Visual Studio Code 1.123

Release date: June 3, 2026

Update 1.123.1: The update addresses these security issues.

Update 1.123.2: The update addresses these issues.

Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap

Welcome to the 1.123 release of Visual Studio Code. This release improves how you work with agents and the integrated browser.

Larger context windows: Support for 1M context windows for Anthropic and OpenAI models.
Session sync: Automatically sync your chat sessions across machines and search your coding history.
Agents window: Open multiple agent sessions side-by-side to compare or review work in parallel.
Research agent: Run deep research on a topic and get a thorough, well-cited Markdown report.
Integrated browser updates: Favorite pages for quick access and more options to capture browser screenshots.

Make sure to rewatch VS Code Live at Build 2026!

Happy Coding!

Agents

Session sync and chronicle

Setting: chat.sessionSync.enabled Open in VS Code Open in VS Code Insiders This setting is managed at the organization level. Contact your administrator to change it.

Your chat sessions now sync automatically to your GitHub account, giving you a personal, searchable history of your work across machines and workspaces.

Each session captures the conversation, the files you touched, repository context (repo, branch, timestamps), and any pull requests, issues, or commits referenced along the way.

With the new chronicle commands (/chronicle) in chat, you can put that history to work:

Ask natural-language questions about past sessions
Generate standup reports
Get personalized productivity tips
Search your coding history by topic, file, or PR

To enable session sync, turn on chat.sessionSync.enabled Open in VS Code Open in VS Code Insiders This setting is managed at the organization level. Contact your administrator to change it.. You can view the status of session sync in the Copilot status dashboard in the VS Code Status Bar.

Screenshot of the session sync status message in the Copilot status dashboard.

For more details, see the Session Sync and Chronicle documentation.

Retry network-dependent commands in the sandbox

Setting: chat.agent.sandbox.retryWithAllowNetworkRequests Open in VS Code Open in VS Code Insiders

When a terminal command that is run by a local agent requires access to domains that are not configured as allowed domains, the command is automatically retried inside the sandbox with unrestricted network access. After that, if it still fails, it falls back to unsandboxed execution. This allows network-dependent operations such as git fetch to finish, while keeping filesystem protections in place.

Agents window (Preview)

The Agents window is a dedicated companion window optimized for exploring, iterating on, and reviewing agent sessions across projects and machines. This release, we focused on letting you work with multiple sessions side by side.

Multiple open sessions

You can now have more than one session open at the same time in the Agents window. In addition to the active session, open another session next to it by:

Selecting Open to the Side in the context menu of a session in the sessions list.
Dragging and dropping a session from the sessions list into the sessions view area.
Holding Alt and selecting a session in the sessions list.

Even though multiple sessions can be visible at once, only one is the active session at any time. The Terminal, Files, and Changes views all operate on the currently active session, so switching the active session updates these views to reflect its state.

By default, selecting a session in the sessions list replaces the active session view with the selected one. To keep a session view from being replaced, pin it with the pin action in the top right of the view. Pinned session views are never replaced—selecting another session opens it in an unpinned view instead. If every session view is pinned, the selected session opens to the side.

Use the maximize action in the top right of a session view to expand it across all open session views, giving you a focused view of a single session without closing the others.

For more details, see the Agents window documentation.

Research agent (Preview)

Note: The research agent is currently in preview and available only in Copilot CLI (local) sessions in Insiders.

When you need to understand unfamiliar code, compare approaches, or learn how a library or API works, a quick chat answer isn't always enough. The research agent runs deep research on a topic and produces a thorough, well-cited Markdown report by gathering and synthesizing information from your codebase, relevant GitHub repositories, and the web.

The research agent is optimized for depth rather than speed and has read-only access, so it investigates and reports instead of changing your code. To run it, type /research followed by your topic in the chat input of a Copilot CLI (local) session.

For more details, see Run deep research with the research agent.

Language Models

1M context window for Anthropic and OpenAI models

VS Code now supports 1 million token context windows for compatible Anthropic and OpenAI models. This expanded context window enables you to work with significantly larger codebases and longer conversations without losing important context. The expanded context window is available when using supported models, such as Claude Opus 4.7 and GPT-5.5.

Screenshot showing extended context size options.

Note: Larger context windows may consume more tokens per interaction, which increases AI credits usage under usage-based billing.

Integrated Browser

Favorite pages

We've remodeled the address bar in the integrated browser into a more versatile experience where you can not only enter URLs but also favorite pages and easily access your favorites and open tabs.

To add a page to your favorites, select the star icon in the browser URL bar.

When you select the URL bar, you can see your list of favorite pages and open tabs.

Screenshot of a popup around the browser URL bar showing favorites and opened tabs.

More ways to capture screenshots

Setting: workbench.browser.experimentalUserTools.enabled Open in VS Code Open in VS Code Insiders

The previous release introduced Add Screenshot to Chat, which lets you attach a screenshot of the current browser viewport to chat as context. This is especially useful for UI-related tasks, such as debugging a layout issue.

