Merge pull request #284284 from microsoft/tyriar/270529

Add workspace and session allow options in terminal tool

Author: Tyriar

src/vs/workbench/contrib/chat/browser/widget/chatContentParts/toolInvocationParts/chatTerminalToolConfirmationSubPart.ts

@@ -55,6 +55,7 @@ export interface ITerminalNewAutoApproveRule {
 		approve: boolean;
 		matchCommandLine?: boolean;
 	};
+	scope: 'session' | 'workspace' | 'user';
 }
 
 export type TerminalNewAutoApproveButtonData = (
@@ -258,28 +259,65 @@ export class ChatTerminalToolConfirmationSubPart extends BaseChatToolInvocationS
 					}
 					case 'newRule': {
 						const newRules = asArray(data.rule);
-						const inspect = this.configurationService.inspect(TerminalContribSettingId.AutoApprove);
-						const oldValue = (inspect.user?.value as Record<string, unknown> | undefined) ?? {};
-						let newValue: Record<string, unknown>;
-						if (isObject(oldValue)) {
-							newValue = { ...oldValue };
-							for (const newRule of newRules) {
-								newValue[newRule.key] = newRule.value;
+
+						// Group rules by scope
+						const sessionRules = newRules.filter(r => r.scope === 'session');
+						const workspaceRules = newRules.filter(r => r.scope === 'workspace');
+						const userRules = newRules.filter(r => r.scope === 'user');
+
+						// Handle session-scoped rules (temporary, in-memory only)
+						const chatSessionId = this.context.element.sessionId;
+						for (const rule of sessionRules) {
+							this.terminalChatService.addSessionAutoApproveRule(chatSessionId, rule.key, rule.value);
+						}
+
+						// Handle workspace-scoped rules
+						if (workspaceRules.length > 0) {
+							const inspect = this.configurationService.inspect(TerminalContribSettingId.AutoApprove);
+							const oldValue = (inspect.workspaceValue as Record<string, unknown> | undefined) ?? {};
+							if (isObject(oldValue)) {
+								const newValue: Record<string, unknown> = { ...oldValue };
+								for (const rule of workspaceRules) {
+									newValue[rule.key] = rule.value;
+								}
+								await this.configurationService.updateValue(TerminalContribSettingId.AutoApprove, newValue, ConfigurationTarget.WORKSPACE);
+							} else {
+								this.preferencesService.openSettings({
+									jsonEditor: true,
+									target: ConfigurationTarget.WORKSPACE,
+									revealSetting: { key: TerminalContribSettingId.AutoApprove },
+								});
+								throw new ErrorNoTelemetry(`Cannot add new rule, existing workspace setting is unexpected format`);
 							}
-						} else {
-							this.preferencesService.openSettings({
-								jsonEditor: true,
-								target: ConfigurationTarget.USER,
-								revealSetting: {
-									key: TerminalContribSettingId.AutoApprove
-								},
-							});
-							throw new ErrorNoTelemetry(`Cannot add new rule, existing setting is unexpected format`);
 						}
-						await this.configurationService.updateValue(TerminalContribSettingId.AutoApprove, newValue, ConfigurationTarget.USER);
-						function formatRuleLinks(newRules: ITerminalNewAutoApproveRule[]): string {
-							return newRules.map(e => {
-								const settingsUri = createCommandUri(TerminalContribCommandId.OpenTerminalSettingsLink, ConfigurationTarget.USER);
+
+						// Handle user-scoped rules
+						if (userRules.length > 0) {
+							const inspect = this.configurationService.inspect(TerminalContribSettingId.AutoApprove);
+							const oldValue = (inspect.userValue as Record<string, unknown> | undefined) ?? {};
+							if (isObject(oldValue)) {
+								const newValue: Record<string, unknown> = { ...oldValue };
+								for (const rule of userRules) {
+									newValue[rule.key] = rule.value;
+								}
+								await this.configurationService.updateValue(TerminalContribSettingId.AutoApprove, newValue, ConfigurationTarget.USER);
+							} else {
+								this.preferencesService.openSettings({
+									jsonEditor: true,
+									target: ConfigurationTarget.USER,
+									revealSetting: { key: TerminalContribSettingId.AutoApprove },
+								});
+								throw new ErrorNoTelemetry(`Cannot add new rule, existing setting is unexpected format`);
+							}
+						}
+
+						function formatRuleLinks(rules: ITerminalNewAutoApproveRule[], scope: 'session' | 'workspace' | 'user'): string {
+							return rules.map(e => {
+								if (scope === 'session') {
+									return `\`${e.key}\``;
+								}
+								const target = scope === 'workspace' ? ConfigurationTarget.WORKSPACE : ConfigurationTarget.USER;
+								const settingsUri = createCommandUri(TerminalContribCommandId.OpenTerminalSettingsLink, target);
 								return `[\`${e.key}\`](${settingsUri.toString()} "${localize('ruleTooltip', 'View rule in settings')}")`;
 							}).join(', ');
 						}
@@ -288,10 +326,24 @@ export class ChatTerminalToolConfirmationSubPart extends BaseChatToolInvocationS
 								enabledCommands: [TerminalContribCommandId.OpenTerminalSettingsLink]
 							}
 						};
-						if (newRules.length === 1) {
-							terminalData.autoApproveInfo = new MarkdownString(localize('newRule', 'Auto approve rule {0} added', formatRuleLinks(newRules)), mdTrustSettings);
-						} else if (newRules.length > 1) {
-							terminalData.autoApproveInfo = new MarkdownString(localize('newRule.plural', 'Auto approve rules {0} added', formatRuleLinks(newRules)), mdTrustSettings);
+						const parts: string[] = [];
+						if (sessionRules.length > 0) {
+							parts.push(sessionRules.length === 1
+								? localize('newRule.session', 'Session rule {0} added', formatRuleLinks(sessionRules, 'session'))
+								: localize('newRule.session.plural', 'Session rules {0} added', formatRuleLinks(sessionRules, 'session')));
+						}
+						if (workspaceRules.length > 0) {
+							parts.push(workspaceRules.length === 1
+								? localize('newRule.workspace', 'Workspace rule {0} added', formatRuleLinks(workspaceRules, 'workspace'))
+								: localize('newRule.workspace.plural', 'Workspace rules {0} added', formatRuleLinks(workspaceRules, 'workspace')));
+						}
+						if (userRules.length > 0) {
+							parts.push(userRules.length === 1
+								? localize('newRule.user', 'User rule {0} added', formatRuleLinks(userRules, 'user'))
+								: localize('newRule.user.plural', 'User rules {0} added', formatRuleLinks(userRules, 'user')));
+						}
+						if (parts.length > 0) {
+							terminalData.autoApproveInfo = new MarkdownString(parts.join(', '), mdTrustSettings);
 						}
 						toolConfirmKind = ToolConfirmKind.UserAction;
 						break;

