Conform to new shell env API shape (#192)

anthonykim1 · web-flow · commit 5ab24eeb1ae7 · 2025-02-20T10:48:05.000-08:00
Adding isTrusted field as part of shell env api, meaning the shape would change a bit. Accessing shell env would be `.env.value` instead of `.env`. Trying to prevent breaking where this api is already being used, so that I can safely merge: microsoft/vscode#240971
diff --git a/package.json b/package.json
@@ -6,7 +6,7 @@
     "publisher": "ms-python",
     "preview": true,
     "engines": {
-        "vscode": "^1.97.0"
+        "vscode": "^1.98.0-20250221"
     },
     "categories": [
         "Other"
diff --git a/src/extension.ts b/src/extension.ts
@@ -230,7 +230,7 @@ export async function activate(context: ExtensionContext): Promise<PythonEnviron
             updateViewsAndStatus(statusBar, workspaceView, managerView, api);
         }),
         onDidChangeTerminalShellIntegration(async (e) => {
-            const envVar = e.shellIntegration?.env;
+            const envVar = e.shellIntegration?.env.value;
             if (envVar) {
                 if (envVar['VIRTUAL_ENV']) {
                     const env = await api.resolveEnvironment(Uri.file(envVar['VIRTUAL_ENV']));
diff --git a/src/vscode.proposed.terminalShellEnv.d.ts b/src/vscode.proposed.terminalShellEnv.d.ts
@@ -6,12 +6,30 @@
 declare module 'vscode' {
     // @anthonykim1 @tyriar https://github.com/microsoft/vscode/issues/227467
 
+    export interface TerminalShellIntegrationEnvironment {
+        /**
+         * The dictionary of environment variables.
+         */
+        value: { [key: string]: string | undefined } | undefined;
+
+        /**
+         * Whether the environment came from a trusted source and is therefore safe to use its
+         * values in a manner that could lead to execution of arbitrary code. If this value is
+         * `false`, {@link value} should either not be used for something that could lead to arbitrary
+         * code execution, or the user should be warned beforehand.
+         *
+         * This is `true` only when the environment was reported explicitly and it used a nonce for
+         * verification.
+         */
+        isTrusted: boolean;
+    }
+
     export interface TerminalShellIntegration {
         /**
          * The environment of the shell process. This is undefined if the shell integration script
          * does not send the environment.
          */
-        readonly env: { [key: string]: string | undefined } | undefined;
+        readonly env: TerminalShellIntegrationEnvironment;
     }
 
     // TODO: Is it fine that this shares onDidChangeTerminalShellIntegration with cwd and the shellIntegration object itself?
