policy: enterprise managed_settings for Copilot clients (#318623)

* chat plugins: add policy-backed enabledPlugins / marketplaces / strictMarketplaces settings

Adds three new chat.plugins.* settings, each policy-backed:

- chat.plugins.enabledPlugins (policy:  objectChatEnabledPlugins)
  mapping plugin IDs (`<plugin>@<marketplace>`) to enable/disable.
- chat.plugins.marketplaces (policy:  array ofChatPluginMarketplaces)
  marketplace references (GitHub shorthand or Git URI). User entries
  survive alongside policy entries.
- chat.plugins.strictMarketplaces (policy: ChatStrictMarketplaces)
  boolean restricting trust to listed marketplaces only.

All three are gated on `tags: ['experimental']`. Consumers (plugin
discovery, install, URL handler, marketplace service, quick-pick action)
now read via `inspect()` so default + user + policy layers all flow
through. A shared `readConfiguredMarketplaces` helper in
marketplaceReference.ts dedups the inspect pattern across 5 sites.

Adds three matching fields to IPolicyData so the policy framework has
slots to fill in once the wiring lands; until then they're undefined and
behave like an empty policy (no-op). Plugin discovery now distinguishes
filesystem-path entries (removable from UI) from enterprise plugin IDs
(non-removable) via a single shared loop; `IAgentPlugin.remove` is
optional accordingly.

build/lib/policies/policyData.jsonc regenerated for the new policy keys.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: implement ADR-002 enterprise managed_settings fetch & policy wiring

Wires the previously-added chat.plugins.* policy slots to the new
`/copilot_internal/managed_settings` endpoint on the authenticated
Copilot host.

Core behavior in DefaultAccountProvider:
- Fetches managed_settings alongside entitlements; shares the 1-hour
  cache used by other account-policy fetches.
- Silent fallback to local-only policy on any non-2xx, network error,
  parse error, or missing managedSettingsUrl.
- Rate-limit-aware: backs off all /copilot_internal/* calls when the
  endpoint signals 429, 403 + X-RateLimit-Remaining: 0, or any non-2xx
  with Retry-After.
- adaptManagedSettings flattens the API's structured
  extraKnownMarketplaces map into the existing string-array shape that
  chat.plugins.marketplaces consumes; tolerates malformed entries and
  unknown response keys (forward-compatible).
- Telemetry: emits `defaultaccount:managedSettings:fetch` (owner:
  joshspicer) with an `outcome` bucket (ok / no-response / parse-error /
  status:NNN) and a `rateLimitBackoffActive` flag.

Surface area:
- IDefaultAccountProvider/Service expose managedSettingsFetchStatus and
  managedSettingsFetchedAt; ManagedSettingsFetchStatus is a named union.
- Developer: Policy Diagnostics shows a Managed Settings section with
  the URL status, last-fetched timestamp, and a JSON dump of the
  applied managed-settings policy slice.
- product.json adds a managedSettingsUrl key (populated via distro).

Refactor: `readHeader` and `retryAfterFromHeaders` are moved to
`platform/request/common/request.ts` so githubRepoFetcher.ts and this
new code share one implementation.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* bump distro to 36d906669669f12466c6912bd65d9eeb47c6522d

Pulls in managedSettingsUrl from microsoft/vscode-distro#1422.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* update policyData

* policy: address PR review feedback

- Restore historical default for chat.plugins.marketplaces
  (['github/copilot-plugins', 'github/awesome-copilot#marketplace']) so
  existing users don't lose the two built-in marketplaces on update.
  Regenerate policyData.jsonc accordingly.

- Seed _managedSettingsFetchStatus = 'ok' on cache-hit so Policy
  Diagnostics reports the applied state after a process restart that
  warm-starts from cached policyData (instead of stuck at 'not yet
  fetched').

