, cx: &mut TestAppContext) -> Entity>);
let node_runtime = NodeRuntime::new(
http_client.clone(),
Some(shell_env_loaded_rx),
node_settings_rx,
+ trust_task,
);
let mut languages = LanguageRegistry::new(cx.background_executor().clone());
@@ -468,6 +474,7 @@ pub fn execute_run(
languages,
extension_host_proxy,
},
+ true,
cx,
)
});
diff --git a/crates/settings/src/settings_content/project.rs b/crates/settings/src/settings_content/project.rs
index 5cd708694d0cfd3699fdc822509d0209f9a96fd1..a5e15153832c425134e129cba1984b3b5886aa56 100644
--- a/crates/settings/src/settings_content/project.rs
+++ b/crates/settings/src/settings_content/project.rs
@@ -187,6 +187,12 @@ pub struct SessionSettingsContent {
///
/// Default: true
pub restore_unsaved_buffers: Option,
+ /// Whether or not to skip worktree trust checks.
+ /// When trusted, project settings are synchronized automatically,
+ /// language and MCP servers are downloaded and started automatically.
+ ///
+ /// Default: false
+ pub trust_all_worktrees: Option,
}
#[derive(Deserialize, Serialize, Clone, PartialEq, Eq, JsonSchema, MergeFrom, Debug)]
diff --git a/crates/settings_ui/src/page_data.rs b/crates/settings_ui/src/page_data.rs
index 007c41ad59b4e875770beecb089bd4e7fb2078b5..1d0603de3184ad9da874b428a94af37d8966e6a2 100644
--- a/crates/settings_ui/src/page_data.rs
+++ b/crates/settings_ui/src/page_data.rs
@@ -138,6 +138,28 @@ pub(crate) fn settings_data(cx: &App) -> Vec {
metadata: None,
files: USER,
}),
+ SettingsPageItem::SectionHeader("Security"),
+ SettingsPageItem::SettingItem(SettingItem {
+ title: "Trust All Projects By Default",
+ description: "When opening Zed, avoid Restricted Mode by auto-trusting all projects, enabling use of all features without having to give permission to each new project.",
+ field: Box::new(SettingField {
+ json_path: Some("session.trust_all_projects"),
+ pick: |settings_content| {
+ settings_content
+ .session
+ .as_ref()
+ .and_then(|session| session.trust_all_worktrees.as_ref())
+ },
+ write: |settings_content, value| {
+ settings_content
+ .session
+ .get_or_insert_default()
+ .trust_all_worktrees = value;
+ },
+ }),
+ metadata: None,
+ files: USER,
+ }),
SettingsPageItem::SectionHeader("Workspace Restoration"),
SettingsPageItem::SettingItem(SettingItem {
title: "Restore Unsaved Buffers",
diff --git a/crates/title_bar/src/title_bar.rs b/crates/title_bar/src/title_bar.rs
index 4d7397a0bc82142245b86c11ffdf441a6b781ad8..608fea7383176460cb4b7519824cd2dc118dbb69 100644
--- a/crates/title_bar/src/title_bar.rs
+++ b/crates/title_bar/src/title_bar.rs
@@ -30,18 +30,20 @@ use gpui::{
Subscription, WeakEntity, Window, actions, div,
};
use onboarding_banner::OnboardingBanner;
-use project::{Project, WorktreeSettings, git_store::GitStoreEvent};
+use project::{
+ Project, WorktreeSettings, git_store::GitStoreEvent, trusted_worktrees::TrustedWorktrees,
+};
use remote::RemoteConnectionOptions;
use settings::{Settings, SettingsLocation};
use std::sync::Arc;
use theme::ActiveTheme;
use title_bar_settings::TitleBarSettings;
use ui::{
- Avatar, Button, ButtonLike, ButtonStyle, Chip, ContextMenu, Icon, IconName, IconSize,
- IconWithIndicator, Indicator, PopoverMenu, PopoverMenuHandle, Tooltip, h_flex, prelude::*,
+ Avatar, ButtonLike, Chip, ContextMenu, IconWithIndicator, Indicator, PopoverMenu,
+ PopoverMenuHandle, TintColor, Tooltip, prelude::*,
};
use util::{ResultExt, rel_path::RelPath};
-use workspace::{Workspace, notifications::NotifyResultExt};
+use workspace::{ToggleWorktreeSecurity, Workspace, notifications::NotifyResultExt};
use zed_actions::{OpenRecent, OpenRemote};
pub use onboarding_banner::restore_banner;
@@ -163,6 +165,7 @@ impl Render for TitleBar {
title_bar
.when(title_bar_settings.show_project_items, |title_bar| {
title_bar
+ .children(self.render_restricted_mode(cx))
.children(self.render_project_host(cx))
.child(self.render_project_name(cx))
})
@@ -291,7 +294,12 @@ impl TitleBar {
_ => {}
}),
);
- subscriptions.push(cx.observe(&user_store, |_, _, cx| cx.notify()));
+ subscriptions.push(cx.observe(&user_store, |_a, _, cx| cx.notify()));
+ if let Some(trusted_worktrees) = TrustedWorktrees::try_get_global(cx) {
+ subscriptions.push(cx.subscribe(&trusted_worktrees, |_, _, _, cx| {
+ cx.notify();
+ }));
+ }
let banner = cx.new(|cx| {
OnboardingBanner::new(
@@ -317,7 +325,7 @@ impl TitleBar {
client,
_subscriptions: subscriptions,
banner,
- screen_share_popover_handle: Default::default(),
+ screen_share_popover_handle: PopoverMenuHandle::default(),
}
}
