* Add SSH remote agent host bootstrap
Adds a new ISSHRemoteAgentHostService that automates connecting to a
remote machine via SSH, installing the VS Code CLI, starting
'code agent-host', and forwarding the agent host port back through
the SSH tunnel.
- New service interface and types in common/sshRemoteAgentHost.ts
- Full implementation using ssh2 in electron-browser/ with dynamic
imports to respect layering rules
- Multi-step quick input flow for SSH connection details integrated
into the remote agent host picker
- 'Connect via SSH' command registered in contributions
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address PR review feedback
- Strip password/privateKeyPath from ISSHAgentHostConnection.config
so secrets are not exposed to consumers after connect
- Redact connection tokens (?tkn=...) in all log output and error
messages to prevent credential leakage
- Parse user@host:port format in SSH host input with proper validation
for port range and missing components
- Guard onDidClose with a closed flag to prevent double-fire when
dispose and SSH close/error events overlap
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* SSH working through main process
Co-authored-by: Copilot <copilot@github.com>
* Resolve ssh configs
Co-authored-by: Copilot <copilot@github.com>
* progress
* Granular connect progress, test fix
Co-authored-by: Copilot <copilot@github.com>
* Test, refactor
Co-authored-by: Copilot <copilot@github.com>
* Resolve comments
Co-authored-by: Copilot <copilot@github.com>
* Get rid of cpu-features
* Move to shared process
Co-authored-by: Copilot <copilot@github.com>
* fixes
Co-authored-by: Copilot <copilot@github.com>
* add ssh2 to remote/package.json
* Cleanup and fixes
Co-authored-by: Copilot <copilot@github.com>
* fix
Co-authored-by: Copilot <copilot@github.com>
* fix
Co-authored-by: Copilot <copilot@github.com>
* resolve comments
Co-authored-by: Copilot <copilot@github.com>
* comments
Co-authored-by: Copilot <copilot@github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Raymond Zhao <7199958+rzhao271@users.noreply.github.com>
Co-authored-by: Copilot <copilot@github.com>
* Add merge script for extension configuration policies from distro
Adds build/lib/policies/mergeExtensionPolicies.ts which fetches the
distro's product.json (at the commit pinned in package.json) and merges
extensionConfigurationPolicy entries into policyData.jsonc.
The --export-policy-data step only captures policies from the OSS
configuration registry. Extension policies (e.g., Copilot settings)
are defined in vscode-distro's product.json and are not available in
the OSS dev build. This merge script bridges that gap.
Workflow: ./scripts/code.sh --export-policy-data && node build/lib/policies/mergeExtensionPolicies.ts
Also updates:
- policyExport integration test to run the merge step
- add-policy skill documentation with extension policy lifecycle
* Simplify extension policy format: drop localization block from distro
- mergeExtensionPolicies.ts now reads only description/category from
the distro and synthesizes localization key/value pairs internally
- Integration test gracefully skips merge step when distro is unavailable
- Updated SKILL.md to document the simplified distro format
* docs: use gh auth token in policy export command
* Handle old distro format missing description/category fields
* docs: add troubleshooting section for merge step in policy skill
* Require description and category fields in extension policy entries
* Add extension configuration policies to policyData.jsonc
* Address PR feedback: fix disclaimer, log targetPath, strip GITHUB_TOKEN from test
* fix: revert extension policies from policyData.jsonc, remove console.log from test
Extension policies should only be added after the distro PR merges.
Test runner disallows console output in tests.
* Add mock distro test for mergeExtensionPolicies, remove merge from export test
- mergeExtensionPolicies.ts: add DISTRO_PRODUCT_JSON env var to
override the distro path (for testing without private repo access)
- New test: creates a mock product.json, runs the merge script,
verifies policies are added correctly and idempotently
- Export test: no longer runs the merge step (avoids needing
distro access or GITHUB_TOKEN in CI)
* Update distro and regenerate policyData.jsonc with extension policies
* Fix CI: add extension policy fixture for export test
The export test now runs mergeExtensionPolicies using a checked-in
fixture file instead of requiring distro access or GITHUB_TOKEN.
