Merge pull request 'main' (#3) from Upstream/code-server:main into main

Reviewed-on: #3

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -1,6 +1,5 @@
 name: Bug report
 description: File a bug report
-title: "[Bug]: "
 labels: ["bug", "triage"]
 body:
   - type: checkboxes
@@ -10,6 +9,7 @@ body:
       options:
         - label: I have searched the existing issues
           required: true
+
   - type: textarea
     attributes:
       label: OS/Web Information
@@ -28,55 +28,74 @@ body:
         - `code-server --version`:
     validations:
       required: true
+
   - type: textarea
     attributes:
       label: Steps to Reproduce
       description: |
-        1. open code-server
-        2. install extension
-        3. run command
+        Please describe exactly how to reproduce the bug. For example:
+        1. Open code-server in Firefox
+        2. Install extension `foo.bar` from the extensions sidebar
+        3. Run command `foo.bar.baz`
       value: |
         1.
         2.
         3.
     validations:
       required: true
+
   - type: textarea
     attributes:
       label: Expected
       description: What should happen?
     validations:
       required: true
+
   - type: textarea
     attributes:
       label: Actual
       description: What actually happens?
     validations:
       required: true
+
   - type: textarea
     id: logs
     attributes:
       label: Logs
       description: Run code-server with the --verbose flag and then paste any relevant logs from the server, from the browser console and/or the browser network tab. For issues with installation, include installation logs (i.e. output of `yarn global add code-server`).
+      render: shell
+
   - type: textarea
     attributes:
       label: Screenshot/Video
       description: Please include a screenshot, gif or screen recording of your issue.
     validations:
       required: false
-  - type: checkboxes
+
+  - type: dropdown
     attributes:
-      label: Does this issue happen in VS Code or GitHub Codespaces?
-      description: Please try reproducing this issue in VS Code and GitHub Codespaces. If the bug reproduces in either VS Code or GitHub Codespaces, please submit the issue upstream instead (https://github.com/microsoft/vscode).
+      label: Does this bug reproduce in native VS Code?
+      description: If the bug reproduces in native VS Code, submit the issue upstream instead (https://github.com/microsoft/vscode).
       options:
-        - label: I tested this in native VS Code.
-          required: false
-        - label: This does not happen in native VS Code.
-          required: false
-        - label: I tested this in GitHub Codespaces.
-          required: false
-        - label: This does not happen in GitHub Codespaces.
-          required: false
+        - Yes, this is also broken in native VS Code
+        - No, this works as expected in native VS Code
+        - This cannot be tested in native VS Code
+        - I did not test native VS Code
+    validations:
+      required: true
+
+  - type: dropdown
+    attributes:
+      label: Does this bug reproduce in GitHub Codespaces?
+      description: If the bug reproduces in GitHub Codespaces, submit the issue upstream instead (https://github.com/microsoft/vscode).
+      options:
+        - Yes, this is also broken in GitHub Codespaces
+        - No, this works as expected in GitHub Codespaces
+        - This cannot be tested in GitHub Codespaces
+        - I did not test GitHub Codespaces
+    validations:
+      required: true
+
   - type: checkboxes
     attributes:
       label: Are you accessing code-server over a secure context?
@@ -84,6 +103,7 @@ body:
       options:
         - label: I am using a secure context.
           required: false
+
   - type: textarea
     attributes:
       label: Notes

.github/ISSUE_TEMPLATE/doc.md

@@ -1,9 +1,7 @@
 ---
 name: Documentation improvement
 about: Suggest a documentation improvement
-title: "[Docs]: "
 labels: "docs"
-assignees: "@jsjoeio"
 ---
 
 ## What is your suggestion?

.github/ISSUE_TEMPLATE/feature-request.md

@@ -1,9 +1,7 @@
 ---
 name: Feature request
 about: Suggest an idea to improve code-server
-title: "[Feat]: "
 labels: enhancement
-assignees: ""
 ---
 
 ## What is your suggestion?

.github/ranger.yml

@@ -1,29 +0,0 @@
-# Configuration for the repo ranger bot
-# See docs: https://www.notion.so/Documentation-8d7627bb1f3c42b7b1820e8d6f157a57#9879d1374fab4d1f9c607c230fd5123d
-default:
-  close:
-    # Default time to wait before closing the label. Can either be a number in milliseconds
-    # or a string specified by the `ms` package (https://www.npmjs.com/package/ms)
-    delay: "2 days"
-
-    # Default comment to post when an issue is first marked with a closing label
-    comment: "⚠️ This issue has been marked $LABEL and will be closed in $DELAY."
-
-labels:
-  duplicate: close
-  wontfix: close
-  "squash when passing": merge
-  "rebase when passing": merge
-  "merge when passing": merge
-  "new contributor":
-    action: comment
-    delay: 5s
-    message: "Thanks for making your first contribution! :slightly_smiling_face:"
-  "upstream:vscode":
-    action: close
-    delay: 5s
-    comment: >
-      This issue has been marked as 'upstream:vscode'.
-      Please file this upstream: [link to open issue](https://github.com/microsoft/vscode/issues/new/choose)
-
-      This issue will automatically close in $DELAY.

.github/workflows/build.yaml

@@ -45,7 +45,7 @@ jobs:
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v42
+        uses: tj-actions/changed-files@v44
         with:
           files: |
             docs/**
@@ -76,14 +76,14 @@ jobs:
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v42
+        uses: tj-actions/changed-files@v44
         with:
           files: |
             ci/helm-chart/**
 
       - name: Install helm
         if: steps.changed-files.outputs.any_changed == 'true'
-        uses: azure/setup-helm@v3.5
+        uses: azure/setup-helm@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
 
@@ -107,7 +107,7 @@ jobs:
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v42
+        uses: tj-actions/changed-files@v44
         with:
           files: |
             **/*.ts
@@ -147,7 +147,7 @@ jobs:
         uses: actions/checkout@v4
       - name: Check workflow files
         run: |
-          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash)
+          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.7.1
           ./actionlint -color -shellcheck= -ignore "set-output"
         shell: bash
 
@@ -163,7 +163,7 @@ jobs:
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v42
+        uses: tj-actions/changed-files@v44
         with:
           files: |
             **/*.ts
@@ -206,6 +206,7 @@ jobs:
     timeout-minutes: 60
     env:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+      DISABLE_V8_COMPILE_CACHE: 1
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4

.github/workflows/publish.yaml

@@ -36,7 +36,7 @@ jobs:
           cache: "yarn"
 
       - name: Download npm package from release artifacts
-        uses: robinraju/release-downloader@v1.9
+        uses: robinraju/release-downloader@v1.11
         with:
           repository: "coder/code-server"
           tag: ${{ github.event.inputs.version || github.ref_name }}
@@ -132,7 +132,7 @@ jobs:
           echo "VERSION=${TAG#v}" >> $GITHUB_ENV
 
       - name: Validate package
-        uses: hapakaien/archlinux-package-action@v2
+        uses: heyhusen/archlinux-package-action@v2.2.1
         env:
           VERSION: ${{ env.VERSION }}
         with:
@@ -183,14 +183,22 @@ jobs:
           TAG="${{ github.event.inputs.version || github.ref_name }}"
           echo "VERSION=${TAG#v}" >> $GITHUB_ENV
 
-      - name: Download release artifacts
-        uses: robinraju/release-downloader@v1.9
+      - name: Download deb artifacts
+        uses: robinraju/release-downloader@v1.11
         with:
           repository: "coder/code-server"
           tag: v${{ env.VERSION }}
           fileName: "*.deb"
           out-file-path: "release-packages"
 
+      - name: Download rpm artifacts
+        uses: robinraju/release-downloader@v1.11
+        with:
+          repository: "coder/code-server"
+          tag: v${{ env.VERSION }}
+          fileName: "*.rpm"
+          out-file-path: "release-packages"
+
       - name: Publish to Docker
         run: ./ci/steps/docker-buildx-push.sh
         env:

.github/workflows/release.yaml

@@ -81,6 +81,7 @@ jobs:
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
         if: success()
+        continue-on-error: true
 
       # NOTE@jsjoeio - we do this so we can strip out the v
       # i.e. v4.9.1 -> 4.9.1
@@ -94,7 +95,7 @@ jobs:
           VERSION: ${{ env.VERSION }}
         run: yarn package
 
-      - uses: softprops/action-gh-release@v1
+      - uses: softprops/action-gh-release@v2
         with:
           draft: true
           discussion_category_name: "📣 Announcements"
@@ -190,7 +191,7 @@ jobs:
           VERSION: ${{ env.VERSION }}
         run: npm run package ${npm_config_arch}
 
-      - uses: softprops/action-gh-release@v1
+      - uses: softprops/action-gh-release@v2
         with:
           draft: true
           discussion_category_name: "📣 Announcements"
@@ -221,7 +222,7 @@ jobs:
       # next update Node we can probably remove this.  For now, install
       # setuptools since it contains distutils.
       - name: Install Python utilities
-        run: python3 -m pip install setuptools
+        run: brew install python-setuptools
 
       - name: Download npm package
         uses: actions/download-artifact@v4
@@ -252,7 +253,7 @@ jobs:
           VERSION: ${{ env.VERSION }}
         run: yarn package
 
-      - uses: softprops/action-gh-release@v1
+      - uses: softprops/action-gh-release@v2
         with:
           draft: true
           discussion_category_name: "📣 Announcements"
@@ -269,7 +270,7 @@ jobs:
         with:
           name: npm-release-package
 
-      - uses: softprops/action-gh-release@v1
+      - uses: softprops/action-gh-release@v2
         with:
           draft: true
           discussion_category_name: "📣 Announcements"
@@ -281,7 +282,7 @@ jobs:
     timeout-minutes: 15
     steps:
       - name: Download artifacts
-        uses: dawidd6/action-download-artifact@v3
+        uses: dawidd6/action-download-artifact@v6
         id: download
         with:
           branch: ${{ github.ref }}

.github/workflows/security.yaml

@@ -19,7 +19,7 @@ concurrency:
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 jobs:
-  audit-ci:
+  audit:
     name: Audit node modules
     runs-on: ubuntu-latest
     timeout-minutes: 15
@@ -55,7 +55,7 @@ jobs:
           fetch-depth: 0
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8
         with:
           scan-type: "fs"
           scan-ref: "."

.github/workflows/trivy-docker.yaml

@@ -51,7 +51,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Run Trivy vulnerability scanner in image mode
-        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8
         with:
           image-ref: "docker.io/codercom/code-server:latest"
           ignore-unfixed: true

.node-version

@@ -1 +1 @@
-18.17.1
+20.11.1

.woodpecker/ci.yml

@@ -0,0 +1,47 @@
+labels:
+  realm: lab
+    
+when:
+  - event: [push, tag, manual, pull_request]
+
+steps:
+  build:
+    #image: node:lts
+    image: node:18.20.2
+    commands:
+      - |
+        echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | tee /etc/apt/sources.list.d/goreleaser.list
+        apt-get update
+        apt-get install -y nfpm
+        apt-get install -y build-essential \
+          ca-certificates \
+          curl \
+          dbus \
+          g++ \
+          gettext\
+          git \
+          gnupg \
+          jq \
+          libgbm1 \
+          libgtk-3-0 \
+          libkrb5-dev \
+          libsecret-1-dev \
+          libx11-dev \
+          libxkbfile-dev \
+          libxss1 \
+          pkg-config \
+          python-is-python3 \
+          python3 \
+          rsync \
+          xvfb
+      - yarn install
+      - yarn build
+      - export VERSION='0.0.0' && yarn build:vscode
+      - yarn release
+      - yarn release:standalone
+      - yarn package
+      - ls -la
+      - ls -la release/*
+      - ls -la release-standalone/*
+      - ls -la release-packages/*
+      - ls -la out/*

CHANGELOG.md

@@ -22,23 +22,161 @@ Code v99.99.999
 
 ## Unreleased
 
-## [4.21.0](https://github.com/coder/code-server/releases/tag/v4.21.0) - 2021-02-05
+## [4.91.0](https://github.com/coder/code-server/releases/tag/v4.91.0) - 2024-07-10
+
+Code v1.91.0
+
+### Changed
+
+- Updated to Code 1.91.0.
+
+## [4.90.3](https://github.com/coder/code-server/releases/tag/v4.90.3) - 2024-06-21
+
+Code v1.90.2
+
+### Changed
+
+- Updated to Code 1.90.2.
+
+### Fixed
+
+- When the log gets rotated it will no longer incorrectly be moved to a new
+  directory created in the current working directory named with a date.
+  Instead, the file itself is prepended with the date and kept in the same
+  directory, as originally intended.
+
+## [4.90.2](https://github.com/coder/code-server/releases/tag/v4.90.2) - 2024-06-14
+
+Code v1.90.1
+
+### Changed
+
+- Updated to Code 1.90.1.
+
+## [4.90.1](https://github.com/coder/code-server/releases/tag/v4.90.1) - 2024-06-12
+
+Code v1.90.0
+
+### Fixed
+
+- Cache a call to get CPU information used in telemetry that could result in a
+  lack responsiveness if it was particularly slow.
+
+## [4.90.0](https://github.com/coder/code-server/releases/tag/v4.90.0) - 2024-06-11
+
+Code v1.90.0
+
+### Changed
+
+- Updated to Code 1.90.0.
+- Updated Node to 20.11.1.
+
+### Added
+
+- Send contents to the clipboard in the integrated terminal by piping to
+  `code-server --stdin-to-clipboard` or `code-server -c`.
+
+  You may want to make this an alias:
+
+  ```
+  alias xclip="code-server --stdin-to-clipboard"
+  echo -n "hello world" | xclip
+  ```
+
+## [4.89.1](https://github.com/coder/code-server/releases/tag/v4.89.1) - 2024-04-14
+
+Code v1.89.1
+
+### Changed
+
+- Updated to Code 1.89.1.
+
+## [4.89.0](https://github.com/coder/code-server/releases/tag/v4.89.0) - 2024-04-08
+
+Code v1.89.0
+
+### Changed
+
+- Updated to Code 1.89.0.
+
+## [4.23.1](https://github.com/coder/code-server/releases/tag/v4.23.1) - 2024-04-15
+
+Code v1.88.1
+
+### Changed
+
+- Updated to Code 1.88.1.
+
+## [4.23.0](https://github.com/coder/code-server/releases/tag/v4.23.0) - 2024-04-08
+
+Code v1.88.0
+
+### Changed
+
+- Updated to Code 1.88.0.
+- Updated Node to 18.18.2.
+
+### Fixed
+
+- Fix masking the exit code when failing to install extensions on the command
+  line outside the integrated terminal. Installing extensions inside the
+  integrated terminal still masks the exit code and is an upstream bug.
+
+## [4.22.1](https://github.com/coder/code-server/releases/tag/v4.22.1) - 2024-03-14
+
+Code v1.87.2
+
+### Changed
+
+- Updated to Code 1.87.2.
+- Enable keep-alive for proxy agent.
+
+## [4.22.0](https://github.com/coder/code-server/releases/tag/v4.22.0) - 2024-03-03
+
+Code v1.87.0
+
+### Changed
+
+- Updated to Code 1.87.0.
+
+## [4.21.2](https://github.com/coder/code-server/releases/tag/v4.21.2) - 2024-02-28
+
+Code v1.86.2
+
+### Changed
+
+- Updated to Code 1.86.2.
+
+## [4.21.1](https://github.com/coder/code-server/releases/tag/v4.21.1) - 2024-02-09
+
+Code v1.86.1
+
+### Changed
+
+- Updated to Code 1.86.1.
+- Updated to Node 18.17.1.
+
+### Added
+
+- Docker images for Fedora and openSUSE.
+
+## [4.21.0](https://github.com/coder/code-server/releases/tag/v4.21.0) - 2024-02-05
 
 Code v1.86.0
 
-## Changed
+### Changed
 
-- Updated to Code 1.86.0
+- Updated to Code 1.86.0.
 
-## [4.20.1](https://github.com/coder/code-server/releases/tag/v4.20.1) - 2021-01-22
+## [4.20.1](https://github.com/coder/code-server/releases/tag/v4.20.1) - 2024-01-22
 
 Code v1.85.2
 
-## Changed
+### Changed
 
 - Updated to Code 1.85.2.
 
-## Fixed
+### Fixed
 
 - Query variables are no longer double-encoded when going over the path proxy.
 

ci/README.md

@@ -24,8 +24,6 @@ This directory contains scripts used for the development of code-server.
   - Runs unit tests.
 - [./ci/dev/test-e2e.sh](./dev/test-e2e.sh) (`yarn test:e2e`)
   - Runs end-to-end tests.
-- [./ci/dev/ci.sh](./dev/ci.sh) (`yarn ci`)
-  - Runs `yarn fmt`, `yarn lint` and `yarn test`.
 - [./ci/dev/watch.ts](./dev/watch.ts) (`yarn watch`)
   - Starts a process to build and launch code-server and restart on any code changes.
   - Example usage in [./docs/CONTRIBUTING.md](../docs/CONTRIBUTING.md).

ci/build/build-packages.sh

@@ -50,11 +50,6 @@ release_nfpm() {
 
   export NFPM_ARCH
 
-  # Code deletes some files from the extension node_modules directory which
-  # leaves broken symlinks in the corresponding .bin directory.  nfpm will fail
-  # on these broken symlinks so clean them up.
-  rm -fr "./release-standalone/lib/vscode/extensions/node_modules/.bin"
-
   PKG_FORMAT="deb"
   NFPM_ARCH="$(get_nfpm_arch $PKG_FORMAT "$ARCH")"
   nfpm_config="$(envsubst < ./ci/build/nfpm.yaml)"

ci/build/build-standalone-release.sh

@@ -24,6 +24,10 @@ main() {
 
   pushd "$RELEASE_PATH"
   npm install --unsafe-perm --omit=dev
+  # Code deletes some files from the extension node_modules directory which
+  # leaves broken symlinks in the corresponding .bin directory.  nfpm will fail
+  # on these broken symlinks so clean them up.
+  rm -fr "./lib/vscode/extensions/node_modules/.bin"
   popd
 }
 

ci/build/npm-postinstall.sh

@@ -51,6 +51,18 @@ symlink_bin_script() {
   cd "$oldpwd"
 }
 
+command_exists() {
+  if [ ! "$1" ]; then return 1; fi
+  command -v "$@" > /dev/null
+}
+
+is_root() {
+  if command_exists id && [ "$(id -u)" = 0 ]; then
+    return 0
+  fi
+  return 1
+}
+
 OS="$(os)"
 
 main() {
@@ -64,8 +76,8 @@ main() {
     echo "USE AT YOUR OWN RISK!"
   fi
 
-  if [ "$major_node_version" -ne "${FORCE_NODE_VERSION:-18}" ]; then
-    echo "ERROR: code-server currently requires node v18."
+  if [ "$major_node_version" -ne "${FORCE_NODE_VERSION:-20}" ]; then
+    echo "ERROR: code-server currently requires node v20."
     if [ -n "$FORCE_NODE_VERSION" ]; then
       echo "However, you have overrided the version check to use v$FORCE_NODE_VERSION."
     fi
@@ -75,17 +87,20 @@ main() {
     exit 1
   fi
 
-  case "${npm_config_user_agent-}" in npm*)
-    # We are running under npm.
-    if [ "${npm_config_unsafe_perm-}" != "true" ]; then
-      echo "Please pass --unsafe-perm to npm to install code-server"
-      echo "Otherwise the postinstall script does not have permissions to run"
-      echo "See https://docs.npmjs.com/misc/config#unsafe-perm"
-      echo "See https://stackoverflow.com/questions/49084929/npm-sudo-global-installation-unsafe-perm"
-      exit 1
-    fi
-    ;;
-  esac
+  # Under npm, if we are running as root, we need --unsafe-perm otherwise
+  # post-install scripts will not have sufficient permissions to do their thing.
+  if is_root; then
+    case "${npm_config_user_agent-}" in npm*)
+      if [ "${npm_config_unsafe_perm-}" != "true" ]; then
+        echo "Please pass --unsafe-perm to npm to install code-server"
+        echo "Otherwise post-install scripts will not have permissions to run"
+        echo "See https://docs.npmjs.com/misc/config#unsafe-perm"
+        echo "See https://stackoverflow.com/questions/49084929/npm-sudo-global-installation-unsafe-perm"
+        exit 1
+      fi
+      ;;
+    esac
+  fi
 
   if ! vscode_install; then
     echo "You may not have the required dependencies to build the native modules."

