Simplify agent sandbox settings

[dileepyavan]

Summary

Simplifies agent sandbox configuration by separating sandbox enablement from unrestricted network access while retaining enum-backed enablement settings. The permission-picker checkbox maps its checked state to those enum values, keeping persisted configuration explicit and easy to maintain.

Settings changes

Enablement remains an enum

chat.agent.sandbox.enabled and chat.agent.sandbox.enabledWindows remain string settings with two supported values:

• "off": disables sandboxing.
• "on": enables sandboxing with standard filesystem and network restrictions.

The settings default to "off". enabledWindows is the Windows-specific equivalent; Linux and macOS use enabled.

Unrestricted network access is independent

Adds chat.agent.sandbox.allowNetwork, a restricted boolean setting defaulting to false.

When sandboxing is enabled, setting allowNetwork to true permits all network domains while retaining filesystem sandbox restrictions. This replaces the old third enablement-state value, "allowNetwork", so enablement and network policy are configured independently.

The setting’s policy metadata and generated policy data use minimum version 1.127. Network-filter descriptions now refer to the dedicated setting.

Compatibility and migration

• Existing "off" and "on" values remain valid without migration.
• Existing "allowNetwork" values on either enablement key migrate to the corresponding "on" value.
• The migration also writes chat.agent.sandbox.allowNetwork: true unless that new setting already has an explicit user value, preserving user intent.
• Existing deprecated-setting fallback behavior remains intact.
• Readers continue to normalize historical boolean values to the agent-host’s canonical on | off | allowNetwork representation for backward compatibility.

Runtime and forwarding

• The terminal sandbox engine treats "on" as enabled and consults the new allowNetwork setting before falling back to the legacy "allowNetwork" value.
• The agent-host sandbox schema and forwarded root configuration now include a dedicated allowNetwork key.
• The Copilot SDK sandbox adapter recognizes the modern enabled: "on" plus allowNetwork: true combination, while preserving legacy compatibility.
• Sandbox configuration is refreshed when allowNetwork changes.

Permission picker behavior

The Sandboxing for terminal checkbox remains boolean at the UI boundary, but persists enum values:

const value = checked
    ? AgentSandboxEnabledValue.On
    : AgentSandboxEnabledValue.Off;

• Windows updates chat.agent.sandbox.enabledWindows.
• Linux and macOS update chat.agent.sandbox.enabled.
• The picker refreshes when the platform-applicable setting changes.

Tests and validation

• Updates Windows engine and remote terminal-sandbox tests to use enabledWindows: "on" and independently verify that this does not grant unrestricted network access.
• Retains tests for normalizing legacy boolean values in the settings reader.
• Updates the chat input fixture to use enum enablement.

Validation completed:

• Core Typecheck watch task: 0 errors.

• ESLint for modified TypeScript files.

• Pre-commit hygiene hook.

• Focused unit tests:

  node test/unit/node/index.js \
    --run src/vs/platform/sandbox/test/common/terminalSandboxEngine.test.ts \
    --run src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/common/sandboxSettingsReader.test.ts

  42 passing.

[vs-code-engineering]

📬 CODENOTIFY

The following users are being notified based on files changed in this PR:

@anthonykim1

Matched files:

• src/vs/workbench/contrib/terminal/common/terminalConfiguration.ts
• src/vs/workbench/contrib/terminal/terminalContribExports.ts
• src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/terminal.chatAgentTools.contribution.ts
• src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/sandboxSettingsReader.ts
• src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalChatAgentToolsConfiguration.ts
• src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/terminalSandboxService.test.ts
• src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/common/sandboxSettingsReader.test.ts

[Copilot]

Pull request overview

This PR refactors the agent terminal sandbox settings model by splitting sandbox enablement from “allow all network domains”, while preserving legacy configuration compatibility via normalization and migrations. It also forwards the new setting through to the agent-host schema and SDK config generation, and updates UI + tests accordingly.

Changes:

• Converts chat.agent.sandbox.enabled / chat.agent.sandbox.enabledWindows from off|on|allowNetwork to booleans and introduces chat.agent.sandbox.allowNetwork as the separate opt-in.
• Adds normalization + configuration migrations to keep legacy enum/boolean inputs working and to forward the canonical agent-host on|off|allowNetwork values.
• Updates terminal sandbox runtime behavior, agent-host schema forwarding, UI toggle persistence, docs strings, and related tests/fixtures.

Show a summary per file

File	Description
src/vs/workbench/test/browser/componentFixtures/chat/renderChatInput.ts	Updates chat input fixture to use boolean sandbox enablement.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/common/sandboxSettingsReader.test.ts	Adds test coverage for boolean enabledWindows normalization.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/terminalSandboxService.test.ts	Updates Windows sandbox routing tests for split enablement vs allow-network.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalChatAgentToolsConfiguration.ts	Converts sandbox settings to boolean, adds the new allowNetwork setting + policy metadata.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/sandboxSettingsReader.ts	Forwards/normalizes new sandbox keys (including allowNetwork) for agent-host propagation.
src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/terminal.chatAgentTools.contribution.ts	Ensures sandbox config refresh reacts to allowNetwork changes.
src/vs/workbench/contrib/terminal/terminalContribExports.ts	Exposes the new AgentSandboxAllowNetwork setting id via terminal contrib exports.
src/vs/workbench/contrib/terminal/common/terminalConfiguration.ts	Adds migrations from legacy enum values to new booleans + allowNetwork.
src/vs/workbench/contrib/chat/browser/widget/input/permissionPickerActionItem.ts	Updates permission picker toggle to persist boolean + choose enabledWindows on Windows.
src/vs/workbench/contrib/chat/browser/chat.shared.contribution.ts	Updates network domain setting docs to reference chat.agent.sandbox.allowNetwork.
src/vs/platform/sandbox/test/common/terminalSandboxEngine.test.ts	Updates sandbox engine tests for independent enablement and allow-network behavior.
src/vs/platform/sandbox/common/terminalSandboxEngine.ts	Updates runtime enablement/allow-network evaluation for the new setting model.
src/vs/platform/sandbox/common/settings.ts	Introduces chat.agent.sandbox.allowNetwork id and shared normalization helpers.
src/vs/platform/agentHost/node/copilot/sandboxConfigForSdk.ts	Updates SDK config generation to honor enabled + allowNetwork combination.
src/vs/platform/agentHost/common/sandboxConfigSchema.ts	Extends agent-host sandbox schema + mapping with the new allowNetwork key.
build/lib/policies/policyData.jsonc	Updates generated policy catalog output to reflect the new/updated settings.

Review details

• Files reviewed: 16/16 changed files
• Comments generated: 2
• Review effort level: Low