[pull] main from microsoft:main

.github/copilot-instructions.md

@@ -145,6 +145,7 @@ function f(x: number, y: string): void { }
 - You MUST NOT use storage keys of another component only to make changes to that component. You MUST come up with proper API to change another component.
 - Use `IEditorService` to open editors instead of `IEditorGroupsService.activeGroup.openEditor` to ensure that the editor opening logic is properly followed and to avoid bypassing important features such as `revealIfOpened` or `preserveFocus`.
 - Avoid using `bind()`, `call()` and `apply()` solely to control `this` or partially apply arguments; prefer arrow functions or closures to capture the necessary context, and use these methods only when required by an API or interoperability.
+- Avoid using events to drive control flow between components. Instead, prefer direct method calls or service interactions to ensure clearer dependencies and easier traceability of logic. Events should be reserved for broadcasting state changes or notifications rather than orchestrating behavior across components.
 
 ## Learnings
 - Minimize the amount of assertions in tests. Prefer one snapshot-style `assert.deepStrictEqual` over multiple precise assertions, as they are much more difficult to understand and to update.

extensions/simple-browser/package.json

@@ -42,6 +42,14 @@
         "category": "Simple Browser"
       }
     ],
+    "menus": {
+      "commandPalette": [
+        {
+          "command": "simpleBrowser.show",
+          "when": "isWeb"
+        }
+      ]
+    },
     "configuration": [
       {
         "title": "Simple Browser",
@@ -51,12 +59,6 @@
             "default": true,
             "title": "Focus Lock Indicator Enabled",
             "description": "%configuration.focusLockIndicator.enabled.description%"
-          },
-          "simpleBrowser.useIntegratedBrowser": {
-            "type": "boolean",
-            "default": true,
-            "markdownDescription": "%configuration.useIntegratedBrowser.description%",
-            "scope": "application"
           }
         }
       }

extensions/simple-browser/package.nls.json

@@ -1,6 +1,5 @@
 {
 	"displayName": "Simple Browser",
 	"description": "A very basic built-in webview for displaying web content.",
-	"configuration.focusLockIndicator.enabled.description": "Enable/disable the floating indicator that shows when focused in the simple browser.",
-	"configuration.useIntegratedBrowser.description": "When enabled, the `simpleBrowser.show` command will open URLs in the integrated browser instead of the Simple Browser webview. **Note:** This setting is only available on desktop."
+	"configuration.focusLockIndicator.enabled.description": "Enable/disable the floating indicator that shows when focused in the simple browser."
 }

extensions/simple-browser/src/extension.ts

@@ -15,7 +15,6 @@ declare class URL {
 const openApiCommand = 'simpleBrowser.api.open';
 const showCommand = 'simpleBrowser.show';
 const integratedBrowserCommand = 'workbench.action.browser.open';
-const useIntegratedBrowserSetting = 'simpleBrowser.useIntegratedBrowser';
 
 const enabledHosts = new Set<string>([
 	'localhost',
@@ -37,12 +36,6 @@ const openerId = 'simpleBrowser.open';
  * Checks if the integrated browser should be used instead of the simple browser
  */
 async function shouldUseIntegratedBrowser(): Promise<boolean> {
-	const config = vscode.workspace.getConfiguration();
-	if (!config.get<boolean>(useIntegratedBrowserSetting, true)) {
-		return false;
-	}
-
-	// Verify that the integrated browser command is available
 	const commands = await vscode.commands.getCommands(true);
 	return commands.includes(integratedBrowserCommand);
 }

extensions/vscode-api-tests/src/singlefolder-tests/browser.test.ts

@@ -5,7 +5,7 @@
 
 import * as assert from 'assert';
 import * as vscode from 'vscode';
-import { window, ViewColumn } from 'vscode';
+import { window, commands, ViewColumn } from 'vscode';
 import { assertNoRpc, closeAllEditors } from '../utils';
 
 (vscode.env.uiKind === vscode.UIKind.Web ? suite.skip : suite)('vscode API - browser', () => {
@@ -73,6 +73,16 @@ import { assertNoRpc, closeAllEditors } from '../utils';
 		assert.strictEqual(window.browserTabs.length, countBefore - 1);
 	});
 
+	test('Can move a browser tab to a new group and close it successfully', async () => {
+		const tab = await window.openBrowserTab('about:blank');
+		assert.ok(window.browserTabs.includes(tab));
+
+		await commands.executeCommand('workbench.action.moveEditorToNextGroup');
+
+		await tab.close();
+		assert.ok(!window.browserTabs.includes(tab));
+	});
+
 	// #endregion
 