ci/dev/audit.sh

@@ -1,12 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-main() {
-  cd "$(dirname "$0")/../.."
-
-  # Prevents integration with moderate or higher vulnerabilities
-  # Docs: https://github.com/IBM/audit-ci#options
-  yarn audit-ci --moderate
-}
-
-main "$@"

ci/dev/ci.sh

@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-main() {
-  cd "$(dirname "$0")/../.."
-
-  yarn fmt
-  yarn lint
-  yarn _audit
-  yarn test:unit
-}
-
-main "$@"

ci/helm-chart/Chart.yaml

@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.17.0
+version: 3.22.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 4.21.0
+appVersion: 4.91.0

ci/helm-chart/templates/deployment.yaml

@@ -177,9 +177,12 @@ spec:
         {{- if .existingClaim }}
         persistentVolumeClaim:
           claimName: {{ .existingClaim }}
-        {{- else }}
+        {{- else if .hostPath }}
         hostPath:
           path: {{ .hostPath }}
           type: Directory
+        {{- else }}
+        emptyDir:
+          {{- toYaml .emptyDir | nindent 10 }}
         {{- end }}
       {{- end }}

ci/helm-chart/values.yaml

@@ -6,7 +6,7 @@ replicaCount: 1
 
 image:
   repository: codercom/code-server
-  tag: '4.21.0'
+  tag: '4.91.0'
   pullPolicy: Always
 
 # Specifies one or more secrets to be used when pulling images from a
@@ -190,6 +190,7 @@ extraVolumeMounts: []
   #   readOnly: true
   #   existingClaim: volume-claim
   #   hostPath: ""
+  #   emptyDir: {}
 
 extraConfigmapMounts: []
   # - name: certs-configmap

ci/release-image/Dockerfile.fedora

@@ -0,0 +1,51 @@
+# syntax=docker/dockerfile:experimental
+
+ARG BASE=fedora:39
+FROM scratch AS packages
+COPY release-packages/code-server*.rpm /tmp/
+
+FROM $BASE
+
+RUN dnf update -y \
+    && dnf install -y \
+    curl \
+    git \
+    git-lfs \
+    htop \
+    nano \
+    openssh-clients \
+    procps \
+    wget \
+    zsh \
+    dumb-init \
+    glibc-langpack-en \
+    && rm -rf /var/cache/dnf
+RUN git lfs install
+
+ENV LANG=en_US.UTF-8
+RUN echo 'LANG="en_US.UTF-8"' > /etc/locale.conf
+
+RUN useradd -u 1000 coder && echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
+
+RUN ARCH="$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g')" \
+  && curl -fsSL "https://github.com/boxboat/fixuid/releases/download/v0.6.0/fixuid-0.6.0-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - \
+  && chown root:root /usr/local/bin/fixuid \
+  && chmod 4755 /usr/local/bin/fixuid \
+  && mkdir -p /etc/fixuid \
+  && printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml
+
+COPY ci/release-image/entrypoint.sh /usr/bin/entrypoint.sh
+RUN --mount=from=packages,src=/tmp,dst=/tmp/packages rpm -i /tmp/packages/code-server*$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g').rpm
+
+# Allow users to have scripts run on container startup to prepare workspace.
+# https://github.com/coder/code-server/issues/5177
+ENV ENTRYPOINTD=${HOME}/entrypoint.d
+
+EXPOSE 8080
+# This way, if someone sets $DOCKER_USER, docker-exec will still work as
+# the uid will remain the same. note: only relevant if -u isn't passed to
+# docker-run.
+USER 1000
+ENV USER=coder
+WORKDIR /home/coder
+ENTRYPOINT ["/usr/bin/entrypoint.sh", "--bind-addr", "0.0.0.0:8080", "."]

ci/release-image/Dockerfile.opensuse

@@ -0,0 +1,51 @@
+# syntax=docker/dockerfile:experimental
+
+ARG BASE=opensuse/tumbleweed
+FROM scratch AS packages
+COPY release-packages/code-server*.rpm /tmp/
+
+FROM $BASE
+
+RUN zypper dup -y \
+    && zypper in -y \
+    curl \
+    git \
+    git-lfs \
+    htop \
+    nano \
+    openssh-clients \
+    procps \
+    wget \
+    zsh \
+    sudo \
+    catatonit \
+    && rm -rf /var/cache/zypp /var/cache/zypper
+RUN git lfs install
+
+ENV LANG=en_US.UTF-8
+RUN echo 'LANG="en_US.UTF-8"' > /etc/locale.conf
+
+RUN useradd -u 1000 coder && echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
+
+RUN ARCH="$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g')" \
+  && curl -fsSL "https://github.com/boxboat/fixuid/releases/download/v0.6.0/fixuid-0.6.0-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - \
+  && chown root:root /usr/local/bin/fixuid \
+  && chmod 4755 /usr/local/bin/fixuid \
+  && mkdir -p /etc/fixuid \
+  && printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml
+
+COPY ci/release-image/entrypoint-catatonit.sh /usr/bin/entrypoint-catatonit.sh
+RUN --mount=from=packages,src=/tmp,dst=/tmp/packages rpm -i /tmp/packages/code-server*$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g').rpm
+
+# Allow users to have scripts run on container startup to prepare workspace.
+# https://github.com/coder/code-server/issues/5177
+ENV ENTRYPOINTD=${HOME}/entrypoint.d
+
+EXPOSE 8080
+# This way, if someone sets $DOCKER_USER, docker-exec will still work as
+# the uid will remain the same. note: only relevant if -u isn't passed to
+# docker-run.
+USER 1000
+ENV USER=coder
+WORKDIR /home/coder
+ENTRYPOINT ["/usr/bin/entrypoint-catatonit.sh", "--bind-addr", "0.0.0.0:8080", "."]

ci/release-image/docker-bake.hcl

@@ -18,6 +18,9 @@ group "default" {
     targets = [
         "code-server-debian-12",
         "code-server-ubuntu-focal",
+        "code-server-ubuntu-noble",
+        "code-server-fedora-39",
+        "code-server-opensuse-tumbleweed",
     ]
 }
 
@@ -66,3 +69,38 @@ target "code-server-ubuntu-focal" {
     }
     platforms = ["linux/amd64", "linux/arm64"]
 }
+
+target "code-server-ubuntu-noble" {
+    dockerfile = "ci/release-image/Dockerfile"
+    tags = concat(
+        gen_tags_for_docker_and_ghcr("noble"),
+    )
+    args = {
+        BASE = "ubuntu:noble"
+    }
+    platforms = ["linux/amd64", "linux/arm64"]
+}
+
+target "code-server-fedora-39" {
+    dockerfile = "ci/release-image/Dockerfile.fedora"
+    tags = concat(
+        gen_tags_for_docker_and_ghcr("fedora"),
+        gen_tags_for_docker_and_ghcr("39"),
+    )
+    args = {
+        BASE = "fedora:39"
+    }
+    platforms = ["linux/amd64", "linux/arm64"]
+}
+
+target "code-server-opensuse-tumbleweed" {
+    dockerfile = "ci/release-image/Dockerfile.opensuse"
+    tags = concat(
+        gen_tags_for_docker_and_ghcr("opensuse"),
+        gen_tags_for_docker_and_ghcr("tumbleweed"),
+    )
+    args = {
+        BASE = "opensuse/tumbleweed"
+    }
+    platforms = ["linux/amd64", "linux/arm64"]
+}

ci/release-image/entrypoint-catatonit.sh

@@ -0,0 +1,27 @@
+#!/bin/sh
+set -eu
+
+# We do this first to ensure sudo works below when renaming the user.
+# Otherwise the current container UID may not exist in the passwd database.
+eval "$(fixuid -q)"
+
+if [ "${DOCKER_USER-}" ]; then
+  USER="$DOCKER_USER"
+  if [ "$DOCKER_USER" != "$(whoami)" ]; then
+    echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null
+    # Unfortunately we cannot change $HOME as we cannot move any bind mounts
+    # nor can we bind mount $HOME into a new home as that requires a privileged container.
+    sudo usermod --login "$DOCKER_USER" coder
+    sudo groupmod -n "$DOCKER_USER" coder
+
+    sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
+  fi
+fi
+
+# Allow users to have scripts run on container startup to prepare workspace.
+# https://github.com/coder/code-server/issues/5177
+if [ -d "${ENTRYPOINTD}" ]; then
+  find "${ENTRYPOINTD}" -type f -executable -print -exec {} \;
+fi
+
+exec catatonit -- /usr/bin/code-server "$@"

docs/CONTRIBUTING.md

@@ -5,8 +5,6 @@
 
 - [Requirements](#requirements)
   - [Linux-specific requirements](#linux-specific-requirements)
-- [Creating pull requests](#creating-pull-requests)
-  - [Commits and commit history](#commits-and-commit-history)
 - [Development workflow](#development-workflow)
   - [Version updates to Code](#version-updates-to-code)
   - [Patching Code](#patching-code)
@@ -28,16 +26,13 @@
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 <!-- prettier-ignore-end -->
 
-- [Detailed CI and build process docs](../ci)
-
 ## Requirements
 
 The prerequisites for contributing to code-server are almost the same as those
-for [VS
-Code](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites).
+for [VS Code](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites).
 Here is what is needed:
 
-- `node` v18.x
+- `node` v20.x
 - `git` v2.x or greater
 - [`git-lfs`](https://git-lfs.github.com)
 - [`yarn`](https://classic.yarnpkg.com/en/)
@@ -60,30 +55,15 @@ Here is what is needed:
 
 ### Linux-specific requirements
 
-If you're developing code-server on Linux, make sure you have installed or install the following dependencies:
+If you're developing code-server on Linux, make sure you have installed or
+install the following dependencies:
 
 ```shell
 sudo apt-get install build-essential g++ libx11-dev libxkbfile-dev libsecret-1-dev libkrb5-dev python-is-python3
 ```
 
-These are required by Code. See [their Wiki](https://github.com/microsoft/vscode/wiki/How-to-Contribute#prerequisites) for more information.
-
-## Creating pull requests
-
-Please create a [GitHub Issue](https://github.com/coder/code-server/issues) that
-includes context for issues that you see. You can skip this if the proposed fix
-is minor.
-
-In your pull requests (PR), link to the issue that the PR solves.
-
-Please ensure that the base of your PR is the **main** branch.
-
-### Commits and commit history
-
-We prefer a clean commit history. This means you should squash all fixups and
-fixup-type commits before asking for a review (e.g., clean up, squash, then force
-push). If you need help with this, feel free to leave a comment in your PR, and
-we'll guide you.
+These are required by Code. See [their Wiki](https://github.com/microsoft/vscode/wiki/How-to-Contribute#prerequisites)
+for more information.
 
 ## Development workflow
 
@@ -99,55 +79,62 @@ need to apply them with `quilt`. If you pull down changes that update the
 `vscode` submodule you will need to run `git submodule update --init` and
 re-apply the patches.
 
+When you make a change that affects people deploying the marketplace please
+update the changelog as part of your PR.
+
+Note that building code-server takes a very, very long time, and loading it in
+the browser in development mode also takes a very, very long time.
+
+Display language (Spanish, etc) support only works in a full build; it will not
+work in development mode.
+
+Generally we prefer that PRs be squashed into `main` but you can rebase or merge
+if it is important to keep the individual commits (make sure to clean up the
+commits first if you are doing this).
+
 ### Version updates to Code
 
-1. Update the `lib/vscode` submodule to the desired upstream version branch.
+1. Remove any patches with `quilt pop -a`.
+2. Update the `lib/vscode` submodule to the desired upstream version branch.
    1. `cd lib/vscode && git checkout release/1.66 && cd ../..`
-   2. `git add lib && git commit -m "chore: update Code"`
-2. Apply the patches (`quilt push -a`) or restore your stashed changes. At this
-   stage you may need to resolve conflicts. For example use `quilt push -f`,
-   manually apply the rejected portions, then `quilt refresh`.
-3. From the code-server **project root**, run `yarn install`.
-4. Test code-server locally to make sure everything works.
+   2. `git add lib && git commit -m "chore: update to Code <version>"`
+3. Apply the patches one at a time (`quilt push`). If the application succeeds
+   but the lines changed, update the patch with `quilt refresh`. If there are
+   conflicts, then force apply with `quilt push -f`, manually add back the
+   rejected code, then run `quilt refresh`.
+4. From the code-server **project root**, run `yarn install`.
 5. Check the Node.js version that's used by Electron (which is shipped with VS
-   Code. If necessary, update your version of Node.js to match.
-6. Commit the updated submodule and patches to `code-server`.
-7. Open a PR.
-
-Tip: if you're certain all patches are applied correctly and you simply need to
-refresh, you can use this trick:
-
-```shell
-while quilt push; do quilt refresh; done
-```
-
-[Source](https://raphaelhertzog.com/2012/08/08/how-to-use-quilt-to-manage-patches-in-debian-packages/)
+   Code. If necessary, update our version of Node.js to match.
 
 ### Patching Code
 
-0. You can go through the patch stack with `quilt push` and `quilt pop`.
-1. Create a new patch (`quilt new {name}.diff`) or use an existing patch.
-1. Add the file(s) you are patching (`quilt add [-P patch] {file}`). A file
+1. You can go through the patch stack with `quilt push` and `quilt pop`.
+2. Create a new patch (`quilt new {name}.diff`) or use an existing patch.
+3. Add the file(s) you are patching (`quilt add [-P patch] {file}`). A file
    **must** be added before you make changes to it.
-1. Make your changes. Patches do not need to be independent of each other but
+4. Make your changes. Patches do not need to be independent of each other but
    each patch must result in a working code-server without any broken in-between
    states otherwise they are difficult to test and modify.
-1. Add your changes to the patch (`quilt refresh`)
-1. Add a comment in the patch about the reason for the patch and how to
+5. Add your changes to the patch (`quilt refresh`)
+6. Add a comment in the patch about the reason for the patch and how to
    reproduce the behavior it fixes or adds. Every patch should have an e2e test
    as well.
 
 ### Build
 
-You can build as follows:
+You can build a full production as follows:
 
 ```shell
+git submodule update --init
+quilt push -a
+yarn install
 yarn build
-yarn build:vscode
+VERSION=0.0.0 yarn build:vscode
 yarn release
 ```
 
-_NOTE: this does not keep `node_modules`. If you want them to be kept, use `KEEP_MODULES=1 yarn release` (if you're testing in Coder, you'll want to do this)_
+This does not keep `node_modules`. If you want them to be kept, use
+`KEEP_MODULES=1 yarn release`
 
 Run your build:
 
@@ -158,7 +145,7 @@ npm install --omit=dev # Skip if you used KEEP_MODULES=1
 node .
 ```
 
-Build the release packages (make sure that you run `yarn release` first):
+Then, to build the release package:
 