@@ -427,6 +435,48 @@ impl TitleBar {
)
}
+ pub fn render_restricted_mode(&self, cx: &mut Context) -> Option {
+ let has_restricted_worktrees = TrustedWorktrees::try_get_global(cx)
+ .map(|trusted_worktrees| {
+ trusted_worktrees
+ .read(cx)
+ .has_restricted_worktrees(&self.project.read(cx).worktree_store(), cx)
+ })
+ .unwrap_or(false);
+ if !has_restricted_worktrees {
+ return None;
+ }
+
+ Some(
+ Button::new("restricted_mode_trigger", "Restricted Mode")
+ .style(ButtonStyle::Tinted(TintColor::Warning))
+ .label_size(LabelSize::Small)
+ .color(Color::Warning)
+ .icon(IconName::Warning)
+ .icon_color(Color::Warning)
+ .icon_size(IconSize::Small)
+ .icon_position(IconPosition::Start)
+ .tooltip(|_, cx| {
+ Tooltip::with_meta(
+ "You're in Restricted Mode",
+ Some(&ToggleWorktreeSecurity),
+ "Mark this project as trusted and unlock all features",
+ cx,
+ )
+ })
+ .on_click({
+ cx.listener(move |this, _, window, cx| {
+ this.workspace
+ .update(cx, |workspace, cx| {
+ workspace.show_worktree_trust_security_modal(true, window, cx)
+ })
+ .log_err();
+ })
+ })
+ .into_any_element(),
+ )
+ }
+
pub fn render_project_host(&self, cx: &mut Context) -> Option {
if self.project.read(cx).is_via_remote_server() {
return self.render_remote_project_connection(cx);
diff --git a/crates/ui/src/components/notification/alert_modal.rs b/crates/ui/src/components/notification/alert_modal.rs
index 9990dc1ce5f13e6834a009c4b8d7c14b594ccf36..52a084c847887a4dea7fd8b9a3fbad8390f68863 100644
--- a/crates/ui/src/components/notification/alert_modal.rs
+++ b/crates/ui/src/components/notification/alert_modal.rs
@@ -1,73 +1,161 @@
use crate::component_prelude::*;
use crate::prelude::*;
+use crate::{Checkbox, ListBulletItem, ToggleState};
+use gpui::Action;
+use gpui::FocusHandle;
use gpui::IntoElement;
+use gpui::Stateful;
use smallvec::{SmallVec, smallvec};
+use theme::ActiveTheme;
+
+type ActionHandler = Box) -> Stateful>;
#[derive(IntoElement, RegisterComponent)]
pub struct AlertModal {
id: ElementId,
+ header: Option
,
children: SmallVec<[AnyElement; 2]>,
- title: SharedString,
- primary_action: SharedString,
- dismiss_label: SharedString,
+ footer: Option,
+ title: Option,
+ primary_action: Option,
+ dismiss_label: Option,
+ width: Option,
+ key_context: Option,
+ action_handlers: Vec,
+ focus_handle: Option,
}
impl AlertModal {
- pub fn new(id: impl Into, title: impl Into) -> Self {
+ pub fn new(id: impl Into) -> Self {
Self {
id: id.into(),
+ header: None,
children: smallvec![],
- title: title.into(),
- primary_action: "Ok".into(),
- dismiss_label: "Cancel".into(),
+ footer: None,
+ title: None,
+ primary_action: None,
+ dismiss_label: None,
+ width: None,
+ key_context: None,
+ action_handlers: Vec::new(),
+ focus_handle: None,
}
}
+ pub fn title(mut self, title: impl Into) -> Self {
+ self.title = Some(title.into());
+ self
+ }
+
+ pub fn header(mut self, header: impl IntoElement) -> Self {
+ self.header = Some(header.into_any_element());
+ self
+ }
+
+ pub fn footer(mut self, footer: impl IntoElement) -> Self {
+ self.footer = Some(footer.into_any_element());
+ self
+ }
+
pub fn primary_action(mut self, primary_action: impl Into) -> Self {
- self.primary_action = primary_action.into();
+ self.primary_action = Some(primary_action.into());
self
}
pub fn dismiss_label(mut self, dismiss_label: impl Into) -> Self {
- self.dismiss_label = dismiss_label.into();
+ self.dismiss_label = Some(dismiss_label.into());
+ self
+ }
+
+ pub fn width(mut self, width: impl Into) -> Self {
+ self.width = Some(width.into());
+ self
+ }
+
+ pub fn key_context(mut self, key_context: impl Into) -> Self {
+ self.key_context = Some(key_context.into());
+ self
+ }
+
+ pub fn on_action(
+ mut self,
+ listener: impl Fn(&A, &mut Window, &mut App) + 'static,
+ ) -> Self {
+ self.action_handlers
+ .push(Box::new(move |div| div.on_action(listener)));
+ self
+ }
+
+ pub fn track_focus(mut self, focus_handle: &gpui::FocusHandle) -> Self {
+ self.focus_handle = Some(focus_handle.clone());
self
}
}
impl RenderOnce for AlertModal {
fn render(self, _window: &mut Window, cx: &mut App) -> impl IntoElement {
- v_flex()
+ let width = self.width.unwrap_or_else(|| px(440.).into());
+ let has_default_footer = self.primary_action.is_some() || self.dismiss_label.is_some();
+
+ let mut modal = v_flex()
+ .when_some(self.key_context, |this, key_context| {
+ this.key_context(key_context.as_str())
+ })
+ .when_some(self.focus_handle, |this, focus_handle| {
+ this.track_focus(&focus_handle)
+ })
.id(self.id)
.elevation_3(cx)
- .w(px(440.))