src/vs/workbench/contrib/terminal/browser/terminal.ts

@@ -217,6 +217,21 @@ export interface ITerminalChatService {
 	 * @returns True if the session has auto approval enabled
 	 */
 	hasChatSessionAutoApproval(chatSessionId: string): boolean;
+
+	/**
+	 * Add a session-scoped auto-approve rule.
+	 * @param chatSessionId The chat session ID to associate the rule with
+	 * @param key The rule key (command or regex pattern)
+	 * @param value The rule value (approval boolean or object with approve and matchCommandLine)
+	 */
+	addSessionAutoApproveRule(chatSessionId: string, key: string, value: boolean | { approve: boolean; matchCommandLine?: boolean }): void;
+
+	/**
+	 * Get all session-scoped auto-approve rules for a specific chat session.
+	 * @param chatSessionId The chat session ID to get rules for
+	 * @returns A record of all session-scoped auto-approve rules for the session
+	 */
+	getSessionAutoApproveRules(chatSessionId: string): Readonly<Record<string, boolean | { approve: boolean; matchCommandLine?: boolean }>>;
 }
 
 /**

src/vs/workbench/contrib/terminalContrib/chat/browser/terminalChatService.ts

@@ -53,6 +53,13 @@ export class TerminalChatService extends Disposable implements ITerminalChatServ
 	 */
 	private readonly _sessionAutoApprovalEnabled = new Set<string>();
 