 ```shell
 yarn release:standalone
@@ -167,7 +154,7 @@ yarn package
 ```
 
 > On Linux, the currently running distro will become the minimum supported
-> version. In our GitHub Actions CI, we use CentOS 7 for maximum compatibility.
+> version. In our GitHub Actions CI, we use CentOS 8 for maximum compatibility.
 > If you need your builds to support older distros, run the build commands
 > inside a Docker container with all the build requirements installed.
 
@@ -181,9 +168,9 @@ writing, we do this for the following platforms/architectures:
 - Linux arm7l (.tar.gz)
 - Linux armhf.deb
 - Linux armhf.rpm
-- macOS amd64 (Intel-based)
+- macOS arm64.tar.gz
 
-Currently, these are compiled in CI using the `yarn release-standalone` command
+Currently, these are compiled in CI using the `yarn release:standalone` command
 in the `release.yaml` workflow. We then upload them to the draft release and
 distribute via GitHub Releases.
 
@@ -191,17 +178,22 @@ distribute via GitHub Releases.
 
 #### I see "Forbidden access" when I load code-server in the browser
 
-This means your patches didn't apply correctly. We have a patch to remove the auth from vanilla Code because we use our own.
+This means your patches didn't apply correctly. We have a patch to remove the
+auth from vanilla Code because we use our own.
 
-Try popping off the patches with `quilt pop -a` and reapplying with `quilt push -a`.
+Try popping off the patches with `quilt pop -a` and reapplying with `quilt push
+-a`.
 
 #### "Can only have one anonymous define call per script"
 
-Code might be trying to use a dev or prod HTML in the wrong context. You can try re-running code-server and setting `VSCODE_DEV=1`.
+Code might be trying to use a dev or prod HTML in the wrong context. You can try
+re-running code-server and setting `VSCODE_DEV=1`.
 
 ### Help
 
-If you get stuck or need help, you can always start a new GitHub Discussion [here](https://github.com/coder/code-server/discussions). One of the maintainers will respond and help you out.
+If you get stuck or need help, you can always start a new GitHub Discussion
+[here](https://github.com/coder/code-server/discussions). One of the maintainers
+will respond and help you out.
 
 ## Test
 
@@ -219,7 +211,9 @@ Our unit tests are written in TypeScript and run using
 
 These live under [test/unit](../test/unit).
 
-We use unit tests for functions and things that can be tested in isolation. The file structure is modeled closely after `/src` so it's easy for people to know where test files should live.
+We use unit tests for functions and things that can be tested in isolation. The
+file structure is modeled closely after `/src` so it's easy for people to know
+where test files should live.
 
 ### Script tests
 
@@ -227,12 +221,14 @@ Our script tests are written in bash and run using [bats](https://github.com/bat
 
 These tests live under `test/scripts`.
 
-We use these to test anything related to our scripts (most of which live under `ci`).
+We use these to test anything related to our scripts (most of which live under
+`ci`).
 
 ### Integration tests
 
-These are a work in progress. We build code-server and run tests with `yarn test:integration`, which ensures that code-server builds work on their respective
-platforms.
+These are a work in progress. We build code-server and run tests with `yarn
+test:integration`, which ensures that code-server builds work on their
+respective platforms.
 
 Our integration tests look at components that rely on one another. For example,
 testing the CLI requires us to build and package code-server.
@@ -253,15 +249,10 @@ Take a look at `codeServer.test.ts` to see how you would use it (see
 We also have a model where you can create helpers to use within tests. See
 [models/CodeServer.ts](../test/e2e/models/CodeServer.ts) for an example.
 
-Generally speaking, e2e means testing code-server while running in the browser
-and interacting with it in a way that's similar to how a user would interact
-with it. When running these tests with `yarn test:e2e`, you must have
-code-server running locally. In CI, this is taken care of for you.
-
 ## Structure
 
-The `code-server` script serves as an HTTP API for login and starting a remote
-Code process.
+code-server essentially serves as an HTTP API for logging in and starting a
+remote Code process.
 
 The CLI code is in [src/node](../src/node) and the HTTP routes are implemented
 in [src/node/routes](../src/node/routes).

docs/FAQ.md

@@ -37,6 +37,7 @@
 - [How do I hide the coder/coder promotion in Help: Getting Started?](#how-do-i-hide-the-codercoder-promotion-in-help-getting-started)
 - [How do I disable the proxy?](#how-do-i-disable-the-proxy)
 - [How do I disable file download?](#how-do-i-disable-file-download)
+- [Why do web views not work?](#why-do-web-views-not-work)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 <!-- prettier-ignore-end -->
@@ -356,6 +357,12 @@ hashed-password: "$argon2i$v=19$m=4096,t=3,p=1$wST5QhBgk2lu1ih4DMuxvg$LS1alrVdIW
 
 The `hashed-password` field takes precedence over `password`.
 
+If you're using Docker Compose file, in order to make this work, you need to change all the single $ to $$. For example:
+
+```yaml
+- HASHED_PASSWORD=$$argon2i$$v=19$$m=4096,t=3,p=1$$wST5QhBgk2lu1ih4DMuxvg$$LS1alrVdIWtvZHwnzCM1DUGg+5DTO3Dt1d5v9XtLws4
+```
+
 ## Is multi-tenancy possible?
 
 If you want to run multiple code-servers on shared infrastructure, we recommend
@@ -481,3 +488,22 @@ when using the option.
 ## How do I disable file download?
 
 You can pass the flag `--disable-file-downloads` to `code-server`
+
+## Why do web views not work?
+
+Web views rely on service workers, and service workers are only available in a
+secure context, so most likely the answer is that you are using an insecure
+context (for example an IP address).
+
+If this happens, in the browser log you will see something like:
+
+> Error loading webview: Error: Could not register service workers: SecurityError: Failed to register a ServiceWorker for scope with script: An SSL certificate error occurred when fetching the script..
+
+To fix this, you must either:
+
+- Access over localhost/127.0.0.1 which is always considered secure.
+- Use a domain with a real certificate (for example with Let's Encrypt).
+- Use a trusted self-signed certificate with [mkcert](https://mkcert.dev) (or
+  create and trust a certificate manually).
+- Disable security if your browser allows it. For example, in Chromium see
+  `chrome://flags/#unsafely-treat-insecure-origin-as-secure`

docs/MAINTAINING.md

@@ -3,24 +3,13 @@
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 # Maintaining
 
-- [Team](#team)
-  - [Onboarding](#onboarding)
-  - [Offboarding](#offboarding)
-- [Workflow](#workflow)
-  - [Milestones](#milestones)
-  - [Triage](#triage)
-- [Versioning](#versioning)
-- [Pull requests](#pull-requests)
-  - [Merge strategies](#merge-strategies)
-  - [Changelog](#changelog)
-- [Releases](#releases)
-  - [Publishing a release](#publishing-a-release)
+- [Releasing](#releasing)
     - [Release Candidates](#release-candidates)
     - [AUR](#aur)
     - [Docker](#docker)
     - [Homebrew](#homebrew)
+    - [nixpkgs](#nixpkgs)
     - [npm](#npm)
-- [Syncing with upstream Code](#syncing-with-upstream-code)
 - [Testing](#testing)
 - [Documentation](#documentation)
   - [Troubleshooting](#troubleshooting)
@@ -28,131 +17,30 @@
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 <!-- prettier-ignore-end -->
 
-This document is meant to serve current and future maintainers of code-server,
-as well as share our workflow for maintaining the project.
+We keep code-server up to date with VS Code releases (there are usually two or
+three a month) but we are not generally actively developing code-server aside
+from fixing regressions.
 
-## Team
+Most of the work is keeping on top of issues and discussions.
 
-Current maintainers:
+## Releasing
 
-- @code-asher
-- @jsjoeio
-
-Occasionally, other Coder employees may step in time to time to assist with code-server.
-
-### Onboarding
-
-To onboard a new maintainer to the project, please make sure to do the following:
-
-- [ ] Add to [coder/code-server](https://github.com/orgs/coder/teams/code-server)
-- [ ] Add as Admin under [Repository Settings > Access](https://github.com/coder/code-server/settings/access)
-- [ ] Add to [npm Coder org](https://www.npmjs.com/org/coder)
-- [ ] Add as [AUR maintainer](https://aur.archlinux.org/packages/code-server/) (talk to Colin)
-- [ ] Introduce to community via Discussion (see [example](https://github.com/coder/code-server/discussions/3955))
-
-### Offboarding
-
-Very similar to Onboarding but Remove maintainer from all teams and revoke access. Please also do the following:
-
-- [ ] Write farewell post via Discussion (see [example](https://github.com/coder/code-server/discussions/3933))
-
-## Workflow
-
-The workflow used by code-server maintainers aims to be easy to understood by
-the community and easy enough for new maintainers to jump in and start
-contributing on day one.
-
-### Milestones
-
-We operate mainly using
-[milestones](https://github.com/coder/code-server/milestones). This was heavily
-inspired by our friends over at [vscode](https://github.com/microsoft/vscode).
-
-Here are the milestones we use and how we use them:
-
-- "Backlog" -> Work not yet planned for a specific release.
-- "On Deck" -> Work under consideration for upcoming milestones.
-- "Backlog Candidates" -> Work that is not yet accepted for the backlog. We wait
-  for the community to weigh in.
-- "<Month>" -> Work to be done for said month.
-
-With this flow, any un-assigned issues are essentially in triage state. Once
-triaged, issues are either "Backlog" or "Backlog Candidates". They will
-eventually move to "On Deck" (or be closed). Lastly, they will end up on a
-version milestone where they will be worked on.
-
-### Triage
-
-We use the following process for triaging GitHub issues:
-
-1. Create an issue
-1. Add appropriate labels to the issue (including "needs-investigation" if we
-   should look into it further)
-1. Add the issue to a milestone
-   1. If it should be fixed soon, add to version milestone or "On Deck"
-   2. If not urgent, add to "Backlog"
-   3. Otherwise, add to "Backlog Candidate" for future consideration
-
-## Versioning
-
-`<major.minor.patch>`
-
-The code-server project follows traditional [semantic
-versioning](https://semver.org/), with the objective of minimizing major changes
-that break backward compatibility. We increment the patch level for all
-releases, except when the upstream Visual Studio Code project increments its
-minor version or we change the plugin API in a backward-compatible manner. In
-those cases, we increment the minor version rather than the patch level.
-
-## Pull requests
-
-Ideally, every PR should fix an issue. If it doesn't, make sure it's associated
-with a version milestone.
-
-If a PR does fix an issue, don't add it to the version milestone. Otherwise, the
-version milestone will have duplicate information: the issue and the PR fixing
-the issue.
-
-### Merge strategies
-
-For most things, we recommend the **squash and merge** strategy. There
-may be times where **creating a merge commit** makes sense as well. Use your
-best judgment. If you're unsure, you can always discuss in the PR with the team.
-
-### Changelog
-
-To save time when creating a new release for code-server, we keep a running
-changelog at `CHANGELOG.md`.
-
-If either the author or reviewer of a PR believes the change should be mentioned
-in the changelog, then it should be added.
-
-If there is not a **Next Version** when you modify `CHANGELOG.md`, please add it
-using the template you see near the top of the changelog.
-
-When writing your changelog item, ask yourself:
-
-1. How do these changes affect code-server users?
-2. What actions do they need to take (if any)?
-
-If you need inspiration, we suggest looking at the [Emacs
-changelog](https://github.com/emacs-mirror/emacs/blob/master/etc/NEWS).
-
-## Releases
-
-### Publishing a release
-
-1. Go to GitHub Actions > Draft release > Run workflow on the commit you want to
+1. Check that the changelog lists all the important changes.
+2. Make sure the changelog entry lists the current version of VS Code.
+3. Update the changelog with the release date.
+4. Go to GitHub Actions > Draft release > Run workflow on the commit you want to
    release. Make sure CI has finished the build workflow on that commit or this
-   will fail.
-2. CI will automatically grab the build artifact on that commit, inject the
-   version into the `package.json`, put together platform-specific packages, and
-   upload those packages to a draft release.
-3. Summarize the major changes in the `CHANGELOG.md`.
-4. Copy the relevant changelog section to the release then publish it.
-5. CI will automatically publish the NPM package, Docker image, and update
-   Homebrew using the published release assets.
-6. Bump the chart version in `Chart.yaml` and merge in the changelog updates.
+   will fail. For the version we match VS Code's minor and patch version. The
+   patch number may become temporarily out of sync if we need to put out a
+   patch, but if we make our own minor change then we will not release it until
+   the next minor VS Code release.
+5. CI will automatically grab the build artifact on that commit (which is why CI
+   has to have completed), inject the provided version into the `package.json`,
+   put together platform-specific packages, and upload those packages to a draft
+   release.
+6. Update the resulting draft release with the changelog contents.
+7. Publish the draft release after validating it.
+8. Bump the Helm chart version once the Docker images have published.
 
 #### Release Candidates
 
@@ -186,37 +74,44 @@ This is currently automated with the release process (but may fail occasionally)
 brew bump-formula-pr --version="${VERSION}" code-server --no-browse --no-audit
 ```
 
+#### nixpkgs
+
+We publish code-server in nixpkgs but it must be updated manually.
+
 #### npm
 
 We publish code-server as a npm package [here](https://www.npmjs.com/package/code-server/v/latest).
 
 This is currently automated with the release process.
 
-## Syncing with upstream Code
-
-Refer to the [contributing docs](https://coder.com/docs/code-server/latest/CONTRIBUTING#version-updates-to-code) for information on how to update Code within code-server.
-
 ## Testing
 
 Our testing structure is laid out under our [Contributing docs](https://coder.com/docs/code-server/latest/CONTRIBUTING#test).
 
-We hope to eventually hit 100% test coverage with our unit tests, and maybe one day our scripts (coverage not tracked currently).
-
 If you're ever looking to add more tests, here are a few ways to get started:
 
-- run `yarn test:unit` and look at the coverage chart. You'll see all the uncovered lines. This is a good place to start.
-- look at `test/scripts` to see which scripts are tested. We can always use more tests there.
+- run `yarn test:unit` and look at the coverage chart. You'll see all the
+  uncovered lines. This is a good place to start.
+- look at `test/scripts` to see which scripts are tested. We can always use more
+  tests there.
 - look at `test/e2e`. We can always use more end-to-end tests.
 
-Otherwise, talk to a current maintainer and ask which part of the codebase is lacking most when it comes to tests.
+Otherwise, talk to a current maintainer and ask which part of the codebase is
+lacking most when it comes to tests.
 
 ## Documentation
 
 ### Troubleshooting
 
-Our docs are hosted on [Vercel](https://vercel.com/). Vercel only shows logs in realtime, which means you need to have the logs open in one tab and reproduce your error in another tab. Since our logs are private to Coder the organization, you can only follow these steps if you're a Coder employee. Ask a maintainer for help if you need it.
+Our docs are hosted on [Vercel](https://vercel.com/). Vercel only shows logs in
+realtime, which means you need to have the logs open in one tab and reproduce
+your error in another tab. Since our logs are private to Coder the organization,
+you can only follow these steps if you're a Coder employee. Ask a maintainer for
+help if you need it.
 
-Taking a real scenario, let's say you wanted to troubleshoot [this docs change](https://github.com/coder/code-server/pull/4042). Here is how you would do it:
+Taking a real scenario, let's say you wanted to troubleshoot [this docs
+change](https://github.com/coder/code-server/pull/4042). Here is how you would
+do it:
 
 1. Go to https://vercel.com/codercom/codercom
 2. Click "View Function Logs"

docs/SECURITY.md

@@ -17,10 +17,8 @@ We use the following tools to help us stay on top of vulnerability mitigation.
     - Comprehensive vulnerability scanner that runs on PRs into the default
       branch and scans both our container image and repository code (see
       `trivy-scan-repo` and `trivy-scan-image` jobs in `build.yaml`)
-- [`audit-ci`](https://github.com/IBM/audit-ci)
-  - Audits npm and Yarn dependencies in CI (see `Audit for vulnerabilities` step
-    in `build.yaml`) on PRs into the default branch and fails CI if moderate or
-    higher vulnerabilities (see the `audit.sh` script) are present.
+- `yarn audit` and `npm audit`
+  - Audits Yarn/NPM dependencies.
 
 ## Supported Versions
 

docs/android.md

@@ -11,14 +11,14 @@ curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash
 ```
 
 6. Exit the terminal using `exit` and then reopen the terminal
-7. Install and use Node.js 18:
+7. Install and use Node.js 20:
 
 ```shell
 nvm install 18
 nvm use 18
 ```
 
-8. Install code-server globally on device with: `npm install --global code-server --unsafe-perm`
+8. Install code-server globally on device with: `npm install --global code-server`
 9. Run code-server with `code-server`
 10. Access on localhost:8080 in your browser
 

docs/coder.md

@@ -33,5 +33,16 @@ resource "coder_app" "code-server" {
 }
 ```
 
+Or use our official [`code-server`](https://registry.coder.com/modules/code-server) module from the Coder [module registry](htpps://registry.coder.com/modules):
+
+```terraform
+module "code-server" {
+  source     = "registry.coder.com/modules/code-server/coder"
+  version    = "1.0.5"
+  agent_id   = coder_agent.example.id
+  extensions = ["dracula-theme.theme-dracula", "ms-azuretools.vscode-docker"]
+}
+```
+
 If you run into issues, ask for help on the `coder/coder` [Discussions
 here](https://github.com/coder/coder/discussions).

docs/guide.md

@@ -20,9 +20,6 @@
   - [Proxying to a Vue app](#proxying-to-a-vue-app)
   - [Proxying to an Angular app](#proxying-to-an-angular-app)
   - [Proxying to a Svelte app](#proxying-to-a-svelte-app)
-- [SSH into code-server on VS Code](#ssh-into-code-server-on-vs-code)
-  - [Option 1: cloudflared tunnel](#option-1-cloudflared-tunnel)
-  - [Option 2: ngrok tunnel](#option-2-ngrok-tunnel)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 <!-- prettier-ignore-end -->
@@ -435,93 +432,3 @@ const config = {
 3. Access app at `<code-server-root>/absproxy/5173/` e.g. `http://localhost:8080/absproxy/5173/
 
 For additional context, see [this Github Issue](https://github.com/sveltejs/kit/issues/2958)
-
-## SSH into code-server on VS Code
-
-[![SSH](https://img.shields.io/badge/SSH-363636?style=for-the-badge&logo=GNU+Bash&logoColor=ffffff)](https://ohmyz.sh/) [![Terminal](https://img.shields.io/badge/Terminal-2E2E2E?style=for-the-badge&logo=Windows+Terminal&logoColor=ffffff)](https://img.shields.io/badge/Terminal-2E2E2E?style=for-the-badge&logo=Windows+Terminal&logoColor=ffffff) [![Visual Studio Code](https://img.shields.io/badge/Visual_Studio_Code-007ACC?style=for-the-badge&logo=Visual+Studio+Code&logoColor=ffffff)](vscode:extension/ms-vscode-remote.remote-ssh)
-
-Follow these steps where code-server is running:
-
-1. Install `openssh-server`, `wget`, and `unzip`.
-
-```bash
-# example for Debian and Ubuntu operating systems
-sudo apt update
-sudo apt install wget unzip openssh-server
-```
-
-2. Start the SSH server and set the password for your user, if you haven't already. If you use [deploy-code-server](https://github.com/coder/deploy-code-server),
-
-```bash
-sudo service ssh start
-sudo passwd {user} # replace user with your code-server user
-```
-
-### Option 1: cloudflared tunnel
-
-[![Cloudflared](https://img.shields.io/badge/Cloudflared-E4863B?style=for-the-badge&logo=cloudflare&logoColor=ffffff)](https://github.com/cloudflare/cloudflared)
-
-1.  Install [cloudflared](https://github.com/cloudflare/cloudflared#installing-cloudflared) on your local computer and remote server
-2.  Then go to `~/.ssh/config` and add the following on your local computer:
-
-```shell
-Host *.trycloudflare.com
-HostName %h
-User user
-Port 22
-ProxyCommand "cloudflared location" access ssh --hostname %h
-```
-
-3. Run `cloudflared tunnel --url ssh://localhost:22` on the remote server
-
-4. Finally on VS Code or any IDE that supports SSH, run `ssh user@https://your-link.trycloudflare.com` or `ssh user@your-link.trycloudflare.com`
-
-### Option 2: ngrok tunnel
-
-[![Ngrok](https://img.shields.io/badge/Ngrok-1F1E37?style=for-the-badge&logo=ngrok&logoColor=ffffff)](https://ngrok.com/)
-
-1.  Make a new account for ngrok [here](https://dashboard.ngrok.com/login)
-
-2.  Now, get the ngrok binary with `wget` and unzip it with `unzip`:
-
-```bash
-wget "https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip"
-unzip "ngrok-stable-linux-amd64.zip"
-```
-
-5.  Then, go to [dashboard.ngrok.com](https://dashboard.ngrok.com) and go to the `Your Authtoken` section.
-6.  Copy the Authtoken shown there.
-7.  Now, go to the folder where you unzipped ngrok and store the Authtoken from the ngrok Dashboard.
-
-```bash
-./ngrok authtoken YOUR_AUTHTOKEN # replace YOUR_AUTHTOKEN with the ngrok authtoken.
-```
-
-8.  Now, forward port 22, which is the SSH port with this command:
-
-```bash
-./ngrok tcp 22
-```
-
-Now, you get a screen in the terminal like this:
-
-```console
-ngrok by @inconshreveable(Ctrl+C to quit)
-
-Session Status                online
-Account                       {Your name} (Plan: Free)
-Version                       2.3.40
-Region                        United States (us)
-Web Interface                 http://127.0.0.1:4040
-Forwarding                    tcp://0.tcp.ngrok.io:19028 -> localhost:22
-```
-
-In this case, copy the forwarded link `0.tcp.ngrok.io` and remember the port number `19028`. Type this on your local Visual Studio Code:
-
-```bash
-ssh user@0.tcp.ngrok.io -p 19028
-```
-
-The port redirects you to the default SSH port 22, and you can then successfully connect to code-server by entering the password you set for the user.
-
-Note: the port and the url provided by ngrok will change each time you run it so modify as needed.

docs/npm.md

@@ -30,7 +30,7 @@ includes installing instructions based on your operating system.
 ## Node.js version
 
 We use the same major version of Node.js shipped with Code's remote, which is
-currently `18.x`. VS Code also [lists Node.js
+currently `20.x`. VS Code also [lists Node.js
 requirements](https://github.com/microsoft/vscode/wiki/How-to-Contribute#prerequisites).
 
 Using other versions of Node.js [may lead to unexpected
@@ -79,7 +79,7 @@ Proceed to [installing](#installing)
 ## FreeBSD
 
 ```sh
-pkg install -y git python npm-node18 pkgconf
+pkg install -y git python npm-node20 pkgconf
 pkg install -y libinotify
 ```
 
@@ -92,7 +92,7 @@ Installing code-server requires all of the [prerequisites for VS Code developmen
 Next, install code-server with:
 
 ```bash
-npm install --global code-server --unsafe-perm
+npm install --global code-server
 code-server
 # Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
 ```
@@ -112,7 +112,7 @@ For help and additional troubleshooting, see [#1397](https://github.com/coder/co
 After adding the dependencies for your OS, install the code-server package globally:
 
 ```bash
-npm install --global code-server --unsafe-perm
+npm install --global code-server
 code-server
 # Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
 ```
@@ -144,8 +144,8 @@ To debug installation issues, install with `npm`:
 
 ```shell
 # Uninstall
-npm uninstall --global --unsafe-perm code-server > /dev/null 2>&1
+npm uninstall --global code-server > /dev/null 2>&1
 
 # Install with logging
-npm install --loglevel verbose --global --unsafe-perm code-server
+npm install --loglevel verbose --global code-server
 ```

docs/termux.md

@@ -57,7 +57,7 @@ npm config set python python3
 node -v
 ```
 
-you will get Node version `v18`
+you will get Node version `v20`
 
 5. Now install code-server following our guide on [installing with npm](./npm.md)
 
@@ -70,7 +70,7 @@ code-server --auth none
 7. If already installed then use the following command for upgradation.
 
