Support config policies that require use of cloud (#4762)

* Support config policies that require use of cloud

* Switch to vitest

Author: mrubens

src/core/tools/newTaskTool.ts

@@ -4,6 +4,7 @@ import { ToolUse, AskApproval, HandleError, PushToolResult, RemoveClosingTag } f
 import { Task } from "../task/Task"
 import { defaultModeSlug, getModeBySlug } from "../../shared/modes"
 import { formatResponse } from "../prompts/responses"
+import { t } from "../../i18n"
 
 export async function newTaskTool(
 	cline: Task,
@@ -43,7 +44,7 @@ export async function newTaskTool(
 
 			cline.consecutiveMistakeCount = 0
 			// Un-escape one level of backslashes before '@' for hierarchical subtasks
-// Un-escape one level: \\@ -> \@ (removes one backslash for hierarchical subtasks)
+			// Un-escape one level: \\@ -> \@ (removes one backslash for hierarchical subtasks)
 			const unescapedMessage = message.replace(/\\\\@/g, "\\@")
 
 			// Verify the mode exists
@@ -86,6 +87,10 @@ export async function newTaskTool(
 			await delay(500)
 
 			const newCline = await provider.initClineWithTask(unescapedMessage, undefined, cline)
+			if (!newCline) {
+				pushToolResult(t("tools:newTask.errors.policy_restriction"))
+				return
+			}
 			cline.emit("taskSpawned", newCline.taskId)
 
 			pushToolResult(`Successfully created new task in ${targetMode.name} mode with message: ${unescapedMessage}`)

src/core/webview/ClineProvider.ts

@@ -51,6 +51,7 @@ import { MarketplaceManager } from "../../services/marketplace"
 import { ShadowCheckpointService } from "../../services/checkpoints/ShadowCheckpointService"
 import { CodeIndexManager } from "../../services/code-index/manager"
 import type { IndexProgressUpdate } from "../../services/code-index/interfaces/manager"
+import { MdmService } from "../../services/mdm/MdmService"
 import { fileExistsAtPath } from "../../utils/fs"
 import { setTtsEnabled, setTtsSpeed } from "../../utils/tts"
 import { ContextProxy } from "../config/ContextProxy"
@@ -103,6 +104,7 @@ export class ClineProvider
 	}
 	protected mcpHub?: McpHub // Change from private to protected
 	private marketplaceManager: MarketplaceManager
+	private mdmService?: MdmService
 
 	public isViewLaunched = false
 	public settingsImportedAt?: number
@@ -116,13 +118,15 @@ export class ClineProvider
 		private readonly renderContext: "sidebar" | "editor" = "sidebar",
 		public readonly contextProxy: ContextProxy,
 		public readonly codeIndexManager?: CodeIndexManager,
+		mdmService?: MdmService,
 	) {
 		super()
 
 		this.log("ClineProvider instantiated")
 		ClineProvider.activeInstances.add(this)
 
 		this.codeIndexManager = codeIndexManager
+		this.mdmService = mdmService
 		this.updateGlobalState("codebaseIndexModels", EMBEDDING_MODEL_PROFILES)
 
 		// Start configuration loading (which might trigger indexing) in the background.
@@ -525,6 +529,11 @@ export class ClineProvider
 			>
 		> = {},
 	) {
+		// Check MDM compliance before proceeding
+		if (!this.checkMdmCompliance()) {
+			return // Block task creation if not compliant
+		}
+
 		const {
 			apiConfiguration,
 			organizationAllowList,
@@ -1700,6 +1709,29 @@ export class ClineProvider
 		return this.mcpHub
 	}
 
+	/**
+	 * Check if the current state is compliant with MDM policy
+	 * @returns true if compliant, false if blocked
+	 */
+	public checkMdmCompliance(): boolean {
+		if (!this.mdmService) {
+			return true // No MDM service, allow operation
+		}
+
+		const compliance = this.mdmService.isCompliant()
+
+		if (!compliance.compliant) {
+			vscode.window.showErrorMessage(compliance.reason, "Sign In").then((selection) => {
+				if (selection === "Sign In") {
+					this.postMessageToWebview({ type: "action", action: "accountButtonClicked" })
+				}
+			})
+			return false
+		}
+
+		return true
+	}
+
 	/**
 	 * Returns properties to be included in every telemetry event
 	 * This method is called by the telemetry service to get context information

src/extension.ts

@@ -26,6 +26,7 @@ import { DIFF_VIEW_URI_SCHEME } from "./integrations/editor/DiffViewProvider"
 import { TerminalRegistry } from "./integrations/terminal/TerminalRegistry"
 import { McpServerManager } from "./services/mcp/McpServerManager"
 import { CodeIndexManager } from "./services/code-index/manager"
+import { MdmService } from "./services/mdm/MdmService"
 import { migrateSettings } from "./utils/migrateSettings"
 import { API } from "./extension/api"
 
@@ -78,6 +79,9 @@ export async function activate(context: vscode.ExtensionContext) {
 		log: cloudLogger,
 	})
 
+	// Initialize MDM service
+	const mdmService = await MdmService.createInstance(cloudLogger)
+
 	// Initialize i18n for internationalization support
 	initializeI18n(context.globalState.get("language") ?? formatLanguage(vscode.env.language))
 
