Description
The extension's packages/databricks-vscode/package.json does not declare a top-level capabilities object. As a result, neither untrustedWorkspaces nor virtualWorkspaces support is declared, and VS Code has to fall back to its defaults:
- Workspace Trust: Without
capabilities.untrustedWorkspaces, VS Code treats the extension as "trust required" and disables it by default in Restricted Mode, but there is no explicit description shown to the user explaining why the extension needs trust (e.g. "connects to remote Databricks workspaces, runs code on clusters, downloads and executes the Databricks CLI binary"). Many users end up with the Databricks side panel silently unavailable in Restricted Mode with no actionable hint.
- Virtual Workspaces: Without
capabilities.virtualWorkspaces, VS Code shows a generic "This extension has not been tested in virtual workspaces" warning when the extension is enabled against a virtual filesystem (GitHub Repos, GitHub Codespaces web editor, remote FS providers). The correct declaration here is almost certainly false with a short reason string, because the extension executes a local databricks CLI binary and syncs files against a real filesystem.
Rationale
Declaring these capabilities is a low-risk, additive change that:
- Gives users a clear reason banner in Restricted Mode instead of a silent no-op.
- Removes the untested-virtual-workspace warning by declaring the (accurate)
false status with a reason.
- Follows the VS Code extension guidelines: https://code.visualstudio.com/api/extension-guides/workspace-trust and https://code.visualstudio.com/api/extension-guides/virtual-workspaces
Suggested shape
"capabilities": {
"untrustedWorkspaces": {
"supported": false,
"description": "The Databricks extension executes the Databricks CLI binary and syncs local files to a remote workspace, so it must run in a trusted workspace."
},
"virtualWorkspaces": {
"supported": false,
"description": "The Databricks extension needs local filesystem access to sync bundle files and to invoke the Databricks CLI, which is not available in virtual workspaces."
}
}
(Wording is a suggestion; the maintainers know the exact scope better.)
Verification
Checked packages/databricks-vscode/package.json on main (commit 133c453, 2026-06-26) via the GitHub Contents API — no capabilities key present.
Filed via automated audit.
Description
The extension's
packages/databricks-vscode/package.jsondoes not declare a top-levelcapabilitiesobject. As a result, neitheruntrustedWorkspacesnorvirtualWorkspacessupport is declared, and VS Code has to fall back to its defaults:capabilities.untrustedWorkspaces, VS Code treats the extension as "trust required" and disables it by default in Restricted Mode, but there is no explicit description shown to the user explaining why the extension needs trust (e.g. "connects to remote Databricks workspaces, runs code on clusters, downloads and executes the Databricks CLI binary"). Many users end up with the Databricks side panel silently unavailable in Restricted Mode with no actionable hint.capabilities.virtualWorkspaces, VS Code shows a generic "This extension has not been tested in virtual workspaces" warning when the extension is enabled against a virtual filesystem (GitHub Repos, GitHub Codespaces web editor, remote FS providers). The correct declaration here is almost certainlyfalsewith a short reason string, because the extension executes a localdatabricksCLI binary and syncs files against a real filesystem.Rationale
Declaring these capabilities is a low-risk, additive change that:
falsestatus with a reason.Suggested shape
(Wording is a suggestion; the maintainers know the exact scope better.)
Verification
Checked
packages/databricks-vscode/package.jsononmain(commit 133c453, 2026-06-26) via the GitHub Contents API — nocapabilitieskey present.Filed via automated audit.