Enabling sandboxing for terminal commands execution through copilot chat.

package.json

@@ -73,6 +73,7 @@
     "update-build-ts-version": "npm install -D typescript@next && npm install -D @typescript/native-preview && (cd build && npm run typecheck)"
   },
   "dependencies": {
+    "@anthropic-ai/sandbox-runtime": "0.0.23",
     "@microsoft/1ds-core-js": "^3.2.13",
     "@microsoft/1ds-post-js": "^3.2.13",
     "@parcel/watcher": "^2.5.4",
@@ -240,4 +241,4 @@
   "optionalDependencies": {
     "windows-foreground-love": "0.5.0"
   }
-}
+}

src/vs/platform/terminal/common/terminal.ts

@@ -19,6 +19,22 @@ import type { IAction } from '../../../base/common/actions.js';
 import type { IDisposable } from '../../../base/common/lifecycle.js';
 import type { SingleOrMany } from '../../../base/common/types.js';
 
+/**
+ * Local type definition for sandbox runtime configuration to avoid importing external package
+ * in the common layer. The actual type should match @anthropic-ai/sandbox-runtime.
+ */
+export interface ITerminalSandboxRuntimeConfig {
+	network?: {
+		allowedDomains?: string[];
+		deniedDomains?: string[];
+	};
+	filesystem?: {
+		denyRead?: string[];
+		allowWrite?: string[];
+		denyWrite?: string[];
+	};
+}
+
 export const enum TerminalSettingPrefix {
 	AutomationProfile = 'terminal.integrated.automationProfile.',
 	DefaultProfile = 'terminal.integrated.defaultProfile.',
@@ -673,6 +689,11 @@ export interface IShellLaunchConfig {
 	shellIntegrationNonce?: string;
 }
 
+export interface ITerminalSandboxSettings extends ITerminalSandboxRuntimeConfig {
+	enabled?: boolean;
+}
+
+
 export interface ITerminalTabAction {
 	id: string;
 	label: string;
@@ -730,6 +751,7 @@ export interface ITerminalProcessOptions {
 	environmentVariableCollections: ISerializableEnvironmentVariableCollections | undefined;
 	workspaceFolder: IWorkspaceFolder | undefined;
 	isScreenReaderOptimized: boolean;
+	sandboxSettings?: ITerminalSandboxRuntimeConfig;
 }
 
 export interface ITerminalEnvironment {
@@ -921,6 +943,8 @@ export interface ITerminalProfile {
 	overrideName?: boolean;
 	color?: string;
 	icon?: ThemeIcon | URI | { light: URI; dark: URI };
+	sandboxed?: boolean;
+	sandboxSettings?: ITerminalSandboxRuntimeConfig;
 }
 
 export interface ITerminalDimensionsOverride extends Readonly<ITerminalDimensions> {

