Commit Graph

484 Commits

Author SHA1 Message Date
Connor Peet c4ffdb5da7 Merge pull request #313301 from microsoft/connor4312/ah-plan-mode
agentHost: implement plan and native autopilot modes
2026-04-29 15:23:26 -07:00
Tyler James Leonhardt f5e05a0253 chore: migrate agent-browser to @playwright/cli (#313316)
* chore: migrate agent-browser to @playwright/cli

Replace all uses of the `agent-browser` automation tool with `@playwright/cli`,
which supports `npx @playwright/cli attach --cdp=<port>` for connecting to
Electron/Chromium apps via CDP.

- Rewrite launch SKILL.md files (Code OSS and Copilot variants) with new
  command mappings: attach --cdp, tab-list, snapshot, screenshot --filename,
  fill, press
- Update auto-perf-optimize and chat-customizations-editor skills with
  @playwright/cli commands; fix eval blocks to use IIFE syntax required by
  the new tool
- Migrate testRemoteAgentHost.sh: connect→attach --cdp, snapshot -i→snapshot,
  screenshot path→screenshot --filename=path; verified end-to-end with --skip-message
- Remove agent-browser from extensions/copilot/package.json (covered by root
  devDependency); bump @playwright/cli to ^0.1.9 in root package.json

* fix: add @types/ws as explicit devDependency in copilot extension

Previously pulled in transitively via agent-browser -> webdriver.
Now that agent-browser is removed, @types/ws must be declared directly.
2026-04-29 20:55:11 +00:00
Connor Peet e8848aa993 comments and polish 2026-04-29 13:14:42 -07:00
Connor Peet e8825bfd05 Merge remote-tracking branch 'origin/main' into connor4312/ah-plan-mode 2026-04-29 11:52:39 -07:00
Connor Peet 75ec86b07f agentHost: implement plan and native autopilot modes 2026-04-29 11:43:46 -07:00
Matt Bierner 75d676cce9 Merge branch 'main' into dev/mjbvz/copilot-eslint-unify 2026-04-29 08:00:31 -07:00
Henning Dieterichs 19b3119b33 Pin @github/copilot to exact 1.0.34 and regenerate lockfiles
The previous reverts only changed the spec to ^1.0.34, but the resolved entries in the lockfiles still pointed at 1.0.38 (with 1.0.38 tarballs and integrity hashes). Since ^1.0.34 satisfies 1.0.38, npm ci would still install the broken version. Pin to exact 1.0.34 in all three package.json files and regenerate the lockfiles.
2026-04-29 16:46:30 +02:00
Henning Dieterichs 6087b944fe Revert "agents: bump @github/copilot to 1.0.38 (#313073)"
This reverts commit 83cbe74699.
2026-04-29 16:46:30 +02:00
Matt Bierner 371c4a0a73 Use root eslint for copilot 2026-04-28 15:20:59 -07:00
Rob Lourens 83cbe74699 agents: bump @github/copilot to 1.0.38 (#313073)
* agents: bump @github/copilot to 1.0.38

Tracks the version pinned in extensions/copilot/package.json. Updates
both root and remote/ package.json + lockfiles. Verified by re-running
the real-SDK 'listModels returns well-shaped model entries' integration
test (AGENT_HOST_REAL_SDK=1).

(Written by Copilot)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: skip electron re-download when correct version already present

The macOS/Electron CI job was failing because `electron.ts` unconditionally
deletes `.build/electron` and re-downloads Electron on every invocation.

When integration tests run CSS/HTML tests via `node-electron.sh`, they call
`npm run electron` which triggers this re-download. This can fail due to
transient network errors (e.g. 502 Bad Gateway from GitHub), causing the
integration test step to fail even though Electron was already downloaded
successfully in the dedicated "Download Electron and Playwright" CI step.

Fix: add a `.version` marker file inside `.build/electron` that records the
Electron version, MS build ID, and architecture. On the next invocation,
`main()` reads this marker and returns early if it matches the expected
version, skipping the unnecessary delete-and-re-download cycle.

