Fix terminal output capture: strip command echo/prompt, fix premature idle detection, improve sandbox failure detection, force bash over sh

[alexdima]

Fixes #303531

Problem

When the run_in_terminal tool executes commands (especially sandbox-wrapped ones) that produce no output, the raw command echo and shell prompt leak into the tool result. The LLM and user see long, confusing strings like the full sandbox wrapper command instead of the expected "Command produced no output".

Additionally, several related issues with terminal command execution reliability were discovered and fixed:

• Premature idle detection could cause the tool to capture output before the command even started executing
• The sandbox execPath was incorrectly resolved in remote environments
• Sandbox failures weren't detected when exit codes were unavailable

Root Cause

Without shell integration (NoneExecuteStrategy) or when shell integration markers misfire, the tool captures the terminal buffer between xterm markers using getContentsAsText(). This raw capture includes:

1. The command echo line (the prompt + what sendText wrote, including the full sandbox wrapper)
2. The actual command output (empty in these cases)
3. The next shell prompt line(s)

Previously there was no stripping of (1) and (3), so the entire command echo was returned as "output".

Changes

1. Strip command echo and prompt from terminal output (strategyHelpers.ts)

New stripCommandEchoAndPrompt() function that removes leading command echo lines and trailing prompt lines from marker-based output:

• findCommandEcho() — Locates the command text in the output, handling terminal line wrapping by stripping newlines and building an index mapping. Supports suffix matching for getOutput() cases where only the wrapped continuation appears
• Prompt evidence narrowing — Uses the prompt prefix (text before the command echo) to determine the shell type (bash, zsh, PowerShell, cmd, Starship, Python REPL) and only checks relevant trailing prompt patterns, reducing false positives
• Double-echo handling — When the shell re-echoes the command (prompt + echo appears twice), strips it a second time
• Supports various prompt styles: user@host:path $, ] $, PS C:\>, C:\>, ❯, >>>, and wrapped multi-line prompts

Applied in NoneExecuteStrategy, BasicExecuteStrategy, and RichExecuteStrategy (defensively, since getOutput() can also include echoes on some platforms).

2. Fix premature idle detection (noneExecuteStrategy.ts)

After sendText(), wait for the terminal cursor to move past the start marker line before beginning idle detection. Without this, the idle poll could resolve immediately on the existing prompt before the shell started processing the command.

3. Fix start marker recreation (strategyHelpers.ts)

setupRecreatingStartMarker() now returns an IDisposable that stops the recreation loop. Callers dispose it before sending a command so that prompt re-renders (e.g. PSReadLine transient prompts) don't move the start marker past the command output.

4. Sandbox reliability improvements

• Heuristic sandbox failure detection (sandboxOutputAnalyzer.ts) — When exit code is unavailable (no shell integration), detect sandbox failures by pattern-matching output for "Operation not permitted", "Permission denied", "Read-only file system", etc.
• Fix execPath resolution for remote environments (terminalSandboxService.ts) — Use remoteEnv.execPath directly instead of constructing a path to a node binary

5. Configurable idle poll interval

• New chat.tools.terminal.idlePollInterval setting (default: 1000ms, range: 50–10000ms)
• All three execute strategies read this setting instead of hardcoding 1000ms
• Enables integration tests to use fast polling (50ms) to reduce test overhead

6. Cosmetic fix: suppress spurious "tool simplified the command" message

CommandLinePreventHistoryRewriter prepends a space to prevent shell history recording. This was triggering a "Note: The tool simplified the command to..." message. The comparison now normalizes display forms before diffing.

7. Address PR feedback: logging, performance, timeout

• Strip sensitive data from debug logs (log metadata only, not full output)
• Use array join instead of O(n²) string concat in stripNewLinesAndBuildMapping
• Add 5s timeout to cursor-move wait to prevent indefinite hangs
• Align shellIntegrationTimeout descriptions (0 = skip the wait)

8. Install bubblewrap and socat in Linux CI pipelines

These packages are required for terminal sandbox integration tests on Linux.

