I am building isolated, sandboxed remote environments (using Azure ML compute instances and VS Code Remote Server) for data scientists. To prevent accidental data exfiltration or infiltration via the IDE, I need to strictly limit what users can do in the file explorer. Currently, I can disable drag-and-drop using "explorer.enableDragAndDrop": false in .vscode-server/data/Machine/settings.json. However, users can still right-click files to "Download" them, or right-click the explorer to "Upload" files.
Describe the solution you'd like
I would like new configuration parameters in the machine-level settings.json to completely disable file transfer capabilities through the VS Code UI.
For example:
"explorer.enableDownload": false
"explorer.enableUpload": false
When set to false, the "Download" and "Upload" options should be hidden or disabled in the context menus of the Remote Explorer.
Thank you in advance, best regards.