Skip to content

feat(workspace): add rootResolution setting for multi-root workspaces #538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
edelauna merged 4 commits into from
Jun 12, 2026
Merged

feat(workspace): add rootResolution setting for multi-root workspaces #538

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b8f5058
feat(workspace): add rootResolution setting for multi-root workspaces
Jun 8, 2026
93543b8
i18n: add workspace.rootResolution setting translations
Jun 9, 2026
d21399c
chore: re-trigger CI (flaky e2e-mock: unrelated subtask/task orchestr…
Jun 10, 2026
d647011
address PR #538 review: scope=machine for rootResolution, use Package…
Jun 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions src/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -414,6 +414,21 @@
"default": false,
"description": "%settings.debugProxy.tlsInsecure.description%",
"markdownDescription": "%settings.debugProxy.tlsInsecure.description%"
},
"zoo-code.workspace.rootResolution": {
"type": "string",
"enum": [
"activeEditor",
"firstFolder"
],
"enumDescriptions": [
"%settings.workspace.rootResolution.activeEditor.description%",
"%settings.workspace.rootResolution.firstFolder.description%"
],
"default": "activeEditor",
"scope": "machine",
"description": "%settings.workspace.rootResolution.description%",
"markdownDescription": "%settings.workspace.rootResolution.description%"
}

@edelauna edelauna Jun 10, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without an explicit "scope" this defaults to "window", which means a committed .vscode/settings.json can override it. Since this setting controls which workspace folder is used to locate .roo/mcp.json (and therefore which MCP servers get registered), could a malicious workspace settings file redirect that to an attacker-controlled folder in a multi-root workspace?

If workspace-level override should be blocked, "scope": "machine" would prevent it. If it is intentional, worth documenting the trust decision here.

@simurg79 simurg79 Jun 11, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch — this setting feeds MCP-server discovery, so I've set "scope": "machine" to prevent a committed workspace settings.json from redirecting the resolved root. This intentionally disallows workspace-level overrides (the security tradeoff is deliberate).

}
}
Expand Down
5 changes: 4 additions & 1 deletion src/package.nls.ca.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion src/package.nls.de.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion src/package.nls.es.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion src/package.nls.fr.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion src/package.nls.hi.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion src/package.nls.id.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion src/package.nls.it.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion src/package.nls.ja.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion src/package.nls.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,5 +44,8 @@
"settings.debug.description": "Enable debug mode to show additional buttons for viewing API conversation history and UI messages as prettified JSON in temporary files.",
"settings.debugProxy.enabled.description": "**Enable Debug Proxy** — Route all outbound network requests through a proxy for MITM debugging. Only active when running in debug mode (F5).",
"settings.debugProxy.serverUrl.description": "Proxy URL (e.g., `http://127.0.0.1:8888`). Only used when **Debug Proxy** is enabled.",
"settings.debugProxy.tlsInsecure.description": "Accept self-signed certificates from the proxy. **Required for MITM inspection.** ⚠️ Insecure — only use for local debugging."
"settings.debugProxy.tlsInsecure.description": "Accept self-signed certificates from the proxy. **Required for MITM inspection.** ⚠️ Insecure — only use for local debugging.",
"settings.workspace.rootResolution.description": "How Zoo resolves the workspace root in a multi-root workspace. The root is used to locate `.roomodes`, `.roo/mcp.json`, `.roo/rules/`, and other project-scoped configuration. Changing this setting only affects future lookups; running tasks keep their original root.",
"settings.workspace.rootResolution.activeEditor.description": "Use the workspace folder containing the active editor; fall back to the first workspace folder. (Default — preserves legacy behavior.)",
"settings.workspace.rootResolution.firstFolder.description": "Always use the first workspace folder (workspaceFolders[0]). Deterministic — independent of which file is currently focused."
}
5 changes: 4 additions & 1 deletion src/package.nls.ko.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading