Merge pull request microsoft#256788 from microsoft/tyriar/256280_commandlines

Support matching against full command lines

Author: Tyriar

src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/commandLineAutoApprover.ts

@@ -12,6 +12,8 @@ import { isPowerShell } from './runInTerminalHelpers.js';
 export class CommandLineAutoApprover extends Disposable {
 	private _denyListRegexes: RegExp[] = [];
 	private _allowListRegexes: RegExp[] = [];
+	private _allowListCommandLineRegexes: RegExp[] = [];
+	private _denyListCommandLineRegexes: RegExp[] = [];
 
 	constructor(
 		@IConfigurationService private readonly _configurationService: IConfigurationService,
@@ -26,12 +28,14 @@ export class CommandLineAutoApprover extends Disposable {
 	}
 
 	updateConfiguration() {
-		const { denyList, allowList } = this._mapAutoApproveConfigToRegexList(this._configurationService.getValue(TerminalChatAgentToolsSettingId.AutoApprove));
+		const { denyList, allowList, allowListCommandLine, denyListCommandLine } = this._mapAutoApproveConfigToRegexList(this._configurationService.getValue(TerminalChatAgentToolsSettingId.AutoApprove));
 		this._allowListRegexes = allowList;
 		this._denyListRegexes = denyList;
+		this._allowListCommandLineRegexes = allowListCommandLine;
+		this._denyListCommandLineRegexes = denyListCommandLine;
 	}
 
-	isAutoApproved(command: string, shell: string, os: OperatingSystem): boolean {
+	isCommandAutoApproved(command: string, shell: string, os: OperatingSystem): boolean {
 		// Check the deny list to see if this command requires explicit approval
 		for (const regex of this._denyListRegexes) {
 			if (this._commandMatchesRegex(regex, command, shell, os)) {
@@ -52,6 +56,23 @@ export class CommandLineAutoApprover extends Disposable {
 		return false;
 	}
 
+	isCommandLineAutoApproved(commandLine: string): boolean {
+		// Check the deny list first to see if this command line requires explicit approval
+		for (const regex of this._denyListCommandLineRegexes) {
+			if (regex.test(commandLine)) {
+				return false;
+			}
+		}
+
+		// Check if the full command line matches any of the allow list command line regexes
+		for (const regex of this._allowListCommandLineRegexes) {
+			if (regex.test(commandLine)) {
+				return true;
+			}
+		}
+		return false;
+	}
+
 	private _commandMatchesRegex(regex: RegExp, command: string, shell: string, os: OperatingSystem): boolean {
 		if (regex.test(command)) {
 			return true;
@@ -65,13 +86,15 @@ export class CommandLineAutoApprover extends Disposable {
 		return false;
 	}
 
-	private _mapAutoApproveConfigToRegexList(config: unknown): { denyList: RegExp[]; allowList: RegExp[] } {
+	private _mapAutoApproveConfigToRegexList(config: unknown): { denyList: RegExp[]; allowList: RegExp[]; allowListCommandLine: RegExp[]; denyListCommandLine: RegExp[] } {
 		if (!config || typeof config !== 'object') {
-			return { denyList: [], allowList: [] };
+			return { denyList: [], allowList: [], allowListCommandLine: [], denyListCommandLine: [] };
 		}
 
 		const denyList: RegExp[] = [];
 		const allowList: RegExp[] = [];
+		const allowListCommandLine: RegExp[] = [];
+		const denyListCommandLine: RegExp[] = [];
 