@@ -103,7 +107,7 @@ export async function activate(context: vscode.ExtensionContext) {
 		)
 	}
 
-	const provider = new ClineProvider(context, outputChannel, "sidebar", contextProxy, codeIndexManager)
+	const provider = new ClineProvider(context, outputChannel, "sidebar", contextProxy, codeIndexManager, mdmService)
 	TelemetryService.instance.setProvider(provider)
 
 	if (codeIndexManager) {

src/extension/api.ts

@@ -132,11 +132,15 @@ export class API extends EventEmitter<RooCodeEvents> implements RooCodeAPI {
 		await provider.postMessageToWebview({ type: "action", action: "chatButtonClicked" })
 		await provider.postMessageToWebview({ type: "invoke", invoke: "newChat", text, images })
 
-		const { taskId } = await provider.initClineWithTask(text, images, undefined, {
+		const cline = await provider.initClineWithTask(text, images, undefined, {
 			consecutiveMistakeLimit: Number.MAX_SAFE_INTEGER,
 		})
 
-		return taskId
+		if (!cline) {
+			throw new Error("Failed to create task due to policy restrictions")
+		}
+
+		return cline.taskId
 	}
 
 	public async resumeTask(taskId: string): Promise<void> {

src/i18n/locales/ca/common.json

@@ -102,5 +102,12 @@
 			"groqApiKey": "Clau API de Groq",
 			"getGroqApiKey": "Obté la clau API de Groq"
 		}
+	},
+	"mdm": {
+		"errors": {
+			"cloud_auth_required": "La teva organització requereix autenticació de Roo Code Cloud. Si us plau, inicia sessió per continuar.",
+			"organization_mismatch": "Has d'estar autenticat amb el compte de Roo Code Cloud de la teva organització.",
+			"verification_failed": "No s'ha pogut verificar l'autenticació de l'organització."
+		}
 	}
 }

src/i18n/locales/ca/tools.json

@@ -7,5 +7,10 @@
 	"toolRepetitionLimitReached": "Roo sembla estar atrapat en un bucle, intentant la mateixa acció ({{toolName}}) repetidament. Això podria indicar un problema amb la seva estratègia actual. Considera reformular la tasca, proporcionar instruccions més específiques o guiar-lo cap a un enfocament diferent.",
 	"codebaseSearch": {
 		"approval": "Cercant '{{query}}' a la base de codi..."
+	},
+	"newTask": {
+		"errors": {
+			"policy_restriction": "No s'ha pogut crear una nova tasca a causa de restriccions de política."
+		}
 	}
 }

src/i18n/locales/de/common.json

@@ -102,5 +102,12 @@
 			"groqApiKey": "Groq API-Schlüssel",
 			"getGroqApiKey": "Groq API-Schlüssel erhalten"
 		}
+	},
+	"mdm": {
+		"errors": {
+			"cloud_auth_required": "Deine Organisation erfordert eine Roo Code Cloud-Authentifizierung. Bitte melde dich an, um fortzufahren.",
+			"organization_mismatch": "Du musst mit dem Roo Code Cloud-Konto deiner Organisation authentifiziert sein.",
+			"verification_failed": "Die Organisationsauthentifizierung konnte nicht verifiziert werden."
+		}
 	}
 }

src/i18n/locales/de/tools.json

@@ -7,5 +7,10 @@
 	"toolRepetitionLimitReached": "Roo scheint in einer Schleife festzustecken und versucht wiederholt dieselbe Aktion ({{toolName}}). Dies könnte auf ein Problem mit der aktuellen Strategie hindeuten. Überlege dir, die Aufgabe umzuformulieren, genauere Anweisungen zu geben oder Roo zu einem anderen Ansatz zu führen.",
 	"codebaseSearch": {
 		"approval": "Suche nach '{{query}}' im Codebase..."
+	},
+	"newTask": {
+		"errors": {
+			"policy_restriction": "Neue Aufgabe konnte aufgrund von Richtlinienbeschränkungen nicht erstellt werden."
+		}
 	}
 }

src/i18n/locales/en/common.json

@@ -96,5 +96,12 @@
 	"input": {
 		"task_prompt": "What should Roo do?",
 		"task_placeholder": "Type your task here"
+	},
+	"mdm": {
+		"errors": {
+			"cloud_auth_required": "Your organization requires Roo Code Cloud authentication. Please sign in to continue.",
+			"organization_mismatch": "You must be authenticated with your organization's Roo Code Cloud account.",
+			"verification_failed": "Unable to verify organization authentication."
+		}
 	}
 }

src/i18n/locales/en/tools.json

@@ -7,5 +7,10 @@
 	"toolRepetitionLimitReached": "Roo appears to be stuck in a loop, attempting the same action ({{toolName}}) repeatedly. This might indicate a problem with its current strategy. Consider rephrasing the task, providing more specific instructions, or guiding it towards a different approach.",
 	"codebaseSearch": {
 		"approval": "Searching for '{{query}}' in codebase..."
+	},
+	"newTask": {
+		"errors": {
+			"policy_restriction": "Failed to create new task due to policy restrictions."
+		}
 	}
 }