Merge allow and deny lists into autoApprove

Fixes microsoft#253472

Author: Tyriar

src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/commandLineAutoApprover.ts

@@ -10,39 +10,48 @@ import { TerminalChatAgentToolsSettingId } from '../common/terminalChatAgentTool
 import { isPowerShell } from './runInTerminalHelpers.js';
 
 export class CommandLineAutoApprover extends Disposable {
-	private _denyListRegexes: RegExp[] = [];
-	private _allowListRegexes: RegExp[] = [];
+	private _autoApproveRegexes: { regex: RegExp; approved: boolean }[] = [];
 
 	constructor(
 		@IConfigurationService private readonly _configurationService: IConfigurationService,
 	) {
 		super();
 		this.updateConfiguration();
 		this._register(this._configurationService.onDidChangeConfiguration(e => {
-			if (e.affectsConfiguration(TerminalChatAgentToolsSettingId.AllowList) || e.affectsConfiguration(TerminalChatAgentToolsSettingId.DenyList)) {
+			if (e.affectsConfiguration(TerminalChatAgentToolsSettingId.AutoApprove)) {
 				this.updateConfiguration();
 			}
 		}));
 	}
 
 	updateConfiguration() {
-		this._denyListRegexes = this._mapAutoApproveConfigToRegexList(this._configurationService.getValue(TerminalChatAgentToolsSettingId.DenyList));
-		this._allowListRegexes = this._mapAutoApproveConfigToRegexList(this._configurationService.getValue(TerminalChatAgentToolsSettingId.AllowList));
+		this._autoApproveRegexes = this._mapAutoApproveConfigToRegexList(this._configurationService.getValue(TerminalChatAgentToolsSettingId.AutoApprove));
 	}
 
 	isAutoApproved(command: string, shell: string, os: OperatingSystem): boolean {
-		// Check the deny list to see if this command requires explicit approval
-		for (const regex of this._denyListRegexes) {
+		// Check all patterns in the auto approve list
+		// Deny patterns (false) take precedence over allow patterns (true)
+		let hasAllowMatch = false;
+		let hasDenyMatch = false;
+
+		for (const { regex, approved } of this._autoApproveRegexes) {
 			if (this._commandMatchesRegex(regex, command, shell, os)) {
-				return false;
+				if (approved) {
+					hasAllowMatch = true;
+				} else {
+					hasDenyMatch = true;
+				}
 			}
 		}
 
-		// Check the allow list to see if the command is allowed to run without explicit approval
-		for (const regex of this._allowListRegexes) {
-			if (this._commandMatchesRegex(regex, command, shell, os)) {
-				return true;
-			}
+		// If there's a deny match, always require approval
+		if (hasDenyMatch) {
+			return false;
+		}
+
+		// If there's an allow match and no deny match, auto-approve
+		if (hasAllowMatch) {
+			return true;
 		}
 
 		// TODO: LLM-based auto-approval https://github.com/microsoft/vscode/issues/253267
@@ -64,12 +73,18 @@ export class CommandLineAutoApprover extends Disposable {
 		return false;
 	}
 
-	private _mapAutoApproveConfigToRegexList(config: unknown): RegExp[] {
+	private _mapAutoApproveConfigToRegexList(config: unknown): { regex: RegExp; approved: boolean }[] {
 		if (!config || typeof config !== 'object') {
 			return [];
 		}
 		return Object.entries(config)
-			.map(([key, value]) => value ? this._convertAutoApproveEntryToRegex(key) : undefined)
+			.map(([key, value]) => {
+				if (typeof value === 'boolean') {
+					const regex = this._convertAutoApproveEntryToRegex(key);
+					return { regex, approved: value };
+				}
+				return undefined;
+			})
 			.filter(e => !!e);
 	}
 

src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalChatAgentToolsConfiguration.ts

@@ -9,14 +9,12 @@ import type { IConfigurationPropertySchema } from '../../../../../platform/confi
 
 export const enum TerminalChatAgentToolsSettingId {
 	CoreToolsEnabled = 'chat.agent.terminal.coreToolsEnabled',
-	AllowList = 'chat.agent.terminal.allowList',
-	DenyList = 'chat.agent.terminal.denyList',
+	AutoApprove = 'chat.agent.terminal.autoApprove',
 }
 
 export interface ITerminalChatAgentToolsConfiguration {
 	coreToolsEnabled: boolean;
-	allowList: { [key: string]: string };
-	denyList: { [key: string]: string };
+	autoApprove: { [key: string]: boolean };
 }
 
