Skip to content

Enabling sandboxing for terminal commands execution through copilot chat. #280236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dileepyavan merged 34 commits into from
Jan 16, 2026
Merged

Enabling sandboxing for terminal commands execution through copilot chat. #280236

dileepyavan merged 34 commits into from
Jan 16, 2026
+393 −25

Conversation

@dileepyavan
Copy link
Member

@dileepyavan dileepyavan commented Dec 1, 2025
edited
Loading

fixes #277286

Copilot AI review requested due to automatic review settings December 1, 2025 05:08
Copilot AI reviewed Dec 1, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds sandboxing functionality for terminal command execution through Copilot chat. It introduces a new setting that allows commands run via the "run in terminal" tool to be executed in a sandboxed environment using the @anthropic-ai/sandbox-runtime package (via the srt CLI tool). The feature is designed for Linux and macOS only.

Key Changes:

  • Adds sandboxSettingsResource to user data profiles to store sandbox configuration files
  • Introduces a new experimental setting chat.tools.terminal.sandbox to control sandboxing behavior with filesystem and network restrictions
  • Implements logic to wrap terminal commands with the srt sandboxing tool and provides a retry mechanism when sandboxed commands fail

Reviewed changes

Copilot reviewed 24 out of 25 changed files in this pull request and generated 31 comments.

Show a summary per file
File Description
src/vs/platform/userDataProfile/common/userDataProfile.ts Adds sandboxSettingsResource property to IUserDataProfile interface for storing sandbox configuration
src/vs/platform/terminal/common/terminal.ts Defines sandbox-related interfaces (ISandboxRuntimeConfig, ISandboxTerminalSettings) and adds sandbox properties to shell launch config
src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalChatAgentToolsConfiguration.ts Adds schema for the new chat.tools.terminal.sandbox setting with filesystem and network access controls
src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/runInTerminalTool.ts Main implementation: wraps commands with srt, manages sandbox config files, handles retry without sandboxing
src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/terminal.chatAgentTools.contribution.ts Registers retry action that allows users to re-run failed commands without sandboxing
src/vs/platform/terminal/node/terminalEnvironment.ts Adds shell integration support for sandboxed bash terminals on Windows
package.json / package-lock.json Adds @anthropic-ai/sandbox-runtime dependency (v0.0.13)
Test files (multiple) Updates test fixtures to include the new sandboxSettingsResource property
.vscode/launch.json Adds debugging configuration for ptyhost inspection

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

@dileepyavan dileepyavan marked this pull request as ready for review December 1, 2025 15:58
@vs-code-engineering
Copy link

vs-code-engineering bot commented Dec 1, 2025

📬 CODENOTIFY

The following users are being notified based on files changed in this PR:

@bpasero

Matched files:

  • src/vs/platform/storage/test/electron-main/storageMainService.test.ts
  • src/vs/workbench/services/storage/test/browser/storageService.test.ts
  • src/vs/workbench/services/workingCopy/test/electron-browser/workingCopyBackupService.test.ts

@vs-code-engineering vs-code-engineering bot added this to the November 2025 milestone Dec 1, 2025
bpasero
bpasero previously requested changes Dec 1, 2025
View reviewed changes
Copy link
Member

@bpasero bpasero left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would like to learn more what a sandboxSettingsResource is and what the new dependency is @anthropic-ai/sandbox-runtime

Are we really pushing this in on the last day of the iteration?

@dileepyavan
Copy link
Member Author

dileepyavan commented Dec 1, 2025

I would like to learn more what a sandboxSettingsResource is and what the new dependency is @anthropic-ai/sandbox-runtime

Are we really pushing this in on the last day of the iteration?

Sure I can setup a call if needed. Daniel is OOF and I dont think it will go this week.

@dileepyavan dileepyavan force-pushed the DileepY/terminal_sandboxing branch from e5335e3 to 40882e1 Compare December 1, 2025 16:41
connor4312
connor4312 previously requested changes Dec 1, 2025
View reviewed changes
Tyriar
Tyriar requested changes Dec 7, 2025
View reviewed changes
Copy link
Member

@Tyriar Tyriar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't merge this without a proper review from me.

This was referenced Dec 10, 2025
Closed
Closed
Closed
Tyriar
Tyriar requested changes Jan 12, 2026
View reviewed changes
@Tyriar
Copy link
Member

Tyriar commented Jan 12, 2026

Overarching comment is to not change the style of the code you're in, that includes not adding whitespace, tweaking trailing commas, etc.

Also there are conflicts

@dileepyavan dileepyavan dismissed connor4312’s stale review January 15, 2026 02:56

Daniel is still reviewing

@dileepyavan dileepyavan enabled auto-merge (squash) January 15, 2026 06:49
Tyriar
Tyriar requested changes Jan 15, 2026
View reviewed changes
@Tyriar Tyriar requested a review from Copilot January 15, 2026 12:40
Copilot AI reviewed Jan 15, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 10 out of 11 changed files in this pull request and generated 11 comments.

Comments suppressed due to low confidence (3)

src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/runInTerminalTool.ts:864

  • Multiple consecutive blank lines (lines 859-860 and 863-864). According to VS Code style guidelines, there should be at most one blank line between code blocks. Remove the extra blank lines.


					}
				}


			} catch (e) {

src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/runInTerminalTool.ts:935

  • Extra blank line before method definition. Remove line 934 for consistency.

	private _handleTerminalVisibility(toolTerminal: IToolTerminal, chatSessionResource: URI) {

src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/runInTerminalTool.ts:965

  • Multiple consecutive blank lines (lines 963-964). Remove one blank line for consistency.


	private async _initForegroundTerminal(chatSessionResource: URI, termId: string, terminalToolSessionId: string | undefined, token: CancellationToken): Promise<IToolTerminal> {

Tyriar
Tyriar requested changes Jan 15, 2026
View reviewed changes
Tyriar
Tyriar requested changes Jan 16, 2026
View reviewed changes
Tyriar
Tyriar approved these changes Jan 16, 2026
View reviewed changes
src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalSandboxService.ts
private _needsForceUpdateConfigFile = true;
private _tempDir: URI | undefined;
private _sandboxSettingsId: string | undefined;
private _os: OperatingSystem = OS;
Copy link
Member

@Tyriar Tyriar Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You might want to make this a promise to avoid a possible race? You'd need isEnabled to be async then

Copy link
Member Author

@dileepyavan dileepyavan Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is kind of fire and forget approach that is set in the constructor during singleton creation. Want to keep the usage of isEnabled simple without async.

@dileepyavan dileepyavan dismissed bpasero’s stale review January 16, 2026 19:34

No pending review comments

@dileepyavan dileepyavan merged commit 8c0fe5e into main Jan 16, 2026
22 checks passed
@dileepyavan dileepyavan deleted the DileepY/terminal_sandboxing branch January 16, 2026 20:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Tyriar Tyriar Tyriar approved these changes

@bpasero bpasero bpasero left review comments

@connor4312 connor4312 Awaiting requested review from connor4312

Assignees

@Tyriar Tyriar

@connor4312 connor4312

@dileepyavan dileepyavan

Labels

None yet

Projects

None yet

Milestone

January 2026

Development

Successfully merging this pull request may close these issues.

Sandboxing terminal while running commands through agent.

5 participants

@dileepyavan @Tyriar @bpasero @connor4312