This release, we added two related features:

Add Area Screenshot to Chat: Take a screenshot of a rectangular area that you select, and add that screenshot as chat context.
Add Full Page Screenshot to Chat (Experimental): Take a screenshot of the entire web page, even beyond what is shown in the current viewport, and add that screenshot as chat context. This experimental feature requires enabling the workbench.browser.experimentalUserTools.enabled Open in VS Code Open in VS Code Insiders setting.

Screenshot of the integrated browser's Add to Chat menu showing the "Add Area Screenshot to Chat" and "Add Full Page Screenshot to Chat (Experimental)" options, with the captured screenshots attached as context in the Chat view.

MCP

Configure OAuth client credentials in mcp.json

Some MCP servers expect you to authenticate with a specific, pre-registered OAuth client instead of relying on Dynamic Client Registration. You can now specify a client ID directly in the oauth section of an MCP server entry in mcp.json:

"my-mcp-server": {
  "url": "https://mcp.example.com/mcp",
  "type": "http",
  "oauth": {
    "clientId": "your-client-id"
  }
}

When a client ID is set, VS Code uses it during the OAuth flow instead of registering a new client, so you can bring your own pre-registered client configuration.

Some MCP servers also require a client secret alongside the public client ID. You can now store a client secret in VS Code's OS-backed secret storage, where it stays encrypted instead of sitting in plaintext config.

When an MCP server entry in mcp.json has an oauth.clientId, a Set Client Secret CodeLens appears above it. Selecting it lets you enter the secret, which is stored securely and scoped to the server URL and client ID (so two servers with the same name in different configs never collide). Once a secret is stored, the CodeLens flips to Replace Client Secret, and you can reveal, replace, or delete it at any time.

Enterprise-managed MCP authentication (Preview)

If your organization centralizes sign-in at a single identity provider (like Entra, Okta, or Auth0), you probably don't want every MCP server running its own Dynamic Client Registration against its own authorization server. This release adds a cross-app authorization (XAA) flow that lets you authenticate once against your enterprise IdP, and then VS Code mints a per-resource token for each MCP server on your behalf.

Under the hood, VS Code exchanges your IdP identity for a resource-scoped assertion using ID-JAG (cross-app access), and then redeems that assertion at the MCP server's authorization server for an access token. The result is that users sign in a single time, and there's no per-server client registration to manage.

Note: ID-JAG is still an emerging standard and isn't widely adopted yet, but we believe it's the future of cross-app authorization. To learn more about XAA and try it against a sample IdP, resource authorization server, and MCP server, see xaa.dev.

There are two pieces to set this up:

Admins configure the IdP through the policy-managed mcp.enterpriseManagedAuth.idp setting. Because it's policy-backed, it's primarily delivered through Windows Group Policy, macOS managed preferences, or Linux /etc/vscode/policy.json, and it never syncs.
Individual MCP servers opt in to the flow by setting "enterpriseManaged": true in their oauth block in mcp.json. When that flag is present, VS Code routes the server through the XAA provider instead of the standard per-server registration path.

Editor Experience

Delayed extension auto-updates

VS Code now applies a two-hour delay before automatically updating extensions to a newly published version. When automatic updates are enabled, new versions are auto-updated two hours after they are published, adding an extra layer of protection against problematic or potentially compromised releases.

This never gets in your way, as you can still update any extension immediately at any time by using the Update button. While an update is waiting, the extension's details view explains why it hasn't updated yet and when the automatic update will happen.

Note: This delay does not apply to extensions from trusted publishers such as Microsoft, GitHub, and OpenAI. These extensions continue to update immediately.

Screenshot of the extension showing the delay information and update schedule.

Thank you

Contributions to our issue tracking:

Contributions to vscode:

@aaronpowell (Aaron Powell): Add marketplace ref support for plugin marketplaces PR #317901
@goingforstudying-ctrl: fix: add white-space: nowrap to browser-emulation-toolbar-label PR #318935
@guomaggie: [Search Subagent] Handle context window limit exceeded error PR #316529
@maruthang (Maruthan G): fix: combine URI flags to prevent Electron argument filtering on Windows PR #308150
@oded-ist (Oded S): Fix read_cell_output incorrectly reporting all outputs as too large PR #318148
@PenguinDOOM (Penguin): Fix BYOK invalid stateful marker retries PR #317292
@rebornix (Peng Lyu): Add mobile multi-diff view PR #318081
@SimonSiefke (Simon Siefke)
- fix: memory leak extension actions PR #315054
- fix: memory leak in ipc.electron.ts PR #317846
- fix: memory leak in search results PR #282309
@SLdragon (rentu): feat: add languageDiagnosticsService option for nes/inline completion provider PR #317678
@Tyriar (Daniel Imms): fix: remove awaits inside Promise.race in shell integration test PR #319068

We really appreciate people trying our new features as soon as they are ready, so check back here often and learn what's new.

If you'd like to read release notes for previous VS Code versions, go to Updates on code.visualstudio.com.