+	/**
+	 * Tracks session-scoped auto-approve rules per chat session. These are temporary rules that
+	 * last only for the duration of the chat session (not persisted to disk).
+	 * Map<chatSessionId, Record<ruleKey, ruleValue>>
+	 */
+	private readonly _sessionAutoApproveRules = new Map<string, Record<string, boolean | { approve: boolean; matchCommandLine?: boolean }>>();
+
 	constructor(
 		@ILogService private readonly _logService: ILogService,
 		@ITerminalService private readonly _terminalService: ITerminalService,
@@ -66,6 +73,16 @@ export class TerminalChatService extends Disposable implements ITerminalChatServ
 		this._hasHiddenToolTerminalContext = TerminalChatContextKeys.hasHiddenChatTerminals.bindTo(this._contextKeyService);
 
 		this._restoreFromStorage();
+
+		// Clear session auto-approve rules when chat sessions end
+		this._register(this._chatService.onDidDisposeSession(e => {
+			for (const resource of e.sessionResource) {
+				const sessionId = LocalChatSessionUri.parseLocalSessionId(resource);
+				if (sessionId) {
+					this._sessionAutoApproveRules.delete(sessionId);
+				}
+			}
+		}));
 	}
 
 	registerTerminalInstanceWithToolSession(terminalToolSessionId: string | undefined, instance: ITerminalInstance): void {
@@ -313,4 +330,17 @@ export class TerminalChatService extends Disposable implements ITerminalChatServ
 	hasChatSessionAutoApproval(chatSessionId: string): boolean {
 		return this._sessionAutoApprovalEnabled.has(chatSessionId);
 	}
+
+	addSessionAutoApproveRule(chatSessionId: string, key: string, value: boolean | { approve: boolean; matchCommandLine?: boolean }): void {
+		let sessionRules = this._sessionAutoApproveRules.get(chatSessionId);
+		if (!sessionRules) {
+			sessionRules = {};
+			this._sessionAutoApproveRules.set(chatSessionId, sessionRules);
+		}
+		sessionRules[key] = value;
+	}
+
+	getSessionAutoApproveRules(chatSessionId: string): Readonly<Record<string, boolean | { approve: boolean; matchCommandLine?: boolean }>> {
+		return this._sessionAutoApproveRules.get(chatSessionId) ?? {};
+	}
 }

src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/commandLineAutoApprover.ts

@@ -11,12 +11,13 @@ import { structuralEquals } from '../../../../../base/common/equals.js';
 import { ConfigurationTarget, IConfigurationService, type IConfigurationValue } from '../../../../../platform/configuration/common/configuration.js';
 import { TerminalChatAgentToolsSettingId } from '../common/terminalChatAgentToolsConfiguration.js';
 import { isPowerShell } from './runInTerminalHelpers.js';
+import { ITerminalChatService } from '../../../terminal/browser/terminal.js';
 
 export interface IAutoApproveRule {
 	regex: RegExp;
 	regexCaseInsensitive: RegExp;
 	sourceText: string;
-	sourceTarget: ConfigurationTarget;
+	sourceTarget: ConfigurationTarget | 'session';
 	isDefaultRule: boolean;
 }
 
@@ -39,6 +40,7 @@ export class CommandLineAutoApprover extends Disposable {
 
 	constructor(
 		@IConfigurationService private readonly _configurationService: IConfigurationService,
+		@ITerminalChatService private readonly _terminalChatService: ITerminalChatService,
 	) {
 		super();
 		this.updateConfiguration();
@@ -76,7 +78,7 @@ export class CommandLineAutoApprover extends Disposable {
 		this._denyListCommandLineRules = denyListCommandLineRules;
 	}
 
-	isCommandAutoApproved(command: string, shell: string, os: OperatingSystem): ICommandApprovalResultWithReason {
+	isCommandAutoApproved(command: string, shell: string, os: OperatingSystem, chatSessionId?: string): ICommandApprovalResultWithReason {
 		// Check if the command has a transient environment variable assignment prefix which we
 		// always deny for now as it can easily lead to execute other commands
 		if (transientEnvVarRegex.test(command)) {
@@ -86,7 +88,7 @@ export class CommandLineAutoApprover extends Disposable {
 			};
 		}
 
-		// Check the deny list to see if this command requires explicit approval
+		// Check the config deny list to see if this command requires explicit approval
 		for (const rule of this._denyListRules) {
 			if (this._commandMatchesRule(rule, command, shell, os)) {
 				return {
@@ -97,7 +99,18 @@ export class CommandLineAutoApprover extends Disposable {
 			}
 		}
 
-		// Check the allow list to see if the command is allowed to run without explicit approval
+		// Check session allow rules (session deny rules can't exist)
+		for (const rule of this._getSessionRules(chatSessionId).allowListRules) {
+			if (this._commandMatchesRule(rule, command, shell, os)) {
+				return {
+					result: 'approved',
+					rule,
+					reason: `Command '${command}' is approved by session allow list rule: ${rule.sourceText}`
+				};
+			}
+		}
+
+		// Check the config allow list to see if the command is allowed to run without explicit approval
 		for (const rule of this._allowListRules) {
 			if (this._commandMatchesRule(rule, command, shell, os)) {
 				return {
@@ -117,8 +130,8 @@ export class CommandLineAutoApprover extends Disposable {
 		};
 	}
 
