Update changelog

It has been broken for a long time (No available formula with the name
"code-server") but it looks like they have their own bot publishing
updates anyway.

.eslintrc.yaml

@@ -1,43 +0,0 @@
-parser: "@typescript-eslint/parser"
-env:
-  browser: true
-  es6: true # Map, etc.
-  jest: true
-  node: true
-
-parserOptions:
-  ecmaVersion: 2018
-  sourceType: module
-
-extends:
-  - eslint:recommended
-  - plugin:@typescript-eslint/recommended
-  - plugin:import/recommended
-  - plugin:import/typescript
-  - plugin:prettier/recommended
-  # Prettier should always be last
-  # Removes eslint rules that conflict with prettier.
-  - prettier
-
-rules:
-  # Sometimes you need to add args to implement a function signature even
-  # if they are unused.
-  "@typescript-eslint/no-unused-vars": ["error", { "args": "none" }]
-  # For overloads.
-  no-dupe-class-members: off
-  "@typescript-eslint/no-use-before-define": off
-  "@typescript-eslint/no-non-null-assertion": off
-  "@typescript-eslint/ban-types": off
-  "@typescript-eslint/no-var-requires": off
-  "@typescript-eslint/explicit-module-boundary-types": off
-  "@typescript-eslint/no-explicit-any": off
-  "@typescript-eslint/no-extra-semi": off
-  eqeqeq: error
-  import/order:
-    [error, { alphabetize: { order: "asc" }, groups: [["builtin", "external", "internal"], "parent", "sibling"] }]
-  no-async-promise-executor: off
-
-settings:
-  import/resolver:
-    typescript:
-      alwaysTryTypes: true

.git-blame-ignore-revs

@@ -0,0 +1,2 @@
+# Prettier 3.4.2
+9b0340a09276f93c054d705d1b9a5f24cc5dbc97

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -1,6 +1,5 @@
 name: Bug report
 description: File a bug report
-title: "[Bug]: "
 labels: ["bug", "triage"]
 body:
   - type: checkboxes
@@ -10,6 +9,7 @@ body:
       options:
         - label: I have searched the existing issues
           required: true
+
   - type: textarea
     attributes:
       label: OS/Web Information
@@ -20,6 +20,8 @@ body:
           - **Remote OS**: Ubuntu
           - **Remote Architecture**: amd64
           - **`code-server --version`**: 4.0.1
+
+        Please do not just put "latest" for the version.
       value: |
         - Web Browser:
         - Local OS:
@@ -28,58 +30,94 @@ body:
         - `code-server --version`:
     validations:
       required: true
+
   - type: textarea
     attributes:
       label: Steps to Reproduce
       description: |
-        1. open code-server
-        2. install extension
-        3. run command
+        Please describe exactly how to reproduce the bug. For example:
+        1. Open code-server in Firefox
+        2. Install extension `foo.bar` from the extensions sidebar
+        3. Run command `foo.bar.baz`
       value: |
-        1. 
+        1.
         2.
         3.
     validations:
       required: true
+
   - type: textarea
     attributes:
       label: Expected
       description: What should happen?
     validations:
       required: true
+
   - type: textarea
     attributes:
       label: Actual
       description: What actually happens?
     validations:
       required: true
+
   - type: textarea
     id: logs
     attributes:
       label: Logs
-      description: Run code-server with the --verbose flag and then paste any relevant logs from the server, from the browser console and/or the browser network tab. For issues with installation, include installation logs (i.e. output of `yarn global add code-server`).
+      description: Run code-server with the --verbose flag and then paste any relevant logs from the server, from the browser console and/or the browser network tab. For issues with installation, include installation logs (i.e. output of `npm install -g code-server`).
+      render: shell
+
   - type: textarea
     attributes:
       label: Screenshot/Video
       description: Please include a screenshot, gif or screen recording of your issue.
     validations:
       required: false
+
+  - type: dropdown
+    attributes:
+      label: Does this bug reproduce in native VS Code?
+      description: If the bug reproduces in native VS Code, submit the issue upstream instead (https://github.com/microsoft/vscode).
+      options:
+        - Yes, this is also broken in native VS Code
+        - No, this works as expected in native VS Code
+        - This cannot be tested in native VS Code
+        - I did not test native VS Code
+    validations:
+      required: true
+
+  - type: dropdown
+    attributes:
+      label: Does this bug reproduce in VS Code web?
+      description: If the bug reproduces in VS Code web, submit the issue upstream instead (https://github.com/microsoft/vscode). You can run VS Code web with `code serve-web`.
+      options:
+        - Yes, this is also broken in VS Code web
+        - No, this works as expected in VS Code web
+        - This cannot be tested in VS Code web
+        - I did not test VS Code web
+    validations:
+      required: true
+
+  - type: dropdown
+    attributes:
+      label: Does this bug reproduce in GitHub Codespaces?
+      description: If the bug reproduces in GitHub Codespaces, submit the issue upstream instead (https://github.com/microsoft/vscode).
+      options:
+        - Yes, this is also broken in GitHub Codespaces
+        - No, this works as expected in GitHub Codespaces
+        - This cannot be tested in GitHub Codespaces
+        - I did not test GitHub Codespaces
+    validations:
+      required: true
+
   - type: checkboxes
     attributes:
-      label: Does this issue happen in VS Code or GitHub Codespaces?
-      description: Please try reproducing this issue in VS Code or GitHub Codespaces
+      label: Are you accessing code-server over a secure context?
+      description: code-server relies on service workers (which only work in secure contexts) for many features. Double-check that you are using a secure context like HTTPS or localhost.
       options:
-        - label: I cannot reproduce this in VS Code.
-          required: true
-        - label: I cannot reproduce this in GitHub Codespaces.
-          required: true
-  - type: checkboxes
-    attributes:
-      label: Are you accessing code-server over HTTPS?
-      description: code-server relies on service workers for many features. Double-check that you are using HTTPS.
-      options:
-        - label: I am using HTTPS.
-          required: true
+        - label: I am using a secure context.
+          required: false
+
   - type: textarea
     attributes:
       label: Notes

.github/ISSUE_TEMPLATE/doc.md

@@ -1,9 +1,7 @@
 ---
 name: Documentation improvement
 about: Suggest a documentation improvement
-title: "[Docs]: "
 labels: "docs"
-assignees: "@jsjoeio"
 ---
 
 ## What is your suggestion?

.github/ISSUE_TEMPLATE/feature-request.md

@@ -1,9 +1,7 @@
 ---
 name: Feature request
 about: Suggest an idea to improve code-server
-title: "[Feat]: "
 labels: enhancement
-assignees: ""
 ---
 
 ## What is your suggestion?

.github/PULL_REQUEST_TEMPLATE/release_template.md

@@ -1,17 +0,0 @@
-<!-- Note: this variable $CODE_SERVER_VERSION_TO_UPDATE will be set when you run the release-prep.sh script with `yarn release:prep` -->
-
-This PR is to generate a new release of `code-server` at `$CODE_SERVER_VERSION_TO_UPDATE`
-
-## Screenshot
-
-TODO
-
-## TODOs
-
-Follow "Publishing a release" steps in `ci/README.md`
-
-<!-- Note some of these steps below are redundant since they're listed in the "Publishing a release" docs -->
-
-- [ ] update `CHANGELOG.md`
-- [ ] manually run "Draft release" workflow after merging this PR
-- [ ] merge PR opened in [code-server-aur](https://github.com/coder/code-server-aur)

.github/ranger.yml

@@ -1,29 +0,0 @@
-# Configuration for the repo ranger bot
-# See docs: https://www.notion.so/Documentation-8d7627bb1f3c42b7b1820e8d6f157a57#9879d1374fab4d1f9c607c230fd5123d
-default:
-  close:
-    # Default time to wait before closing the label. Can either be a number in milliseconds
-    # or a string specified by the `ms` package (https://www.npmjs.com/package/ms)
-    delay: "2 days"
-
-    # Default comment to post when an issue is first marked with a closing label
-    comment: "⚠️ This issue has been marked $LABEL and will be closed in $DELAY."
-
-labels:
-  duplicate: close
-  wontfix: close
-  "squash when passing": merge
-  "rebase when passing": merge
-  "merge when passing": merge
-  "new contributor":
-    action: comment
-    delay: 5s
-    message: "Thanks for making your first contribution! :slightly_smiling_face:"
-  "upstream:vscode":
-    action: close
-    delay: 5s
-    comment: >
-      This issue has been marked as 'upstream:vscode'.
-      Please file this upstream: [link to open issue](https://github.com/microsoft/vscode/issues/new/choose)
-
-      This issue will automatically close in $DELAY.

.github/workflows/build.yaml

@@ -19,377 +19,278 @@ concurrency:
 # this ensures that it only executes if all previous jobs succeeded.
 
 # if: steps.cache-node-modules.outputs.cache-hit != 'true'
-# will skip running `yarn install` if it successfully fetched from cache
+# will skip running `npm install` if it successfully fetched from cache
 
 jobs:
-  prettier:
-    name: Format with Prettier
-    runs-on: ubuntu-20.04
-    timeout-minutes: 5
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      ci: ${{ steps.filter.outputs.ci }}
+      code: ${{ steps.filter.outputs.code }}
+      deps: ${{ steps.filter.outputs.deps }}
+      docs: ${{ steps.filter.outputs.docs }}
+      helm: ${{ steps.filter.outputs.helm }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
-
-      - name: Run prettier with actionsx/prettier
-        uses: actionsx/prettier@v2
+        uses: actions/checkout@v6
+      - name: Check changed files
+        uses: dorny/paths-filter@v3
+        id: filter
         with:
-          args: --check --loglevel=warn .
+          filters: |
+            ci:
+              - ".github/**"
+              - "ci/**"
+            docs:
+              - "docs/**"
+              - "README.md"
+              - "CHANGELOG.md"
+            helm:
+              - "ci/helm-chart/**"
+            code:
+              - "src/**"
+              - "test/**"
+            deps:
+              - "lib/**"
+              - "patches/**"
+              - "package-lock.json"
+              - "test/package-lock.json"
+      - id: debug
+        run: |
+          echo "${{ toJSON(steps.filter )}}"
+
+  prettier:
+    name: Run prettier check
+    runs-on: ubuntu-22.04
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
+        with:
+          node-version-file: .node-version
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - run: npx prettier --check .
 
   doctoc:
     name: Doctoc markdown files
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 5
+    needs: changes
+    if: needs.changes.outputs.docs == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v3
-
-      - name: Get changed files
-        id: changed-files
-        uses: tj-actions/changed-files@v26.1
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
-          files: |
-            docs/**
-
-      - name: Install Node.js v16
-        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: actions/setup-node@v3
-        with:
-          node-version: "16"
-          cache: "yarn"
-
-      - name: Install doctoc
-        run: yarn global add doctoc@2.2.1
-
-      - name: Run doctoc
-        if: steps.changed-files.outputs.any_changed == 'true'
-        run: yarn doctoc
+          node-version-file: .node-version
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - run: npm run doctoc
 
   lint-helm:
     name: Lint Helm chart
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 5
+    needs: changes
+    if: needs.changes.outputs.helm == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 2
-
-      - name: Get changed files
-        id: changed-files
-        uses: tj-actions/changed-files@v26.1
-        with:
-          files: |
-            ci/helm-chart/**
-
-      - name: Install helm
-        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: azure/setup-helm@v3.5
+      - uses: actions/checkout@v6
+      - uses: azure/setup-helm@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Install helm kubeval plugin
-        if: steps.changed-files.outputs.any_changed == 'true'
-        run: helm plugin install https://github.com/instrumenta/helm-kubeval
-
-      - name: Lint Helm chart
-        if: steps.changed-files.outputs.any_changed == 'true'
-        run: helm kubeval ci/helm-chart
+      - run: helm plugin install https://github.com/instrumenta/helm-kubeval
+      - run: helm kubeval ci/helm-chart
 
   lint-ts:
     name: Lint TypeScript files
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 5
+    needs: changes
+    if: needs.changes.outputs.code == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v3
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
-          fetch-depth: 2
-
-      - name: Get changed files
-        id: changed-files
-        uses: tj-actions/changed-files@v26.1
-        with:
-          files: |
-            **/*.ts
-            **/*.js
-          files_ignore: |
-            lib/vscode/**
-
-      - name: Install Node.js v16
-        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: actions/setup-node@v3
-        with:
-          node-version: "16"
-
-      - name: Fetch dependencies from cache
-        if: steps.changed-files.outputs.any_changed == 'true'
-        id: cache-node-modules
-        uses: actions/cache@v3
-        with:
-          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-
-
-      - name: Install dependencies
-        if: steps.changed-files.outputs.any_changed == 'true' && steps.cache-node-modules.outputs.cache-hit != 'true'
-        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
-
-      - name: Lint TypeScript files
-        if: steps.changed-files.outputs.any_changed == 'true'
-        run: yarn lint:ts
+          node-version-file: .node-version
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - run: npm run lint:ts
 
