Explain auto approve

Part of microsoft#256780

Author: Tyriar

src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/commandLineAutoApprover.ts

@@ -35,42 +35,42 @@ export class CommandLineAutoApprover extends Disposable {
 		this._denyListCommandLineRegexes = denyListCommandLine;
 	}
 
-	isCommandAutoApproved(command: string, shell: string, os: OperatingSystem): boolean {
+	isCommandAutoApproved(command: string, shell: string, os: OperatingSystem): { isAutoApproved: boolean; reason: string } {
 		// Check the deny list to see if this command requires explicit approval
 		for (const regex of this._denyListRegexes) {
 			if (this._commandMatchesRegex(regex, command, shell, os)) {
-				return false;
+				return { isAutoApproved: false, reason: `Command '${command}' is denied by deny list rule: ${regex.source}` };
 			}
 		}
 
 		// Check the allow list to see if the command is allowed to run without explicit approval
 		for (const regex of this._allowListRegexes) {
 			if (this._commandMatchesRegex(regex, command, shell, os)) {
-				return true;
+				return { isAutoApproved: true, reason: `Command '${command}' is approved by allow list rule: ${regex.source}` };
 			}
 		}
 
 		// TODO: LLM-based auto-approval https://github.com/microsoft/vscode/issues/253267
 
 		// Fallback is always to require approval
-		return false;
+		return { isAutoApproved: false, reason: `Command '${command}' requires explicit approval (no matching allow list rule found)` };
 	}
 
-	isCommandLineAutoApproved(commandLine: string): boolean {
+	isCommandLineAutoApproved(commandLine: string): { isAutoApproved: boolean; reason: string } {
 		// Check the deny list first to see if this command line requires explicit approval
 		for (const regex of this._denyListCommandLineRegexes) {
 			if (regex.test(commandLine)) {
-				return false;
+				return { isAutoApproved: false, reason: `Command line '${commandLine}' is denied by deny list rule: ${regex.source}` };
 			}
 		}
 
 		// Check if the full command line matches any of the allow list command line regexes
 		for (const regex of this._allowListCommandLineRegexes) {
 			if (regex.test(commandLine)) {
-				return true;
+				return { isAutoApproved: true, reason: `Command line '${commandLine}' is approved by allow list rule: ${regex.source}` };
 			}
 		}
-		return false;
+		return { isAutoApproved: false, reason: `Command line '${commandLine}' requires explicit approval (no matching allow list rule found)` };
 	}
 
 	private _commandMatchesRegex(regex: RegExp, command: string, shell: string, os: OperatingSystem): boolean {

src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/runInTerminalTool.ts

@@ -171,10 +171,14 @@ export class RunInTerminalTool extends Disposable implements IToolImpl {
 			const subCommands = splitCommandLineIntoSubCommands(args.command, shell, os);
 			const inlineSubCommands = subCommands.map(e => Array.from(extractInlineSubCommands(e, shell, os))).flat();
 			const allSubCommands = [...subCommands, ...inlineSubCommands];
-			if (allSubCommands.every(e => this._commandLineAutoApprover.isCommandAutoApproved(e, shell, os))) {
+			const subCommandResults = allSubCommands.map(e => this._commandLineAutoApprover.isCommandAutoApproved(e, shell, os));
+			console.log({ subCommandResults });
+			if (subCommandResults.every(e => e.isAutoApproved)) {
 				confirmationMessages = undefined;
 			} else {
-				if (this._commandLineAutoApprover.isCommandLineAutoApproved(args.command)) {
+				const commandLineResults = this._commandLineAutoApprover.isCommandLineAutoApproved(args.command);
+				console.log({ commandLineResults });
+				if (commandLineResults) {
 					confirmationMessages = undefined;
 				} else {
 					confirmationMessages = {