgent provider behind the
'chat.agentHost.claudeAgent.enabled' setting (env gate
VSCODE_AGENT_HOST_ENABLE_CLAUDE=1). Pins
@anthropic-ai/claude-agent-sdk@0.2.112 in workspace + remote/.
Implemented in this phase:
* createSession - non-fork, in-memory wrapper only. Honors
config.session for restore. The fork path and SDK session
creation are deferred to Phase 6.
* listSessions - SDK is source of truth; per-session DB read
is a best-effort overlay (failure never excludes an entry).
* disposeSession / shutdown - routed through a per-session
SequencerByKey to serialize teardown.
* getDescriptor, getProtectedResources, models,
onDidSessionProgress, setClientCustomizations,
setClientTools, onClientToolCallComplete,
setCustomizationEnabled, authenticate, respondTo*Request -
minimal Phase-5 wiring.
Stubbed for Phase 6 (throw async 'TODO: Phase 6'):
sendMessage, abortSession, changeModel, getSessionMessages,
plus the createSession fork path.
Tests: 29 unit tests in claudeAgent.test.ts cover the
createSession restore-id path, listSessions overlay resilience,
dispose serialization, and stub surfaces.
Note: provisional / onDidMaterializeSession is intentionally
omitted in Phase 5 (see plan section 3.3.1) - the workbench needs
an immediate sessionAdded until the agent has real materialization
work, which arrives in Phase 6 alongside SDK query() startup.
* agentHost/claude: Phase 6 — sendMessage, single-turn, no tools
Implements the Phase 6 plan: provisional sessions materialize on first sendMessage, route a single-turn prompt through the Anthropic Claude Agent SDK's WarmQuery, and stream SDKMessages back as protocol AgentSignals via a pure mapSDKMessageToAgentSignals reducer.
Tools remain denied (canUseTool: 'deny'); fork moves to Phase 6.5; Plan Mode UI moves to Phase 7.
Highlights:
- ClaudeAgent.sendMessage routes through _sessionSequencer to collapse concurrent first sends into one materialize + N ordered sends.
- _materializeProvisional has two abort gates (post-startup + post-customizationDirectory write) so disposeSession landing mid-materialize cannot leak a WarmQuery subprocess.
- ClaudeAgentSession owns the prompt iterator + per-turn deferreds; mapSDKMessageToAgentSignals is a pure reducer with state owned by the session.
- IClaudeAgentSdkService gains startup() alongside listSessions().
Tests: 43 unit + 2 proxy-backed integration. Council-review fixes (C1 dispose race, C2 missing integration test, S1 cwd-less ratification) included.
* agentHost/claude: address PR review (listSessions resilience, dispose abort)
Two Copilot-reviewer comments on #314216:
1. listSessions: wrap _sdkService.listSessions() in try/catch. AgentService.listSessions fans out across providers via Promise.all; an SDK dynamic-import failure would otherwise nuke every other provider's session list. Now logs and returns [].
2. dispose: abort _provisionalSessions AbortControllers before super.dispose(). Previously a racing first sendMessage parked inside _writeCustomizationDirectory could pass the materialize abort gates and call _sessions.set on a disposed DisposableMap, orphaning the WarmQuery. Aborting first triggers the existing post-customization-write abort gate, which asyncDisposes the WarmQuery.
Tests: 2 new regressions (listSessions empty on SDK throw; agent.dispose() during racing materialize disposes the WarmQuery). 45/45 unit + 2/2 integration pass.
Picks up xterm.js commit 08ae141 (xtermjs/xterm.js#5826) which adds dispose / hasRenderer guards in OverviewRulerRenderer and cancels its pending requestAnimationFrame on dispose. This addresses the long-standing 'Cannot read properties of undefined (reading ''dimensions'')' crash tracked in microsoft/vscode#303546.
* Add CopilotAPI service & plan for Claude
This service can be used to send requests to CAPI which we will need as we shim requests from agents to CAPI.
* Add CopilotAPI service & plan for Claude
This service can be used to send requests to CAPI which we will need as we shim requests from agents to CAPI.
* Clarify signal propagation behavior in ICopilotApiServiceRequestOptions documentation
* chore: migrate agent-browser to @playwright/cli
Replace all uses of the `agent-browser` automation tool with `@playwright/cli`,
which supports `npx @playwright/cli attach --cdp=<port>` for connecting to
Electron/Chromium apps via CDP.
