Add link in Vulnerabilities Info Bar to Fix with GitHub Copilot (#7036)

Author: jebriede

Directory.Packages.props

@@ -64,6 +64,7 @@
     <PackageVersion Include="Microsoft.TeamFoundationServer.ExtendedClient" Version="16.153.0" />
     <PackageVersion Include="Microsoft.Test.Apex.VisualStudio" Version="18.0.0-preview-1-10723-180" />
     <PackageVersion Include="Microsoft.TestPlatform.Portable" Version="17.1.0" />
+    <PackageVersion Include="Microsoft.VisualStudio.Copilot" Version="18.0.848-alpha" />
     <PackageVersion Include="Microsoft.VisualStudio.LanguageServices" Version="4.3.1" />
     <PackageVersion Include="Microsoft.VisualStudio.Markdown.Platform" Version="17.14.76-preview" />
     <PackageVersion Include="Microsoft.VisualStudio.ProjectSystem" Version="17.4.221-pre" />

NuGet.Config

@@ -20,6 +20,7 @@
       <package pattern="Azure.Core " />
       <package pattern="ben.demystifier" />
       <package pattern="castle.core" />
+      <package pattern="Google.Protobuf" />
       <package pattern="Humanizer.Core" />
       <package pattern="ilrepack" />
       <package pattern="lucene.net" />
@@ -73,7 +74,7 @@
       <package pattern="microsoft.test.apex.visualstudio" />
       <package pattern="Microsoft.VisualStudio.*" />
       <package pattern="Microsoft.VisualStudioEng.MicroBuild.Core" />
-      <package pattern="Microsoft.VSSDK.BuildTools" />
+      <package pattern="Microsoft.VSSDK.*" />
       <package pattern="stdole" />
       <package pattern="streamjsonrpc" />
       <package pattern="vslangproj" />

src/NuGet.Clients/NuGet.PackageManagement.UI/NuGet.PackageManagement.UI.csproj

@@ -25,6 +25,7 @@
   </ItemGroup>
 
   <ItemGroup>
+    <PackageReference Include="Microsoft.VisualStudio.Copilot" ExcludeAssets="runtime" />
     <PackageReference Include="Microsoft.VisualStudio.Markdown.Platform" />
     <PackageReference Include="Microsoft.VisualStudio.Sdk" />
     <PackageReference Include="Microsoft.VisualStudio.Shell.Styles" />

src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Telemetry/FixVulnerabilitiesWithCopilotErrorType.cs

@@ -0,0 +1,15 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace NuGet.PackageManagement.Telemetry
+{
+    public enum FixVulnerabilitiesWithCopilotErrorType
+    {
+        None,
+        CopilotNotReady,
+        ServiceBrokerNotAvailable,
+        CopilotServiceNotAvailable,
+        McpToolServiceNotAvailable,
+        CopilotAccessDenied
+    }
+}

src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Telemetry/HyperlinkType.cs

@@ -14,7 +14,6 @@ public enum HyperlinkType
         DeprecationAlternativeDetails,
         DeprecationAlternativePackageItem,
         VulnerabilityAdvisory,
-        VulnerabilityAdvisoryGHCopilotDocs,
         OptionsBlocked,
         OwnerProfile,
         OwnerProfileDetailsPane

src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Telemetry/NavigatedTelemetryEvent.cs

@@ -26,6 +26,8 @@ public class NavigatedTelemetryEvent : TelemetryEvent
 
         internal const string AlternativePackageIdPropertyName = "AlternativePackageId";
 
+        internal const string ErrorTypePropertyName = "ErrorType";
+
         /// <summary>
         /// General Navigation event with an origin specified.
         /// </summary>
@@ -81,6 +83,16 @@ public static NavigatedTelemetryEvent CreateWithVulnerabilityInfoBarManagePackag
             return navigatedTelemetryEvent;
         }
 
