Agent sandboxing docs by ntrogh · Pull Request #9612 · microsoft/vscode-docs

ntrogh · 2026-03-27T19:56:55Z

isidorn · 2026-03-30T07:47:36Z

@ntrogh thank you for pushing on this one. Is this PR ready for my review/feedback?

ntrogh · 2026-03-30T07:51:40Z

@isidorn yes, feel free to review. Thanks

isidorn · 2026-03-30T09:24:44Z

docs/copilot/agents/agent-tools.md


 > [!NOTE]
-> Terminal sandboxing is currently in preview and is only supported on macOS and Linux. On Windows, the sandbox settings have no effect.
+> Terminal sandboxing is currently in preview and is only supported on macOS and Linux. On Windows, only WSL2 environments are supported.


This puts Windows as not officially supported. But WSL might be the actual path forward. I would frame it slightly differently for windows to say that it uses WSL

What about this?

I would not say only WSL2 environemnts are supported, but that we use WSL2 as an underlying implementation. At the end of the day users might not care

isidorn · 2026-03-30T09:25:39Z

docs/copilot/agents/agent-tools.md

-* Network access is blocked for all domains by default
-* Commands run without the standard confirmation dialog
+* Commands have read access to the entire file system
+* Commands have write access only to the current working directory and its subdirectories


@dileepyavan is this correct? What about the TMP directory - how are we treating it now?

docs/copilot/agents/agent-tools.md

docs/copilot/concepts/trust-and-safety.md

docs/enterprise/ai-settings.md

docs/copilot/security.md

isidorn · 2026-03-30T09:37:14Z

Great start. I left comments. @dileepyavan would be great if you can also give this a review some time this week

First draft of agent sandboxing

5c52501

ntrogh requested review from Copilot and isidorn and removed request for Copilot March 27, 2026 19:58

ntrogh changed the title ~~First draft of agent sandboxing~~ Agent sandboxing docs Mar 27, 2026

Copilot started reviewing on behalf of ntrogh March 27, 2026 20:02 View session