* Gate Claude3PIntegration behind editor preview policy
Flip ownership of the `Claude3PIntegration` enterprise policy so it can
honor the account-side editor preview-features flag.
Previously the policy was owned by the copilot-chat extension setting
`github.copilot.chat.claudeAgent.enabled` via the distro `product.json`
`extensionConfigurationPolicy` block. Because `product.json` is pure JSON
it cannot carry a `value(policyData)` callback, so the policy only
responded to OS/MDM admin policy and never honored
`chat_preview_features_enabled` (sourced from the Copilot token's
`editor_preview_features`). Codex works because its core setting owns
`Codex3PIntegration` in code with a value callback.
Now the in-code core setting `chat.agentHost.claudeAgent.enabled` owns
`Claude3PIntegration` with the preview-features value callback, and the
extension setting attaches via a `policyReference` declared from
`product.json`. To express that, an `extensionConfigurationPolicy` entry
can now be either form:
- the current owner/"parent" syntax (full `IPolicy`: name, category,
minimumVersion, description), or
- a reference: `{ "policyReference": { "name": "<owner>" } }`, mirroring
the in-code `policyReference` configuration field.
`configurationExtensionPoint` and the policy exporter detect the
`policyReference` key to route entries to `.policy` vs `.policyReference`;
the exporter links reference entries into the owner's `referencedSettings`
and skips type validation for settings not registered in the headless
export process.
Regenerates `policyData.jsonc` and updates the export test fixture.
Requires the companion change in microsoft/vscode-distro that turns the
claude entry into a `policyReference`.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Bump distro to pick up Claude3PIntegration policy reference
Update the distro pin to 7abf39b86c07d094722a4b3ec9f37e78fe3d5db3, which
includes the merged change turning the `github.copilot.chat.claudeAgent.enabled`
`extensionConfigurationPolicy` entry into a `policyReference` to the in-code
`Claude3PIntegration` owner (microsoft/vscode-distro#1434).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Ubuntu <josh@ahp.4mywozgnka0etnlo23z031udwc.xx.internal.cloudapp.net>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* agentHost: reconstruct prompt-less subagent transcripts on session reopen
The Claude replay mapper only opened a turn on a `user-text` message and
dropped any assistant message that arrived with no active turn. Subagent
transcripts returned by `getSubagentMessages` carry a `parent_tool_use_id`
on every envelope and have no synthetic spawning prompt, so they open
directly with an assistant message — which meant every inner assistant
message (including the subagent's final reply) was dropped and the
transcript reconstructed as zero turns on reopen.
Thread an `isInner` flag (set when `parent_tool_use_id !== null`) through
the parsed assistant message and, when there is no active turn, synthesize
an empty-prompt turn for inner messages instead of dropping them. Top-level
assistant-before-user envelopes remain anomalous and are still dropped, so
the change is scoped strictly to subagent transcripts.
Adds unit fixtures covering the prompt-less subagent transcript shape and
the unchanged top-level drop behavior.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* agentHost: enable Codex provider in real-SDK test server
`startRealServer` forwarded `--codex-sdk-root` but never set the Codex
enable flag, and the Codex agent defaults to disabled, so the provider was
never registered and every Codex real-SDK test failed with "No agent
provider registered for: codex". Set `VSCODE_AGENT_HOST_CODEX_AGENT_ENABLED`
on the forked server when a codex SDK root is supplied so the provider
registers for the real-SDK suite.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* agentHost: bump Claude (0.3.187) and Codex (0.142.0) SDKs
Update the @anthropic-ai/claude-agent-sdk and @openai/codex devDependencies
(and the build/agent-sdk tarball pins) to 0.3.187 / 0.142.0.
The new Claude SDK adds `setMcpPermissionModeOverride` to the `Query`
interface, so the test doubles that implement `Query` are updated to satisfy
it: `ImmediatelyDoneQuery` (and the `RecordingQuery` that extends it),
`FakeQuery`, and `RoundTripQuery`.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Bump Copilot CLI packages to @github/copilot@1.0.64-1 and @github/copilot-sdk@1.0.3
* Resolve Agent Host Copilot CLI through @github/copilot/bin.copilot
* Materialize @github/copilot/sdk from @github/copilot-<platform> in extension postinstall
* Package @github/copilot-<platform>/copilot for Agent Host and linuxmusl
* Exclude Copilot optional native payloads from extension package
* Scan @github/copilot-*/copilot for Linux package dependencies
* Tighten Copilot SDK 1.0.64-1 attachment and RPC typings
* Increase Copilot SDK native binary scan test timeout
* Update amd64 deb deps for @github/copilot-linux-x64/copilot
* Update arm64 rpm deps for Copilot package layout
* Update x64 rpm deps for @github/copilot-linux-x64/copilot
* Try to fix windows smoke test
* Try to fix platform runtime files for agent host
* exclude copilot computer.node from agent host packaging
* Another attempt to try to get packaging right
* Should only try to load 1.0.64-1
* Try to fix packaing for windows, macos, deb deps
* Update armhf/arm64 deb and x64 rpm Copilot dependency baselines
* Copilot darwin ripgrep universal merge and arm64 rpm deps
* Restore target Copilot SDK prebuilds for built-in extension packaging
* see if changes to gulpfile.reh.ts would help
* dont mess with formatting
* Launch copilot cli from platform index.js and exclude SEA
* build: derive GitHub token from Monaco GitHub App instead of PAT
Replace the github-distro-mixin-password PAT (subject to 7-day rotation)
with a GitHub App installation token extracted from the persisted checkout
credentials. The token is republished under the same variable name to avoid
churning the many GITHUB_TOKEN consumers, and the distro netrc auth now uses
the x-access-token login.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: probe vscode-distro checkout via Monaco GitHub App endpoint
Reverts the failed token-extraction approach (1ES persists only a credential
placeholder, so the GitHub App token cannot be read from disk).
Instead validate Option A: add microsoft/vscode-distro as a pipeline repository
resource authenticated via the Monaco GitHub App endpoint, then check out the
exact pinned SHA locally. This probe job confirms the agent can authenticate the
distro checkout and that a local `git checkout <sha>` resolves the pinned commit.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: check out vscode-distro via Monaco GitHub App instead of PAT
Replace the PAT-based zipball download of the private microsoft/vscode-distro
repository with an agent-authenticated checkout of the distro repository
resource (Monaco GitHub App). The distro is checked out into .build/distro and
the pinned commit from package.json is checked out locally, preserving the
existing contract for mixin-npm.ts / mixin-quality.ts.
Self is pinned to the default sources directory so the added distro checkout
does not relocate it.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: route vscode-capi and vscode-encrypt through Monaco GitHub App
The github-distro-mixin-password PAT was also (via netrc) authenticating two
other private repositories that are no longer reachable once the netrc is gone:
- vscode-capi: cloned by common/mixin-vscode-capi.yml. Now checked out as a
Monaco GitHub App repository resource and consumed from .build/vscode-capi.