- .p_5()
- .child(
+ .w(width)
+ .bg(cx.theme().colors().elevated_surface_background)
+ .overflow_hidden();
+
+ for handler in self.action_handlers {
+ modal = handler(modal);
+ }
+
+ if let Some(header) = self.header {
+ modal = modal.child(header);
+ } else if let Some(title) = self.title {
+ modal = modal.child(
+ v_flex()
+ .pt_3()
+ .pr_3()
+ .pl_3()
+ .pb_1()
+ .child(Headline::new(title).size(HeadlineSize::Small)),
+ );
+ }
+
+ if !self.children.is_empty() {
+ modal = modal.child(
v_flex()
+ .p_3()
.text_ui(cx)
.text_color(Color::Muted.color(cx))
.gap_1()
- .child(Headline::new(self.title).size(HeadlineSize::Small))
.children(self.children),
- )
- .child(
+ );
+ }
+
+ if let Some(footer) = self.footer {
+ modal = modal.child(footer);
+ } else if has_default_footer {
+ let primary_action = self.primary_action.unwrap_or_else(|| "Ok".into());
+ let dismiss_label = self.dismiss_label.unwrap_or_else(|| "Cancel".into());
+
+ modal = modal.child(
h_flex()
- .h(rems(1.75))
+ .p_3()
.items_center()
- .child(div().flex_1())
- .child(
- h_flex()
- .items_center()
- .gap_1()
- .child(
- Button::new(self.dismiss_label.clone(), self.dismiss_label.clone())
- .color(Color::Muted),
- )
- .child(Button::new(
- self.primary_action.clone(),
- self.primary_action,
- )),
- ),
- )
+ .justify_end()
+ .gap_1()
+ .child(Button::new(dismiss_label.clone(), dismiss_label).color(Color::Muted))
+ .child(Button::new(primary_action.clone(), primary_action)),
+ );
+ }
+
+ modal
}
}
@@ -90,24 +178,75 @@ impl Component for AlertModal {
Some("A modal dialog that presents an alert message with primary and dismiss actions.")
}
- fn preview(_window: &mut Window, _cx: &mut App) -> Option {
+ fn preview(_window: &mut Window, cx: &mut App) -> Option {
Some(
v_flex()
.gap_6()
.p_4()
- .children(vec![example_group(
- vec![
- single_example(
- "Basic Alert",
- AlertModal::new("simple-modal", "Do you want to leave the current call?")
- .child("The current window will be closed, and connections to any shared projects will be terminated."
- )
- .primary_action("Leave Call")
- .into_any_element(),
- )
- ],
- )])
- .into_any_element()
+ .children(vec![
+ example_group(vec![single_example(
+ "Basic Alert",
+ AlertModal::new("simple-modal")
+ .title("Do you want to leave the current call?")
+ .child(
+ "The current window will be closed, and connections to any shared projects will be terminated."
+ )
+ .primary_action("Leave Call")
+ .dismiss_label("Cancel")
+ .into_any_element(),
+ )]),
+ example_group(vec![single_example(
+ "Custom Header",
+ AlertModal::new("custom-header-modal")
+ .header(
+ v_flex()
+ .p_3()
+ .bg(cx.theme().colors().background)
+ .gap_1()
+ .child(
+ h_flex()
+ .gap_1()
+ .child(Icon::new(IconName::Warning).color(Color::Warning))
+ .child(Headline::new("Unrecognized Workspace").size(HeadlineSize::Small))
+ )
+ .child(
+ h_flex()
+ .pl(IconSize::default().rems() + rems(0.5))
+ .child(Label::new("~/projects/my-project").color(Color::Muted))
+ )
+ )
+ .child(
+ "Untrusted workspaces are opened in Restricted Mode to protect your system.
+Review .zed/settings.json for any extensions or commands configured by this project.",
+ )
+ .child(
+ v_flex()
+ .mt_1()
+ .child(Label::new("Restricted mode prevents:").color(Color::Muted))
+ .child(ListBulletItem::new("Project settings from being applied"))
+ .child(ListBulletItem::new("Language servers from running"))
+ .child(ListBulletItem::new("MCP integrations from installing"))
+ )
+ .footer(
+ h_flex()
+ .p_3()
+ .justify_between()
+ .child(
+ Checkbox::new("trust-parent", ToggleState::Unselected)
+ .label("Trust all projects in parent directory")
+ )
+ .child(
+ h_flex()
+ .gap_1()
+ .child(Button::new("restricted", "Stay in Restricted Mode").color(Color::Muted))
+ .child(Button::new("trust", "Trust and Continue").style(ButtonStyle::Filled))
+ )
+ )
+ .width(rems(40.))
+ .into_any_element(),
+ )]),
+ ])
+ .into_any_element(),
)
}
}
diff --git a/crates/workspace/src/modal_layer.rs b/crates/workspace/src/modal_layer.rs
index bcd7db3a82aec46405927e118af86cf4a0d4912b..d6f10f703100d89bef5babd4baa590df5fa0c8fd 100644
--- a/crates/workspace/src/modal_layer.rs
+++ b/crates/workspace/src/modal_layer.rs
@@ -171,28 +171,19 @@ impl Render for ModalLayer {
};
div()
- .occlude()
.absolute()
.size_full()
- .top_0()
- .left_0()
- .when(active_modal.modal.fade_out_background(cx), |el| {
+ .inset_0()
+ .occlude()
+ .when(active_modal.modal.fade_out_background(cx), |this| {
let mut background = cx.theme().colors().elevated_surface_background;
background.fade_out(0.2);
- el.bg(background)
+ this.bg(background)
})
- .on_mouse_down(
- MouseButton::Left,
- cx.listener(|this, _, window, cx| {
- this.hide_modal(window, cx);
- }),
- )
.child(
v_flex()
.h(px(0.0))
.top_20()
- .flex()
- .flex_col()
.items_center()
.track_focus(&active_modal.focus_handle)
.child(
diff --git a/crates/workspace/src/security_modal.rs b/crates/workspace/src/security_modal.rs
new file mode 100644
index 0000000000000000000000000000000000000000..f2a94ad81661a2572f35d1d746b04b31fa24f00c
--- /dev/null
+++ b/crates/workspace/src/security_modal.rs
@@ -0,0 +1,373 @@
+//! A UI interface for managing the [`TrustedWorktrees`] data.
