From 4de2c99d46fc0aeb14c560bc997d1e4295e1bcc2 Mon Sep 17 00:00:00 2001
From: Dileep Yavanmandha <dileepy@microsoft.com>
Date: Sat, 20 Jun 2026 16:10:48 -0700
Subject: [PATCH] update to git commands in sandbox

---
 ...SandboxRuntimeConfigurationPerOperation.ts |  8 +++++---
 .../browser/terminalSandboxService.test.ts    | 19 +++++++++++++++++++
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/src/vs/platform/sandbox/common/terminalSandboxRuntimeConfigurationPerOperation.ts b/src/vs/platform/sandbox/common/terminalSandboxRuntimeConfigurationPerOperation.ts
index 218df9e4db5b3d..ac717da7de5c7e 100644
--- a/src/vs/platform/sandbox/common/terminalSandboxRuntimeConfigurationPerOperation.ts
+++ b/src/vs/platform/sandbox/common/terminalSandboxRuntimeConfigurationPerOperation.ts
@@ -24,6 +24,8 @@ const terminalSandboxRuntimeConfigurationCommandRules: readonly ITerminalSandbox
 	},
 ];
 
+const terminalSandboxGnuPGCompatibleCommandKeywords = new Set(['git', 'gh', 'gpg', 'gpg2']);
+
 function getTerminalSandboxRuntimeConfigurationForOperation(operation: TerminalSandboxRuntimeConfigurationOperation, os: OperatingSystem): Record<string, unknown> {
 	switch (operation) {
 		case TerminalSandboxRuntimeConfigurationOperation.GnuPG:
@@ -86,9 +88,9 @@ export function getTerminalSandboxRuntimeConfigurationForCommands(os: OperatingS
 function shouldApplyRuntimeConfigurationOperation(operation: TerminalSandboxRuntimeConfigurationOperation, commandDetails: readonly ITerminalSandboxCommand[]): boolean {
 	switch (operation) {
 		case TerminalSandboxRuntimeConfigurationOperation.GnuPG:
-			// allowAllUnixSockets applies to the whole sandbox invocation, so only add it when the
-			// Git command is the only parsed command. Chained commands cannot receive it safely.
-			return commandDetails.length === 1;
+			// allowAllUnixSockets applies to the whole sandbox invocation, so only allow chains
+			// containing Git, GitHub CLI, and GnuPG commands.
+			return commandDetails.every(command => terminalSandboxGnuPGCompatibleCommandKeywords.has(command.keyword.toLowerCase()));
 		case TerminalSandboxRuntimeConfigurationOperation.Node:
 			return true;
 	}
diff --git a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/terminalSandboxService.test.ts b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/terminalSandboxService.test.ts
index 3a898fa92c45db..ef8d8c6102c0f0 100644
--- a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/terminalSandboxService.test.ts
+++ b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/terminalSandboxService.test.ts
@@ -484,6 +484,25 @@ suite('TerminalSandboxService - network domains', () => {
 		deepStrictEqual(config, {}, 'Git GPG runtime values should not apply on Windows');
 	});
 
+	test('should add GnuPG runtime values for chains of compatible commands', () => {
+		const config = getTerminalSandboxRuntimeConfigurationForCommands(OperatingSystem.Linux, [
+			{ keyword: 'git', args: ['rebase', 'main'] },
+			{ keyword: 'gh', args: ['pr', 'list'] },
+			{ keyword: 'gpg', args: ['--list-keys'] },
+			{ keyword: 'gpg2', args: ['--list-keys'] },
+		]);
+
+		deepStrictEqual(config, {
+			network: {
+				allowAllUnixSockets: true
+			},
+			filesystem: {
+				allowRead: ['~/.gnupg'],
+				allowWrite: ['~/.gnupg']
+			}
+		});
+	});
+
 	test('should skip unsafe command-specific runtime values for chained commands', () => {
 		const config = getTerminalSandboxRuntimeConfigurationForCommands(OperatingSystem.Linux, [{ keyword: 'git', args: ['rebase', 'main'] }, { keyword: 'npm', args: ['install'] }]);