- vscode-encrypt: a cargo git dependency injected by the distro cli-patches.
Checked out via the Monaco GitHub App and redirected with git insteadOf to the
local checkout so cargo (CARGO_NET_GIT_FETCH_WITH_CLI) resolves it without a PAT.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: also route vsda cargo dependency through Monaco GitHub App
The distro cli-patches inject both vscode-encrypt and vsda as private cargo git
dependencies. Add vsda as a Monaco GitHub App repository resource and redirect it
to a local checkout via git insteadOf, mirroring the vscode-encrypt handling.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: drop github-distro-mixin-password PAT
Replace the broad github-distro-mixin-password PAT with:
- Monaco GitHub App repo-resource checkouts for private repos
(vscode-distro, vscode-capi, vscode-encrypt, vsda)
- the public github-token-code-oss secret (vscode-oss-build-secrets
keyvault) for generic GITHUB_TOKEN rate-limit usages
Copilot now checks out vscode-capi via the Monaco App instead of a
netrc clone; checkDistroCommit derives the distro branch head from the
local checkout instead of the private GitHub API.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: check out vscode-extensions-loc via Monaco App
The copilot l10n import cloned the private microsoft/vscode-extensions-loc
repository with the distro PAT. Replace it with a Monaco GitHub App
repo-resource checkout (sparse) so no PAT is needed.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: download prebuilt Electron from Azure Artifacts feed
Replaces the private GitHub release download (which required the
github-distro-mixin-password PAT) with an on-demand fetch from the
vscode-electron-prebuilt Azure Artifacts feed, via the new asset-resolver
support in @vscode/gulp-electron 1.42.0.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: resolve private vsda/vscode-encrypt git deps via local checkouts
The distro's npm postinstall and the CLI cargo patches both depend on the
private microsoft/vsda and microsoft/vscode-encrypt repositories. Now that the
distro PAT/.netrc is gone, redirect their public GitHub URLs (https and ssh) to
local GitHub App checkouts via git insteadOf in download-distro.yml so every job
that consumes the distro can resolve them without a PAT.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: download Alpine musl Node.js from Azure Artifacts feed
The Alpine build downloaded the musl Node.js tarball from the private
microsoft/vscode-node GitHub releases, which the public github-token-code-oss
cannot access. Consume the new vscode-node Azure Artifacts feed via
az artifacts universal download instead (authenticated with System.AccessToken),
mirroring the Electron prebuilt download.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: resolve private vscode-regexp-languagedetection git dep via local checkout
The distro's npm dependencies reference microsoft/vscode-regexp-languagedetection
in addition to microsoft/vsda. Check it out via the Monaco GitHub App and redirect
its public GitHub URL (https and ssh) to the local checkout so the distro npm
postinstall resolves it without a PAT.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: download server Node.js from Azure Artifacts feed
Fetch the prebuilt server (reh) Node.js binaries on demand from the
vscode-node Azure Artifacts feed (gated on VSCODE_NODEJS_INTERNAL_FEED)
instead of from a private GitHub release, so the build no longer needs a
long-lived PAT. Extracts the shared az universal-package download helper
into build/lib/azureFeed.ts, reused by the Electron resolver. Bumps the
server node ms_build_id to 449655 to match the feed.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: resolve distro private git deps inside the Alpine container
The Alpine server build installs the distro's npm dependencies (which
reference the private vsda and vscode-regexp-languagedetection git repos)
inside a docker container. The host git insteadOf redirects are not
visible there and use host paths, so emit a container-pathed gitconfig
(.build/.gitconfig-distro) from download-distro.yml and bind-mount it as
/root/.gitconfig, replacing the now-unused .netrc mount.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: use Electron/Node feeds job-wide and fix cmd.exe git redirect
Promote VSCODE_ELECTRON_PREBUILT_FEED, VSCODE_NODEJS_INTERNAL_FEED and
AZURE_DEVOPS_EXT_PAT to job-level variables so every step (including the
integration/smoke test steps that download Electron) resolves binaries
from our Azure Artifacts feeds instead of private GitHub releases.
Also keep the cross-platform private git redirect step to plain 'git
config' invocations so it works in cmd.exe on Windows agents, and move
the bash-only container gitconfig generation into a Linux-only step.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: pin server Node.js to build 438265 to match distro checksums
The distro overlays build/checksums/nodejs.txt with checksums for the
original 24.15.0-438265 Node.js build (including the Alpine musl binary,
whose contents differ from later rebuilds). Republish the original
438265 artifacts to the vscode-node Azure Artifacts feed and pin
ms_build_id back to 438265 so feed downloads match the pinned checksums.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: require ADO org/project from pipeline env vars
Resolve the Azure Artifacts organization and project from the
SYSTEM_COLLECTIONURI / SYSTEM_TEAMPROJECT pipeline variables (the
predefined System.CollectionUri / System.TeamProject), failing fast if
either is missing instead of falling back to hardcoded values.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* refactor: remove internal feed variables for Node.js and Electron from build configurations
* build: scope AZURE_DEVOPS_EXT_PAT to individual steps
Move the System.AccessToken propagation out of the job-level variables in
the alpine/darwin/linux/win32 product-build jobs and onto only the steps
that actually download Electron or Node.js from the Azure Artifacts feeds.
Adds it to the test 'Download Electron and Playwright' step (the sole feed
download outside the compile templates); every other download step already
declared it at step scope.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* :lipsitck:
* update distro
* build: declare vscode-capi for SDL scan in copilot recovery pipeline
The Copilot build steps now check out microsoft/vscode-capi via the Monaco
GitHub App (instead of a PAT). The product-copilot-recovery pipeline extends
the 1ES extension template, which requires every checked-out repository to be
declared under sdl.sourceRepositoriesToScan. Re-declare the template's default
excludes plus capi to fix 'repository "capi" ... has not been specified'.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* refactor: add assertDistroCheckout function to validate vscode-distro checkout
* build: fix NPM registry corruption in copilot recovery pipeline
setup-npm-registry.ts silently substituted the literal string "undefined"
into package-lock.json resolved URLs when invoked without a registry URL,
producing build/undefined<pkg>/... paths that npm ci could not resolve.
- Fail fast in setup-npm-registry.ts when no registry URL is provided.
- Set NPM_REGISTRY=none in product-copilot-recovery.yml so the shared
copilot/setup-steps.yml skips its registry rewrite; the 1ES extension
template already configures the registry via customNPMRegistry.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: fix self checkout and l10n in copilot recovery pipeline
The 1ES extension template's package job runs import-localized-files before
buildSteps, relying on an implicit self checkout. That implicit checkout is
disabled because copilot/build-steps.yml checks out microsoft/vscode-capi,
so the source tree was missing and the l10n-detection step failed with
'Not found workingDirectory: .../extensions/copilot'.