 		Object.entries(config).forEach(([key, value]) => {
 			if (typeof value === 'boolean') {
@@ -82,10 +105,29 @@ export class CommandLineAutoApprover extends Disposable {
 				} else if (value === false) {
 					denyList.push(regex);
 				}
+			} else if (typeof value === 'object' && value !== null) {
+				// Handle object format like { approve: true/false, matchCommandLine: true/false }
+				const objectValue = value as { approve?: boolean; matchCommandLine?: boolean };
+				if (typeof objectValue.approve === 'boolean') {
+					const regex = this._convertAutoApproveEntryToRegex(key);
+					if (objectValue.approve === true) {
+						if (objectValue.matchCommandLine === true) {
+							allowListCommandLine.push(regex);
+						} else {
+							allowList.push(regex);
+						}
+					} else if (objectValue.approve === false) {
+						if (objectValue.matchCommandLine === true) {
+							denyListCommandLine.push(regex);
+						} else {
+							denyList.push(regex);
+						}
+					}
+				}
 			}
 		});
 
-		return { denyList, allowList };
+		return { denyList, allowList, allowListCommandLine, denyListCommandLine };
 	}
 
 	private _convertAutoApproveEntryToRegex(value: string): RegExp {

src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/runInTerminalTool.ts

@@ -171,17 +171,21 @@ export class RunInTerminalTool extends Disposable implements IToolImpl {
 			const subCommands = splitCommandLineIntoSubCommands(args.command, shell, os);
 			const inlineSubCommands = subCommands.map(e => Array.from(extractInlineSubCommands(e, shell, os))).flat();
 			const allSubCommands = [...subCommands, ...inlineSubCommands];
-			if (allSubCommands.every(e => this._commandLineAutoApprover.isAutoApproved(e, shell, os))) {
+			if (allSubCommands.every(e => this._commandLineAutoApprover.isCommandAutoApproved(e, shell, os))) {
 				confirmationMessages = undefined;
 			} else {
-				confirmationMessages = {
-					title: args.isBackground
-						? localize('runInTerminal.background', "Run command in background terminal")
-						: localize('runInTerminal.foreground', "Run command in terminal"),
-					message: new MarkdownString(
-						args.explanation
-					),
-				};
+				if (this._commandLineAutoApprover.isCommandLineAutoApproved(args.command)) {
+					confirmationMessages = undefined;
+				} else {
+					confirmationMessages = {
+						title: args.isBackground
+							? localize('runInTerminal.background', "Run command in background terminal")
+							: localize('runInTerminal.foreground', "Run command in terminal"),
+						message: new MarkdownString(
+							args.explanation
+						),
+					};
+				}
 			}
 		}
 

src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalChatAgentToolsConfiguration.ts

@@ -4,6 +4,7 @@
  *--------------------------------------------------------------------------------------------*/
 
 import type { IStringDictionary } from '../../../../../base/common/collections.js';
+import type { IJSONSchema } from '../../../../../base/common/jsonSchema.js';
 import { localize } from '../../../../../nls.js';
 import type { IConfigurationPropertySchema } from '../../../../../platform/configuration/common/configurationRegistry.js';
 
@@ -15,23 +16,61 @@ export interface ITerminalChatAgentToolsConfiguration {
 	autoApprove: { [key: string]: boolean };
 }
 