 ```
-npm update --global code-server --unsafe-perm
+npm update --global code-server
 ```
 
 ## Upgrade

flake.lock

@@ -5,11 +5,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1681202837,
-        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
         "type": "github"
       },
       "original": {
@@ -20,12 +20,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1683594133,
-        "narHash": "sha256-iUhLhEAgOCnexSGDsYT2ouydis09uDoNzM7UC685XGE=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "8d447c5626cfefb9b129d5b30103344377fe09bc",
-        "type": "github"
+        "lastModified": 1716137900,
+        "narHash": "sha256-sowPU+tLQv8GlqtVtsXioTKeaQvlMz/pefcdwg8MvfM=",
+        "path": "/nix/store/r8nhgnkxacbnf4kv8kdi8b6ks3k9b16i-source",
+        "rev": "6c0b7a92c30122196a761b440ac0d46d3d9954f1",
+        "type": "path"
       },
       "original": {
         "id": "nixpkgs",

flake.nix

@@ -7,7 +7,7 @@
     flake-utils.lib.eachDefaultSystem
       (system:
         let pkgs = nixpkgs.legacyPackages.${system};
-            nodejs = pkgs.nodejs-18_x;
+            nodejs = pkgs.nodejs_20;
             yarn' = pkgs.yarn.override { inherit nodejs; };
         in {
           devShells.default = pkgs.mkShell {

install.sh

@@ -424,7 +424,7 @@ install_standalone() {
 }
 
 install_npm() {
-  echoh "Installing latest from npm."
+  echoh "Installing v$VERSION from npm."
   echoh
 
   NPM_PATH="${YARN_PATH-npm}"
@@ -436,12 +436,12 @@ install_npm() {
     fi
     echoh "Installing with npm."
     echoh
-    "$sh_c" "$NPM_PATH" install -g code-server --unsafe-perm
+    "$sh_c" "$NPM_PATH" install -g "code-server@$VERSION" --unsafe-perm
     NPM_BIN_DIR="\$($NPM_PATH bin -g)" echo_npm_postinstall
     return
   fi
   echoerr "Please install npm to install code-server!"
-  echoerr "You will need at least node v18 and a few C dependencies."
+  echoerr "You will need at least node v20 and a few C dependencies."
   echoerr "See the docs https://coder.com/docs/code-server/latest/install#npm"
 
   exit 1

lib/vscode

@@ -1 +1 @@
-Subproject commit f5442d1f9fcdc7ce89a34c6e52a11ba44e47b423
+Subproject commit f1e16e1e6214d7c44d078b1f0607b2388f29d729

package.json

@@ -27,12 +27,10 @@
     "postinstall": "./ci/dev/postinstall.sh",
     "publish:npm": "./ci/steps/publish-npm.sh",
     "publish:docker": "./ci/steps/docker-buildx-push.sh",
-    "_audit": "./ci/dev/audit.sh",
     "fmt": "yarn prettier && ./ci/dev/doctoc.sh",
     "lint:scripts": "./ci/dev/lint-scripts.sh",
     "lint:ts": "eslint --max-warnings=0 --fix $(git ls-files '*.ts' '*.js' | grep -v 'lib/vscode')",
     "test": "echo 'Run yarn test:unit or yarn test:e2e' && exit 1",
-    "ci": "./ci/dev/ci.sh",
     "watch": "VSCODE_DEV=1 VSCODE_IPC_HOOK_CLI= NODE_OPTIONS='--max_old_space_size=32384 --trace-warnings' ts-node ./ci/dev/watch.ts",
     "icons": "./ci/dev/gen_icons.sh"
   },
@@ -44,16 +42,15 @@
     "@types/express": "^4.17.17",
     "@types/http-proxy": "1.17.7",
     "@types/js-yaml": "^4.0.6",
-    "@types/node": "^18.0.0",
+    "@types/node": "20.x",
     "@types/pem": "^1.14.1",
     "@types/proxy-from-env": "^1.0.1",
     "@types/safe-compare": "^1.1.0",
     "@types/semver": "^7.5.2",
     "@types/trusted-types": "^2.0.4",
     "@types/ws": "^8.5.5",
-    "@typescript-eslint/eslint-plugin": "^6.7.2",
+    "@typescript-eslint/eslint-plugin": "^7.0.0",
     "@typescript-eslint/parser": "^6.7.2",
-    "audit-ci": "^6.6.1",
     "doctoc": "^2.2.1",
     "eslint": "^8.49.0",
     "eslint-config-prettier": "^9.0.0",
@@ -61,7 +58,7 @@
     "eslint-plugin-import": "^2.28.1",
     "eslint-plugin-prettier": "^5.0.0",
     "prettier": "^3.0.3",
-    "prettier-plugin-sh": "^0.13.1",
+    "prettier-plugin-sh": "^0.14.0",
     "ts-node": "^10.9.1",
     "typescript": "^5.2.2"
   },
@@ -71,7 +68,7 @@
     "compression": "^1.7.4",
     "cookie-parser": "^1.4.6",
     "env-paths": "^2.2.1",
-    "express": "5.0.0-alpha.8",
+    "express": "5.0.0-beta.3",
     "http-proxy": "^1.18.1",
     "httpolyglot": "^0.1.2",
     "i18next": "^23.5.1",
@@ -79,7 +76,7 @@
     "limiter": "^2.1.0",
     "pem": "^1.14.8",
     "proxy-agent": "^6.3.1",
-    "qs": "6.9.7",
+    "qs": "6.12.1",
     "rotating-file-stream": "^3.1.1",
     "safe-buffer": "^5.2.1",
     "safe-compare": "^1.1.4",
@@ -88,11 +85,7 @@
     "xdg-basedir": "^4.0.0"
   },
   "resolutions": {
-    "@types/node": "^18.0.0",
-    "qs": "6.9.7"
-  },
-  "overrides": {
-    "qs": "6.9.7"
+    "@types/node": "20.x"
   },
   "bin": {
     "code-server": "out/node/entry.js"
@@ -107,7 +100,8 @@
     "remote-development"
   ],
   "engines": {
-    "node": "18"
+    "node": "20",
+    "yarn": "1"
   },
   "jest": {
     "transform": {

patches/base-path.diff

@@ -10,7 +10,7 @@ Index: code-server/lib/vscode/src/vs/base/common/network.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/network.ts
 +++ code-server/lib/vscode/src/vs/base/common/network.ts
-@@ -181,7 +181,9 @@ class RemoteAuthoritiesImpl {
+@@ -212,7 +212,9 @@ class RemoteAuthoritiesImpl {
  		return URI.from({
  			scheme: platform.isWeb ? this._preferredWebSchema : Schemas.vscodeRemoteResource,
  			authority: `${host}:${port}`,
@@ -111,7 +111,7 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -269,16 +269,15 @@ export class WebClientServer {
+@@ -270,16 +270,15 @@ export class WebClientServer {
  			return void res.end();
  		}
  
@@ -133,20 +133,20 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
  		);
  		if (!remoteAuthority) {
  			return serveError(req, res, 400, `Bad request.`);
-@@ -305,8 +304,12 @@ export class WebClientServer {
+@@ -306,8 +305,12 @@ export class WebClientServer {
  			scopes: [['user:email'], ['repo']]
  		} : undefined;
  
 +		const base = relativeRoot(getOriginalUrl(req))
 +		const vscodeBase = relativePath(getOriginalUrl(req))
 +
- 		const productConfiguration = <Partial<IProductConfiguration>>{
+ 		const productConfiguration = {
  			codeServerVersion: this._productService.codeServerVersion,
 +			rootEndpoint: base,
  			embedderIdentifier: 'server-distro',
- 			extensionsGallery: this._webExtensionResourceUrlTemplate ? {
+ 			extensionsGallery: this._webExtensionResourceUrlTemplate && this._productService.extensionsGallery ? {
  				...this._productService.extensionsGallery,
-@@ -341,8 +344,10 @@ export class WebClientServer {
+@@ -343,8 +346,10 @@ export class WebClientServer {
  		const values: { [key: string]: string } = {
  			WORKBENCH_WEB_CONFIGURATION: asJSON(workbenchWebConfiguration),
  			WORKBENCH_AUTH_SESSION: authSessionInfo ? asJSON(authSessionInfo) : '',
@@ -159,7 +159,7 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
  		};
  
  		if (useTestResolver) {
-@@ -369,7 +374,7 @@ export class WebClientServer {
+@@ -371,7 +376,7 @@ export class WebClientServer {
  			'default-src \'self\';',
  			'img-src \'self\' https: data: blob:;',
  			'media-src \'self\';',
@@ -168,7 +168,7 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
  			'child-src \'self\';',
  			`frame-src 'self' https://*.vscode-cdn.net data:;`,
  			'worker-src \'self\' data: blob:;',
-@@ -442,3 +447,70 @@ export class WebClientServer {
+@@ -444,3 +449,70 @@ export class WebClientServer {
  		return void res.end(data);
  	}
  }
@@ -303,10 +303,10 @@ Index: code-server/lib/vscode/src/vs/platform/extensionResourceLoader/common/ext
  import { TelemetryLevel } from 'vs/platform/telemetry/common/telemetry';
  import { getTelemetryLevel, supportsTelemetry } from 'vs/platform/telemetry/common/telemetryUtils';
 -import { RemoteAuthorities } from 'vs/base/common/network';
- import { getRemoteServerRootPath } from 'vs/platform/remote/common/remoteHosts';
  import { TargetPlatform } from 'vs/platform/extensions/common/extensions';
  
-@@ -102,7 +101,7 @@ export abstract class AbstractExtensionR
+ const WEB_EXTENSION_RESOURCE_END_POINT_SEGMENT = '/web-extension-resource/';
+@@ -99,7 +98,7 @@ export abstract class AbstractExtensionR
  					: version,
  				path: 'extension'
  			}));

patches/cli-window-open.diff

@@ -17,7 +17,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTe
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
-@@ -104,10 +104,14 @@ class RemoteTerminalBackend extends Base
+@@ -106,10 +106,14 @@ class RemoteTerminalBackend extends Base
  			}
  			const reqId = e.reqId;
  			const commandId = e.commandId;

patches/clipboard.diff

@@ -0,0 +1,136 @@
+Index: code-server/lib/vscode/src/vs/workbench/api/browser/mainThreadCLICommands.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/api/browser/mainThreadCLICommands.ts
++++ code-server/lib/vscode/src/vs/workbench/api/browser/mainThreadCLICommands.ts
+@@ -8,6 +8,7 @@ import { isWeb } from 'vs/base/common/pl
+ import { isString } from 'vs/base/common/types';
+ import { URI, UriComponents } from 'vs/base/common/uri';
+ import { localize } from 'vs/nls';
++import { IClipboardService } from 'vs/platform/clipboard/common/clipboardService';
+ import { CommandsRegistry, ICommandService } from 'vs/platform/commands/common/commands';
+ import { IExtensionGalleryService, IExtensionManagementService } from 'vs/platform/extensionManagement/common/extensionManagement';
+ import { ExtensionManagementCLI } from 'vs/platform/extensionManagement/common/extensionManagementCLI';
+@@ -89,6 +90,11 @@ CommandsRegistry.registerCommand('_remot
+ 	return lines.join('\n');
+ });
+ 
++CommandsRegistry.registerCommand('_remoteCLI.setClipboard', function (accessor: ServicesAccessor, content: string) {
++	const clipboardService = accessor.get(IClipboardService);
++	clipboardService.writeText(content);
++})
++
+ class RemoteExtensionManagementCLI extends ExtensionManagementCLI {
+ 
+ 	private _location: string | undefined;
+Index: code-server/lib/vscode/src/vs/workbench/api/node/extHostCLIServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/api/node/extHostCLIServer.ts
++++ code-server/lib/vscode/src/vs/workbench/api/node/extHostCLIServer.ts
+@@ -43,7 +43,12 @@ export interface ExtensionManagementPipe
+ 	force?: boolean;
+ }
+ 
+-export type PipeCommand = OpenCommandPipeArgs | StatusPipeArgs | OpenExternalCommandPipeArgs | ExtensionManagementPipeArgs;
++export interface ClipboardPipeArgs {
++	type: 'clipboard';
++	content: string;
++}
++
++export type PipeCommand = OpenCommandPipeArgs | StatusPipeArgs | OpenExternalCommandPipeArgs | ExtensionManagementPipeArgs | ClipboardPipeArgs;
+ 
+ export interface ICommandsExecuter {
+ 	executeCommand<T>(id: string, ...args: any[]): Promise<T>;
+@@ -105,6 +110,9 @@ export class CLIServerBase {
+ 					case 'extensionManagement':
+ 						returnObj = await this.manageExtensions(data);
+ 						break;
++					case 'clipboard':
++						returnObj = await this.clipboard(data);
++						break;
+ 					default:
+ 						sendResponse(404, `Unknown message type: ${data.type}`);
+ 						break;
+@@ -172,6 +180,10 @@ export class CLIServerBase {
+ 		return await this._commands.executeCommand<string | undefined>('_remoteCLI.getSystemStatus');
+ 	}
+ 
++	private async clipboard(data: ClipboardPipeArgs): Promise<undefined> {
++		return await this._commands.executeCommand('_remoteCLI.setClipboard', data.content);
++	}
++
+ 	dispose(): void {
+ 		this._server.close();
+ 
+Index: code-server/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
++++ code-server/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
+@@ -97,7 +97,7 @@ class RemoteTerminalBackend extends Base
+ 			}
+ 		});
+ 
+-		const allowedCommands = ['_remoteCLI.openExternal', '_remoteCLI.windowOpen', '_remoteCLI.getSystemStatus', '_remoteCLI.manageExtensions'];
++		const allowedCommands = ['_remoteCLI.openExternal', '_remoteCLI.windowOpen', '_remoteCLI.getSystemStatus', '_remoteCLI.manageExtensions', '_remoteCLI.setClipboard'];
+ 		this._remoteTerminalChannel.onExecuteCommand(async e => {
+ 			// Ensure this request for for this window
+ 			const pty = this._ptys.get(e.persistentProcessId);
+Index: code-server/lib/vscode/src/vs/platform/environment/common/argv.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/environment/common/argv.ts
++++ code-server/lib/vscode/src/vs/platform/environment/common/argv.ts
+@@ -119,6 +119,7 @@ export interface NativeParsedArgs {
+ 	sandbox?: boolean;
+ 
+ 	'enable-coi'?: boolean;
++	'stdin-to-clipboard'?: boolean;
+ 
+ 	// chromium command line args: https://electronjs.org/docs/all#supported-chrome-command-line-switches
+ 	'no-proxy-server'?: boolean;
+Index: code-server/lib/vscode/src/vs/platform/environment/node/argv.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/environment/node/argv.ts
++++ code-server/lib/vscode/src/vs/platform/environment/node/argv.ts
+@@ -90,6 +90,7 @@ export const OPTIONS: OptionDescriptions
+ 	'user-data-dir': { type: 'string', cat: 'o', args: 'dir', description: localize('userDataDir', "Specifies the directory that user data is kept in. Can be used to open multiple distinct instances of Code.") },
+ 	'profile': { type: 'string', 'cat': 'o', args: 'profileName', description: localize('profileName', "Opens the provided folder or workspace with the given profile and associates the profile with the workspace. If the profile does not exist, a new empty one is created.") },
+ 	'help': { type: 'boolean', cat: 'o', alias: 'h', description: localize('help', "Print usage.") },
++	'stdin-to-clipboard': { type: 'boolean', cat: 'o', alias: 'c', description: localize('clipboard', "copies the STDIN to the clipboard") },
+ 
+ 	'extensions-dir': { type: 'string', deprecates: ['extensionHomePath'], cat: 'e', args: 'dir', description: localize('extensionHomePath', "Set the root path for extensions.") },
+ 	'extensions-download-dir': { type: 'string' },
+Index: code-server/lib/vscode/src/vs/server/node/server.cli.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/server.cli.ts
++++ code-server/lib/vscode/src/vs/server/node/server.cli.ts
+@@ -76,6 +76,7 @@ const isSupportedForPipe = (optionId: ke
+ 		case 'verbose':
+ 		case 'remote':
+ 		case 'locate-shell-integration-path':
++		case 'stdin-to-clipboard':
+ 			return true;
+ 		default:
+ 			return false;
+@@ -293,6 +294,23 @@ export async function main(desc: Product
+ 			}
+ 		}
+ 	} else {
++		if (parsedArgs['stdin-to-clipboard']) {
++			if(!hasStdinWithoutTty()) {
++				console.error("stdin has a tty.");
++				return;
++			}
++			const fs = require("fs");
++			const stdinBuffer = fs.readFileSync(0); // STDIN_FILENO = 0
++			const clipboardContent = stdinBuffer.toString();
++			sendToPipe({
++				type: 'clipboard',
++				content: clipboardContent
++			}, verbose).catch(e => {
++				console.error('Error when requesting status:', e);
++			});
++			return;
++		}
++
+ 		if (parsedArgs.status) {
+ 			sendToPipe({
+ 				type: 'status'

patches/disable-builtin-ext-update.diff

@@ -7,7 +7,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsWorkbenchService.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsWorkbenchService.ts
-@@ -249,6 +249,10 @@ export class Extension implements IExten
+@@ -287,6 +287,10 @@ export class Extension implements IExten
  			if (this.type === ExtensionType.System && this.productService.quality === 'stable') {
  				return false;
  			}

patches/display-language.diff

@@ -23,14 +23,14 @@ Index: code-server/lib/vscode/src/vs/server/node/serverServices.ts
 +++ code-server/lib/vscode/src/vs/server/node/serverServices.ts
 @@ -11,7 +11,7 @@ import * as path from 'vs/base/common/pa
  import { IURITransformer } from 'vs/base/common/uriIpc';
- import { getMachineId, getSqmMachineId } from 'vs/base/node/id';
+ import { getMachineId, getSqmMachineId, getdevDeviceId } from 'vs/base/node/id';
  import { Promises } from 'vs/base/node/pfs';
 -import { ClientConnectionEvent, IMessagePassingProtocol, IPCServer, StaticRouter } from 'vs/base/parts/ipc/common/ipc';
 +import { ClientConnectionEvent, IMessagePassingProtocol, IPCServer, ProxyChannel, StaticRouter } from 'vs/base/parts/ipc/common/ipc';
  import { ProtocolConstants } from 'vs/base/parts/ipc/common/ipc.net';
  import { IConfigurationService } from 'vs/platform/configuration/common/configuration';
  import { ConfigurationService } from 'vs/platform/configuration/common/configurationService';
-@@ -228,6 +228,9 @@ export async function setupServerService
+@@ -238,6 +238,9 @@ export async function setupServerService
  		const channel = new ExtensionManagementChannel(extensionManagementService, (ctx: RemoteAgentConnectionContext) => getUriTransformer(ctx.remoteAuthority));
  		socketServer.registerChannel('extensions', channel);
  
@@ -53,7 +53,7 @@ Index: code-server/lib/vscode/src/vs/base/common/platform.ts
  export const LANGUAGE_DEFAULT = 'en';
  
  let _isWindows = false;
-@@ -111,17 +109,21 @@ else if (typeof navigator === 'object' &
+@@ -112,17 +110,21 @@ else if (typeof navigator === 'object' &
  	_isMobile = _userAgent?.indexOf('Mobi') >= 0;
  	_isWeb = true;
  
@@ -218,9 +218,9 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
  import { isString } from 'vs/base/common/types';
 +import { getLocaleFromConfig, getNLSConfiguration } from 'vs/server/node/remoteLanguagePacks';
  import { CharCode } from 'vs/base/common/charCode';
- import { getRemoteServerRootPath } from 'vs/platform/remote/common/remoteHosts';
  import { IExtensionManifest } from 'vs/platform/extensions/common/extensions';
-@@ -345,6 +346,8 @@ export class WebClientServer {
+ 
+@@ -348,6 +349,8 @@ export class WebClientServer {
  			callbackRoute: this._callbackRoute
  		};
  
@@ -229,7 +229,7 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
  		const nlsBaseUrl = this._productService.extensionsGallery?.nlsBaseUrl;
  		const values: { [key: string]: string } = {
  			WORKBENCH_WEB_CONFIGURATION: asJSON(workbenchWebConfiguration),
-@@ -353,6 +356,7 @@ export class WebClientServer {
+@@ -356,6 +359,7 @@ export class WebClientServer {
  			WORKBENCH_NLS_BASE_URL: vscodeBase + (nlsBaseUrl ? `${nlsBaseUrl}${!nlsBaseUrl.endsWith('/') ? '/' : ''}${this._productService.commit}/${this._productService.version}/` : ''),
  			BASE: base,
  			VS_BASE: vscodeBase,
@@ -249,8 +249,8 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
  
  	/* ----- server setup ----- */
  
-@@ -102,6 +103,7 @@ export interface ServerParsedArgs {
- 	'auth'?: string
+@@ -103,6 +104,7 @@ export interface ServerParsedArgs {
+ 	'auth'?: string;
  	'disable-file-downloads'?: boolean;
  	'disable-file-uploads'?: boolean;
 +	'locale'?: string
@@ -261,7 +261,7 @@ Index: code-server/lib/vscode/src/vs/workbench/workbench.web.main.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/workbench.web.main.ts
 +++ code-server/lib/vscode/src/vs/workbench/workbench.web.main.ts
-@@ -50,7 +50,7 @@ import 'vs/workbench/services/dialogs/br
+@@ -52,7 +52,7 @@ import 'vs/workbench/services/dialogs/br
  import 'vs/workbench/services/host/browser/browserHostService';
  import 'vs/workbench/services/lifecycle/browser/lifecycleService';
  import 'vs/workbench/services/clipboard/browser/clipboardService';
@@ -270,7 +270,7 @@ Index: code-server/lib/vscode/src/vs/workbench/workbench.web.main.ts
  import 'vs/workbench/services/path/browser/pathService';
  import 'vs/workbench/services/themes/browser/browserHostColorSchemeService';
  import 'vs/workbench/services/encryption/browser/encryptionService';
-@@ -116,8 +116,9 @@ registerSingleton(ILanguagePackService,
+@@ -118,8 +118,9 @@ registerSingleton(ILanguagePackService,
  // Logs
  import 'vs/workbench/contrib/logs/browser/logs.contribution';
  
@@ -348,17 +348,17 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsActions.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsActions.ts