When extension policies change in the distro, regenerate both
policyData.jsonc and the fixture file.
* Integrate extension policy merge into --export-policy-data
- Removed mergeExtensionPolicies.ts — no separate CLI tool needed
- --export-policy-data now reads build/lib/policies/extensionPolicies.json
and merges extension policies into the output automatically
- Single command workflow: ./scripts/code.sh --export-policy-data
- Simplified test — no merge step, no GITHUB_TOKEN, no distro access
- Updated SKILL.md to document the simplified workflow
* Dynamic distro reading: --export-policy-data fetches from distro directly
- policyExport.contribution.ts reads distro product.json dynamically:
1. DISTRO_PRODUCT_JSON env var (for testing)
2. .build/distro/mixin/stable/product.json (local checkout)
3. GitHub API with GITHUB_TOKEN (remote fetch)
- New scripts/export-policy-data.sh wrapper: sets up GITHUB_TOKEN
via gh CLI and runs the export
- Deleted build/lib/policies/extensionPolicies.json (no static copy)
- Test uses DISTRO_PRODUCT_JSON with a fixture file
- Uses sandbox process.env and VSBuffer (renderer-safe)
* Replace bash wrapper with cross-platform TS script
- New build/lib/policies/exportPolicyData.ts: handles transpilation,
GITHUB_TOKEN setup via gh CLI, and runs --export-policy-data
- Added 'npm run export-policy-data' script to package.json
- Removed scripts/export-policy-data.sh
- Updated SKILL.md and test error message
* Use OAuth device flow for GitHub token acquisition
exportPolicyData.ts now acquires tokens via:
1. GITHUB_TOKEN env var (if set)
2. gh CLI (fast, non-interactive)
3. GitHub OAuth device flow (interactive, no dependencies)
Based on vscode-copilot-chat's getToken.mts pattern.
* Fix error messages to reference npm run export-policy-data
* Fix disclaimer to reference npm run export-policy-data, clean up stale refs
* Clarify test fixture is static and not expected to track distro changes
* Add inline comment in test clarifying fixture is static
* SKILL.md: add step to update distro commit hash in package.json
* Remove inline comment per PR feedback
* Remove local .build/distro/ fallback path per PR feedback
* Update conpty to 1.25
* see if changes fix 1.2.0-beta11 defering conptyNative.connect()
* Revert "see if changes fix 1.2.0-beta11 defering conptyNative.connect()"
This reverts commit c5d9064efa.
* Reapply "see if changes fix 1.2.0-beta11 defering conptyNative.connect()"
This reverts commit ded49adb14.
* agent host init
* Agent host: Copilot SDK integration with chat UI
* Agent host: direct MessagePort, logging, SDK wrapper, env fix
* Refactoring and cleanup
* Copilot-authored message: Agent-host tool rendering, protocol, and session fixes
Tool invocation rendering:
- Emit tool_start/tool_complete as ChatToolInvocation (not progressMessage)
- Shell tools (bash/powershell) render as terminal command blocks with
IChatTerminalToolInvocationData, output, and exit codes
- Non-shell tools render via invocationMessage/pastTenseMessage (markdown)
- Filter out report_intent (hidden internal tool)
Agent-agnostic protocol:
- IPC events carry display-ready fields (displayName, invocationMessage,
pastTenseMessage, toolInput, toolOutput, toolKind, language)
- All Copilot CLI-specific logic in copilotToolDisplay.ts with typed
interfaces for known tools (CopilotToolName enum, parameter types)
- Renderer never references specific SDK tool names
Session fixes:
- Resumed sessions show tool invocations in history (getSessionMessages
now returns tool events alongside messages)
- Fixed 'already has a pending request' on resumed sessions by
conditionally providing interruptActiveResponseCallback
- Fixed event filtering for resumed sessions (sessionId override in
_trackSession)
Documentation:
- Split parity.md into design.md (decisions) and backlog.md (tasks)
- Updated architecture.md, sessions.md with cross-references
- Added maintenance notes to all docs
* Copilot-authored message: Model picker, session class, DI and test cleanup
* Cleanups
* stuff
* add diagram
* Add claude agent
* Clean up
* Copy some build script changes from #295817
* Simplify
* Update docs
* Register agent-host via chatSessions contribution API, reduce peripheral diff
* Cleanup
* Don't ship stuff in stable
* Dynamic agent discovery via listAgents() IPC
Replace hardcoded per-provider contributions with a single
AgentHostContribution that discovers available agents from the
agent host process at startup. Each IAgent backend now exposes
an IAgentDescriptor with display metadata and auth requirements.
