release: eligibleForAutoApproval (microsoft#277943)

* Add `eligibleForAutoApproval` (microsoft#277043)

* first pass at eligibleForAutoApproval

* add policy object

* tidy

* add default confirmationMessages and prevent globally auto-approving

* --amend

* do not show the allow button dropdown when menu is empty!

* update description

* compile test

* update test

* polish

* remove policy for now

* polish

fix not taking in autoapprove

* Add policy configuration for chat.tools.eligibleForAutoApproval (microsoft#277238)

* Initial plan

* Add policy configuration for chat.tools.eligibleForAutoApproval setting

Co-authored-by: joshspicer <[email protected]>

* Update policy generation tests for chat.tools.eligibleForAutoApproval

Co-authored-by: joshspicer <[email protected]>

* restore fixtures

* restore test

* fix minimumVersion

* do not add chat prompt files

* rerun --export-policy-data

* polish

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: joshspicer <[email protected]>

* fix edge case with previously approved tools `chat.tools.eligibleForAutoApproval` (microsoft#277590)

fix loophole where already approved tools continues to be approved

* Disclaimer when `eligibleForAutoApproval` halts tool call (microsoft#277592)

* add disclaimer for isToolEligibleForAutoApproval

* no markdown

* decrement minimum version

update policydata

* set allowAutoConfirm for terminal tool (microsoft#277957)

runInTerminalTool evaluate isEligibleForAutoApproval

* prevent empty dropdown (from f78695d)

* spread prepared.confirmationMessages before setting new one

* fix fetch tool when prohibited via EligibleForAutoApproval

boolean check

* improve disclaimer ux

make settings link clickable

---------

Co-authored-by: Copilot <[email protected]>

Author: joshspicer

build/lib/policies/policyData.jsonc

@@ -94,6 +94,20 @@
             "type": "boolean",
             "default": false
         },
+        {
+            "key": "chat.tools.eligibleForAutoApproval",
+            "name": "ChatToolsEligibleForAutoApproval",
+            "category": "InteractiveSession",
+            "minimumVersion": "1.106",
+            "localization": {
+                "description": {
+                    "key": "chat.tools.eligibleForAutoApproval",
+                    "value": "Controls which tools are eligible for automatic approval. Tools set to 'false' will always present a confirmation and will never offer the option to auto-approve. The default behavior (or setting a tool to 'true') may result in the tool offering auto-approval options."
+                }
+            },
+            "type": "object",
+            "default": {}
+        },
         {
             "key": "chat.mcp.access",
             "name": "ChatMCP",

src/vs/workbench/contrib/chat/browser/chat.contribution.ts

@@ -276,6 +276,32 @@ configurationRegistry.registerConfiguration({
 				type: 'boolean',
 			}
 		},
+		[ChatConfiguration.EligibleForAutoApproval]: {
+			default: {},
+			markdownDescription: nls.localize('chat.tools.eligibleForAutoApproval', 'Controls which tools are eligible for automatic approval. Tools set to \'false\' will always present a confirmation and will never offer the option to auto-approve. The default behavior (or setting a tool to \'true\') may result in the tool offering auto-approval options.'),
+			type: 'object',
+			additionalProperties: {
+				type: 'boolean',
+			},
+			tags: ['experimental'],
+			examples: [
+				{
+					'fetch': false,
+					'runTests': false
+				}
+			],
+			policy: {
+				name: 'ChatToolsEligibleForAutoApproval',
+				category: PolicyCategory.InteractiveSession,
+				minimumVersion: '1.106',
+				localization: {
+					description: {
+						key: 'chat.tools.eligibleForAutoApproval',
+						value: nls.localize('chat.tools.eligibleForAutoApproval', 'Controls which tools are eligible for automatic approval. Tools set to \'false\' will always present a confirmation and will never offer the option to auto-approve. The default behavior (or setting a tool to \'true\') may result in the tool offering auto-approval options.')
+					}
+				},
+			}
+		},
 		'chat.sendElementsToChat.enabled': {
 			default: true,
 			description: nls.localize('chat.sendElementsToChat.enabled', "Controls whether elements can be sent to chat from the Simple Browser."),

src/vs/workbench/contrib/chat/browser/chatContentParts/toolInvocationParts/abstractToolConfirmationSubPart.ts

@@ -60,14 +60,15 @@ export abstract class AbstractToolConfirmationSubPart extends BaseChatToolInvoca
 		const skipTooltip = skipKeybinding ? `${config.skipLabel} (${skipKeybinding})` : config.skipLabel;
 
