Guide terminal tool to request sandbox network/unsandboxed access proactively#321650
Draft
alexdima wants to merge 1 commit into
Draft
Guide terminal tool to request sandbox network/unsandboxed access proactively#321650alexdima wants to merge 1 commit into
alexdima wants to merge 1 commit into
Conversation
…actively Rework the sandbox guidance in createSandboxLines so the model sets requestAllowNetwork / requestUnsandboxedExecution on the FIRST attempt for commands that clearly need them (git fetch/pull/push, package installs, downloads for network; writes outside the workspace/$TMPDIR, system paths, elevated privileges for unsandboxed), instead of running once, failing, and retrying. Network-only needs are steered to requestAllowNetwork rather than leaving the sandbox.
Contributor
📬 CODENOTIFYThe following users are being notified based on files changed in this PR: @anthonykim1Matched files:
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the model-facing sandbox guidance for the terminal chat tool so the model requests requestAllowNetwork / requestUnsandboxedExecution proactively on the first attempt for commands that clearly require additional permissions, instead of waiting for a failure and retry.
Changes:
- Expands the “Sandboxing” guidance text to describe default filesystem/network restrictions more explicitly.
- Adds explicit instructions to proactively set
requestAllowNetwork=true(with a reason) for clearly network-dependent commands. - Adds explicit instructions to proactively set
requestUnsandboxedExecution=true(with a reason) for clearly non-sandbox-compatible commands, while preferringrequestAllowNetworkfor network-only needs.
Show a summary per file
| File | Description |
|---|---|
| src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/runInTerminalTool.ts | Updates the model description strings for sandboxing to steer proactive network/unsandbox requests. |
Copilot's findings
- Files reviewed: 1/1 changed files
- Comments generated: 3
| '- ATTENTION: Terminal sandboxing is enabled, commands run in a sandbox by default', | ||
| '- When executing commands within the sandboxed environment, all operations requiring a temporary directory must utilize the $TMPDIR environment variable. The /tmp directory is not guaranteed to be accessible or writable and must be avoided', | ||
| '- Tools and scripts should respect the TMPDIR environment variable, which is automatically set to an appropriate path within the sandbox', | ||
| '- ATTENTION: Terminal sandboxing is enabled, commands run in a sandbox BY DEFAULT. This means that commands do not have network access and the file system is mounted as read-only and certain paths are not fully accessible (like the $HOME directory). Just the workspace directory and $TMPDIR are mounted as read-write.', |
| '- When executing commands within the sandboxed environment, all operations requiring a temporary directory must utilize the $TMPDIR environment variable. The /tmp directory is not guaranteed to be accessible or writable and must be avoided', | ||
| '- Tools and scripts should respect the TMPDIR environment variable, which is automatically set to an appropriate path within the sandbox', | ||
| '- ATTENTION: Terminal sandboxing is enabled, commands run in a sandbox BY DEFAULT. This means that commands do not have network access and the file system is mounted as read-only and certain paths are not fully accessible (like the $HOME directory). Just the workspace directory and $TMPDIR are mounted as read-write.', | ||
| '- When executing commands, all operations requiring a temporary directory must utilize the $TMPDIR environment variable. The /tmp directory is not guaranteed to be accessible or writable and must be avoided. Tools and scripts should respect the TMPDIR environment variable, which is always defined and set to an appropriate read-write path', |
Comment on lines
+172
to
175
| '- Proactively set requestAllowNetwork=true on the FIRST attempt when the command clearly requires network access, instead of waiting for it to fail. This includes git operations that contact a remote (git fetch, git pull, git push, git clone, git ls-remote, git remote update), package manager operations that download (npm install/ci, yarn, pnpm, pip install, cargo fetch/build, go mod download, brew install), and downloaders (curl, wget). Provide requestAllowNetworkReason.', | ||
| '- When a command fails due to network access being blocked by the sandbox, immediately re-run it with requestAllowNetwork=true and provide requestAllowNetworkReason. This keeps the command in the sandbox with unrestricted network access and automatically shows a confirmation prompt to the user', | ||
| '- Only set requestAllowNetwork=true when there is evidence of network failures caused by the sandbox, e.g. \'Network request failed\' errors, API call failures, or other indications of blocked network access in the command output', | ||
| '- Set requestAllowNetwork=true either proactively (the command clearly needs the network, see above) or reactively when there is evidence of network failures caused by the sandbox, e.g. \'Network request failed\' errors, API call failures, or other indications of blocked network access in the command output', | ||
| '- When setting requestAllowNetwork=true, also provide requestAllowNetworkReason explaining why the command needs network access', |
dileepyavan
approved these changes
Jun 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rework the sandbox guidance in createSandboxLines so the model sets requestAllowNetwork / requestUnsandboxedExecution on the FIRST attempt for commands that clearly need them (git fetch/pull/push, package installs, downloads for network; writes outside the workspace/$TMPDIR, system paths, elevated privileges for unsandboxed), instead of running once, failing, and retrying. Network-only needs are steered to requestAllowNetwork rather than leaving the sandbox.