- Add IAgentDescriptor interface and listAgents() to IPC contract
- CopilotAgent/ClaudeAgent return descriptors via getDescriptor()
- Single AgentHostContribution discovers + registers dynamically
- Remove agentHostConstants.ts (no more hardcoded session types)
- AgentHostSessionListController/LMProvider take params instead
- Rename AgentSessionProviders.AgentHost -> AgentHostCopilot
- Update architecture.md, sessions.md, backlog.md
(Written by Copilot)
* Fix review findings: proxy, disposal, filtering, tests
- Add listAgents() forwarding to AgentHostServiceClient
- Guard async discovery against disposal race
- Add provider field to IAgentModelInfo for per-provider filtering
- Filter models and sessions by provider in LM provider and list
controller
- Update tests for new dynamic API and agent-host-copilot scheme
(Written by Copilot)
* Use DI for AgentHostLanguageModelProvider
(Written by Copilot)
* Strip @img/sharp native binaries from builds
sharp is a transitive dependency of the Claude Agent SDK used for
image processing. Its native .node binaries cause dpkg-shlibdeps
errors during Debian packaging due to $ORIGIN RPATH references.
Strip all @img/sharp-* platform packages since the agent host
doesn't need image processing at runtime.
(Written by Copilot)
* Strip Claude SDK vendored ripgrep binaries
The Claude Agent SDK bundles ripgrep binaries for all platforms
under vendor/ripgrep/. Wrong-architecture binaries cause macOS
Mach-O verification to fail. Strip them entirely via .moduleignore
(VS Code has its own ripgrep) and add to verify-macho skip list.
(Written by Copilot)
* Add tests for AgentSession, AgentService dispatcher, and workbench agent host components
(Written by Copilot)
* Add trace logging, IPC output channel, tool permissions, and attachment context
- Add Agent Host IPC output channel (only registered at trace log level) that
logs all IPC method calls, results, and progress events with full JSON payloads
- Add trace-level logging in AgentService dispatcher for all method calls
- Add trace-level logging in session handler for all progress events and session
resolution
- Wire up onPermissionRequest handler on CopilotClient.createSession and
resumeSession to auto-approve tool permission requests
- Add IAgentAttachment type to IPC contract and thread attachments from chat
variables (file, directory, selection) through sendMessage to the Copilot SDK
(Written by Copilot)
* Add tests for attachment context conversion and threading
(Written by Copilot)
* Add gap analysis docs for Copilot and Claude SDK implementations
(Written by Copilot)
* Sanitize env vars for Copilot CLI subprocess
Strip VSCODE_*, ELECTRON_* (except ELECTRON_RUN_AS_NODE), NODE_OPTIONS, and
other debug-related env vars that can interfere with the Node.js process the
SDK spawns. Matches the env sanitization from the extension implementation.
Also set useStdio and autoStart for proper CLI communication.
(Written by Copilot)
* Add error, usage, and title_changed event types to IPC contract
Add IAgentErrorEvent, IAgentUsageEvent, and IAgentTitleChangedEvent to the
progress event union. Wire up session.error and assistant.usage events from
the Copilot SDK to fire as IPC events instead of only logging. Handle error
events in the renderer session handler by rendering the error message. Usage
and title_changed events are logged at trace level.