-	isCommandLineAutoApproved(commandLine: string): ICommandApprovalResultWithReason {
-		// Check the deny list first to see if this command line requires explicit approval
+	isCommandLineAutoApproved(commandLine: string, chatSessionId?: string): ICommandApprovalResultWithReason {
+		// Check the config deny list first to see if this command line requires explicit approval
 		for (const rule of this._denyListCommandLineRules) {
 			if (rule.regex.test(commandLine)) {
 				return {
@@ -129,7 +142,18 @@ export class CommandLineAutoApprover extends Disposable {
 			}
 		}
 
-		// Check if the full command line matches any of the allow list command line regexes
+		// Check session allow list (session deny rules can't exist)
+		for (const rule of this._getSessionRules(chatSessionId).allowListCommandLineRules) {
+			if (rule.regex.test(commandLine)) {
+				return {
+					result: 'approved',
+					rule,
+					reason: `Command line '${commandLine}' is approved by session allow list rule: ${rule.sourceText}`
+				};
+			}
+		}
+
+		// Check if the full command line matches any of the config allow list command line regexes
 		for (const rule of this._allowListCommandLineRules) {
 			if (rule.regex.test(commandLine)) {
 				return {
@@ -145,6 +169,54 @@ export class CommandLineAutoApprover extends Disposable {
 		};
 	}
 
+	private _getSessionRules(chatSessionId?: string): {
+		denyListRules: IAutoApproveRule[];
+		allowListRules: IAutoApproveRule[];
+		allowListCommandLineRules: IAutoApproveRule[];
+		denyListCommandLineRules: IAutoApproveRule[];
+	} {
+		const denyListRules: IAutoApproveRule[] = [];
+		const allowListRules: IAutoApproveRule[] = [];
+		const allowListCommandLineRules: IAutoApproveRule[] = [];
+		const denyListCommandLineRules: IAutoApproveRule[] = [];
+
+		if (!chatSessionId) {
+			return { denyListRules, allowListRules, allowListCommandLineRules, denyListCommandLineRules };
+		}
+
+		const sessionRulesConfig = this._terminalChatService.getSessionAutoApproveRules(chatSessionId);
+		for (const [key, value] of Object.entries(sessionRulesConfig)) {
+			if (typeof value === 'boolean') {
+				const { regex, regexCaseInsensitive } = this._convertAutoApproveEntryToRegex(key);
+				if (value === true) {
+					allowListRules.push({ regex, regexCaseInsensitive, sourceText: key, sourceTarget: 'session', isDefaultRule: false });
+				} else if (value === false) {
+					denyListRules.push({ regex, regexCaseInsensitive, sourceText: key, sourceTarget: 'session', isDefaultRule: false });
+				}
+			} else if (typeof value === 'object' && value !== null) {
+				const objectValue = value as { approve?: boolean; matchCommandLine?: boolean };
+				if (typeof objectValue.approve === 'boolean') {
+					const { regex, regexCaseInsensitive } = this._convertAutoApproveEntryToRegex(key);
+					if (objectValue.approve === true) {
+						if (objectValue.matchCommandLine === true) {
+							allowListCommandLineRules.push({ regex, regexCaseInsensitive, sourceText: key, sourceTarget: 'session', isDefaultRule: false });
+						} else {
+							allowListRules.push({ regex, regexCaseInsensitive, sourceText: key, sourceTarget: 'session', isDefaultRule: false });
+						}
+					} else if (objectValue.approve === false) {
+						if (objectValue.matchCommandLine === true) {
+							denyListCommandLineRules.push({ regex, regexCaseInsensitive, sourceText: key, sourceTarget: 'session', isDefaultRule: false });
+						} else {
+							denyListRules.push({ regex, regexCaseInsensitive, sourceText: key, sourceTarget: 'session', isDefaultRule: false });
+						}
+					}
+				}
+			}
+		}
+
+		return { denyListRules, allowListRules, allowListCommandLineRules, denyListCommandLineRules };
+	}
+
 	private _commandMatchesRule(rule: IAutoApproveRule, command: string, shell: string, os: OperatingSystem): boolean {
 		const isPwsh = isPowerShell(shell, os);