- Rewrite launch SKILL.md files (Code OSS and Copilot variants) with new
command mappings: attach --cdp, tab-list, snapshot, screenshot --filename,
fill, press
- Update auto-perf-optimize and chat-customizations-editor skills with
@playwright/cli commands; fix eval blocks to use IIFE syntax required by
the new tool
- Migrate testRemoteAgentHost.sh: connect→attach --cdp, snapshot -i→snapshot,
screenshot path→screenshot --filename=path; verified end-to-end with --skip-message
- Remove agent-browser from extensions/copilot/package.json (covered by root
devDependency); bump @playwright/cli to ^0.1.9 in root package.json
* fix: add @types/ws as explicit devDependency in copilot extension
Previously pulled in transitively via agent-browser -> webdriver.
Now that agent-browser is removed, @types/ws must be declared directly.
The previous reverts only changed the spec to ^1.0.34, but the resolved entries in the lockfiles still pointed at 1.0.38 (with 1.0.38 tarballs and integrity hashes). Since ^1.0.34 satisfies 1.0.38, npm ci would still install the broken version. Pin to exact 1.0.34 in all three package.json files and regenerate the lockfiles.
* agents: bump @github/copilot to 1.0.38
Tracks the version pinned in extensions/copilot/package.json. Updates
both root and remote/ package.json + lockfiles. Verified by re-running
the real-SDK 'listModels returns well-shaped model entries' integration
test (AGENT_HOST_REAL_SDK=1).
(Written by Copilot)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: skip electron re-download when correct version already present
The macOS/Electron CI job was failing because `electron.ts` unconditionally
deletes `.build/electron` and re-downloads Electron on every invocation.
When integration tests run CSS/HTML tests via `node-electron.sh`, they call
`npm run electron` which triggers this re-download. This can fail due to
transient network errors (e.g. 502 Bad Gateway from GitHub), causing the
integration test step to fail even though Electron was already downloaded
successfully in the dedicated "Download Electron and Playwright" CI step.
Fix: add a `.version` marker file inside `.build/electron` that records the
Electron version, MS build ID, and architecture. On the next invocation,
`main()` reads this marker and returns early if it matches the expected
version, skipping the unnecessary delete-and-re-download cycle.
Agent-Logs-Url: https://github.com/microsoft/vscode/sessions/8d0b4207-2616-497e-9a4f-bf8a39671934
Co-authored-by: roblourens <323878+roblourens@users.noreply.github.com>
* Revert "fix: skip electron re-download when correct version already present"
This reverts commit e1811ece5b. That
commit was pushed to this PR by another agent and is unrelated to the
@github/copilot bump that this PR is for.
(Written by Copilot)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: roblourens <323878+roblourens@users.noreply.github.com>
* Share secrets between Code and Agents app via macOS Keychain
Add a shared keychain service that stores secrets directly in the macOS
Keychain, allowing Code and its embedded Agents app to share auth tokens
without re-authentication.
Architecture:
- ISharedKeychainService (common interface) with ISharedKeychainMainService
running in the Electron main process, exposed to renderer via IPC
- SharedKeychainMainService wraps @vscode/macos-keychain native addon
- NativeSecretStorageService now writes to both the shared keychain and
the legacy safeStorage+SQLite pipeline (for rollback safety)
- On read, shared keychain is tried first, falling back to legacy
Product configuration:
- darwinSharedKeychainServiceName: per-flavor service name for data
isolation between Stable/Insiders/Exploration
- Access group auto-detected from entitlements by the native addon
Key design decisions:
- Shared keychain only used when type is 'persisted' (not in-memory)
- BaseSecretStorageService refactored to expose protected _doGet/_doSet/
_doDelete/_doGetKeys for use by subclasses within sequencer tasks
- Native addon is an optional dependency (macOS-only)
Files:
- build/azure-pipelines/darwin/app-entitlements.plist (keychain-access-groups)
- src/vs/platform/secrets/common/sharedKeychainService.ts (interface)
- src/vs/platform/secrets/electron-main/sharedKeychainMainService.ts (impl)
- src/vs/workbench/services/secrets/electron-browser/sharedKeychainService.ts (IPC proxy)
- src/vs/workbench/services/secrets/electron-browser/secretStorageService.ts (wiring)
Issue: #308028
* Address review feedback
* Add one-time migration of legacy secrets to shared keychain
On first secret operation, migrate all existing secrets from the legacy
safeStorage+SQLite pipeline into the shared macOS Keychain. This ensures
the Agents app can read secrets that were stored before the shared
keychain was introduced.