-@@ -338,9 +338,6 @@ export class InstallAction extends Exten
+@@ -411,9 +411,6 @@ export class InstallAction extends Exten
  		if (this.extension.isBuiltin) {
  			return;
  		}
 -		if (this.extensionsWorkbenchService.canSetLanguage(this.extension)) {
 -			return;
 -		}
- 		if (this.extension.state === ExtensionState.Uninstalled && await this.extensionsWorkbenchService.canInstall(this.extension)) {
- 			this.enabled = this.options.installPreReleaseVersion ? this.extension.hasPreReleaseVersion : this.extension.hasReleaseVersion;
- 			this.updateLabel();
-@@ -608,7 +605,7 @@ export abstract class InstallInOtherServ
+ 		if (this.extension.state !== ExtensionState.Uninstalled) {
+ 			return;
+ 		}
+@@ -695,7 +692,7 @@ export abstract class InstallInOtherServ
  		}
  
  		if (isLanguagePackExtension(this.extension.local.manifest)) {
@@ -367,7 +367,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
  		}
  
  		// Prefers to run on UI
-@@ -1780,17 +1777,6 @@ export class SetLanguageAction extends E
+@@ -1928,17 +1925,6 @@ export class SetLanguageAction extends E
  	update(): void {
  		this.enabled = false;
  		this.class = SetLanguageAction.DisabledClass;
@@ -385,7 +385,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
  	}
  
  	override async run(): Promise<any> {
-@@ -1807,7 +1793,6 @@ export class ClearLanguageAction extends
+@@ -1955,7 +1941,6 @@ export class ClearLanguageAction extends
  	private static readonly DisabledClass = `${ClearLanguageAction.EnabledClass} disabled`;
  
  	constructor(
@@ -393,7 +393,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
  		@ILocaleService private readonly localeService: ILocaleService,
  	) {
  		super(ClearLanguageAction.ID, ClearLanguageAction.TITLE.value, ClearLanguageAction.DisabledClass, false);
-@@ -1817,17 +1802,6 @@ export class ClearLanguageAction extends
+@@ -1965,17 +1950,6 @@ export class ClearLanguageAction extends
  	update(): void {
  		this.enabled = false;
  		this.class = ClearLanguageAction.DisabledClass;

patches/external-file-actions.diff

@@ -27,7 +27,7 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/web.api.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
-@@ -282,6 +282,16 @@ export interface IWorkbenchConstructionO
+@@ -303,6 +303,16 @@ export interface IWorkbenchConstructionO
  	 */
  	readonly userDataPath?: string
  
@@ -99,10 +99,10 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
  
  	/* ----- server setup ----- */
  
-@@ -98,6 +100,8 @@ export interface ServerParsedArgs {
+@@ -99,6 +101,8 @@ export interface ServerParsedArgs {
  	/* ----- code-server ----- */
  	'disable-update-check'?: boolean;
- 	'auth'?: string
+ 	'auth'?: string;
 +	'disable-file-downloads'?: boolean;
 +	'disable-file-uploads'?: boolean;
  
@@ -112,8 +112,8 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -332,6 +332,8 @@ export class WebClientServer {
- 			remoteAuthority,
+@@ -334,6 +334,8 @@ export class WebClientServer {
+ 			serverBasePath: this._basePath,
  			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
  			userDataPath: this._environmentService.userDataPath,
 +			isEnabledFileDownloads: !this._environmentService.args['disable-file-downloads'],
@@ -125,31 +125,30 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/contextkeys.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
-@@ -7,12 +7,12 @@ import { Event } from 'vs/base/common/ev
+@@ -7,11 +7,11 @@ import { Event } from 'vs/base/common/ev
  import { Disposable } from 'vs/base/common/lifecycle';
  import { IContextKeyService, IContextKey, setConstant as setConstantContextKey } from 'vs/platform/contextkey/common/contextkey';
  import { InputFocusedContext, IsMacContext, IsLinuxContext, IsWindowsContext, IsWebContext, IsMacNativeContext, IsDevelopmentContext, IsIOSContext, ProductQualityContext, IsMobileContext } from 'vs/platform/contextkey/common/contextkeys';
--import { SplitEditorsVertically, InEditorZenModeContext, ActiveEditorCanRevertContext, ActiveEditorGroupLockedContext, ActiveEditorCanSplitInGroupContext, SideBySideEditorActiveContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, ActiveEditorContext, EditorsVisibleContext, TextCompareEditorVisibleContext, TextCompareEditorActiveContext, ActiveEditorGroupEmptyContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsCenteredLayoutContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorReadonlyContext, MainEditorAreaVisibleContext, ActiveEditorAvailableEditorIdsContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, ActiveEditorCanToggleReadonlyContext, applyAvailableEditorIds, TitleBarVisibleContext, TitleBarStyleContext, MultipleEditorGroupsContext, IsAuxiliaryWindowFocusedContext, ActiveCompareEditorOriginalWriteableContext } from 'vs/workbench/common/contextkeys';
-+import { SplitEditorsVertically, InEditorZenModeContext, ActiveEditorCanRevertContext, ActiveEditorGroupLockedContext, ActiveEditorCanSplitInGroupContext, SideBySideEditorActiveContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, ActiveEditorContext, EditorsVisibleContext, TextCompareEditorVisibleContext, TextCompareEditorActiveContext, ActiveEditorGroupEmptyContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsCenteredLayoutContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorReadonlyContext, MainEditorAreaVisibleContext, ActiveEditorAvailableEditorIdsContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, ActiveEditorCanToggleReadonlyContext, applyAvailableEditorIds, TitleBarVisibleContext, TitleBarStyleContext, MultipleEditorGroupsContext, IsAuxiliaryWindowFocusedContext, ActiveCompareEditorOriginalWriteableContext, IsEnabledFileDownloads, IsEnabledFileUploads } from 'vs/workbench/common/contextkeys';
- import { TEXT_DIFF_EDITOR_ID, EditorInputCapabilities, SIDE_BY_SIDE_EDITOR_ID, EditorResourceAccessor, SideBySideEditor } from 'vs/workbench/common/editor';
+-import { SplitEditorsVertically, InEditorZenModeContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsMainEditorCenteredLayoutContext, MainEditorAreaVisibleContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, TitleBarVisibleContext, TitleBarStyleContext, IsAuxiliaryWindowFocusedContext, ActiveEditorGroupEmptyContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorGroupLockedContext, MultipleEditorGroupsContext, EditorsVisibleContext } from 'vs/workbench/common/contextkeys';
++import { SplitEditorsVertically, InEditorZenModeContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsMainEditorCenteredLayoutContext, MainEditorAreaVisibleContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, TitleBarVisibleContext, TitleBarStyleContext, IsAuxiliaryWindowFocusedContext, ActiveEditorGroupEmptyContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorGroupLockedContext, MultipleEditorGroupsContext, EditorsVisibleContext, IsEnabledFileDownloads, IsEnabledFileUploads } from 'vs/workbench/common/contextkeys';
  import { trackFocus, addDisposableListener, EventType, onDidRegisterWindow, getActiveWindow } from 'vs/base/browser/dom';
  import { preferredSideBySideGroupDirection, GroupDirection, IEditorGroupsService } from 'vs/workbench/services/editor/common/editorGroupsService';
  import { IConfigurationService } from 'vs/platform/configuration/common/configuration';
 -import { IWorkbenchEnvironmentService } from 'vs/workbench/services/environment/common/environmentService';
 +import { IBrowserWorkbenchEnvironmentService } from 'vs/workbench/services/environment/browser/environmentService';
- import { IEditorService } from 'vs/workbench/services/editor/common/editorService';
  import { WorkbenchState, IWorkspaceContextService, isTemporaryWorkspace } from 'vs/platform/workspace/common/workspace';
  import { IWorkbenchLayoutService, Parts, positionToString } from 'vs/workbench/services/layout/browser/layoutService';
-@@ -87,7 +87,7 @@ export class WorkbenchContextKeysHandler
+ import { getRemoteName } from 'vs/platform/remote/common/remoteHosts';
+@@ -70,7 +70,7 @@ export class WorkbenchContextKeysHandler
  		@IContextKeyService private readonly contextKeyService: IContextKeyService,
  		@IWorkspaceContextService private readonly contextService: IWorkspaceContextService,
  		@IConfigurationService private readonly configurationService: IConfigurationService,
 -		@IWorkbenchEnvironmentService private readonly environmentService: IWorkbenchEnvironmentService,
 +		@IBrowserWorkbenchEnvironmentService private readonly environmentService: IBrowserWorkbenchEnvironmentService,
  		@IProductService private readonly productService: IProductService,
+ 		@IEditorGroupsService private readonly editorGroupService: IEditorGroupsService,
  		@IEditorService private readonly editorService: IEditorService,
- 		@IEditorResolverService private readonly editorResolverService: IEditorResolverService,
-@@ -224,6 +224,10 @@ export class WorkbenchContextKeysHandler
+@@ -197,6 +197,10 @@ export class WorkbenchContextKeysHandler
  		this.auxiliaryBarVisibleContext = AuxiliaryBarVisibleContext.bindTo(this.contextKeyService);
  		this.auxiliaryBarVisibleContext.set(this.layoutService.isVisible(Parts.AUXILIARYBAR_PART));
  
@@ -168,12 +167,12 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions
  import { AutoSaveAfterShortDelayContext } from 'vs/workbench/services/filesConfiguration/common/filesConfigurationService';
  import { WorkbenchListDoubleSelection } from 'vs/platform/list/browser/listService';
  import { Schemas } from 'vs/base/common/network';
--import { DirtyWorkingCopiesContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, WorkbenchStateContext, WorkspaceFolderCountContext, SidebarFocusContext, ActiveEditorCanRevertContext, ActiveEditorContext, ResourceContextKey, ActiveEditorAvailableEditorIdsContext } from 'vs/workbench/common/contextkeys';
-+import { DirtyWorkingCopiesContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, WorkbenchStateContext, WorkspaceFolderCountContext, SidebarFocusContext, ActiveEditorCanRevertContext, ActiveEditorContext, ResourceContextKey, ActiveEditorAvailableEditorIdsContext, IsEnabledFileDownloads, IsEnabledFileUploads } from 'vs/workbench/common/contextkeys';
+-import { DirtyWorkingCopiesContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, WorkbenchStateContext, WorkspaceFolderCountContext, SidebarFocusContext, ActiveEditorCanRevertContext, ActiveEditorContext, ResourceContextKey, ActiveEditorAvailableEditorIdsContext, MultipleEditorsSelectedInGroupContext, TwoEditorsSelectedInGroupContext } from 'vs/workbench/common/contextkeys';
++import { DirtyWorkingCopiesContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, WorkbenchStateContext, WorkspaceFolderCountContext, SidebarFocusContext, ActiveEditorCanRevertContext, ActiveEditorContext, ResourceContextKey, ActiveEditorAvailableEditorIdsContext, MultipleEditorsSelectedInGroupContext, TwoEditorsSelectedInGroupContext, IsEnabledFileDownloads, IsEnabledFileUploads } from 'vs/workbench/common/contextkeys';
  import { IsWebContext } from 'vs/platform/contextkey/common/contextkeys';
  import { ServicesAccessor } from 'vs/platform/instantiation/common/instantiation';
  import { ThemeIcon } from 'vs/base/common/themables';
-@@ -550,13 +550,16 @@ MenuRegistry.appendMenuItem(MenuId.Explo
+@@ -561,13 +561,16 @@ MenuRegistry.appendMenuItem(MenuId.Explo
  		id: DOWNLOAD_COMMAND_ID,
  		title: DOWNLOAD_LABEL
  	},
@@ -197,7 +196,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions
  	)
  }));
  
-@@ -568,6 +571,7 @@ MenuRegistry.appendMenuItem(MenuId.Explo
+@@ -579,6 +582,7 @@ MenuRegistry.appendMenuItem(MenuId.Explo
  		title: UPLOAD_LABEL,
  	},
  	when: ContextKeyExpr.and(
@@ -282,7 +281,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/files/browser/views/explo
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/files/browser/views/explorerViewer.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/files/browser/views/explorerViewer.ts
-@@ -68,6 +68,7 @@ import { HoverPosition } from 'vs/base/b
+@@ -65,6 +65,7 @@ import { timeout } from 'vs/base/common/
  import { IFilesConfigurationService } from 'vs/workbench/services/filesConfiguration/common/filesConfigurationService';
  import { mainWindow } from 'vs/base/browser/window';
  import { IExplorerFileContribution, explorerFileContribRegistry } from 'vs/workbench/contrib/files/browser/explorerFileContrib';
@@ -290,7 +289,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/files/browser/views/explo
  
  export class ExplorerDelegate implements IListVirtualDelegate<ExplorerItem> {
  
-@@ -1079,7 +1080,8 @@ export class FileDragAndDrop implements
+@@ -1001,7 +1002,8 @@ export class FileDragAndDrop implements
  		@IConfigurationService private configurationService: IConfigurationService,
  		@IInstantiationService private instantiationService: IInstantiationService,
  		@IWorkspaceEditingService private workspaceEditingService: IWorkspaceEditingService,
@@ -300,7 +299,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/files/browser/views/explo
  	) {
  		const updateDropEnablement = (e: IConfigurationChangeEvent | undefined) => {
  			if (!e || e.affectsConfiguration('explorer.enableDragAndDrop')) {
-@@ -1284,15 +1286,17 @@ export class FileDragAndDrop implements
+@@ -1226,15 +1228,17 @@ export class FileDragAndDrop implements
  
  			// External file DND (Import/Upload file)
  			if (data instanceof NativeDragAndDropData) {

patches/getting-started.diff

@@ -14,12 +14,12 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/bro
   *  Licensed under the MIT License. See License.txt in the project root for license information.
   *--------------------------------------------------------------------------------------------*/
  
--import { $, Dimension, addDisposableListener, append, clearNode, getWindow, reset } from 'vs/base/browser/dom';
-+import { $, Dimension, addDisposableListener, append, clearNode, getWindow, reset, prepend } from 'vs/base/browser/dom';
+-import { $, Dimension, addDisposableListener, append, clearNode, reset } from 'vs/base/browser/dom';
++import { $, Dimension, addDisposableListener, append, clearNode, reset, prepend } from 'vs/base/browser/dom';
  import { renderFormattedText } from 'vs/base/browser/formattedTextRenderer';
  import { StandardKeyboardEvent } from 'vs/base/browser/keyboardEvent';
  import { Button } from 'vs/base/browser/ui/button/button';
-@@ -58,7 +58,7 @@ import { IRecentFolder, IRecentWorkspace
+@@ -54,7 +54,7 @@ import { IRecentFolder, IRecentWorkspace
  import { OpenRecentAction } from 'vs/workbench/browser/actions/windowActions';
  import { OpenFileFolderAction, OpenFolderAction, OpenFolderViaWorkspaceAction } from 'vs/workbench/browser/actions/workspaceActions';
  import { EditorPane } from 'vs/workbench/browser/parts/editor/editorPane';
@@ -27,8 +27,8 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/bro
 +import { IsEnabledCoderGettingStarted, WorkbenchStateContext } from 'vs/workbench/common/contextkeys';
  import { IEditorOpenContext, IEditorSerializer } from 'vs/workbench/common/editor';
  import { IWebviewElement, IWebviewService } from 'vs/workbench/contrib/webview/browser/webview';
- import { IFeaturedExtensionsService } from 'vs/workbench/contrib/welcomeGettingStarted/browser/featuredExtensionService';
-@@ -793,6 +793,72 @@ export class GettingStartedPage extends
+ import 'vs/workbench/contrib/welcomeGettingStarted/browser/gettingStartedColors';
+@@ -804,6 +804,72 @@ export class GettingStartedPage extends
  			$('p.subtitle.description', {}, localize({ key: 'gettingStarted.editingEvolved', comment: ['Shown as subtitle on the Welcome page.'] }, "Editing evolved"))
  		);
  
@@ -101,7 +101,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/bro
  		const leftColumn = $('.categories-column.categories-column-left', {},);
  		const rightColumn = $('.categories-column.categories-column-right', {},);
  
-@@ -842,6 +908,9 @@ export class GettingStartedPage extends
+@@ -839,6 +905,9 @@ export class GettingStartedPage extends
  				recentList.setLimit(5);
  				reset(leftColumn, startList.getDomElement(), recentList.getDomElement());
  			}
@@ -110,7 +110,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/bro
 +			}
  		};
  
- 		featuredExtensionList.onDidChange(layoutFeaturedExtension);
+ 		gettingStartedList.onDidChange(layoutLists);
 Index: code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/browser/media/gettingStarted.css
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/browser/media/gettingStarted.css
@@ -135,7 +135,7 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/web.api.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
-@@ -292,6 +292,11 @@ export interface IWorkbenchConstructionO
+@@ -313,6 +313,11 @@ export interface IWorkbenchConstructionO
  	 */
  	readonly isEnabledFileUploads?: boolean
  
@@ -189,7 +189,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
  
  	/* ----- server setup ----- */
  
-@@ -104,6 +105,7 @@ export interface ServerParsedArgs {
+@@ -105,6 +106,7 @@ export interface ServerParsedArgs {
  	'disable-file-downloads'?: boolean;
  	'disable-file-uploads'?: boolean;
  	'locale'?: string
@@ -201,7 +201,7 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -336,6 +336,7 @@ export class WebClientServer {
+@@ -339,6 +339,7 @@ export class WebClientServer {
  			userDataPath: this._environmentService.userDataPath,
  			isEnabledFileDownloads: !this._environmentService.args['disable-file-downloads'],
  			isEnabledFileUploads: !this._environmentService.args['disable-file-uploads'],
@@ -217,12 +217,12 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
  import { Disposable } from 'vs/base/common/lifecycle';
  import { IContextKeyService, IContextKey, setConstant as setConstantContextKey } from 'vs/platform/contextkey/common/contextkey';
  import { InputFocusedContext, IsMacContext, IsLinuxContext, IsWindowsContext, IsWebContext, IsMacNativeContext, IsDevelopmentContext, IsIOSContext, ProductQualityContext, IsMobileContext } from 'vs/platform/contextkey/common/contextkeys';
--import { SplitEditorsVertically, InEditorZenModeContext, ActiveEditorCanRevertContext, ActiveEditorGroupLockedContext, ActiveEditorCanSplitInGroupContext, SideBySideEditorActiveContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, ActiveEditorContext, EditorsVisibleContext, TextCompareEditorVisibleContext, TextCompareEditorActiveContext, ActiveEditorGroupEmptyContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsCenteredLayoutContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorReadonlyContext, MainEditorAreaVisibleContext, ActiveEditorAvailableEditorIdsContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, ActiveEditorCanToggleReadonlyContext, applyAvailableEditorIds, TitleBarVisibleContext, TitleBarStyleContext, MultipleEditorGroupsContext, IsAuxiliaryWindowFocusedContext, ActiveCompareEditorOriginalWriteableContext, IsEnabledFileDownloads, IsEnabledFileUploads } from 'vs/workbench/common/contextkeys';
-+import { SplitEditorsVertically, InEditorZenModeContext, ActiveEditorCanRevertContext, ActiveEditorGroupLockedContext, ActiveEditorCanSplitInGroupContext, SideBySideEditorActiveContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, ActiveEditorContext, EditorsVisibleContext, TextCompareEditorVisibleContext, TextCompareEditorActiveContext, ActiveEditorGroupEmptyContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsCenteredLayoutContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorReadonlyContext, MainEditorAreaVisibleContext, ActiveEditorAvailableEditorIdsContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, ActiveEditorCanToggleReadonlyContext, applyAvailableEditorIds, TitleBarVisibleContext, TitleBarStyleContext, MultipleEditorGroupsContext, IsAuxiliaryWindowFocusedContext, ActiveCompareEditorOriginalWriteableContext, IsEnabledFileDownloads, IsEnabledFileUploads, IsEnabledCoderGettingStarted, } from 'vs/workbench/common/contextkeys';