src/vs/workbench/contrib/terminal/common/terminalSandboxService.ts

@@ -0,0 +1,130 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+import { isNative, OperatingSystem, OS } from '../../../../base/common/platform.js';
+import { createDecorator } from '../../../../platform/instantiation/common/instantiation.js';
+import { ITerminalSandboxSettings } from '../../../../platform/terminal/common/terminal.js';
+import { ILogService } from '../../../../platform/log/common/log.js';
+import { IConfigurationService } from '../../../../platform/configuration/common/configuration.js';
+import { dirname, join } from '../../../../base/common/path.js';
+import { FileAccess } from '../../../../base/common/network.js';
+import { URI } from '../../../../base/common/uri.js';
+import { IFileService } from '../../../../platform/files/common/files.js';
+import { VSBuffer } from '../../../../base/common/buffer.js';
+import { joinPath } from '../../../../base/common/resources.js';
+import { generateUuid } from '../../../../base/common/uuid.js';
+import { IEnvironmentService } from '../../../../platform/environment/common/environment.js';
+import { TerminalContribSettingId } from '../terminalContribExports.js';
+import { IRemoteAgentService } from '../../../services/remote/common/remoteAgentService.js';
+
+export const ITerminalSandboxService = createDecorator<ITerminalSandboxService>('terminalSandboxService');
+
+export interface ITerminalSandboxService {
+	readonly _serviceBrand: undefined;
+	isEnabled(): boolean;
+	wrapCommand(command: string): string;
+	getSandboxConfigPath(forceRefresh?: boolean): Promise<string | undefined>;
+	getTempDir(): URI | undefined;
+	setNeedsForceUpdateConfigFile(): void;
+}
+
+export class TerminalSandboxService implements ITerminalSandboxService {
+	readonly _serviceBrand: undefined;
+	private _srtPath: string;
+	private _sandboxConfigPath: string | undefined;
+	private _needsForceUpdateConfigFile = true;
+	private _tempDir: URI | undefined;
+	private _sandboxSettingsId: string | undefined;
+	private _os: OperatingSystem = OS;
+
+
+	constructor(
+		@IConfigurationService private readonly _configurationService: IConfigurationService,
+		@IFileService private readonly _fileService: IFileService,
+		@IEnvironmentService private readonly _environmentService: IEnvironmentService,
+		@ILogService private readonly _logService: ILogService,
+		@IRemoteAgentService private readonly _remoteAgentService: IRemoteAgentService,
+	) {
+		const appRoot = dirname(FileAccess.asFileUri('').fsPath);
+		this._srtPath = join(appRoot, 'node_modules', '.bin', 'srt');
+		this._sandboxSettingsId = generateUuid();
+		this._initTempDir();
+		this._remoteAgentService.getEnvironment().then(remoteEnv => this._os = remoteEnv?.os ?? OS);
+	}
+
+	public isEnabled(): boolean {
+		if (this._os === OperatingSystem.Windows) {
+			return false;
+		}
+		return this._configurationService.getValue<boolean>(TerminalContribSettingId.TerminalSandboxEnabled);
+	}
+
+	public wrapCommand(command: string): string {
+		if (!this._sandboxConfigPath || !this._tempDir) {
+			throw new Error('Sandbox config path or temp dir not initialized');
+		}
+		return `"${this._srtPath}" TMPDIR=${this._tempDir.fsPath} --settings "${this._sandboxConfigPath}" "${command}"`;
+	}
+
+	public getTempDir(): URI | undefined {
+		return this._tempDir;
+	}
+
+	public setNeedsForceUpdateConfigFile(): void {
+		this._needsForceUpdateConfigFile = true;
+	}
+
+	public async getSandboxConfigPath(forceRefresh: boolean = false): Promise<string | undefined> {
+		if (!this._sandboxConfigPath || forceRefresh || this._needsForceUpdateConfigFile) {
+			this._sandboxConfigPath = await this._createSandboxConfig();
+			this._needsForceUpdateConfigFile = false;
+		}
+		return this._sandboxConfigPath;
+	}
+
+	private async _createSandboxConfig(): Promise<string | undefined> {
+
+		if (this.isEnabled() && !this._tempDir) {
+			this._initTempDir();
+		}
+		if (this._tempDir) {
+			const networkSetting = this._configurationService.getValue<ITerminalSandboxSettings['network']>(TerminalContribSettingId.TerminalSandboxNetwork) ?? {};
+			const linuxFileSystemSetting = this._os === OperatingSystem.Linux
+				? this._configurationService.getValue<ITerminalSandboxSettings['filesystem']>(TerminalContribSettingId.TerminalSandboxLinuxFileSystem) ?? {}
+				: {};
+			const macFileSystemSetting = this._os === OperatingSystem.Macintosh
+				? this._configurationService.getValue<ITerminalSandboxSettings['filesystem']>(TerminalContribSettingId.TerminalSandboxMacFileSystem) ?? {}
+				: {};
+			const configFileUri = joinPath(this._tempDir, `vscode-sandbox-settings-${this._sandboxSettingsId}.json`);
+			const sandboxSettings = {
+				network: {
+					allowedDomains: networkSetting.allowedDomains ?? [],
+					deniedDomains: networkSetting.deniedDomains ?? []
+				},
+				filesystem: {
+					denyRead: this._os === OperatingSystem.Macintosh ? macFileSystemSetting.denyRead : linuxFileSystemSetting.denyRead,
+					allowWrite: this._os === OperatingSystem.Macintosh ? macFileSystemSetting.allowWrite : linuxFileSystemSetting.allowWrite,
+					denyWrite: this._os === OperatingSystem.Macintosh ? macFileSystemSetting.denyWrite : linuxFileSystemSetting.denyWrite,
+				}
+			};
+			this._sandboxConfigPath = configFileUri.fsPath;
+			await this._fileService.createFile(configFileUri, VSBuffer.fromString(JSON.stringify(sandboxSettings, null, '\t')), { overwrite: true });
+			return this._sandboxConfigPath;
+		}
+		return undefined;
+	}
+
+	private _initTempDir(): void {
+		if (this.isEnabled() && isNative) {
+			this._needsForceUpdateConfigFile = true;
+			const environmentService = this._environmentService as IEnvironmentService & { tmpDir?: URI };
+			this._tempDir = environmentService.tmpDir;
+			if (!this._tempDir) {
+				this._logService.warn('TerminalSandboxService: Cannot create sandbox settings file because no tmpDir is available in this environment');
+				return;
+			}
+		}
+	}
+}

