* Rename sandbox setting to chat.agent.sandbox (#303421)
Rename the top-level sandbox setting from `chat.tools.terminal.sandbox.enabled`
to `chat.agent.sandbox` to reflect that sandboxing is a general agent concept,
not terminal-specific.
- Update setting ID value to `chat.agent.sandbox`
- Update description to be more general
- Deprecate old `chat.tools.terminal.sandbox.enabled` setting
- Update telemetry event name
Fixes#303421
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* updating terminal sandbox to agent sandbox
* removed allowTrustedDomains
* correcting the settings keys for sandboxing
* correcting the settings keys for sandboxing
* Explicit notification for blocked domains before running the command
* Fix terminal sandbox follow-ups
* main merge
* fixing tests
* Update src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalSandboxService.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalSandboxService.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/runInTerminalTool.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalSandboxService.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Revert "Update src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalSandboxService.ts"
This reverts commit b956dfa719.
* removing local files
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Rename sandbox setting to chat.agent.sandbox (#303421)
Rename the top-level sandbox setting from `chat.tools.terminal.sandbox.enabled`
to `chat.agent.sandbox` to reflect that sandboxing is a general agent concept,
not terminal-specific.
- Update setting ID value to `chat.agent.sandbox`
- Update description to be more general
- Deprecate old `chat.tools.terminal.sandbox.enabled` setting
- Update telemetry event name
Fixes#303421
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* updating terminal sandbox to agent sandbox
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: command rewriting issues when terminal sandboxing is enabled
Fixes two issues with sandboxed terminal commands:
1. Sandboxed commands end up in shell history (#303769): The
PreventHistoryRewriter was running before SandboxRewriter, so the
leading space was applied to the inner command but not the final
sandbox-wrapped command. Moved PreventHistoryRewriter to run last.
2. cd CWD prefix not stripped in sandbox mode (#303848): The
SandboxedCommandLinePresenter was using the original (un-rewritten)
command for display, bypassing cd prefix stripping. Changed to use
forDisplay instead.
3. Fixed forDisplay being clobbered: The rewriter loop unconditionally
overwrote forDisplay, so later rewriters without a forDisplay
(like PreventHistoryRewriter) would clear the sandbox's display
value. Changed to only update when explicitly provided.
Fixes#303769Fixes#303848
* update doc comment for SandboxedCommandLinePresenter
* improve execute strategy logging for CI diagnostics
Upgrade strategy selection and completion logs to info level in
runInTerminalTool. In richExecuteStrategy, log at info level when
running in CI (for diagnosing shell integration race conditions)
and debug otherwise.
* fix: include ignorespace in bash shell integration history verification
When VSCODE_PREVENT_SHELL_HISTORY=1 is set (which it is for all tool
terminals created by the run_in_terminal tool), the bash shell
integration script sets HISTCONTROL="ignorespace" (line 67). This
causes bash to exclude space-prefixed commands from history.
Later in the same script (line 200), a regex decides whether to use
`history 1` or $BASH_COMMAND to capture the current command in
__vsc_preexec. The regex checks for erasedups, ignoreboth, and
ignoredups — but NOT ignorespace. This is a bug because:
1. The same script sets HISTCONTROL=ignorespace 130 lines earlier
2. ignoreboth (which IS in the regex) is defined by bash as
"ignorespace + ignoredups" — so the compound form was handled
but the simple form was not
The consequence: with HISTCONTROL=ignorespace and __vsc_history_verify=1,
__vsc_preexec calls `history 1` to get the current command. But the
command has a leading space (added by PreventHistoryRewriter), so bash
history never recorded it. `history 1` returns the PREVIOUS command
or nothing. This causes __vsc_current_command to be wrong or empty.
In __vsc_command_complete, when __vsc_current_command is empty, the
script sends the OSC sequence 633;D WITHOUT an exit code (line 373).
The VS Code side then receives onCommandFinished with exitCode=undefined,
breaking exit code detection for ALL tool terminal commands on bash.
The fix adds ignorespace to the existing regex, so bash falls back to
$BASH_COMMAND (which always works regardless of history settings).
This matches the behavior already provided when ignoreboth is set.
* docs: improve fix-ci-failures skill with faster log retrieval workflow
- setupRecreatingStartMarker returns IDisposable to stop marker recreation
before sending commands (prevents marker jumping on PSReadLine re-renders)
- noneExecuteStrategy waits for cursor to move past start line after sendText
before starting idle detection (prevents end marker at same line as start)
- findCommandEcho supports suffix matching for partial command echoes from
wrapped getOutput() results (shell integration ON with long commands)
- Suffix matching requires mid-word split to avoid false positives on output
that happens to be a suffix of the command (e.g. echo output)
- Integration tests: use ; separator on Windows, add && conversion test,
handle Windows exit code quirks with cmd /c
- Handle /usr/bin/bash (Linux) vs /bin/bash (macOS) in /tmp write test
- Handle 'Read-only file system' (Linux) vs 'Operation not permitted' (macOS)
- Add 'Read-only file system' to outputLooksSandboxBlocked heuristic
- Replace newlines with spaces (not empty) to handle terminal wrapping
- Extract outputLooksSandboxBlocked as exported function with unit tests
- Add bubblewrap and socat to Linux CI apt-get install
- Make sandbox test assertions platform-aware (macFileSystem vs linuxFileSystem)
- Make /etc/shells test accept both macOS and Linux first-line format
- Broaden wrapped prompt fragment regex to handle path chars (ts/testWorkspace$)
- Fix continuation pattern to match user@host:path wrapped lines
- Apply stripCommandEchoAndPrompt to getOutput() in BasicExecuteStrategy
(basic shell integration lacks reliable 133;C markers so getOutput()
can include command echo)
- Keep RichExecuteStrategy getOutput() unstripped (rich integration
has reliable markers)
Prevent sandbox-wrapped command lines from leaking as output when
commands produce no actual output. Adds stripCommandEchoAndPrompt()
to isolate real output from marker-based terminal buffer captures.
Also adds configurable idle poll interval and shell integration
timeout=0 support for faster test execution.
* Add support for custom chat agents in the API
- Introduced `chatCustomAgents` proposal in extensions API.
- Implemented methods to handle custom agents in `MainThreadChatAgents2`.
- Added `ICustomAgentDto` interface and related functionality in extHost.
- Created new type definitions for custom agents in `vscode.proposed.chatCustomAgents.d.ts`.
* Filter custom agents by visibility before pushing to the proxy
* Refactor onDidChangeCustomAgents to use direct event listener
* Update custom agent tools property to allow undefined values
* Add chatCustomAgents to enabledApiProposals in package.json
* update
* update
* support skills
* support instructions
* update
* update
---------
Co-authored-by: Martin Aeschlimann <martinae@microsoft.com>
Includes public API, user setting, status bar icon and a new service to support metered network connections.
Updates code in various areas performing automated actions using network to delay/pause network operations while network connection is being metered.
Disabled protocol handlers and registry updates on Windows in portable mode.
Added API proposal to detect if VS Code is running in portable mode from extensions.
Skipped protocol redirect in GitHub authentication in portable mode.
* Bump node-pty to 1.2.0-beta.7
* Deprecate TerminalSettingId.WindowsEnableConpty setting
* Remove windowsEnableConpty instead of deprecating
* Remove WINPTY from ps.ts
* Remove winpty from appropriate comments
* Remove winpty from IProcessReadyWindowsPty
* Remove from classifier.json. TODO on resize for node-pty
* Try adding option to test
* Add reference to issue