   lint-actions:
     name: Lint GitHub Actions
     runs-on: ubuntu-latest
+    needs: changes
+    if: needs.changes.outputs.ci == 'true'
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
       - name: Check workflow files
         run: |
-          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash)
-          ./actionlint -color -shellcheck= -ignore "set-output"
+          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.7.9
+          ./actionlint -color -shellcheck= -ignore "softprops/action-gh-release"
         shell: bash
 
   test-unit:
     name: Run unit tests
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 5
+    needs: changes
+    if: needs.changes.outputs.code == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v3
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
-          fetch-depth: 2
-
-      - name: Get changed files
-        id: changed-files
-        uses: tj-actions/changed-files@v26.1
-        with:
-          files: |
-            **/*.ts
-          files_ignore: |
-            lib/vscode/**
-
-      - name: Install Node.js v16
-        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: actions/setup-node@v3
-        with:
-          node-version: "16"
-
-      - name: Fetch dependencies from cache
-        if: steps.changed-files.outputs.any_changed == 'true'
-        id: cache-node-modules
-        uses: actions/cache@v3
-        with:
-          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-
-
-      - name: Install dependencies
-        if: steps.changed-files.outputs.any_changed == 'true' && steps.cache-node-modules.outputs.cache-hit != 'true'
-        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
-
-      - name: Run unit tests
-        if: steps.changed-files.outputs.any_changed == 'true'
-        run: yarn test:unit
-
-      - name: Upload coverage report to Codecov
-        uses: codecov/codecov-action@v3
+          node-version-file: .node-version
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - run: npm run test:unit
+      - uses: codecov/codecov-action@v5
+        if: success()
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
-        if: success()
 
   build:
     name: Build code-server
-    runs-on: ubuntu-20.04
-    timeout-minutes: 30
+    runs-on: ubuntu-22.04
+    timeout-minutes: 70
     env:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+      DISABLE_V8_COMPILE_CACHE: 1
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v3
+      - uses: actions/checkout@v6
         with:
           submodules: true
-
-      - name: Install quilt
-        uses: awalsh128/cache-apt-pkgs-action@latest
+      - run: sudo apt update && sudo apt install -y libkrb5-dev
+      - uses: awalsh128/cache-apt-pkgs-action@latest
         with:
           packages: quilt
           version: 1.0
-
-      - name: Patch Code
-        run: quilt push -a
-
-      - name: Install Node.js v16
-        uses: actions/setup-node@v3
+      - run: quilt push -a
+      - uses: actions/setup-node@v6
         with:
-          node-version: "16"
-
-      - name: Fetch dependencies from cache
-        id: cache-node-modules
-        uses: actions/cache@v3
-        with:
-          path: "**/node_modules"
-          key: yarn-build-code-server-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-code-server-
-
-      - name: Install dependencies
-        if: steps.cache-node-modules.outputs.cache-hit != 'true'
-        run: yarn --frozen-lockfile
-
-      - name: Build code-server
+          node-version-file: .node-version
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - run: npm run build
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: yarn build
-
       # Get Code's git hash.  When this changes it means the content is
       # different and we need to rebuild.
       - name: Get latest lib/vscode rev
         id: vscode-rev
-        run: echo "::set-output name=rev::$(git rev-parse HEAD:./lib/vscode)"
-
+        run: echo "rev=$(git rev-parse HEAD:./lib/vscode)" >> $GITHUB_OUTPUT
       # We need to rebuild when we have a new version of Code, when any of
       # the patches changed, or when the code-server version changes (since
       # it gets embedded into the code).  Use VSCODE_CACHE_VERSION to
       # force a rebuild.
       - name: Fetch prebuilt Code package from cache
         id: cache-vscode
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: lib/vscode-reh-web-*
           key: vscode-reh-package-${{ secrets.VSCODE_CACHE_VERSION }}-${{ steps.vscode-rev.outputs.rev }}-${{ hashFiles('patches/*.diff', 'ci/build/build-vscode.sh') }}
-
       - name: Build vscode
         env:
           VERSION: "0.0.0"
         if: steps.cache-vscode.outputs.cache-hit != 'true'
-        run: yarn build:vscode
-
+        run: |
+          pushd lib/vscode
+          npm ci
+          popd
+          npm run build:vscode
       # The release package does not contain any native modules
       # and is neutral to architecture/os/libc version.
-      - name: Create release package
-        run: yarn release
+      - run: npm run release
         if: success()
-
       # https://github.com/actions/upload-artifact/issues/38
-      - name: Compress release package
-        run: tar -czf package.tar.gz release
-
-      - name: Upload npm package artifact
-        uses: actions/upload-artifact@v3
+      - run: tar -czf package.tar.gz release
+      - uses: actions/upload-artifact@v4
         with:
           name: npm-package
           path: ./package.tar.gz
 
   test-e2e:
     name: Run e2e tests
-    needs: build
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 25
+    needs: [changes, build]
+    if: needs.changes.outputs.code == 'true' || needs.changes.outputs.deps == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v3
-
-      - name: Install Node.js v16
-        uses: actions/setup-node@v3
+      - uses: actions/checkout@v6
+      - run: sudo apt update && sudo apt install -y libkrb5-dev
+      - uses: actions/setup-node@v6
         with:
-          node-version: "16"
-
-      - name: Fetch dependencies from cache
-        id: cache-node-modules
-        uses: actions/cache@v3
-        with:
-          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-
-
-      - name: Download npm package
-        uses: actions/download-artifact@v3
+          node-version-file: .node-version
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - uses: actions/download-artifact@v5
         with:
           name: npm-package
-
-      - name: Decompress npm package
-        run: tar -xzf package.tar.gz
-
-      - name: Install release package dependencies
-        run: cd release && npm install --unsafe-perm --omit=dev
-
-      - name: Install dependencies
-        if: steps.cache-node-modules.outputs.cache-hit != 'true'
-        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
-
+      - run: tar -xzf package.tar.gz
+      - run: cd release && npm install --unsafe-perm --omit=dev
       - name: Install Playwright OS dependencies
         run: |
           ./test/node_modules/.bin/playwright install-deps
           ./test/node_modules/.bin/playwright install
-
-      - name: Run end-to-end tests
-        run: CODE_SERVER_TEST_ENTRY=./release yarn test:e2e
-
-      - name: Upload test artifacts
+      - run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e
+      - uses: actions/upload-artifact@v4
         if: always()
-        uses: actions/upload-artifact@v3
         with:
           name: failed-test-videos
           path: ./test/test-results
-
-      - name: Remove release packages and test artifacts
-        run: rm -rf ./release ./test/test-results
+      - run: rm -rf ./release ./test/test-results
 
   test-e2e-proxy:
     name: Run e2e tests behind proxy
-    needs: build
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 25
+    needs: [changes, build]
+    if: needs.changes.outputs.code == 'true' || needs.changes.outputs.deps == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v3
-
-      - name: Install Node.js v16
-        uses: actions/setup-node@v3
+      - uses: actions/checkout@v6
+      - run: sudo apt update && sudo apt install -y libkrb5-dev
+      - uses: actions/setup-node@v6
         with:
-          node-version: "16"
-
-      - name: Fetch dependencies from cache
-        id: cache-node-modules
-        uses: actions/cache@v3
-        with:
-          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-
-
-      - name: Download npm package
-        uses: actions/download-artifact@v3
+          node-version-file: .node-version
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - uses: actions/download-artifact@v5
         with:
           name: npm-package
-
-      - name: Decompress npm package
-        run: tar -xzf package.tar.gz
-
-      - name: Install release package dependencies
-        run: cd release && npm install --unsafe-perm --omit=dev
-
-      - name: Install dependencies
-        if: steps.cache-node-modules.outputs.cache-hit != 'true'
-        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
-
+      - run: tar -xzf package.tar.gz
+      - run: cd release && npm install --unsafe-perm --omit=dev
       - name: Install Playwright OS dependencies
         run: |
           ./test/node_modules/.bin/playwright install-deps
           ./test/node_modules/.bin/playwright install
-
       - name: Cache Caddy
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         id: caddy-cache
         with:
           path: |
             ~/.cache/caddy
           key: cache-caddy-2.5.2
-
       - name: Install Caddy
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -398,23 +299,13 @@ jobs:
           gh release download v2.5.2 --repo caddyserver/caddy --pattern "caddy_2.5.2_linux_amd64.tar.gz"
           mkdir -p ~/.cache/caddy
           tar -xzf caddy_2.5.2_linux_amd64.tar.gz --directory ~/.cache/caddy
-
-      - name: Start Caddy
-        run: sudo ~/.cache/caddy/caddy start --config ./ci/Caddyfile
-
-      - name: Run end-to-end tests
-        run: CODE_SERVER_TEST_ENTRY=./release yarn test:e2e:proxy --global-timeout 840000
-
-      - name: Stop Caddy
+      - run: ~/.cache/caddy/caddy start --config ./ci/Caddyfile
+      - run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e:proxy
+      - run: ~/.cache/caddy/caddy stop --config ./ci/Caddyfile
         if: always()
-        run: sudo ~/.cache/caddy/caddy stop --config ./ci/Caddyfile
 
-      - name: Upload test artifacts
+      - uses: actions/upload-artifact@v4
         if: always()
-        uses: actions/upload-artifact@v3
         with:
           name: failed-test-videos-proxy
           path: ./test/test-results
-
-      - name: Remove release packages and test artifacts
-        run: rm -rf ./release ./test/test-results

.github/workflows/installer.yaml

@@ -30,7 +30,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
 
       - name: Install code-server
         run: ./install.sh
@@ -44,7 +44,7 @@ jobs:
     container: "alpine:3.17"
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
 
       - name: Install curl
         run: apk add curl
@@ -67,7 +67,7 @@ jobs:
 
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
 
       - name: Install code-server
         run: ./install.sh

.github/workflows/publish.yaml

@@ -21,72 +21,39 @@ concurrency:
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 jobs:
-  # NOTE: this job requires curl, jq and yarn
-  # All of them are included in ubuntu-latest.
   npm:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code-server
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
+
+      - name: Install Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version-file: .node-version
 
       - name: Download npm package from release artifacts
-        uses: robinraju/release-downloader@v1.7
+        uses: robinraju/release-downloader@v1.12
         with:
           repository: "coder/code-server"
           tag: ${{ github.event.inputs.version || github.ref_name }}
           fileName: "package.tar.gz"
           out-file-path: "release-npm-package"
 
-      # NOTE@jsjoeio - we do this so we can strip out the v
-      # i.e. v4.9.1 -> 4.9.1
+      # Strip out the v (v4.9.1 -> 4.9.1).
       - name: Get and set VERSION
         run: |
           TAG="${{ github.event.inputs.version || github.ref_name }}"
           echo "VERSION=${TAG#v}" >> $GITHUB_ENV
 
-      - name: Publish npm package and tag with "latest"
-        run: yarn publish:npm
+      - run: npm run publish:npm
         env:
           VERSION: ${{ env.VERSION }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
           NPM_ENVIRONMENT: "production"
 
-  homebrew:
-    needs: npm
-    runs-on: ubuntu-latest
-    steps:
-      # Ensure things are up to date
-      # Suggested by homebrew maintainers
-      # https://github.com/Homebrew/discussions/discussions/1532#discussioncomment-782633
-      - name: Set up Homebrew
-        id: set-up-homebrew
-        uses: Homebrew/actions/setup-homebrew@master
-
-      - name: Checkout code-server
-        uses: actions/checkout@v3
-
-      - name: Configure git
-        run: |
-          git config --global user.name cdrci
-          git config --global user.email opensource@coder.com
-
-      # NOTE@jsjoeio - we do this so we can strip out the v
-      # i.e. v4.9.1 -> 4.9.1
-      - name: Get and set VERSION
-        run: |
-          TAG="${{ github.event.inputs.version || github.ref_name }}"
-          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
-
-      - name: Bump code-server homebrew version
-        env:
-          VERSION: ${{ env.VERSION }}
-          HOMEBREW_GITHUB_API_TOKEN: ${{secrets.HOMEBREW_GITHUB_API_TOKEN}}
-
-        run: ./ci/steps/brew-bump.sh
-
   aur:
-    needs: npm
     runs-on: ubuntu-latest
     timeout-minutes: 10
     env:
@@ -95,13 +62,13 @@ jobs:
     steps:
       # We need to checkout code-server so we can get the version
       - name: Checkout code-server
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
           path: "./code-server"
 