Agent-Logs-Url: https://github.com/microsoft/vscode/sessions/8d0b4207-2616-497e-9a4f-bf8a39671934

Co-authored-by: roblourens <323878+roblourens@users.noreply.github.com>

* Revert "fix: skip electron re-download when correct version already present"

This reverts commit e1811ece5b. That
commit was pushed to this PR by another agent and is unrelated to the
@github/copilot bump that this PR is for.

(Written by Copilot)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: roblourens <323878+roblourens@users.noreply.github.com>
2026-04-28 21:00:14 +00:00
Johannes Rieken 7c6d456ec3 profiling: replace v8-inspect-profiler with chrome-remote-interface (#312974)
* profiling: replace v8-inspect-profiler with chrome-remote-interface

Convert src/vs/base/node/profiling.ts from pasted JS+DTS into a
proper TypeScript module. Replace the v8-inspect-profiler dependency
with chrome-remote-interface and update all import sites.

* Update src/vs/base/node/profiling.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update src/vs/base/node/profiling.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* ccr

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-04-28 10:40:22 +02:00
vs-code-engineering[bot] 61fa519123 Bump version to 1.119.0 (#312684) 2026-04-27 09:30:17 -07:00
vs-code-engineering[bot] dd05fac328 [cherry-pick] Revert "Share secrets between Code and Agents app via macOS Keychain" (#312735)
Co-authored-by: vs-code-engineering[bot] <vs-code-engineering[bot]@users.noreply.github.com>
2026-04-27 13:54:58 +00:00
Alexandru Dima b4347c5814 Share secrets between Code and Agents app via macOS Keychain (#308990)
* Share secrets between Code and Agents app via macOS Keychain

Add a shared keychain service that stores secrets directly in the macOS
Keychain, allowing Code and its embedded Agents app to share auth tokens
without re-authentication.

Architecture:
- ISharedKeychainService (common interface) with ISharedKeychainMainService
  running in the Electron main process, exposed to renderer via IPC
- SharedKeychainMainService wraps @vscode/macos-keychain native addon
- NativeSecretStorageService now writes to both the shared keychain and
  the legacy safeStorage+SQLite pipeline (for rollback safety)
- On read, shared keychain is tried first, falling back to legacy

Product configuration:
- darwinSharedKeychainServiceName: per-flavor service name for data
  isolation between Stable/Insiders/Exploration
- Access group auto-detected from entitlements by the native addon

Key design decisions:
- Shared keychain only used when type is 'persisted' (not in-memory)
- BaseSecretStorageService refactored to expose protected _doGet/_doSet/
  _doDelete/_doGetKeys for use by subclasses within sequencer tasks
- Native addon is an optional dependency (macOS-only)

Files:
- build/azure-pipelines/darwin/app-entitlements.plist (keychain-access-groups)
- src/vs/platform/secrets/common/sharedKeychainService.ts (interface)
- src/vs/platform/secrets/electron-main/sharedKeychainMainService.ts (impl)
- src/vs/workbench/services/secrets/electron-browser/sharedKeychainService.ts (IPC proxy)
- src/vs/workbench/services/secrets/electron-browser/secretStorageService.ts (wiring)

Issue: #308028

* Address review feedback

* Add one-time migration of legacy secrets to shared keychain

On first secret operation, migrate all existing secrets from the legacy
safeStorage+SQLite pipeline into the shared macOS Keychain. This ensures
the Agents app can read secrets that were stored before the shared
keychain was introduced.

- Migration is lazy (triggered on first get/set/delete/keys)
- Guarded by a 'sharedKeychain.migrationDone' storage flag
- Idempotent: keychain writes are upserts, re-running is safe
- Best-effort per key: individual failures don't block the rest
- Skipped when type is 'in-memory'
- Also: make set() in SharedKeychainMainService best-effort (log, don't throw)

* update the current implementation

* restrict shared keychain to CROSS_APP_SHARED_SECRET_KEYS

* kick off shared keychain migration eagerly in constructor

* update @vscode/macos-keychain to 0.0.1

* Use provisioning profile for keychain access groups when available

During signing, check for build/darwin/distribution.provisionprofile.
If present, use it as the provisioning profile and keep the
keychain-access-groups entitlement in app-entitlements.plist.

If not present (e.g. OSS builds), strip the keychain-access-groups
section from a temp copy of the entitlements plist to avoid signing
failures. The shared keychain still works via the app's default
keychain without access-group isolation.

