Commit Graph

4820 Commits

Author SHA1 Message Date
Matt Bierner 75d676cce9 Merge branch 'main' into dev/mjbvz/copilot-eslint-unify 2026-04-29 08:00:31 -07:00
Henning Dieterichs 19b3119b33 Pin @github/copilot to exact 1.0.34 and regenerate lockfiles
The previous reverts only changed the spec to ^1.0.34, but the resolved entries in the lockfiles still pointed at 1.0.38 (with 1.0.38 tarballs and integrity hashes). Since ^1.0.34 satisfies 1.0.38, npm ci would still install the broken version. Pin to exact 1.0.34 in all three package.json files and regenerate the lockfiles.
2026-04-29 16:46:30 +02:00
Henning Dieterichs 6087b944fe Revert "agents: bump @github/copilot to 1.0.38 (#313073)"
This reverts commit 83cbe74699.
2026-04-29 16:46:30 +02:00
Matt Bierner 371c4a0a73 Use root eslint for copilot 2026-04-28 15:20:59 -07:00
Rob Lourens 83cbe74699 agents: bump @github/copilot to 1.0.38 (#313073)
* agents: bump @github/copilot to 1.0.38

Tracks the version pinned in extensions/copilot/package.json. Updates
both root and remote/ package.json + lockfiles. Verified by re-running
the real-SDK 'listModels returns well-shaped model entries' integration
test (AGENT_HOST_REAL_SDK=1).

(Written by Copilot)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: skip electron re-download when correct version already present

The macOS/Electron CI job was failing because `electron.ts` unconditionally
deletes `.build/electron` and re-downloads Electron on every invocation.

When integration tests run CSS/HTML tests via `node-electron.sh`, they call
`npm run electron` which triggers this re-download. This can fail due to
transient network errors (e.g. 502 Bad Gateway from GitHub), causing the
integration test step to fail even though Electron was already downloaded
successfully in the dedicated "Download Electron and Playwright" CI step.

Fix: add a `.version` marker file inside `.build/electron` that records the
Electron version, MS build ID, and architecture. On the next invocation,
`main()` reads this marker and returns early if it matches the expected
version, skipping the unnecessary delete-and-re-download cycle.

Agent-Logs-Url: https://github.com/microsoft/vscode/sessions/8d0b4207-2616-497e-9a4f-bf8a39671934

Co-authored-by: roblourens <323878+roblourens@users.noreply.github.com>

* Revert "fix: skip electron re-download when correct version already present"

This reverts commit e1811ece5b. That
commit was pushed to this PR by another agent and is unrelated to the
@github/copilot bump that this PR is for.

(Written by Copilot)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: roblourens <323878+roblourens@users.noreply.github.com>
2026-04-28 21:00:14 +00:00
Johannes Rieken 7c6d456ec3 profiling: replace v8-inspect-profiler with chrome-remote-interface (#312974)
* profiling: replace v8-inspect-profiler with chrome-remote-interface

Convert src/vs/base/node/profiling.ts from pasted JS+DTS into a
proper TypeScript module. Replace the v8-inspect-profiler dependency
with chrome-remote-interface and update all import sites.

* Update src/vs/base/node/profiling.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update src/vs/base/node/profiling.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* ccr

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-04-28 10:40:22 +02:00
vs-code-engineering[bot] d10a07d0f2 Update distro commit (main) (#312865) 2026-04-27 14:28:48 -07:00
vs-code-engineering[bot] 61fa519123 Bump version to 1.119.0 (#312684) 2026-04-27 09:30:17 -07:00
vs-code-engineering[bot] dd05fac328 [cherry-pick] Revert "Share secrets between Code and Agents app via macOS Keychain" (#312735)
Co-authored-by: vs-code-engineering[bot] <vs-code-engineering[bot]@users.noreply.github.com>
2026-04-27 13:54:58 +00:00
Alexandru Dima b4347c5814 Share secrets between Code and Agents app via macOS Keychain (#308990)
* Share secrets between Code and Agents app via macOS Keychain

Add a shared keychain service that stores secrets directly in the macOS
Keychain, allowing Code and its embedded Agents app to share auth tokens
without re-authentication.