       - name: Checkout code-server-aur repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
         with:
           repository: "cdrci/code-server-aur"
           token: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
@@ -118,15 +85,14 @@ jobs:
           git config --global user.name cdrci
           git config --global user.email opensource@coder.com
 
-      # NOTE@jsjoeio - we do this so we can strip out the v
-      # i.e. v4.9.1 -> 4.9.1
+      # Strip out the v (v4.9.1 -> 4.9.1).
       - name: Get and set VERSION
         run: |
           TAG="${{ github.event.inputs.version || github.ref_name }}"
           echo "VERSION=${TAG#v}" >> $GITHUB_ENV
 
       - name: Validate package
-        uses: hapakaien/archlinux-package-action@v2
+        uses: heyhusen/archlinux-package-action@v2.4.0
         env:
           VERSION: ${{ env.VERSION }}
         with:
@@ -141,52 +107,60 @@ jobs:
           VERSION: ${{ env.VERSION }}
         run: |
           git checkout -b update-version-${{ env.VERSION }}
-          git add . 
+          git add .
           git commit -m "chore: updating version to ${{ env.VERSION }}"
           git push -u origin $(git branch --show)
           gh pr create --repo coder/code-server-aur --title "chore: bump version to ${{ env.VERSION }}" --body "PR opened by @$GITHUB_ACTOR" --assignee $GITHUB_ACTOR
+
   docker:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout code-server
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Login to GHCR
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      # NOTE@jsjoeio - we do this so we can strip out the v
-      # i.e. v4.9.1 -> 4.9.1
+      # Strip out the v (v4.9.1 -> 4.9.1).
       - name: Get and set VERSION
         run: |
           TAG="${{ github.event.inputs.version || github.ref_name }}"
           echo "VERSION=${TAG#v}" >> $GITHUB_ENV
 
-      - name: Download release artifacts
-        uses: robinraju/release-downloader@v1.7
+      - name: Download deb artifacts
+        uses: robinraju/release-downloader@v1.12
         with:
           repository: "coder/code-server"
           tag: v${{ env.VERSION }}
           fileName: "*.deb"
           out-file-path: "release-packages"
 
+      - name: Download rpm artifacts
+        uses: robinraju/release-downloader@v1.12
+        with:
+          repository: "coder/code-server"
+          tag: v${{ env.VERSION }}
+          fileName: "*.rpm"
+          out-file-path: "release-packages"
+
       - name: Publish to Docker
-        run: yarn publish:docker
+        run: ./ci/steps/docker-buildx-push.sh
         env:
           VERSION: ${{ env.VERSION }}
           GITHUB_TOKEN: ${{ github.token }}

.github/workflows/release.yaml

@@ -19,137 +19,73 @@ concurrency:
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 jobs:
-  # TODO: cache building yarn --production
-  # possibly 2m30s of savings(?)
-  # this requires refactoring our release scripts
-  package-linux-amd64:
-    name: x86-64 Linux build
+  package-linux-cross:
+    name: ${{ matrix.prefix }}
     runs-on: ubuntu-latest
     timeout-minutes: 15
     needs: npm-version
-    container: "centos:7"
-    env:
-      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@v3
-
-      - name: Install Node.js v16
-        uses: actions/setup-node@v3
-        with:
-          node-version: "16"
-
-      - name: Install development tools
-        run: |
-          yum install -y epel-release centos-release-scl make
-          yum install -y devtoolset-9-{make,gcc,gcc-c++} jq rsync python3
-          # for keytar
-          yum install -y libsecret-devel
-
-      - name: Install nfpm and envsubst
-        run: |
-          mkdir -p ~/.local/bin
-          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.22.2/nfpm_2.22.2_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
-          curl -sSfL https://github.com/a8m/envsubst/releases/download/v1.1.0/envsubst-`uname -s`-`uname -m` -o envsubst
-          chmod +x envsubst
-          mv envsubst ~/.local/bin
-          echo "$HOME/.local/bin" >> $GITHUB_PATH
-
-      - name: Install yarn
-        run: npm install -g yarn
-
-      - name: Download npm package
-        uses: actions/download-artifact@v3
-        with:
-          name: npm-release-package
-
-      - name: Decompress npm package
-        run: tar -xzf package.tar.gz
-
-      # NOTE: && here is deliberate - GitHub puts each line in its own `.sh`
-      # file when running inside a docker container.
-      - name: Build standalone release
-        run: source scl_source enable devtoolset-9 && npm run release:standalone
-
-      - name: Install test dependencies
-        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
-
-      - name: Run integration tests on standalone release
-        run: yarn test:integration
-
-      - name: Upload coverage report to Codecov
-        uses: codecov/codecov-action@v3
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-        if: success()
-
-      # NOTE@jsjoeio - we do this so we can strip out the v
-      # i.e. v4.9.1 -> 4.9.1
-      - name: Get and set VERSION
-        run: |
-          TAG="${{ inputs.version || github.ref_name }}"
-          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
-
-      - name: Build packages with nfpm
-        env:
-          VERSION: ${{ env.VERSION }}
-        run: yarn package
-
-      - uses: softprops/action-gh-release@v1
-        with:
-          draft: true
-          discussion_category_name: "📣 Announcements"
-          files: ./release-packages/*
-
-  # NOTE@oxy:
-  # We use Ubuntu 16.04 here, so that our build is more compatible
-  # with older libc versions. We used to (Q1'20) use CentOS 7 here,
-  # but it has a full update EOL of Q4'20 and a 'critical security'
-  # update EOL of 2024. We're dropping full support a few years before
-  # the final EOL, but I don't believe CentOS 7 has a large arm64 userbase.
-  # It is not feasible to cross-compile with CentOS.
-
-  # Cross-compile notes: To compile native dependencies for arm64,
-  # we install the aarch64/armv7l cross toolchain and then set it as the default
-  # compiler/linker/etc. with the AR/CC/CXX/LINK environment variables.
-  # qemu-user-static on ubuntu-16.04 currently doesn't run Node correctly,
-  # so we just build with "native"/x86_64 node, then download arm64/armv7l node
-  # and then put it in our release. We can't smoke test the cross build this way,
-  # but this means we don't need to maintain a self-hosted runner!
-
-  # NOTE@jsjoeio:
-  # We used to use 18.04 until GitHub browned it out on December 15, 2022
-  # See here: https://github.com/actions/runner-images/issues/6002
-  package-linux-cross:
-    name: Linux cross-compile builds
-    runs-on: ubuntu-20.04
-    timeout-minutes: 15
-    needs: npm-version
+    container: "python:3.8-slim-buster"
     strategy:
       matrix:
         include:
+          - prefix: x86_64-linux-gnu
+            npm_arch: x64
+            apt_arch: amd64
+            package_arch: amd64
           - prefix: aarch64-linux-gnu
-            arch: arm64
+            npm_arch: arm64
+            apt_arch: arm64
+            package_arch: arm64
           - prefix: arm-linux-gnueabihf
-            arch: armv7l
+            npm_arch: armv7l
+            apt_arch: armhf
+            package_arch: armv7l
 
     env:
       AR: ${{ format('{0}-ar', matrix.prefix) }}
+      AS: ${{ format('{0}-as', matrix.prefix) }}
       CC: ${{ format('{0}-gcc', matrix.prefix) }}
+      CPP: ${{ format('{0}-cpp', matrix.prefix) }}
       CXX: ${{ format('{0}-g++', matrix.prefix) }}
-      LINK: ${{ format('{0}-g++', matrix.prefix) }}
-      NPM_CONFIG_ARCH: ${{ matrix.arch }}
-      NODE_VERSION: v16.13.0
+      FC: ${{ format('{0}-gfortran', matrix.prefix) }}
+      LD: ${{ format('{0}-ld', matrix.prefix) }}
+      STRIP: ${{ format('{0}-strip', matrix.prefix) }}
+      PKG_CONFIG_PATH: ${{ format('/usr/lib/{0}/pkgconfig', matrix.prefix) }}
+      TARGET_ARCH: ${{ matrix.apt_arch }}
+      npm_config_arch: ${{ matrix.npm_arch }}
+      PKG_ARCH: ${{ matrix.package_arch }}
+      # Not building from source results in an x86_64 argon2, as if
+      # npm_config_arch is being ignored.
+      npm_config_build_from_source: true
 
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
 
-      - name: Install Node.js v16
-        uses: actions/setup-node@v3
+      - name: Install Node.js
+        uses: actions/setup-node@v6
         with:
-          node-version: "16"
+          node-version-file: .node-version
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+
+      - name: Install cross-compiler and system dependencies
+        run: |
+          sed -i 's/deb\.debian\.org/archive.debian.org/g' /etc/apt/sources.list
+          dpkg --add-architecture $TARGET_ARCH
+          apt update && apt install -y --no-install-recommends \
+            crossbuild-essential-$TARGET_ARCH \
+            libx11-dev:$TARGET_ARCH \
+            libx11-xcb-dev:$TARGET_ARCH \
+            libxkbfile-dev:$TARGET_ARCH \
+            libsecret-1-dev:$TARGET_ARCH \
+            libkrb5-dev:$TARGET_ARCH \
+            ca-certificates \
+            curl wget rsync gettext-base
+
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
 
       - name: Install nfpm
         run: |
@@ -157,41 +93,30 @@ jobs:
           curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
           echo "$HOME/.local/bin" >> $GITHUB_PATH
 
-      - name: Install cross-compiler
-        run: sudo apt update && sudo apt install $PACKAGE
-        env:
-          PACKAGE: ${{ format('g++-{0}', matrix.prefix) }}
-
       - name: Download npm package
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v5
         with:
           name: npm-release-package
 
-      - name: Decompress npm package
-        run: tar -xzf package.tar.gz
-
-      # NOTE@jsjoeio - npm fails here
-      # so use yarn
-      - name: Build standalone release
-        run: yarn release:standalone
+      - run: tar -xzf package.tar.gz
+      - run: npm run release:standalone
 
       - name: Replace node with cross-compile equivalent
         run: |
-          wget https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}.tar.xz
-          tar -xf node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}.tar.xz node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}/bin/node --strip-components=2
+          node_version=$(node --version)
+          wget https://nodejs.org/dist/${node_version}/node-${node_version}-linux-${npm_config_arch}.tar.xz
+          tar -xf node-${node_version}-linux-${npm_config_arch}.tar.xz node-${node_version}-linux-${npm_config_arch}/bin/node --strip-components=2
           mv ./node ./release-standalone/lib/node
 
-      # NOTE@jsjoeio - we do this so we can strip out the v
-      # i.e. v4.9.1 -> 4.9.1
+      # Strip out the v (v4.9.1 -> 4.9.1).
       - name: Get and set VERSION
         run: |
           TAG="${{ inputs.version || github.ref_name }}"
           echo "VERSION=${TAG#v}" >> $GITHUB_ENV
 
-      - name: Build packages with nfpm
-        env:
+      - env:
           VERSION: ${{ env.VERSION }}
-        run: yarn package ${NPM_CONFIG_ARCH}
+        run: npm run package $PKG_ARCH
 
       - uses: softprops/action-gh-release@v1
         with:
@@ -201,17 +126,26 @@ jobs:
 
   package-macos-amd64:
     name: x86-64 macOS build
-    runs-on: macos-latest
+    runs-on: macos-15-intel
     timeout-minutes: 15
     needs: npm-version
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
 
-      - name: Install Node.js v16
-        uses: actions/setup-node@v3
+      - name: Install Node.js
+        uses: actions/setup-node@v6
         with:
-          node-version: "16"
+          node-version-file: .node-version
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
 
       - name: Install nfpm
         run: |
@@ -219,25 +153,22 @@ jobs:
           curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
           echo "$HOME/.local/bin" >> $GITHUB_PATH
 
+      # The version of node-gyp we use depends on distutils but it was removed
+      # in Python 3.12.  It seems to be fixed in the latest node-gyp so when we
+      # next update Node we can probably remove this.  For now, install
+      # setuptools since it contains distutils.
+      - run: brew install python-setuptools
+
       - name: Download npm package
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v5
         with:
           name: npm-release-package
 
-      - name: Decompress npm package
-        run: tar -xzf package.tar.gz
+      - run: tar -xzf package.tar.gz
+      - run: npm run release:standalone
+      - run: npm run test:native
 
-      - name: Build standalone release
-        run: npm run release:standalone
-
-      - name: Install test dependencies
-        run: SKIP_SUBMODULE_DEPS=1 yarn install
-
-      - name: Run native module tests on standalone release
-        run: yarn test:native
-
-      # NOTE@jsjoeio - we do this so we can strip out the v
-      # i.e. v4.9.1 -> 4.9.1
+      # Strip out the v (v4.9.1 -> 4.9.1).
       - name: Get and set VERSION
         run: |
           TAG="${{ inputs.version || github.ref_name }}"
@@ -246,7 +177,68 @@ jobs:
       - name: Build packages with nfpm
         env:
           VERSION: ${{ env.VERSION }}
-        run: yarn package
+        run: npm run package
+
+      - uses: softprops/action-gh-release@v1
+        with:
+          draft: true
+          discussion_category_name: "📣 Announcements"
+          files: ./release-packages/*
+
+  package-macos-arm64:
+    name: arm64 macOS build
+    runs-on: macos-latest
+    timeout-minutes: 15
+    needs: npm-version
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v6
+
+      - name: Install Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version-file: .node-version
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+
+      - name: Install nfpm
+        run: |
+          mkdir -p ~/.local/bin
+          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+      # The version of node-gyp we use depends on distutils but it was removed
+      # in Python 3.12.  It seems to be fixed in the latest node-gyp so when we
+      # next update Node we can probably remove this.  For now, install
+      # setuptools since it contains distutils.
+      - run: brew install python-setuptools
+
+      - name: Download npm package
+        uses: actions/download-artifact@v5
+        with:
+          name: npm-release-package
+
+      - run: tar -xzf package.tar.gz
+      - run: npm run release:standalone
+      - run: npm run test:native
+
+      # Strip out the v (v4.9.1 -> 4.9.1).
+      - name: Get and set VERSION
+        run: |
+          TAG="${{ inputs.version || github.ref_name }}"
+          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
+
+      - name: Build packages with nfpm
+        env:
+          VERSION: ${{ env.VERSION }}
+        run: npm run package
 
       - uses: softprops/action-gh-release@v1
         with:
@@ -261,7 +253,7 @@ jobs:
     needs: npm-version
     steps:
       - name: Download npm package
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v5
         with:
           name: npm-release-package
 
@@ -277,7 +269,7 @@ jobs:
     timeout-minutes: 15
     steps:
       - name: Download artifacts
-        uses: dawidd6/action-download-artifact@v2
+        uses: dawidd6/action-download-artifact@v11
         id: download
         with:
           branch: ${{ github.ref }}
@@ -287,11 +279,9 @@ jobs:
           check_artifacts: false
           if_no_artifact_found: fail
 
-      - name: Decompress npm package
-        run: tar -xzf package.tar.gz
+      - run: tar -xzf package.tar.gz
 
-      # NOTE@jsjoeio - we do this so we can strip out the v
-      # i.e. v4.9.1 -> 4.9.1
+      # Strip out the v (v4.9.1 -> 4.9.1).
       - name: Get and set VERSION
         run: |
           TAG="${{ inputs.version || github.ref_name }}"
@@ -305,16 +295,15 @@ jobs:
           npm version --prefix release "$VERSION"
 
           echo "Updating version in lib/vscode/product.json"
-          tmp=$(mktemp) 
+          tmp=$(mktemp)
           jq ".codeServerVersion = \"$VERSION\"" release/lib/vscode/product.json > "$tmp" && mv "$tmp" release/lib/vscode/product.json
           # Ensure it has the same permissions as before
           chmod 644 release/lib/vscode/product.json
 
-      - name: Compress release package
-        run: tar -czf package.tar.gz release
+      - run: tar -czf package.tar.gz release
 
       - name: Upload npm package artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: npm-release-package
           path: ./package.tar.gz

.github/workflows/scripts.yaml

@@ -41,7 +41,7 @@ jobs:
     container: "alpine:3.17"
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
 
       - name: Install test utilities
         run: apk add bats checkbashisms
@@ -58,7 +58,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
 
       - name: Install lint utilities
         run: sudo apt install shellcheck

.github/workflows/security.yaml

@@ -12,44 +12,30 @@ on:
     # Runs every Monday morning PST
     - cron: "17 15 * * 1"
 
-# Cancel in-progress runs for pull requests when developers push
-# additional changes, and serialize builds in branches.
-# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run
+# Cancel in-progress runs for pull requests when developers push additional
+# changes, and serialize builds in branches.
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 jobs:
-  audit-ci:
+  audit:
     name: Audit node modules
     runs-on: ubuntu-latest
     timeout-minutes: 15
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
-      - name: Install Node.js v16
-        uses: actions/setup-node@v3
+      - name: Install Node.js
+        uses: actions/setup-node@v6
         with:
-          node-version: "16"
+          node-version-file: .node-version
 
-      - name: Fetch dependencies from cache
-        id: cache-yarn
-        uses: actions/cache@v3
-        with:
-          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-
-
-      - name: Install dependencies
-        if: steps.cache-yarn.outputs.cache-hit != 'true'
-        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
-
-      - name: Audit for vulnerabilities
-        run: yarn _audit
+      - name: Audit npm for vulnerabilities
+        run: npm audit
         if: success()
 
   trivy-scan-repo:
@@ -57,15 +43,15 @@ jobs:
     permissions:
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@cff3e9a7f62c41dd51975266d0ae235709e39c41
+        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -76,7 +62,7 @@ jobs:
           severity: "HIGH,CRITICAL"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: "trivy-repo-results.sarif"
 
@@ -86,21 +72,21 @@ jobs:
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/autobuild to send a status report
     name: Analyze with CodeQL
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           config-file: ./.github/codeql-config.yml
           languages: javascript
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/trivy-docker.yaml

@@ -44,14 +44,14 @@ concurrency:
 
 jobs:
   trivy-scan-image:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
 
       - name: Run Trivy vulnerability scanner in image mode
-        uses: aquasecurity/trivy-action@cff3e9a7f62c41dd51975266d0ae235709e39c41
+        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
         with:
           image-ref: "docker.io/codercom/code-server:latest"
           ignore-unfixed: true
@@ -60,6 +60,6 @@ jobs:
           severity: "HIGH,CRITICAL"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: "trivy-image-results.sarif"

.node-version

@@ -1 +1 @@
-16
+22.21.1

.prettierignore

@@ -7,3 +7,4 @@ helm-chart
 test/scripts
 test/e2e/extensions/test-extension
 .pc
+package-lock.json

.tours/start-development.tour

@@ -5,7 +5,7 @@
     {
       "file": "package.json",
       "line": 31,
-      "description": "## Commands\n\nTo start developing, make sure you have Node 16+ and the [required dependencies](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites) installed. Then, run the following commands:\n\n1. Install dependencies:\n>> yarn\n\n3. Start development mode (and watch for changes):\n>> yarn watch"
+      "description": "## Commands\n\nTo start developing, make sure you have Node 16+ and the [required dependencies](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites) installed. Then, run the following commands:\n\n1. Install dependencies:\n>> npm\n\n3. Start development mode (and watch for changes):\n>> npm run watch"
     },
     {
       "file": "src/node/app.ts",
@@ -20,7 +20,7 @@
     {
       "file": "src/node/app.ts",
       "line": 62,
-      "description": "## That's it!\n\n\nThat's all there is to it! When this tour ends, your terminal session may stop, but just use `yarn watch` to start developing from here on out!\n\n\nIf you haven't already, be sure to check out these resources:\n- [Tour: Contributing](command:codetour.startTourByTitle?[\"Contributing\"])\n- [Docs: FAQ.md](https://github.com/coder/code-server/blob/main/docs/FAQ.md)\n- [Docs: CONTRIBUTING.md](https://github.com/coder/code-server/blob/main/docs/CONTRIBUTING.md)\n- [Community: GitHub Discussions](https://github.com/coder/code-server/discussions)\n- [Community: Slack](https://community.coder.com)"
+      "description": "## That's it!\n\n\nThat's all there is to it! When this tour ends, your terminal session may stop, but just use `npm run watch` to start developing from here on out!\n\n\nIf you haven't already, be sure to check out these resources:\n- [Tour: Contributing](command:codetour.startTourByTitle?[\"Contributing\"])\n- [Docs: FAQ.md](https://github.com/coder/code-server/blob/main/docs/FAQ.md)\n- [Docs: CONTRIBUTING.md](https://github.com/coder/code-server/blob/main/docs/CONTRIBUTING.md)\n- [Community: GitHub Discussions](https://github.com/coder/code-server/discussions)\n- [Community: Slack](https://community.coder.com)"
     }
   ]
-}
+}