Mirror product-copilot.yml: check out self at the start of buildSteps, import
translations via copilot/l10n-steps.yml (with the vscode_loc resource), and
disable the template's own l10n jobs/import (l10nShouldProcess: false).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: exclude vscode build-tooling natives from copilot recovery GLIBC check
The 1ES extension template's GLIBC/GLIBCXX check scans every .node under the
sources root, but only extensions/copilot is packaged into the VSIX. Native
modules outside it (e.g. build/node_modules/tree-sitter) belong to the vscode
build tooling and are never shipped, yet their newer GLIBC/GLIBCXX deps fail
the check. Remove them before the check so it only validates the copilot
extension's own shipped natives, alongside the existing pvrecorder removal.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: disable sysroot GLIBC check in copilot recovery pipeline
The copilot extension is bundled with esbuild and vendors prebuilt native
modules (@os-theme, @picovoice/pvrecorder-node) that depend on a newer GLIBC
than the 1ES template's sysroot check allows. The main product build ships
these natives without a sysroot or GLIBC check, so set useSysroot: false on the
recovery pipeline's Linux platform for parity, which skips the toolchain setup
and the GLIBC/GLIBCXX verification. Drop the now-unnecessary native-removal
workaround.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: update distro version in package.json
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Avoid CPU-pegging process report in libc detection
detectLibc() called process.report.getReport() on every Linux process to
tell glibc from musl. That report serializes heap, native stack and libuv
state, and the network/socket enumeration can peg the CPU on busy hosts.
Detect cheapest-first instead: parse the ELF PT_INTERP dynamic-linker path
from the head of /proc/self/exe, then string-match the head of /usr/bin/ldd,
and only fall back to the process report (now with excludeNetwork = true to
skip the expensive libuv section, also inspecting sharedObjects). Default to
glibc when nothing is conclusive.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Read ELF64 offsets as 64-bit with safe-integer guards
Address PR review: e_phoff, p_offset and p_filesz are 64-bit fields in
ELF64. Read them via readBigUInt64LE through a bounded helper that rejects
values past Number.MAX_SAFE_INTEGER, validate e_phentsize covers a full
Elf64_Phdr, and widen the per-entry bounds check to the 8-byte p_filesz.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Use detect-libc package instead of hand-rolled libc detection
Replace the bespoke ELF/ldd/process-report probing in detectLibc() with the
detect-libc package (already present transitively, now a direct dependency).
It performs the same cheapest-first detection and sets process.report's
excludeNetwork flag internally, so the CPU-pegging libuv enumeration is still
avoided without us maintaining the ELF parser. Add detect-libc to the
hasNode import allowlist in eslint.config.js.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Declare detect-libc in remote/package.json
detectLibc() (via agentSdkDownloader) is reached from agentHostServerMain,
so the server/REH build requires detect-libc. It was only present in the
remote node_modules transitively (through @parcel/watcher); declare it
directly to match the root manifest and the direct import.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Rename detectLibc to detectLibcSync
Signal the blocking nature in the name and leave room for a future
promise-based detectLibc that wraps detect-libc's async family(). Update
the agentSdkDownloader consumer and the unit test.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add build-fast npm script for fast full builds
Adds a 'build-fast' script that fully builds the repo with as little
typechecking as possible by composing existing tasks: esbuild transpile
for the core (transpile-client), tsgo compile for extensions
(compile-extensions + compile-extension-media), the copilot extension
(compile-copilot), and the codicon.ttf copy (copy-codicons).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Remove transpile and transpile-extensions scripts in favor of build-fast
build-fast replaces the transpile script. The transpile-extensions npm
script is no longer needed; CI invokes the gulp transpile-extensions
task directly via `npm run gulp`.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: add dev mock server for copilot_internal policy endpoints
Adds scripts/mock-policy-server, a standalone dev tool (npm run
mock-policy-server) that mocks the Copilot policy endpoints
DefaultAccountService calls: entitlements (/copilot_internal/user), token
(/copilot_internal/v2/token), MCP registry (/copilot/mcp_registry) and
managed settings (/copilot_internal/managed_settings).
A small web GUI lets devs pick presets or edit each JSON response, and
Wire/Unwire buttons point product.overrides.json at the local server
(preserving the rest of defaultChatAgent, since bootstrap-meta merges
overrides shallowly). The managed-settings JSON schema is loaded from
--schema/MANAGED_SETTINGS_SCHEMA, defaulting to
./copilot-agent-runtime/schema/managed-settings-schema.json relative to
the app cwd; web URLs and file URIs are accepted, and the GUI warns about
keys not declared in the schema.
The three browser/shared .js files are added to
.eslint-allowed-javascript-files since the GUI loads them directly.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: address mock-policy-server review feedback
- Scope permissive CORS to the mocked GET endpoints only; keep /api/*
same-origin so a website can't drive /api/wire and rewrite
product.overrides.json (CSRF).
- Coerce an empty editor body to {} instead of "" so mocked responses
stay JSON objects.
- Build the endpoint meta line with textContent/DOM nodes instead of
innerHTML.
- Drop the misused tablist/tab ARIA roles; the nav now has an aria-label
and the active item uses aria-current.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: document mock policy server in add-policy skill
Add local-testing.md to the add-policy skill with basic steps for using
the mock policy server (scripts/mock-policy-server) to exercise the
account/managed-settings flow locally, and link it from SKILL.md and
github-managed-settings.md.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: polish mock server GUI — schema validation, wiring backup, localStorage persistence
* policy: auto-save, rename wiring to product.overrides.json, copy path button
* mock-policy-server: convert server.js to TypeScript; add raw response diagnostics
- Convert server.js → server.ts (runs via --experimental-strip-types)
- Add endpoints.d.ts type declarations for the UMD endpoints module
- Add managedSettingsRawResponse to IDefaultAccountProvider/IDefaultAccountService
- Show raw response in Developer: Sync Account Policy output
- Remove server.js from eslint allowed-javascript-files
* mock-policy-server: convert all JS to TypeScript
- endpoints.js → endpoints.ts with proper interfaces (replaces .d.ts)
- public/app.js → public/app.ts with full type annotations
- Server uses module.stripTypeScriptTypes() to serve .ts as plain JS
to the browser — no build step needed
- Remove all mock-policy-server entries from .eslint-allowed-javascript-files
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* chore: update @github/copilot to version 1.0.63 in package.json and package-lock.json
* chore: update @github/copilot to version 1.0.63 in package.json and package-lock.json
We've had this enabled for watch for many months. Let's finish the move by switching this over now too
Also gives a better name to the typecheck script
* AH: replace agentSdks {url, sha256} with {urlTemplate}
product.agentSdks.<sdk> now ships {version, urlTemplate} instead of
{version, url, sha256}. The runtime substitutes {sdkTarget} into the
template per-launch via a new IAgentSdkPackage.currentSdkTarget()
hook — Claude appends -musl on musl Linux hosts (detected from Node's
process.report.header.glibcVersionRuntime, no subprocess), Codex
never does (statically musl-linked, single Linux SKU).