* Add entitlements diagnostic dump after signing

Dump the actual entitlements from the signed binary to validate
whether $(TeamIdentifierPrefix) is being expanded by codesign.

Hypothesis: the variable is passed literally to the entitlements
plist without expansion, causing a mismatch with the provisioning
profile and resulting in Killed: 9 on launch.

* Exclude provisioning profile from unicode hygiene check

* update package-lock.json

* Adopt multiple provision profiles

* fix: expand teamidentifier in the entitlement

* Re-sign without provisioning profile for tests

Run the entitlements step twice in CI:
1. First with provisioning profile (keychain-access-groups) for codesign/notarize
2. Then without provisioning profile for tests (in parallel with codesign)

This avoids making codesign sequential with tests while still
supporting the keychain-access-groups entitlement that requires
a provisioning profile.

- Add --skip-provisioning-profile flag to sign.ts
- Add 'Set Hardened Entitlements (for tests)' pipeline step

* Skip plist modifications when re-signing for tests

The plutil -insert calls fail on the second sign pass because the
keys already exist from the first pass. Skip plist modifications
when --skip-provisioning-profile is set since they are not needed.

* Move shared keychain migration from renderer to main process

Replace crossAppIPC-based secret handshake with direct shared keychain
writes in the main process:

- MacOSCrossAppSecretSharing now reads safeStorage+SQLite and writes to
  shared keychain via SharedKeychainMainService (no crossAppIPC needed)
- Code.app migrates on startup; Agents app spawns Code.app once if
  keychain is incomplete
- NativeSecretStorageService no longer does migration — just reads/writes
  shared keychain for cross-app keys

* Add isMacintosh guards before using the shared keychain service

Co-authored-by: Copilot <copilot@github.com>

* Remove spec

* Tweak comments

---------

Co-authored-by: deepak1556 <hop2deep@gmail.com>
Co-authored-by: Copilot <copilot@github.com>
2026-04-26 22:40:10 +03:00
dileepyavan bb09e7379b terminal: Disable read all by default (#311850)
* adding allowRead and testing with defaults

* Rename terminal sandbox read allow list

* Remove Copilot settings change from sandbox PR

* changes

* changes

* Updating sandbox runtime package

* Updating tests

* Add macOS test cases for denyRead/allowRead behavior and ~ path handling

Agent-Logs-Url: https://github.com/microsoft/vscode/sessions/ec5cf3c2-6c7b-4577-bdbb-8ac3d42bdfb0

Co-authored-by: dileepyavan <52841896+dileepyavan@users.noreply.github.com>

* changes for readonly home dir

* skipping integrated tests for sandbox

* running srt in tmp_dir for linux

* running srt in tmp_dir for linux

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
2026-04-24 11:07:16 -07:00
Matt Bierner 1a54933643 Revert "Use main eslint config for copilot extension too" 2026-04-23 15:17:22 -07:00
Matt Bierner 74fca4377e Merge pull request #311606 from microsoft/dev/mjbvz/advisory-swallow
Use main eslint config for copilot extension too
2026-04-23 14:29:25 -07:00
Alex Dima 24838ca669 Merge remote-tracking branch 'origin/main' into alexdima/shared-keychain 2026-04-23 15:11:04 +02:00
Henning Dieterichs 23bf8f6efa Merge pull request #311958 from microsoft/hediet/b/educational-gayal
Improves source map support
2026-04-23 12:38:54 +02:00
Rob Lourens 096e5abe9d agentHost: bump @github/copilot to 1.0.34 (#311964)
* Fix broken sessions list
From #311751

Co-authored-by: Copilot <copilot@github.com>

* fix tests

* agentHost: settings followups

- Unrelated: fix local agent host being broken on main following
  some overnight cleanups
- Register a JSON schema for agent session settings (only when they're
  open since it has a perf cost)
- When there are multiple custom approval buttons, show them in a
  dropdown similar to other tool calls.

* Add tests for agent session settings schema registration

* Bump @github/copilot from ^1.0.28 to ^1.0.34

Matches the version used in extensions/copilot.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* agentHost: tolerate synthetic Copilot models with empty capabilities

After bumping @github/copilot to 1.0.34, listModels() returns a synthetic
'auto' router entry shaped like { id: 'auto', name: 'Auto', capabilities: {} }.
The SDK's ModelInfo type still declares capabilities.limits.max_context_window_tokens
as required, so reading it crashed _listModels and zeroed out the model list.