+
+use std::{
+ borrow::Cow,
+ path::{Path, PathBuf},
+ sync::Arc,
+};
+
+use collections::{HashMap, HashSet};
+use gpui::{DismissEvent, EventEmitter, FocusHandle, Focusable, WeakEntity};
+
+use project::{
+ WorktreeId,
+ trusted_worktrees::{PathTrust, RemoteHostLocation, TrustedWorktrees},
+ worktree_store::WorktreeStore,
+};
+use smallvec::SmallVec;
+use theme::ActiveTheme;
+use ui::{
+ AlertModal, Checkbox, FluentBuilder, KeyBinding, ListBulletItem, ToggleState, prelude::*,
+};
+
+use crate::{DismissDecision, ModalView, ToggleWorktreeSecurity};
+
+pub struct SecurityModal {
+ restricted_paths: HashMap, RestrictedPath>,
+ home_dir: Option,
+ trust_parents: bool,
+ worktree_store: WeakEntity,
+ remote_host: Option,
+ focus_handle: FocusHandle,
+ trusted: Option,
+}
+
+#[derive(Debug, PartialEq, Eq)]
+struct RestrictedPath {
+ abs_path: Option>,
+ is_file: bool,
+ host: Option,
+}
+
+impl Focusable for SecurityModal {
+ fn focus_handle(&self, _: &ui::App) -> FocusHandle {
+ self.focus_handle.clone()
+ }
+}
+
+impl EventEmitter for SecurityModal {}
+
+impl ModalView for SecurityModal {
+ fn fade_out_background(&self) -> bool {
+ true
+ }
+
+ fn on_before_dismiss(&mut self, _: &mut Window, _: &mut Context) -> DismissDecision {
+ match self.trusted {
+ Some(false) => telemetry::event!("Open in Restricted", source = "Worktree Trust Modal"),
+ Some(true) => telemetry::event!("Trust and Continue", source = "Worktree Trust Modal"),
+ None => telemetry::event!("Dismissed", source = "Worktree Trust Modal"),
+ }
+ DismissDecision::Dismiss(true)
+ }
+}
+
+impl Render for SecurityModal {
+ fn render(&mut self, _window: &mut Window, cx: &mut Context) -> impl IntoElement {
+ if self.restricted_paths.is_empty() {
+ self.dismiss(cx);
+ return v_flex().into_any_element();
+ }
+
+ let header_label = if self.restricted_paths.len() == 1 {
+ "Unrecognized Project"
+ } else {
+ "Unrecognized Projects"
+ };
+
+ let trust_label = self.build_trust_label();
+
+ AlertModal::new("security-modal")
+ .width(rems(40.))
+ .key_context("SecurityModal")
+ .track_focus(&self.focus_handle(cx))
+ .on_action(cx.listener(|this, _: &menu::Confirm, _window, cx| {
+ this.trust_and_dismiss(cx);
+ }))
+ .on_action(cx.listener(|security_modal, _: &ToggleWorktreeSecurity, _window, cx| {
+ security_modal.trusted = Some(false);
+ security_modal.dismiss(cx);
+ }))
+ .header(
+ v_flex()
+ .p_3()
+ .gap_1()
+ .rounded_t_md()
+ .bg(cx.theme().colors().editor_background.opacity(0.5))
+ .border_b_1()
+ .border_color(cx.theme().colors().border_variant)
+ .child(
+ h_flex()
+ .gap_2()
+ .child(Icon::new(IconName::Warning).color(Color::Warning))
+ .child(Label::new(header_label)),
+ )
+ .children(self.restricted_paths.values().map(|restricted_path| {
+ let abs_path = restricted_path.abs_path.as_ref().and_then(|abs_path| {
+ if restricted_path.is_file {
+ abs_path.parent()
+ } else {
+ Some(abs_path.as_ref())
+ }
+ });
+
+ let label = match abs_path {
+ Some(abs_path) => match &restricted_path.host {
+ Some(remote_host) => match &remote_host.user_name {
+ Some(user_name) => format!(
+ "{} ({}@{})",
+ self.shorten_path(abs_path).display(),
+ user_name,
+ remote_host.host_identifier
+ ),
+ None => format!(
+ "{} ({})",
+ self.shorten_path(abs_path).display(),
+ remote_host.host_identifier
+ ),
+ },
+ None => self.shorten_path(abs_path).display().to_string(),
+ },
+ None => match &restricted_path.host {
+ Some(remote_host) => match &remote_host.user_name {
+ Some(user_name) => format!(
+ "Empty project ({}@{})",
+ user_name, remote_host.host_identifier
+ ),
+ None => {
+ format!("Empty project ({})", remote_host.host_identifier)
+ }
+ },
+ None => "Empty project".to_string(),
+ },
+ };
+ h_flex()
+ .pl(IconSize::default().rems() + rems(0.5))
+ .child(Label::new(label).color(Color::Muted))
+ })),
+ )
+ .child(
+ v_flex()
+ .gap_2()
+ .child(
+ v_flex()
+ .child(
+ Label::new(
+ "Untrusted projects are opened in Restricted Mode to protect your system.",
+ )
+ .color(Color::Muted),
+ )
+ .child(
+ Label::new(
+ "Review .zed/settings.json for any extensions or commands configured by this project.",
+ )
+ .color(Color::Muted),
+ ),
+ )
+ .child(
+ v_flex()
+ .child(Label::new("Restricted Mode prevents:").color(Color::Muted))
+ .child(ListBulletItem::new("Project settings from being applied"))
+ .child(ListBulletItem::new("Language servers from running"))
+ .child(ListBulletItem::new("MCP Server integrations from installing")),
+ )
+ .map(|this| match trust_label {
+ Some(trust_label) => this.child(