- Migration is lazy (triggered on first get/set/delete/keys)
- Guarded by a 'sharedKeychain.migrationDone' storage flag
- Idempotent: keychain writes are upserts, re-running is safe
- Best-effort per key: individual failures don't block the rest
- Skipped when type is 'in-memory'
- Also: make set() in SharedKeychainMainService best-effort (log, don't throw)
* update the current implementation
* restrict shared keychain to CROSS_APP_SHARED_SECRET_KEYS
* kick off shared keychain migration eagerly in constructor
* update @vscode/macos-keychain to 0.0.1
* Use provisioning profile for keychain access groups when available
During signing, check for build/darwin/distribution.provisionprofile.
If present, use it as the provisioning profile and keep the
keychain-access-groups entitlement in app-entitlements.plist.
If not present (e.g. OSS builds), strip the keychain-access-groups
section from a temp copy of the entitlements plist to avoid signing
failures. The shared keychain still works via the app's default
keychain without access-group isolation.
* Add entitlements diagnostic dump after signing
Dump the actual entitlements from the signed binary to validate
whether $(TeamIdentifierPrefix) is being expanded by codesign.
Hypothesis: the variable is passed literally to the entitlements
plist without expansion, causing a mismatch with the provisioning
profile and resulting in Killed: 9 on launch.
* Exclude provisioning profile from unicode hygiene check
* update package-lock.json
* Adopt multiple provision profiles
* fix: expand teamidentifier in the entitlement
* Re-sign without provisioning profile for tests
Run the entitlements step twice in CI:
1. First with provisioning profile (keychain-access-groups) for codesign/notarize
2. Then without provisioning profile for tests (in parallel with codesign)
This avoids making codesign sequential with tests while still
supporting the keychain-access-groups entitlement that requires
a provisioning profile.
- Add --skip-provisioning-profile flag to sign.ts
- Add 'Set Hardened Entitlements (for tests)' pipeline step
* Skip plist modifications when re-signing for tests
The plutil -insert calls fail on the second sign pass because the
keys already exist from the first pass. Skip plist modifications
when --skip-provisioning-profile is set since they are not needed.
* Move shared keychain migration from renderer to main process
Replace crossAppIPC-based secret handshake with direct shared keychain
writes in the main process:
- MacOSCrossAppSecretSharing now reads safeStorage+SQLite and writes to
shared keychain via SharedKeychainMainService (no crossAppIPC needed)
- Code.app migrates on startup; Agents app spawns Code.app once if
keychain is incomplete
- NativeSecretStorageService no longer does migration — just reads/writes
shared keychain for cross-app keys
* Add isMacintosh guards before using the shared keychain service
Co-authored-by: Copilot <copilot@github.com>
* Remove spec
* Tweak comments
---------
Co-authored-by: deepak1556 <hop2deep@gmail.com>
Co-authored-by: Copilot <copilot@github.com>
* adding allowRead and testing with defaults
* Rename terminal sandbox read allow list
* Remove Copilot settings change from sandbox PR
* changes
* changes
* Updating sandbox runtime package
* Updating tests
* Add macOS test cases for denyRead/allowRead behavior and ~ path handling
Agent-Logs-Url: https://github.com/microsoft/vscode/sessions/ec5cf3c2-6c7b-4577-bdbb-8ac3d42bdfb0
Co-authored-by: dileepyavan <52841896+dileepyavan@users.noreply.github.com>
* changes for readonly home dir
* skipping integrated tests for sandbox
* running srt in tmp_dir for linux
* running srt in tmp_dir for linux
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Dmitriy Vasyura
vs-code-engineering[bot]
Robo
Lee Murray
Alexandru Dima
Henning Dieterichs
Tyler James Leonhardt
Alexandru Dima
Bryan Chen
dileepyavan
Bryan Chen
Megan Rogge
Paul
Matt Bierner
Connor Peet
Connor Peet
Rob Lourens
Johannes Rieken