 	// #region onDidOpenBrowserTab

src/vs/platform/actionWidget/browser/actionList.ts

@@ -193,6 +193,7 @@ class ActionItemRenderer<T> implements IListRenderer<IActionListItem<T>, IAction
 		private readonly _onRemoveItem: ((item: IActionListItem<T>) => void) | undefined,
 		private readonly _onSubmenuIndicatorHover: ((element: IActionListItem<T>, indicator: HTMLElement, disposables: DisposableStore) => void) | undefined,
 		private _hasAnySubmenuActions: boolean,
+		private readonly _linkHandler: ((uri: URI, item: IActionListItem<T>) => void) | undefined,
 		@IKeybindingService private readonly _keybindingService: IKeybindingService,
 		@IOpenerService private readonly _openerService: IOpenerService,
 	) { }
@@ -284,7 +285,12 @@ class ActionItemRenderer<T> implements IListRenderer<IActionListItem<T>, IAction
 			} else {
 				const rendered = renderMarkdown(element.description, {
 					actionHandler: (content: string) => {
-						this._openerService.open(URI.parse(content), { allowCommands: true });
+						const uri = URI.parse(content);
+						if (this._linkHandler) {
+							this._linkHandler(uri, element);
+						} else {
+							void this._openerService.open(uri, { allowCommands: true });
+						}
 					}
 				});
 				data.elementDisposables.add(rendered);
@@ -404,6 +410,17 @@ export interface IActionListOptions {
 	 */
 	readonly minWidth?: number;
 
+	/**
+	 * Optional handler for markdown links activated in item descriptions or hovers.
+	 * When unset, links open via the opener service with command links allowed.
+	 */
+	readonly linkHandler?: (uri: URI, item: IActionListItem<unknown>) => void;
+
+	/**
+	 * Optional callback fired when a section's collapsed state changes.
+	 */
+	readonly onDidToggleSection?: (section: string, collapsed: boolean) => void;
+
 	/**
 	 * When true, descriptions are rendered as subtext below the title
 	 * instead of inline to the right.
@@ -518,7 +535,7 @@ export class ActionListWidget<T> extends Disposable {
 		const hasAnySubmenuActions = items.some(item => !!item.submenuActions?.length);
 
 		this._list = this._register(new List(user, this.domNode, virtualDelegate, [
-			new ActionItemRenderer<T>(preview, (item) => this._removeItem(item), (element, indicator, disposables) => this._wireSubmenuIndicator(element, indicator, disposables), hasAnySubmenuActions, this._keybindingService, this._openerService),
+			new ActionItemRenderer<T>(preview, (item) => this._removeItem(item), (element, indicator, disposables) => this._wireSubmenuIndicator(element, indicator, disposables), hasAnySubmenuActions, this._options?.linkHandler, this._keybindingService, this._openerService),
 			new HeaderRenderer(),
 			new SeparatorRenderer(),
 		], {
@@ -638,6 +655,7 @@ export class ActionListWidget<T> extends Disposable {
 		} else {
 			this._collapsedSections.add(section);
 		}
+		this._options?.onDidToggleSection?.(section, this._collapsedSections.has(section));
 		this._applyFilter();
 	}
 
@@ -1162,10 +1180,14 @@ export class ActionListWidget<T> extends Disposable {
 		}
 
 		const markdown = typeof element.hover!.content === 'string' ? new MarkdownString(element.hover!.content) : element.hover!.content;
+		const linkHandler = this._options?.linkHandler;
 		this._hover.value = this._hoverService.showDelayedHover({
 			content: markdown ?? '',
 			target: rowElement,
 			additionalClasses: ['action-widget-hover'],
+			linkHandler: linkHandler ? (url: string) => {
+				linkHandler(URI.parse(url), element);
+			} : undefined,
 			position: {
 				hoverPosition: HoverPosition.LEFT,
 				forcePosition: false,

src/vs/platform/agentHost/common/agentService.ts

@@ -4,6 +4,7 @@
  *--------------------------------------------------------------------------------------------*/
 
 import { Event } from '../../../base/common/event.js';
+import { IAuthorizationProtectedResourceMetadata } from '../../../base/common/oauth.js';
 import { URI } from '../../../base/common/uri.js';
 import { createDecorator } from '../../instantiation/common/instantiation.js';
 import type { IActionEnvelope, INotification, ISessionAction } from './state/sessionActions.js';
@@ -40,10 +41,55 @@ export interface IAgentDescriptor {
 	readonly provider: AgentProvider;
 	readonly displayName: string;
 	readonly description: string;
-	/** Whether the renderer should push a GitHub auth token for this agent. */
+	/**
+	 * Whether the renderer should push a GitHub auth token for this agent.
+	 * @deprecated Use {@link IResourceMetadata.resources} from {@link IAgentService.getResourceMetadata} instead.
+	 */
 	readonly requiresAuth: boolean;
 }
 