9. Force /bin/bash over /bin/sh for copilot terminal profile

When the default terminal profile resolves to /bin/sh, shell integration cannot be injected (pty host warns: "Shell integration cannot be enabled for executable /bin/sh"). This causes loss of exit code detection and degrades sandbox failure analysis.

Added a /bin/sh → /bin/bash fallback in getCopilotProfile(), matching the existing cmd.exe → powershell.exe override pattern. This fixes both CI environments (where the user's shell may be /bin/sh) and real users whose default profile resolves to /bin/sh.

Tests

Unit tests

• strategyHelpers.test.ts — 20+ test cases for stripCommandEchoAndPrompt() covering bash, zsh, PowerShell, wrapped commands, sandbox-wrapped commands, edge cases
• sandboxOutputAnalyzer.test.ts — Tests for outputLooksSandboxBlocked() heuristic detection
• noneExecuteStrategy.test.ts — Strategy-level tests verifying "Command produced no output" and no sandbox wrapper leaks

Integration tests

• chat.runInTerminal.test.ts — Comprehensive tests running under both shell integration modes (SI on/off), covering echo output, no-output commands, multi-line output, non-zero exit codes, special characters, and sandbox scenarios

cc @Tyriar @meganrogge

[Copilot]

Pull request overview

This PR fixes run_in_terminal tool output sanitization when marker-based capture includes the echoed sandbox-wrapper command and the next prompt (most visible when the actual command produces no stdout/stderr), and adds configuration/testing support to reduce idle-detection latency in tests.

Changes:

• Add stripCommandEchoAndPrompt() and apply it to marker-based output in NoneExecuteStrategy and BasicExecuteStrategy.
• Introduce chat.tools.terminal.idlePollInterval and thread it through all execute strategies; extend trackIdleOnPrompt with a configurable fallback.
• Update command-edit note detection to ignore cosmetic rewrites, allow terminal.integrated.shellIntegration.timeout=0, and add unit/integration coverage.

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/executeStrategy/strategyHelpers.ts	Adds output stripping helper for command echo + prompt removal.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/executeStrategy/noneExecuteStrategy.ts	Uses configurable idle polling + strips echo/prompt from marker output.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/executeStrategy/basicExecuteStrategy.ts	Uses configurable idle polling + strips echo/prompt from marker output.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/executeStrategy/richExecuteStrategy.ts	Uses configurable idle polling for idle-on-prompt fallback.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/executeStrategy/executeStrategy.ts	Adds optional promptFallbackMs to trackIdleOnPrompt.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/runInTerminalTool.ts	Avoids “tool simplified the command” note for cosmetic rewrites by comparing display-normalized forms.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalChatAgentToolsConfiguration.ts	Adds chat.tools.terminal.idlePollInterval setting metadata.
src/vs/workbench/contrib/terminal/common/terminalEnvironment.ts	Allows terminal.integrated.shellIntegration.timeout=0 to produce a 0ms wait.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/strategyHelpers.test.ts	Unit tests for stripCommandEchoAndPrompt().
src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/noneExecuteStrategy.test.ts	Unit tests ensuring no-output cases don’t leak sandbox wrapper text.
extensions/vscode-api-tests/src/singlefolder-tests/chat.runInTerminal.test.ts	Integration coverage for shell integration on/off and sandbox scenarios.

Comments suppressed due to low confidence (1)

src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/noneExecuteStrategy.test.ts:109

• Same issue as above: NoneExecuteStrategy now requires an IConfigurationService, but the test calls the constructor with only three arguments, which will fail to compile / mis-wire dependencies. Please adjust this instantiation to provide IConfigurationService (ideally via instantiationService + TestConfigurationService).

		const logService = createLogService();
		const strategy = store.add(new NoneExecuteStrategy(instance, () => false, logService));
		const cts = store.add(new CancellationTokenSource());

[Copilot]

Pull request overview

Copilot reviewed 22 out of 22 changed files in this pull request and generated 5 comments.