 
+		const additionalActions = this.additionalPrimaryActions();
 		const buttons: IChatConfirmationButton<(() => void)>[] = [
 			{
 				label: config.allowLabel,
 				tooltip: allowTooltip,
 				data: () => {
 					this.confirmWith(toolInvocation, { type: ToolConfirmKind.UserAction });
 				},
-				moreActions: this.additionalPrimaryActions(),
+				moreActions: additionalActions.length > 0 ? additionalActions : undefined,
 			},
 			{
 				label: localize('skip', "Skip"),

src/vs/workbench/contrib/chat/browser/chatContentParts/toolInvocationParts/chatTerminalToolConfirmationSubPart.ts

@@ -128,6 +128,10 @@ export class ChatTerminalToolConfirmationSubPart extends BaseChatToolInvocationS
 			if (terminalCustomActions) {
 				moreActions.push(...terminalCustomActions);
 			}
+			if (moreActions.length === 0) {
+				moreActions = undefined;
+			}
+
 		}
 
 		const codeBlockRenderOptions: ICodeBlockRenderOptions = {

src/vs/workbench/contrib/chat/browser/chatContentParts/toolInvocationParts/chatToolConfirmationSubPart.ts

@@ -129,7 +129,7 @@ export class ToolConfirmationSubPart extends AbstractToolConfirmationSubPart {
 		const { message, disclaimer } = this.toolInvocation.confirmationMessages!;
 		const toolInvocation = this.toolInvocation as IChatToolInvocation;
 
-		if (typeof message === 'string') {
+		if (typeof message === 'string' && !disclaimer) {
 			return message;
 		} else {
 			const codeBlockRenderOptions: ICodeBlockRenderOptions = {

src/vs/workbench/contrib/chat/browser/languageModelToolsService.ts

@@ -12,7 +12,7 @@ import { Codicon } from '../../../../base/common/codicons.js';
 import { toErrorMessage } from '../../../../base/common/errorMessage.js';
 import { CancellationError, isCancellationError } from '../../../../base/common/errors.js';
 import { Emitter, Event } from '../../../../base/common/event.js';
-import { MarkdownString } from '../../../../base/common/htmlContent.js';
+import { markdownCommandLink, MarkdownString } from '../../../../base/common/htmlContent.js';
 import { Iterable } from '../../../../base/common/iterator.js';
 import { combinedDisposable, Disposable, DisposableStore, IDisposable, toDisposable } from '../../../../base/common/lifecycle.js';
 import { IObservable, ObservableSet } from '../../../../base/common/observable.js';
@@ -445,9 +445,33 @@ export class LanguageModelToolsService extends Disposable implements ILanguageMo
 			prepared = await preparePromise;
 		}
 
+		const isEligibleForAutoApproval = this.isToolEligibleForAutoApproval(tool.data);
+
+		// Default confirmation messages if tool is not eligible for auto-approval
+		if (!isEligibleForAutoApproval && !prepared?.confirmationMessages?.title) {
+			if (!prepared) {
+				prepared = {};
+			}
+
+			const toolReferenceName = getToolReferenceName(tool.data);
+			// TODO: This should be more detailed per tool.
+			prepared.confirmationMessages = {
+				...prepared.confirmationMessages,
+				title: localize('defaultToolConfirmation.title', 'Allow tool to execute?'),
+				message: localize('defaultToolConfirmation.message', 'Run the \'{0}\' tool?', toolReferenceName),
+				disclaimer: new MarkdownString(localize('defaultToolConfirmation.disclaimer', 'Auto approval for \'{0}\' is restricted via {1}.', getToolReferenceName(tool.data), markdownCommandLink({ title: '`' + ChatConfiguration.EligibleForAutoApproval + '`', id: 'workbench.action.openSettings', arguments: [ChatConfiguration.EligibleForAutoApproval] }, false)), { isTrusted: true }),
+				allowAutoConfirm: false,
+			};
+		}
+
+		if (!isEligibleForAutoApproval && prepared?.confirmationMessages?.title) {
+			// Always overwrite the disclaimer if not eligible for auto-approval
+			prepared.confirmationMessages.disclaimer = new MarkdownString(localize('defaultToolConfirmation.disclaimer', 'Auto approval for \'{0}\' is restricted via {1}.', getToolReferenceName(tool.data), markdownCommandLink({ title: '`' + ChatConfiguration.EligibleForAutoApproval + '`', id: 'workbench.action.openSettings', arguments: [ChatConfiguration.EligibleForAutoApproval] }, false)), { isTrusted: true });
+		}
+
 		if (prepared?.confirmationMessages?.title) {
-			if (prepared.toolSpecificData?.kind !== 'terminal' && typeof prepared.confirmationMessages.allowAutoConfirm !== 'boolean') {
-				prepared.confirmationMessages.allowAutoConfirm = true;
+			if (prepared.toolSpecificData?.kind !== 'terminal' && prepared.confirmationMessages.allowAutoConfirm !== false) {
+				prepared.confirmationMessages.allowAutoConfirm = isEligibleForAutoApproval;
 			}
 