Why the shape change:
1. macOS Universal bundles ship arm64 + x64 binaries sharing one
product.json — a fixed per-platform {url, sha256} could only be
correct for one of the two halves. The template lets the same
bundle serve both.
2. The sha256 was belt-and-suspenders: product.json is covered by
product.checksums inside the signed app bundle, URLs are HTTPS
to a Microsoft-controlled CDN. The sha only guarded "trusted URL
string, tampered edge bytes" — a much harder attack than
tampering with product.json itself.
Downloader changes: sdkTarget joins the cache key path
(<userDataPath>/agent-host/sdk-cache/<pkg>/<sdkVersion>/<sdkTarget>/)
so Universal launches with different resolved targets get independent
caches. .complete sentinel content is now the source URL (debug-only;
the file's existence is the integrity signal).
isAvailable() now gates on both product config AND currentSdkTarget()
resolving, so the provider doesn't register on hosts with no SKU
(armhf) even if some future product.json carries an agentSdks block.
Tests: drop sha-mismatch + stale-cache-by-sha tests; add coverage for
{sdkTarget} substitution, separate-cache-dirs-for-different-targets
(the Universal motivating case), currentSdkTarget-undefined gating
isAvailable, and CodexSdkPackage.currentSdkTarget agreeing with the
existing codexPackageSuffix table.
Pairs with the build PR (#321012), which will be rebased to emit the
new shape once this lands. See build/agent-sdk/TODO.md on that branch.
* AH: simplify per-package SDK target resolution
Replaces per-package `currentSdkTarget()` (one method per SDK,
re-implementing the same platform/arch table modulo a musl branch)
with a single boolean `hasSeparateMuslLinuxPackage` on the package
descriptor and a shared `resolveSdkTarget(pkg, host)` in the
downloader. Claude sets it true; Codex sets it false. The supported-
platforms whitelist collapses from three copies (claudeSdkTarget,
codexPackageSuffix, build's getSdkTargetForBuild) to one runtime
resolver paired with the build helper.
Host injection: AgentSdkDownloader gains an optional leading
`ISdkTargetHost` constructor param (per project convention, non-DI
before DI). Production call sites pass `undefined` to derive from
`process`; tests pass synthetic hosts to exercise Universal launches
and musl Linux without touching `process`.
Other simplifications applied from review:
- `_cacheHit` was a one-line passthrough → inlined to
`_fileService.exists(sentinel)` at both call sites.
- `_pendingDownloads` key now uses `cacheDir` directly (already
unique per pkg/version/target) instead of allocating a parallel
`<pkg>/<version>/<target>` key string.
- `.complete` sentinel content is now empty — the file's existence
is the integrity signal, the cache dir path already encodes
`<pkg>/<version>/<sdkTarget>` for debugging.
- `detectLibc()` returns `LibcFamily | undefined` on non-Linux
instead of `'glibc'`-by-convention (drops consumer-specific
phrasing from the primitive).
- Test's `listLeftovers` recursive walker replaced with a direct
`readdir` of the known version dir (the only level where scratch
dirs can land).
- Tests collapse 4 direct `new AgentSdkDownloader(...)` blocks
through `makeDownloader(null, host)`.
- `IAgentSdkProductConfig` JSDoc trimmed to interface contract;
rationale lives in roadmap.md Phase 15.
- `_failureLatch` doc explains why per-id (not per-target) granularity
is intentional.
Tests: 25 passing (3 libc + 3 resolveSdkTarget + 13 downloader +
6 codex paths). New `resolveSdkTarget` suite covers the cross-product
of {claude, codex} × {linux glibc, linux musl, darwin, win32} that
previously lived as scattered table tests.
* AH: drop test-only host injection on AgentSdkDownloader
The previous commit added a constructor param to inject a synthetic
`(platform, arch, libc)` into the downloader so tests could exercise
Universal launches and musl Linux from any CI host. Production passed
`undefined` and the body fell back to a derived host — a test-only
ceremony in production code.
Restructured so the runtime stays clean:
- `resolveSdkTarget(pkg, host?)` keeps its optional `host` param,
defaulting to the real process. Cross-host coverage lives in
dedicated unit tests that call it directly.
- `AgentSdkDownloader` no longer takes a host. Both call sites
revert to `createInstance(AgentSdkDownloader)` with no extras.
- Integration suite `suiteSetup` skips on hosts the downloader
can't target (e.g. linux-armhf), and pins `hostSdkTarget` for
path assertions. The "two-host cache key" assertion becomes a
direct path check on the host's resolved target instead of an
artificial second-host download.
Tests: 23 passing (3 libc + 3 resolveSdkTarget unit + 11 downloader
integration + 6 codex paths).
* AH: address PR review — validate urlTemplate placeholders + honor backpressure
Two findings from #321078 review:
1. `format2()` silently leaves unknown placeholders untouched, so a
vscode-distro typo like `{sdkTaret}` would produce a 404 from the
CDN with no hint at the real cause. Add a `{...}` scan after
substitution that throws an actionable error pointing at the
suspect product.json field. Covered by a new test.
2. The hand-rolled `_fetch` pipe ignored `out.write()`'s return value,
so a slow disk (Windows AV scan, network home dir) could buffer
the entire 70-95MB tarball in memory. Pause the source stream on
write-buffer full, resume on drain. Can't use `stream/promises
.pipeline()` here because `IRequestContext.stream` is a
`VSBufferReadableStream`, not a Node Readable — the source's own
`pause()`/`resume()` is what we have to work with.
Cancellation test still passes; backpressure change is transparent to
the cancel teardown.
* AH: per-platform agent SDK build + CDN upload (#7885)
Per-platform VS Code build jobs now produce + upload the Claude and
Codex agent SDK tarballs to main.vscode-cdn.net and stamp the resulting
url/sha into `product.agentSdks` of their own packaged product.json.
The build step (`build/azure-pipelines/common/agent-sdk-produce.yml`)
runs inline in each existing platform job (darwin/linux/win32/alpine),
before the gulp packaging step. It always builds the tarballs. The
AzureCLI credential fetch and the CDN upload are gated on
`VSCODE_PUBLISH=true` — test pipeline runs leave the tarballs as a
pipeline artifact (`agent_sdk_<platform>_<arch>_tarballs`) for
inspection but don't touch the CDN, and ship product.json without
`agentSdks` (same shape as a local dev build).
The REH gulpfile only stamps `agentSdks` for `type === 'reh'`; REH-web
skips it because the agent host is node-only.
* AH: use npm.cmd on Windows in agent SDK build
`spawnSync('npm', ...)` fails on Windows because npm ships as a `.cmd`
shim and Node's child_process doesn't resolve PATHEXT without an
explicit suffix. The Windows pipeline jobs were dying with `exited
null` and no further context.