+const autoApproveBoolean: IJSONSchema = {
+	type: 'boolean',
+	enum: [
+		true,
+		false,
+	],
+	enumDescriptions: [
+		localize('autoApprove.true', "Automatically approve the pattern."),
+		localize('autoApprove.false', "Require explicit approval for the pattern."),
+	],
+	description: localize('autoApprove.key', "The start of a command to match against. A regular expression can be provided by wrapping the string in `/` characters."),
+};
+
 export const terminalChatAgentToolsConfiguration: IStringDictionary<IConfigurationPropertySchema> = {
 	[TerminalChatAgentToolsSettingId.AutoApprove]: {
-		markdownDescription: localize('autoApprove', "A list of commands or regular expressions that control whether the run in terminal tool commands require explicit approval. These will be matched against the start of a command. A regular expression can be provided by wrapping the string in `/` characters followed by optional flags such as `i`.\n\nSet to `true` to automatically approve commands, `false` to always require explicit approval or `null` to unset the value.\n\nExamples:\n- `\"mkdir\": true` Will allow all command lines starting with `mkdir`\n- `\"npm run build\": true` Will allow all command lines starting with `npm run build`\n- `\"rm\": false` Will require explicit approval for all command lines starting with `rm`\n- `\"/^git (status|show\\b.*)$/\": true` will allow `git status` and all command lines starting with `git show`\n- `\"/^Get-ChildItem\\b/i\": true` will allow Get-ChildItem command regardless of casing\n- `\"/.*/\": true` will allow all command lines\n- `\"rm\": null` will unset the default `false` value for `rm`\n\nNote that these commands and regular expressions are evaluated for every _sub-command_  within a single command line, so `foo && bar` for example will need both `foo` and `bar` to match a `true` entry and must not match a `false` entry in order to auto approve. Inline commands are also detected so `echo $(rm file)` will need both `echo $(rm file)` and `rm file` to pass."),
+		markdownDescription: [
+			localize('autoApprove.description.intro', "A list of commands or regular expressions that control whether the run in terminal tool commands require explicit approval. These will be matched against the start of a command. A regular expression can be provided by wrapping the string in {0} characters followed by optional flags such as {1} for case-insensitivity.", '`/`', '`i`'),
+			localize('autoApprove.description.values', "Set to {0} to automatically approve commands, {1} to always require explicit approval or {2} to unset the value.", '`true`', '`false`', '`null`'),
+			localize('autoApprove.description.subCommands', "Note that these commands and regular expressions are evaluated for every _sub-command_ within the full _command line_, so {0} for example will need both {1} and {2} to match a {3} entry and must not match a {4} entry in order to auto approve. Inline commands are also detected so {5} will need both {5} and {6} to pass.", '`foo && bar`', '`foo`', '`bar`', '`true`', '`false`', '`echo $(rm file)`', '`rm file`'),
+			localize('autoApprove.description.commandLine', "An object can be used to match against the full command line instead of matching sub-commands and inline commands, for example {0}. This will be checked _after_ sub-commands are checked, so denied sub-commands will take precedence.", '`{ approve: false, matchCommandLine: true }`'),
+			[
+				localize('autoApprove.description.examples.title', 'Examples:'),
+				`|${localize('autoApprove.description.examples.value', "Value")}|${localize('autoApprove.description.examples.description', "Description")}|`,
+				'|---|---|',
+				'| `\"mkdir\": true` | ' + localize('autoApprove.description.examples.mkdir', "Allow all commands starting with {0}", '`mkdir`'),
+				'| `\"npm run build\": true` | ' + localize('autoApprove.description.examples.npmRunBuild', "Allow all commands starting with {0}", '`npm run build`'),
+				'| `\"/^git (status\\|show\\b.*)$/\": true` | ' + localize('autoApprove.description.examples.regexGit', "Allow {0} and all commands starting with {1}", '`git status`', '`git show`'),
+				'| `\"/^Get-ChildItem\\b/i\": true` | ' + localize('autoApprove.description.examples.regexCase', "will allow {0} commands regardless of casing", '`Get-ChildItem`'),
+				'| `\"/.*/\": true` | ' + localize('autoApprove.description.examples.regexAll', "Allow all commands (denied commands still require approval)"),
+				'| `\"rm\": false` | ' + localize('autoApprove.description.examples.rm', "Require explicit approval for all commands starting with {0}", '`rm`'),
+				'| `\"/\.ps1/i\": { approve: false, matchCommandLine: true }` | ' + localize('autoApprove.description.examples.ps1', "Require explicit approval for any _command line_ that contains {0} regardless of casing", '`".ps1"`'),
+				'| `\"rm\": null` | ' + localize('autoApprove.description.examples.rmUnset', "Unset the default {0} value for {1}", '`false`', '`rm`'),
+			].join('\n')
+		].join('\n\n'),
 		type: 'object',
 		additionalProperties: {
 			anyOf: [
+				autoApproveBoolean,
 				{
-					type: 'boolean',
-					enum: [
-						true,
-						false,
-					],
-					enumDescriptions: [
-						localize('autoApprove.true', "Automatically approve the pattern."),
-						localize('autoApprove.false', "Require explicit approval for the pattern."),
-					],
-					description: localize('autoApprove.key', "The start of a command to match against. A regular expression can be provided by wrapping the string in `/` characters."),
+					type: 'object',
+					properties: {
+						approve: autoApproveBoolean,
+						matchCommandLine: {
+							type: 'boolean',
+							enum: [
+								true,
+								false,
+							],
+							enumDescriptions: [
+								localize('autoApprove.matchCommandLine.true', "Match against the full command line, eg. `foo && bar`."),
+								localize('autoApprove.matchCommandLine.false', "Match against sub-commands and inline commands, eg. `foo && bar` will need both `foo` and `bar` to match."),
+							],
+							description: localize('autoApprove.matchCommandLine', "Whether to match against the full command line, as opposed to splitting by sub-commands and inline commands."),
+						}
+					}
 				},
 				{
 					type: 'null',

