Skip to content

Reverting sandbox manager changes in main.#302625

Merged
dileepyavan merged 3 commits intomainfrom
DileepY/revert_notifications_main
Mar 18, 2026
Merged

Reverting sandbox manager changes in main.#302625
dileepyavan merged 3 commits intomainfrom
DileepY/revert_notifications_main

Conversation

@dileepyavan
Copy link
Member

@dileepyavan dileepyavan commented Mar 18, 2026

Revert PR due to issues in macos

Copilot AI review requested due to automatic review settings March 18, 2026 01:16
@dileepyavan dileepyavan enabled auto-merge (squash) March 18, 2026 01:16
@vs-code-engineering
Copy link
Contributor

vs-code-engineering bot commented Mar 18, 2026
edited
Loading

📬 CODENOTIFY

The following users are being notified based on files changed in this PR:

@bpasero

Matched files:

  • src/vs/code/electron-main/app.ts

@deepak1556

Matched files:

  • src/vs/code/electron-main/app.ts

@dileepyavan dileepyavan disabled auto-merge March 18, 2026 01:17
@vs-code-engineering vs-code-engineering bot added this to the 1.113.0 milestone Mar 18, 2026
@dileepyavan dileepyavan enabled auto-merge (squash) March 18, 2026 01:21
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR reverts/backs out the prior “sandbox manager” approach after macOS issues by removing the sandbox helper IPC/services and shifting terminal sandboxing toward generating a sandbox-runtime settings file + wrapping commands directly. It also updates related tests and defaults.

Changes:

  • Remove ISandboxHelperService/IPC plumbing (electron-main + server) and related platform sandbox helper implementations.
  • Rework terminal sandboxing to create a sandbox config file and wrap commands via the sandbox-runtime CLI, adjusting rewriters/analyzers and tests.
  • Update config defaults (trusted domains) and tweak loader/lint configuration.

Reviewed changes

Copilot reviewed 21 out of 21 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/electron-browser/runInTerminalTool.test.ts Updates sandbox service stubs to match new interface.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/electron-browser/commandLineSandboxRewriter.test.ts Adjusts expectations for config initialization and sync wrapping.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/terminalSandboxService.test.ts Refactors tests to validate settings file creation + quoting behavior.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/sandboxedCommandLinePresenter.test.ts Updates sandbox service stub; removes a presenter behavior test.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/sandboxOutputAnalyzer.test.ts Removes analyzer tests (file deleted).
src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalSandboxService.ts Replaces helper-service-based sandboxing with config-file creation + CLI wrapping.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalChatAgentToolsConfiguration.ts Changes default allowTrustedDomains to false.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/sandboxOutputAnalyzer.ts Simplifies sandbox failure guidance (no longer parses output for write-path suggestions).
src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineRewriter/commandLineSandboxRewriter.ts Ensures sandbox config exists before wrapping; uses sync wrapCommand.
src/vs/workbench/contrib/terminal/electron-browser/terminal.contribution.ts Removes sandbox helper service import side effect.
src/vs/workbench/contrib/mcp/common/mcpServerConnection.ts Replaces shared sandbox filesystem error helper with local regex detection.
src/vs/server/node/serverServices.ts Removes sandbox helper service/channel registration on the server.
src/vs/platform/sandbox/node/sandboxHelperService.ts Deletes node sandbox helper implementation.
src/vs/platform/sandbox/node/sandboxHelperChannel.ts Deletes sandbox helper IPC channel implementation.
src/vs/platform/sandbox/electron-browser/sandboxHelperService.ts Deletes electron-browser registration for sandbox helper remote service.
src/vs/platform/sandbox/common/sandboxHelperService.ts Deletes common sandbox helper service decorator/interface.
src/vs/platform/sandbox/common/sandboxHelperIpc.ts Deletes sandbox helper IPC contract/types.
src/vs/platform/sandbox/common/sandboxErrorAnalysis.ts Deletes shared sandbox filesystem error analysis helper.
src/vs/code/electron-main/app.ts Removes sandbox helper service wiring/channel registration in electron-main.
src/bootstrap-import.ts Forces loader redirect results to commonjs format.
eslint.config.js Removes node-layer allowlist entries for external deps.
Comments suppressed due to low confidence (3)

eslint.config.js:1464

  • local/code-import-patterns removed @github/copilot-sdk from the node-layer allowlist, but the repo still imports it (e.g. src/vs/platform/agentHost/node/copilot/copilotAgent.ts). This will reintroduce ESLint warnings/errors for those imports. Please re-add @github/copilot-sdk to the hasNode allow list (or adjust the rule scope if this dependency is intended to be banned).
					// - electron-main
					'when': 'hasNode',
					'allow': [
						'@github/copilot-sdk',
						'@parcel/watcher',
						'@vscode/sqlite3',
						'@vscode/vscode-languagedetection',
						'@vscode/ripgrep',
						'@vscode/iconv-lite-umd',

src/vs/workbench/contrib/mcp/common/mcpServerConnection.ts:170

  • The new filesystem detection regex is both narrower (e.g. no longer matches common phrases like "permission denied"/"operation not permitted"/"cannot access") and broader in risky ways (e.g. fail(?:ed|ure)? can match many non-filesystem failures). This can lead to missed sandbox block detection or misclassification. Please tighten the pattern (drop generic fail* and add back the key filesystem phrases/codes) or restore a shared helper equivalent to the previous isSandboxFilesystemError implementation.
		if (/(?:\b(?:EACCES|EPERM|ENOENT|EROFS|fail(?:ed|ure)?)\b|not accessible|read[- ]only)/i.test(message)) {
			return {
				kind: 'filesystem',
				message,
				path: this._extractSandboxPath(message),
			};

src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/sandboxedCommandLinePresenter.test.ts:53

  • This test removal drops coverage for an existing behavior that still appears to be implemented (SandboxedCommandLinePresenter prefers commandLine.original when present). If the original field is still part of ICommandLinePresentationInput, consider keeping an assertion for this to prevent regressions (or remove the original handling from the presenter if it’s no longer relevant).
		strictEqual(result.languageDisplayName, undefined);
	});

	test('should return command line for non-sandboxed command when enabled', async () => {
		const presenter = createPresenter();
		const commandLine = 'echo hello';
		const result = await presenter.present({
			commandLine: { forDisplay: commandLine },
			shell: 'bash',
			os: OperatingSystem.Linux
		});
		ok(result);

You can also share your feedback on Copilot code review. Take the survey.

@dileepyavan dileepyavan merged commit 8a3bfca into main Mar 18, 2026
20 checks passed
@dileepyavan dileepyavan deleted the DileepY/revert_notifications_main branch March 18, 2026 01:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@vijayupadya vijayupadya vijayupadya approved these changes

Assignees

@dileepyavan dileepyavan

Labels

None yet

Projects

None yet

Milestone

1.113.0

Development

Successfully merging this pull request may close these issues.

3 participants

@dileepyavan @vijayupadya