* Rename sandbox setting to chat.agent.sandbox (#303421)
Rename the top-level sandbox setting from `chat.tools.terminal.sandbox.enabled`
to `chat.agent.sandbox` to reflect that sandboxing is a general agent concept,
not terminal-specific.
- Update setting ID value to `chat.agent.sandbox`
- Update description to be more general
- Deprecate old `chat.tools.terminal.sandbox.enabled` setting
- Update telemetry event name
Fixes#303421
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* updating terminal sandbox to agent sandbox
* removed allowTrustedDomains
* correcting the settings keys for sandboxing
* correcting the settings keys for sandboxing
* Explicit notification for blocked domains before running the command
* Fix terminal sandbox follow-ups
* main merge
* fixing tests
* Update src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalSandboxService.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalSandboxService.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/runInTerminalTool.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalSandboxService.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Revert "Update src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalSandboxService.ts"
This reverts commit b956dfa719.
* removing local files
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Rename sandbox setting to chat.agent.sandbox (#303421)
Rename the top-level sandbox setting from `chat.tools.terminal.sandbox.enabled`
to `chat.agent.sandbox` to reflect that sandboxing is a general agent concept,
not terminal-specific.
- Update setting ID value to `chat.agent.sandbox`
- Update description to be more general
- Deprecate old `chat.tools.terminal.sandbox.enabled` setting
- Update telemetry event name
Fixes#303421
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* updating terminal sandbox to agent sandbox
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: command rewriting issues when terminal sandboxing is enabled
Fixes two issues with sandboxed terminal commands:
1. Sandboxed commands end up in shell history (#303769): The
PreventHistoryRewriter was running before SandboxRewriter, so the
leading space was applied to the inner command but not the final
sandbox-wrapped command. Moved PreventHistoryRewriter to run last.
2. cd CWD prefix not stripped in sandbox mode (#303848): The
SandboxedCommandLinePresenter was using the original (un-rewritten)
command for display, bypassing cd prefix stripping. Changed to use
forDisplay instead.
3. Fixed forDisplay being clobbered: The rewriter loop unconditionally
overwrote forDisplay, so later rewriters without a forDisplay
(like PreventHistoryRewriter) would clear the sandbox's display
value. Changed to only update when explicitly provided.
Fixes#303769Fixes#303848
* update doc comment for SandboxedCommandLinePresenter
* improve execute strategy logging for CI diagnostics
Upgrade strategy selection and completion logs to info level in
runInTerminalTool. In richExecuteStrategy, log at info level when
running in CI (for diagnosing shell integration race conditions)
and debug otherwise.
* fix: include ignorespace in bash shell integration history verification
When VSCODE_PREVENT_SHELL_HISTORY=1 is set (which it is for all tool
terminals created by the run_in_terminal tool), the bash shell
integration script sets HISTCONTROL="ignorespace" (line 67). This
causes bash to exclude space-prefixed commands from history.
Later in the same script (line 200), a regex decides whether to use
`history 1` or $BASH_COMMAND to capture the current command in
__vsc_preexec. The regex checks for erasedups, ignoreboth, and
ignoredups — but NOT ignorespace. This is a bug because:
1. The same script sets HISTCONTROL=ignorespace 130 lines earlier
2. ignoreboth (which IS in the regex) is defined by bash as
"ignorespace + ignoredups" — so the compound form was handled
but the simple form was not
The consequence: with HISTCONTROL=ignorespace and __vsc_history_verify=1,
__vsc_preexec calls `history 1` to get the current command. But the
command has a leading space (added by PreventHistoryRewriter), so bash
history never recorded it. `history 1` returns the PREVIOUS command
or nothing. This causes __vsc_current_command to be wrong or empty.
In __vsc_command_complete, when __vsc_current_command is empty, the
script sends the OSC sequence 633;D WITHOUT an exit code (line 373).
The VS Code side then receives onCommandFinished with exitCode=undefined,
breaking exit code detection for ALL tool terminal commands on bash.
The fix adds ignorespace to the existing regex, so bash falls back to
$BASH_COMMAND (which always works regardless of history settings).
This matches the behavior already provided when ignoreboth is set.
