* Rename sandbox setting to chat.agent.sandbox (#303421)
Rename the top-level sandbox setting from `chat.tools.terminal.sandbox.enabled`
to `chat.agent.sandbox` to reflect that sandboxing is a general agent concept,
not terminal-specific.
- Update setting ID value to `chat.agent.sandbox`
- Update description to be more general
- Deprecate old `chat.tools.terminal.sandbox.enabled` setting
- Update telemetry event name
Fixes#303421
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* updating terminal sandbox to agent sandbox
* removed allowTrustedDomains
* correcting the settings keys for sandboxing
* correcting the settings keys for sandboxing
* Explicit notification for blocked domains before running the command
* Fix terminal sandbox follow-ups
* main merge
* fixing tests
* Update src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalSandboxService.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalSandboxService.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/runInTerminalTool.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalSandboxService.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Revert "Update src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalSandboxService.ts"
This reverts commit b956dfa719.
* removing local files
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Rename sandbox setting to chat.agent.sandbox (#303421)
Rename the top-level sandbox setting from `chat.tools.terminal.sandbox.enabled`
to `chat.agent.sandbox` to reflect that sandboxing is a general agent concept,
not terminal-specific.
- Update setting ID value to `chat.agent.sandbox`
- Update description to be more general
- Deprecate old `chat.tools.terminal.sandbox.enabled` setting
- Update telemetry event name
Fixes#303421
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* updating terminal sandbox to agent sandbox
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add argument parsing, suite filtering, and grep support to integration test scripts
- Add --run, --runGlob, --grep, --suite, and --help argument parsing
- --suite selects extension host test suites (comma-separated, glob patterns)
- --grep forwards test name filter to all runners via MOCHA_GREP env var
- Validate --suite filter matches at least one known suite
- Add MOCHA_GREP support to testrunner.js, CSS and HTML test runners
- Seed user settings to suppress dock bounce notifications
- Always apply *.integrationTest.js glob for node.js tests
- Add integration-tests skill documentation
* Address Copilot review feedback
- Quote cd $ROOT, rm -rf $VSCODEUSERDATADIR, rmdir %VSCODEUSERDATADIR%
- Quote --runGlob pattern to prevent premature glob expansion
- Use GREP_ARGS array for safe grep forwarding in .sh
- Use conditional call with proper quoting for grep in .bat
- Deduplicate suite list into KNOWN_SUITES variable
- Remove unused EXTRA_ARGS and ARGS variables from .bat
* Fix Windows CI: remove unnecessary enabledelayedexpansion
The original script used plain 'setlocal'. Adding 'enabledelayedexpansion'
may affect path resolution behavior on Windows CI. Since no delayed
expansion (\!var\!) syntax is used, revert to the original 'setlocal'.
* Fix Windows CI: capture %~dp0 before call :label corrupts it
In Windows batch, 'call :label' can change what %~dp0 resolves to.
Our should_run_suite subroutine uses 'call :should_run_suite', which
caused %~dp0 to resolve to the wrong directory for extension paths
that appear after the subroutine call. Capture the script directory
once at startup into %SCRIPT_DIR% and use it everywhere.
Update the built-in HTML sample snippet to follow current web standards
and reduce unnecessary boilerplate:
- Add lang attribute to <html> tag as first tab stop (W3C recommended)
- Remove outdated IE compatibility meta tag (IE is no longer supported)
- Remove unnecessary type='text/css' and media='screen' from <link>
(default values in HTML5)
- Remove <script> tag (modern templates often handle scripts differently)
- Move viewport meta before title (following common convention)
Fixes#272331
Co-authored-by: Raymond Zhao <7199958+rzhao271@users.noreply.github.com>
When ensureConfigurationForDocument is called and no visible text editor
is found for the document, getFormattingOptions returns undefined and
the method returns early without sending any configuration including
user preferences like preferTypeOnlyAutoImports to the TS server.
This causes source.addMissingImports to ignore the user's
preferTypeOnlyAutoImports setting.
Fix by falling back to undefined formatting options when no visible
editor is found, ensuring user preferences are always sent.
Closes#272479
SVG images that rely solely on a viewBox attribute (without explicit
width/height) could not be zoomed in the image preview because they
have no intrinsic dimensions. CSS zoom had no effect since the SVG
would simply re-render to fill whatever container size it was given.
- Set explicit minWidth/minHeight on the image element when
naturalWidth/naturalHeight are 0, giving CSS zoom concrete pixel
dimensions to scale
- Handle firstZoom() division by zero when naturalWidth is 0 by
defaulting to scale 1x
- Clear explicit dimensions when returning to scale-to-fit mode
Fixes#240638
The transparency checkerboard pattern in the image preview used two
overlapping linear-gradient(45deg, ...) backgrounds with offset
positions. At certain zoom levels, subpixel rendering caused visible
triangular artifacts at the gradient boundaries.
