Add BrowserChatToolsAllowedDomains policy to restrict browser chat tools to specific domains#315471
Open
HyderYash wants to merge 2 commits into
Open
Add BrowserChatToolsAllowedDomains policy to restrict browser chat tools to specific domains#315471HyderYash wants to merge 2 commits into
HyderYash wants to merge 2 commits into
Conversation
Add enterprise policy/setting workbench.browser.chatTools.allowedDomains (BrowserChatToolsAllowedDomains) and enforce it for integrated browser chat tools. Introduces isAllowedDomain helper and matchesDomainPolicyPattern in the domain matcher, wires runtime checks into browser chat tools (open, navigate, click, drag, hover, handle dialog, read, screenshot, type, runPlaywrightCode) to block or verify navigation per the allowlist, and updates configuration/policy metadata and docs. Includes unit tests for matching and allowlist behavior. Behavior: empty array = no extra restriction; file URLs and URIs without a host always pass; supports wildcards and host entries like localhost/127.0.0.1.
HyderYash
requested review from
alexdima,
joaomoreno,
joshspicer,
pwang347,
rebornix and
sandy081
as code owners
Contributor
📬 CODENOTIFYThe following users are being notified based on files changed in this PR: @kycutlerMatched files:
@jrualesMatched files:
|
Author
|
@microsoft-github-policy-service agree |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces an enterprise-controlled domain allowlist for integrated browser chat tools in the workbench, allowing organizations to enable browser automation while restricting it to trusted hosts/domains (without impacting the fetch tool or the existing agent network filter settings).
Changes:
- Adds
workbench.browser.chatTools.allowedDomains+BrowserChatToolsAllowedDomainspolicy, and wires enforcement into integrated browser chat tools. - Introduces policy-oriented domain matching (
matchesDomainPolicyPattern) to support allowlist entries likelocalhostand127.0.0.1. - Adds unit tests for the new allowlist behavior and the policy matcher.
Reviewed changes
Copilot reviewed 19 out of 19 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/vs/workbench/contrib/browserView/test/common/browserChatToolsAllowedDomains.test.ts | Adds tests for isAllowedDomain behavior (empty list, wildcard, file URLs). |
| src/vs/workbench/contrib/browserView/electron-browser/tools/typeBrowserTool.ts | Enforces allowlist before typing by verifying the current page URL. |
| src/vs/workbench/contrib/browserView/electron-browser/tools/screenshotBrowserTool.ts | Enforces allowlist before screenshotting by verifying the current page URL. |
| src/vs/workbench/contrib/browserView/electron-browser/tools/runPlaywrightCodeTool.ts | Enforces allowlist before/after code execution (and around deferred results). |
| src/vs/workbench/contrib/browserView/electron-browser/tools/readBrowserTool.ts | Enforces allowlist before reading page summaries. |
| src/vs/workbench/contrib/browserView/electron-browser/tools/openBrowserToolNonAgentic.ts | Enforces allowlist during URL open (non-agentic variant). |
| src/vs/workbench/contrib/browserView/electron-browser/tools/openBrowserTool.ts | Enforces allowlist for open/share flows and verifies final page URL. |
| src/vs/workbench/contrib/browserView/electron-browser/tools/navigateBrowserTool.ts | Enforces allowlist for URL navigation and adds post-navigation verification. |
| src/vs/workbench/contrib/browserView/electron-browser/tools/hoverElementTool.ts | Enforces allowlist before hovering by verifying the current page URL. |
| src/vs/workbench/contrib/browserView/electron-browser/tools/handleDialogBrowserTool.ts | Enforces allowlist before dialog handling by verifying the current page URL. |
| src/vs/workbench/contrib/browserView/electron-browser/tools/dragElementTool.ts | Enforces allowlist before dragging by verifying the current page URL. |
| src/vs/workbench/contrib/browserView/electron-browser/tools/clickBrowserTool.ts | Enforces allowlist before clicking by verifying the current page URL. |
| src/vs/workbench/contrib/browserView/electron-browser/tools/browserToolHelpers.ts | Adds shared allowlist guard + helper to verify the current page URL against policy. |
| src/vs/workbench/contrib/browserView/electron-browser/features/browserEditorChatFeatures.ts | Registers the new setting + policy metadata in configuration. |
| src/vs/workbench/contrib/browserView/common/browserChatToolsAllowedDomains.ts | Implements allowlist evaluation for URLs using existing domain parsing helpers. |
| src/vs/platform/networkFilter/test/common/domainMatcher.test.ts | Adds tests for policy-specific domain pattern matching. |
| src/vs/platform/networkFilter/common/domainMatcher.ts | Adds matchesDomainPolicyPattern (pattern normalization suited for allowlists/policies). |
| build/lib/policies/policyData.jsonc | Adds the policy catalog entry for BrowserChatToolsAllowedDomains. |
| .github/copilot-instructions.md | Documents the new policy/setting relationship for integrated browser chat tools. |
| } | ||
| let url: string; | ||
| try { | ||
| url = await playwrightService.invokeFunctionRaw(sessionId, pageId, async (page: Page) => page.url()); |
Comment on lines
116
to
+123
| if (!params.pageId) { | ||
| return errorResult(`No page ID provided. Use '${OpenPageToolId}' first.`); | ||
| } | ||
|
|
||
| let result: IToolResult; | ||
| switch (params.type) { | ||
| case 'reload': | ||
| return playwrightInvoke(this.playwrightService, sessionId, params.pageId, (page) => page.reload({ waitUntil: 'domcontentloaded' })); | ||
| result = await playwrightInvoke(this.playwrightService, sessionId, params.pageId, (page) => page.reload({ waitUntil: 'domcontentloaded' })); |
Replace direct playwrightService.invokeFunctionRaw call with the shared playwrightInvokeRaw helper in browserToolHelpers to centralize Playwright invocations. Add a domain policy pre-check in NavigateBrowserTool that calls getBrowserChatToolDomainBlockedToolResult and returns early if the page is blocked, preventing navigation when domain restrictions apply.
Author
|
Thanks for the review! Addressed both points: • Switched to Happy to make any further changes if needed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add Domain Allowlist Policy for Browser Chat Tools
Fixes #315458
Overview
This PR adds a domain allowlist policy for Browser Chat Tools, enabling organizations to use browser tools while restricting them to trusted/internal domains without affecting the fetch tool.
Configuration & Policy
New Setting
workbench.browser.chatTools.allowedDomains: string[]BrowserChatToolsAllowedDomainsKey Details
truechat.agent.allowedNetworkDomainschat.agent.networkFilterDomain Matching
Implementation
Domain validation is implemented in
browserChatToolsAllowedDomains.tsBehavior
file:URIs → AllowedSupported Patterns
localhost,127.0.0.1)*.example.com)Note: Matching reuses existing domain parsing helpers to maintain consistency with network filter behavior.
Enforcement (Browser Tools Only)
Guard Implementation
Added
assertBrowserChatToolNavigationAllowed()guardError Message
Blocked operations show a localized error:
Validated Actions
open/navigate/reload/back/forwardclick/type/hover/dragread_page/screenshot_pagehandle_dialogrun_playwright_code(before + after execution)Impact
IAgentNetworkFilterServiceTests
Added comprehensive coverage for:
matchesDomainPolicyPatternisAllowedDomainTest Coverage
Documentation
Added a new section documenting:
BrowserChatToolsandBrowserChatToolsAllowedDomainsNotes for Reviewers
Policy Catalog
To regenerate the policy catalog locally, run:
Note: I manually added the policy entry to maintain repository consistency until the script is run.