Architecture:
- ISharedKeychainService (common interface) with ISharedKeychainMainService
  running in the Electron main process, exposed to renderer via IPC
- SharedKeychainMainService wraps @vscode/macos-keychain native addon
- NativeSecretStorageService now writes to both the shared keychain and
  the legacy safeStorage+SQLite pipeline (for rollback safety)
- On read, shared keychain is tried first, falling back to legacy

Product configuration:
- darwinSharedKeychainServiceName: per-flavor service name for data
  isolation between Stable/Insiders/Exploration
- Access group auto-detected from entitlements by the native addon

Key design decisions:
- Shared keychain only used when type is 'persisted' (not in-memory)
- BaseSecretStorageService refactored to expose protected _doGet/_doSet/
  _doDelete/_doGetKeys for use by subclasses within sequencer tasks
- Native addon is an optional dependency (macOS-only)

Files:
- build/azure-pipelines/darwin/app-entitlements.plist (keychain-access-groups)
- src/vs/platform/secrets/common/sharedKeychainService.ts (interface)
- src/vs/platform/secrets/electron-main/sharedKeychainMainService.ts (impl)
- src/vs/workbench/services/secrets/electron-browser/sharedKeychainService.ts (IPC proxy)
- src/vs/workbench/services/secrets/electron-browser/secretStorageService.ts (wiring)

Issue: #308028

* Address review feedback

* Add one-time migration of legacy secrets to shared keychain

On first secret operation, migrate all existing secrets from the legacy
safeStorage+SQLite pipeline into the shared macOS Keychain. This ensures
the Agents app can read secrets that were stored before the shared
keychain was introduced.

- Migration is lazy (triggered on first get/set/delete/keys)
- Guarded by a 'sharedKeychain.migrationDone' storage flag
- Idempotent: keychain writes are upserts, re-running is safe
- Best-effort per key: individual failures don't block the rest
- Skipped when type is 'in-memory'
- Also: make set() in SharedKeychainMainService best-effort (log, don't throw)

* update the current implementation

* restrict shared keychain to CROSS_APP_SHARED_SECRET_KEYS

* kick off shared keychain migration eagerly in constructor

* update @vscode/macos-keychain to 0.0.1

* Use provisioning profile for keychain access groups when available

During signing, check for build/darwin/distribution.provisionprofile.
If present, use it as the provisioning profile and keep the
keychain-access-groups entitlement in app-entitlements.plist.

If not present (e.g. OSS builds), strip the keychain-access-groups
section from a temp copy of the entitlements plist to avoid signing
failures. The shared keychain still works via the app's default
keychain without access-group isolation.

* Add entitlements diagnostic dump after signing

Dump the actual entitlements from the signed binary to validate
whether $(TeamIdentifierPrefix) is being expanded by codesign.

Hypothesis: the variable is passed literally to the entitlements
plist without expansion, causing a mismatch with the provisioning
profile and resulting in Killed: 9 on launch.

* Exclude provisioning profile from unicode hygiene check

* update package-lock.json

* Adopt multiple provision profiles

* fix: expand teamidentifier in the entitlement

* Re-sign without provisioning profile for tests

Run the entitlements step twice in CI:
1. First with provisioning profile (keychain-access-groups) for codesign/notarize
2. Then without provisioning profile for tests (in parallel with codesign)

This avoids making codesign sequential with tests while still
supporting the keychain-access-groups entitlement that requires
a provisioning profile.

- Add --skip-provisioning-profile flag to sign.ts
- Add 'Set Hardened Entitlements (for tests)' pipeline step

* Skip plist modifications when re-signing for tests

The plutil -insert calls fail on the second sign pass because the
keys already exist from the first pass. Skip plist modifications
when --skip-provisioning-profile is set since they are not needed.