- import { TEXT_DIFF_EDITOR_ID, EditorInputCapabilities, SIDE_BY_SIDE_EDITOR_ID, EditorResourceAccessor, SideBySideEditor } from 'vs/workbench/common/editor';
+-import { SplitEditorsVertically, InEditorZenModeContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsMainEditorCenteredLayoutContext, MainEditorAreaVisibleContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, TitleBarVisibleContext, TitleBarStyleContext, IsAuxiliaryWindowFocusedContext, ActiveEditorGroupEmptyContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorGroupLockedContext, MultipleEditorGroupsContext, EditorsVisibleContext, IsEnabledFileDownloads, IsEnabledFileUploads } from 'vs/workbench/common/contextkeys';
++import { SplitEditorsVertically, InEditorZenModeContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsMainEditorCenteredLayoutContext, MainEditorAreaVisibleContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, TitleBarVisibleContext, TitleBarStyleContext, IsAuxiliaryWindowFocusedContext, ActiveEditorGroupEmptyContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorGroupLockedContext, MultipleEditorGroupsContext, EditorsVisibleContext, IsEnabledFileDownloads, IsEnabledFileUploads, IsEnabledCoderGettingStarted, } from 'vs/workbench/common/contextkeys';
  import { trackFocus, addDisposableListener, EventType, onDidRegisterWindow, getActiveWindow } from 'vs/base/browser/dom';
  import { preferredSideBySideGroupDirection, GroupDirection, IEditorGroupsService } from 'vs/workbench/services/editor/common/editorGroupsService';
-@@ -227,6 +227,7 @@ export class WorkbenchContextKeysHandler
+ import { IConfigurationService } from 'vs/platform/configuration/common/configuration';
+@@ -200,6 +200,7 @@ export class WorkbenchContextKeysHandler
  		// code-server
  		IsEnabledFileDownloads.bindTo(this.contextKeyService).set(this.environmentService.isEnabledFileDownloads ?? true)
  		IsEnabledFileUploads.bindTo(this.contextKeyService).set(this.environmentService.isEnabledFileUploads ?? true)

patches/integration.diff

@@ -184,7 +184,7 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/web.main.ts
  import { ITelemetryService } from 'vs/platform/telemetry/common/telemetry';
  import { IProgressService } from 'vs/platform/progress/common/progress';
  import { DelayedLogChannel } from 'vs/workbench/services/output/common/delayedLogChannel';
-@@ -130,6 +131,9 @@ export class BrowserMain extends Disposa
+@@ -131,6 +132,9 @@ export class BrowserMain extends Disposa
  		// Startup
  		const instantiationService = workbench.startup();
  
@@ -264,11 +264,11 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -306,6 +306,7 @@ export class WebClientServer {
+@@ -307,6 +307,7 @@ export class WebClientServer {
  		} : undefined;
  
- 		const productConfiguration = <Partial<IProductConfiguration>>{
+ 		const productConfiguration = {
 +			codeServerVersion: this._productService.codeServerVersion,
  			embedderIdentifier: 'server-distro',
- 			extensionsGallery: this._webExtensionResourceUrlTemplate ? {
+ 			extensionsGallery: this._webExtensionResourceUrlTemplate && this._productService.extensionsGallery ? {
  				...this._productService.extensionsGallery,

patches/keepalive.diff

@@ -0,0 +1,15 @@
+This can be removed after upgrading to Node >= 19 as keepAlive is defaulted to
+true after 19.
+
+Index: code-server/lib/vscode/src/vs/platform/request/node/proxy.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/request/node/proxy.ts
++++ code-server/lib/vscode/src/vs/platform/request/node/proxy.ts
+@@ -42,6 +42,7 @@ export async function getProxyAgent(rawR
+ 		port: (proxyEndpoint.port ? +proxyEndpoint.port : 0) || (proxyEndpoint.protocol === 'https' ? 443 : 80),
+ 		auth: proxyEndpoint.auth,
+ 		rejectUnauthorized: isBoolean(options.strictSSL) ? options.strictSSL : true,
++		keepAlive: true,
+ 	};
+ 
+ 	return requestURL.protocol === 'http:'

patches/local-storage.diff

@@ -18,9 +18,9 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -327,6 +327,7 @@ export class WebClientServer {
- 		const workbenchWebConfiguration = {
+@@ -329,6 +329,7 @@ export class WebClientServer {
  			remoteAuthority,
+ 			serverBasePath: this._basePath,
  			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
 +			userDataPath: this._environmentService.userDataPath,
  			_wrapWebWorkerExtHostInIframe,
@@ -30,7 +30,7 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/web.api.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
-@@ -277,6 +277,11 @@ export interface IWorkbenchConstructionO
+@@ -298,6 +298,11 @@ export interface IWorkbenchConstructionO
  	 */
  	readonly configurationDefaults?: Record<string, any>;
  

patches/logout.diff

@@ -28,11 +28,11 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
  
  	/* ----- server setup ----- */
  
-@@ -96,6 +97,7 @@ export const serverOptions: OptionDescri
+@@ -97,6 +98,7 @@ export const serverOptions: OptionDescri
  export interface ServerParsedArgs {
  	/* ----- code-server ----- */
  	'disable-update-check'?: boolean;
-+	'auth'?: string
++	'auth'?: string;
  
  	/* ----- server setup ----- */
  
@@ -40,14 +40,14 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -311,6 +311,7 @@ export class WebClientServer {
+@@ -312,6 +312,7 @@ export class WebClientServer {
  			codeServerVersion: this._productService.codeServerVersion,
  			rootEndpoint: base,
  			updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
 +			logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? base + '/logout' : undefined,
  			embedderIdentifier: 'server-distro',
  			extensionsGallery: this._productService.extensionsGallery,
- 		};
+ 		} satisfies Partial<IProductConfiguration>;
 Index: code-server/lib/vscode/src/vs/workbench/browser/client.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/client.ts

patches/marketplace.diff

@@ -40,8 +40,8 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -113,7 +113,7 @@ export class WebClientServer {
- 		const serverRootPath = getRemoteServerRootPath(_productService);
+@@ -114,7 +114,7 @@ export class WebClientServer {
+ 
  		this._staticRoute = `${serverRootPath}/static`;
  		this._callbackRoute = `${serverRootPath}/callback`;
 -		this._webExtensionRoute = `${serverRootPath}/web-extension-resource`;
@@ -49,40 +49,51 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
  	}
  
  	/**
-@@ -311,14 +311,7 @@ export class WebClientServer {
+@@ -312,14 +312,7 @@ export class WebClientServer {
  			codeServerVersion: this._productService.codeServerVersion,
  			rootEndpoint: base,
  			embedderIdentifier: 'server-distro',
--			extensionsGallery: this._webExtensionResourceUrlTemplate ? {
+-			extensionsGallery: this._webExtensionResourceUrlTemplate && this._productService.extensionsGallery ? {
 -				...this._productService.extensionsGallery,
--				'resourceUrlTemplate': this._webExtensionResourceUrlTemplate.with({
+-				resourceUrlTemplate: this._webExtensionResourceUrlTemplate.with({
 -					scheme: 'http',
 -					authority: remoteAuthority,
 -					path: `${this._webExtensionRoute}/${this._webExtensionResourceUrlTemplate.authority}${this._webExtensionResourceUrlTemplate.path}`
 -				}).toString(true)
 -			} : undefined
 +			extensionsGallery: this._productService.extensionsGallery,
- 		};
+ 		} satisfies Partial<IProductConfiguration>;
  
  		if (!this._environmentService.isBuilt) {
 Index: code-server/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
 +++ code-server/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
-@@ -16,7 +16,6 @@ import { getServiceMachineId } from 'vs/
- import { IStorageService } from 'vs/platform/storage/common/storage';
- import { TelemetryLevel } from 'vs/platform/telemetry/common/telemetry';
- import { getTelemetryLevel, supportsTelemetry } from 'vs/platform/telemetry/common/telemetryUtils';
--import { getRemoteServerRootPath } from 'vs/platform/remote/common/remoteHosts';
- import { TargetPlatform } from 'vs/platform/extensions/common/extensions';
+@@ -140,9 +140,9 @@ export abstract class AbstractExtensionR
+ 	}
+ 
+ 	protected _isWebExtensionResourceEndPoint(uri: URI): boolean {
+-		const uriPath = uri.path, serverRootPath = RemoteAuthorities.getServerRootPath();
+-		// test if the path starts with the server root path followed by the web extension resource end point segment
+-		return uriPath.startsWith(serverRootPath) && uriPath.startsWith(WEB_EXTENSION_RESOURCE_END_POINT_SEGMENT, serverRootPath.length);
++		const uriPath = uri.path;
++		// test if the path starts with the web extension resource end point segment
++		return uriPath.startsWith(WEB_EXTENSION_RESOURCE_END_POINT_SEGMENT);
+ 	}
+ 
+ }
+Index: code-server/lib/vscode/src/vs/platform/extensionManagement/node/extensionDownloader.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/extensionManagement/node/extensionDownloader.ts
++++ code-server/lib/vscode/src/vs/platform/extensionManagement/node/extensionDownloader.ts
+@@ -114,7 +114,10 @@ export class ExtensionsDownloader extend
+ 			return false;
+ 		}
+ 
++		return false
++		// @ts-expect-error
+ 		const value = this.configurationService.getValue('extensions.verifySignature');
++		// @ts-expect-error
+ 		return isBoolean(value) ? value : true;
+ 	}
  
- const WEB_EXTENSION_RESOURCE_END_POINT = 'web-extension-resource';
-@@ -77,7 +76,7 @@ export abstract class AbstractExtensionR
- 		private readonly _environmentService: IEnvironmentService,
- 		private readonly _configurationService: IConfigurationService,
- 	) {
--		this._webExtensionResourceEndPoint = `${getRemoteServerRootPath(_productService)}/${WEB_EXTENSION_RESOURCE_END_POINT}/`;
-+		this._webExtensionResourceEndPoint = `/${WEB_EXTENSION_RESOURCE_END_POINT}/`;
- 		if (_productService.extensionsGallery) {
- 			this._extensionGalleryResourceUrlTemplate = _productService.extensionsGallery.resourceUrlTemplate;
- 			this._extensionGalleryAuthority = this._extensionGalleryResourceUrlTemplate ? this._getExtensionGalleryAuthority(URI.parse(this._extensionGalleryResourceUrlTemplate)) : undefined;

patches/proposed-api.diff

@@ -26,7 +26,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/extensions/common/extens
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/common/extensionsProposedApi.ts
 +++ code-server/lib/vscode/src/vs/workbench/services/extensions/common/extensionsProposedApi.ts
-@@ -24,7 +24,7 @@ export class ExtensionsProposedApi {
+@@ -31,7 +31,7 @@ export class ExtensionsProposedApi {
  
  		this._envEnabledExtensions = new Set((_environmentService.extensionEnabledProposedApi ?? []).map(id => ExtensionIdentifier.toKey(id)));
  

patches/proxy-uri.diff

@@ -42,16 +42,16 @@ Index: code-server/lib/vscode/src/vs/platform/remote/browser/remoteAuthorityReso
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/remote/browser/remoteAuthorityResolverService.ts
 +++ code-server/lib/vscode/src/vs/platform/remote/browser/remoteAuthorityResolverService.ts
-@@ -34,7 +34,7 @@ export class RemoteAuthorityResolverServ
- 		isWorkbenchOptionsBasedResolution: boolean,
+@@ -35,7 +35,7 @@ export class RemoteAuthorityResolverServ
  		connectionToken: Promise<string> | string | undefined,
  		resourceUriProvider: ((uri: URI) => URI) | undefined,
+ 		serverBasePath: string | undefined,
 -		@IProductService productService: IProductService,
 +		@IProductService private readonly productService: IProductService,
  		@ILogService private readonly _logService: ILogService,
  	) {
  		super();
-@@ -85,9 +85,14 @@ export class RemoteAuthorityResolverServ
+@@ -86,9 +86,14 @@ export class RemoteAuthorityResolverServ
  		const connectionToken = await Promise.resolve(this._connectionTokens.get(authority) || this._connectionToken);
  		performance.mark(`code/didResolveConnectionToken/${authorityPrefix}`);
  		this._logService.info(`Resolved connection token (${authorityPrefix}) after ${sw.elapsed()} ms`);
@@ -71,19 +71,19 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -312,6 +312,7 @@ export class WebClientServer {
+@@ -313,6 +313,7 @@ export class WebClientServer {
  			rootEndpoint: base,
  			updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
  			logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? base + '/logout' : undefined,
 +			proxyEndpointTemplate: process.env.VSCODE_PROXY_URI ?? base + '/proxy/{{port}}/',
  			embedderIdentifier: 'server-distro',
  			extensionsGallery: this._productService.extensionsGallery,
- 		};
+ 		} satisfies Partial<IProductConfiguration>;
 Index: code-server/lib/vscode/src/vs/workbench/contrib/terminal/common/terminalEnvironment.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/terminal/common/terminalEnvironment.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/terminal/common/terminalEnvironment.ts
-@@ -271,7 +271,7 @@ export async function createTerminalEnvi
+@@ -291,7 +291,7 @@ export async function createTerminalEnvi
  
  		// Sanitize the environment, removing any undesirable VS Code and Electron environment
  		// variables
@@ -148,9 +148,9 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/remote/browser/remoteExpl
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/remote/browser/remoteExplorer.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/remote/browser/remoteExplorer.ts
-@@ -80,7 +80,7 @@ export class ForwardedPortsView extends
- 			this.contextKeyListener = undefined;
- 		}
+@@ -77,7 +77,7 @@ export class ForwardedPortsView extends
+ 	private async enableForwardedPortsView() {
+ 		this.contextKeyListener.clear();
  
 -		const viewEnabled: boolean = !!forwardedPortsViewEnabled.getValue(this.contextKeyService);
 +		const viewEnabled: boolean = true;

patches/series

@@ -19,3 +19,5 @@ display-language.diff
 cli-window-open.diff
 getting-started.diff
 safari.diff
+keepalive.diff
+clipboard.diff

patches/service-worker.diff

@@ -54,7 +54,7 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -313,6 +313,10 @@ export class WebClientServer {
+@@ -314,6 +314,10 @@ export class WebClientServer {
  			updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
  			logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? base + '/logout' : undefined,
  			proxyEndpointTemplate: process.env.VSCODE_PROXY_URI ?? base + '/proxy/{{port}}/',
@@ -64,4 +64,4 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 +			},
  			embedderIdentifier: 'server-distro',
  			extensionsGallery: this._productService.extensionsGallery,
- 		};
+ 		} satisfies Partial<IProductConfiguration>;

patches/sourcemaps.diff

@@ -10,7 +10,7 @@ Index: code-server/lib/vscode/build/gulpfile.reh.js
 ===================================================================
 --- code-server.orig/lib/vscode/build/gulpfile.reh.js
 +++ code-server/lib/vscode/build/gulpfile.reh.js
-@@ -235,8 +235,7 @@ function packageTask(type, platform, arc
+@@ -237,8 +237,7 @@ function packageTask(type, platform, arc
  
  		const src = gulp.src(sourceFolderName + '/**', { base: '.' })
  			.pipe(rename(function (path) { path.dirname = path.dirname.replace(new RegExp('^' + sourceFolderName), 'out'); }))
@@ -20,7 +20,7 @@ Index: code-server/lib/vscode/build/gulpfile.reh.js
  
  		const workspaceExtensionPoints = ['debuggers', 'jsonValidation'];
  		const isUIExtension = (manifest) => {
-@@ -275,9 +274,9 @@ function packageTask(type, platform, arc
+@@ -277,9 +276,9 @@ function packageTask(type, platform, arc
  			.map(name => `.build/extensions/${name}/**`);
  
  		const extensions = gulp.src(extensionPaths, { base: '.build', dot: true });
@@ -32,11 +32,11 @@ Index: code-server/lib/vscode/build/gulpfile.reh.js
  
  		let version = packageJson.version;
  		const quality = product.quality;
-@@ -432,7 +431,7 @@ function tweakProductForServerWeb(produc
+@@ -440,7 +439,7 @@ function tweakProductForServerWeb(produc
  	const minifyTask = task.define(`minify-vscode-${type}`, task.series(
  		optimizeTask,
  		util.rimraf(`out-vscode-${type}-min`),
--		optimize.minifyTask(`out-vscode-${type}`, `https://ticino.blob.core.windows.net/sourcemaps/${commit}/core`)
+-		optimize.minifyTask(`out-vscode-${type}`, `https://main.vscode-cdn.net/sourcemaps/${commit}/core`)
 +		optimize.minifyTask(`out-vscode-${type}`, ``)
  	));
  	gulp.task(minifyTask);

patches/store-socket.diff

@@ -94,10 +94,10 @@ Index: code-server/lib/vscode/src/vs/workbench/api/node/extensionHostProcess.ts
   *--------------------------------------------------------------------------------------------*/
  
 +import * as _http from 'http';
+ import minimist from 'minimist';
  import * as nativeWatchdog from 'native-watchdog';
  import * as net from 'net';
- import * as minimist from 'minimist';
-@@ -418,7 +419,28 @@ async function startExtensionHostProcess
+@@ -421,7 +422,28 @@ async function startExtensionHostProcess
  	);
  
  	// rewrite onTerminate-function to be a proper shutdown

patches/telemetry.diff

@@ -20,60 +20,96 @@ Index: code-server/lib/vscode/src/vs/server/node/serverServices.ts
  import { NullPolicyService } from 'vs/platform/policy/common/policy';
  import { OneDataSystemAppender } from 'vs/platform/telemetry/node/1dsAppender';
  import { LoggerService } from 'vs/platform/log/node/loggerService';
-@@ -149,7 +150,10 @@ export async function setupServerService
+@@ -147,11 +148,23 @@ export async function setupServerService
+ 	const requestService = new RequestService(configurationService, environmentService, logService, loggerService);
+ 	services.set(IRequestService, requestService);
+ 
++	let isContainer = undefined;
++	try {
++		await Promises.stat('/run/.containerenv');
++		isContainer = true;
++	} catch (error) { /* Does not exist, probably. */ }
++	if (!isContainer) {
++		try {
++			const content = await Promises.readFile('/proc/self/cgroup', 'utf8')
++			isContainer = content.includes('docker');
++		} catch (error) { /* Permission denied, probably. */ }
++	}
++
  	let oneDsAppender: ITelemetryAppender = NullAppender;
  	const isInternal = isInternalTelemetry(productService, configurationService);
  	if (supportsTelemetry(productService, environmentService)) {
 -		if (!isLoggingOnly(productService, environmentService) && productService.aiConfig?.ariaKey) {
-+		const telemetryEndpoint = process.env.CS_TELEMETRY_URL || "https://v1.telemetry.coder.com/track";
-+		if (telemetryEndpoint) {
-+			oneDsAppender = new OneDataSystemAppender(requestService, false, eventPrefix, null, () => new TelemetryClient(telemetryEndpoint));
-+		} else if (!isLoggingOnly(productService, environmentService) && productService.aiConfig?.ariaKey) {
- 			oneDsAppender = new OneDataSystemAppender(requestService, isInternal, eventPrefix, null, productService.aiConfig.ariaKey);
+-			oneDsAppender = new OneDataSystemAppender(requestService, isInternal, eventPrefix, null, productService.aiConfig.ariaKey);
++		if (!isLoggingOnly(productService, environmentService) && productService.telemetryEndpoint) {
++			oneDsAppender = new OneDataSystemAppender(requestService, isInternal, eventPrefix, null, () => new TelemetryClient(productService.telemetryEndpoint!, machineId, isContainer));
  			disposables.add(toDisposable(() => oneDsAppender?.flush())); // Ensure the AI appender is disposed so that it flushes remaining data
  		}
+ 
 Index: code-server/lib/vscode/src/vs/server/node/telemetryClient.ts
 ===================================================================
 --- /dev/null
 +++ code-server/lib/vscode/src/vs/server/node/telemetryClient.ts
