Re-request consent if necessary when updating extensions#9517
Conversation
Summary of ChangesHello @jakemac53, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request enhances the extension management system by introducing a robust consent re-request mechanism during updates. It ensures that users are prompted for consent if an extension's permissions or operational scope changes, improving transparency and security. The implementation distinguishes between interactive and non-interactive CLI environments for consent handling, laying the groundwork for future interactive consent flows. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
|
Size Change: +1.66 kB (+0.01%) Total Size: 17.4 MB
ℹ️ View Unchanged
|
There was a problem hiding this comment.
Code Review
This pull request refactors the extension consent mechanism. Instead of a boolean flag, installExtension now accepts a requestConsent function, allowing for different consent flows in interactive and non-interactive modes. It also introduces logic to re-request consent during an update if the extension's required permissions have changed. The changes touch installation, linking, and updating of extensions, along with their corresponding tests and UI components. I've found one critical issue with the rollback logic that could lead to data loss.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
|
This looks good overall, but to clarify: are we showing the consent info on all updates? I'm not sure that we need to render it in the UI at all honestly, we can just say "this requires new consent to update, please update manually" |
Sure I will update it to not output the actual consent text, can include that back in once the consent flow is implemented. |
|
Ok, it now looks like this |
|
One last nit: is there a way to improve the |
Updated to just "Installation cancelled" |
…ni#9517) Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
…ni#9517) Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
TLDR
When updating an extension, we compare the old consent text to the new consent text, and if they are different then we require the user to consent again.
Dive Deeper
There is no consent flow in interactive mode, so we default today to giving an error and just telling the user to run it on the command line. This is what that looks like:
Reviewer Test Plan
Try to update an extension which has added some new feature that requires consent both on the command line and in interactive mode.
Testing Matrix
Linked issues / bugs
Fixes #9400