* Move shared keychain migration from renderer to main process

Replace crossAppIPC-based secret handshake with direct shared keychain
writes in the main process:

- MacOSCrossAppSecretSharing now reads safeStorage+SQLite and writes to
  shared keychain via SharedKeychainMainService (no crossAppIPC needed)
- Code.app migrates on startup; Agents app spawns Code.app once if
  keychain is incomplete
- NativeSecretStorageService no longer does migration — just reads/writes
  shared keychain for cross-app keys

* Add isMacintosh guards before using the shared keychain service

Co-authored-by: Copilot <copilot@github.com>

* Remove spec

* Tweak comments

---------

Co-authored-by: deepak1556 <hop2deep@gmail.com>
Co-authored-by: Copilot <copilot@github.com>
2026-04-26 22:40:10 +03:00
dileepyavan bb09e7379b terminal: Disable read all by default (#311850)
* adding allowRead and testing with defaults

* Rename terminal sandbox read allow list

* Remove Copilot settings change from sandbox PR

* changes

* changes

* Updating sandbox runtime package

* Updating tests

* Add macOS test cases for denyRead/allowRead behavior and ~ path handling

Agent-Logs-Url: https://github.com/microsoft/vscode/sessions/ec5cf3c2-6c7b-4577-bdbb-8ac3d42bdfb0

Co-authored-by: dileepyavan <52841896+dileepyavan@users.noreply.github.com>

* changes for readonly home dir

* skipping integrated tests for sandbox

* running srt in tmp_dir for linux

* running srt in tmp_dir for linux

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
2026-04-24 11:07:16 -07:00
Alex Dima 0622a64c79 Merge remote-tracking branch 'origin/main' into alexdima/shared-keychain 2026-04-24 16:05:13 +02:00
vs-code-engineering[bot] fb03ca9df8 Update distro commit (main) (#312269)
Update distro commit to 0ba0ea82

Co-authored-by: vs-code-engineering[bot] <122617954+vs-code-engineering[bot]@users.noreply.github.com>
2026-04-24 07:14:53 +00:00
Matt Bierner 1a54933643 Revert "Use main eslint config for copilot extension too" 2026-04-23 15:17:22 -07:00
Matt Bierner 74fca4377e Merge pull request #311606 from microsoft/dev/mjbvz/advisory-swallow
Use main eslint config for copilot extension too
2026-04-23 14:29:25 -07:00
Alex Dima 24838ca669 Merge remote-tracking branch 'origin/main' into alexdima/shared-keychain 2026-04-23 15:11:04 +02:00
Henning Dieterichs 23bf8f6efa Merge pull request #311958 from microsoft/hediet/b/educational-gayal
Improves source map support
2026-04-23 12:38:54 +02:00
Rob Lourens 096e5abe9d agentHost: bump @github/copilot to 1.0.34 (#311964)
* Fix broken sessions list
From #311751

Co-authored-by: Copilot <copilot@github.com>

* fix tests

* agentHost: settings followups

- Unrelated: fix local agent host being broken on main following
  some overnight cleanups
- Register a JSON schema for agent session settings (only when they're
  open since it has a perf cost)
- When there are multiple custom approval buttons, show them in a
  dropdown similar to other tool calls.

* Add tests for agent session settings schema registration

* Bump @github/copilot from ^1.0.28 to ^1.0.34

Matches the version used in extensions/copilot.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* agentHost: tolerate synthetic Copilot models with empty capabilities

After bumping @github/copilot to 1.0.34, listModels() returns a synthetic
'auto' router entry shaped like { id: 'auto', name: 'Auto', capabilities: {} }.
The SDK's ModelInfo type still declares capabilities.limits.max_context_window_tokens
as required, so reading it crashed _listModels and zeroed out the model list.

Wrap the SDK type in a local ICopilotModelInfo with the actually-optional
fields marked optional, and skip entries lacking max_context_window_tokens
with a warn log instead of throwing.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* agentHost: surface synthetic 'auto' model with optional maxContextWindow

Instead of dropping the synthetic 'auto' router model, make
IAgentModelInfo.maxContextWindow optional and pass it through as
undefined when the SDK doesn't report a fixed context window. The
agentHostLanguageModelProvider already handles undefined via '?? 0',
and the protocol state type already had the field optional.

