[BUG] Elicitation doesn't work properly for tools that may expose secrets #1217
Description
Describe the bug
There are multiple overlapping issues in the code, but the end result is that tools that are supposed to use elicitation to protect secret/sensitive data don't actually ask for confirmation in the expected way and ignore the user's input anyway.
Expected behavior
When using the key vaults tools to retrieve the value of a secret, the code in BaseToolLoader.HandleSecretElicitationAsync tries to create an elicitation request that requires the user to type 'yes' into a text box before proceeding.
Actual behavior
What the user actually sees is a check box (which is missing a title, though it has a description) asking for confirmation. Further, the value of the check box is ignored--if the user does not click the box but "submits" the data instead of cancelling the request, the secret value will still be retrieved and passed to the LLM.
Here's what it looks like in VS 2022:
Reproduction Steps
- Use the key vault tools to retrieve the value of a secret in a key vault.
Environment
I was working in VS 2022 (version 17.14.20) but the same elicitation request is passed to VS Code and other clients.
Metadata
Metadata
Assignees
Type
Projects
Status