(Written by Copilot)
* Add abortSession IPC method for proper cancellation
Add abortSession(session) to the IPC contract, implemented across AgentService,
CopilotAgent (calls session.abort()), ClaudeAgent (no-op, uses AbortController),
and the renderer proxy. Wire up cancellation in the session handler to call
abortSession before finishing, so the SDK actually stops processing.
(Written by Copilot)
* Address reviewer feedback: error finishes request, Claude abort, tests
- Error events now call finish() so the request doesn't hang if the SDK
doesn't send idle after an error
- ClaudeAgent.abortSession calls ClaudeSession.abort() which signals the
AbortController and creates a new one for future turns
- Add test: cancellation calls abortSession on the agent host service
- Add test: error event renders message and finishes the request
- Remove stale TODO in interruptActiveResponseCallback
- Use timeout() helper instead of raw setTimeout in test
- Update gap docs to reflect completed work
(Written by Copilot)
* Add permission request IPC round-trip (Written by Copilot)
* Remove Claude agent from agent-host process
Strip the Claude Agent SDK integration from the agent-host utility process
to focus on the Copilot SDK path.
- Delete src/vs/platform/agent/node/claude/ (claudeAgent, claudeSession, claudeToolDisplay)
- Remove @anthropic-ai/claude-agent-sdk from package.json
- Remove AgentHostClaude enum member and all switch cases
- Remove Claude command registration in electron-browser chat.contribution
- Clean up build scripts (.moduleignore, verify-macho, gulpfile.vscode)
- Narrow AgentProvider type to just 'copilot'
- Update tests and documentation
(Written by Copilot)
* Wire up permission confirmation UI with ChatToolInvocation (Written by Copilot)
* Fix reviewer feedback: safe permission serialization, deny on abort/dispose (Written by Copilot)
* Forward reasoning events as thinking blocks (Written by Copilot)
* Pass workspace folder as workingDirectory to Copilot SDK (Written by Copilot)
* Store and pass workingDirectory on session resume, update gap docs (Written by Copilot)
* Fix permission rendering, session-scoped permissions, and test gaps (Written by Copilot)
* Auto-approve read permissions inside workspace folder (Written by Copilot)
* Move read auto-approve into CopilotAgent where permission policy belongs (Written by Copilot)
* Update gap docs (Written by Copilot)
* Use log language for IPC output channel, add trace prefix (Written by Copilot)
* Add tool rendering gaps to docs (Written by Copilot)
* Stringify URIs in IPC output channel for readability (Written by Copilot)
* Fix IPC output channel: use log languageId with non-log channel for proper append + syntax highlighting (Written by Copilot)
* Fix build errors: add URI import, fix test mock types (Written by Copilot)
* Don't localize agent host provider strings (Written by Copilot)
* Remove claude-agent-sdk from eslint allowed imports (Written by Copilot)
* fix test
* initial thoughts
* Rename folder to agentHost
* Fix paths
* Fixes
* Fixes for copilot
* Fix moduleignore
* first working protocol version
align more closely with protocol
json rpc and some gaps
* cleanup
* Fix copilot pty.node packaging
* Fix test
* prebuild packaging
* Agenthost server fixes
* Update monaco.d.ts
* Update docs
* Fixes
* Build fix
* Fix build issues
* reduce duplication in side effecting code
* fix model switching not working
* reduce mock duplication
* Build fixes
* Copy vscode's node.pty
* And ripgrep
* And thsi
* Ripgrep goes to non-SDK
* Skip copy for stable build
* Remove outdated script
* Build fixes for asar
* fix
* Add some logging
* Fix for windows
* Fix
* Logs
* build: add glob diagnostic for copyCopilotNativeDeps
* build: check both node_modules/ and .asar.unpacked/ for source binaries
* Fix
* Remove excalidraw
---------
Co-authored-by: Connor Peet <connor@peet.io>
Co-authored-by: Connor Peet <copeet@microsoft.com>
chore: update @vscode/codicons version to 0.0.45-14 in package.json and package-lock.json
Co-authored-by: mrleemurray <mrleemurray@users.noreply.github.com>