- Scope the <plugin>@<marketplace> ID-resolution rule to the enterprise
  ChatEnabledPlugins setting only. User-typed entries in
  chat.pluginLocations that happen to contain '@' are now treated as
  filesystem paths, as a user would expect, not silently rewritten to
  ~/.copilot/installed-plugins/<x>/<y>/. Split _resolvePluginPath into
  a path-only resolver and a dedicated _resolveEnterprisePluginId.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: revert unnecessary _pluginLocationsConfig refactor

chat.pluginLocations has no policy slot, so observableConfigValue
(which uses getValue() under the hood) is functionally equivalent to
the hand-rolled inspect() version. Reverting reduces diff  thechurn
inspect-based observable is now used only for _enterpriseEnabledPluginsConfig
where the default+user+policy merge actually matters.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: split managed marketplaces into dedicated policy-only setting

Adds chat.plugins.extraMarketplaces (ChatExtraMarketplaces policy,
included: false so it's hidden from the Settings UI). This receives the
'extraKnownMarketplaces' payload from the managed_settings API.

Restores chat.plugins.marketplaces to its pre-PR shape: no policy slot,
no inspect()-juggling required in consumers, no risk of accidentally
clobbering user data. Users write to chat.plugins.marketplaces; the
enterprise writes to chat.plugins.extraMarketplaces; the effective set
is the union.

Consumer simplifications:
- readConfiguredMarketplaces returns { userValues, extraValues,
   two getValue() reads, no inspect() needed.effectiveValues }
- Write-back is now just [...userValues, refValue] in all three sites.
- 'Manage Plugin Marketplaces' still surfaces the 'managed by enterprise
  policy' badge by checking ref membership in extraValues.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: tidy managed_settings code paths

- fetchMarketplacePlugins: drop the over-engineered pre-dedup-by-string;
  parseMarketplaceReferences already dedups by canonical id.
- agentPluginServiceImpl: pass source.remove directly to _toPlugin instead
  of wrapping in a null-asserted closure.
- adaptManagedSettings: use a Set for flatten-and-dedup (insertion order
  is preserved).
- getDefaultAccountFromAuthenticatedSessions: spread merge instead of
  three explicit field assignments.
- developerActions: collapse the 'ok' branch into the catch-all backtick
  wrap; same behavior, less code.
- marketplaceReference.ts: tighter JSDoc on IConfiguredMarketplaces.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: enforce ChatEnabledPlugins and strict-marketplace gates at discovery

Previously the enterprise-managed policy values were delivered into the
policy framework but not  a plugin already installed locallyenforced
(e.g. via the marketplace discovery path) would remain active even when
the policy excluded it or strict-marketplace mode rejected its source.

Adds policy enforcement on AgentPluginService.plugins, applied after
discovery dedup/sort and gated by two observables:

- ChatEnabledPlugins policy: when set, filters the surfaced plugin set
  to only those whose '<name>@<marketplace>' ID appears in the policy
  map with value true. Plugins without a marketplace provenance
  (filesystem entries from chat.pluginLocations) are unaffected.

- ChatStrictMarketplaces: when on, filters out plugins whose source
  marketplace is not trusted. Trust is sourced ONLY from
  chat.plugins.extraMarketplaces (the policy-only  user-setslot)
  entries in chat.plugins.marketplaces do NOT grant trust under strict
  mode. This matches the ADR-002 semantics: strict mode hands full
  marketplace control to the enterprise.

Also updates the chat.plugins.strictMarketplaces description text to
match the new behavior (was still pointing at the user setting).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: extract managed_settings adapter to dedicated helper

Moves IManagedSettingsResponse and adaptManagedSettings out of
defaultAccount.ts and into a new managedSettings.ts in the same folder.
Adapter is a pure transformation function with no service dependencies,
so it belongs in its own file alongside the HTTP/wiring code.