+ Checkbox::new("trust-parents", ToggleState::from(self.trust_parents))
+ .label(trust_label)
+ .on_click(cx.listener(
+ |security_modal, state: &ToggleState, _, cx| {
+ security_modal.trust_parents = state.selected();
+ cx.notify();
+ cx.stop_propagation();
+ },
+ )),
+ ),
+ None => this,
+ }),
+ )
+ .footer(
+ h_flex()
+ .px_3()
+ .pb_3()
+ .gap_1()
+ .justify_end()
+ .child(
+ Button::new("rm", "Stay in Restricted Mode")
+ .key_binding(
+ KeyBinding::for_action(
+ &ToggleWorktreeSecurity,
+ cx,
+ )
+ .map(|kb| kb.size(rems_from_px(12.))),
+ )
+ .on_click(cx.listener(move |security_modal, _, _, cx| {
+ security_modal.trusted = Some(false);
+ security_modal.dismiss(cx);
+ cx.stop_propagation();
+ })),
+ )
+ .child(
+ Button::new("tc", "Trust and Continue")
+ .style(ButtonStyle::Filled)
+ .layer(ui::ElevationIndex::ModalSurface)
+ .key_binding(
+ KeyBinding::for_action(&menu::Confirm, cx)
+ .map(|kb| kb.size(rems_from_px(12.))),
+ )
+ .on_click(cx.listener(move |security_modal, _, _, cx| {
+ security_modal.trust_and_dismiss(cx);
+ cx.stop_propagation();
+ })),
+ ),
+ )
+ .into_any_element()
+ }
+}
+
+impl SecurityModal {
+ pub fn new(
+ worktree_store: WeakEntity,
+ remote_host: Option>,
+ cx: &mut Context,
+ ) -> Self {
+ let mut this = Self {
+ worktree_store,
+ remote_host: remote_host.map(|host| host.into()),
+ restricted_paths: HashMap::default(),
+ focus_handle: cx.focus_handle(),
+ trust_parents: false,
+ home_dir: std::env::home_dir(),
+ trusted: None,
+ };
+ this.refresh_restricted_paths(cx);
+
+ this
+ }
+
+ fn build_trust_label(&self) -> Option> {
+ let mut has_restricted_files = false;
+ let available_parents = self
+ .restricted_paths
+ .values()
+ .filter(|restricted_path| {
+ has_restricted_files |= restricted_path.is_file;
+ !restricted_path.is_file
+ })
+ .filter_map(|restricted_path| restricted_path.abs_path.as_ref()?.parent())
+ .collect::>();
+ match available_parents.len() {
+ 0 => {
+ if has_restricted_files {
+ Some(Cow::Borrowed("Trust all single files"))
+ } else {
+ None
+ }
+ }
+ 1 => Some(Cow::Owned(format!(
+ "Trust all projects in the {:?} folder",
+ self.shorten_path(available_parents[0])
+ ))),
+ _ => Some(Cow::Borrowed("Trust all projects in the parent folders")),
+ }
+ }
+
+ fn shorten_path<'a>(&self, path: &'a Path) -> Cow<'a, Path> {
+ match &self.home_dir {
+ Some(home_dir) => path
+ .strip_prefix(home_dir)
+ .map(|stripped| Path::new("~").join(stripped))
+ .map(Cow::Owned)
+ .unwrap_or(Cow::Borrowed(path)),
+ None => Cow::Borrowed(path),
+ }
+ }
+
+ fn trust_and_dismiss(&mut self, cx: &mut Context) {
+ if let Some(trusted_worktrees) = TrustedWorktrees::try_get_global(cx) {
+ trusted_worktrees.update(cx, |trusted_worktrees, cx| {
+ let mut paths_to_trust = self
+ .restricted_paths
+ .keys()
+ .map(|worktree_id| match worktree_id {
+ Some(worktree_id) => PathTrust::Worktree(*worktree_id),
+ None => PathTrust::Workspace,
+ })
+ .collect::>();
+ if self.trust_parents {
+ paths_to_trust.extend(self.restricted_paths.values().filter_map(
+ |restricted_paths| {
+ if restricted_paths.is_file {
+ Some(PathTrust::Workspace)
+ } else {
+ let parent_abs_path =
+ restricted_paths.abs_path.as_ref()?.parent()?.to_owned();
+ Some(PathTrust::AbsPath(parent_abs_path))
+ }
+ },
+ ));
+ }
+ trusted_worktrees.trust(paths_to_trust, self.remote_host.clone(), cx);
+ });
+ }
+
+ self.trusted = Some(true);
+ self.dismiss(cx);
+ }
+
+ pub fn dismiss(&mut self, cx: &mut Context) {
+ cx.emit(DismissEvent);
+ }
+
+ pub fn refresh_restricted_paths(&mut self, cx: &mut Context) {
+ if let Some(trusted_worktrees) = TrustedWorktrees::try_get_global(cx) {
+ if let Some(worktree_store) = self.worktree_store.upgrade() {
+ let mut new_restricted_worktrees = trusted_worktrees
+ .read(cx)
+ .restricted_worktrees(worktree_store.read(cx), self.remote_host.clone(), cx)
+ .into_iter()
+ .filter_map(|restricted_path| {
+ let restricted_path = match restricted_path {
+ Some((worktree_id, abs_path)) => {
+ let worktree =
+ worktree_store.read(cx).worktree_for_id(worktree_id, cx)?;
+ (
+ Some(worktree_id),
+ RestrictedPath {
+ abs_path: Some(abs_path),
+ is_file: worktree.read(cx).is_single_file(),
+ host: self.remote_host.clone(),
+ },
+ )
+ }
+ None => (
+ None,
+ RestrictedPath {
+ abs_path: None,
+ is_file: false,
+ host: self.remote_host.clone(),
+ },
+ ),
+ };
+ Some(restricted_path)
+ })
+ .collect::>();
+ // Do not clutter the UI:
+ // * trusting regular local worktrees assumes the workspace is trusted either, on the same host.