 			if (!prepared.toolSpecificData && tool.data.alwaysDisplayInputOutput) {
@@ -504,7 +528,35 @@ export class LanguageModelToolsService extends Disposable implements ILanguageMo
 		});
 	}
 
+	private getEligbleForAutoApprovalSpecialCase(toolData: IToolData): string | undefined {
+		if (toolData.id === 'vscode_fetchWebPage_internal') {
+			return 'fetch';
+		}
+		return undefined;
+	}
+
+	private isToolEligibleForAutoApproval(toolData: IToolData): boolean {
+		const toolReferenceName = this.getEligbleForAutoApprovalSpecialCase(toolData) ?? getToolReferenceName(toolData);
+		if (toolData.id === 'copilot_fetchWebPage') {
+			// Special case, this fetch will call an internal tool 'vscode_fetchWebPage_internal'
+			return true;
+		}
+		const eligibilityConfig = this._configurationService.getValue<Record<string, boolean>>(ChatConfiguration.EligibleForAutoApproval);
+		return eligibilityConfig && typeof eligibilityConfig === 'object' && toolReferenceName
+			? (eligibilityConfig[toolReferenceName] ?? true) // Default to true if not specified
+			: true; // Default to eligible if the setting is not an object or no reference name
+	}
+
 	private async shouldAutoConfirm(toolId: string, runsInWorkspace: boolean | undefined, source: ToolDataSource, parameters: unknown): Promise<ConfirmedReason | undefined> {
+		const tool = this._tools.get(toolId);
+		if (!tool) {
+			return undefined;
+		}
+
+		if (!this.isToolEligibleForAutoApproval(tool.data)) {
+			return undefined;
+		}
+
 		const reason = this._confirmationService.getPreConfirmAction({ toolId, source, parameters });
 		if (reason) {
 			return reason;

src/vs/workbench/contrib/chat/common/constants.ts

@@ -15,6 +15,7 @@ export enum ChatConfiguration {
 	EditRequests = 'chat.editRequests',
 	GlobalAutoApprove = 'chat.tools.global.autoApprove',
 	AutoApproveEdits = 'chat.tools.edits.autoApprove',
+	EligibleForAutoApproval = 'chat.tools.eligibleForAutoApproval',
 	EnableMath = 'chat.math.enabled',
 	CheckpointsEnabled = 'chat.checkpoints.enabled',
 	AgentSessionsViewLocation = 'chat.agentSessionsViewLocation',

src/vs/workbench/contrib/chat/test/browser/languageModelToolsService.test.ts

@@ -1062,6 +1062,81 @@ suite('LanguageModelToolsService', () => {
 		assert.strictEqual(unspecifiedResult.content[0].value, 'unspecified');
 	});
 
+	test('eligibleForAutoApproval setting controls tool eligibility', async () => {
+		// Test the new eligibleForAutoApproval setting
+		const testConfigService = new TestConfigurationService();
+		testConfigService.setUserConfiguration('chat.tools.eligibleForAutoApproval', {
+			'eligibleToolRef': true,
+			'ineligibleToolRef': false
+		});
+
+		const instaService = workbenchInstantiationService({
+			contextKeyService: () => store.add(new ContextKeyService(testConfigService)),
+			configurationService: () => testConfigService
+		}, store);
+		instaService.stub(IChatService, chatService);
+		instaService.stub(ILanguageModelToolsConfirmationService, new MockLanguageModelToolsConfirmationService());
+		const testService = store.add(instaService.createInstance(LanguageModelToolsService));
+
+		// Tool explicitly marked as eligible (using toolReferenceName) - no confirmation needed
+		const eligibleTool = registerToolForTest(testService, store, 'eligibleTool', {
+			prepareToolInvocation: async () => ({}),
+			invoke: async () => ({ content: [{ kind: 'text', value: 'eligible tool ran' }] })
+		}, {
+			toolReferenceName: 'eligibleToolRef'
+		});
+
+		const sessionId = 'test-eligible';
+		stubGetSession(chatService, sessionId, { requestId: 'req1' });
+
+		// Eligible tool should not get default confirmation messages injected
+		const eligibleResult = await testService.invokeTool(
+			eligibleTool.makeDto({ test: 1 }, { sessionId }),
+			async () => 0,
+			CancellationToken.None
+		);
+		assert.strictEqual(eligibleResult.content[0].value, 'eligible tool ran');
+
+		// Tool explicitly marked as ineligible (using toolReferenceName) - must require confirmation
+		const ineligibleTool = registerToolForTest(testService, store, 'ineligibleTool', {
+			prepareToolInvocation: async () => ({}),
+			invoke: async () => ({ content: [{ kind: 'text', value: 'ineligible requires confirmation' }] })
+		}, {
+			toolReferenceName: 'ineligibleToolRef'
+		});
+
+		const capture: { invocation?: any } = {};
+		stubGetSession(chatService, sessionId + '2', { requestId: 'req2', capture });
+		const ineligiblePromise = testService.invokeTool(
+			ineligibleTool.makeDto({ test: 2 }, { sessionId: sessionId + '2' }),
+			async () => 0,
+			CancellationToken.None
+		);
+		const published = await waitForPublishedInvocation(capture);
+		assert.ok(published?.confirmationMessages, 'ineligible tool should require confirmation');
+		assert.ok(published?.confirmationMessages?.title, 'should have default confirmation title');
+		assert.strictEqual(published?.confirmationMessages?.allowAutoConfirm, false, 'should not allow auto confirm');
+
+		IChatToolInvocation.confirmWith(published, { type: ToolConfirmKind.UserAction });
+		const ineligibleResult = await ineligiblePromise;
+		assert.strictEqual(ineligibleResult.content[0].value, 'ineligible requires confirmation');
+
+		// Tool not specified should default to eligible - no confirmation needed
+		const unspecifiedTool = registerToolForTest(testService, store, 'unspecifiedTool', {
+			prepareToolInvocation: async () => ({}),
+			invoke: async () => ({ content: [{ kind: 'text', value: 'unspecified defaults to eligible' }] })
+		}, {
+			toolReferenceName: 'unspecifiedToolRef'
+		});
+
+		const unspecifiedResult = await testService.invokeTool(
+			unspecifiedTool.makeDto({ test: 3 }, { sessionId }),
+			async () => 0,
+			CancellationToken.None
+		);
+		assert.strictEqual(unspecifiedResult.content[0].value, 'unspecified defaults to eligible');
+	});
+
 	test('tool content formatting with alwaysDisplayInputOutput', async () => {
 		// Test ensureToolDetails, formatToolInput, and toolResultToIO
 		const toolData: IToolData = {
@@ -1755,6 +1830,70 @@ suite('LanguageModelToolsService', () => {
 
 	});
 
+	test('eligibleForAutoApproval setting can be configured via policy', async () => {
+		// Test that policy configuration works for eligibleForAutoApproval
+		// Policy values should be JSON strings for object-type settings
+		const testConfigService = new TestConfigurationService();
+
+		// Simulate policy configuration (would come from policy file)
+		const policyValue = {
+			'toolA': true,
+			'toolB': false
+		};
+		testConfigService.setUserConfiguration('chat.tools.eligibleForAutoApproval', policyValue);
+
+		const instaService = workbenchInstantiationService({
+			contextKeyService: () => store.add(new ContextKeyService(testConfigService)),
+			configurationService: () => testConfigService
+		}, store);
+		instaService.stub(IChatService, chatService);
+		instaService.stub(ILanguageModelToolsConfirmationService, new MockLanguageModelToolsConfirmationService());
+		const testService = store.add(instaService.createInstance(LanguageModelToolsService));
+
+		// Tool A is eligible (true in policy)
+		const toolA = registerToolForTest(testService, store, 'toolA', {
+			prepareToolInvocation: async () => ({}),
+			invoke: async () => ({ content: [{ kind: 'text', value: 'toolA executed' }] })
+		}, {
+			toolReferenceName: 'toolA'
+		});
+
+		// Tool B is ineligible (false in policy)
+		const toolB = registerToolForTest(testService, store, 'toolB', {
+			prepareToolInvocation: async () => ({}),
+			invoke: async () => ({ content: [{ kind: 'text', value: 'toolB executed' }] })
+		}, {
+			toolReferenceName: 'toolB'
+		});
+
+		const sessionId = 'test-policy';
+		stubGetSession(chatService, sessionId, { requestId: 'req1' });
+
+		// Tool A should execute without confirmation (eligible)
+		const resultA = await testService.invokeTool(
+			toolA.makeDto({ test: 1 }, { sessionId }),
+			async () => 0,
+			CancellationToken.None
+		);
+		assert.strictEqual(resultA.content[0].value, 'toolA executed');
+
+		// Tool B should require confirmation (ineligible)
+		const capture: { invocation?: any } = {};
+		stubGetSession(chatService, sessionId + '2', { requestId: 'req2', capture });
+		const promiseB = testService.invokeTool(
+			toolB.makeDto({ test: 2 }, { sessionId: sessionId + '2' }),
+			async () => 0,
+			CancellationToken.None
+		);
+		const published = await waitForPublishedInvocation(capture);
+		assert.ok(published?.confirmationMessages, 'toolB should require confirmation due to policy');
+		assert.strictEqual(published?.confirmationMessages?.allowAutoConfirm, false, 'should not allow auto confirm');
+
+		IChatToolInvocation.confirmWith(published, { type: ToolConfirmKind.UserAction });
+		const resultB = await promiseB;
+		assert.strictEqual(resultB.content[0].value, 'toolB executed');
+	});
+
 
