Integrating MXC for windows sandboxing#317669
Open
dileepyavan wants to merge 9 commits into
Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds Windows support for the terminal “agent sandbox” by integrating the MXC process container runtime. It extends the sandbox helper/engine APIs to supply Windows-specific filesystem/environment policy, adds a new Windows filesystem configuration setting, and updates tests and tool wiring so sandboxed command execution can be routed through wxc-exec.exe on Windows.
Changes:
- Introduces a Windows MXC runtime abstraction and wires it into
TerminalSandboxEngine/TerminalSandboxServicefor Windows sandbox wrapping. - Adds a new Windows sandbox filesystem setting and updates the output analyzer + contribution wiring to respect it.
- Adds/updates unit tests for Windows MXC wrapping/config generation and expands sandbox helper IPC/service support for Windows policy/env.
Show a summary per file
| File | Description |
|---|---|
| src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/terminalSandboxService.test.ts | Extends tests to cover remote Windows MXC wrapping and adjusts file capture for Windows path forms. |
| src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalSandboxService.ts | Adds Windows path/arch handling and resolves MXC policy/env via sandbox helper (local or remote IPC). |
| src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalChatAgentToolsConfiguration.ts | Introduces chat.agent.sandbox.fileSystem.windows configuration schema. |
| src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/sandboxOutputAnalyzer.ts | Selects the correct OS-specific filesystem setting (Linux/macOS/Windows). |
| src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/terminal.chatAgentTools.contribution.ts | Registers the Windows MXC runtime service and updates config-change triggers. |
| src/vs/workbench/contrib/terminal/terminalContribExports.ts | Re-exports the new Windows sandbox filesystem setting id via terminal contrib exports. |
| src/vs/platform/sandbox/test/common/terminalSandboxEngine.test.ts | Adds Windows-focused engine tests for MXC wrapping/config (filesystem, arch, network). |
| src/vs/platform/sandbox/node/sandboxHelper.ts | Implements Windows MXC filesystem policy and environment extraction (PATH/PATHEXT/PSModulePath/temp). |
| src/vs/platform/sandbox/common/terminalSandboxRuntimeConfigurationPerOperation.ts | Adjusts runtime configuration for Windows (Node operation returns empty config). |
| src/vs/platform/sandbox/common/terminalSandboxReadAllowList.ts | Disables read allow-list behavior on Windows. |
| src/vs/platform/sandbox/common/terminalSandboxMxcRuntime.ts | Adds Windows MXC runtime implementation for config generation and command wrapping. |
| src/vs/platform/sandbox/common/terminalSandboxEngine.ts | Enables Windows sandboxing via MXC, adds policy/env plumbing, Windows path handling, and config generation changes. |
| src/vs/platform/sandbox/common/settings.ts | Adds the Windows sandbox filesystem setting id constant. |
| src/vs/platform/sandbox/common/sandboxHelperService.ts | Extends the sandbox helper service interface with Windows MXC policy/env APIs. |
| src/vs/platform/sandbox/common/sandboxHelperIpc.ts | Adds IPC methods for Windows MXC policy/env retrieval. |
| src/vs/platform/sandbox/browser/sandboxHelperService.ts | Adds no-op implementations for the new Windows MXC APIs in web targets. |
| remote/package.json | Adds @microsoft/mxc-sdk dependency for the remote package. |
| remote/package-lock.json | Locks @microsoft/mxc-sdk and related dependency updates for the remote package. |
| package.json | Adds @microsoft/mxc-sdk dependency to the root package. |
| package-lock.json | Locks @microsoft/mxc-sdk and related dependency updates in the root lockfile. |
Copilot's findings
Files not reviewed (1)
- remote/package-lock.json: Language not supported
- Files reviewed: 18/20 changed files
- Comments generated: 4
Merging readwritePaths Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
aiday-mar
approved these changes
May 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fixes #317711
Summary
@microsoft/mxc-sdkfor windows sandboxing.wxc-execwith the generated config.Pending from integration:
No network isolation yet for windows sandboxing as proxy support is not provided yet.
Env variables are not being injected correctly into the sandbox and awaiting on fix by mxc package owners.