Repeated "Allow file modification/read-only tools outside workspace" Prompts in Trusted SFTP/GVFS Remote Workspace Despite Approvals (Amazon Q Developer)

[vanzway]

Problem

Repeated "Allow file modification outside of your workspace" and "Allow read-only tools outside your workspace" prompts appear in Amazon Q Developer (VS Code extension) when working in a trusted SFTP/GVFS remote workspace. These prompts reoccur per tool call (e.g., fsReplace in agentic chats) despite prior approvals in the same session and workspace trust settings. This appears to be caused by SFTP/GVFS remote mounts being treated as "external" by VS Code/Amazon Q security, even when the workspace is trusted. No errors appear in logs—all operations show "Succeeded"—but high latencies during tool calls (e.g., 61s E2E) suggest delays from permission checks or remote access.

Steps to reproduce the issue

Expected behavior

Permissions should persist after approval in trusted workspaces with no repeated prompts for the same tool/session. SFTP/GVFS remote filesystems within trusted workspaces should not be flagged as "outside workspace."

Desired solution:

• Persistent tool permissions at the workspace level (e.g., "Always Allow" for fs_read/fsReplace in trusted remotes)
• Better handling of virtual/remote filesystems like GVFS/SFTP to avoid misflagging as "outside workspace"
• IDE equivalent to Amazon Q CLI's /tools trust for session-persistent approvals

System details (run AWS: About and/or Amazon Q: About)

• OS: Ubuntu 24.04.3 LTS
• Visual Studio Code version: 1.109.0
• AWS Toolkit version: [Insert your version]
• Amazon Q version: 1.109.0 2026-01-29
• Remote Setup: SFTP via GVFS
• Workspace Path: /run/user/1000/gvfs/sftp:host=localhost,port=2222/home/user/myproject

Additional Context:

Sample log excerpts showing repeated permission approvals:

[Info  - 11:25:54] [VSCode Client] Received {"command":"aws/chat/buttonClick","params":{"tabId":"l79lqn","messageId":"tooluse_HWUmIC2pYwkN98tnyryD3j_permission","buttonId":"allow-tools"}}
[Info  - 11:26:21] [VSCode Client] Received {"command":"aws/chat/buttonClick","params":{"tabId":"l79lqn","messageId":"tooluse_sC3JUltwoKlT4TjBP9QuSP_permission","buttonId":"allow-tools"}}

Tool invocations showing high latencies:

[Info  - 11:25:55] [VSCode Telemetry] Emitting amazonq_toolUseSuggested ... "cwsprToolName":"fsReplace","perfE2ELatency":61744
[Info  - 11:26:21] [VSCode Telemetry] Emitting amazonq_toolUseSuggested ... "cwsprToolName":"fsReplace","perfE2ELatency":20347

[briancodes]

I'm seeing similar in VSCode, started today 6th Feb, for local repos on the system

MacOS 26
VSCode 1.108.2
Amazon Q Extension: 1.109.0

Allow read-only tools outside your workspace
I need permission to read files outside the workspace.

[ed-dev-io]

I am seeing similar in VS Code, started today 7th Feb.

macOS Sonoma 14.2
VS Code: Version: 1.109.0 (Universal) Commit: bdd88df003631aaa0bcbe057cb0a940b80a476
Amazon Q Extension: 1.109.0

I did try a rollback to previous Q version: 1.108.0 but thats didn't fix it.

Amazon Q says I should include the following:
Permission prompts appear every time
Happens even after reinstall and rollback
Workspace folder is properly configured in VS Code

[luiz-garrido]

Same on my end, started Feb, 6th.

OS: Rocky Linux 9.6 - Linux x64 5.14.0-570.49.1.el9_6.x86_64
VS code: 1.109.0 - Commit: bdd88df003631aaa0bcbe057cb0a940b80a476fa
Amazon Q: 1.109.0