Also surface `result.error` so a future spawn-resolution failure shows
the actual ENOENT instead of a bare exit-code message.
* AH: pass shell:true when spawning npm.cmd on Windows
Node 20+ (CVE-2024-27980) refuses to spawn `.cmd`/`.bat` files without
`shell: true` and fails with `EINVAL`. The Windows pipeline jobs hit
this after the previous fix swapped `npm` for `npm.cmd`.
* AH: emit {version, urlTemplate} per the runtime shape change
Stacked on top of the runtime PR (tyler/agent-sdk-url-template). With
the runtime now consuming `{version, urlTemplate}` and substituting
`{sdkTarget}` per launch, the build pipeline emits the matching shape:
- `IAgentSdkResults[<sdk>]` drops `{url, sha256}` for
`{version, urlTemplate}`.
- `produce.ts` still uploads its platform's tarballs (idempotent
HEAD-then-skip in upload.ts is unchanged), but the results JSON
every job writes is identical per SDK — only the version differs.
That's the whole point: macOS Universal can ship one product.json
that covers both arm64 and x64 launches because the runtime
resolves {sdkTarget} per launch.
- New `buildCdnUrlTemplate(sdk, version)` mirrors `buildCdnUrl`'s
path but leaves `{sdkTarget}` as the format2 placeholder.
- README updated; TODO.md (the placeholder note left while the
runtime PR was pending) deleted.
Tarballs at the existing CDN paths (e.g.
`agent-sdk/claude/0.3.168/darwin-arm64.tgz`) remain valid and reachable
— no re-upload needed, just a re-stamp of product.json on the next
publish run.
* AH: address PR review on build/agent-sdk (Copilot)
Five comments from the build PR review:
1. common.ts header named drift-check.ts (deleted during simplification)
and missed produce.ts. Updated.
2. common.ts "single source of truth is package.json optionalDependencies"
was aspirational — getSdkTargetForBuild is a hardcoded table. Reframed
the comment to describe what we actually do (hardcoded table kept in
lockstep by convention) and why (no runtime npm metadata lookup).
3. package.ts header said the library form is consumed by gulpfile
packaging tasks — actually called from produce.ts as its own pipeline
step. Updated.
4. + 5. isCliInvocation() in package.ts and upload.ts compared
import.meta.url to a manually constructed `file://${process.argv[1]}`,
which breaks on Windows (drive letters URL-encoded, spaces escaped).
Repo already established the cleaner `import.meta.filename ===
process.argv[1]` pattern (see build/npm/installStateHash.ts:143).
Pure portability fix — only affects the dev-mode CLIs, the production
pipeline calls these as library functions.
* AH: per-SDK agents/<sdk>/{package.json,package-lock.json} for byte determinism
Build 447090 surfaced sha drift across pipeline runs: same exact-pinned
SDK version, but transitive deps unlocked (`npm install
--no-package-lock`) → different bytes → CDN HEAD-then-fail rejected
the re-upload. Determinism is load-bearing for the security model
(content-addressed CDN URLs, no runtime sha verification — the bytes
at a given URL must be stable).
Fix: ship pinned lockfiles per SDK and use `npm ci`. New layout:
build/agent-sdk/agents/
claude/
package.json # exact one dep: @anthropic-ai/claude-agent-sdk@0.3.168
package-lock.json # full transitive graph
codex/
package.json # exact one dep: @openai/codex@0.134.0
package-lock.json
Bonus: the folder set IS the SDK list. Drops the hardcoded
`SDKS: readonly Sdk[]` and `PACKAGE_NAME: Record<Sdk, string>` from
common.ts; replaced with `getSdks()` (discovers from `agents/`) and
`getAgentMeta(sdk)` (reads from the agent's own package.json). Adding
a new SDK is now one folder + lockfile gen + commit.
Verified reproducible locally: two back-to-back runs of `package.ts
--sdk=codex --target=darwin-arm64` produce byte-identical tarballs.
NOTE: existing CDN blobs from build 446990 carry the old drifted
shas. The next publish will fail HEAD-then-skip against them. Need to
delete `agent-sdk/{claude,codex}/{0.3.168,0.134.0}/*.tgz` from the
vscodeweb storage account's $web container before re-publishing, or
the upload step will refuse with "blob already present with DIFFERENT
sha256".
* AH: bump pinned SDK versions to sidestep stale CDN blobs
claude 0.3.168 → 0.3.169 (one point release; 0.3.170/172/173/174/175
all exist upstream, sticking to the next bump for risk minimisation).
codex 0.134.0 → 0.135.0 (next stable; 0.135-0.139 are all stable
releases, picking the immediate successor).
Bumping versions changes the CDN URL path (`agent-sdk/<sdk>/<version>/...`)
so the next publish lands at fresh, never-uploaded blob URLs. Avoids
having to delete the drift-shaped blobs from build 446990 that would
otherwise trip HEAD-then-fail.
Bumped both the per-SDK `agents/<sdk>/package.json` (the build's pin)
and repo-root `package.json` devDeps (the runtime's type-import pin)
in lockstep, with all four lockfiles regenerated. Local reproducibility
re-verified: two back-to-back runs of `package.ts --sdk=codex
--target=darwin-arm64` produce byte-identical tarballs at the new pin.
Runtime typecheck clean — no API changes to either SDK in these point
releases.
* AH: stub usage_EXPERIMENTAL on test Query fakes (SDK 0.3.169)
Claude SDK 0.3.169 added `usage_EXPERIMENTAL_MAY_CHANGE_DO_NOT_RELY_ON_THIS_API_YET`
as a required method on `Query`. Three test files implement the
interface as fakes (FakeQuery, ImmediatelyDoneQuery, RoundTripQuery)
and broke the type-check on tsgo.
Stubbed each as `throw 'not modeled'` matching the existing pattern
for every other method these fakes don't exercise. The field name
makes it clear the SDK doesn't expect anyone to rely on it yet, so a
"not modeled" stub is honest.
* AH: authenticate npmrc before agent SDK `npm ci`
Build 447232 hit E401 from the private npm mirror: the platform job's
existing "Setup NPM Authentication" step is gated on the node_modules
cache being a miss (it lives in the cache-warming path), so on a cache
hit the user's ~/.npmrc has no auth token, and our agent-sdk `npm ci`
inherits the global registry override + missing auth → E401.
Fix: add an always-on auth step at the top of agent-sdk-produce.yml.
Captures the user's npmrc path, runs npmAuthenticate@0 against it. Now
runs independent of the node_modules cache state.
The previous npm install --no-package-lock path tolerated this because
it fell back to anonymous resolution against npmjs.org. `npm ci`
strictly resolves through the configured (private) registry, which
needs auth. The lockfile + private mirror combination is what we want
for supply-chain auditing — the fix is to make sure auth is set up
unconditionally rather than bypass the mirror.
Also reverts a brief stop-along-the-way that added
`--registry=https://registry.npmjs.org/` to the npm ci call — wrong
direction (would bypass the supply-chain mirror).