CHANGELOG.md

@@ -20,7 +20,731 @@ Code v99.99.999
 
 -->
 
-## [4.10.0](https://github.com/coder/code-server/releases/tag/v4.10.0) - TBD
+## Unreleased
+
+Code v1.107.0
+
+### Changed
+
+- Update to Code 1.107.0
+
+### Added
+
+- New `--cookie-suffix` flag that can be used to add a suffix to the cookie when
+  using the built-in password authentication. You can use this to avoid
+  collisions with other instances of code-server.
+- Support a new property `authorizationHeaderToken` on the extension gallery
+  configuration. This will be added to marketplace requests as a bearer token
+  using the `Authorization` header.
+
+## [4.106.3](https://github.com/coder/code-server/releases/tag/v4.106.3) - 2025-12-01
+
+Code v1.106.3
+
+### Changed
+
+- Update to Code 1.106.3
+
+## [4.106.2](https://github.com/coder/code-server/releases/tag/v4.106.2) - 2025-11-19
+
+Code v1.106.2
+
+### Changed
+
+- Update to Code 1.106.2
+
+## [4.106.0](https://github.com/coder/code-server/releases/tag/v4.106.0) - 2025-11-19
+
+Code v1.106.0
+
+### Changed
+
+- Update to Code 1.106.0
+
+## [4.105.1](https://github.com/coder/code-server/releases/tag/v4.105.1) - 2025-10-20
+
+Code v1.105.1
+
+### Changed
+
+- Update to Code 1.105.1
+
+## [4.105.0](https://github.com/coder/code-server/releases/tag/v4.105.0) - 2025-10-17
+
+Code v1.105.0
+
+### Changed
+
+- Update to Code 1.105.0
+
+## [4.104.3](https://github.com/coder/code-server/releases/tag/v4.104.3) - 2025-10-07
+
+Code v1.104.3
+
+### Changed
+
+- Update to Code 1.104.3.
+
+## [4.104.2](https://github.com/coder/code-server/releases/tag/v4.104.2) - 2025-09-26
+
+Code v1.104.2
+
+### Changed
+
+- Update to Code 1.104.2.
+
+## [4.104.1](https://github.com/coder/code-server/releases/tag/v4.104.1) - 2025-09-19
+
+Code v1.104.1
+
+### Changed
+
+- Update to Code 1.104.1.
+
+## [4.104.0](https://github.com/coder/code-server/releases/tag/v4.104.0) - 2025-09-15
+
+Code v1.104.0
+
+### Fixed
+
+- Fix "extension not found" errors from Open VSX when trying to install the
+  latest version of an extension.
+
+### Changed
+
+- Update to Code 1.104.0.
+
+## [4.103.2](https://github.com/coder/code-server/releases/tag/v4.103.2) - 2025-08-25
+
+Code v1.103.2
+
+### Changed
+
+- Update to Code 1.103.2.
+
+## [4.103.1](https://github.com/coder/code-server/releases/tag/v4.103.1) - 2025-08-15
+
+Code v1.103.1
+
+### Changed
+
+- Update to Code 1.103.1.
+
+## [4.103.0](https://github.com/coder/code-server/releases/tag/v4.103.0) - 2025-08-12
+
+Code v1.103.0
+
+### Changed
+
+- Update to Code 1.103.0.
+
+## [4.102.2](https://github.com/coder/code-server/releases/tag/v4.102.2) - 2025-07-24
+
+Code v1.102.2
+
+### Changed
+
+- Update to Code 1.102.2.
+
+## [4.102.1](https://github.com/coder/code-server/releases/tag/v4.102.1) - 2025-07-17
+
+Code v1.102.1
+
+### Changed
+
+- Update to Code 1.102.1.
+
+## [4.102.0](https://github.com/coder/code-server/releases/tag/v4.102.0) - 2025-07-16
+
+Code v1.102.0
+
+### Changed
+
+- Update to Code 1.102.0.
+
+### Added
+
+- Custom strings can be configured using the `--i18n` flag set to a JSON
+  file. This can be used for either translation (and can be used alongside
+  `--locale`) or for customizing the strings. See
+  [./src/node/i18n/locales/en.json](./src/node/i18n/locales/en.json) for the
+  available keys.
+
+## [4.101.2](https://github.com/coder/code-server/releases/tag/v4.101.2) - 2025-06-25
+
+Code v1.101.2
+
+### Changed
+
+- Update to Code 1.101.2.
+
+### Fixed
+
+- Fix web views not loading due to 401 when requesting the service worker.
+
+## [4.101.1](https://github.com/coder/code-server/releases/tag/v4.101.1) - 2025-06-20
+
+Code v1.101.1
+
+### Changed
+
+- Update to Code 1.101.1.
+
+## [4.101.0](https://github.com/coder/code-server/releases/tag/v4.101.0) - 2025-06-20
+
+Code v1.101.0
+
+### Changed
+
+- Update to Code 1.101.0.
+
+## [4.100.3](https://github.com/coder/code-server/releases/tag/v4.100.3) - 2025-06-03
+
+Code v1.100.3
+
+### Changed
+
+- Update to Code 1.100.3.
+
+## [4.100.2](https://github.com/coder/code-server/releases/tag/v4.100.2) - 2025-05-15
+
+Code v1.100.2
+
+### Changed
+
+- Update to Code 1.100.2.
+
+## [4.100.1](https://github.com/coder/code-server/releases/tag/v4.100.1) - 2025-05-13
+
+Code v1.100.1
+
+### Changed
+
+- Update to Code 1.100.1.
+
+## [4.100.0](https://github.com/coder/code-server/releases/tag/v4.100.0) - 2025-05-12
+
+Code v1.100.0
+
+### Added
+
+- Trusted domains for links can now be set at run-time by configuring
+  `linkProtectionTrustedDomains` in the `lib/vscode/product.json` file or via
+  the `--link-protection-trusted-domains` flag.
+
+### Changed
+
+- Update to Code 1.100.0.
+- Disable extension signature verification, which previously was skipped by
+  default (the package used for verification is not available to OSS builds of
+  VS Code) but now reportedly throws hard errors making it impossible to install
+  extensions.
+
+### Fixed
+
+- Flags with repeatable options now work via the config file.
+
+## [4.99.4](https://github.com/coder/code-server/releases/tag/v4.99.4) - 2025-05-02
+
+Code v1.99.3
+
+### Security
+
+- Validate that ports in the path proxy are numbers, to prevent proxying to
+  arbitrary domains.
+
+## [4.99.3](https://github.com/coder/code-server/releases/tag/v4.99.3) - 2025-04-17
+
+Code v1.99.3
+
+### Added
+
+- Added `--skip-auth-preflight` flag to let preflight requests through the
+  proxy.
+
+### Changed
+
+- Update to Code 1.99.3.
+
+## [4.99.2](https://github.com/coder/code-server/releases/tag/v4.99.2) - 2025-04-10
+
+Code v1.99.2
+
+### Changed
+
+- Update to Code 1.99.2.
+
+## [4.99.1](https://github.com/coder/code-server/releases/tag/v4.99.1) - 2025-04-08
+
+Code v1.99.1
+
+### Changed
+
+- Update to Code 1.99.1.
+
+## [4.99.0](https://github.com/coder/code-server/releases/tag/v4.99.0) - 2025-04-07
+
+Code v1.99.0
+
+### Changed
+
+- Update to Code 1.99.0.
+
+## [4.98.0](https://github.com/coder/code-server/releases/tag/v4.98.0) - 2025-03-07
+
+Code v1.98.0
+
+### Changed
+
+- Update to Code 1.98.0.
+
+## [4.97.2](https://github.com/coder/code-server/releases/tag/v4.96.4) - 2025-02-18
+
+Code v1.97.2
+
+### Added
+
+- Added back macOS amd64 builds.
+
+### Changed
+
+- Update to Code 1.97.2.
+- Softened dark mode login page colors.
+
+## [4.96.4](https://github.com/coder/code-server/releases/tag/v4.96.4) - 2025-01-20
+
+Code v1.96.4
+
+### Changed
+
+- Update to Code 1.96.4.
+
+## [4.96.2](https://github.com/coder/code-server/releases/tag/v4.96.2) - 2024-12-20
+
+Code v1.96.2
+
+### Changed
+
+- Update to Code 1.96.2.
+
+## [4.96.1](https://github.com/coder/code-server/releases/tag/v4.96.1) - 2024-12-18
+
+Code v1.96.1
+
+### Added
+
+- Dark color scheme for login and error pages.
+
+### Changed
+
+- Update to Code 1.96.1.
+
+## [4.95.3](https://github.com/coder/code-server/releases/tag/v4.95.3) - 2024-11-18
+
+Code v1.95.3
+
+### Changed
+
+- Update to Code 1.95.3.
+
+## [4.95.2](https://github.com/coder/code-server/releases/tag/v4.95.2) - 2024-11-12
+
+Code v1.95.2
+
+### Changed
+
+- Update to Code 1.95.2.
+
+## [4.95.1](https://github.com/coder/code-server/releases/tag/v4.95.1) - 2024-11-06
+
+Code v1.95.1
+
+### Changed
+
+- Update to Code 1.95.1.
+
+## [4.93.1](https://github.com/coder/code-server/releases/tag/v4.93.1) - 2024-09-23
+
+Code v1.93.1
+
+### Changed
+
+- Updated to Code 1.93.1.
+
+### Added
+
+- Added `--abs-proxy-base-path` flag for when code-server is not at the root.
+
+## [4.92.2](https://github.com/coder/code-server/releases/tag/v4.92.2) - 2024-08-19
+
+Code v1.92.2
+
+### Breaking changes
+
+- Dropped a patch that changed the compile target from es2022 to es2020 because
+  it no longer works with the way VS Code uses static properties. This may break
+  older browsers, so those browsers will either have to be updated or use an
+  older version of code-server.
+
+### Changed
+
+- Updated to Code 1.92.2.
+
+## [4.91.0](https://github.com/coder/code-server/releases/tag/v4.91.0) - 2024-07-10
+
+Code v1.91.0
+
+### Changed
+
+- Updated to Code 1.91.0.
+
+## [4.90.3](https://github.com/coder/code-server/releases/tag/v4.90.3) - 2024-06-21
+
+Code v1.90.2
+
+### Changed
+
+- Updated to Code 1.90.2.
+
+### Fixed
+
+- When the log gets rotated it will no longer incorrectly be moved to a new
+  directory created in the current working directory named with a date.
+  Instead, the file itself is prepended with the date and kept in the same
+  directory, as originally intended.
+
+## [4.90.2](https://github.com/coder/code-server/releases/tag/v4.90.2) - 2024-06-14
+
+Code v1.90.1
+
+### Changed
+
+- Updated to Code 1.90.1.
+
+## [4.90.1](https://github.com/coder/code-server/releases/tag/v4.90.1) - 2024-06-12
+
+Code v1.90.0
+
+### Fixed
+
+- Cache a call to get CPU information used in telemetry that could result in a
+  lack responsiveness if it was particularly slow.
+
+## [4.90.0](https://github.com/coder/code-server/releases/tag/v4.90.0) - 2024-06-11
+
+Code v1.90.0
+
+### Changed
+
+- Updated to Code 1.90.0.
+- Updated Node to 20.11.1.
+
+### Added
+
+- Send contents to the clipboard in the integrated terminal by piping to
+  `code-server --stdin-to-clipboard` or `code-server -c`.
+
+  You may want to make this an alias:
+
+  ```
+  alias xclip="code-server --stdin-to-clipboard"
+  echo -n "hello world" | xclip
+  ```
+
+## [4.89.1](https://github.com/coder/code-server/releases/tag/v4.89.1) - 2024-04-14
+
+Code v1.89.1
+
+### Changed
+
+- Updated to Code 1.89.1.
+
+## [4.89.0](https://github.com/coder/code-server/releases/tag/v4.89.0) - 2024-04-08
+
+Code v1.89.0
+
+### Changed
+
+- Updated to Code 1.89.0.
+
+## [4.23.1](https://github.com/coder/code-server/releases/tag/v4.23.1) - 2024-04-15
+
+Code v1.88.1
+
+### Changed
+
+- Updated to Code 1.88.1.
+
+## [4.23.0](https://github.com/coder/code-server/releases/tag/v4.23.0) - 2024-04-08
+
+Code v1.88.0
+
+### Changed
+
+- Updated to Code 1.88.0.
+- Updated Node to 18.18.2.
+
+### Fixed
+
+- Fix masking the exit code when failing to install extensions on the command
+  line outside the integrated terminal. Installing extensions inside the
+  integrated terminal still masks the exit code and is an upstream bug.
+
+## [4.22.1](https://github.com/coder/code-server/releases/tag/v4.22.1) - 2024-03-14
+
+Code v1.87.2
+
+### Changed
+
+- Updated to Code 1.87.2.
+- Enable keep-alive for proxy agent.
+
+## [4.22.0](https://github.com/coder/code-server/releases/tag/v4.22.0) - 2024-03-03
+
+Code v1.87.0
+
+### Changed
+
+- Updated to Code 1.87.0.
+
+## [4.21.2](https://github.com/coder/code-server/releases/tag/v4.21.2) - 2024-02-28
+
+Code v1.86.2
+
+### Changed
+
+- Updated to Code 1.86.2.
+
+## [4.21.1](https://github.com/coder/code-server/releases/tag/v4.21.1) - 2024-02-09
+
+Code v1.86.1
+
+### Changed
+
+- Updated to Code 1.86.1.
+- Updated to Node 18.17.1.
+
+### Added
+
+- Docker images for Fedora and openSUSE.
+
+## [4.21.0](https://github.com/coder/code-server/releases/tag/v4.21.0) - 2024-02-05
+
+Code v1.86.0
+
+### Changed
+
+- Updated to Code 1.86.0.
+
+## [4.20.1](https://github.com/coder/code-server/releases/tag/v4.20.1) - 2024-01-22
+
+Code v1.85.2
+
+### Changed
+
+- Updated to Code 1.85.2.
+
+### Fixed
+
+- Query variables are no longer double-encoded when going over the path proxy.
+
+## [4.20.0](https://github.com/coder/code-server/releases/tag/v4.20.0) - 2023-12-21
+
+Code v1.85.1
+
+### Added
+
+- New flag `--disable-file-uploads` to disable uploading files to the remote by
+  drag and drop and to disable opening local files via the "show local" button
+  in the file open prompt. Note that you can still open local files by drag and
+  dropping the file onto the editor pane.
+- Added `wget` to the release image.
+
+### Changed
+
+- Updated to Code 1.85.1.
+- The `--disable-file-downloads` flag will now disable the "show local" button
+  in the file save prompt as well.
+- Debian release image updated to use Bookworm.
+
+## [4.19.1](https://github.com/coder/code-server/releases/tag/v4.19.1) - 2023-11-29
+
+Code v1.84.2
+
+### Fixed
+
+- Fixed an issue where parts of the editor would not load (like the file
+  explorer, source control, etc) when using a workspace file.
+
+## [4.19.0](https://github.com/coder/code-server/releases/tag/v4.19.0) - 2023-11-18
+
+Code v1.84.2
+
+### Changed
+
+- Updated to Code 1.84.2.
+
+## [4.18.0](https://github.com/coder/code-server/releases/tag/v4.18.0) - 2023-10-20
+
+Code v1.83.1
+
+### Changed
+
+- Updated to Code 1.83.1.
+
+## [4.17.1](https://github.com/coder/code-server/releases/tag/v4.17.1) - 2023-09-29
+
+Code v1.82.2
+
+### Fixed
+
+- Make secret storage persistent. For example, logging in with GitHub should
+  persist between browser refreshes and code-server restarts.
+- Issues with argon2 on arm builds should be fixed now.
+
+## [4.17.0](https://github.com/coder/code-server/releases/tag/v4.17.0) - 2023-09-22
+
+Code v1.82.2
+
+### Added
+
+- Japanese locale.
+- `CODE_SERVER_HOST` environment variable.
+
+### Changed
+
+- Update to Code 1.82.2. This includes an update to Node 18, which also means
+  that the minimum glibc is now 2.28. If you need to maintain a lower glibc then
+  you can take a version of Node 18 that is compiled with a lower glibc and use
+  that to build code-server (or at a minimum rebuild the native modules).
+- Display paths to config files in full rather than abbreviated. If you have
+  trouble with the password not working please update and make sure the
+  displayed config paths are what you expect.
+
+### Fixed
+
+- Fix some dependency issues for the standalone arm64 and armv7l releases. If
+  you had issues with missing or failing modules please try these new builds.
+
+## [4.16.1](https://github.com/coder/code-server/releases/tag/v4.16.1) - 2023-07-31
+
+Code v1.80.2
+
+### Changed
+
+- Updated to Code 1.80.2.
+
+## [4.16.0](https://github.com/coder/code-server/releases/tag/v4.16.0) - 2023-07-28
+
+Code v1.80.1
+
+### Added
+
+- `--disable-proxy` flag. This disables the domain and path proxies but it does
+  not disable the ports panel in Code. That can be disabled by using
+  `remote.autoForwardPorts=false` in your settings.
+
+## [4.15.0](https://github.com/coder/code-server/releases/tag/v4.15.0) - 2023-07-21
+
+Code v1.80.1
+
+### Changed
+
+- Updated to Code 1.80.1.
+
+### Added
+
+- `--trusted-origin` flag for specifying origins that you trust but do not
+  control (for example a reverse proxy).
+
+Code v1.79.2
+
+## [4.14.1](https://github.com/coder/code-server/releases/tag/v4.14.1) - 2023-06-26
+
+Code v1.79.2
+
+### Security
+
+- Remove extra write permissions on the Node binary bundled with the linux-amd64
+  tarball. If you extract the tar without a umask this could mean the Node
+  binary would be unexpectedly writable.
+
+### Fixed
+
+- Inability to launch multiple instances of code-server for different users.
+
+### Added
+
+- `--session-socket` CLI flag to configure the location of the session socket.
+  By default it will be placed in `<user data dir>/code-server-ipc.sock`.
+
+## [4.14.0](https://github.com/coder/code-server/releases/tag/v4.14.0) - 2023-06-16
+
+Code v1.79.2
+
+### Added
+
+- `--domain-proxy` now supports `{{port}}` and `{{host}}` template variables.
+
+### Changed
+
+- Updated to Code 1.79.2
+- Files opened from an external terminal will now open in the most closely
+  related window rather than in the last opened window.
+
+## [4.13.0](https://github.com/coder/code-server/releases/tag/v4.13.0) - 2023-05-19
+
+Code v1.78.2
+
+### Changed
+
+- Updated to Code 1.78.2.
+
+### Fixed
+
+- Proxying files that contain non-ASCII characters.
+- Origin check when X-Forwarded-Host contains comma-separated hosts.
+
+## [4.12.0](https://github.com/coder/code-server/releases/tag/v4.12.0) - 2023-04-21
+
+Code v1.77.3
+
+### Changed
+
+- Updated to Code 1.77.3
+- Ports panel will use domain-based proxy (instead of the default path-based
+  proxy) when set via --proxy-domain.
+- Apply --app-name to the PWA title.
+
+### Added
+
+- Thai translation for login page.
+- Debug logs around the origin security check. If you are getting forbidden
+  errors on web sockets please run code-server with `--log debug` to see why the
+  requests are being blocked.
+
+## [4.11.0](https://github.com/coder/code-server/releases/tag/v4.11.0) - 2023-03-16
+
+Code v1.76.1
+
+### Changed
+
+- Updated to Code 1.76.1
+
+## [4.10.1](https://github.com/coder/code-server/releases/tag/v4.10.1) - 2023-03-04
+
+Code v1.75.1
+
+### Security
+
+Added an origin check to web sockets to prevent cross-site hijacking attacks on
+users using older or niche browser that do not support SameSite cookies and
+attacks across sub-domains that share the same root domain.
+
+The check requires the host header to be set so if you use a reverse proxy
+ensure it forwards that information otherwise web sockets will be blocked.
+
+## [4.10.0](https://github.com/coder/code-server/releases/tag/v4.10.0) - 2023-02-15
 