Renames the test file to managedSettings.test.ts to match what it
actually tests and tightens the suite name.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: tidy enforcement filter and sync strict-marketplace policy description

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: show policy-blocked plugins as disabled instead of hiding them

Blocked plugins (ChatEnabledPlugins / strict marketplaces) now stay
visible but are forced disabled via their enablement observable, and the
enable affordance notifies the user instead of re-enabling.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: enforce enabledPlugins/strictMarketplaces for Copilot-CLI plugins

CLI-installed plugins under `~/.copilot/installed-plugins/<marketplace>/<plugin>/`
have no `fromMarketplace` metadata, so they previously bypassed enterprise
policy. Derive their identity from the install-path bucket (matching the
convention used by `_resolveEnterprisePluginId`) so enabledPlugins gating
applies, and add a bucket-name heuristic for strict marketplaces.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* log raw managed_settings response at trace level

Helps debug schema drift / unknown server fields that get dropped by
adaptManagedSettings(). Trace-only so it's off by default.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* improve managed_settings warning for missing repo/url

When a github source is missing 'repo' or a git source is missing 'url',
emit a specific warning naming the missing field instead of the misleading
'unknown source type' message.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* preserve marketplace name through managed_settings policy delivery

The managed_settings adapter previously flattened extraKnownMarketplaces
entries to bare "<owner>/<repo>" or "<url>" strings, losing the marketplace
name. That broke enabledPlugins matching because plugin IDs are keyed as
"<plugin>@<marketplace-name>" but our parsed reference's displayLabel was
derived from the URL/repo instead.

Changes:
- adapter now emits { name, source } objects preserving the full shape
- IPolicyData.extraKnownMarketplaces accepts string | object entries
- parseMarketplaceReferences gains object-handling, using name as displayLabel
- workspacePluginSettingsService shares the object parser
- policy schema relaxed to allow object items

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: clarify chat.plugins.enabledPlugins description

The previous 'Merged with entries from chat.pluginLocations' was misleading:
the two settings use different key namespaces (plugin IDs vs filesystem paths)
and the enabledPlugins policy also acts as an allowlist that gates
marketplace-discovered  not a symmetric merge.plugins

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: add description for chat.plugins.extraMarketplaces

The setting was missing a markdownDescription, so the Settings UI card
rendered empty when shown under 'Managed by organization'. Also updated
the policy localization to mention the new { name, source } object form.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: shorten chat.plugins.extraMarketplaces description

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: drop policy name from extraMarketplaces description

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: re-fetch plugin marketplaces when ExtraMarketplaces policy changes

pluginMarketplaceService.onDidChangeMarketplaces only listened for
PluginsEnabled and PluginMarketplaces config changes, so the
ExtraMarketplaces values delivered by the ChatExtraMarketplaces policy
never triggered a  the union was stale until the next user editrefetch
to chat.plugins.marketplaces or a workspace-trust change.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: extract IExtraKnownMarketplaceEntry to base/common/managedSettings

Move the enterprise-managed marketplace entry type out of defaultAccount.ts
into a dedicated managedSettings.ts so the type lives alongside other
managed-settings-specific code.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: cleanup pass

- Sync policyData.jsonc ChatExtraMarketplaces description with the
  source declaration in chat.shared.contribution.ts (object-form
  entries were missing from the policy artifact).
- Reorder Event import in agentPluginServiceImpl.ts to keep base/common
  imports alphabetical.
- Fix stale doc reference (COPILOT_CLI_INSTALLED_PLUGINS_DIR -> the
  function it actually mirrors).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: accept host-only git URLs in extraKnownMarketplaces

ADR-002 describes the `git` source `url` as a free-form `(string)`
the example happens to be a full clone URL, but the schema doesn't
require a repo path. Our marketplace-URI parser was rejecting host-only
HTTPS endpoints (e.g. `https://plugins.internal.example.com`), so
enterprise policy entries with marketplace-registry-style URLs were
silently dropped before they ever reached the UI.