src/vs/workbench/contrib/terminal/terminalContribExports.ts

@@ -43,7 +43,11 @@ export const enum TerminalContribSettingId {
 	AutoApprove = TerminalChatAgentToolsSettingId.AutoApprove,
 	EnableAutoApprove = TerminalChatAgentToolsSettingId.EnableAutoApprove,
 	ShellIntegrationTimeout = TerminalChatAgentToolsSettingId.ShellIntegrationTimeout,
-	OutputLocation = TerminalChatAgentToolsSettingId.OutputLocation
+	OutputLocation = TerminalChatAgentToolsSettingId.OutputLocation,
+	TerminalSandboxEnabled = TerminalChatAgentToolsSettingId.TerminalSandboxEnabled,
+	TerminalSandboxNetwork = TerminalChatAgentToolsSettingId.TerminalSandboxNetwork,
+	TerminalSandboxLinuxFileSystem = TerminalChatAgentToolsSettingId.TerminalSandboxLinuxFileSystem,
+	TerminalSandboxMacFileSystem = TerminalChatAgentToolsSettingId.TerminalSandboxMacFileSystem,
 }
 
 // HACK: Export some context key strings from `terminalContrib/` that are depended upon elsewhere.

src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/terminal.chatAgentTools.contribution.ts

@@ -29,6 +29,14 @@ import { RunInTerminalTool, createRunInTerminalToolData } from './tools/runInTer
 import { CreateAndRunTaskTool, CreateAndRunTaskToolData } from './tools/task/createAndRunTaskTool.js';
 import { GetTaskOutputTool, GetTaskOutputToolData } from './tools/task/getTaskOutputTool.js';
 import { RunTaskTool, RunTaskToolData } from './tools/task/runTaskTool.js';
+import { InstantiationType, registerSingleton } from '../../../../../platform/instantiation/common/extensions.js';
+import { ITerminalSandboxService, TerminalSandboxService } from '../../../terminal/common/terminalSandboxService.js';
+
+// #region Services
+
+registerSingleton(ITerminalSandboxService, TerminalSandboxService, InstantiationType.Delayed);
+
+// #endregion Services
 
 class ShellIntegrationTimeoutMigrationContribution extends Disposable implements IWorkbenchContribution {
 	static readonly ID = 'terminal.shellIntegrationTimeoutMigration';