src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/commandLineAutoApprover.test.ts

@@ -49,7 +49,11 @@ suite('CommandLineAutoApprover', () => {
 	}
 
 	function isAutoApproved(commandLine: string): boolean {
-		return commandLineAutoApprover.isAutoApproved(commandLine, shell, os);
+		return commandLineAutoApprover.isCommandAutoApproved(commandLine, shell, os);
+	}
+
+	function isCommandLineAutoApproved(commandLine: string): boolean {
+		return commandLineAutoApprover.isCommandLineAutoApproved(commandLine);
 	}
 
 	suite('autoApprove with allow patterns only', () => {
@@ -325,4 +329,115 @@ suite('CommandLineAutoApprover', () => {
 			ok(!isAutoApproved('foo'));
 		});
 	});
+
+	suite('isCommandLineAutoApproved - matchCommandLine functionality', () => {
+		function setAutoApproveWithCommandLine(value: { [key: string]: { approve: boolean; matchCommandLine: boolean } | boolean }) {
+			setConfig(TerminalChatAgentToolsSettingId.AutoApprove, value);
+		}
+
+		test('should auto-approve command line patterns with matchCommandLine: true', () => {
+			setAutoApproveWithCommandLine({
+				"echo": { approve: true, matchCommandLine: true }
+			});
+
+			ok(isCommandLineAutoApproved('echo hello'));
+			ok(isCommandLineAutoApproved('echo test && ls'));
+		});
+
+		test('should not auto-approve regular patterns with isCommandLineAutoApproved', () => {
+			setAutoApprove({
+				"echo": true
+			});
+
+			// Regular patterns should not be matched by isCommandLineAutoApproved
+			ok(!isCommandLineAutoApproved('echo hello'));
+		});
+
+		test('should handle regex patterns with matchCommandLine: true', () => {
+			setAutoApproveWithCommandLine({
+				"/echo.*world/": { approve: true, matchCommandLine: true }
+			});
+
+			ok(isCommandLineAutoApproved('echo hello world'));
+			ok(!isCommandLineAutoApproved('echo hello'));
+		});
+
+		test('should handle case-insensitive regex with matchCommandLine: true', () => {
+			setAutoApproveWithCommandLine({
+				"/echo/i": { approve: true, matchCommandLine: true }
+			});
+
+			ok(isCommandLineAutoApproved('echo hello'));
+			ok(isCommandLineAutoApproved('ECHO hello'));
+			ok(isCommandLineAutoApproved('Echo hello'));
+		});
+
+		test('should handle complex command line patterns', () => {
+			setAutoApproveWithCommandLine({
+				"/^npm run build/": { approve: true, matchCommandLine: true },
+				"/\.ps1/i": { approve: true, matchCommandLine: true }
+			});
+
+			ok(isCommandLineAutoApproved('npm run build --production'));
+			ok(isCommandLineAutoApproved('powershell -File script.ps1'));
+			ok(isCommandLineAutoApproved('pwsh -File SCRIPT.PS1'));
+			ok(!isCommandLineAutoApproved('npm install'));
+		});
+
+		test('should return false for empty command line', () => {
+			setAutoApproveWithCommandLine({
+				"echo": { approve: true, matchCommandLine: true }
+			});
+
+			ok(!isCommandLineAutoApproved(''));
+			ok(!isCommandLineAutoApproved('   '));
+		});
+
+		test('should handle mixed configuration with matchCommandLine entries', () => {
+			setAutoApproveWithCommandLine({
+				"echo": true,  // Regular pattern
