Merge branch 'main' into eli/prompt-tile-style-clean

Author: eli-w-king

.github/copilot-instructions.md

@@ -133,3 +133,4 @@ function f(x: number, y: string): void { }
 - Look for existing test patterns before creating new structures
 - Use `describe` and `test` consistently with existing patterns
 - If you create any temporary new files, scripts, or helper files for iteration, clean up these files by removing them at the end of the task
+- Do not use `any` or `unknown` as the type for variables, parameters, or return values unless absolutely necessary. If they need type annotations, they should have proper types or interfaces defined.

build/lib/tsb/builder.js

@@ -440,7 +440,9 @@ export function createTypeScriptBuilder(config: IConfiguration, projectFile: str
 						messageText: `CYCLIC dependency: ${error}`
 					});
 				}
+				delete oldErrors[filename];
 				newErrors[filename] = cyclicDepErrors;
+				cyclicDepErrors.forEach(d => onError(d));
 			}
 
 		}).then(() => {

build/lib/tsb/builder.ts

@@ -88,6 +88,8 @@
 		"sideBarTitle.foreground": "#CCCCCC",
 		"statusBar.background": "#181818",
 		"statusBar.border": "#2B2B2B",
+		"statusBarItem.hoverBackground": "#F1F1F133",
+		"statusBarItem.hoverForeground": "#FFFFFF",
 		"statusBar.debuggingBackground": "#0078D4",
 		"statusBar.debuggingForeground": "#FFFFFF",
 		"statusBar.focusBorder": "#0078D4",

extensions/mermaid-chat-features/package-lock.json

@@ -104,7 +104,8 @@
 		"statusBar.background": "#F8F8F8",
 		"statusBar.foreground": "#3B3B3B",
 		"statusBar.border": "#E5E5E5",
-		"statusBarItem.hoverBackground": "#B8B8B850",
+		"statusBarItem.hoverBackground": "#1F1F1F11",
+		"statusBarItem.hoverForeground": "#000000",
 		"statusBarItem.compactHoverBackground": "#CCCCCC",
 		"statusBar.debuggingBackground": "#FD716C",
 		"statusBar.debuggingForeground": "#000000",

extensions/theme-defaults/themes/dark_modern.json

@@ -1,7 +1,7 @@
 {
   "name": "code-oss-dev",
   "version": "1.105.0",
-  "distro": "9e823daeded19d4a7c8f7e3ba36ca5d3c68d8350",
+  "distro": "8b551ae26e4dadc3f6ece34bbbc3feea81ce4a97",
   "author": {
     "name": "Microsoft Corporation"
   },
@@ -239,4 +239,4 @@
   "optionalDependencies": {
     "windows-foreground-love": "0.5.0"
   }
-}
+}

extensions/theme-defaults/themes/light_modern.json

@@ -957,3 +957,120 @@ export function scopesMatch(scopes1: readonly string[], scopes2: readonly string
 
 	return sortedScopes1.every((scope, index) => scope === sortedScopes2[index]);
 }
+
+interface CommonResponse {
+	status: number;
+	statusText: string;
+	json(): Promise<any>;
+	text(): Promise<string>;
+}
+
+interface IFetcher {
+	(input: string, init: { method: string; headers: Record<string, string> }): Promise<CommonResponse>;
+}
+
+export interface IFetchResourceMetadataOptions {
+	/**
+	 * Headers to include only when the resource metadata URL has the same origin as the target resource
+	 */
+	sameOriginHeaders?: Record<string, string>;
+	/**
+	 * Optional custom fetch implementation (defaults to global fetch)
+	 */
+	fetch?: IFetcher;
+}
+
+/**
+ * Fetches and validates OAuth 2.0 protected resource metadata from the given URL.
+ *
+ * @param targetResource The target resource URL to compare origins with (e.g., the MCP server URL)
+ * @param resourceMetadataUrl Optional URL to fetch the resource metadata from. If not provided, will try well-known URIs.
+ * @param options Configuration options for the fetch operation
+ * @returns Promise that resolves to the validated resource metadata
+ * @throws Error if the fetch fails, returns non-200 status, or the response is invalid
+ */
+export async function fetchResourceMetadata(
+	targetResource: string,
+	resourceMetadataUrl: string | undefined,
+	options: IFetchResourceMetadataOptions = {}
+): Promise<IAuthorizationProtectedResourceMetadata> {
+	const {
+		sameOriginHeaders = {},
+		fetch: fetchImpl = fetch
+	} = options;
+
+	const targetResourceUrlObj = new URL(targetResource);
+
+	// If no resourceMetadataUrl is provided, try well-known URIs as per RFC 9728
+	let urlsToTry: string[];
+	if (!resourceMetadataUrl) {
+		// Try in order: 1) with path appended, 2) at root
+		const pathComponent = targetResourceUrlObj.pathname === '/' ? undefined : targetResourceUrlObj.pathname;
+		const rootUrl = `${targetResourceUrlObj.origin}${AUTH_PROTECTED_RESOURCE_METADATA_DISCOVERY_PATH}`;
+		if (pathComponent) {
+			// Only try both URLs if we have a path component
+			urlsToTry = [
+				`${rootUrl}${pathComponent}`,
+				rootUrl
+			];
+		} else {
+			// If target is already at root, only try the root URL once
+			urlsToTry = [rootUrl];
+		}
+	} else {
+		urlsToTry = [resourceMetadataUrl];
+	}
+
+	const errors: Error[] = [];
+	for (const urlToTry of urlsToTry) {
+		try {
+			// Determine if we should include same-origin headers
+			let headers: Record<string, string> = {
+				'Accept': 'application/json'
+			};
+
+			const resourceMetadataUrlObj = new URL(urlToTry);
+			if (resourceMetadataUrlObj.origin === targetResourceUrlObj.origin) {
+				headers = {
+					...headers,
+					...sameOriginHeaders
+				};
+			}
+
+			const response = await fetchImpl(urlToTry, { method: 'GET', headers });
+			if (response.status !== 200) {
+				let errorText: string;
+				try {
+					errorText = await response.text();
+				} catch {
+					errorText = response.statusText;
+				}
+				errors.push(new Error(`Failed to fetch resource metadata from ${urlToTry}: ${response.status} ${errorText}`));
+				continue;
+			}
+
+			const body = await response.json();
+			if (isAuthorizationProtectedResourceMetadata(body)) {
+				// Use URL constructor for normalization - it handles hostname case and trailing slashes
+				const prmValue = new URL(body.resource).toString();
+				const targetValue = targetResourceUrlObj.toString();
+				if (prmValue !== targetValue) {
+					throw new Error(`Protected Resource Metadata resource property value "${prmValue}" (length: ${prmValue.length}) does not match target server url "${targetValue}" (length: ${targetValue.length}). These MUST match to follow OAuth spec https://datatracker.ietf.org/doc/html/rfc9728#PRConfigurationValidation`);
+				}
+				return body;
+			} else {
+				errors.push(new Error(`Invalid resource metadata from ${urlToTry}. Expected to follow shape of https://datatracker.ietf.org/doc/html/rfc9728#name-protected-resource-metadata (Hints: is scopes_supported an array? Is resource a string?). Current payload: ${JSON.stringify(body)}`));
+				continue;
+			}
+		} catch (e) {
+			errors.push(e instanceof Error ? e : new Error(String(e)));
+			continue;
+		}
+	}
+	// If we've tried all URLs and none worked, throw the error(s)
+	if (errors.length === 1) {
+		throw errors[0];
+	} else {
+		throw new AggregateError(errors, 'Failed to fetch resource metadata from all attempted URLs');
+	}
+}