* docs: improve fix-ci-failures skill with faster log retrieval workflow
- setupRecreatingStartMarker returns IDisposable to stop marker recreation
before sending commands (prevents marker jumping on PSReadLine re-renders)
- noneExecuteStrategy waits for cursor to move past start line after sendText
before starting idle detection (prevents end marker at same line as start)
- findCommandEcho supports suffix matching for partial command echoes from
wrapped getOutput() results (shell integration ON with long commands)
- Suffix matching requires mid-word split to avoid false positives on output
that happens to be a suffix of the command (e.g. echo output)
- Integration tests: use ; separator on Windows, add && conversion test,
handle Windows exit code quirks with cmd /c
- Handle /usr/bin/bash (Linux) vs /bin/bash (macOS) in /tmp write test
- Handle 'Read-only file system' (Linux) vs 'Operation not permitted' (macOS)
- Add 'Read-only file system' to outputLooksSandboxBlocked heuristic
- Replace newlines with spaces (not empty) to handle terminal wrapping
- Extract outputLooksSandboxBlocked as exported function with unit tests
- Add bubblewrap and socat to Linux CI apt-get install
- Make sandbox test assertions platform-aware (macFileSystem vs linuxFileSystem)
- Make /etc/shells test accept both macOS and Linux first-line format
- Broaden wrapped prompt fragment regex to handle path chars (ts/testWorkspace$)
- Fix continuation pattern to match user@host:path wrapped lines
- Apply stripCommandEchoAndPrompt to getOutput() in BasicExecuteStrategy
(basic shell integration lacks reliable 133;C markers so getOutput()
can include command echo)
- Keep RichExecuteStrategy getOutput() unstripped (rich integration
has reliable markers)
Prevent sandbox-wrapped command lines from leaking as output when
commands produce no actual output. Adds stripCommandEchoAndPrompt()
to isolate real output from marker-based terminal buffer captures.
Also adds configurable idle poll interval and shell integration
timeout=0 support for faster test execution.
* Bump node-pty to 1.2.0-beta.7
* Deprecate TerminalSettingId.WindowsEnableConpty setting
* Remove windowsEnableConpty instead of deprecating
* Remove WINPTY from ps.ts
* Remove winpty from appropriate comments
* Remove winpty from IProcessReadyWindowsPty
* Remove from classifier.json. TODO on resize for node-pty
* Try adding option to test
* Add reference to issue
Convert flaky API test to unit test (#253863 , #254041)
I maintain my conviction that there is an unrelated run-away API test which steals focus while these tests execute which then leads to these tests failing, since the undo command is sensitive to the current focused editor.
* Add quickPickItemResource API proposal
* Transfer resourceUri from extension host to main thread.
* Make proposed API checks consistent.
* Process resourceUri
* Fix up resourceUri mapping logic
* API proposal
* Transfer toggles from extension host to main thread
* Support Folder icon, refactor label/description derivation.
* Update
* Update API proposal per API review
* Update transfer logic per API changes
* Move toggles to the base input interface
* Handle toggle button type
* Fix up
* Updates
* Propagate checked state, dispose removed toggles.
* Nit
* Expand icons
* Feedback/updates
* Added comments, PR feedback
* Updates
* Revert some change, add typings and unit-tests to converters.
* Add a quick pick test for resourceUri
* Test updates
Single quoted string usage is already enforced everywhere except our tests. Having this inconsistent style can confuse contributors and code generation
Starting with converting over tests in the `extensions` dir
For #269213
This adds a new eslint rule for `as any` and `<any>({... })`. We'd like to remove almost all of these, however right now the first goal is to prevent them in new code. That's why with this first PR I simply add `eslint-disable` comments for all breaks
Trying to get this change in soon after branching off for release to hopefully minimize disruption during debt week work
`workbench.action.chat.open.blockOnResponse` is flaking in CI. So far,
I cannot reproduce locally so skipping to avoid noise in CI while I
debug.
Since the core logic (i.e. not the test) is only hit if `blockOnResponse`
is set to `true`, leaving it in is low-risk.
Relates #263572.
Relates #263575.
* add `workbench.action.chat.open::waitForComplete`
* s/waitForCompletion/blockOnResponse
* cleanup tests
* remove unused comment
* Apply suggestion from @connor4312
Co-authored-by: Connor Peet <connor@peet.io>
* fixup tests
* don't block test loop on invokeTool
* Revert "don't block test loop on invokeTool"
This reverts commit d8d16dbe79.
* fix tool confirmation test
* attempt to account for the flip of isPendingConfirmation
* [DEBUG] debug CI flake
* register tool so it exists in all test envs
* finish configuring custom tool
* run test in seperate chat windows
* revert debug changes
* remove timeout dep
* fix assertion
* cleaup tests by examining output of command directly
---------
Co-authored-by: Connor Peet <connor@peet.io>