 Code v1.75.1
 
@@ -30,7 +754,7 @@ Code v1.75.1
 
 ### Removed
 
-- Removed `--link` (was deprecated in 4.0.1).
+- Removed `--link` (was deprecated over thirteen months ago in 4.0.1).
 
 ## [4.9.1](https://github.com/coder/code-server/releases/tag/v4.9.1) - 2022-12-15
 
@@ -154,7 +878,7 @@ Code v1.71.0
 
 ### Fixed
 
-- Add flags --unsafe-perm --legacy-peer-deps in `npm-postinstsall.sh` which ensures installing with npm works correctly
+- Add flags --unsafe-perm --legacy-peer-deps in `npm-postinstall.sh` which ensures installing with npm works correctly
 
 ## [4.6.1](https://github.com/coder/code-server/releases/tag/v4.6.1) - 2022-09-31
 
@@ -202,7 +926,6 @@ Code v1.68.1
   would be accessible at `my.domain/proxy/8000/` without any authentication.
 
   If all of the following apply to you please update as soon as possible:
-
   - You run code-server with the built-in password authentication.
   - You run unprotected HTTP services on ports accessible by code-server.
 

ci/README.md

@@ -16,20 +16,18 @@ This directory contains scripts used for the development of code-server.
 
 - [./ci/dev/image](./dev/image)
   - See [./docs/CONTRIBUTING.md](../docs/CONTRIBUTING.md) for docs on the development container.
-- [./ci/dev/fmt.sh](./dev/fmt.sh) (`yarn fmt`)
+- [./ci/dev/fmt.sh](./dev/fmt.sh) (`npm run fmt`)
   - Runs formatters.
-- [./ci/dev/lint.sh](./dev/lint.sh) (`yarn lint`)
+- [./ci/dev/lint.sh](./dev/lint.sh) (`npm run lint`)
   - Runs linters.
-- [./ci/dev/test-unit.sh](./dev/test-unit.sh) (`yarn test:unit`)
+- [./ci/dev/test-unit.sh](./dev/test-unit.sh) (`npm run test:unit`)
   - Runs unit tests.
-- [./ci/dev/test-e2e.sh](./dev/test-e2e.sh) (`yarn test:e2e`)
+- [./ci/dev/test-e2e.sh](./dev/test-e2e.sh) (`npm run test:e2e`)
   - Runs end-to-end tests.
-- [./ci/dev/ci.sh](./dev/ci.sh) (`yarn ci`)
-  - Runs `yarn fmt`, `yarn lint` and `yarn test`.
-- [./ci/dev/watch.ts](./dev/watch.ts) (`yarn watch`)
+- [./ci/dev/watch.ts](./dev/watch.ts) (`npm run watch`)
   - Starts a process to build and launch code-server and restart on any code changes.
   - Example usage in [./docs/CONTRIBUTING.md](../docs/CONTRIBUTING.md).
-- [./ci/dev/gen_icons.sh](./ci/dev/gen_icons.sh) (`yarn icons`)
+- [./ci/dev/gen_icons.sh](./dev/gen_icons.sh) (`npm run icons`)
   - Generates the various icons from a single `.svg` favicon in
     `src/browser/media/favicon.svg`.
   - Requires [imagemagick](https://imagemagick.org/index.php)
@@ -39,20 +37,20 @@ This directory contains scripts used for the development of code-server.
 This directory contains the scripts used to build and release code-server.
 You can disable minification by setting `MINIFY=`.
 
-- [./ci/build/build-code-server.sh](./build/build-code-server.sh) (`yarn build`)
+- [./ci/build/build-code-server.sh](./build/build-code-server.sh) (`npm run build`)
   - Builds code-server into `./out` and bundles the frontend into `./dist`.
-- [./ci/build/build-vscode.sh](./build/build-vscode.sh) (`yarn build:vscode`)
+- [./ci/build/build-vscode.sh](./build/build-vscode.sh) (`npm run build:vscode`)
   - Builds vscode into `./lib/vscode/out-vscode`.
-- [./ci/build/build-release.sh](./build/build-release.sh) (`yarn release`)
+- [./ci/build/build-release.sh](./build/build-release.sh) (`npm run release`)
   - Bundles the output of the above two scripts into a single node module at `./release`.
-- [./ci/build/clean.sh](./build/clean.sh) (`yarn clean`)
+- [./ci/build/clean.sh](./build/clean.sh) (`npm run clean`)
   - Removes all build artifacts.
   - Useful to do a clean build.
 - [./ci/build/code-server.sh](./build/code-server.sh)
   - Copied into standalone releases to run code-server with the bundled node binary.
-- [./ci/build/test-standalone-release.sh](./build/test-standalone-release.sh) (`yarn test:standalone-release`)
+- [./ci/build/test-standalone-release.sh](./build/test-standalone-release.sh) (`npm run test:standalone-release`)
   - Ensures code-server in the `./release-standalone` directory works by installing an extension.
-- [./ci/build/build-packages.sh](./build/build-packages.sh) (`yarn package`)
+- [./ci/build/build-packages.sh](./build/build-packages.sh) (`npm run package`)
   - Packages `./release-standalone` into a `.tar.gz` archive in `./release-packages`.
   - If on linux, [nfpm](https://github.com/goreleaser/nfpm) is used to generate `.deb` and `.rpm`.
 - [./ci/build/nfpm.yaml](./build/nfpm.yaml)
@@ -61,21 +59,21 @@ You can disable minification by setting `MINIFY=`.
   - Entrypoint script for code-server for `.deb` and `.rpm`.
 - [./ci/build/code-server.service](./build/code-server.service)
   - systemd user service packaged into the `.deb` and `.rpm`.
-- [./ci/build/release-github-draft.sh](./build/release-github-draft.sh) (`yarn release:github-draft`)
+- [./ci/build/release-github-draft.sh](./build/release-github-draft.sh) (`npm run release:github-draft`)
   - Uses [gh](https://github.com/cli/cli) to create a draft release with a template description.
-- [./ci/build/release-github-assets.sh](./build/release-github-assets.sh) (`yarn release:github-assets`)
+- [./ci/build/release-github-assets.sh](./build/release-github-assets.sh) (`npm run release:github-assets`)
   - Downloads the release-package artifacts for the current commit from CI.
   - Uses [gh](https://github.com/cli/cli) to upload the artifacts to the release
     specified in `package.json`.
 - [./ci/build/npm-postinstall.sh](./build/npm-postinstall.sh)
   - Post install script for the npm package.
-  - Bundled by`yarn release`.
+  - Bundled by`npm run release`.
 
 ## release-image
 
 This directory contains the release docker container image.
 
-- [./ci/steps/build-docker-buildx-push.sh](./ci/steps/docker-buildx-push.sh)
+- [./ci/steps/build-docker-buildx-push.sh](./steps/docker-buildx-push.sh)
   - Builds the release containers with tags `codercom/code-server-$ARCH:$VERSION` for amd64 and arm64 with `docker buildx` and pushes them.
   - Assumes debian releases are ready in `./release-packages`.
 
@@ -89,15 +87,15 @@ This directory contains the scripts used in CI.
 Helps avoid clobbering the CI configuration.
 
 - [./steps/fmt.sh](./steps/fmt.sh)
-  - Runs `yarn fmt`.
+  - Runs `npm run fmt`.
 - [./steps/lint.sh](./steps/lint.sh)
-  - Runs `yarn lint`.
+  - Runs `npm run lint`.
 - [./steps/test-unit.sh](./steps/test-unit.sh)
-  - Runs `yarn test:unit`.
+  - Runs `npm run test:unit`.
 - [./steps/test-integration.sh](./steps/test-integration.sh)
-  - Runs `yarn test:integration`.
+  - Runs `npm run test:integration`.
 - [./steps/test-e2e.sh](./steps/test-e2e.sh)
-  - Runs `yarn test:e2e`.
+  - Runs `npm run test:e2e`.
 - [./steps/release.sh](./steps/release.sh)
   - Runs the release process.
   - Generates the npm package at `./release`.

ci/build/build-packages.sh

@@ -1,8 +1,10 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-# Packages code-server for the current OS and architecture into ./release-packages.
-# This script assumes that a standalone release is built already into ./release-standalone
+# Given a platform-specific release found in ./release-standalone, generate an
+# compressed archives and bundles (as appropriate for the platform) named after
+# the platform's architecture and OS and place them in ./release-packages and
+# ./release-gcp.
 
 main() {
   cd "$(dirname "${0}")/../.."
@@ -27,7 +29,7 @@ main() {
 release_archive() {
   local release_name="code-server-$VERSION-$OS-$ARCH"
   if [[ $OS == "linux" ]]; then
-    tar -czf "release-packages/$release_name.tar.gz" --transform "s/^\.\/release-standalone/$release_name/" ./release-standalone
+    tar -czf "release-packages/$release_name.tar.gz" --owner=0 --group=0 --transform "s/^\.\/release-standalone/$release_name/" ./release-standalone
   else
     tar -czf "release-packages/$release_name.tar.gz" -s "/^release-standalone/$release_name/" release-standalone
   fi
@@ -50,11 +52,6 @@ release_nfpm() {
 
   export NFPM_ARCH
 
-  # Code deletes some files from the extension node_modules directory which
-  # leaves broken symlinks in the corresponding .bin directory.  nfpm will fail
-  # on these broken symlinks so clean them up.
-  rm -fr "./release-standalone/lib/vscode/extensions/node_modules/.bin"
-
   PKG_FORMAT="deb"
   NFPM_ARCH="$(get_nfpm_arch $PKG_FORMAT "$ARCH")"
   nfpm_config="$(envsubst < ./ci/build/nfpm.yaml)"

ci/build/build-release.sh

@@ -1,13 +1,16 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-# This script requires vscode to be built with matching MINIFY.
+# Once both code-server and VS Code have been built, use this script to copy
+# them into a single directory (./release), prepare the package.json and
+# product.json, and add shrinkwraps.  This results in a generic NPM package that
+# we published to NPM and also use to compile platform-specific packages.
 