+        /// <summary>
+        /// Navigating from the Vulnerability InfoBar to Fix Vulnerabilities with GitHub Copilot.
+        /// </summary>
+        public static NavigatedTelemetryEvent CreateWithVulnerabilityInfoBarFixWithCopilot(FixVulnerabilitiesWithCopilotErrorType errorType)
+        {
+            NavigatedTelemetryEvent navigatedTelemetryEvent = new(NavigationType.Button, NavigationOrigin.VulnerabilityInfoBar_FixVulnerabilitiesWithCopilot);
+            navigatedTelemetryEvent[ErrorTypePropertyName] = errorType;
+            return navigatedTelemetryEvent;
+        }
+
         /// <summary>
         /// Navigating an External hyperlink from VS.
         /// </summary>

src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Telemetry/NavigationOrigin.cs

@@ -12,6 +12,7 @@ public enum NavigationOrigin
         Options_LocalsCommand_ClearAll,
         PMUI_ExternalLink,
         PMUI_PackageSourceMapping_Configure,
-        VulnerabilityInfoBar_ManagePackages
+        VulnerabilityInfoBar_ManagePackages,
+        VulnerabilityInfoBar_FixVulnerabilitiesWithCopilot
     }
 }

src/NuGet.Clients/NuGet.SolutionRestoreManager/Resources.Designer.cs

@@ -197,7 +197,8 @@ To prevent NuGet from restoring packages during build, open the Visual Studio Op
     <value>'{0}' items do not have the same value(s) across all target frameworks. Remove any condition from MSBuild files for '{0}' items.</value>
     <comment>{0} - MSBuild item type. For example, NuGetAuditSuppress</comment>
   </data>
-  <data name="InfoBar_HyperlinkGHCopilotDocs" xml:space="preserve">
-    <value>How to fix with GitHub Copilot</value>
+  <data name="InfoBar_HyperlinkFixVulnerabilitiesWithCopilot" xml:space="preserve">
+    <value>Fix with GitHub Copilot</value>
+    <comment>Do not translate GitHub or Copilot</comment>
   </data>
-</root>
+</root>

src/NuGet.Clients/NuGet.SolutionRestoreManager/Resources.resx

@@ -11,6 +11,7 @@
 using Microsoft.VisualStudio.Imaging;
 using Microsoft.VisualStudio.Shell;
 using Microsoft.VisualStudio.Shell.Interop;
+using Microsoft.VisualStudio.Threading;
 using NuGet.Common;
 using NuGet.PackageManagement;
 using NuGet.PackageManagement.Telemetry;
@@ -23,27 +24,25 @@ namespace NuGet.SolutionRestoreManager
     [PartCreationPolicy(CreationPolicy.Shared)]
     public class VulnerablePackagesInfoBar : IVulnerabilitiesNotificationService, IVsInfoBarUIEvents
     {
-        private const string LogEntrySource = "NuGet Package Manager";
-
         private IAsyncServiceProvider _asyncServiceProvider = AsyncServiceProvider.GlobalProvider;
         internal IVsInfoBarUIElement? _infoBarUIElement;
         internal bool _infoBarVisible = false; // InfoBar is currently being displayed in the Solution Explorer
         internal bool _wasInfoBarClosed = false; // InfoBar was closed by the user, using the 'x'(close) in the InfoBar
         internal bool _wasInfoBarHidden = false; // InfoBar was hid, this is caused because there are no more vulnerabilities to address
         private uint? _eventCookie; // To hold the connection cookie
-        private InfoBarHyperlink _hyperlinkPmui;
-        private InfoBarHyperlink _hyperlinkGHCopilotDocs;
+        private IVsInfoBarActionItem? _launchPackageManagerActionItem;
+        private IVsInfoBarActionItem? _fixVulnerabilitiesActionItem;
 
         private Lazy<IPackageManagerLaunchService>? PackageManagerLaunchService { get; }
+        private Lazy<IFixVulnerabilitiesService>? FixVulnerabilitiesService { get; }
         private ISolutionManager? SolutionManager { get; }
 
