Prepare for the VS Code Workspace Trust rollout

[PEZ]

The VS Code team is preparing for rollout of a feature that will probably have big impact on Calva. Something called Workspace Trust. I haven't quite figured out what the feature is about yet, and certainly not how it will impact Calva, but on the surface of it, I think it might cause troubles for the Getting Started REPL

See and follow this issue for updates on the rollout: microsoft/vscode#120251

What it looks like to the user

I enabled the feature in VS Code Insiders and then first thing that happens is that I get this message:

Reminds me a bit of the ubiquitous cookie-popups out on the web, and maybe that works as a mental model.

The ”Trust all in parent folder” option gives some hope for the general Ux, since I assume that many users have some one or more Projects folder where they clone and start projects in. However, Calva's Standalone REPL and Getting Started REPL feature creates folders in <SYSTEM TMP>/betterthantomorrow.calva/..., and especially for the Getting Started scenario I see a major risk for this popup to cause distraction and disruption...

When I choose not to trust the authors, about all my extensions get disabled:

And I see a Restricted button on the status bar:

Clicking that button this pane shows up:

Again we see the Parent folder option. Clicking 3 workspace settings link takes me to the Settings pane with the three disabled settings filtered out. (None of them from Calva, I think this happens when an extension has a more granular settings on its trust requirements than simply on/off).

Selecting to trust the folder had my extension enabled and the Restricted button go away immediately. No restart required.

Interestingly, I could then Fire up the Getting Started REPL without any trust popup. I don't know if this is a glitch in the feature or of it means that extensions are implicitly trusted. If it is the latter, then all is fine, I guess.

What we need to do

We are given four options (if I understand the Onboarding section in the above linked issue correctly):

1. If we do nothing then Calva will always be disabled in untrusted workspaces
2. We can also explicitly configure Calva to be disabled in untrusted workspaces
3. We can configure to make Calva always enabled in untrusted workspaces
4. We can configure Calva to have some features disabled and some enabled in untrusted workspaces

I think option 2 is better than 1 because the users will see that we have made an active choice (not sure how, will have to tru that out first).

Option 3 is closed I think, by nature of the REPL and what it is used for.

Option 4 is probably in reach. Maybe in the scenario where someone uses only the static parts of Calva it could be an option. But it will of course be a matter of putting in the work to make sure Calva behaves nicely.

So, yes, initially I think we should go for option 2.

We also need to reach out to the VS Code team about wether we can count on the Getting Started REPL to keep functioning.

[bpringe]

Interesting. Another thing to note is clojure-lsp stores its logs in /tmp. I wonder if this would have some effect on that as well.

[PEZ]

It shouldn't. This is about the workspace and if there is something there that can execute arbritrary code on your computer.