+// ---- Auth types (RFC 9728 / RFC 6750 inspired) -----------------------------
+
+/**
+ * Describes the agent host as an OAuth 2.0 protected resource.
+ * Uses {@link IAuthorizationProtectedResourceMetadata} from RFC 9728
+ * to describe auth requirements, enabling clients to resolve tokens
+ * using the standard VS Code authentication service.
+ *
+ * Returned from the server via {@link IAgentService.getResourceMetadata}.
+ */
+export interface IResourceMetadata {
+	/**
+	 * Protected resources the agent host requires authentication for.
+	 * Each entry uses the standard RFC 9728 shape so clients can resolve
+	 * tokens via {@link IAuthenticationService.getOrActivateProviderIdForServer}.
+	 */
+	readonly resources: readonly IAuthorizationProtectedResourceMetadata[];
+}
+
+/**
+ * Parameters for the `authenticate` command.
+ * Analogous to sending `Authorization: Bearer <token>` (RFC 6750 section 2.1).
+ */
+export interface IAuthenticateParams {
+	/**
+	 * The `resource` identifier from the server's
+	 * {@link IAuthorizationProtectedResourceMetadata} that this token targets.
+	 */
+	readonly resource: string;
+
+	/** The bearer token value (RFC 6750). */
+	readonly token: string;
+}
+
+/**
+ * Result of the `authenticate` command.
+ */
+export interface IAuthenticateResult {
+	/** Whether the token was accepted. */
+	readonly authenticated: boolean;
+}
+
 export interface IAgentCreateSessionConfig {
 	readonly provider?: AgentProvider;
 	readonly model?: string;
@@ -301,8 +347,14 @@ export interface IAgent {
 	/** List persisted sessions from this provider. */
 	listSessions(): Promise<IAgentSessionMetadata[]>;
 
-	/** Set the authentication token for this provider. */
-	setAuthToken(token: string): Promise<void>;
+	/** Declare protected resources this agent requires auth for (RFC 9728). */
+	getProtectedResources(): IAuthorizationProtectedResourceMetadata[];
+
+	/**
+	 * Authenticate for a specific resource. Returns true if accepted.
+	 * The `resource` matches {@link IAuthorizationProtectedResourceMetadata.resource}.
+	 */
+	authenticate(resource: string, token: string): Promise<boolean>;
 
 	/** Gracefully shut down all sessions. */
 	shutdown(): Promise<void>;
@@ -329,8 +381,18 @@ export interface IAgentService {
 	/** Discover available agent backends from the agent host. */
 	listAgents(): Promise<IAgentDescriptor[]>;
 
-	/** Set the GitHub auth token used by the Copilot SDK. */
-	setAuthToken(token: string): Promise<void>;
+	/**
+	 * Retrieve the resource metadata describing auth requirements.
+	 * Modeled on RFC 9728 (OAuth 2.0 Protected Resource Metadata).
+	 */
+	getResourceMetadata(): Promise<IResourceMetadata>;
+
+	/**
+	 * Authenticate for a protected resource on the server.
+	 * The {@link IAuthenticateParams.resource} must match a resource from
+	 * {@link getResourceMetadata}. Analogous to RFC 6750 bearer token delivery.
+	 */
+	authenticate(params: IAuthenticateParams): Promise<IAuthenticateResult>;
 
 	/**
 	 * Refresh the model list from all providers, publishing updated

src/vs/platform/agentHost/common/state/sessionProtocol.ts

@@ -80,6 +80,7 @@ export const AHP_SESSION_ALREADY_EXISTS = -32003 as const;
 export const AHP_TURN_IN_PROGRESS = -32004 as const;
 export const AHP_UNSUPPORTED_PROTOCOL_VERSION = -32005 as const;
 export const AHP_CONTENT_NOT_FOUND = -32006 as const;
+export const AHP_AUTH_REQUIRED = -32007 as const;
 
 // ---- Type guards -----------------------------------------------------------
 
@@ -101,9 +102,10 @@ export function isJsonRpcResponse(msg: IProtocolMessage): msg is IAhpSuccessResp
 
 /**
  * Error with a JSON-RPC error code for protocol-level failures.
+ * Optionally carries a `data` payload for structured error details.
  */
 export class ProtocolError extends Error {
-	constructor(readonly code: number, message: string) {
+	constructor(readonly code: number, message: string, readonly data?: unknown) {
 		super(message);
 	}
 }