-@@ -0,0 +1,49 @@
+@@ -0,0 +1,71 @@
 +import { AppInsightsCore, IExtendedTelemetryItem, ITelemetryItem } from '@microsoft/1ds-core-js';
 +import * as https from 'https';
 +import * as http from 'http';
 +import * as os from 'os';
 +
++interface SystemInfo {
++	measurements: Record<string, number | undefined>;
++	properties: Record<string, string | boolean | null | undefined>;
++}
++
 +export class TelemetryClient extends AppInsightsCore {
-+	public constructor(private readonly endpoint: string) {
++	private readonly systemInfo: SystemInfo = {
++		measurements: {},
++		properties: {},
++	};
++
++	public constructor(
++		private readonly endpoint: string,
++		machineId: string,
++		isContainer: boolean | undefined) {
 +		super();
++
++		// os.cpus() can take a very long time sometimes (personally I see 1-2
++		// seconds in a Coder workspace).  This adds up significantly, especially
++		// when many telemetry requests are sent during startup, which can cause
++		// connection timeouts.  Try to cache as much as we can.
++		try {
++			const cpus = os.cpus();
++			this.systemInfo.measurements.cores = cpus.length;
++			this.systemInfo.properties['common.cpuModel'] = cpus[0].model;
++		} catch (error) {}
++
++		try {
++			this.systemInfo.properties['common.shell'] = os.userInfo().shell;
++			this.systemInfo.properties['common.release'] = os.release();
++			this.systemInfo.properties['common.arch'] = os.arch();
++		} catch (error) {}
++
++		this.systemInfo.properties['common.remoteMachineId'] = machineId;
++		this.systemInfo.properties['common.isContainer'] = isContainer;
 +	}
 +
 +	public override track(item: IExtendedTelemetryItem | ITelemetryItem): void {
 +		const options = item.baseData || {}
-+		if (!options.properties) {
-+			options.properties = {};
++		options.measurements = {
++			...(options.measurements || {}),
++			...this.systemInfo.measurements,
 +		}
-+		if (!options.measurements) {
-+			options.measurements = {};
++		options.properties = {
++			...(options.properties || {}),
++			...this.systemInfo.properties,
 +		}
 +
 +		try {
-+			const cpus = os.cpus();
-+			options.measurements.cores = cpus.length;
-+			options.properties['common.cpuModel'] = cpus[0].model;
-+		} catch (error) {}
-+
-+		try {
 +			options.measurements.memoryFree = os.freemem();
 +			options.measurements.memoryTotal = os.totalmem();
 +		} catch (error) {}
 +
 +		try {
-+			options.properties['common.shell'] = os.userInfo().shell;
-+			options.properties['common.release'] = os.release();
-+			options.properties['common.arch'] = os.arch();
-+		} catch (error) {}
-+
-+		try {
 +			const request = (/^http:/.test(this.endpoint) ? http : https).request(this.endpoint, {
 +				method: 'POST',
 +				headers: {
@@ -90,11 +126,38 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -317,6 +317,7 @@ export class WebClientServer {
+@@ -318,6 +318,8 @@ export class WebClientServer {
  				scope: vscodeBase + '/',
  				path: base + '/_static/out/browser/serviceWorker.js',
  			},
 +			enableTelemetry: this._productService.enableTelemetry,
++			telemetryEndpoint: this._productService.telemetryEndpoint,
  			embedderIdentifier: 'server-distro',
  			extensionsGallery: this._productService.extensionsGallery,
- 		};
+ 		} satisfies Partial<IProductConfiguration>;
+Index: code-server/lib/vscode/src/vs/base/common/product.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/base/common/product.ts
++++ code-server/lib/vscode/src/vs/base/common/product.ts
+@@ -64,6 +64,7 @@ export interface IProductConfiguration {
+ 		readonly path: string;
+ 		readonly scope: string;
+ 	}
++	readonly telemetryEndpoint?: string
+ 
+ 	readonly version: string;
+ 	readonly date?: string;
+Index: code-server/lib/vscode/src/vs/platform/product/common/product.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/product/common/product.ts
++++ code-server/lib/vscode/src/vs/platform/product/common/product.ts
+@@ -55,7 +55,8 @@ else if (globalThis._VSCODE_PRODUCT_JSON
+ 			resourceUrlTemplate: "https://open-vsx.org/vscode/asset/{publisher}/{name}/{version}/Microsoft.VisualStudio.Code.WebResources/{path}",
+ 			controlUrl: "",
+ 			recommendationsUrl: "",
+-		})
++		}),
++		telemetryEndpoint: env.CS_TELEMETRY_URL || product.telemetryEndpoint || "https://v1.telemetry.coder.com/track",
+ 	});
+ }
+ 

patches/update-check.diff

@@ -105,14 +105,14 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -310,6 +310,7 @@ export class WebClientServer {
- 		const productConfiguration = <Partial<IProductConfiguration>>{
+@@ -311,6 +311,7 @@ export class WebClientServer {
+ 		const productConfiguration = {
  			codeServerVersion: this._productService.codeServerVersion,
  			rootEndpoint: base,
 +			updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
  			embedderIdentifier: 'server-distro',
  			extensionsGallery: this._productService.extensionsGallery,
- 		};
+ 		} satisfies Partial<IProductConfiguration>;
 Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
@@ -126,7 +126,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
  
  	/* ----- server setup ----- */
  
-@@ -92,6 +94,8 @@ export const serverOptions: OptionDescri
+@@ -93,6 +95,8 @@ export const serverOptions: OptionDescri
  };
  
  export interface ServerParsedArgs {

patches/webview.diff

@@ -54,10 +54,10 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -323,6 +323,7 @@ export class WebClientServer {
- 
+@@ -325,6 +325,7 @@ export class WebClientServer {
  		const workbenchWebConfiguration = {
  			remoteAuthority,
+ 			serverBasePath: this._basePath,
 +			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
  			_wrapWebWorkerExtHostInIframe,
  			developmentOptions: { enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined, logLevel: this._logService.getLevel() },
@@ -66,16 +66,16 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
 +++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
-@@ -5,7 +5,7 @@
- 	<meta charset="UTF-8">
+@@ -6,7 +6,7 @@
  
  	<meta http-equiv="Content-Security-Policy"
--		content="default-src 'none'; script-src 'sha256-frEVWVmmI4TWHGHXZaCTWqGQI9jv+i8hv+sOa87Gqlc=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
-+		content="default-src 'none'; script-src 'sha256-1BNp/IJ0Swu9k0gYe2BJz18zVYJ4emIdN3fjPgGScQI=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
+ 
+-	content="default-src 'none'; script-src 'sha256-dvxt5dlghGbz8hrqqochfoKEaHIMZ+yJVRvjJnGopzs=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
++	content="default-src 'none'; script-src 'sha256-gzcLnrLeKQp7L5f+d7tdtNmK8h1NxVu1TdCfnv9uU+o=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
+ 
  
  	<!-- Disable pinch zooming -->
- 	<meta name="viewport"
-@@ -339,6 +339,12 @@
+@@ -350,6 +350,12 @@
  
  				const hostname = location.hostname;
  
@@ -92,7 +92,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
 +++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
-@@ -338,6 +338,12 @@
+@@ -343,6 +343,12 @@
  
  				const hostname = location.hostname;
  

src/node/cli.ts

@@ -833,8 +833,8 @@ export interface CodeArgs extends UserProvidedCodeArgs {
   version: boolean
   "without-connection-token"?: boolean
   "without-browser-env-var"?: boolean
-  compatibility: string
-  log: string[] | undefined
+  compatibility?: string
+  log?: string[]
 }
 
 /**
@@ -843,15 +843,12 @@ export interface CodeArgs extends UserProvidedCodeArgs {
 export type SpawnCodeCli = (args: CodeArgs) => Promise<void>
 
 /**
- * Convert our arguments to VS Code server arguments.
+ * Convert our arguments to equivalent VS Code server arguments.
+ * Does not add any extra arguments.
  */
 export const toCodeArgs = async (args: DefaultedArgs): Promise<CodeArgs> => {
   return {
     ...args,
-    "accept-server-license-terms": true,
-    // This seems to be used to make the connection token flags optional (when
-    // set to 1.63) but we have always included them.
-    compatibility: "1.64",
     /** Type casting. */
     help: !!args.help,
     version: !!args.version,

src/node/http.ts

@@ -319,8 +319,8 @@ export const getCookieOptions = (req: express.Request): express.CookieOptions =>
   // URL of that page) and the relative path to the root as given to it by the
   // backend.  Using these two we can determine the true absolute root.
   const url = new URL(
-    req.query.base || req.body.base || "/",
-    req.query.href || req.body.href || "http://" + (req.headers.host || "localhost"),
+    req.query.base || req.body?.base || "/",
+    req.query.href || req.body?.href || "http://" + (req.headers.host || "localhost"),
   )
   return {
     domain: getCookieDomain(url.host, req.args["proxy-domain"]),

src/node/main.ts

@@ -52,12 +52,17 @@ export const runCodeCli = async (args: DefaultedArgs): Promise<void> => {
 
   try {
     await spawnCli(await toCodeArgs(args))
+    // Rather than have the caller handle errors and exit, spawnCli will exit
+    // itself.  Additionally, it does this on a timeout set to 0.  So, try
+    // waiting for VS Code to exit before giving up and doing it ourselves.
+    await new Promise((r) => setTimeout(r, 1000))
+    logger.warn("Code never exited")
+    process.exit(0)
   } catch (error: any) {
+    // spawnCli catches all errors, but just in case that changes.
     logger.error("Got error from Code", error)
     process.exit(1)
   }
-
-  process.exit(0)
 }
 
 export const openInExistingInstance = async (args: DefaultedArgs, socketPath: string): Promise<void> => {
@@ -159,6 +164,11 @@ export const runCodeServer = async (
     logger.info(`Session server listening on ${sessionServerAddress.toString()}`)
   }
 
+  if (process.env.EXTENSIONS_GALLERY) {
+    logger.info("Using custom extensions gallery")
+    logger.debug(`  - ${process.env.EXTENSIONS_GALLERY}`)
+  }
+
   if (args.enable && args.enable.length > 0) {
     logger.info("Enabling the following experimental features:")
     args.enable.forEach((feature) => {

src/node/routes/domainProxy.ts

@@ -53,7 +53,7 @@ const maybeProxy = (req: Request): string | undefined => {
   return undefined
 }
 
-router.all("*", async (req, res, next) => {
+router.all(/.*/, async (req, res, next) => {
   const port = maybeProxy(req)
   if (!port) {
     return next()
@@ -65,7 +65,7 @@ router.all("*", async (req, res, next) => {
   const isAuthenticated = await authenticated(req)
   if (!isAuthenticated) {
     // Let the assets through since they're used on the login page.
-    if (req.path.startsWith("/static/") && req.method === "GET") {
+    if (req.path.startsWith("/_static/") && req.method === "GET") {
       return next()
     }
 
@@ -97,7 +97,7 @@ router.all("*", async (req, res, next) => {
 
 export const wsRouter = WsRouter()
 
-wsRouter.ws("*", async (req, _, next) => {
+wsRouter.ws(/.*/, async (req, _, next) => {
   const port = maybeProxy(req)
   if (!port) {
     return next()

src/node/routes/index.ts

@@ -25,7 +25,7 @@ import * as login from "./login"
 import * as logout from "./logout"
 import * as pathProxy from "./pathProxy"
 import * as update from "./update"
-import { CodeServerRouteWrapper } from "./vscode"
+import * as vscode from "./vscode"
 
 /**
  * Register all routes and middleware.
@@ -109,21 +109,21 @@ export const register = async (app: App, args: DefaultedArgs): Promise<Disposabl
   app.router.use("/", domainProxy.router)
   app.wsRouter.use("/", domainProxy.wsRouter.router)
 
-  app.router.all("/proxy/(:port)(/*)?", async (req, res) => {
+  app.router.all("/proxy/:port/:path(.*)?", async (req, res) => {
     await pathProxy.proxy(req, res)
   })
-  app.wsRouter.get("/proxy/(:port)(/*)?", async (req) => {
+  app.wsRouter.get("/proxy/:port/:path(.*)?", async (req) => {
     await pathProxy.wsProxy(req as pluginapi.WebsocketRequest)
   })
   // These two routes pass through the path directly.
   // So the proxied app must be aware it is running
   // under /absproxy/<someport>/
-  app.router.all("/absproxy/(:port)(/*)?", async (req, res) => {
+  app.router.all("/absproxy/:port/:path(.*)?", async (req, res) => {
     await pathProxy.proxy(req, res, {
       passthroughPath: true,
     })
   })
-  app.wsRouter.get("/absproxy/(:port)(/*)?", async (req) => {
+  app.wsRouter.get("/absproxy/:port/:path(.*)?", async (req) => {
     await pathProxy.wsProxy(req as pluginapi.WebsocketRequest, {
       passthroughPath: true,
     })
@@ -170,12 +170,10 @@ export const register = async (app: App, args: DefaultedArgs): Promise<Disposabl
 
   app.router.use("/update", update.router)
 
-  const vsServerRouteHandler = new CodeServerRouteWrapper()
-
   // Note that the root route is replaced in Coder Enterprise by the plugin API.
   for (const routePrefix of ["/vscode", "/"]) {
-    app.router.use(routePrefix, vsServerRouteHandler.router)
-    app.wsRouter.use(routePrefix, vsServerRouteHandler.wsRouter)
+    app.router.use(routePrefix, vscode.router)
+    app.wsRouter.use(routePrefix, vscode.wsRouter.router)
   }
 
   app.router.use(() => {
@@ -188,6 +186,6 @@ export const register = async (app: App, args: DefaultedArgs): Promise<Disposabl
   return () => {
     heart.dispose()
     pluginApi?.dispose()
-    vsServerRouteHandler.dispose()
+    vscode.dispose()
   }
 }

src/node/routes/login.ts

@@ -68,8 +68,8 @@ router.get("/", async (req, res) => {
   res.send(await getRoot(req))
 })
 
-router.post<{}, string, { password: string; base?: string }, { to?: string }>("/", async (req, res) => {
-  const password = sanitizeString(req.body.password)
+router.post<{}, string, { password?: string; base?: string } | undefined, { to?: string }>("/", async (req, res) => {
+  const password = sanitizeString(req.body?.password)
   const hashedPasswordFromArgs = req.args["hashed-password"]
 
   try {

src/node/routes/pathProxy.ts

@@ -22,7 +22,7 @@ export async function proxy(
 
   if (!(await authenticated(req))) {
     // If visiting the root (/:port only) redirect to the login page.
-    if (!req.params[0] || req.params[0] === "/") {
+    if (!req.params.path || req.params.path === "/") {
       const to = self(req)
       return redirect(req, res, "login", {
         to: to !== "/" ? to : undefined,

src/node/routes/vscode.ts

@@ -14,203 +14,190 @@ import { SocketProxyProvider } from "../socket"
 import { isFile, loadAMDModule } from "../util"
 import { Router as WsRouter } from "../wsRouter"
 
+export const router = express.Router()
+
+export const wsRouter = WsRouter()
+
 /**
- * This is the API of Code's web client server.  code-server delegates requests
- * to Code here.
+ * The API of VS Code's web client server.  code-server delegates requests to VS
+ * Code here.
+ *
+ * @see ../../../lib/vscode/src/vs/server/node/server.main.ts:72
  */
-export interface IServerAPI {
+export interface IVSCodeServerAPI {
   handleRequest(req: http.IncomingMessage, res: http.ServerResponse): Promise<void>
   handleUpgrade(req: http.IncomingMessage, socket: net.Socket): void
   handleServerError(err: Error): void
   dispose(): void
 }
 
-// Types for ../../../lib/vscode/src/vs/server/node/server.main.ts:72.
-export type CreateServer = (address: string | net.AddressInfo | null, args: CodeArgs) => Promise<IServerAPI>
+// See ../../../lib/vscode/src/vs/server/node/server.main.ts:72.
+export type CreateServer = (address: string | net.AddressInfo | null, args: CodeArgs) => Promise<IVSCodeServerAPI>
 
-export class CodeServerRouteWrapper {
-  /** Assigned in `ensureCodeServerLoaded` */
-  private _codeServerMain!: IServerAPI
-  private _wsRouterWrapper = WsRouter()
-  private _socketProxyProvider = new SocketProxyProvider()
-  public router = express.Router()
-  private mintKeyPromise: Promise<Buffer> | undefined
-
-  public get wsRouter() {
-    return this._wsRouterWrapper.router
-  }
-
-  //#region Route Handlers
-
-  private manifest: express.Handler = async (req, res, next) => {
-    const appName = req.args["app-name"] || "code-server"
-    res.writeHead(200, { "Content-Type": "application/manifest+json" })
-
-    return res.end(
-      replaceTemplates(
-        req,
-        JSON.stringify(
-          {
-            name: appName,
-            short_name: appName,
-            start_url: ".",
-            display: "fullscreen",
-            display_override: ["window-controls-overlay"],
-            description: "Run Code on a remote server.",
-            icons: [192, 512].map((size) => ({
-              src: `{{BASE}}/_static/src/browser/media/pwa-icon-${size}.png`,
-              type: "image/png",
-              sizes: `${size}x${size}`,
-            })),
-          },
-          null,
-          2,
-        ),
-      ),
-    )
-  }
-
-  private mintKey: express.Handler = async (req, res, next) => {
-    if (!this.mintKeyPromise) {
-      this.mintKeyPromise = new Promise(async (resolve) => {
-        const keyPath = path.join(req.args["user-data-dir"], "serve-web-key-half")
-        logger.debug(`Reading server web key half from ${keyPath}`)
-        try {
-          resolve(await fs.readFile(keyPath))
-          return
-        } catch (error: any) {
-          if (error.code !== "ENOENT") {
-            logError(logger, `read ${keyPath}`, error)
-          }
-        }
-        // VS Code wants 256 bits.
-        const key = crypto.randomBytes(32)
-        try {
-          await fs.writeFile(keyPath, key)
-        } catch (error: any) {
-          logError(logger, `write ${keyPath}`, error)
-        }
-        resolve(key)
-      })
-    }
-    const key = await this.mintKeyPromise
-    res.end(key)
-  }
-
-  private $root: express.Handler = async (req, res, next) => {
-    const isAuthenticated = await authenticated(req)
-    const NO_FOLDER_OR_WORKSPACE_QUERY = !req.query.folder && !req.query.workspace
-    // Ew means the workspace was closed so clear the last folder/workspace.
-    const FOLDER_OR_WORKSPACE_WAS_CLOSED = req.query.ew
-
-    if (!isAuthenticated) {
-      const to = self(req)
-      return redirect(req, res, "login", {
-        to: to !== "/" ? to : undefined,
-      })
-    }
-
-    if (NO_FOLDER_OR_WORKSPACE_QUERY && !FOLDER_OR_WORKSPACE_WAS_CLOSED) {
-      const settings = await req.settings.read()
-      const lastOpened = settings.query || {}
-      // This flag disables the last opened behavior
-      const IGNORE_LAST_OPENED = req.args["ignore-last-opened"]
-      const HAS_LAST_OPENED_FOLDER_OR_WORKSPACE = lastOpened.folder || lastOpened.workspace
-      const HAS_FOLDER_OR_WORKSPACE_FROM_CLI = req.args._.length > 0
-      const to = self(req)
-
-      let folder = undefined
-      let workspace = undefined
-
-      // Redirect to the last folder/workspace if nothing else is opened.
-      if (HAS_LAST_OPENED_FOLDER_OR_WORKSPACE && !IGNORE_LAST_OPENED) {
-        folder = lastOpened.folder
-        workspace = lastOpened.workspace
-      } else if (HAS_FOLDER_OR_WORKSPACE_FROM_CLI) {
-        const lastEntry = path.resolve(req.args._[req.args._.length - 1])
-        const entryIsFile = await isFile(lastEntry)
-        const IS_WORKSPACE_FILE = entryIsFile && path.extname(lastEntry) === ".code-workspace"
-
-        if (IS_WORKSPACE_FILE) {
-          workspace = lastEntry
-        } else if (!entryIsFile) {
-          folder = lastEntry
-        }
-      }
-
-      if (folder || workspace) {
-        return redirect(req, res, to, {
-          folder,
-          workspace,
-        })
-      }
-    }
-
-    // Store the query parameters so we can use them on the next load.  This
-    // also allows users to create functionality around query parameters.
-    await req.settings.write({ query: req.query })
-
-    next()
-  }
-
-  private $proxyRequest: express.Handler = async (req, res, next) => {
