Merge pull request #284248 from microsoft/tyriar/282209_sed

Tyriar · web-flow · commit f6686c634419 · 2025-12-20T15:20:32.000-08:00
Add default auto approve rule for sed
diff --git a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalChatAgentToolsConfiguration.ts b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalChatAgentToolsConfiguration.ts
@@ -260,6 +260,22 @@ export const terminalChatAgentToolsConfiguration: IStringDictionary<IConfigurati
 			find: true,
 			'/^find\\b.*-(delete|exec|execdir|fprint|fprintf|fls|ok|okdir)\\b/': false,
 
+			// sed
+			// - `-e`/`--expression`: Add the commands in script to the set of commands to be run
+			//   while processing the input.
+			// - `-f`/`--file`: Add the commands contained in the file script-file to the set of
+			//   commands to be run while processing the input.
+			// - `-i`/`--in-place`: This option specifies that files are to be edited in-place.
+			// - `w`/`W` commands: Write to files (blocked by `-i` check + agent typically won't use).
+			// - `s///e` flag: Executes substitution result as shell command
+			// - `s///w` flag: Write substitution result to file
+			// - `;W` Write first line of pattern space to file
+			// - Note that `--sandbox` exists which blocks unsafe commands that could potentially be
+			//   leveraged to auto approve
+			sed: true,
+			'/^sed\\b.*(-[a-zA-Z]*(e|i|f)[a-zA-Z]*|--expression|--file|--in-place)\\b/': false,
+			'/^sed\\b.*(\/e|\/w|;W)/': false,
+
 			// sort
 			// - `-o`: Output redirection can write files (`sort -o /etc/something file`) which are
 			//   blocked currently
diff --git a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/electron-browser/runInTerminalTool.test.ts b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/electron-browser/runInTerminalTool.test.ts
@@ -243,6 +243,8 @@ suite('RunInTerminalTool', () => {
 			'date +%Y-%m-%d',
 			'find . -name "*.txt"',
 			'grep pattern file.txt',
+			'sed "s/foo/bar/g"',
+			'sed -n "1,10p" file.txt',
 			'sort file.txt',
 			'tree directory'
 		];
@@ -295,6 +297,16 @@ suite('RunInTerminalTool', () => {
 			'find . -exec rm {} \\;',
 			'find . -execdir rm {} \\;',
 			'find . -fprint output.txt',
+			'sed -i "s/foo/bar/g" file.txt',
+			'sed -i.bak "s/foo/bar/" file.txt',
+			'sed --in-place "s/foo/bar/" file.txt',
+			'sed -e "s/a/b/" file.txt',
+			'sed -f script.sed file.txt',
+			'sed --expression "s/a/b/" file.txt',
+			'sed --file script.sed file.txt',
+			'sed "s/foo/bar/e" file.txt',
+			'sed "s/foo/bar/w output.txt" file.txt',
+			'sed ";W output.txt" file.txt',
 			'sort -o /etc/passwd file.txt',
 			'sort -S 100G file.txt',
 			'tree -o output.txt',
