Update both system messages (regular and final-review) with turn-aware
trajectory format documentation and cross-turn rules:

- Rounds are now grouped inside <turn index="N"> wrappers instead of
  repeating a turn attribute per round, saving tokens.
- Cross-turn rules instruct the model to treat previous turns as already-
  reflected context and only update todos based on current-turn activity.
- Final-review prompt focuses completion evidence on the latest turn and
  skips tool calls when the turn had no substantive activity.

PreviousContextRoundChunk emits <turn> open/close tags at boundaries via
annotateWithTurnBoundaries(). Inline rendering uses renderRoundsGroupedByTurn.

- backgroundTodoDelta: test currentTurnSubstantiveToolCallCount only counts
  current-turn rounds, is zero for history-only deltas, excludes processed
  rounds, and matches total when no history is present.

- backgroundTodoHistory: update collectAllRounds test for turn-annotated
  output, wrap buildBackgroundTodoHistory rounds with turnIndex, add turnIndex
  to all IBackgroundTodoHistoryRound inline objects, add renderRoundsGroupedByTurn
  tests for turn boundary wrapping.

- Make PreviousContextRoundChunk self-contained by always wrapping each
  round in <turn> tags, preventing unbalanced tags when PrioritizedList
  prunes boundary rounds. Remove annotateWithTurnBoundaries helper.

- Add currentTurnSubstantiveToolCallCount to all dummyMeta object literals
  in policy and processor tests for type safety.

- Add unit tests for requestFinalReview turn-ID guard: verify it skips
  when execution context is from a different turn and runs when IDs match.

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

…type (#317859)

* fix(chat): enhance language model reset logic for CopilotCLI session type

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* fix(chat): improve language model reset logic and enhance logging in ChatInputPart

---------

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

)

The @microsoft/mxc-sdk package ships per-arch native binaries under
bin/arm64 and bin/x64 regardless of the host architecture, so the macOS
x64 build was failing 'Verify arch of Mach-O objects' on
node_modules/@microsoft/mxc-sdk/bin/arm64/mxc-exec-mac. Skip the whole
bin/ tree, matching the pattern already used for similar multi-arch
vendor payloads.

…sions/merge-conflict (#317864)

build(deps): bump @nevware21/ts-utils in /extensions/merge-conflict

Bumps [@nevware21/ts-utils](https://github.com/nevware21/ts-utils) from 0.11.6 to 0.14.0.
- [Release notes](https://github.com/nevware21/ts-utils/releases)
- [Changelog](https://github.com/nevware21/ts-utils/blob/main/CHANGELOG.md)
- [Commits](nevware21/ts-utils@0.11.6...0.14.0)

---
updated-dependencies:
- dependency-name: "@nevware21/ts-utils"
  dependency-version: 0.14.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Hide anonymous access setting from settings ui

…sions/copilot (#317872)

build(deps): bump @nevware21/ts-utils in /extensions/copilot

Bumps [@nevware21/ts-utils](https://github.com/nevware21/ts-utils) from 0.12.5 to 0.14.0.
- [Release notes](https://github.com/nevware21/ts-utils/releases)
- [Changelog](https://github.com/nevware21/ts-utils/blob/main/CHANGELOG.md)
- [Commits](nevware21/ts-utils@0.12.5...0.14.0)

---
updated-dependencies:
- dependency-name: "@nevware21/ts-utils"
  dependency-version: 0.14.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Copilot CLI sanity testing

* Make things better

* see if 1.0.48 correctly fails

* Try to be smarter with git auth

* Test  if copilot cli sanity test auth correctly.

* Test if copilot cli sanity test FAILS correctly

* Try to get sanity tests pass?

* Copilot CLI from chat extension sanity test

* Try more smoke test for copilot cli

* More smoke test related things?

* title is messing with chat disabled..?

* Why is there timeout for .editor-instance .interactive-session

* add copilot cli ui smoke auth diagnostics

* Be more descriptive when copilot cli smoke test fail

* remove integration test, upgrade smoke test

* Clean up Copilot CLI smoke test diagnostics

* Get even more inspiration from agent smoke test

… configuration

… applicable

…ts (#317876)

Wires up the new `channels-otlp/` protocol so the agent host's
`ILogService` is mirrored over an `ahp-otlp://logs/{level}` channel
and surfaced as a per-host Output channel in the workbench.

- Add `OtlpLogEmitter` / `OtlpEmitterLogger` (`platform/agentHost/common/otlp/`).
  `LogService` is constructed with the OTLP logger as a secondary sink in both
  `agentHostMain.ts` and `agentHostServerMain.ts` so every log call fans out
  to subscribers.
- `ProtocolServerHandler` advertises `telemetry.logs` in
  `InitializeResult`, routes `subscribe`/`unsubscribe` on `ahp-otlp:`
  channels through a typed `ChannelSubscription` union, canonicalises the
  channel URI per-level, and broadcasts `otlp/exportLogs` notifications
  filtered per subscriber severity.
- `RemoteAgentHostProtocolClient` stores the full `InitializeResult`,
  adds `subscribeStateless` and `onDidReceiveOtlpLogs`.
- New `RemoteAgentHostLogForwarder` in the workbench layer registers an
  `Agent Host (${host})` Output channel via `IOutputChannelRegistry`,
  subscribes at the workbench's `ILogService` level (re-subscribes on
  change), and appends decoded records. Constructed from
  `remoteAgentHost.contribution.ts::_setupConnection` so it covers
  WebSocket, SSH and tunnel paths. Local agent host IPC logging is
  unchanged.
- Existing remote IPC traffic channel renamed to `Agent Host IPC (${host})`
  to disambiguate from the new OTLP-derived channel.
- Move `UriTemplate` from `workbench/contrib/mcp/common/` to
  `base/common/` so the forwarder can use it for `{level}` expansion.

Tests: 8 unit tests for the emitter, 7 for the server-side OTLP routing
(including URI canonicalisation), 3 integration tests for the
end-to-end wire flow, and the existing protocol/handshake/reconnect
suites.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

…17874)

- ensure_supervisor_running now runs as a background task driven by
  tokio::spawn, so the tunnel control server and command-shell can
  start accepting connections immediately instead of waiting for the
  supervisor to come up.
- handle_serve (and the agent-host port forwarder) await the shared
  future on demand and mix the bridge endpoint into the per-request
  code_server_args. Supervisor failure is logged as a warning so editing
  and the extension host keep working; the renderer just misses
  agentHostProxy.
- This eliminates the startup stall that was sporadically tripping
  remote SSH's 450ms command-shell ready timeout.

Fixes #317714

(Commit message generated by Copilot)

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Fix background todo policy for current-turn activity

* sessions: clean up ISessionsProvider chat API

Simplify the provider contract and remove provider access to the chat
widget service so widget opening is owned exclusively by the management
service.

Provider API
- Remove `sendAndCreateChat` and `addChat` from `ISessionsProvider`.
- Add `createNewChat(sessionId)` returning the committed `IChat` so
  the management service can open the widget on the real backend
  resource before sending.
- `sendRequest(sessionId, chatResource, options)` now handles both
  the first-send (new session) and subsequent-send paths; providers
  dispatch internally based on `_currentNewSession`.
- For multi-chat sessions, `createNewChat` on an existing session
  gates on `_isMultiChatEnabled()` and creates a fresh chat in the
  group.

Session model
- `ISession.mainChat` changes from `IChat` to `IObservable<IChat>`
  so providers can swap the chat when an untitled new session commits
  to a real backend resource (e.g. Claude).
- `ICopilotChatSession` owns its own `ISettableObservable<IChat>`
  `mainChat` field; the provider no longer maintains a parallel map.

Management service
- `sendNewChatRequest` (renamed from `sendAndCreateChat`) calls
  `createNewChat`, opens the widget on the returned chat resource,
  then calls `sendRequest`.
- `openNewChatInSession` is now async and opens the widget after
  `createNewChat` returns.

Copilot provider
- Drops the `IChatWidgetService` injection; the provider never
  opens widgets directly.
- Drops `userSelectedTools` from the local send path (no widget
  available there).

Spec
- `SESSIONS.md`: document that `ISessionsProvider` must not have
  optional methods and that every addition to `ISession` or
  `ISessionsProvider` must be consumed by the agents-window core
  workbench (outside `contrib/providers/`).
- `COPILOT_CHAT_SESSIONS_PROVIDER.md`: update the send-flow section
  to describe the new `createNewChat` + `sendRequest` two-step
  contract.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* address review comments

- sessionsManagementService.sendNewChatRequest: open the chat widget
  with ChatViewPaneTarget so it lands in the chat view (matches the
  other openSession call sites in this service).
- copilotChatSessionsProvider.createNewChat & _createNewSubsequentChat:
  dispose the IDisposable returned by _createChatSession so the model
  reference acquired via acquireOrLoadSession is not leaked.
- copilotChatSessionsProvider._sendExistingChat: capture the disposable
  from _updateChatSessionState and release it in a finally so the model
  reference does not leak on every send.
- copilotChatSessionsProvider._sendFirstChat: when chatService.sendRequest
  returns kind 'rejected', clean up the temp session (cache, group cache,
  current-new-session, fire removed event, dispose) before throwing so
  the UI does not keep showing a stuck InProgress session.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Open agent browser pages in the background in some conditions

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* feedback

---------

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

…odels-intellisense

fix(chat): add JSON schema type and validation for chatLanguageModels configuration

* Bump Agent host Copilot CLI to 1.0.48

* Copilot Cli to 1.0.48 sdk to 1.0.0-beta.4

* Exclude pvrecorder, foundry-local-sdk, mxc-bin

* Parity for copilot/sharp

* Add back missing binary

* Update dependencies for public copilot cli sdk

* remove icu-native.node for now

* Remove win32-native.node, icu-native.node

* Bump both internal and public to 1.0.49

* Only copy required Copilot SDK prebuilds

* Fix Copilot SDK native binary handling

…ports (#317871)

…sions/html-language-features (#317868)

build(deps): bump @nevware21/ts-utils

Bumps [@nevware21/ts-utils](https://github.com/nevware21/ts-utils) from 0.11.6 to 0.14.0.
- [Release notes](https://github.com/nevware21/ts-utils/releases)
- [Changelog](https://github.com/nevware21/ts-utils/blob/main/CHANGELOG.md)
- [Commits](nevware21/ts-utils@0.11.6...0.14.0)

---
updated-dependencies:
- dependency-name: "@nevware21/ts-utils"
  dependency-version: 0.14.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…sions/simple-browser (#317867)

build(deps): bump @nevware21/ts-utils in /extensions/simple-browser

Bumps [@nevware21/ts-utils](https://github.com/nevware21/ts-utils) from 0.11.6 to 0.14.0.
- [Release notes](https://github.com/nevware21/ts-utils/releases)
- [Changelog](https://github.com/nevware21/ts-utils/blob/main/CHANGELOG.md)
- [Commits](nevware21/ts-utils@0.11.6...0.14.0)

---
updated-dependencies:
- dependency-name: "@nevware21/ts-utils"
  dependency-version: 0.14.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

- The launch configuration name in the Run and Debug view title could grow wider than the title bar, pushing the dropdown past the sidebar edge instead of getting clipped or truncated.
- The flex chain inside .title-actions could not shrink because the block-level .monaco-toolbar / .monaco-action-bar wrappers propagated the action item's intrinsic min-content (a long launch configuration name) up to .title-actions, so its min-width: auto kept it at full content width.
- Constrain .title-actions with min-width: 0 and overflow: hidden (scoped via :has(.start-debug-action-item)) so the inner flex layout has a finite width, and propagate min-width: 0 down the chain so the label can ellipsize. Sibling action items keep their natural size via flex-shrink: 0.
- Drop the configuration's min-width: 90px so the dropdown contents are the first to shrink, and reduce the label to 12px to better match the surrounding title row.

Fixes no issue

(Commit message generated by Copilot)

* Cloud agents: preserve archive state across v1↔v2 backend flip

Always emit `/<prNumber>` URIs when a PR is resolvable, regardless of backend. Adds reverse PR→task lookup so PR-shaped URIs on the Task API (v2) route content, follow-up, and openInBrowser through task endpoints.

* Address PR review: sort/direction, legacy PR URI support, docstring

- findTaskIdForPullRequest now sorts by created_at desc to actually return the most recent task.
- openSessionInBrowser and handleFollowUp v2 reverse-resolution accept both '/<n>' and legacy '/pull-session-by-index-<n>-<idx>' URI shapes by trying SessionIdForPr.parse() first.
- Finish the truncated TODO docstring on resolveTaskIdForPrNumber.

Defer Copilot steering consumption signals

Enabling runtime setting for the user to update

* Prevent crash when applying emulation in a new browser

* Fix check order

…prove changeset handling (#317892)

* feat: enhance AgentHostSessionAdapter to manage branch changes and improve changeset handling

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

…elFileCommand

Follow-up to the verify-macho.ts skip: the universal app bundler
(vscode-universal-bundler) also rejects identical-in-both-builds Mach-O
files unless they are tagged via x64ArchFiles and excluded from
comparison. mxc-sdk ships bin/arm64/mxc-exec-mac unchanged in both x64
and arm64 builds, so add it to both lists. Seen in insider build 441436.

* Add code-oss-dev skill

* Copy over launch skill

* Address launch skill review feedback

(Written by Copilot)

* agent-host: stringify URIs in AHP JSONL logs

Serialize URI instances as strings when writing synthetic local AHP JSONL entries so local IPC logging matches protocol wire expectations instead of JSON-ifying URI component objects.

(Written by Copilot)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* agent-host: align AHP JSONL byte lengths

Use the same URI-aware serialization when calculating byteLength for synthetic local AHP JSONL frames so metadata matches the bytes written to disk.

(Written by Copilot)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* agent-host: omit byteLength from local synthetic AHP log frames

Local IPC frames have no wire transport, so byteLength has no
meaningful value there. Removing it eliminates a redundant
stringifyAhpLogEntry call per frame (previously used only to
measure the hypothetical byte size). Real transports (WebSocket,
SSH, tunnel) still log byteLength from the actual wire text.