+ // * trusting a workspace trusts all single-file worktrees on the same host.
+ if new_restricted_worktrees.len() > 1 {
+ new_restricted_worktrees.remove(&None);
+ }
+
+ if self.restricted_paths != new_restricted_worktrees {
+ self.trust_parents = false;
+ self.restricted_paths = new_restricted_worktrees;
+ cx.notify();
+ }
+ }
+ } else if !self.restricted_paths.is_empty() {
+ self.restricted_paths.clear();
+ cx.notify();
+ }
+ }
+}
diff --git a/crates/workspace/src/workspace.rs b/crates/workspace/src/workspace.rs
index 870da3f0eb2250e93ddaeff731cd8cd2a1184c34..6a1fb06fd3a338531407a2ca9232330b587b96ff 100644
--- a/crates/workspace/src/workspace.rs
+++ b/crates/workspace/src/workspace.rs
@@ -9,6 +9,7 @@ pub mod pane_group;
mod path_list;
mod persistence;
pub mod searchable;
+mod security_modal;
pub mod shared_screen;
mod status_bar;
pub mod tasks;
@@ -77,7 +78,9 @@ use project::{
DirectoryLister, Project, ProjectEntryId, ProjectPath, ResolvedPath, Worktree, WorktreeId,
WorktreeSettings,
debugger::{breakpoint_store::BreakpointStoreEvent, session::ThreadStatus},
+ project_settings::ProjectSettings,
toolchain_store::ToolchainStoreEvent,
+ trusted_worktrees::TrustedWorktrees,
};
use remote::{
RemoteClientDelegate, RemoteConnection, RemoteConnectionOptions,
@@ -86,7 +89,9 @@ use remote::{
use schemars::JsonSchema;
use serde::Deserialize;
use session::AppSession;
-use settings::{CenteredPaddingSettings, Settings, SettingsLocation, update_settings_file};
+use settings::{
+ CenteredPaddingSettings, Settings, SettingsLocation, SettingsStore, update_settings_file,
+};
use shared_screen::SharedScreen;
use sqlez::{
bindable::{Bind, Column, StaticColumnCount},
@@ -139,6 +144,7 @@ use crate::{
SerializedAxis,
model::{DockData, DockStructure, SerializedItem, SerializedPane, SerializedPaneGroup},
},
+ security_modal::SecurityModal,
utility_pane::{DraggedUtilityPane, UtilityPaneFrame, UtilityPaneSlot, UtilityPaneState},
};
@@ -279,6 +285,12 @@ actions!(
ZoomIn,
/// Zooms out of the active pane.
ZoomOut,
+ /// If any worktrees are in restricted mode, shows a modal with possible actions.
+ /// If the modal is shown already, closes it without trusting any worktree.
+ ToggleWorktreeSecurity,
+ /// Clears all trusted worktrees, placing them in restricted mode on next open.
+ /// Requires restart to take effect on already opened projects.
+ ClearTrustedWorktrees,
/// Stops following a collaborator.
Unfollow,
/// Restores the banner.
@@ -1221,6 +1233,17 @@ impl Workspace {
window: &mut Window,
cx: &mut Context,
) -> Self {
+ cx.observe_global::(|_, cx| {
+ if ProjectSettings::get_global(cx).session.trust_all_worktrees {
+ if let Some(trusted_worktrees) = TrustedWorktrees::try_get_global(cx) {
+ trusted_worktrees.update(cx, |trusted_worktrees, cx| {
+ trusted_worktrees.auto_trust_all(cx);
+ })
+ }
+ }
+ })
+ .detach();
+
cx.subscribe_in(&project, window, move |this, _, event, window, cx| {
match event {
project::Event::RemoteIdChanged(_) => {
@@ -1478,7 +1501,7 @@ impl Workspace {
}),
];
- cx.defer_in(window, |this, window, cx| {
+ cx.defer_in(window, move |this, window, cx| {
this.update_window_title(window, cx);
this.show_initial_notifications(cx);
});
@@ -1563,6 +1586,7 @@ impl Workspace {
app_state.languages.clone(),
app_state.fs.clone(),
env,
+ true,
cx,
);
@@ -5950,6 +5974,25 @@ impl Workspace {
}
},
))
+ .on_action(cx.listener(
+ |workspace: &mut Workspace, _: &ToggleWorktreeSecurity, window, cx| {
+ workspace.show_worktree_trust_security_modal(true, window, cx);
+ },
+ ))
+ .on_action(
+ cx.listener(|_: &mut Workspace, _: &ClearTrustedWorktrees, _, cx| {
+ if let Some(trusted_worktrees) = TrustedWorktrees::try_get_global(cx) {
+ let clear_task = trusted_worktrees.update(cx, |trusted_worktrees, cx| {
+ trusted_worktrees.clear_trusted_paths(cx)
+ });
+ cx.spawn(async move |_, cx| {
+ clear_task.await;
+ cx.update(|cx| reload(cx)).ok();
+ })
+ .detach();
+ }
+ }),
+ )
.on_action(cx.listener(
|workspace: &mut Workspace, _: &ReopenClosedItem, window, cx| {
workspace.reopen_closed_item(window, cx).detach();
@@ -6430,6 +6473,41 @@ impl Workspace {
file.project.all_languages.defaults.show_edit_predictions = Some(!show_edit_predictions)
});
}
+
+ pub fn show_worktree_trust_security_modal(
+ &mut self,
+ toggle: bool,
+ window: &mut Window,
+ cx: &mut Context,
+ ) {
+ if let Some(security_modal) = self.active_modal::(cx) {
+ if toggle {
+ security_modal.update(cx, |security_modal, cx| {
+ security_modal.dismiss(cx);
+ })
+ } else {
