Skip to content

Show allow-list actions for unsandboxed terminal confirmations#303660

Merged
dileepyavan merged 4 commits intomainfrom
DileepY/303426
Mar 21, 2026
Merged

Show allow-list actions for unsandboxed terminal confirmations#303660
dileepyavan merged 4 commits intomainfrom
DileepY/303426

Conversation

@dileepyavan
Copy link
Copy Markdown
Member

@dileepyavan dileepyavan commented Mar 21, 2026

Fixes #303426

Summary

  • thread requiresUnsandboxConfirmation through terminal command-line analyzer options
  • stop the sandbox analyzer from force auto-approving when explicit unsandboxed confirmation is required
  • keep the Allow dropdown actions available for unsandboxed terminal confirmations so commands can be allow-listed from that flow
  • update the RunInTerminalTool test to cover the revised unsandboxed confirmation behavior

Bug Fixed

When the run-in-terminal tool asked to execute a command outside the sandbox, the confirmation UI did not expose the Allow dropdown actions. That meant users could not allow-list the command from the same confirmation dialog, even though that is the expected workflow for chat.tools.terminal.autoApprove.

Testing

  • VSCODE_SKIP_PRELAUNCH=1 ./scripts/test.sh --grep RunInTerminalTool

Copilot AI review requested due to automatic review settings March 21, 2026 01:10
@vs-code-engineering vs-code-engineering bot added this to the 1.113.0 milestone Mar 21, 2026
@dileepyavan dileepyavan enabled auto-merge (squash) March 21, 2026 01:12
Copilot AI reviewed Mar 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adjusts the run_in_terminal confirmation flow so that, when an LLM explicitly requests unsandboxed execution, the confirmation UI still exposes the Allow dropdown actions (so users can allow-list commands from that dialog) while also updating analyzer plumbing and tests.

Changes:

  • Thread requiresUnsandboxConfirmation through terminal command-line analyzer options and use it to avoid sandbox analyzer “force auto-approve” in that case.
  • Keep terminal confirmation custom actions available for unsandboxed confirmations.
  • Update RunInTerminalTool tests to expect custom actions during unsandboxed confirmations.

Reviewed changes

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

File Description
src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/runInTerminalTool.ts Passes requiresUnsandboxConfirmation into analyzers and changes when custom actions/confirmation messages are produced.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineAnalyzer/commandLineAnalyzer.ts Extends analyzer options with requiresUnsandboxConfirmation?: boolean.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineAnalyzer/commandLineSandboxAnalyzer.ts Disables sandbox “force auto-approve” when unsandboxed confirmation is required.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/electron-browser/runInTerminalTool.test.ts Updates expectations for unsandboxed confirmation to include dropdown actions.

@dileepyavan dileepyavan merged commit 36ca95e into main Mar 21, 2026
19 checks passed
@dileepyavan dileepyavan deleted the DileepY/303426 branch March 21, 2026 02:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jruales jruales jruales approved these changes

Assignees

@dileepyavan dileepyavan

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Give me option to allow-list command when offering to run outside of sandbox

3 participants

@dileepyavan @jruales