Refs: #321647
Complexity: 2
Author: @dileepyavan
Context: When an agent requests to run a terminal command outside the sandbox or with unrestricted network access, the user currently has to approve that elevated access before the command runs.
What Changed: chat.agent.sandbox.forceFirstExecutionInSandbox is a preview setting, disabled by default. When enabled, a foreground run_in_terminal request that asks for elevated access first runs with the existing sandbox restrictions. The user is prompted to approve the requested elevated retry only after that sandboxed command exits with a nonzero exit code.
Test Cases
For all test cases, use Agent mode with a functional terminal sandbox and configure:
"chat.agent.sandbox.enabled": "on",
"chat.agent.sandbox.forceFirstExecutionInSandbox": true,
"chat.agent.sandbox.allowUnsandboxedCommands": true,
"chat.agent.sandbox.retryWithAllowNetworkRequests": true
1. Outside-sandbox request is deferred until the sandboxed run fails
- Ask the agent to use the terminal tool to write a uniquely named file under the user home directory (outside the workspace), and to request execution outside the sandbox if required.
- Verify that the command initially runs in the sandbox without showing an outside-sandbox confirmation.
- Verify that the sandboxed command fails because the target location is not writable from the sandbox.
- Verify that an Allow confirmation for the outside-sandbox retry appears only after that failed run. Approve it.
- Verify that the command reruns outside the sandbox and the file is created with the requested contents.
2. Unrestricted-network request is deferred until restricted networking fails
- Ask the agent to fetch
https://example.com with the terminal tool and to request unrestricted network access while remaining sandboxed.
- Verify that the initial command runs with restricted sandbox networking, without an unrestricted-network confirmation.
- Verify that the initial request fails because network access is restricted.
- Verify that an Allow confirmation for the unrestricted-network retry appears only after that failure. Approve it.
- Verify that the command reruns successfully with network access while remaining sandboxed.
3. Default behavior remains unchanged when disabled
- Set
chat.agent.sandbox.forceFirstExecutionInSandbox to false.
- Repeat either elevated-access scenario above.
- Verify that the elevated-access confirmation appears before any command is executed, rather than after a failed sandboxed attempt.
Refs: #321647
Complexity: 2
Author: @dileepyavan
Context: When an agent requests to run a terminal command outside the sandbox or with unrestricted network access, the user currently has to approve that elevated access before the command runs.
What Changed:
chat.agent.sandbox.forceFirstExecutionInSandboxis a preview setting, disabled by default. When enabled, a foregroundrun_in_terminalrequest that asks for elevated access first runs with the existing sandbox restrictions. The user is prompted to approve the requested elevated retry only after that sandboxed command exits with a nonzero exit code.Test Cases
For all test cases, use Agent mode with a functional terminal sandbox and configure:
1. Outside-sandbox request is deferred until the sandboxed run fails
2. Unrestricted-network request is deferred until restricted networking fails
https://example.comwith the terminal tool and to request unrestricted network access while remaining sandboxed.3. Default behavior remains unchanged when disabled
chat.agent.sandbox.forceFirstExecutionInSandboxtofalse.