- Handle /usr/bin/bash (Linux) vs /bin/bash (macOS) in /tmp write test
- Handle 'Read-only file system' (Linux) vs 'Operation not permitted' (macOS)
- Add 'Read-only file system' to outputLooksSandboxBlocked heuristic
- Replace newlines with spaces (not empty) to handle terminal wrapping
- Extract outputLooksSandboxBlocked as exported function with unit tests
* Adopt new codicons version
* terminal: use terminal-secure codicon for sandboxed commands
Add per-invocation icon support to tool invocations via
`IPreparedToolInvocation.icon` and `IChatToolInvocation.icon`.
The terminal tool sets the icon to `terminal-secure` when sandbox
is active, or `terminal` otherwise. The thinking content part and
subagent content part use this icon when rendering, falling back
to the existing heuristic for tools without a registered icon.
Also removes the $(lock) theme icon prefix from sandbox invocation
messages since the icon now communicates the sandbox state.
* Fix unit test
* Review feedback
Add per-invocation icon support to tool invocations via
`IPreparedToolInvocation.icon` and `IChatToolInvocation.icon`.
The terminal tool sets the icon to `terminal-secure` when sandbox
is active, or `terminal` otherwise. The thinking content part and
subagent content part use this icon when rendering, falling back
to the existing heuristic for tools without a registered icon.
Also removes the $(lock) theme icon prefix from sandbox invocation
messages since the icon now communicates the sandbox state.
- Add bubblewrap and socat to Linux CI apt-get install
- Make sandbox test assertions platform-aware (macFileSystem vs linuxFileSystem)
- Make /etc/shells test accept both macOS and Linux first-line format
- Broaden wrapped prompt fragment regex to handle path chars (ts/testWorkspace$)
- Fix continuation pattern to match user@host:path wrapped lines
- Apply stripCommandEchoAndPrompt to getOutput() in BasicExecuteStrategy
(basic shell integration lacks reliable 133;C markers so getOutput()
can include command echo)
- Keep RichExecuteStrategy getOutput() unstripped (rich integration
has reliable markers)
* Re-register run_in_terminal tool when sandbox settings change
When the terminal sandbox setting is toggled at runtime, the
run_in_terminal tool's schema and description were not updated because
the tool data was only computed once at startup. This meant the model
never learned about requestUnsandboxedExecution when sandbox was
enabled after startup.
Fix by using a MutableDisposable to manage the tool registration and
re-registering whenever sandbox-related settings, network domains, or
trusted domains change.
Fixes#303714
* Fix race condition in run_in_terminal tool re-registration and add refresh tests
Guard _registerRunInTerminalTool against stale async resolutions using a monotonically increasing version counter. Export ChatAgentToolsContribution for testability. Add integration tests verifying tool data refreshes on config and trusted domain changes.
In CI, ^C cancellations leave stale prompt fragments before the actual
command echo line. The leading-strip loop now continues scanning past
unmatched lines until it finds the command echo, instead of breaking
on the first non-matching line.
Anchor prompt-detection regexes to specific prompt shapes instead of
broadly matching any line ending with $, #, %, or >. This prevents
stripping real command output like "100%", "<div>", or "item #".
Prevent sandbox-wrapped command lines from leaking as output when
commands produce no actual output. Adds stripCommandEchoAndPrompt()
to isolate real output from marker-based terminal buffer captures.
Also adds configurable idle poll interval and shell integration
timeout=0 support for faster test execution.
When chat.customizationsMenu.enabled is true (default):
- Gear icon directly opens the AI Customizations editor
- Tool Sets, Chat Settings, and Show Agent Debug Logs move to the '...' context menu
When the setting is false, the original gear dropdown behavior is preserved.