+ security_modal.update(cx, |security_modal, cx| {
+ security_modal.refresh_restricted_paths(cx);
+ });
+ }
+ } else {
+ let has_restricted_worktrees = TrustedWorktrees::try_get_global(cx)
+ .map(|trusted_worktrees| {
+ trusted_worktrees
+ .read(cx)
+ .has_restricted_worktrees(&self.project().read(cx).worktree_store(), cx)
+ })
+ .unwrap_or(false);
+ if has_restricted_worktrees {
+ let project = self.project().read(cx);
+ let remote_host = project.remote_connection_options(cx);
+ let worktree_store = project.worktree_store().downgrade();
+ self.toggle_modal(window, cx, |_, cx| {
+ SecurityModal::new(worktree_store, remote_host, cx)
+ });
+ }
+ }
+ }
}
fn leader_border_for_pane(
@@ -7980,6 +8058,7 @@ pub fn open_remote_project_with_new_connection(
app_state.user_store.clone(),
app_state.languages.clone(),
app_state.fs.clone(),
+ true,
cx,
)
})?;
diff --git a/crates/zed/src/main.rs b/crates/zed/src/main.rs
index 674cc5f659f7a0d5d97eb7700505eb0ec4c5e5bc..353baba02cca9b0060a647f438fa8be4e81e9142 100644
--- a/crates/zed/src/main.rs
+++ b/crates/zed/src/main.rs
@@ -27,7 +27,7 @@ use reqwest_client::ReqwestClient;
use assets::Assets;
use node_runtime::{NodeBinaryOptions, NodeRuntime};
use parking_lot::Mutex;
-use project::project_settings::ProjectSettings;
+use project::{project_settings::ProjectSettings, trusted_worktrees};
use recent_projects::{SshSettings, open_remote_project};
use release_channel::{AppCommitSha, AppVersion, ReleaseChannel};
use session::{AppSession, Session};
@@ -36,6 +36,7 @@ use std::{
env,
io::{self, IsTerminal},
path::{Path, PathBuf},
+ pin::Pin,
process,
sync::{Arc, OnceLock},
time::Instant,
@@ -406,6 +407,7 @@ pub fn main() {
});
app.run(move |cx| {
+ trusted_worktrees::init(None, None, cx);
menu::init();
zed_actions::init();
@@ -474,7 +476,15 @@ pub fn main() {
tx.send(Some(options)).log_err();
})
.detach();
- let node_runtime = NodeRuntime::new(client.http_client(), Some(shell_env_loaded_rx), rx);
+
+ let trust_task = trusted_worktrees::wait_for_default_workspace_trust("Node runtime", cx)
+ .map(|trust_task| Box::pin(trust_task) as Pin>);
+ let node_runtime = NodeRuntime::new(
+ client.http_client(),
+ Some(shell_env_loaded_rx),
+ rx,
+ trust_task,
+ );
debug_adapter_extension::init(extension_host_proxy.clone(), cx);
languages::init(languages.clone(), fs.clone(), node_runtime.clone(), cx);
diff --git a/docs/src/SUMMARY.md b/docs/src/SUMMARY.md
index 9d1f6f61d446b67256c00bf6322aed73af922c5e..6514bd6455d85fe390bebce10096fc4edc5a9f0a 100644
--- a/docs/src/SUMMARY.md
+++ b/docs/src/SUMMARY.md
@@ -23,6 +23,9 @@
- [Visual Customization](./visual-customization.md)
- [Vim Mode](./vim.md)
- [Helix Mode](./helix.md)
+- [Privacy and Security](./ai/privacy-and-security.md)
+ - [Worktree Trust](./worktree-trust.md)
+ - [AI Improvement](./ai/ai-improvement.md)
@@ -69,8 +72,6 @@
- [Models](./ai/models.md)
- [Plans and Usage](./ai/plans-and-usage.md)
- [Billing](./ai/billing.md)
-- [Privacy and Security](./ai/privacy-and-security.md)
- - [AI Improvement](./ai/ai-improvement.md)
# Extensions
diff --git a/docs/src/ai/privacy-and-security.md b/docs/src/ai/privacy-and-security.md
index 6921567b9165e863cd4303752a669e641e6fcdca..d72cc8c476a83f60d8342962fcdd410e541e7356 100644
--- a/docs/src/ai/privacy-and-security.md
+++ b/docs/src/ai/privacy-and-security.md
@@ -2,7 +2,7 @@
## Philosophy
-Zed aims to collect on the minimum data necessary to serve and improve our product.
+Zed aims to collect only the minimum data necessary to serve and improve our product.
We believe in opt-in data sharing as the default in building AI products, rather than opt-out, like most of our competitors. Privacy Mode is not a setting to be toggled, it's a default stance.
@@ -12,6 +12,8 @@ It is entirely possible to use Zed, including Zed's AI capabilities, without sha
## Documentation
+- [Worktree trust](../worktree-trust.md): How Zed opens files and directories in restricted mode.
+
- [Telemetry](../telemetry.md): How Zed collects general telemetry data.
- [AI Improvement](./ai-improvement.md): Zed's opt-in-only approach to data collection for AI improvement, whether our Agentic offering or Edit Predictions.
diff --git a/docs/src/configuring-zed.md b/docs/src/configuring-zed.md
index 549dbe6fbb47b03a372ee3ddac87b72dbc4d9c2e..8a638d9f7857e1a55aaa5589a77110a7b803bbfe 100644
--- a/docs/src/configuring-zed.md
+++ b/docs/src/configuring-zed.md
@@ -1451,6 +1451,47 @@ or
`boolean` values
+### Session
+
+- Description: Controls Zed lifecycle-related behavior.