-    this._codeServerMain.handleRequest(req, res)
-  }
-
-  private $proxyWebsocket = async (req: WebsocketRequest) => {
-    const wrappedSocket = await this._socketProxyProvider.createProxy(req.ws)
-    // This should actually accept a duplex stream but it seems Code has not
-    // been updated to match the Node 16 types so cast for now.  There does not
-    // appear to be any code specific to sockets so this should be fine.
-    this._codeServerMain.handleUpgrade(req, wrappedSocket as net.Socket)
-
-    req.ws.resume()
-  }
-
-  //#endregion
-
-  /**
-   * Fetches a code server instance asynchronously to avoid an initial memory overhead.
-   */
-  private ensureCodeServerLoaded: express.Handler = async (req, _res, next) => {
-    if (this._codeServerMain) {
-      // Already loaded...
-      return next()
-    }
-
-    // Create the server...
-
-    const { args } = req
-
-    // See ../../../lib/vscode/src/vs/server/node/server.main.ts:72.
-    const createVSServer = await loadAMDModule<CreateServer>("vs/server/node/server.main", "createServer")
-
-    try {
-      this._codeServerMain = await createVSServer(null, {
-        ...(await toCodeArgs(args)),
-        "without-connection-token": true,
-      })
-    } catch (error) {
-      logError(logger, "CodeServerRouteWrapper", error)
-      if (isDevMode) {
-        return next(new Error((error instanceof Error ? error.message : error) + " (VS Code may still be compiling)"))
-      }
-      return next(error)
-    }
+// The VS Code server is dynamically loaded in when a request is made to this
+// router by `ensureCodeServerLoaded`.
+let vscodeServer: IVSCodeServerAPI | undefined
 
+/**
+ * Ensure the VS Code server is loaded.
+ */
+export const ensureVSCodeLoaded = async (
+  req: express.Request,
+  _: express.Response,
+  next: express.NextFunction,
+): Promise<void> => {
+  if (vscodeServer) {
     return next()
   }
-
-  constructor() {
-    this.router.get("/", this.ensureCodeServerLoaded, this.$root)
-    this.router.get("/manifest.json", this.manifest)
-    this.router.post("/mint-key", this.mintKey)
-    this.router.all("*", ensureAuthenticated, this.ensureCodeServerLoaded, this.$proxyRequest)
-    this._wsRouterWrapper.ws("*", ensureOrigin, ensureAuthenticated, this.ensureCodeServerLoaded, this.$proxyWebsocket)
-  }
-
-  dispose() {
-    this._codeServerMain?.dispose()
-    this._socketProxyProvider.stop()
+  // See ../../../lib/vscode/src/vs/server/node/server.main.ts:72.
+  const createVSServer = await loadAMDModule<CreateServer>("vs/server/node/server.main", "createServer")
+  try {
+    vscodeServer = await createVSServer(null, {
+      ...(await toCodeArgs(req.args)),
+      "accept-server-license-terms": true,
+      // This seems to be used to make the connection token flags optional (when
+      // set to 1.63) but we have always included them.
+      compatibility: "1.64",
+      "without-connection-token": true,
+    })
+  } catch (error) {
+    logError(logger, "CodeServerRouteWrapper", error)
+    if (isDevMode) {
+      return next(new Error((error instanceof Error ? error.message : error) + " (VS Code may still be compiling)"))
+    }
+    return next(error)
   }
+  return next()
+}
+
+router.get("/", ensureVSCodeLoaded, async (req, res, next) => {
+  const isAuthenticated = await authenticated(req)
+  const NO_FOLDER_OR_WORKSPACE_QUERY = !req.query.folder && !req.query.workspace
+  // Ew means the workspace was closed so clear the last folder/workspace.
+  const FOLDER_OR_WORKSPACE_WAS_CLOSED = req.query.ew
+
+  if (!isAuthenticated) {
+    const to = self(req)
+    return redirect(req, res, "login", {
+      to: to !== "/" ? to : undefined,
+    })
+  }
+
+  if (NO_FOLDER_OR_WORKSPACE_QUERY && !FOLDER_OR_WORKSPACE_WAS_CLOSED) {
+    const settings = await req.settings.read()
+    const lastOpened = settings.query || {}
+    // This flag disables the last opened behavior
+    const IGNORE_LAST_OPENED = req.args["ignore-last-opened"]
+    const HAS_LAST_OPENED_FOLDER_OR_WORKSPACE = lastOpened.folder || lastOpened.workspace
+    const HAS_FOLDER_OR_WORKSPACE_FROM_CLI = req.args._.length > 0
+    const to = self(req)
+
+    let folder = undefined
+    let workspace = undefined
+
+    // Redirect to the last folder/workspace if nothing else is opened.
+    if (HAS_LAST_OPENED_FOLDER_OR_WORKSPACE && !IGNORE_LAST_OPENED) {
+      folder = lastOpened.folder
+      workspace = lastOpened.workspace
+    } else if (HAS_FOLDER_OR_WORKSPACE_FROM_CLI) {
+      const lastEntry = path.resolve(req.args._[req.args._.length - 1])
+      const entryIsFile = await isFile(lastEntry)
+      const IS_WORKSPACE_FILE = entryIsFile && path.extname(lastEntry) === ".code-workspace"
+
+      if (IS_WORKSPACE_FILE) {
+        workspace = lastEntry
+      } else if (!entryIsFile) {
+        folder = lastEntry
+      }
+    }
+
+    if (folder || workspace) {
+      return redirect(req, res, to, {
+        folder,
+        workspace,
+      })
+    }
+  }
+
+  // Store the query parameters so we can use them on the next load.  This
+  // also allows users to create functionality around query parameters.
+  await req.settings.write({ query: req.query })
+
+  next()
+})
+
+router.get("/manifest.json", async (req, res) => {
+  const appName = req.args["app-name"] || "code-server"
+  res.writeHead(200, { "Content-Type": "application/manifest+json" })
+
+  return res.end(
+    replaceTemplates(
+      req,
+      JSON.stringify(
+        {
+          name: appName,
+          short_name: appName,
+          start_url: ".",
+          display: "fullscreen",
+          display_override: ["window-controls-overlay"],
+          description: "Run Code on a remote server.",
+          icons: [192, 512].map((size) => ({
+            src: `{{BASE}}/_static/src/browser/media/pwa-icon-${size}.png`,
+            type: "image/png",
+            sizes: `${size}x${size}`,
+          })),
+        },
+        null,
+        2,
+      ),
+    ),
+  )
+})
+
+let mintKeyPromise: Promise<Buffer> | undefined
+router.post("/mint-key", async (req, res) => {
+  if (!mintKeyPromise) {
+    mintKeyPromise = new Promise(async (resolve) => {
+      const keyPath = path.join(req.args["user-data-dir"], "serve-web-key-half")
+      logger.debug(`Reading server web key half from ${keyPath}`)
+      try {
+        resolve(await fs.readFile(keyPath))
+        return
+      } catch (error: any) {
+        if (error.code !== "ENOENT") {
+          logError(logger, `read ${keyPath}`, error)
+        }
+      }
+      // VS Code wants 256 bits.
+      const key = crypto.randomBytes(32)
+      try {
+        await fs.writeFile(keyPath, key)
+      } catch (error: any) {
+        logError(logger, `write ${keyPath}`, error)
+      }
+      resolve(key)
+    })
+  }
+  const key = await mintKeyPromise
+  res.end(key)
+})
+
+router.all(/.*/, ensureAuthenticated, ensureVSCodeLoaded, async (req, res) => {
+  vscodeServer!.handleRequest(req, res)
+})
+
+const socketProxyProvider = new SocketProxyProvider()
+wsRouter.ws(/.*/, ensureOrigin, ensureAuthenticated, ensureVSCodeLoaded, async (req: WebsocketRequest) => {
+  const wrappedSocket = await socketProxyProvider.createProxy(req.ws)
+  // This should actually accept a duplex stream but it seems Code has not
+  // been updated to match the Node 16 types so cast for now.  There does not
+  // appear to be any code specific to sockets so this should be fine.
+  vscodeServer!.handleUpgrade(req, wrappedSocket as net.Socket)
+
+  req.ws.resume()
+})
+
+export function dispose() {
+  vscodeServer?.dispose()
+  socketProxyProvider.stop()
 }

src/node/update.ts

@@ -105,6 +105,7 @@ export class UpdateProvider {
         logger.debug("Making request", field("uri", uri))
         const isHttps = uri.startsWith("https")
         const agent = new ProxyAgent({
+          keepAlive: true,
           getProxyForUrl: () => httpProxyUri || "",
         })
         const httpx = isHttps ? https : http

src/node/vscodeSocket.ts

@@ -20,11 +20,11 @@ export interface EditorSessionEntry {
 }
 
 interface DeleteSessionRequest {
-  socketPath: string
+  socketPath?: string
 }
 
 interface AddSessionRequest {
-  entry: EditorSessionEntry
+  entry?: EditorSessionEntry
 }
 
 interface GetSessionResponse {
@@ -40,37 +40,42 @@ export async function makeEditorSessionManagerServer(
   // eslint-disable-next-line import/no-named-as-default-member
   router.use(express.json())
 
-  router.get("/session", async (req, res) => {
-    const filePath = req.query.filePath as string
-    if (!filePath) {
-      res.status(HttpCode.BadRequest).send("filePath is required")
+  router.get<{}, GetSessionResponse | string | unknown, undefined, { filePath?: string }>(
+    "/session",
+    async (req, res) => {
+      const filePath = req.query.filePath
+      if (!filePath) {
+        res.status(HttpCode.BadRequest).send("filePath is required")
+        return
+      }
+      try {
+        const socketPath = await editorSessionManager.getConnectedSocketPath(filePath)
+        const response: GetSessionResponse = { socketPath }
+        res.json(response)
+      } catch (error: unknown) {
+        res.status(HttpCode.ServerError).send(error)
+      }
+    },
+  )
+
+  router.post<{}, string, AddSessionRequest | undefined>("/add-session", async (req, res) => {
+    const entry = req.body?.entry
+    if (!entry) {
+      res.status(400).send("entry is required")
       return
     }
-    try {
-      const socketPath = await editorSessionManager.getConnectedSocketPath(filePath)
-      const response: GetSessionResponse = { socketPath }
-      res.json(response)
-    } catch (error: unknown) {
-      res.status(HttpCode.ServerError).send(error)
-    }
+    editorSessionManager.addSession(entry)
+    res.status(200).send("session added")
   })
 
-  router.post("/add-session", async (req, res) => {
-    const request = req.body as AddSessionRequest
-    if (!request.entry) {
-      res.status(400).send("entry is required")
-    }
-    editorSessionManager.addSession(request.entry)
-    res.status(200).send()
-  })
-
-  router.post("/delete-session", async (req, res) => {
-    const request = req.body as DeleteSessionRequest
-    if (!request.socketPath) {
+  router.post<{}, string, DeleteSessionRequest | undefined>("/delete-session", async (req, res) => {
+    const socketPath = req.body?.socketPath
+    if (!socketPath) {
       res.status(400).send("socketPath is required")
+      return
     }
-    editorSessionManager.deleteSession(request.socketPath)
-    res.status(200).send()
+    editorSessionManager.deleteSession(socketPath)
+    res.status(200).send("session deleted")
   })
 
   const server = http.createServer(router)

src/node/wrapper.ts

@@ -248,9 +248,10 @@ export class ParentProcess extends Process {
     const opts = {
       size: "10M",
       maxFiles: 10,
+      path: path.join(paths.data, "coder-logs"),
     }
-    this.logStdoutStream = rfs.createStream(path.join(paths.data, "coder-logs", "code-server-stdout.log"), opts)
-    this.logStderrStream = rfs.createStream(path.join(paths.data, "coder-logs", "code-server-stderr.log"), opts)
+    this.logStdoutStream = rfs.createStream("code-server-stdout.log", opts)
+    this.logStderrStream = rfs.createStream("code-server-stderr.log", opts)
 
     this.onDispose(() => this.disposeChild())
 

test/e2e/displayLang.test.ts

@@ -1,19 +0,0 @@
-import * as path from "path"
-import { describe, test, expect } from "./baseFixture"
-
-// Given a code-server environment with Spanish Language Pack extension installed
-// and a languagepacks.json in the data-dir
-describe(
-  "--locale es",
-  ["--disable-workspace-trust", "--extensions-dir", path.join(__dirname, "./extensions"), "--locale", "es"],
-  {},
-  () => {
-    test("should load code-server in Spanish", async ({ codeServerPage }) => {
-      // When
-      const visible = await codeServerPage.page.isVisible("text=Explorador")
-
-      // Then
-      expect(visible).toBe(true)
-    })
-  },
-)

test/e2e/extensions/ms-ceintl.vscode-language-pack-es-1.70.0/package.json

@@ -1,38 +0,0 @@
-{
-  "name": "vscode-language-pack-es",
-  "displayName": "Spanish Language Pack for Visual Studio Code",
-  "description": "Language pack extension for Spanish",
-  "version": "1.70.0",
-  "publisher": "MS-CEINTL",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/Microsoft/vscode-loc"
-  },
-  "engines": {
-    "vscode": "^1.70.0"
-  },
-  "categories": [
-    "Language Packs"
-  ],
-  "contributes": {
-    "localizations": [
-      {
-        "languageId": "es",
-        "languageName": "Spanish",
-        "localizedLanguageName": "español",
-        "translations": [
-          {
-            "id": "vscode",
-            "path": "./translations/main.i18n.json"
-          }
-        ]
-      }
-    ]
-  },
-  "__metadata": {
-    "id": "47e020a1-33db-4cc0-a1b4-42f97781749a",
-    "publisherDisplayName": "MS-CEINTL",
-    "publisherId": "0b0882c3-aee3-4d7c-b5f9-872f9be0a115",
-    "isPreReleaseVersion": false
-  }
-}

test/e2e/extensions/ms-ceintl.vscode-language-pack-es-1.70.0/translations/main.i18n.json

@@ -1,15 +0,0 @@
-{
-  "": [
-    "--------------------------------------------------------------------------------------------",
-    "Copyright (c) Microsoft Corporation. All rights reserved.",
-    "Licensed under the MIT License. See License.txt in the project root for license information.",
-    "--------------------------------------------------------------------------------------------",
-    "Do not edit this file. It is machine generated."
-  ],
-  "version": "1.0.0",
-  "contents": {
-    "vs/workbench/contrib/files/browser/explorerViewlet": {
-      "explore": "Explorador"
-    }
-  }
-}

test/integration/installExtension.test.ts

@@ -13,9 +13,10 @@ describe("--install-extension", () => {
   })
   it("should use EXTENSIONS_GALLERY when set", async () => {
     const extName = "author.extension"
-    const { stderr } = await runCodeServerCommand([...setupFlags, "--install-extension", extName], {
-      EXTENSIONS_GALLERY: "{}",
-    })
-    expect(stderr).toMatch("No extension gallery service configured")
+    await expect(
+      runCodeServerCommand([...setupFlags, "--install-extension", extName], {
+        EXTENSIONS_GALLERY: "{}",
+      }),
+    ).rejects.toThrow("No extension gallery service configured")
   })
 })

test/unit/node/cli.test.ts

@@ -912,8 +912,6 @@ cert: false`)
 describe("toCodeArgs", () => {
   const vscodeDefaults = {
     ...defaults,
-    "accept-server-license-terms": true,
-    compatibility: "1.64",
     help: false,
     port: "8080",
     version: false,

test/unit/node/proxy.test.ts

@@ -199,7 +199,7 @@ describe("proxy", () => {
   })
 
   it("should proxy non-ASCII", async () => {
-    e.get("*", (req, res) => {
+    e.get(/.*/, (req, res) => {
       res.json("ほげ")
     })
     codeServer = await integration.setup(["--auth=none"], "")
@@ -211,7 +211,7 @@ describe("proxy", () => {
 
   it("should not double-encode query variables", async () => {
     const spy = jest.fn()
-    e.get("*", (req, res) => {
+    e.get(/.*/, (req, res) => {
       spy([req.originalUrl, req.query])
       res.end()
     })

test/unit/node/routes/login.test.ts

@@ -68,13 +68,10 @@ describe("login", () => {
       }
     })
 
-    it("should return HTML with 'Missing password' message", async () => {
+    it("should return 'Missing password' without body", async () => {
       const resp = await codeServer().fetch("/login", { method: "POST" })
-
-      expect(resp.status).toBe(200)
-
       const htmlContent = await resp.text()
-
+      expect(resp.status).toBe(200)
       expect(htmlContent).toContain("Missing password")
     })
 

test/unit/node/settings.test.ts

@@ -29,7 +29,7 @@ describe("settings", () => {
       const settings = new SettingsProvider<CoderSettings>(pathToMockSettingsFile)
       await settings.read()
       // This happens when we can't parse a JSON (usually error in file)
-      expect(logger.warn).toHaveBeenCalledWith("Unexpected token t in JSON at position 29")
+      expect(logger.warn).toHaveBeenCalledWith(expect.stringMatching(/Unexpected token/))
     })
   })
   describe("with invalid settings file path", () => {

test/yarn.lock

@@ -1198,11 +1198,11 @@ brace-expansion@^1.1.7:
     concat-map "0.0.1"
 
 braces@^3.0.1:
-  version "3.0.2"
-  resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.2.tgz#3454e1a462ee8d599e236df336cd9ea4f8afe107"
-  integrity sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789"
+  integrity sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==
   dependencies:
-    fill-range "^7.0.1"
+    fill-range "^7.1.1"
 
 browser-process-hrtime@^1.0.0:
   version "1.0.0"
@@ -1668,10 +1668,10 @@ fd-slicer@~1.1.0:
   dependencies:
     pend "~1.2.0"
 
-fill-range@^7.0.1:
-  version "7.0.1"
-  resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.0.1.tgz#1919a6a7c75fe38b2c7c77e5198535da9acdda40"
-  integrity sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==
+fill-range@^7.1.1:
+  version "7.1.1"
+  resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.1.1.tgz#44265d3cac07e3ea7dc247516380643754a05292"
+  integrity sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==
   dependencies:
     to-regex-range "^5.0.1"
 
@@ -1906,9 +1906,9 @@ inherits@2, inherits@^2.0.3:
   integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
 
 ip@^1.1.5:
-  version "1.1.5"
-  resolved "https://registry.yarnpkg.com/ip/-/ip-1.1.5.tgz#bdded70114290828c0a039e72ef25f5aaec4354a"
-  integrity sha1-vd7XARQpCCjAoDnnLvJfWq7ENUo=
+  version "1.1.9"
+  resolved "https://registry.yarnpkg.com/ip/-/ip-1.1.9.tgz#8dfbcc99a754d07f425310b86a99546b1151e396"
+  integrity sha512-cyRxvOEpNHNtchU3Ln9KC/auJgup87llfQpQ+t5ghoC/UhL16SWzbueiCsdTnWmqAWl7LadfuwhlqmtOaqMHdQ==
 
 is-core-module@^2.8.0:
   version "2.8.1"
@@ -2626,6 +2626,11 @@ minipass@^3.0.0:
   dependencies:
     yallist "^4.0.0"
 
+minipass@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/minipass/-/minipass-5.0.0.tgz#3e9788ffb90b694a5d0ec94479a45b5d8738133d"
+  integrity sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==
+
 minizlib@^2.1.1:
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-2.1.2.tgz#e90d3466ba209b932451508a11ce3d3632145931"
@@ -3293,13 +3298,13 @@ symbol-tree@^3.2.4:
   integrity sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==
 
 tar@^6.1.11, tar@^6.1.9:
-  version "6.1.11"
-  resolved "https://registry.yarnpkg.com/tar/-/tar-6.1.11.tgz#6760a38f003afa1b2ffd0ffe9e9abbd0eab3d621"
-  integrity sha512-an/KZQzQUkZCkuoAA64hM92X0Urb6VpRhAFllDzz44U2mcD5scmT3zBc4VgVpkugF580+DQn8eAFSyoQt0tznA==
+  version "6.2.1"
+  resolved "https://registry.yarnpkg.com/tar/-/tar-6.2.1.tgz#717549c541bc3c2af15751bea94b1dd068d4b03a"
+  integrity sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==
   dependencies:
     chownr "^2.0.0"
     fs-minipass "^2.0.0"
-    minipass "^3.0.0"
+    minipass "^5.0.0"
     minizlib "^2.1.1"
     mkdirp "^1.0.3"
     yallist "^4.0.0"
@@ -3539,9 +3544,9 @@ write-file-atomic@^3.0.0:
     typedarray-to-buffer "^3.1.5"
 
 ws@^7.4.6:
-  version "7.5.6"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.6.tgz#e59fc509fb15ddfb65487ee9765c5a51dec5fe7b"
-  integrity sha512-6GLgCqo2cy2A2rjCNFlxQS6ZljG/coZfZXclldI8FB/1G3CCI36Zd8xy2HrFVACi8tfk5XrgLQEk+P0Tnz9UcA==
+  version "7.5.10"
+  resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.10.tgz#58b5c20dc281633f6c19113f39b349bd8bd558d9"
+  integrity sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==
 
 wtfnode@^0.9.1:
   version "0.9.1"