signal insight

Qwen Code fixes workspace-trust handling for extension and MCP commands

Qwen Code opened PR #5369 to preserve the actual workspace-trust state when extension and MCP commands run. The bug came from treating a trust result object as a boolean, which could make trusted and untrusted states behave the same.

Published Jun 19, 2026 Updated Jun 19, 2026 2 sources

QwenQwen Codesecuritysecurity or trust changehigh impact

securityai-coding-toolsagentsenterprise-controlssecurity or trust change

Impact: high
Confidence: 84%
Change type: security or trust change
First seen: Jun 19, 2026
Last updated: Jun 19, 2026
Audience: developerssecurity teamsAI coding tool users
Status: Ready

Summary

What changed

Qwen Code added a fix path for extension and MCP commands to use the actual TrustResult.isTrusted value instead of treating the trust result object as truthy.

Why it matters

Workspace trust is a core boundary for coding agents. If untrusted workspaces can reach extension or MCP execution paths as if they were trusted, teams lose a key safety control for running agents on unfamiliar repositories.

Evidence excerpt

The Qwen Code digest says MCP and extension commands ignored untrusted workspace state because isWorkspaceTrusted returned an object that several CLI paths treated as a boolean; PR #5369 fixes it.