VS Code Integration Guide

Overview

VS Code is one of the most common surfaces for AI-assisted development. Cup’n’String helps govern VS Code itself, agent extensions, local terminals, MCP servers, provider endpoints, and access to local services.

Support level

Native Integration + Active Proxy & Shielding

What Cup’n’String detects

• VS Code processes and workspaces
• Common extension-host activity
• MCP configuration patterns where available
• Local terminal child processes
• Known agent extensions such as Cline, Roo Code, Continue.dev, and Copilot

What it governs

• Outbound model/provider requests
• MCP tool calls
• Localhost, container, and Kubernetes service access
• Secret-bearing files and environment variables
• Shell execution visibility where routed through managed agents or proxy paths

Recommended policies

• Allow approved model providers only
• Require managed MCP proxy for workspace agents
• Block unknown outbound AI endpoints
• Shield .env, cloud credentials, SSH keys, npm/pypi tokens, and local secrets

Setup outline

1. Ensure the Cup’n’String agent daemon is running.
2. Launch VS Code; the agent auto-detects the running processes.
3. Configure your extension provider base URLs to route through the managed local proxy.

Verification

Confirm VS Code appears as a governed environment in the Cup’n’String dashboard, and test a blocked/allowed provider call.

Troubleshooting

If processes are not discovered, verify that VS Code is not running as a privileged administrator while the agent is running as a standard user.

Known limitations

Native depth depends on extension behavior and whether tools route through supported proxy/MCP/provider paths.