* AH: create ~/.npmrc with `npm config set` before authenticating
npmAuthenticate@0 errored on cache-hit runs: the .npmrc path returned
by `npm config get userconfig` is just where npm WOULD write — the
file doesn't exist until something actually writes to it. The platform
job's "Setup NPM" step creates it via `npm config set registry`, but
is skipped on cache hits.
Mirror that pattern in our prep step: run `npm config set registry`
ourselves (idempotent — rewrites the same value the existing config
already has on cache misses) so npmAuthenticate@0 has a real file to
edit.
* AH: move agent SDK step ahead of Download Copilot VSIX
Was: install-builtin → VSIX-background → Compile → … → VSIX-attach → agent-sdk → Build client.
Now: install-builtin → agent-sdk → VSIX-background → Compile → … → VSIX-attach → Build client.
No data dependency between the agent SDK step and the VSIX download
(or Compile, for that matter — agent SDK uses its own scratch dir,
its own npmrc, doesn't read node_modules or anything from out-build).
Benefit: fail-fast. The agent SDK step previously ran after Compile +
both VSIX wait points, so a CDN auth failure or a sha-mismatch
would only surface ~10 minutes into the job. Moving it earlier
catches those failures in seconds, before any heavy work runs.
Applied consistently across darwin/linux/win32/alpine (linux still
gated on `ne(VSCODE_ARCH, 'armhf')`).
* chore: update @github/copilot and @github/copilot-sdk to version 1.0.61 and 1.0.1 respectively
- Bump @github/copilot from 1.0.60 to 1.0.61 in package.json and package-lock.json
- Update @github/copilot-sdk from 1.0.0 to 1.0.1 in package.json and package-lock.json
- Modify postinstall script to copy tgrep files instead of sharp files
- Update tests to include tgrep binaries
- Change model in e2e tests from 'claude-opus-4.7' to 'gpt-5-mini'
* fix: add libm.so.6(GLIBC_2.27)(64bit) to referenceGeneratedDepsByArch
* Add tar to REH dependencies and eslint allowlist
The agent SDK downloader uses node-tar to extract the per-platform
SDK tarballs it downloads from product.json — pure JS, zero native
deps, so the agent host works on every server install footprint
without relying on a system tar binary.
* Distribute Claude and Codex agent SDKs via product.json
Adds IAgentSdkDownloader, which fetches the per-platform Claude
and Codex SDKs from a CDN configured through product.agentSdks
(populated by vscode-distro), verifies the sha256 anchored in
product.json, and caches the extracted root under userDataPath.
Providers register iff the SDK is available — either a dev override
env var or a product.agentSdks entry whose sha256 declares the
current platform. Falls through to today's no-op behavior in OSS
builds with neither.
Tracks microsoft/vscode-internalbacklog#7885.
* Fix lockfiles after merge resolve
The previous merge took upstream's @anthropic-ai/sdk@0.82.0 in
package.json but left the lock file's nested resolution tree
pointing at 0.102.0, so npm ci rejected the workspace. Re-resolve
via npm install. Also adds the remote/package-lock.json entry for
tar that was missed in the first commit.
* Address PR review feedback
- nodeAgentHostStarter: pass process.env (not the local shell-env
snapshot) to buildAgentSdkEnv so a developer's env-var dev override
actually wins over a settings value. Matches electronAgentHostStarter.
- agentSdkDownloader: write the .complete sentinel inside tmpDir BEFORE
the move so cache publish is atomic. A crash between move and
sentinel-write previously left a wedged cacheDir that subsequent runs
could not recover from (rename-loser path requires a valid sentinel).
- agentHostBootstrap: register RequestService with the DisposableStore
so its config-change listener is cleaned up at shutdown.
- agentSdkDownloader.test: build the fixture tarball via node-tar
(already a dep) instead of spawning the host tar binary; drops the
bsdtar/gnutar portability surface.
- agentHostMain: comment referenced the renamed VSCODE_AGENT_HOST_*_PATH
env var; corrected to VSCODE_AGENT_HOST_*_SDK_ROOT.
* Drop test-stub fields not present in @anthropic-ai/sdk 0.82
The earlier merge took upstream's @anthropic-ai/sdk@0.82.0 over the
stash's 0.102.0; some test stubs had been authored on a branch using
0.102.0 and reference fields that don't exist in 0.82
(output_tokens_details, estimated_tokens, diagnostics on BetaMessage).
Strip the optional fields — they're shape-only filler in the test
fixtures and aren't asserted on.
* chore: update @github/copilot to version 1.0.60 in package.json and package-lock.json
* chore: update @github/copilot to version 1.0.60 in package.json and package-lock.json
* test: update feature flag service creation in Copilot CLI tests
* Bump version to 1.124.0
* Revert distro change to match main
The distro field was carried over from before PR #319280 reverted it on main.
Removing the distro change so the bump PR only modifies version-related fields,
matching the workflow's PKG_LOCK_AND_COPILOT exception.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Ulugbek Abdullaev <uabdullaev@microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* chat plugins: add policy-backed enabledPlugins / marketplaces / strictMarketplaces settings
Adds three new chat.plugins.* settings, each policy-backed:
- chat.plugins.enabledPlugins (policy: objectChatEnabledPlugins)
mapping plugin IDs (`<plugin>@<marketplace>`) to enable/disable.
- chat.plugins.marketplaces (policy: array ofChatPluginMarketplaces)
marketplace references (GitHub shorthand or Git URI). User entries
survive alongside policy entries.
- chat.plugins.strictMarketplaces (policy: ChatStrictMarketplaces)
boolean restricting trust to listed marketplaces only.
All three are gated on `tags: ['experimental']`. Consumers (plugin
discovery, install, URL handler, marketplace service, quick-pick action)
now read via `inspect()` so default + user + policy layers all flow
through. A shared `readConfiguredMarketplaces` helper in
marketplaceReference.ts dedups the inspect pattern across 5 sites.
Adds three matching fields to IPolicyData so the policy framework has
slots to fill in once the wiring lands; until then they're undefined and
behave like an empty policy (no-op). Plugin discovery now distinguishes
filesystem-path entries (removable from UI) from enterprise plugin IDs
(non-removable) via a single shared loop; `IAgentPlugin.remove` is
optional accordingly.
build/lib/policies/policyData.jsonc regenerated for the new policy keys.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: implement ADR-002 enterprise managed_settings fetch & policy wiring
Wires the previously-added chat.plugins.* policy slots to the new
`/copilot_internal/managed_settings` endpoint on the authenticated
Copilot host.
Core behavior in DefaultAccountProvider:
- Fetches managed_settings alongside entitlements; shares the 1-hour
cache used by other account-policy fetches.
- Silent fallback to local-only policy on any non-2xx, network error,
parse error, or missing managedSettingsUrl.