Update the real-SDK listModels test to allow undefined maxContextWindow
and to assert the 'auto' entry is present.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Connor Peet <connor@peet.io>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-22 19:23:45 +00:00
Henning Dieterichs 021452aeb0 updates source-map-support 2026-04-22 19:59:33 +02:00
Aiday Marlen Kyzy 9240766ae6 updating distro (#311871) 2026-04-22 10:07:36 +00:00
Alex Dima 70abdc1ad8 Merge remote-tracking branch 'origin/main' into alexdima/shared-keychain 2026-04-22 11:37:15 +02:00
Alexandru Dima 32ccba704f update distro (#311854) 2026-04-22 10:57:35 +02:00
Rob Lourens a1abedfea0 Update @github/copilot SDK to ^1.0.28 (#311807)
Bump @github/copilot in root and remote package.json to ^1.0.28 to match
the version pinned by the bundled copilot extension (extensions/copilot).

Also adds a real-SDK integration test for listModels that subscribes to
the root state, authenticates, and asserts every model has a well-formed
shape (id, name, numeric maxContextWindow). This guards against SDK
schema drift like the issue in 1.0.34, where the server returned models
with optional capabilities.limits, causing _listModels to throw a
TypeError that _refreshModels silently swallowed (resulting in no models
in the UI).

Drive-by: fix stale provider id 'copilot' -> 'copilotcli' in the same
test file.

(Written by Copilot)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-22 02:29:53 +00:00
Raymond Zhao 9a60a6f5f9 chore: bump windows-process-tree (#311781) 2026-04-21 23:18:39 +00:00
vs-code-engineering[bot] 0e1575f40c Update distro commit (main) (#311726)
Update distro commit to 0cd3df03

Co-authored-by: vs-code-engineering[bot] <122617954+vs-code-engineering[bot]@users.noreply.github.com>
2026-04-21 16:55:57 +00:00
Matt Bierner ad6844f64d Use main eslint config for copilot extension too
- Moves copilot eslint config into top level eslint config
- Adopts some standard rules
- Suppress a few new shared rules
2026-04-20 22:46:02 -07:00
Robo a1d3ff15f4 feat: enable shared safestorage on windows (#311418)
* feat: enable shared safestorage on windows

* chore: bump distro
2026-04-20 20:42:50 -07:00
Alex Ross 2ac46efee4 Bump version to 1.118.0 (#311304)
* Bump version to 1.118.0

* Fix engine version in lock file

* npm i

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-20 09:07:06 +00:00
Paul ec992baa49 Add performance tests (#309700) 2026-04-17 21:23:43 +00:00
vs-code-engineering[bot] 99a3906d67 Update distro commit (main) (#311059)
Update distro commit to cccc9754

Co-authored-by: vs-code-engineering[bot] <122617954+vs-code-engineering[bot]@users.noreply.github.com>
2026-04-17 18:51:23 +00:00
Henning Dieterichs 2cc8b21a3a Updates component explorer 2026-04-17 18:29:29 +02:00
Robo 7e07af9368 feat(macOS): enable cross app update (#309812)
* feat(macOS): enable cross app update

ICrossAppIPCService:
- Owns the single crossAppIPC connection for the application
- Exposes onDidConnect, onDidDisconnect, onDidReceiveMessage events

Secret sharing refactoring:
- MacOSCrossAppSecretSharing now takes ICrossAppIPCService instead of
  creating its own crossAppIPC connection

* temp: bump distro

* fix: remove embedder app checks in macOS update service

* fix: avoid reentrancy from squirrel events when suspended

* chore: update build
2026-04-15 13:54:14 +02:00
Lee Murray 6a3da5ff32 Update @vscode/codicons version to 0.0.46-5 (#309907)
Update @vscode/codicons version to 0.0.46-5 in package.json and package-lock.json