Replace with a single conic-gradient per theme, which creates a clean
four-square checkerboard tile without diagonal edges, eliminating
the rendering artifacts at all zoom levels.
Closes#229565
* fix: command rewriting issues when terminal sandboxing is enabled
Fixes two issues with sandboxed terminal commands:
1. Sandboxed commands end up in shell history (#303769): The
PreventHistoryRewriter was running before SandboxRewriter, so the
leading space was applied to the inner command but not the final
sandbox-wrapped command. Moved PreventHistoryRewriter to run last.
2. cd CWD prefix not stripped in sandbox mode (#303848): The
SandboxedCommandLinePresenter was using the original (un-rewritten)
command for display, bypassing cd prefix stripping. Changed to use
forDisplay instead.
3. Fixed forDisplay being clobbered: The rewriter loop unconditionally
overwrote forDisplay, so later rewriters without a forDisplay
(like PreventHistoryRewriter) would clear the sandbox's display
value. Changed to only update when explicitly provided.
Fixes#303769Fixes#303848
* update doc comment for SandboxedCommandLinePresenter
* improve execute strategy logging for CI diagnostics
Upgrade strategy selection and completion logs to info level in
runInTerminalTool. In richExecuteStrategy, log at info level when
running in CI (for diagnosing shell integration race conditions)
and debug otherwise.
* fix: include ignorespace in bash shell integration history verification
When VSCODE_PREVENT_SHELL_HISTORY=1 is set (which it is for all tool
terminals created by the run_in_terminal tool), the bash shell
integration script sets HISTCONTROL="ignorespace" (line 67). This
causes bash to exclude space-prefixed commands from history.
Later in the same script (line 200), a regex decides whether to use
`history 1` or $BASH_COMMAND to capture the current command in
__vsc_preexec. The regex checks for erasedups, ignoreboth, and
ignoredups — but NOT ignorespace. This is a bug because:
1. The same script sets HISTCONTROL=ignorespace 130 lines earlier
2. ignoreboth (which IS in the regex) is defined by bash as
"ignorespace + ignoredups" — so the compound form was handled
but the simple form was not
The consequence: with HISTCONTROL=ignorespace and __vsc_history_verify=1,
__vsc_preexec calls `history 1` to get the current command. But the
command has a leading space (added by PreventHistoryRewriter), so bash
history never recorded it. `history 1` returns the PREVIOUS command
or nothing. This causes __vsc_current_command to be wrong or empty.
In __vsc_command_complete, when __vsc_current_command is empty, the
script sends the OSC sequence 633;D WITHOUT an exit code (line 373).
The VS Code side then receives onCommandFinished with exitCode=undefined,
breaking exit code detection for ALL tool terminal commands on bash.
The fix adds ignorespace to the existing regex, so bash falls back to
$BASH_COMMAND (which always works regardless of history settings).
This matches the behavior already provided when ignoreboth is set.
* docs: improve fix-ci-failures skill with faster log retrieval workflow
- setupRecreatingStartMarker returns IDisposable to stop marker recreation
before sending commands (prevents marker jumping on PSReadLine re-renders)
- noneExecuteStrategy waits for cursor to move past start line after sendText
before starting idle detection (prevents end marker at same line as start)
- findCommandEcho supports suffix matching for partial command echoes from
wrapped getOutput() results (shell integration ON with long commands)
- Suffix matching requires mid-word split to avoid false positives on output
that happens to be a suffix of the command (e.g. echo output)
- Integration tests: use ; separator on Windows, add && conversion test,
handle Windows exit code quirks with cmd /c
- Handle /usr/bin/bash (Linux) vs /bin/bash (macOS) in /tmp write test
- Handle 'Read-only file system' (Linux) vs 'Operation not permitted' (macOS)
- Add 'Read-only file system' to outputLooksSandboxBlocked heuristic
- Replace newlines with spaces (not empty) to handle terminal wrapping
- Extract outputLooksSandboxBlocked as exported function with unit tests
- Add bubblewrap and socat to Linux CI apt-get install
- Make sandbox test assertions platform-aware (macFileSystem vs linuxFileSystem)
- Make /etc/shells test accept both macOS and Linux first-line format
- Broaden wrapped prompt fragment regex to handle path chars (ts/testWorkspace$)
- Fix continuation pattern to match user@host:path wrapped lines
- Apply stripCommandEchoAndPrompt to getOutput() in BasicExecuteStrategy
(basic shell integration lacks reliable 133;C markers so getOutput()
can include command echo)
- Keep RichExecuteStrategy getOutput() unstripped (rich integration
has reliable markers)
Prevent sandbox-wrapped command lines from leaking as output when
commands produce no actual output. Adds stripCommandEchoAndPrompt()
to isolate real output from marker-based terminal buffer captures.
Also adds configurable idle poll interval and shell integration
timeout=0 support for faster test execution.