 
 });

src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/runInTerminalTool.ts

@@ -50,9 +50,12 @@ import { CommandLineCdPrefixRewriter } from './commandLineRewriter/commandLineCd
 import { CommandLinePwshChainOperatorRewriter } from './commandLineRewriter/commandLinePwshChainOperatorRewriter.js';
 import { IWorkspaceContextService } from '../../../../../../platform/workspace/common/workspace.js';
 import { IHistoryService } from '../../../../../services/history/common/history.js';
+import { ChatConfiguration } from '../../../../chat/common/constants.js';
 
 // #region Tool data
 
+const TOOL_REFERENCE_NAME = 'runInTerminal';
+
 function createPowerShellModelDescription(shell: string): string {
 	const isWinPwsh = isWindowsPowerShell(shell);
 	return [
@@ -188,7 +191,7 @@ export async function createRunInTerminalToolData(
 
 	return {
 		id: 'run_in_terminal',
-		toolReferenceName: 'runInTerminal',
+		toolReferenceName: TOOL_REFERENCE_NAME,
 		displayName: localize('runInTerminalTool.displayName', 'Run in Terminal'),
 		modelDescription,
 		userDescription: localize('runInTerminalTool.userDescription', 'Tool for running commands in the terminal'),
@@ -397,9 +400,10 @@ export class RunInTerminalTool extends Disposable implements IToolImpl {
 		// commands that would be auto approved if it were enabled.
 		const commandLine = rewrittenCommand ?? args.command;
 
+		const isEligibleForAutoApproval = this._configurationService.getValue<Record<string, boolean>>(ChatConfiguration.EligibleForAutoApproval)?.[TOOL_REFERENCE_NAME] ?? true;
 		const isAutoApproveEnabled = this._configurationService.getValue(TerminalChatAgentToolsSettingId.EnableAutoApprove) === true;
 		const isAutoApproveWarningAccepted = this._storageService.getBoolean(TerminalToolConfirmationStorageKeys.TerminalAutoApproveWarningAccepted, StorageScope.APPLICATION, false);
-		const isAutoApproveAllowed = isAutoApproveEnabled && isAutoApproveWarningAccepted;
+		const isAutoApproveAllowed = isEligibleForAutoApproval && isAutoApproveEnabled && isAutoApproveWarningAccepted;
 
 		const commandLineAnalyzerOptions: ICommandLineAnalyzerOptions = {
 			commandLine,
@@ -417,7 +421,7 @@ export class RunInTerminalTool extends Disposable implements IToolImpl {
 			disclaimer = new MarkdownString(`$(${Codicon.info.id}) ` + disclaimersRaw.join(' '), { supportThemeIcons: true });
 		}
 
-		const customActions = commandLineAnalyzerResults.map(e => e.customActions ?? []).flat();
+		const customActions = isEligibleForAutoApproval ? commandLineAnalyzerResults.map(e => e.customActions ?? []).flat() : undefined;
 		toolSpecificData.autoApproveInfo = commandLineAnalyzerResults.find(e => e.autoApproveInfo)?.autoApproveInfo;
 
 		let shellType = basename(shell, '.exe');