Explicitly declare VS Code extension workspace trust capabilities#3087
Closed
samwgoldman wants to merge 1 commit intomainfrom
Closed
Explicitly declare VS Code extension workspace trust capabilities#3087samwgoldman wants to merge 1 commit intomainfrom
samwgoldman wants to merge 1 commit intomainfrom
Conversation
The extension already does not run in untrusted workspaces and lspPath can already be overridden in trusted workspaces. These changes make that behavior explicit by declaring untrustedWorkspaces support as disabled via the capabilities API and adding machine-overridable scope to the lspPath and lspArguments settings.
Contributor
|
@samwgoldman has imported this pull request. If you are a Meta employee, you can view this in D100202731. |
grievejia
approved these changes
Apr 9, 2026
Contributor
grievejia
left a comment
grievejia
left a comment
There was a problem hiding this comment.
Review automatically exported from Phabricator review in Meta.
Contributor
|
@samwgoldman merged this pull request in 9e3779b. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The extension already does not run in untrusted workspaces and lspPath can already be overridden in trusted workspaces. These changes make that behavior explicit by declaring untrustedWorkspaces support as disabled via the capabilities API and adding machine-overridable scope to the lspPath and lspArguments settings.
Test Plan
Confirmed that we get a dialog when opening an untrusted workspace:
In an untrusted workspace, the settings.json is not used (Pyrefly is not enabled at all), no PWNED file:
The Extension summary includes the description of why restricted mode is not supported:
In trusted mode, a malicious actor can still cause point lspPath to a malicious binary. This is the same as rust-analyzer and TypeScript extensions.