Wrap the SDK type in a local ICopilotModelInfo with the actually-optional
fields marked optional, and skip entries lacking max_context_window_tokens
with a warn log instead of throwing.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* agentHost: surface synthetic 'auto' model with optional maxContextWindow

Instead of dropping the synthetic 'auto' router model, make
IAgentModelInfo.maxContextWindow optional and pass it through as
undefined when the SDK doesn't report a fixed context window. The
agentHostLanguageModelProvider already handles undefined via '?? 0',
and the protocol state type already had the field optional.

Update the real-SDK listModels test to allow undefined maxContextWindow
and to assert the 'auto' entry is present.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Connor Peet <connor@peet.io>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-22 19:23:45 +00:00
Henning Dieterichs 021452aeb0 updates source-map-support 2026-04-22 19:59:33 +02:00
Alex Dima 08b85031c9 update package-lock.json 2026-04-22 11:45:52 +02:00
Alex Dima 70abdc1ad8 Merge remote-tracking branch 'origin/main' into alexdima/shared-keychain 2026-04-22 11:37:15 +02:00
Rob Lourens a1abedfea0 Update @github/copilot SDK to ^1.0.28 (#311807)
Bump @github/copilot in root and remote package.json to ^1.0.28 to match
the version pinned by the bundled copilot extension (extensions/copilot).

Also adds a real-SDK integration test for listModels that subscribes to
the root state, authenticates, and asserts every model has a well-formed
shape (id, name, numeric maxContextWindow). This guards against SDK
schema drift like the issue in 1.0.34, where the server returned models
with optional capabilities.limits, causing _listModels to throw a
TypeError that _refreshModels silently swallowed (resulting in no models
in the UI).

Drive-by: fix stale provider id 'copilot' -> 'copilotcli' in the same
test file.

(Written by Copilot)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-22 02:29:53 +00:00
Raymond Zhao 9a60a6f5f9 chore: bump windows-process-tree (#311781) 2026-04-21 23:18:39 +00:00
Matt Bierner ad6844f64d Use main eslint config for copilot extension too
- Moves copilot eslint config into top level eslint config
- Adopts some standard rules
- Suppress a few new shared rules
2026-04-20 22:46:02 -07:00
Robo a1d3ff15f4 feat: enable shared safestorage on windows (#311418)
* feat: enable shared safestorage on windows

* chore: bump distro
2026-04-20 20:42:50 -07:00
Alex Ross 2ac46efee4 Bump version to 1.118.0 (#311304)
* Bump version to 1.118.0

* Fix engine version in lock file

* npm i

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-20 09:07:06 +00:00
Raymond Zhao 8ba4c72aa2 chore: run npm audit fix (#311104) 2026-04-17 15:49:13 -07:00
Henning Dieterichs 2cc8b21a3a Updates component explorer 2026-04-17 18:29:29 +02:00
Lee Murray 6a3da5ff32 Update @vscode/codicons version to 0.0.46-5 (#309907)
Update @vscode/codicons version to 0.0.46-5 in package.json and package-lock.json

Co-authored-by: mrleemurray <mrleemurray@users.noreply.github.com>
2026-04-14 19:43:00 +00:00
Raymond Zhao c8f23febaf chore: run npm audit fix (#309902)
* chore: run npm audit fix

* bump build/rspack
2026-04-14 18:05:51 +00:00
Alex Ross 027a4d3ce4 Bump version to 1.117.0 (#309394)
* Bump version to 1.117.0

* npm i

* wait to do engine version bump

* Revert "wait to do engine version bump"

This reverts commit 9db1c0feb6.