Co-authored-by: mrleemurray <mrleemurray@users.noreply.github.com>
2026-04-14 19:43:00 +00:00
vs-code-engineering[bot] 7494c19a52 Update distro commit (main) (#309683)
Update distro commit to 55ed6ee8

Co-authored-by: vs-code-engineering[bot] <122617954+vs-code-engineering[bot]@users.noreply.github.com>
2026-04-13 18:58:10 -07:00
Alex Ross 027a4d3ce4 Bump version to 1.117.0 (#309394)
* Bump version to 1.117.0

* npm i

* wait to do engine version bump

* Revert "wait to do engine version bump"

This reverts commit 9db1c0feb6.

* Add Copilot extension tests to Linux/Windows Electron integration test runs

* Remove failing step that we moved to the main build

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-13 14:52:32 +02:00
Rob Lourens 10366b69b6 Merge pull request #309237 from microsoft/roblou/agent-host-session-cwd
Fix agent host session working directories
2026-04-12 10:29:39 -07:00
Rob Lourens 41837b42ae Fix agent host session working directories
(Written by Copilot)
2026-04-11 17:25:43 -07:00
vs-code-engineering[bot] f69bfc0f0f Update distro commit (main) (#309198)
Update distro commit to 21295cb9

Co-authored-by: vs-code-engineering[bot] <122617954+vs-code-engineering[bot]@users.noreply.github.com>
2026-04-11 16:53:35 +02:00
Elijah King 01667d8723 vscode onboarding (#307262)
* feat: welcome onboarding walkthrough variations A/B/C/D

* improve onboarding: sign-in CTA, keyboard mapping, skeleton themes, extensions step

* fix theme colors, keyboard mapping hint, clickable session cards, extension styling in B

* feat: add Variation E - in-context UI tour with spotlight overlay

* polish: cleaner theme skeletons, keyboard mapping pills, and session cards

* fix tour alignment: ID-based targeting, centered popovers, welcome tab setup

* tour: add sign-in as final step

* removed variations

* updated layout to match sessions experience

* refined

* Feature clean up and polish

* Refactor onboarding layout and styles for improved user experience

* updated ghe button

* removed other variations. changed command to Welcome Onboarding 2026

* removed keyboard maps for cursor and windsurf, added more theme options

* added support for other ides

* Add telemetry

* Addressing code review comments

* Remove 2 extension reccs and add setting to control onboarding

* Remove button click from feature cards and update command category

* - Removed the preview properties from IOnboardingThemeOption and related theme options.
- Deleted IOnboardingKeymapOption interface and ONBOARDING_KEYMAP_OPTIONS array.
- Consolidated AI collaboration preferences into a single enum and options array.
- Added new SVG files for theme previews: dark 2026, high contrast dark, high contrast light, light 2026, solarized dark, and solarized light.

* Refine agent sessions step and footer layout

- Rename Background Agents to Copilot CLI
- Move video tutorials link to bottom of content area (above footer)
- Move sign-in nudge button to footer left with visible border
- Remove agents tutorial link and sessions-docs separator
- Add footerLeft container for last-step footer elements
- Remove unused _renderSignInNudge method
- Make doc-link icon inherit link color

* Refactor onboarding service and update startup page

* Resolve merge conflicts, move theme options to product.json, default onboarding setting to false

Agent-Logs-Url: https://github.com/microsoft/vscode/sessions/da410dab-8ffb-4cc5-9afd-6e968b0c5ed6

Co-authored-by: cwebster-99 <60238438+cwebster-99@users.noreply.github.com>

* Update src/vs/workbench/contrib/welcomeGettingStarted/browser/gettingStarted.contribution.ts

* Update src/vs/workbench/contrib/welcomeGettingStarted/browser/startupPage.ts

Co-authored-by: Josh Spicer <23246594+joshspicer@users.noreply.github.com>

* Fix timing for onboarding widget on startup

* update distro to https://github.com/microsoft/vscode-distro/commit/84f56fc18b7c65a62bf54eb70db2d4d24378a0d2