+- Setting: `session`
+- Default:
+
+```json
+{
+ "session": {
+ "restore_unsaved_buffers": true,
+ "trust_all_worktrees": false
+ }
+}
+```
+
+**Options**
+
+1. Whether or not to restore unsaved buffers on restart:
+
+```json [settings]
+{
+ "session": {
+ "restore_unsaved_buffers": true
+ }
+}
+```
+
+If this is true, user won't be prompted whether to save/discard dirty files when closing the application.
+
+2. Whether or not to skip worktree and workspace trust checks:
+
+```json [settings]
+{
+ "session": {
+ "trust_all_worktrees": false
+ }
+}
+```
+
+When trusted, project settings are synchronized automatically, language and MCP servers are downloaded and started automatically.
+
### Drag And Drop Selection
- Description: Whether to allow drag and drop text selection in buffer. `delay` is the milliseconds that must elapse before drag and drop is allowed. Otherwise, a new text selection is created.
diff --git a/docs/src/worktree-trust.md b/docs/src/worktree-trust.md
new file mode 100644
index 0000000000000000000000000000000000000000..158851117bfdc4d00746594d74e1e6dae0bb84dc
--- /dev/null
+++ b/docs/src/worktree-trust.md
@@ -0,0 +1,66 @@
+# Zed and trusted worktrees
+
+A worktree in Zed is either a directory or a single file that Zed opens as a standalone "project".
+Zed opens a worktree every time `zed some/path` is invoked, on drag and dropping a file or directory into Zed, on opening user settings.json, etc.
+
+Every worktree opened may contain a `.zed/settings.json` file with extra configuration options that may require installing and spawning language servers or MCP servers.
+Note that the Zed workspace itself may also perform user-configured MCP server installation and spawning, even if no worktrees are open.
+
+In order to provide users the opportunity to make their own choices according to their unique threat model and risk tolerance, the workspace and all worktrees will be started in Restricted mode, which prevents download and execution of any related items. Until configured to trust the workspace and/or worktrees, Zed will not perform any untrusted actions and will wait for user confirmation. This gives users a chance to review and understand any pre-configured settings, MCP servers, or language servers associated with a project.
+
+If a worktree is not trusted, Zed will indicate this with an exclamation mark icon in the title bar and a message in the Agent panel. Clicking this icon or using `workspace::ToggleWorktreeSecurity` action will bring up the security modal that allows the user to trust the worktree.
+
+Trusting any worktree will persist this information between restarts. It's possible to clear all trusted worktrees with `workspace::ClearTrustedWorktrees` command.
+This command will restart Zed, to ensure no untrusted settings, language servers or MCP servers persist.
+
+This feature works locally and on SSH and WSL remote hosts. Zed tracks trust information per host in these cases.
+
+## What is restricted
+
+Restricted Mode prevents:
+
+- Project settings (`.zed/settings.json`) from being parsed and applied
+- Language servers from being installed and spawned
+- MCP servers from being installed and spawned
+
+## Configuring broad worktree trust
+
+By default, Zed won't trust any new worktrees and users will be required to trust each new worktree. Though not recommended, users may elect to trust all worktrees and the current workspace for a given session by configuring the following setting:
+
+```json [settings]
+"session": {
+ "trust_all_worktrees": true
+}
+```
+
+Note that auto trusted worktrees are not persisted between restarts, only manually trusted worktrees are. This ensures that new trust decisions must be made if a users elects to disable the `trust_all_worktrees` setting.
+
+## Trust hierarchy
+
+These are mostly internal details and may change in the future, but are helpful to understand how multiple different trust requests can be approved at once.
+Zed has multiple layers of trust, based on the requests, from the least to most trusted level:
+
+- "single file worktree"
+
+After opening an empty Zed it's possible to open just a file, same as after opening a directory in Zed it's possible to open a file outside of this directory.
+A typical scenario where a directory might be open and a single file is subsequently opened is opening Zed's settings.json file via `zed: open settings file` command: that starts a language server for a new file open, which originates from a newly created, single file worktree.
+
+Spawning a language server presents a risk should the language server experience a supply-chain attack; therefore, Zed restricts that by default. Each single file worktree requires a separate trust grant, unless the directory containing it is trusted or all worktrees are trusted.
+
+- "workspace"
+
+Even an empty Zed workspace with no files or directories open presents a risk if new MCP servers are locally configured by the user without review. For instance, opening an Assistant Panel and creating a new external agent thread might require installing and running new user-configured [Model Context Protocol servers](./ai/mcp.md). By default, zed will restrict a new MCP server until the user elects to trust the local workspace. Users may also disable the entire Agent panel if preferred; see [AI Configuration](./ai/configuration.md) for more details.
+
+Workspace trust, permitted by trusting Zed with no worktrees open, allows locally configured resources to be downloaded and executed. Workspace trust is per host and also trusts all single file worktrees from the same host in order to permit all local user-configured MCP and language servers to start.
+
+- "directory worktree"
+
+If a directory is open in Zed, it's a full worktree which may spawn multiple language servers associated with it or spawn MCP servers if contained in a project settings file.Therefore, each directory worktree requires a separate trust grant unless a parent directory worktree trust is granted (see below).
+
+When a directory worktree is trusted, language and MCP servers are permitted to be downloaded and started, hence we also enable workspace trust for the host in question automatically when this occurs.
+
+- "parent directory worktree"
+
+To permit trust decisions for multiple directory worktrees at once, it's possible to trust all subdirectories of a given parent directory worktree opened in Zed by checking the appropriate checkbox. This will grant trust to all its subdirectories, including all current and potential directory worktrees.
+
+This also automatically enables workspace trust to permit the newly trusted resources to download and start.