Relax `parseUriMarketplaceReference` to accept host-only URLs and
treat them as a marketplace endpoint identified by host alone. The
canonical id becomes `git:<host>/` so distinct hosts still dedupe
correctly. Existing path-aware behavior is preserved unchanged.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: fix string entry guard in extraKnownMarketplaces policy.value; fix test cloneUrl expectation

- Handle string-typed entries in extraKnownMarketplaces (IPolicyData allows string | IExtraKnownMarketplaceEntry)
- Fix test expectation: URI.parse normalizes host-only URLs to include trailing slash

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: read extraMarketplaces dict and convert to nested entry shape

The setting schema is now `{ [name]: url-or-shorthand }` (object), so
readConfiguredMarketplaces must convert each entry to the nested
IExtraMarketplaceObjectEntry shape that parseMarketplaceReferences expects.
Uses a regex to detect GitHub shorthand (owner/repo[#ref]) vs URI.

 TypeError in CI:
'extraValues is not iterable' on [...userValues, ...extraValues].

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: extract extraKnownMarketplacesToConfigDict helper + add regression tests for Settings Editor display

Extract the policy.value conversion for ChatExtraMarketplaces out of
chat.shared.contribution.ts into a reusable, unit-testable helper. The
helper converts the IExtraKnownMarketplaceEntry[] policy payload into the
{ [name]: url-or-shorthand } dict that:
  - the Settings Editor's ComplexObject renderer can display inline as
    key/value rows (instead of just 'Edit in settings.json'), and
  - readConfiguredMarketplaces reverses back into IExtraMarketplaceObjectEntry[]
    so parseMarketplaceReferences preserves displayLabel = name.

Tests added:
 undefined
 owner/repo
 owner/repo#ref
 raw URL (+ optional #ref)

    parseMarketplaceReferences flow (the regression test that catches the
    'extraValues is not iterable' bug we just hit in CI)
  - schema-shape: chat.plugins.extraMarketplaces is registered with
    type=object + additionalProperties.type=['string'], the exact shape
    the Settings Editor requires to render as ComplexObject

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: stop spurious 'invalid marketplace entry' warnings for object-form entries

url dict, policy
entries always reach the marketplace fetcher as IExtraMarketplaceObjectEntry
objects (not strings). The validation loop was only accepting strings,
producing a 'Ignoring invalid marketplace entry: [object Object]' debug log
for every valid policy entry.

Validate using parseMarketplaceObjectEntry for object values so the warning
fires only for genuinely-unparseable entries.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: drop schema-shape test that double-registered chat contribution commands

The schema-shape test for chat.plugins.extraMarketplaces imported the full
chat.shared.contribution module to populate the configuration registry.
This re-registered commands (already registered by the workbench under
test), producing 'Cannot register two commands with the same id:
workbench.action.chat.markHelpful' and cascading disposable leaks in
unrelated suites (EditorService, WorkingCopyBackupTracker).

The other 5 tests (extraKnownMarketplacesToConfigDict + end-to-end round
trip) cover the actual behavior that broke; the schema shape is exercised
implicitly by the round-trip test.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* policy: normalize github.com URI/SSH refs to the GitHub shorthand canonical id

Plugin marketplace trust under strict mode compares canonicalId. A plugin
discovered from 'https://github.com/microsoft/vscode-team-kit.git' was
being blocked even though 'microsoft/vscode-team-kit' was in the trusted
list, because the URI parser produced 'git:github.com/microsoft/vscode-team-kit.git'
while the shorthand parser produced 'github:microsoft/vscode-team-kit'.

When parseUriMarketplaceReference / parseScpMarketplaceReference detect a
github.com authority, emit the same canonical id form the shorthand parser
uses so all three forms (shorthand, https URI, SCP) collapse to a single
trusted reference.

Existing dedup test now expects 1 entry instead of 2; ref-distinction test
collapses the https+#ref entry with its shorthand sibling. Added a focused
regression test asserting all four forms produce identical canonical ids.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* update policy

* fix dupe policy export

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>