Fix chat response resource reads

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: Bestra

src/extension/tools/node/test/readFile.spec.tsx

@@ -343,6 +343,38 @@ suite('ReadFile', () => {
 			testAccessor.dispose();
 		});
 
+		test('reads chat response resources without requiring an open tab', async () => {
+			const resourceUri = URI.parse('vscode-chat-response-resource://session/tool/call-1/0/file.md');
+			const resourceDoc = createTextDocumentData(resourceUri, 'linked resource line 1\nlinked resource line 2', 'markdown').document;
+
+			const services = createExtensionUnitTestingServices();
+			services.define(IWorkspaceService, new SyncDescriptor(
+				TestWorkspaceService,
+				[
+					[],
+					[resourceDoc],
+				]
+			));
+
+			const testAccessor = services.createTestingAccessor();
+			const readFileTool = testAccessor.get(IInstantiationService).createInstance(ReadFileTool);
+
+			const input: IReadFileParamsV2 = {
+				filePath: resourceUri.toString()
+			};
+
+			const prepareResult = await readFileTool.prepareInvocation(
+				{ input },
+				CancellationToken.None
+			);
+
+			expect(prepareResult).toBeDefined();
+			expect((prepareResult!.invocationMessage as MarkdownString).value).toBe(`Reading [](${resourceUri.toString()})`);
+			expect((prepareResult!.pastTenseMessage as MarkdownString).value).toBe(`Read [](${resourceUri.toString()})`);
+
+			testAccessor.dispose();
+		});
+
 		test('should return "Reading skill/Read skill" message for skill files with line range', async () => {
 			const testDoc = createTextDocumentData(URI.file('/workspace/test.skill.md'), 'line 1\nline 2\nline 3\nline 4\nline 5', 'markdown').document;
 

src/extension/tools/node/test/toolUtils.spec.ts

@@ -154,6 +154,17 @@ suite('toolUtils - additionalReadAccessPaths', () => {
 			await expect(invokeAssertFileOkForTool(URI.file('/external/file.ts'), true))
 				.rejects.toThrow(/outside of the workspace/);
 		});
+
+		test('chat response resources are allowed for read-only access', async () => {
+			const resourceUri = URI.parse('vscode-chat-response-resource://session/tool/call-1/0/file.md');
+			await expect(invokeAssertFileOkForTool(resourceUri, true)).resolves.toBeUndefined();
+		});
+
+		test('chat response resources are not allowlisted outside read-only access', async () => {
+			const resourceUri = URI.parse('vscode-chat-response-resource://session/tool/call-1/0/file.md');
+			await expect(invokeAssertFileOkForTool(resourceUri))
+				.rejects.toThrow(/outside of the workspace/);
+		});
 	});
 
 	describe('isFileExternalAndNeedsConfirmation', () => {
@@ -197,6 +208,11 @@ suite('toolUtils - additionalReadAccessPaths', () => {
 			await expect(invokeIsFileExternalAndNeedsConfirmation(URI.file('/disallowed/file.ts'), true))
 				.rejects.toThrow(/does not exist/);
 		});
+
+		test('chat response resources do not need confirmation for read-only access', async () => {
+			const resourceUri = URI.parse('vscode-chat-response-resource://session/tool/call-1/0/file.md');
+			expect(await invokeIsFileExternalAndNeedsConfirmation(resourceUri, true)).toBe(false);
+		});
 	});
 
 	describe('isDirExternalAndNeedsConfirmation', () => {

src/extension/tools/node/toolUtils.ts

@@ -164,6 +164,42 @@ export interface AssertFileOkForToolOptions {
 	readOnly?: boolean;
 }
 