-# MINIFY controls whether minified vscode is bundled.
+# MINIFY controls whether minified VS Code is bundled. It must match the value
+# used when VS Code was built.
 MINIFY="${MINIFY-true}"
 
-# KEEP_MODULES controls whether the script cleans all node_modules requiring a yarn install
-# to run first.
+# node_modules are not copied by default.  Set KEEP_MODULES=1 to copy them.
 KEEP_MODULES="${KEEP_MODULES-0}"
 
 main() {
@@ -41,12 +44,8 @@ bundle_code_server() {
   rsync src/browser/pages/*.css "$RELEASE_PATH/src/browser/pages"
   rsync src/browser/robots.txt "$RELEASE_PATH/src/browser"
 
-  # Add typings for plugins
-  mkdir -p "$RELEASE_PATH/typings"
-  rsync typings/pluginapi.d.ts "$RELEASE_PATH/typings"
-
   # Adds the commit to package.json
-  jq --slurp '.[0] * .[1]' package.json <(
+  jq --slurp '(.[0] | del(.scripts,.jest,.devDependencies)) * .[1]' package.json <(
     cat << EOF
   {
     "commit": "$(git rev-parse HEAD)",
@@ -56,7 +55,6 @@ bundle_code_server() {
   }
 EOF
   ) > "$RELEASE_PATH/package.json"
-  rsync yarn.lock "$RELEASE_PATH"
   mv npm-shrinkwrap.json "$RELEASE_PATH"
 
   rsync ci/build/npm-postinstall.sh "$RELEASE_PATH/postinstall.sh"
@@ -89,51 +87,50 @@ bundle_vscode() {
 
   rsync "${rsync_opts[@]}" ./lib/vscode-reh-web-*/ "$VSCODE_OUT_PATH"
 
-  # Use the package.json for the web/remote server.  It does not have the right
-  # version though so pull that from the main package.json.
-  jq --slurp '.[0] * {version: .[1].version}' \
+  # Merge the package.json for the web/remote server so we can include
+  # dependencies, since we want to ship this via NPM.
+  jq --slurp '.[0] * .[1]' \
     "$VSCODE_SRC_PATH/remote/package.json" \
-    "$VSCODE_SRC_PATH/package.json" > "$VSCODE_OUT_PATH/package.json"
-
-  rsync "$VSCODE_SRC_PATH/remote/yarn.lock" "$VSCODE_OUT_PATH/yarn.lock"
-  mv "$VSCODE_SRC_PATH/remote/npm-shrinkwrap.json" "$VSCODE_OUT_PATH/npm-shrinkwrap.json"
+    "$VSCODE_OUT_PATH/package.json" > "$VSCODE_OUT_PATH/package.json.merged"
+  mv "$VSCODE_OUT_PATH/package.json.merged" "$VSCODE_OUT_PATH/package.json"
+  cp "$VSCODE_SRC_PATH/remote/npm-shrinkwrap.json" "$VSCODE_OUT_PATH/npm-shrinkwrap.json"
 
   # Include global extension dependencies as well.
   rsync "$VSCODE_SRC_PATH/extensions/package.json" "$VSCODE_OUT_PATH/extensions/package.json"
-  rsync "$VSCODE_SRC_PATH/extensions/yarn.lock" "$VSCODE_OUT_PATH/extensions/yarn.lock"
-  mv "$VSCODE_SRC_PATH/extensions/npm-shrinkwrap.json" "$VSCODE_OUT_PATH/extensions/npm-shrinkwrap.json"
+  cp "$VSCODE_SRC_PATH/extensions/npm-shrinkwrap.json" "$VSCODE_OUT_PATH/extensions/npm-shrinkwrap.json"
   rsync "$VSCODE_SRC_PATH/extensions/postinstall.mjs" "$VSCODE_OUT_PATH/extensions/postinstall.mjs"
 }
 
 create_shrinkwraps() {
-  # yarn.lock or package-lock.json files (used to ensure deterministic versions of dependencies) are
-  # not packaged when publishing to the NPM registry.
-  # To ensure deterministic dependency versions (even when code-server is installed with NPM), we create
-  # an npm-shrinkwrap.json file from the currently installed node_modules. This ensures the versions used
-  # from development (that the yarn.lock guarantees) are also the ones installed by end-users.
-  # These will include devDependencies, but those will be ignored when installing globally (for code-server), and
-  # because we use --omit=dev when installing vscode.
+  # package-lock.json files (used to ensure deterministic versions of
+  # dependencies) are not packaged when publishing to the NPM registry.
+  #
+  # To ensure deterministic dependency versions (even when code-server is
+  # installed with NPM), we create an npm-shrinkwrap.json file from the
+  # currently installed node_modules. This ensures the versions used from
+  # development (that the package-lock.json guarantees) are also the ones
+  # installed by end-users.  These will include devDependencies, but those will
+  # be ignored when installing globally (for code-server), and because we use
+  # --omit=dev (for VS Code).
 
-  # We first generate the shrinkwrap file for code-server itself - which is the current directory
-  create_shrinkwrap_keeping_yarn_lock
+  # We first generate the shrinkwrap file for code-server itself - which is the
+  # current directory.
+  cp package-lock.json package-lock.json.temp
+  npm shrinkwrap
+  mv package-lock.json.temp package-lock.json
 
-  # Then the shrinkwrap files for the bundled VSCode
+  # Then the shrinkwrap files for the bundled VS Code.
   pushd "$VSCODE_SRC_PATH/remote/"
-  create_shrinkwrap_keeping_yarn_lock
+  cp package-lock.json package-lock.json.temp
+  npm shrinkwrap
+  mv package-lock.json.temp package-lock.json
   popd
 
   pushd "$VSCODE_SRC_PATH/extensions/"
-  create_shrinkwrap_keeping_yarn_lock
+  cp package-lock.json package-lock.json.temp
+  npm shrinkwrap
+  mv package-lock.json.temp package-lock.json
   popd
 }
 
-create_shrinkwrap_keeping_yarn_lock() {
-  # HACK@edvincent: Generating a shrinkwrap alters the yarn.lock which we don't want (with NPM URLs rather than the Yarn URLs)
-  # But to generate a valid shrinkwrap, it has to exist... So we copy it to then restore it
-  cp yarn.lock yarn.lock.temp
-  npm shrinkwrap
-  cp yarn.lock.temp yarn.lock
-  rm yarn.lock.temp
-}
-
 main "$@"

ci/build/build-standalone-release.sh

@@ -1,9 +1,9 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-# This is due to an upstream issue with RHEL7/CentOS 7 comptability with node-argon2
-# See: https://github.com/cdr/code-server/pull/3422#pullrequestreview-677765057
-export npm_config_build_from_source=true
+# Once we have an NPM package, use this script to copy it to a separate
+# directory (./release-standalone) and install the dependencies.  This new
+# directory can then be packaged as a platform-specific release.
 
 main() {
   cd "$(dirname "${0}")/../.."
@@ -13,19 +13,24 @@ main() {
   rsync "$RELEASE_PATH/" "$RELEASE_PATH-standalone"
   RELEASE_PATH+=-standalone
 
-  # We cannot find the path to node from $PATH because yarn shims a script to ensure
-  # we use the same version it's using so we instead run a script with yarn that
-  # will print the path to node.
+  # Package managers may shim their own "node" wrapper into the PATH, so run
+  # node and ask it for its true path.
   local node_path
-  node_path="$(yarn -s node <<< 'console.info(process.execPath)')"
+  node_path="$(node -p process.execPath)"
 
   mkdir -p "$RELEASE_PATH/bin"
   mkdir -p "$RELEASE_PATH/lib"
   rsync ./ci/build/code-server.sh "$RELEASE_PATH/bin/code-server"
   rsync "$node_path" "$RELEASE_PATH/lib/node"
 
+  chmod 755 "$RELEASE_PATH/lib/node"
+
   pushd "$RELEASE_PATH"
   npm install --unsafe-perm --omit=dev
+  # Code deletes some files from the extension node_modules directory which
+  # leaves broken symlinks in the corresponding .bin directory.  nfpm will fail
+  # on these broken symlinks so clean them up.
+  rm -fr "./lib/vscode/extensions/node_modules/.bin"
   popd
 }
 

ci/build/build-vscode.sh

@@ -15,7 +15,7 @@ copy-bin-script() {
   local dest="lib/vscode-reh-web-linux-x64/bin/$script"
   cp "lib/vscode/resources/server/bin/$script" "$dest"
   sed -i.bak "s/@@VERSION@@/$(vscode_version)/g" "$dest"
-  sed -i.bak "s/@@COMMIT@@/$VSCODE_DISTRO_COMMIT/g" "$dest"
+  sed -i.bak "s/@@COMMIT@@/$BUILD_SOURCEVERSION/g" "$dest"
   sed -i.bak "s/@@APPNAME@@/code-server/g" "$dest"
 
   # Fix Node path on Darwin and Linux.
@@ -40,22 +40,29 @@ main() {
 
   source ./ci/lib.sh
 
+  # Set the commit Code will embed into the product.json.  We need to do this
+  # since Code tries to get the commit from the `.git` directory which will fail
+  # as it is a submodule.
+  #
+  # Also, we use code-server's commit rather than VS Code's otherwise it would
+  # not update when only our patch files change, and that will cause caching
+  # issues where the browser keeps using outdated code.
+  export BUILD_SOURCEVERSION
+  BUILD_SOURCEVERSION=$(git rev-parse HEAD)
+
   pushd lib/vscode
 
   if [[ ! ${VERSION-} ]]; then
     echo "VERSION not set. Please set before running this script:"
-    echo "VERSION='0.0.0' yarn build:vscode"
+    echo "VERSION='0.0.0' npm run build:vscode"
     exit 1
   fi
 
-  # Set the commit Code will embed into the product.json.  We need to do this
-  # since Code tries to get the commit from the `.git` directory which will fail
-  # as it is a submodule.
-  export VSCODE_DISTRO_COMMIT
-  VSCODE_DISTRO_COMMIT=$(git rev-parse HEAD)
-
-  # Add the date, our name, links, and enable telemetry (this just makes
-  # telemetry available; telemetry can still be disabled by flag or setting).
+  # Add the date, our name, links, enable telemetry (this just makes telemetry
+  # available; telemetry can still be disabled by flag or setting), and
+  # configure trusted extensions (since some, like github.copilot-chat, never
+  # ask to be trusted and this is the only way to get auth working).
+  #
   # This needs to be done before building as Code will read this file and embed
   # it into the client-side code.
   git checkout product.json             # Reset in case the script exited early.
@@ -89,6 +96,11 @@ main() {
     "linkProtectionTrustedDomains": [
       "https://open-vsx.org"
     ],
+    "trustedExtensionAuthAccess": [
+      "vscode.git", "vscode.github",
+      "github.vscode-pull-request-github",
+      "github.copilot", "github.copilot-chat"
+    ],
     "aiConfig": {
       "ariaKey": "code-server"
     }
@@ -100,7 +112,9 @@ EOF
   # this because we have an NPM package that could be installed on any platform.
   # The correct platform dependencies and scripts will be installed as part of
   # the post-install during `npm install` or when building a standalone release.
-  yarn gulp "vscode-reh-web-linux-x64${MINIFY:+-min}"
+  node --max-old-space-size=16384 --optimize-for-size \
+       ./node_modules/gulp/bin/gulp.js \
+       "vscode-reh-web-linux-x64${MINIFY:+-min}"
 