- Rate-limit-aware: backs off all /copilot_internal/* calls when the
endpoint signals 429, 403 + X-RateLimit-Remaining: 0, or any non-2xx
with Retry-After.
- adaptManagedSettings flattens the API's structured
extraKnownMarketplaces map into the existing string-array shape that
chat.plugins.marketplaces consumes; tolerates malformed entries and
unknown response keys (forward-compatible).
- Telemetry: emits `defaultaccount:managedSettings:fetch` (owner:
joshspicer) with an `outcome` bucket (ok / no-response / parse-error /
status:NNN) and a `rateLimitBackoffActive` flag.
Surface area:
- IDefaultAccountProvider/Service expose managedSettingsFetchStatus and
managedSettingsFetchedAt; ManagedSettingsFetchStatus is a named union.
- Developer: Policy Diagnostics shows a Managed Settings section with
the URL status, last-fetched timestamp, and a JSON dump of the
applied managed-settings policy slice.
- product.json adds a managedSettingsUrl key (populated via distro).
Refactor: `readHeader` and `retryAfterFromHeaders` are moved to
`platform/request/common/request.ts` so githubRepoFetcher.ts and this
new code share one implementation.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* bump distro to 36d906669669f12466c6912bd65d9eeb47c6522d
Pulls in managedSettingsUrl from microsoft/vscode-distro#1422.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* update policyData
* policy: address PR review feedback
- Restore historical default for chat.plugins.marketplaces
(['github/copilot-plugins', 'github/awesome-copilot#marketplace']) so
existing users don't lose the two built-in marketplaces on update.
Regenerate policyData.jsonc accordingly.
- Seed _managedSettingsFetchStatus = 'ok' on cache-hit so Policy
Diagnostics reports the applied state after a process restart that
warm-starts from cached policyData (instead of stuck at 'not yet
fetched').
- Scope the <plugin>@<marketplace> ID-resolution rule to the enterprise
ChatEnabledPlugins setting only. User-typed entries in
chat.pluginLocations that happen to contain '@' are now treated as
filesystem paths, as a user would expect, not silently rewritten to
~/.copilot/installed-plugins/<x>/<y>/. Split _resolvePluginPath into
a path-only resolver and a dedicated _resolveEnterprisePluginId.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: revert unnecessary _pluginLocationsConfig refactor
chat.pluginLocations has no policy slot, so observableConfigValue
(which uses getValue() under the hood) is functionally equivalent to
the hand-rolled inspect() version. Reverting reduces diff thechurn
inspect-based observable is now used only for _enterpriseEnabledPluginsConfig
where the default+user+policy merge actually matters.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: split managed marketplaces into dedicated policy-only setting
Adds chat.plugins.extraMarketplaces (ChatExtraMarketplaces policy,
included: false so it's hidden from the Settings UI). This receives the
'extraKnownMarketplaces' payload from the managed_settings API.
Restores chat.plugins.marketplaces to its pre-PR shape: no policy slot,
no inspect()-juggling required in consumers, no risk of accidentally
clobbering user data. Users write to chat.plugins.marketplaces; the
enterprise writes to chat.plugins.extraMarketplaces; the effective set
is the union.
Consumer simplifications:
- readConfiguredMarketplaces returns { userValues, extraValues,
two getValue() reads, no inspect() needed.effectiveValues }
- Write-back is now just [...userValues, refValue] in all three sites.
- 'Manage Plugin Marketplaces' still surfaces the 'managed by enterprise
policy' badge by checking ref membership in extraValues.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: tidy managed_settings code paths
- fetchMarketplacePlugins: drop the over-engineered pre-dedup-by-string;
parseMarketplaceReferences already dedups by canonical id.
- agentPluginServiceImpl: pass source.remove directly to _toPlugin instead
of wrapping in a null-asserted closure.
- adaptManagedSettings: use a Set for flatten-and-dedup (insertion order
is preserved).
- getDefaultAccountFromAuthenticatedSessions: spread merge instead of
three explicit field assignments.
- developerActions: collapse the 'ok' branch into the catch-all backtick
wrap; same behavior, less code.
- marketplaceReference.ts: tighter JSDoc on IConfiguredMarketplaces.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: enforce ChatEnabledPlugins and strict-marketplace gates at discovery
Previously the enterprise-managed policy values were delivered into the
policy framework but not a plugin already installed locallyenforced
(e.g. via the marketplace discovery path) would remain active even when
the policy excluded it or strict-marketplace mode rejected its source.
Adds policy enforcement on AgentPluginService.plugins, applied after
discovery dedup/sort and gated by two observables:
- ChatEnabledPlugins policy: when set, filters the surfaced plugin set
to only those whose '<name>@<marketplace>' ID appears in the policy
map with value true. Plugins without a marketplace provenance
(filesystem entries from chat.pluginLocations) are unaffected.
- ChatStrictMarketplaces: when on, filters out plugins whose source
marketplace is not trusted. Trust is sourced ONLY from
chat.plugins.extraMarketplaces (the policy-only user-setslot)
entries in chat.plugins.marketplaces do NOT grant trust under strict
mode. This matches the ADR-002 semantics: strict mode hands full
marketplace control to the enterprise.
Also updates the chat.plugins.strictMarketplaces description text to
match the new behavior (was still pointing at the user setting).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: extract managed_settings adapter to dedicated helper
Moves IManagedSettingsResponse and adaptManagedSettings out of
defaultAccount.ts and into a new managedSettings.ts in the same folder.
Adapter is a pure transformation function with no service dependencies,
so it belongs in its own file alongside the HTTP/wiring code.
Renames the test file to managedSettings.test.ts to match what it
actually tests and tightens the suite name.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: tidy enforcement filter and sync strict-marketplace policy description
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: show policy-blocked plugins as disabled instead of hiding them
Blocked plugins (ChatEnabledPlugins / strict marketplaces) now stay
visible but are forced disabled via their enablement observable, and the
enable affordance notifies the user instead of re-enabling.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: enforce enabledPlugins/strictMarketplaces for Copilot-CLI plugins
CLI-installed plugins under `~/.copilot/installed-plugins/<marketplace>/<plugin>/`
have no `fromMarketplace` metadata, so they previously bypassed enterprise
policy. Derive their identity from the install-path bucket (matching the
convention used by `_resolveEnterprisePluginId`) so enabledPlugins gating
applies, and add a bucket-name heuristic for strict marketplaces.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* log raw managed_settings response at trace level
Helps debug schema drift / unknown server fields that get dropped by
adaptManagedSettings(). Trace-only so it's off by default.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* improve managed_settings warning for missing repo/url
When a github source is missing 'repo' or a git source is missing 'url',
emit a specific warning naming the missing field instead of the misleading
'unknown source type' message.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* preserve marketplace name through managed_settings policy delivery
The managed_settings adapter previously flattened extraKnownMarketplaces
entries to bare "<owner>/<repo>" or "<url>" strings, losing the marketplace
name. That broke enabledPlugins matching because plugin IDs are keyed as
"<plugin>@<marketplace-name>" but our parsed reference's displayLabel was
derived from the URL/repo instead.
