Enabling sandboxing for terminal commands execution through copilot chat.

package.json

@@ -72,6 +72,7 @@
     "update-build-ts-version": "npm install -D typescript@next && npm install -D @typescript/native-preview && (cd build && npm run typecheck)"
   },
   "dependencies": {
+    "@anthropic-ai/sandbox-runtime": "^0.0.13",
     "@microsoft/1ds-core-js": "^3.2.13",
     "@microsoft/1ds-post-js": "^3.2.13",
     "@types/semver": "^7.5.8",

src/vs/platform/storage/test/electron-main/storageMainService.test.ts

@@ -48,6 +48,7 @@ suite('StorageMainService', function () {
 		promptsHome: joinPath(inMemoryProfileRoot, 'promptsHome'),
 		extensionsResource: joinPath(inMemoryProfileRoot, 'extensionsResource'),
 		cacheHome: joinPath(inMemoryProfileRoot, 'cache'),
+		sandboxSettingsResource: joinPath(inMemoryProfileRoot, 'sandbox-settings.json')
 	};
 
 	class TestStorageMainService extends StorageMainService {

src/vs/platform/terminal/common/terminal.ts

@@ -19,6 +19,22 @@ import type { IAction } from '../../../base/common/actions.js';
 import type { IDisposable } from '../../../base/common/lifecycle.js';
 import type { SingleOrMany } from '../../../base/common/types.js';
 
+/**
+ * Local type definition for sandbox runtime configuration to avoid importing external package
+ * in the common layer. The actual type should match @anthropic-ai/sandbox-runtime.
+ */
+export interface ISandboxRuntimeConfig {
+	network?: {
+		allowedDomains?: string[];
+		deniedDomains?: string[];
+	};
+	filesystem?: {
+		denyRead?: string[];
+		allowWrite?: string[];
+		denyWrite?: string[];
+	};
+}
+
 export const enum TerminalSettingPrefix {
 	AutomationProfile = 'terminal.integrated.automationProfile.',
 	DefaultProfile = 'terminal.integrated.defaultProfile.',
@@ -670,6 +686,20 @@ export interface IShellLaunchConfig {
 	shellIntegrationNonce?: string;
 }
 
+export interface ISandboxTerminalSettings {
+	enabled?: boolean;
+	network?: {
+		allowedDomains?: string[];
+		deniedDomains?: string[];
+	};
+	filesystem?: {
+		denyRead?: string[];
+		allowWrite?: string[];
+		denyWrite?: string[];
+	};
+}
+
+
 export interface ITerminalTabAction {
 	id: string;
 	label: string;
@@ -710,6 +740,8 @@ export interface IShellLaunchConfigDto {
 	isFeatureTerminal?: boolean;
 	tabActions?: ITerminalTabAction[];
 	shellIntegrationEnvironmentReporting?: boolean;
+	sandboxed?: boolean;
+	sandboxSettings?: ISandboxRuntimeConfig;
 }
 
 /**
@@ -727,6 +759,7 @@ export interface ITerminalProcessOptions {
 	environmentVariableCollections: ISerializableEnvironmentVariableCollections | undefined;
 	workspaceFolder: IWorkspaceFolder | undefined;
 	isScreenReaderOptimized: boolean;
+	sandboxSettings?: ISandboxRuntimeConfig;
 }
 
 export interface ITerminalEnvironment {
@@ -918,6 +951,8 @@ export interface ITerminalProfile {
 	overrideName?: boolean;
 	color?: string;
 	icon?: ThemeIcon | URI | { light: URI; dark: URI };
+	sandboxed?: boolean;
+	sandboxSettings?: ISandboxRuntimeConfig;
 }
 
 export interface ITerminalDimensionsOverride extends Readonly<ITerminalDimensions> {

src/vs/platform/terminal/common/terminalPlatformConfiguration.ts

@@ -59,6 +59,51 @@ export const terminalProfileBaseProperties: IJSONSchemaMap = {
 	}
 };
 