src/vs/platform/agentHost/electron-browser/agentHostService.ts

@@ -13,7 +13,7 @@ import { acquirePort } from '../../../base/parts/ipc/electron-browser/ipc.mp.js'
 import { InstantiationType, registerSingleton } from '../../instantiation/common/extensions.js';
 import { IConfigurationService } from '../../configuration/common/configuration.js';
 import { ILogService } from '../../log/common/log.js';
-import { AgentHostEnabledSettingId, AgentHostIpcChannels, IAgentCreateSessionConfig, IAgentDescriptor, IAgentHostService, IAgentService, IAgentSessionMetadata } from '../common/agentService.js';
+import { AgentHostEnabledSettingId, AgentHostIpcChannels, IAgentCreateSessionConfig, IAgentDescriptor, IAgentHostService, IAgentService, IAgentSessionMetadata, IAuthenticateParams, IAuthenticateResult, IResourceMetadata } from '../common/agentService.js';
 import type { IActionEnvelope, INotification, ISessionAction } from '../common/state/sessionActions.js';
 import type { IBrowseDirectoryResult, IStateSnapshot } from '../common/state/sessionProtocol.js';
 import { revive } from '../../../base/common/marshalling.js';
@@ -83,8 +83,11 @@ class AgentHostServiceClient extends Disposable implements IAgentHostService {
 
 	// ---- IAgentService forwarding (no await needed, delayed channel handles queuing) ----
 
-	setAuthToken(token: string): Promise<void> {
-		return this._proxy.setAuthToken(token);
+	getResourceMetadata(): Promise<IResourceMetadata> {
+		return this._proxy.getResourceMetadata();
+	}
+	authenticate(params: IAuthenticateParams): Promise<IAuthenticateResult> {
+		return this._proxy.authenticate(params);
 	}
 	listAgents(): Promise<IAgentDescriptor[]> {
 		return this._proxy.listAgents();

src/vs/platform/agentHost/electron-browser/remoteAgentHostProtocolClient.ts

@@ -14,7 +14,7 @@ import { hasKey } from '../../../base/common/types.js';
 import { URI } from '../../../base/common/uri.js';
 import { generateUuid } from '../../../base/common/uuid.js';
 import { ILogService } from '../../log/common/log.js';
-import { AgentSession, IAgentConnection, IAgentCreateSessionConfig, IAgentDescriptor, IAgentSessionMetadata } from '../common/agentService.js';
+import { AgentSession, IAgentConnection, IAgentCreateSessionConfig, IAgentDescriptor, IAgentSessionMetadata, IAuthenticateParams, IAuthenticateResult, IResourceMetadata } from '../common/agentService.js';
 import type { IClientNotificationMap, ICommandMap } from '../common/state/protocol/messages.js';
 import type { IActionEnvelope, INotification, ISessionAction } from '../common/state/sessionActions.js';
 import { PROTOCOL_VERSION } from '../common/state/sessionCapabilities.js';
@@ -128,10 +128,17 @@ export class RemoteAgentHostProtocolClient extends Disposable implements IAgentC
 	}
 
 	/**
-	 * Push a GitHub auth token to the remote agent host.
+	 * Retrieve the server's resource metadata describing auth requirements.
 	 */
-	async setAuthToken(token: string): Promise<void> {
-		this._sendExtensionNotification('setAuthToken', { token });
+	async getResourceMetadata(): Promise<IResourceMetadata> {
+		return await this._sendExtensionRequest('getResourceMetadata') as IResourceMetadata;
+	}
+
+	/**
+	 * Authenticate with the remote agent host using a specific scheme.
+	 */
+	async authenticate(params: IAuthenticateParams): Promise<IAuthenticateResult> {
+		return await this._sendExtensionRequest('authenticate', params) as IAuthenticateResult;
 	}
 
 	/**
@@ -227,13 +234,6 @@ export class RemoteAgentHostProtocolClient extends Disposable implements IAgentC
 		this._transport.send({ jsonrpc: '2.0' as const, method, params } as IProtocolMessage);
 	}
 
-	/** Send a JSON-RPC notification for a VS Code extension method (not in the protocol spec). */
-	private _sendExtensionNotification(method: string, params?: unknown): void {
-		// Cast: extension methods aren't in the typed protocol maps yet
-		// eslint-disable-next-line local/code-no-dangerous-type-assertions
-		this._transport.send({ jsonrpc: '2.0', method, params } as unknown as IJsonRpcResponse);
-	}
-
 	/** Send a typed JSON-RPC request for a protocol-defined method. */
 	private _sendRequest<M extends keyof ICommandMap>(method: M, params: ICommandMap[M]['params']): Promise<ICommandMap[M]['result']> {
 		const id = this._nextRequestId++;

src/vs/platform/agentHost/node/agentHostMain.ts

@@ -147,8 +147,12 @@ async function startWebSocketServer(agentService: AgentService, logService: ILog
 				modifiedAt: s.modifiedTime,
 			}));
 		},
-		handleSetAuthToken(token) {
-			agentService.setAuthToken(token);
+
+		handleGetResourceMetadata() {
+			return agentService.getResourceMetadataSync();
+		},
+		async handleAuthenticate(params) {
+			return agentService.authenticate(params);
 		},
 		handleBrowseDirectory(uri) {
 			return agentService.browseDirectory(URI.parse(uri));