Changes:
- adapter now emits { name, source } objects preserving the full shape
- IPolicyData.extraKnownMarketplaces accepts string | object entries
- parseMarketplaceReferences gains object-handling, using name as displayLabel
- workspacePluginSettingsService shares the object parser
- policy schema relaxed to allow object items
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: clarify chat.plugins.enabledPlugins description
The previous 'Merged with entries from chat.pluginLocations' was misleading:
the two settings use different key namespaces (plugin IDs vs filesystem paths)
and the enabledPlugins policy also acts as an allowlist that gates
marketplace-discovered not a symmetric merge.plugins
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: add description for chat.plugins.extraMarketplaces
The setting was missing a markdownDescription, so the Settings UI card
rendered empty when shown under 'Managed by organization'. Also updated
the policy localization to mention the new { name, source } object form.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: shorten chat.plugins.extraMarketplaces description
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: drop policy name from extraMarketplaces description
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: re-fetch plugin marketplaces when ExtraMarketplaces policy changes
pluginMarketplaceService.onDidChangeMarketplaces only listened for
PluginsEnabled and PluginMarketplaces config changes, so the
ExtraMarketplaces values delivered by the ChatExtraMarketplaces policy
never triggered a the union was stale until the next user editrefetch
to chat.plugins.marketplaces or a workspace-trust change.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: extract IExtraKnownMarketplaceEntry to base/common/managedSettings
Move the enterprise-managed marketplace entry type out of defaultAccount.ts
into a dedicated managedSettings.ts so the type lives alongside other
managed-settings-specific code.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: cleanup pass
- Sync policyData.jsonc ChatExtraMarketplaces description with the
source declaration in chat.shared.contribution.ts (object-form
entries were missing from the policy artifact).
- Reorder Event import in agentPluginServiceImpl.ts to keep base/common
imports alphabetical.
- Fix stale doc reference (COPILOT_CLI_INSTALLED_PLUGINS_DIR -> the
function it actually mirrors).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: accept host-only git URLs in extraKnownMarketplaces
ADR-002 describes the `git` source `url` as a free-form `(string)`
the example happens to be a full clone URL, but the schema doesn't
require a repo path. Our marketplace-URI parser was rejecting host-only
HTTPS endpoints (e.g. `https://plugins.internal.example.com`), so
enterprise policy entries with marketplace-registry-style URLs were
silently dropped before they ever reached the UI.
Relax `parseUriMarketplaceReference` to accept host-only URLs and
treat them as a marketplace endpoint identified by host alone. The
canonical id becomes `git:<host>/` so distinct hosts still dedupe
correctly. Existing path-aware behavior is preserved unchanged.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: fix string entry guard in extraKnownMarketplaces policy.value; fix test cloneUrl expectation
- Handle string-typed entries in extraKnownMarketplaces (IPolicyData allows string | IExtraKnownMarketplaceEntry)
- Fix test expectation: URI.parse normalizes host-only URLs to include trailing slash
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: read extraMarketplaces dict and convert to nested entry shape
The setting schema is now `{ [name]: url-or-shorthand }` (object), so
readConfiguredMarketplaces must convert each entry to the nested
IExtraMarketplaceObjectEntry shape that parseMarketplaceReferences expects.
Uses a regex to detect GitHub shorthand (owner/repo[#ref]) vs URI.
TypeError in CI:
'extraValues is not iterable' on [...userValues, ...extraValues].
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: extract extraKnownMarketplacesToConfigDict helper + add regression tests for Settings Editor display
Extract the policy.value conversion for ChatExtraMarketplaces out of
chat.shared.contribution.ts into a reusable, unit-testable helper. The
helper converts the IExtraKnownMarketplaceEntry[] policy payload into the
{ [name]: url-or-shorthand } dict that:
- the Settings Editor's ComplexObject renderer can display inline as
key/value rows (instead of just 'Edit in settings.json'), and
- readConfiguredMarketplaces reverses back into IExtraMarketplaceObjectEntry[]
so parseMarketplaceReferences preserves displayLabel = name.
Tests added:
undefined
owner/repo
owner/repo#ref
raw URL (+ optional #ref)
parseMarketplaceReferences flow (the regression test that catches the
'extraValues is not iterable' bug we just hit in CI)
- schema-shape: chat.plugins.extraMarketplaces is registered with
type=object + additionalProperties.type=['string'], the exact shape
the Settings Editor requires to render as ComplexObject
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: stop spurious 'invalid marketplace entry' warnings for object-form entries
url dict, policy
entries always reach the marketplace fetcher as IExtraMarketplaceObjectEntry
objects (not strings). The validation loop was only accepting strings,
producing a 'Ignoring invalid marketplace entry: [object Object]' debug log
for every valid policy entry.
Validate using parseMarketplaceObjectEntry for object values so the warning
fires only for genuinely-unparseable entries.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: drop schema-shape test that double-registered chat contribution commands
The schema-shape test for chat.plugins.extraMarketplaces imported the full
chat.shared.contribution module to populate the configuration registry.
This re-registered commands (already registered by the workbench under
test), producing 'Cannot register two commands with the same id:
workbench.action.chat.markHelpful' and cascading disposable leaks in
unrelated suites (EditorService, WorkingCopyBackupTracker).
The other 5 tests (extraKnownMarketplacesToConfigDict + end-to-end round
trip) cover the actual behavior that broke; the schema shape is exercised
implicitly by the round-trip test.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* policy: normalize github.com URI/SSH refs to the GitHub shorthand canonical id
Plugin marketplace trust under strict mode compares canonicalId. A plugin
discovered from 'https://github.com/microsoft/vscode-team-kit.git' was
being blocked even though 'microsoft/vscode-team-kit' was in the trusted
list, because the URI parser produced 'git:github.com/microsoft/vscode-team-kit.git'
while the shorthand parser produced 'github:microsoft/vscode-team-kit'.
When parseUriMarketplaceReference / parseScpMarketplaceReference detect a
github.com authority, emit the same canonical id form the shorthand parser
uses so all three forms (shorthand, https URI, SCP) collapse to a single
trusted reference.
Existing dedup test now expects 1 entry instead of 2; ref-distinction test
collapses the https+#ref entry with its shorthand sibling. Added a focused
regression test asserting all four forms produce identical canonical ids.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* update policy
* fix dupe policy export
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
dileepyavan
Anthony Kim
Josh Spicer
Tyler James Leonhardt
Lee Murray
João Moreno
Henning Dieterichs
vs-code-engineering[bot]
Rob Lourens
dependabot[bot]
Don Jayamanne
Matt Bierner
Alexandru Dima
Megan Rogge
Joaquín Ruales
Ulugbek Abdullaev
Robo
Aiday Marlen Kyzy
Giuseppe Cianci