* Add Copilot extension tests to Linux/Windows Electron integration test runs

* Remove failing step that we moved to the main build

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-13 14:52:32 +02:00
Rob Lourens 41837b42ae Fix agent host session working directories
(Written by Copilot)
2026-04-11 17:25:43 -07:00
Robo 0999c0e18e fix: update OS display name of the agents app (#308992)
* fix: update OS display name of the agents app

* fix: remove old start menu shortcut

* temp: bump gulp-electron for validation

* temp: bump gulp-electron

* chore: update sign.ts

* fix: entitlements for embedded app helpers

* fix: launch services registration

* chore: bump gulp-electron@1.41.2
2026-04-10 21:27:49 +00:00
Raymond Zhao a37ccb456c chore: run npm audit fix (#309045) 2026-04-10 18:53:31 +00:00
Alex Dima 569fdfb04c update @vscode/macos-keychain to 0.0.1 2026-04-10 18:32:45 +02:00
Alex Dima 65e9db5642 Merge remote-tracking branch 'origin/main' into alexdima/shared-keychain 2026-04-10 12:41:07 +02:00
Alex Dima e534b2c741 Share secrets between Code and Agents app via macOS Keychain
Add a shared keychain service that stores secrets directly in the macOS
Keychain, allowing Code and its embedded Agents app to share auth tokens
without re-authentication.

Architecture:
- ISharedKeychainService (common interface) with ISharedKeychainMainService
  running in the Electron main process, exposed to renderer via IPC
- SharedKeychainMainService wraps @vscode/macos-keychain native addon
- NativeSecretStorageService now writes to both the shared keychain and
  the legacy safeStorage+SQLite pipeline (for rollback safety)
- On read, shared keychain is tried first, falling back to legacy

Product configuration:
- darwinSharedKeychainServiceName: per-flavor service name for data
  isolation between Stable/Insiders/Exploration
- Access group auto-detected from entitlements by the native addon

Key design decisions:
- Shared keychain only used when type is 'persisted' (not in-memory)
- BaseSecretStorageService refactored to expose protected _doGet/_doSet/
  _doDelete/_doGetKeys for use by subclasses within sequencer tasks
- Native addon is an optional dependency (macOS-only)

Files:
- build/azure-pipelines/darwin/app-entitlements.plist (keychain-access-groups)
- src/vs/platform/secrets/common/sharedKeychainService.ts (interface)
- src/vs/platform/secrets/electron-main/sharedKeychainMainService.ts (impl)
- src/vs/workbench/services/secrets/electron-browser/sharedKeychainService.ts (IPC proxy)
- src/vs/workbench/services/secrets/electron-browser/secretStorageService.ts (wiring)

Issue: #308028
2026-04-10 12:38:30 +02:00
Robo c88afdaf77 chore: update electron@39.8.7 (#308959)
* chore: update electron@39.8.7

* chore: update command

* chore: remove showNodeSystemCertificates command

* chore: bump distro
2026-04-10 10:33:39 +02:00
Matt Bierner 5e957b6922 Update build ts version 2026-04-08 20:49:29 -07:00
Henning Dieterichs 088b38a734 update component explorer 2026-04-09 05:12:44 +02:00
Christof Marti 43f7117748 Surface network errors with proxies (microsoft/vscode#298236) 2026-04-08 08:13:59 +00:00
Rob Lourens 063a61dbb7 agentHost Adopt new tree-sitter (#308352)
* agentHost Adopt new tree-sitter

* Bump in web

* Fix test

* fix tests
2026-04-08 00:41:31 +00:00
Anthony Kim 0e637c9101 Update xterm to beta.197 (#308317) 2026-04-07 15:31:28 -07:00
Connor Peet bc6deaadc8 Merge pull request #308249 from microsoft/connor4312/reapply-tunnels
Reapply tunnels work
2026-04-07 12:58:34 -04:00
Alex Ross f67890df50 Bump version (#308241) 2026-04-07 16:44:01 +00:00
Connor Peet 62a503dc25 Revert "Revert build breakages (#308162)"
This reverts commit 8aa4cf8a0f.
2026-04-07 07:48:16 -07:00
João Moreno 8aa4cf8a0f Revert build breakages (#308162)
* Revert "agentHost: Hook up isRead/isDone (#308107)"

This reverts commit a3d69b7767.

* Revert "agentHost: support connections over tunnels (#307948)"

This reverts commit 75f21d0a8d.
2026-04-07 08:43:56 +00:00
Connor Peet 75f21d0a8d agentHost: support connections over tunnels (#307948)
* wip

* clean up unused bits and make auth work correctly

* comments and fixes
2026-04-06 16:14:01 +00:00