         [ImportingConstructor]
-        public VulnerablePackagesInfoBar(ISolutionManager solutionManager, Lazy<IPackageManagerLaunchService> packageManagerLaunchService)
+        public VulnerablePackagesInfoBar(ISolutionManager solutionManager, Lazy<IPackageManagerLaunchService> packageManagerLaunchService, Lazy<IFixVulnerabilitiesService> fixVulnerabilitiesService)
         {
-            _hyperlinkPmui = new InfoBarHyperlink(Resources.InfoBar_HyperlinkMessage);
-            _hyperlinkGHCopilotDocs = new InfoBarHyperlink(Resources.InfoBar_HyperlinkGHCopilotDocs, "https://aka.ms/nugetmcp/auditFix");
             SolutionManager = solutionManager;
             PackageManagerLaunchService = packageManagerLaunchService;
+            FixVulnerabilitiesService = fixVulnerabilitiesService;
             SolutionManager.SolutionClosed += OnSolutionClosed;
         }
 
@@ -163,44 +162,38 @@ public void OnClosed(IVsInfoBarUIElement infoBarUIElement)
         public void OnActionItemClicked(IVsInfoBarUIElement infoBarUIElement, IVsInfoBarActionItem actionItem)
         {
             ThreadHelper.ThrowIfNotOnUIThread();
-            if (actionItem != null)
+            if (actionItem == _launchPackageManagerActionItem)
             {
-                if (actionItem.ActionContext == _hyperlinkGHCopilotDocs.ActionContext)
-                {
-                    LaunchGitHubCopilotDocs();
-                }
-                else
-                {
-                    PackageManagerLaunchService?.Value.LaunchSolutionPackageManager();
-                    var evt = NavigatedTelemetryEvent.CreateWithVulnerabilityInfoBarManagePackages();
-                    TelemetryActivity.EmitTelemetryEvent(evt);
-                }
-            }
-        }
-
-        private void LaunchGitHubCopilotDocs()
-        {
-            try
-            {
-                System.Diagnostics.Process.Start(_hyperlinkGHCopilotDocs.ActionContext);
-                var evt = NavigatedTelemetryEvent.CreateWithExternalLink(HyperlinkType.VulnerabilityAdvisoryGHCopilotDocs);
+                PackageManagerLaunchService?.Value.LaunchSolutionPackageManager();
+                var evt = NavigatedTelemetryEvent.CreateWithVulnerabilityInfoBarManagePackages();
                 TelemetryActivity.EmitTelemetryEvent(evt);
             }
-            catch (System.ComponentModel.Win32Exception ex)
+            else if (actionItem == _fixVulnerabilitiesActionItem)
             {
-                ActivityLog.LogError(LogEntrySource, ex.ToString());
+                NuGetUIThreadHelper.JoinableTaskFactory.RunAsync(async () =>
+                {
+                    if (FixVulnerabilitiesService == null)
+                    {
+                        return;
+                    }
+
+                    await FixVulnerabilitiesService.Value.LaunchFixVulnerabilitiesAsync(CancellationToken.None);
+                }).PostOnFailure(nameof(VulnerablePackagesInfoBar));
             }
         }
 
         protected InfoBarModel GetInfoBarModel()
         {
-            IEnumerable<IVsInfoBarTextSpan> textSpans = new IVsInfoBarTextSpan[]
-            {
+            _launchPackageManagerActionItem = new InfoBarHyperlink(Resources.InfoBar_HyperlinkMessage);
+            _fixVulnerabilitiesActionItem = new InfoBarHyperlink(Resources.InfoBar_HyperlinkFixVulnerabilitiesWithCopilot);
+
+            IEnumerable<IVsInfoBarTextSpan> textSpans =
+            [
                 new InfoBarTextSpan(Resources.InfoBar_TextMessage + " "),
-                _hyperlinkPmui,
+                _launchPackageManagerActionItem,
                 new InfoBarTextSpan(" | "),
-                _hyperlinkGHCopilotDocs
-            };
+                _fixVulnerabilitiesActionItem
+            ];
 
             return new InfoBarModel(
                 textSpans,