(Written by Copilot)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* agent-host: fix URI serialization in AHP JSONL (browser compat)

JSON.stringify calls toJSON() on objects before invoking the
replacer function, so the replacer received a plain UriComponents
object rather than a URI instance, causing URI.isUri() to return
false. Replace URIs in a pre-processing walk instead, before any
JSON.stringify involvement.

(Written by Copilot)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

…eader (#317897)

* BYOK custom endpoint:  Respect user-supplied api-key / Authorization headers

* move flag to base

…317307)

* chat: Route Copilot CLI output to active stream

Keep Copilot CLI requests writing through a stable response stream router so steering can reattach output after the original chat stream is closed. Handle closed-stream fallbacks for async response stream methods used while applying edits.\n\nFixes #316053.\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* test: update steering test for router contract

The /remote command's late echo from the cancelled first request now
routes to the currently attached stream, per the new router design.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* test: add check to prevent re-invoking externalEdit callback on closed stream

---------

Co-authored-by: Chulong Li (M365) <chulongli@microsoft.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Don Jayamanne <don.jayamanne@outlook.com>

FIx: show error message when running npm install without open workspace

Fix #316543

The shared chat contribution is loaded by both the normal workbench and the Agents window, so registering the workbench-side ExportAgentHostDebugLogsAction from the shared developer-actions path made it appear in the Agents window alongside the Agents-window-specific action.

Move the workbench action registration to the normal workbench chat contribution, which is not imported by the Agents window. This keeps the workbench command available in VS Code without loading/registering that workbench contribution in the Agents window.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

…7903)

* SSH agent host: defense-in-depth close propagation

When the shared process's SSH service detects a closed connection it
fires both `onDidRelayClose` (observed by `SSHRelayTransport`) and
`onDidCloseConnection` (observed by `SSHRemoteAgentHostService`).
Previously only the relay-close path signaled the renderer-side
`RemoteAgentHostProtocolClient`; the IPC connection-close event was
used only to dispose the handle.

If the relay-close IPC delivery is missed, the protocol client stays
in `Connected` waiting on its `setTimeout`-based liveness watchdog —
which Chromium aggressively throttles in backgrounded renderers, so
the watchdog can be deferred for hours. Symptom: SSH host shows
"connected" but no work goes through; only a window reload recovers.

Add a public `notifyTransportClosed()` on `RemoteAgentHostProtocolClient`
that delegates to the existing `_handleTransportClose()` (which is
already idempotent across all states), expose it through the service
interface as `notifyConnectionClosed(address)`, and have the SSH
service call it from its `onDidCloseConnection` handler.

This is partial mitigation — both IPC events ride the same channel,
so a fully-lost IPC delivery still leaves us blind. The underlying
fix (visibility-driven ping resume and/or a wall-clock watchdog) is
tracked separately.

(Written by Copilot)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* SSH reconnect: periodic backstop, paused-state auto-resume, diagnostic logging

The root cause of the 3-hour reconnect failure appears to be:
1. After sleep+network-change, the SSH keepalive fired and the connection was
   torn down at 10:11:52.
2. Reconnect attempts all failed quickly (network not ready after wake) and
   exhausted SSH_RECONNECT_MAX_ATTEMPTS, setting state.paused=true.
3. Nothing triggered a _resumeSSHReconnects() or fresh _reconcile() for the
   next 3+ hours, so the host stayed disconnected.

Fixes:
- Add a 60s IntervalTimer periodic reconcile backstop so that even if the
  event-driven chain (onDidCloseConnection IPC → onDidChangeConnections →
  _reconcile) breaks, SSH reconnect is retried within a minute.
- Add pausedAt timestamp to SSHReconnectState and auto-resume paused
  reconnects after SSH_RECONNECT_PAUSE_AUTO_RESUME_MS (5 minutes), so a
  short burst of post-wake failures doesn't silence reconnects for hours.
- Add info-level diagnostic logging throughout the reconnect chain
  (onDidCloseConnection receipt, notifyConnectionClosed, each skip condition
  in _reconnectSSHEntries, paused→auto-resume transitions) so future
  failures are diagnosable from logs alone.

(Written by Copilot)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: add notifyConnectionClosed stub to MockRemoteAgentHostService in test

The SSHRemoteAgentHostService renderer now calls
notifyConnectionClosed on IRemoteAgentHostService when a connection
closes. The test mock was missing this method, causing a TypeError.

(Written by Copilot)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: use handle.localAddress (not connectionId) when calling notifyConnectionClosed

RemoteAgentHostService keys protocol clients by address (e.g. ssh:macbook-air),
not by the shared-process connectionId. Passing connectionId was always a no-op
since no client would ever be found under that key.

Caught by Copilot code review.

(Written by Copilot)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

… file changes (#317914)

* Refactor agent host session handling: use changesetFilesToChanges for file changes

* Fix tests