+async function isUriAllowedWithoutWorkspaceMembership(
+	uri: URI,
+	normalizedUri: URI,
+	tabsAndEditorsService: ITabsAndEditorsService,
+	customInstructionsService: ICustomInstructionsService,
+	diskSessionResources: IChatDiskSessionResources,
+	chatDebugFileLogger: IChatDebugFileLoggerService,
+	sessionTranscriptService: ISessionTranscriptService,
+	buildPromptContext?: IBuildPromptContext,
+	options?: AssertFileOkForToolOptions,
+): Promise<boolean> {
+	if (uri.scheme === Schemas.untitled) {
+		return true;
+	}
+	if (options?.readOnly && uri.scheme === 'vscode-chat-response-resource') {
+		return true;
+	}
+	if (await isExternalInstructionsFile(normalizedUri, customInstructionsService, buildPromptContext)) {
+		return true;
+	}
+	if (diskSessionResources.isSessionResourceUri(normalizedUri)) {
+		return true;
+	}
+	if (chatDebugFileLogger.isDebugLogUri(normalizedUri)) {
+		return true;
+	}
+	if (sessionTranscriptService.isTranscriptUri(normalizedUri)) {
+		return true;
+	}
+	if (tabsAndEditorsService.tabs.some(tab => isEqual(tab.uri, uri))) {
+		return true;
+	}
+
+	return false;
+}
+
 export async function assertFileOkForTool(accessor: ServicesAccessor, uri: URI, buildPromptContext?: IBuildPromptContext, options?: AssertFileOkForToolOptions): Promise<void> {
 	const workspaceService = accessor.get(IWorkspaceService);
 	const tabsAndEditorsService = accessor.get(ITabsAndEditorsService);
@@ -183,23 +219,17 @@ export async function assertFileOkForTool(accessor: ServicesAccessor, uri: URI,
 	if (options?.readOnly && isUriUnderAdditionalReadAccessPaths(normalizedUri, configurationService)) {
 		return;
 	}
-	if (uri.scheme === Schemas.untitled) {
-		return;
-	}
-	const fileOpenInSomeTab = tabsAndEditorsService.tabs.some(tab => isEqual(tab.uri, uri));
-	if (fileOpenInSomeTab) {
-		return;
-	}
-	if (diskSessionResources.isSessionResourceUri(normalizedUri)) {
-		return;
-	}
-	if (chatDebugFileLogger.isDebugLogUri(normalizedUri)) {
-		return;
-	}
-	if (sessionTranscriptService.isTranscriptUri(normalizedUri)) {
-		return;
-	}
-	if (await isExternalInstructionsFile(normalizedUri, customInstructionsService, buildPromptContext)) {
+	if (await isUriAllowedWithoutWorkspaceMembership(
+		uri,
+		normalizedUri,
+		tabsAndEditorsService,
+		customInstructionsService,
+		diskSessionResources,
+		chatDebugFileLogger,
+		sessionTranscriptService,
+		buildPromptContext,
+		options,
+	)) {
 		return;
 	}
 	throw new Error(`File ${promptPathRepresentationService.getFilePath(normalizedUri)} is outside of the workspace, and not open in an editor, and can't be read`);
@@ -281,29 +311,24 @@ export async function isFileExternalAndNeedsConfirmation(accessor: ServicesAcces
 
 	const normalizedUri = normalizePath(uri);
 
-	// Not external if: in workspace, untitled, instructions file, session resource, or open in editor
+	// Not external if: in workspace, under configured read-only paths, or otherwise allowlisted for read-only access.
 	if (workspaceService.getWorkspaceFolder(normalizedUri)) {
 		return false;
 	}
 	if (options?.readOnly && isUriUnderAdditionalReadAccessPaths(normalizedUri, configurationService)) {
 		return false;
 	}
-	if (uri.scheme === Schemas.untitled || uri.scheme === 'vscode-chat-response-resource') {
-		return false;
-	}
-	if (await isExternalInstructionsFile(normalizedUri, customInstructionsService, buildPromptContext)) {
-		return false;
-	}
-	if (diskSessionResources.isSessionResourceUri(normalizedUri)) {
-		return false;
-	}
-	if (chatDebugFileLogger.isDebugLogUri(normalizedUri)) {
-		return false;
-	}
-	if (sessionTranscriptService.isTranscriptUri(normalizedUri)) {
-		return false;
-	}
-	if (tabsAndEditorsService.tabs.some(tab => isEqual(tab.uri, uri))) {
+	if (await isUriAllowedWithoutWorkspaceMembership(
+		uri,
+		normalizedUri,
+		tabsAndEditorsService,
+		customInstructionsService,
+		diskSessionResources,
+		chatDebugFileLogger,
+		sessionTranscriptService,
+		buildPromptContext,
+		options,
+	)) {
 		return false;
 	}