+				"ls": { approve: true, matchCommandLine: true },  // Command line pattern
+				"rm": { approve: true, matchCommandLine: false }  // Explicit regular pattern
+			});
+
+			// Only the matchCommandLine: true entry should work with isCommandLineAutoApproved
+			ok(isCommandLineAutoApproved('ls -la'));
+			ok(!isCommandLineAutoApproved('echo hello'));
+			ok(!isCommandLineAutoApproved('rm file.txt'));
+		});
+
+		test('should handle deny patterns with matchCommandLine: true', () => {
+			setAutoApproveWithCommandLine({
+				"echo": { approve: true, matchCommandLine: true },
+				"/dangerous/": { approve: false, matchCommandLine: true }
+			});
+
+			ok(isCommandLineAutoApproved('echo hello'));
+			ok(!isCommandLineAutoApproved('echo dangerous command'));
+			ok(!isCommandLineAutoApproved('dangerous operation'));
+		});
+
+		test('should prioritize deny list over allow list for command line patterns', () => {
+			setAutoApproveWithCommandLine({
+				"/echo/": { approve: true, matchCommandLine: true },
+				"/echo.*dangerous/": { approve: false, matchCommandLine: true }
+			});
+
+			ok(isCommandLineAutoApproved('echo hello'));
+			ok(!isCommandLineAutoApproved('echo dangerous command'));
+		});
+
+		test('should handle complex deny patterns with matchCommandLine', () => {
+			setAutoApproveWithCommandLine({
+				"npm": { approve: true, matchCommandLine: true },
+				"/npm.*--force/": { approve: false, matchCommandLine: true },
+				"/\.ps1.*-ExecutionPolicy/i": { approve: false, matchCommandLine: true }
+			});
+
+			ok(isCommandLineAutoApproved('npm install'));
+			ok(isCommandLineAutoApproved('npm run build'));
+			ok(!isCommandLineAutoApproved('npm install --force'));
+			ok(!isCommandLineAutoApproved('powershell -File script.ps1 -ExecutionPolicy Bypass'));
+		});
+	});
 });

src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/runInTerminalTool.test.ts

@@ -62,6 +62,10 @@ suite('RunInTerminalTool', () => {
 		setConfig(TerminalChatAgentToolsSettingId.AutoApprove, value);
 	}
 
+	function setAutoApproveWithCommandLine(value: { [key: string]: { approve: boolean; matchCommandLine?: boolean } | boolean }) {
+		setConfig(TerminalChatAgentToolsSettingId.AutoApprove, value);
+	}
+
 	function setConfig(key: string, value: unknown) {
 		configurationService.setUserConfiguration(key, value);
 		configurationService.onDidChangeConfigurationEmitter.fire({
@@ -229,6 +233,21 @@ suite('RunInTerminalTool', () => {
 			});
 			assertConfirmationRequired(result);
 		});
+
+		test('should handle matchCommandLine: true patterns', async () => {
+			setAutoApproveWithCommandLine({
+				"/dangerous/": { approve: false, matchCommandLine: true },
+				"echo": { approve: true, matchCommandLine: true }
+			});
+
+			// Command line pattern should be approved
+			const result1 = await executeToolTest({ command: 'echo hello world' });
+			assertAutoApproved(result1);
+
+			// Command line pattern should be denied due to dangerous content
+			const result2 = await executeToolTest({ command: 'echo this is a dangerous command' });
+			assertConfirmationRequired(result2);
+		});
 	});
 
 	suite('command re-writing', () => {