 export const terminalChatAgentToolsConfiguration: IStringDictionary<IConfigurationPropertySchema> = {
@@ -28,8 +26,8 @@ export const terminalChatAgentToolsConfiguration: IStringDictionary<IConfigurati
 		],
 		default: true,
 	},
-	[TerminalChatAgentToolsSettingId.AllowList]: {
-		markdownDescription: localize('allowList', "A list of commands or regular expressions that allow the run in terminal tool commands to run without explicit approval. These will be matched against the start of a command. A regular expression can be provided by wrapping the string in `/` characters.\n\nExamples:\n- `\"mkdir\"` Will allow all command lines starting with `mkdir`\n- `\"npm run build\"` Will allow all command lines starting with `npm run build`\n- `\"/^git (status|show\\b.*)$/\"` will allow `git status` and all command lines starting with `git show`\n- `\"/.*/\"` will allow all command lines\n\nThis will be overridden by anything that matches an entry in `#chat.agent.terminal.denyList#`."),
+	[TerminalChatAgentToolsSettingId.AutoApprove]: {
+		markdownDescription: localize('autoApprove', "A list of commands or regular expressions that control whether the run in terminal tool commands require explicit approval. These will be matched against the start of a command. A regular expression can be provided by wrapping the string in `/` characters.\n\nSet to `true` to automatically approve commands, or `false` to require explicit approval.\n\nExamples:\n- `\"mkdir\": true` Will allow all command lines starting with `mkdir`\n- `\"npm run build\": true` Will allow all command lines starting with `npm run build`\n- `\"rm\": false` Will require explicit approval for all command lines starting with `rm`\n- `\"/^git (status|show\\b.*)$/\": true` will allow `git status` and all command lines starting with `git show`\n- `\"/.*/\": true` will allow all command lines\n\nCommands set to `false` will override those set to `true`."),
 		type: 'object',
 		additionalProperties: {
 			type: 'boolean',
@@ -38,45 +36,29 @@ export const terminalChatAgentToolsConfiguration: IStringDictionary<IConfigurati
 				false,
 			],
 			enumDescriptions: [
-				localize('allowList.true', "Allow the pattern."),
-				localize('allowList.false', "Do not allow the pattern."),
+				localize('autoApprove.true', "Automatically approve the pattern."),
+				localize('autoApprove.false', "Require explicit approval for the pattern."),
 			],
-			description: localize('allowList.key', "The start of a command to match against. A regular expression can be provided by wrapping the string in `/` characters."),
-		},
-		tags: [
-			'experimental'
-		],
-		default: {},
-	},
-	[TerminalChatAgentToolsSettingId.DenyList]: {
-		markdownDescription: localize('denyList', "A list of commands or regular expressions that override matches in `#chat.agent.terminal.allowList#` and force a command line to require explicit approval. This will be matched against the start of a command. A regular expression can be provided by wrapping the string in `/` characters.\n\nExamples:\n- `\"rm\"` will require explicit approval for any command starting with `rm`\n- `\"/^git (push|pull)/\"` will require explicit approval for any command starting with `git push` or `git pull` \n\nThis provides basic protection by preventing certain commands from running automatically, especially those a user would likely want to approve first. It is not intended as a comprehensive security measure or a defense against prompt injection."),
-		type: 'object',
-		additionalProperties: {
-			type: 'boolean',
-			enum: [
-				true,
-				false
-			],
-			enumDescriptions: [
-				localize('denyList.value.true', "Deny the pattern."),
-				localize('denyList.value.false', "Do not deny the pattern."),
-			],
-			description: localize('denyList.key', "The start of a command to match against. A regular expression can be provided by wrapping the string in `/` characters.")
+			description: localize('autoApprove.key', "The start of a command to match against. A regular expression can be provided by wrapping the string in `/` characters."),
 		},
 		tags: [
 			'experimental'
 		],
 		default: {
-			rm: true,
-			rmdir: true,
-			del: true,
-			kill: true,
-			curl: true,
-			wget: true,
-			eval: true,
-			chmod: true,
-			chown: true,
-			'Remove-Item': true,
+			rm: false,
+			rmdir: false,
+			del: false,
+			kill: false,
+			curl: false,
+			wget: false,
+			eval: false,
+			chmod: false,
+			chown: false,
+			'Remove-Item': false,
 		},
+		policy: {
+			name: 'TerminalChatAgentToolsAutoApprove',
+			minimumVersion: '1.103',
+		}
 	}
 };