+export const terminalSandboxPropertySchema: IJSONSchemaMap = {
+	filesystem: {
+		type: 'object',
+		description: localize('terminalSandbox.fileSystem', "Controls file system access in the terminal sandbox."),
+		properties: {
+			allowWrite: {
+				type: 'array',
+				description: localize('terminalSandbox.fileSystem.allowedPaths', "List of allowed file system paths."),
+				items: { type: 'string' },
+				default: []
+			},
+			denyRead: {
+				type: 'array',
+				description: localize('terminalSandbox.fileSystem.deniedPaths', "List of denied file system paths."),
+				items: { type: 'string' },
+				default: []
+			},
+			denyWrite: {
+				type: 'array',
+				description: localize('terminalSandbox.fileSystem.deniedWritePaths', "List of denied file system write paths."),
+				items: { type: 'string' },
+				default: []
+			}
+		}
+	},
+	network: {
+		type: 'object',
+		description: localize('terminalSandbox.network', "Controls network access in the terminal sandbox."),
+		properties: {
+			allowedDomains: {
+				type: 'array',
+				description: localize('terminalSandbox.network.allowedHosts', "List of allowed network hosts."),
+				items: { type: 'string' },
+				default: []
+			},
+			deniedDomains: {
+				type: 'array',
+				description: localize('terminalSandbox.network.deniedDomains', "List of denied network domains."),
+				items: { type: 'string' },
+				default: []
+			}
+		}
+	}
+};
+
 const terminalProfileSchema: IJSONSchema = {
 	type: 'object',
 	required: ['path'],

src/vs/platform/userData/common/fileUserDataProvider.ts

@@ -65,6 +65,7 @@ export class FileUserDataProvider extends Disposable implements
 			this.atomicReadWriteResources.add(profile.keybindingsResource);
 			this.atomicReadWriteResources.add(profile.tasksResource);
 			this.atomicReadWriteResources.add(profile.extensionsResource);
+			this.atomicReadWriteResources.add(profile.sandboxSettingsResource);
 		}
 	}
 

src/vs/platform/userDataProfile/common/userDataProfile.ts

@@ -56,6 +56,7 @@ export interface IUserDataProfile {
 	readonly useDefaultFlags?: UseDefaultProfileFlags;
 	readonly isTransient?: boolean;
 	readonly workspaces?: readonly URI[];
+	readonly sandboxSettingsResource: URI;
 }
 
 export function isUserDataProfile(thing: unknown): thing is IUserDataProfile {
@@ -145,6 +146,7 @@ export function reviveProfile(profile: UriDto<IUserDataProfile>, scheme: string)
 		useDefaultFlags: profile.useDefaultFlags,
 		isTransient: profile.isTransient,
 		workspaces: profile.workspaces?.map(w => URI.revive(w)),
+		sandboxSettingsResource: URI.revive(profile.sandboxSettingsResource).with({ scheme })
 	};
 }
 
@@ -167,6 +169,7 @@ export function toUserDataProfile(id: string, name: string, location: URI, profi
 		useDefaultFlags: options?.useDefaultFlags,
 		isTransient: options?.transient,
 		workspaces: options?.workspaces,
+		sandboxSettingsResource: joinPath(location, 'sandbox-settings.json')
 	};
 }
 

src/vs/workbench/contrib/chat/browser/widget/chatContentParts/toolInvocationParts/chatTerminalToolProgressPart.ts

@@ -49,6 +49,8 @@ import { removeAnsiEscapeCodes } from '../../../../../../../base/common/strings.
 import { PANEL_BACKGROUND } from '../../../../../../common/theme.js';
 import { editorBackground } from '../../../../../../../platform/theme/common/colorRegistry.js';
 import { IThemeService } from '../../../../../../../platform/theme/common/themeService.js';
+import { ISandboxUtility } from '../../../../common/sandboxUtility.js';
+
 
 const MIN_OUTPUT_ROWS = 1;
 const MAX_OUTPUT_ROWS = 10;
@@ -242,6 +244,7 @@ export class ChatTerminalToolProgressPart extends BaseChatToolInvocationSubPart
 		@IContextKeyService private readonly _contextKeyService: IContextKeyService,
 		@IChatWidgetService private readonly _chatWidgetService: IChatWidgetService,
 		@IKeybindingService private readonly _keybindingService: IKeybindingService,
+		@ISandboxUtility private readonly _sandboxUtility: ISandboxUtility,
 	) {
 		super(toolInvocation);
 
@@ -453,7 +456,7 @@ export class ChatTerminalToolProgressPart extends BaseChatToolInvocationSubPart
 			showOutputAction = this._instantiationService.createInstance(ToggleChatTerminalOutputAction, () => this._toggleOutputFromAction());
 			this._showOutputAction.value = showOutputAction;
 			const exitCode = resolvedCommand?.exitCode ?? this._terminalData.terminalCommandState?.exitCode;
-			if (exitCode) {
+			if (exitCode && !this._sandboxUtility.isEnabled()) {
 				this._toggleOutput(true);
 			}
 		}