* pass --skip-welcome

---------

Co-authored-by: cwebster-99 <cowebster@microsoft.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: cwebster-99 <60238438+cwebster-99@users.noreply.github.com>
Co-authored-by: Josh Spicer <23246594+joshspicer@users.noreply.github.com>
2026-04-10 16:40:15 -07:00
Alex Dima a1c8f52231 Use provisioning profile for keychain access groups when available
During signing, check for build/darwin/distribution.provisionprofile.
If present, use it as the provisioning profile and keep the
keychain-access-groups entitlement in app-entitlements.plist.

If not present (e.g. OSS builds), strip the keychain-access-groups
section from a temp copy of the entitlements plist to avoid signing
failures. The shared keychain still works via the app's default
keychain without access-group isolation.
2026-04-11 01:33:12 +02:00
Robo 0999c0e18e fix: update OS display name of the agents app (#308992)
* fix: update OS display name of the agents app

* fix: remove old start menu shortcut

* temp: bump gulp-electron for validation

* temp: bump gulp-electron

* chore: update sign.ts

* fix: entitlements for embedded app helpers

* fix: launch services registration

* chore: bump gulp-electron@1.41.2
2026-04-10 21:27:49 +00:00
Alex Dima 569fdfb04c update @vscode/macos-keychain to 0.0.1 2026-04-10 18:32:45 +02:00
Alex Dima 65e9db5642 Merge remote-tracking branch 'origin/main' into alexdima/shared-keychain 2026-04-10 12:41:07 +02:00
Alex Dima e534b2c741 Share secrets between Code and Agents app via macOS Keychain
Add a shared keychain service that stores secrets directly in the macOS
Keychain, allowing Code and its embedded Agents app to share auth tokens
without re-authentication.

Architecture:
- ISharedKeychainService (common interface) with ISharedKeychainMainService
  running in the Electron main process, exposed to renderer via IPC
- SharedKeychainMainService wraps @vscode/macos-keychain native addon
- NativeSecretStorageService now writes to both the shared keychain and
  the legacy safeStorage+SQLite pipeline (for rollback safety)
- On read, shared keychain is tried first, falling back to legacy

Product configuration:
- darwinSharedKeychainServiceName: per-flavor service name for data
  isolation between Stable/Insiders/Exploration
- Access group auto-detected from entitlements by the native addon

Key design decisions:
- Shared keychain only used when type is 'persisted' (not in-memory)
- BaseSecretStorageService refactored to expose protected _doGet/_doSet/
  _doDelete/_doGetKeys for use by subclasses within sequencer tasks
- Native addon is an optional dependency (macOS-only)

Files:
- build/azure-pipelines/darwin/app-entitlements.plist (keychain-access-groups)
- src/vs/platform/secrets/common/sharedKeychainService.ts (interface)
- src/vs/platform/secrets/electron-main/sharedKeychainMainService.ts (impl)
- src/vs/workbench/services/secrets/electron-browser/sharedKeychainService.ts (IPC proxy)
- src/vs/workbench/services/secrets/electron-browser/secretStorageService.ts (wiring)

Issue: #308028
2026-04-10 12:38:30 +02:00
Robo c88afdaf77 chore: update electron@39.8.7 (#308959)
* chore: update electron@39.8.7

* chore: update command

* chore: remove showNodeSystemCertificates command

* chore: bump distro
2026-04-10 10:33:39 +02:00
Matt Bierner 2b1482c5e6 Update distro 2026-04-09 14:27:22 -07:00
Matt Bierner 5e957b6922 Update build ts version 2026-04-08 20:49:29 -07:00
Henning Dieterichs 088b38a734 update component explorer 2026-04-09 05:12:44 +02:00
João Moreno 72189fe5e1 bump distro (#308498) 2026-04-08 13:38:51 +00:00
Christof Marti 43f7117748 Surface network errors with proxies (microsoft/vscode#298236) 2026-04-08 08:13:59 +00:00