Skip to content

feat(extension): add defaultTerminalMode and cliFlags settings#23

Open
perler wants to merge 2 commits intoes6kr:mainfrom
perler:pr/extension-settings
Open

feat(extension): add defaultTerminalMode and cliFlags settings#23
perler wants to merge 2 commits intoes6kr:mainfrom
perler:pr/extension-settings

Conversation

@perler
Copy link

@perler perler commented Feb 24, 2026

Summary

  • Adds claudeSessions.defaultTerminalMode setting to control whether sessions open via a picker, in the integrated terminal, or in the system terminal
  • Adds claudeSessions.cliFlags setting for passing extra CLI flags to the claude --resume command (e.g. --dangerously-skip-permissions)

Both settings are registered as VS Code configuration with sensible defaults.

Test plan

  • Verify defaultTerminalMode switches between ask, internal, and external behavior
  • Verify cliFlags arguments are appended to the claude --resume command
  • Check settings appear correctly in VS Code Settings UI

🤖 Generated with Claude Code

Summary by CodeRabbit

New Features

  • Terminal Mode Configuration: New defaultTerminalMode setting allows customization of how sessions resume. Choose between interactive selection, integrated terminal, or system terminal modes.
  • CLI Flags Support: New cliFlags setting enables appending additional command-line flags to the resume command.

Work Server and others added 2 commits February 24, 2026 17:44
New `claudeSessions.defaultTerminalMode` setting ("ask" | "internal" |
"external", default "ask") lets users skip the terminal picker when
resuming sessions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Work Server <work@server.local>
New `claudeSessions.cliFlags` setting (string, default "") is appended
to the `claude` command when resuming sessions.  Enables passing flags
like `--dangerously-skip-permissions` without modifying extension code.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Work Server <work@server.local>
@coderabbitai
Copy link

coderabbitai bot commented Feb 24, 2026

📝 Walkthrough

Walkthrough

This pull request adds two new VS Code configuration properties to the Claude Sessions extension: defaultTerminalMode for selecting terminal behavior when resuming sessions, and cliFlags for appending CLI arguments to resume commands. The extension.ts implementation reads these configurations and adapts the resume session flow accordingly.

Changes

Cohort / File(s) Summary
Configuration Schema
packages/vscode-extension/package.json
Added claudeSessions.defaultTerminalMode (enum: "ask", "internal", "external") and claudeSessions.cliFlags (string) configuration properties with descriptions.
Configuration Implementation
packages/vscode-extension/src/extension.ts
Updated getConfig to retrieve new properties; modified resume session flow to respect defaultTerminalMode when selecting terminal and append cliFlags to the resume command for both internal and external terminal paths.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Whiskers twitch with glee,
Config blooms, wild and free,
Terminals bend to our will,
CLI flags do as we please still,
Customize, my dear, with delight! 🎉

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main changes: adding two new settings (defaultTerminalMode and cliFlags) to the VS Code extension.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
  • 📝 Generate docstrings (stacked PR)
  • 📝 Generate docstrings (commit on current branch)
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/vscode-extension/src/extension.ts`:
- Around line 448-499: The cliFlags from getConfig() are interpolated into shell
commands (used in terminal.sendText for the internal path and passed to
resumeSession for the external path) and must be sanitized and only used when
the workspace is trusted; first check vscode.workspace.isTrusted before using
any workspace-provided cliFlags, and if not trusted ignore or reject them. For
trusted workspaces, validate and sanitize cliFlags by removing or rejecting
shell metacharacters (`;`, `&`, `|`, backticks, `$()`, newlines) and/or prefer
splitting flags into a safe array of arguments (e.g., tokenizing on whitespace
and filtering invalid tokens) instead of building a single interpolated shell
string; update the internal flow (where terminal.sendText currently sends
`claude --resume ${item.sessionId}${cliFlags ? \` ${cliFlags}\` : ''}`) to avoid
direct interpolation and the external flow to pass an args array to
resumeSession (instead of a single joined string) so metacharacters are not
interpreted by a shell.

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to Reviews > Disable Cache setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 37a6452 and d03c1b9.

📒 Files selected for processing (2)
  • packages/vscode-extension/package.json
  • packages/vscode-extension/src/extension.ts

Comment on lines +448 to 499
const { defaultTerminalMode } = getConfig()

let mode: 'internal' | 'external'
if (defaultTerminalMode === 'internal' || defaultTerminalMode === 'external') {
mode = defaultTerminalMode
} else {
const choice = await vscode.window.showQuickPick(
[
{
label: '$(terminal) Internal Terminal',
description: 'Open in VSCode integrated terminal',
mode: 'internal' as const,
},
{
label: '$(link-external) External Terminal',
description: 'Open in system default terminal',
mode: 'external' as const,
},
],
{
label: '$(link-external) External Terminal',
description: 'Open in system default terminal',
mode: 'external' as const,
},
],
{
placeHolder: 'Where to open Claude session?',
title: 'Resume Session',
}
)
placeHolder: 'Where to open Claude session?',
title: 'Resume Session',
}
)

if (!choice) return
if (!choice) return
mode = choice.mode
}

// Get project path for cwd
const folderPath = await session.folderNameToPath(item.projectName)
const homeDir = process.env.HOME || process.env.USERPROFILE || ''
const cwd = session.expandHomePath(folderPath, homeDir)
const { cliFlags } = getConfig()

if (choice.mode === 'internal') {
if (mode === 'internal') {
// Create terminal with proper name and cwd
const terminal = vscode.window.createTerminal({
name: `Claude: ${item.label}`,
cwd,
})
terminal.show()
terminal.sendText(`claude --resume ${item.sessionId}`)
const cmd = `claude --resume ${item.sessionId}${cliFlags ? ` ${cliFlags}` : ''}`
terminal.sendText(cmd)
} else {
// External: spawn detached process
const extraArgs = cliFlags ? cliFlags.split(/\s+/).filter(Boolean) : []
const result = resumeSession({
sessionId: item.sessionId,
cwd,
args: extraArgs,
})
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cd packages/vscode-extension/src && wc -l extension.ts

Repository: es6kr/claude-code-sessions

Length of output: 86


🏁 Script executed:

cd packages/vscode-extension/src && sed -n '440,510p' extension.ts

Repository: es6kr/claude-code-sessions

Length of output: 2451


🏁 Script executed:

cd packages/vscode-extension/src && grep -n "getConfig\|cliFlags" extension.ts | head -20

Repository: es6kr/claude-code-sessions

Length of output: 648


🏁 Script executed:

cd packages/vscode-extension/src && sed -n '19,35p' extension.ts

Repository: es6kr/claude-code-sessions

Length of output: 683


🏁 Script executed:

cd packages/vscode-extension/src && grep -n "resumeSession" extension.ts | head -10

Repository: es6kr/claude-code-sessions

Length of output: 219


🏁 Script executed:

cd packages/vscode-extension && find . -name "*.ts" -type f -exec grep -l "function resumeSession\|export.*resumeSession" {} \;

Repository: es6kr/claude-code-sessions

Length of output: 52


🏁 Script executed:

find packages -name "*.ts" -type f -exec grep -l "export.*resumeSession\|function resumeSession" {} \;

Repository: es6kr/claude-code-sessions

Length of output: 153


🏁 Script executed:

cd packages && find . -path "*/core/server*" -type f | head -20

Repository: es6kr/claude-code-sessions

Length of output: 52


🏁 Script executed:

cd packages/core/src && grep -n "export.*resumeSession\|function resumeSession" resume.ts server.ts

Repository: es6kr/claude-code-sessions

Length of output: 225


🏁 Script executed:

cd packages/core/src && cat -n server.ts | head -100

Repository: es6kr/claude-code-sessions

Length of output: 503


🏁 Script executed:

cd packages/core/src && wc -l resume.ts

Repository: es6kr/claude-code-sessions

Length of output: 82


🏁 Script executed:

cd packages/core/src && cat -n resume.ts

Repository: es6kr/claude-code-sessions

Length of output: 3271


🏁 Script executed:

cd packages/vscode-extension/src && grep -n "isTrusted\|workspace.*trust" extension.ts

Repository: es6kr/claude-code-sessions

Length of output: 52


🏁 Script executed:

cd packages && git ls-files | grep -i "package.json" | head -5

Repository: es6kr/claude-code-sessions

Length of output: 151


🏁 Script executed:

cd packages/vscode-extension && cat -n package.json | grep -A 5 -B 5 "contributes\|configuration"

Repository: es6kr/claude-code-sessions

Length of output: 785


🏁 Script executed:

cd packages/vscode-extension && sed -n '1,200p' package.json | grep -A 20 "contributes"

Repository: es6kr/claude-code-sessions

Length of output: 570


🏁 Script executed:

cd packages/vscode-extension && grep -A 10 "cliFlags" package.json

Repository: es6kr/claude-code-sessions

Length of output: 406


Sanitize cliFlags against command injection before interpolating into shell commands.

Line 490 and the external terminal path (line 494–495) interpolate workspace-provided cliFlags directly into shell commands. Since .vscode/settings.json can be committed to a repository, this enables command injection via shell metacharacters (;, &&, |, backticks, $(), newlines). Add workspace trust verification and remove unsafe characters before passing to terminal or process execution.

Suggested mitigation (trust + sanitization)
+function getCliFlags(): string {
+  const config = vscode.workspace.getConfiguration('claudeSessions')
+  const inspected = config.inspect<string>('cliFlags')
+  const raw =
+    vscode.workspace.isTrusted
+      ? (inspected?.workspaceValue ?? inspected?.globalValue ?? inspected?.defaultValue ?? '')
+      : (inspected?.globalValue ?? inspected?.defaultValue ?? '')
+  const sanitized = String(raw).replace(/[\r\n]/g, ' ').trim()
+  if (/[;&|`$<>]/.test(sanitized)) {
+    vscode.window.showWarningMessage(
+      'claudeSessions.cliFlags contains unsafe characters and was ignored.'
+    )
+    return ''
+  }
+  return sanitized
+}
-        const { cliFlags } = getConfig()
+        const cliFlags = getCliFlags()
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@packages/vscode-extension/src/extension.ts` around lines 448 - 499, The
cliFlags from getConfig() are interpolated into shell commands (used in
terminal.sendText for the internal path and passed to resumeSession for the
external path) and must be sanitized and only used when the workspace is
trusted; first check vscode.workspace.isTrusted before using any
workspace-provided cliFlags, and if not trusted ignore or reject them. For
trusted workspaces, validate and sanitize cliFlags by removing or rejecting
shell metacharacters (`;`, `&`, `|`, backticks, `$()`, newlines) and/or prefer
splitting flags into a safe array of arguments (e.g., tokenizing on whitespace
and filtering invalid tokens) instead of building a single interpolated shell
string; update the internal flow (where terminal.sendText currently sends
`claude --resume ${item.sessionId}${cliFlags ? \` ${cliFlags}\` : ''}`) to avoid
direct interpolation and the external flow to pass an args array to
resumeSession (instead of a single joined string) so metacharacters are not
interpreted by a shell.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant