Skip to content

Update to git commands chaining in sandbox#322249

Open
dileepyavan wants to merge 1 commit into
mainfrom
DileepY/git_sandbox
Open

Update to git commands chaining in sandbox#322249
dileepyavan wants to merge 1 commit into
mainfrom
DileepY/git_sandbox

Conversation

@dileepyavan

@dileepyavan dileepyavan commented Jun 20, 2026

Copy link
Copy Markdown
Member

fixes #316973

Copilot AI review requested due to automatic review settings June 20, 2026 23:13
@dileepyavan dileepyavan enabled auto-merge (squash) June 20, 2026 23:13
@vs-code-engineering

vs-code-engineering Bot commented Jun 20, 2026

Copy link
Copy Markdown
Contributor

📬 CODENOTIFY

The following users are being notified based on files changed in this PR:

@anthonykim1

Matched files:

  • src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/terminalSandboxService.test.ts

Copilot AI reviewed Jun 20, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adjusts how the terminal sandbox derives per-command runtime configuration so that Git’s GnuPG-related allowances (notably allowAllUnixSockets and ~/.gnupg access) can be applied when the parsed command line contains a chain of “compatible” commands, addressing rebase failures in sandboxed execution (fixes #316973).

Changes:

  • Allow the GnuPG runtime configuration to apply to chained commands when all parsed commands are in an allow-listed keyword set.
  • Add a unit test covering chained-command application of the GnuPG runtime configuration.
Show a summary per file
File Description
src/vs/platform/sandbox/common/terminalSandboxRuntimeConfigurationPerOperation.ts Expands GnuPG runtime-config eligibility from single-command invocations to compatible chained invocations via a keyword allow-list.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/terminalSandboxService.test.ts Adds coverage ensuring GnuPG runtime values apply for chains composed only of allow-listed commands.

Copilot's findings

  • Files reviewed: 2/2 changed files
  • Comments generated: 2

Comment thread src/vs/platform/sandbox/common/terminalSandboxRuntimeConfigurationPerOperation.ts
},
];

const terminalSandboxGnuPGCompatibleCommandKeywords = new Set(['git', 'gh', 'gpg', 'gpg2']);
Comment thread ...workbench/contrib/terminalContrib/chatAgentTools/test/browser/terminalSandboxService.test.ts
Comment on lines +488 to +493
const config = getTerminalSandboxRuntimeConfigurationForCommands(OperatingSystem.Linux, [
{ keyword: 'git', args: ['rebase', 'main'] },
{ keyword: 'gh', args: ['pr', 'list'] },
{ keyword: 'gpg', args: ['--list-keys'] },
{ keyword: 'gpg2', args: ['--list-keys'] },
]);
@CreativeCodingSolutions

CreativeCodingSolutions commented Jun 21, 2026

Copy link
Copy Markdown

PR Quality Score: B (76%)

I ran this PR through the PR Quality Analyzer — a free tool that checks description quality, labels, size, and title.

PR Quality: B (76%)

Small tip that could bump this to A: adding a bit more context in the description about why the git commands chaining needs updating and what testing was done. Helpful for reviewers who may not be familiar with the sandbox internals.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@dileepyavan dileepyavan

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Rebasing inside sandbox fails

3 participants

@dileepyavan @CreativeCodingSolutions