   # Reset so if you develop after building you will not be stuck with the wrong
   # commit (the dev client will use `oss-dev` but the dev server will still use
@@ -109,6 +123,15 @@ EOF
 
   popd
 
+  pushd lib/vscode-reh-web-linux-x64
+  # Make sure Code took the version we set in the environment variable.  Not
+  # having a version will break display languages.
+  if ! jq -e .commit product.json; then
+    echo "'commit' is missing from product.json"
+    exit 1
+  fi
+  popd
+
   # These provide a `code-server` command in the integrated terminal to open
   # files in the current instance.
   delete-bin-script remote-cli/code-server

ci/build/npm-postinstall.sh

@@ -51,11 +51,19 @@ symlink_bin_script() {
   cd "$oldpwd"
 }
 
-OS="$(os)"
+command_exists() {
+  if [ ! "$1" ]; then return 1; fi
+  command -v "$@" > /dev/null
+}
 
-# This is due to an upstream issue with RHEL7/CentOS 7 comptability with node-argon2
-# See: https://github.com/cdr/code-server/pull/3422#pullrequestreview-677765057
-export npm_config_build_from_source=true
+is_root() {
+  if command_exists id && [ "$(id -u)" = 0 ]; then
+    return 0
+  fi
+  return 1
+}
+
+OS="$(os)"
 
 main() {
   # Grabs the major version of node from $npm_config_user_agent which looks like
@@ -68,8 +76,8 @@ main() {
     echo "USE AT YOUR OWN RISK!"
   fi
 
-  if [ "$major_node_version" -ne "${FORCE_NODE_VERSION:-16}" ]; then
-    echo "ERROR: code-server currently requires node v16."
+  if [ "$major_node_version" -ne "${FORCE_NODE_VERSION:-22}" ]; then
+    echo "ERROR: code-server currently requires node v22."
     if [ -n "$FORCE_NODE_VERSION" ]; then
       echo "However, you have overrided the version check to use v$FORCE_NODE_VERSION."
     fi
@@ -79,17 +87,20 @@ main() {
     exit 1
   fi
 
-  case "${npm_config_user_agent-}" in npm*)
-    # We are running under npm.
-    if [ "${npm_config_unsafe_perm-}" != "true" ]; then
-      echo "Please pass --unsafe-perm to npm to install code-server"
-      echo "Otherwise the postinstall script does not have permissions to run"
-      echo "See https://docs.npmjs.com/misc/config#unsafe-perm"
-      echo "See https://stackoverflow.com/questions/49084929/npm-sudo-global-installation-unsafe-perm"
-      exit 1
-    fi
-    ;;
-  esac
+  # Under npm, if we are running as root, we need --unsafe-perm otherwise
+  # post-install scripts will not have sufficient permissions to do their thing.
+  if is_root; then
+    case "${npm_config_user_agent-}" in npm*)
+      if [ "${npm_config_unsafe_perm-}" != "true" ]; then
+        echo "Please pass --unsafe-perm to npm to install code-server"
+        echo "Otherwise post-install scripts will not have permissions to run"
+        echo "See https://docs.npmjs.com/misc/config#unsafe-perm"
+        echo "See https://stackoverflow.com/questions/49084929/npm-sudo-global-installation-unsafe-perm"
+        exit 1
+      fi
+      ;;
+    esac
+  fi
 
   if ! vscode_install; then
     echo "You may not have the required dependencies to build the native modules."
@@ -106,36 +117,44 @@ main() {
 
 install_with_yarn_or_npm() {
   echo "User agent: ${npm_config_user_agent-none}"
-  # NOTE@edvincent: We want to keep using the package manager that the end-user was using to install the package.
-  # This also ensures that when *we* run `yarn` in the development process, the yarn.lock file is used.
+  # For development we enforce npm, but for installing the package as an
+  # end-user we want to keep using whatever package manager is in use.
   case "${npm_config_user_agent-}" in
     npm*)
-      # HACK: NPM's use of semver doesn't like resolving some peerDependencies that vscode (upstream) brings in the form of pre-releases.
-      # The legacy behavior doesn't complain about pre-releases being used, falling back to that for now.
-      # See https://github.com//pull/5071
-      npm install --unsafe-perm --legacy-peer-deps --omit=dev
+      if ! npm install --unsafe-perm --omit=dev; then
+        return 1
+      fi
       ;;
     yarn*)
-      yarn --production --frozen-lockfile --no-default-rc
+      if ! yarn --production --frozen-lockfile --no-default-rc; then
+        return 1
+      fi
       ;;
     *)
       echo "Could not determine which package manager is being used to install code-server"
       exit 1
       ;;
   esac
+  return 0
 }
 
 vscode_install() {
   echo 'Installing Code dependencies...'
   cd lib/vscode
-  install_with_yarn_or_npm
+  if ! install_with_yarn_or_npm; then
+    return 1
+  fi
 
   symlink_asar
   symlink_bin_script remote-cli code code-server
   symlink_bin_script helpers browser browser .sh
 
   cd extensions
-  install_with_yarn_or_npm
+  if ! install_with_yarn_or_npm; then
+    return 1
+  fi
+
+  return 0
 }
 
 main "$@"

ci/dev/audit.sh

@@ -1,12 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-main() {
-  cd "$(dirname "$0")/../.."
-
-  # Prevents integration with moderate or higher vulnerabilities
-  # Docs: https://github.com/IBM/audit-ci#options
-  yarn audit-ci --moderate
-}
-
-main "$@"

ci/dev/ci.sh

@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-main() {
-  cd "$(dirname "$0")/../.."
-
-  yarn fmt
-  yarn lint
-  yarn _audit
-  yarn test:unit
-}
-
-main "$@"

ci/dev/doctoc.sh

@@ -18,7 +18,7 @@ main() {
     echo "Files need generation or are formatted incorrectly:"
     git -c color.ui=always status | grep --color=no '\[31m'
     echo "Please run the following locally:"
-    echo "  yarn doctoc"
+    echo "  npm run doctoc"
     exit 1
   fi
 }

ci/dev/gen_icons.sh

@@ -1,44 +1,50 @@
 #!/bin/sh
 set -eu
 
+# Generate icons from a single favicon.svg.  favicon.svg should have no fill
+# colors set.
 main() {
   cd src/browser/media
 
-  # We need .ico for backwards compatibility.
-  # The other two are the only icon sizes required by Chrome and
-  # we use them for stuff like apple-touch-icon as well.
-  # https://web.dev/add-manifest/
+  # We need .ico for backwards compatibility.  The other two are the only icon
+  # sizes required by Chrome and we use them for stuff like apple-touch-icon as
+  # well.  https://web.dev/add-manifest/
   #
   # This should be enough and we can always add more if there are problems.
-
+  #
+  # -quiet to avoid https://github.com/ImageMagick/ImageMagick/issues/884
   # -background defaults to white but we want it transparent.
+  # -density somehow makes the image both sharper and smaller in file size.
+  #
   # https://imagemagick.org/script/command-line-options.php#background
-  convert -quiet -background transparent -resize 256x256 favicon.svg favicon.ico
-  # We do not generate the pwa-icon from the favicon as they are slightly different
-  # designs and sizes.
-  # See favicon.afdesign and #2401 for details on the differences.
-  convert -quiet -background transparent -resize 192x192 pwa-icon.png pwa-icon-192.png
-  convert -quiet -background transparent -resize 512x512 pwa-icon.png pwa-icon-512.png
+  convert -quiet -background transparent \
+          -resize 256x256 -density 256x256 \
+          favicon.svg favicon.ico
 
-  # We use -quiet above to avoid https://github.com/ImageMagick/ImageMagick/issues/884
+  # Generate PWA icons.  There should be enough padding to support masking.
+  convert -quiet -border 60x60 -bordercolor white -background white \
+          -resize 192x192 -density 192x192 \
+          favicon.svg pwa-icon-maskable-192.png
+  convert -quiet -border 160x160 -bordercolor white -background white \
+          -resize 512x512 -density 512x512 \
+          favicon.svg pwa-icon-maskable-512.png
 
-  # The following adds dark mode support for the favicon as favicon-dark-support.svg
-  # There is no similar capability for pwas or .ico so we can only add support to the svg.
-  favicon_dark_style="<style>
-@media (prefers-color-scheme: dark) {
-  * {
-    fill: white;
-  }
-}
-</style>"
-  # See https://stackoverflow.com/a/22901380/4283659
-  # This escapes all newlines so that sed will accept them.
-  favicon_dark_style="$(printf "%s\n" "$favicon_dark_style" | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/\\n/g')"
-  sed "$(
-    cat -n << EOF
-s%<rect id="favicon"%$favicon_dark_style<rect id="favicon"%
-EOF
-  )" favicon.svg > favicon-dark-support.svg
+  # Generate non-maskable PWA icons.
+  magick pwa-icon-maskable-192.png \
+         \( +clone -threshold 101% -fill white -draw "roundRectangle 0,0 %[fx:int(w)],%[fx:int(h)] 50,50" \) \
+         -channel-fx "| gray=>alpha" \
+         pwa-icon-192.png
+  magick pwa-icon-maskable-512.png \
+         \( +clone -threshold 101% -fill white -draw "roundRectangle 0,0 %[fx:int(w)],%[fx:int(h)] 100,100" \) \
+         -channel-fx "| gray=>alpha" \
+         pwa-icon-512.png
+
+  # The following adds dark mode support for the favicon as
+  # favicon-dark-support.svg There is no similar capability for pwas or .ico so
+  # we can only add support to the svg.
+  favicon_dark_style="<style>@media (prefers-color-scheme: dark) {* { fill: white; }}</style>"
+  cp favicon.svg favicon-dark-support.svg
+  sed "s%<path%$favicon_dark_style\n  <path%" favicon.svg > favicon-dark-support.svg
 }
 
 main "$@"

ci/dev/postinstall.sh

@@ -3,14 +3,13 @@ set -euo pipefail
 
 # Install dependencies in $1.
 install-deps() {
-  local args=(install)
+  local args=()
   if [[ ${CI-} ]]; then
-    args+=(--frozen-lockfile)
+    args+=(ci)
+  else
+    args+=(install)
   fi
-  if [[ "$1" == "lib/vscode" ]]; then
-    args+=(--no-default-rc)
-  fi
-  # If there is no package.json then yarn will look upward and end up installing
+  # If there is no package.json then npm will look upward and end up installing
   # from the root resulting in an infinite loop (this can happen if you have not
   # checked out the submodule yet for example).
   if [[ ! -f "$1/package.json" ]]; then
@@ -19,7 +18,7 @@ install-deps() {
   fi
   pushd "$1"
   echo "Installing dependencies for $PWD"
-  yarn "${args[@]}"
+  npm "${args[@]}"
   popd
 }
 

ci/dev/preinstall.js

@@ -0,0 +1,3 @@
+if (process.env.npm_execpath.includes("yarn")) {
+  throw new Error("`yarn` is no longer supported; please use `npm install` instead")
+}

ci/dev/test-e2e.sh

@@ -2,9 +2,9 @@
 set -euo pipefail
 
 help() {
-  echo >&2 "  You can build with 'yarn watch' or you can build a release"
-  echo >&2 "  For example: 'yarn build && yarn build:vscode && KEEP_MODULES=1 yarn release'"
-  echo >&2 "  Then 'CODE_SERVER_TEST_ENTRY=./release yarn test:e2e'"
+  echo >&2 "  You can build with 'npm run watch' or you can build a release"
+  echo >&2 "  For example: 'npm run build && npm run build:vscode && KEEP_MODULES=1 npm run release'"
+  echo >&2 "  Then 'CODE_SERVER_TEST_ENTRY=./release npm run test:e2e'"
   echo >&2 "  You can manually run that release with 'node ./release'"
 }
 
@@ -15,7 +15,7 @@ main() {
 
   pushd test/e2e/extensions/test-extension
   echo "Building test extension"
-  yarn build
+  npm run build
   popd
 
   local dir="$PWD"
@@ -44,7 +44,7 @@ main() {
   fi
 
   cd test
-  yarn playwright test "$@"
+  ./node_modules/.bin/playwright test "$@"
 }
 
 main "$@"

ci/dev/test-integration.sh

@@ -2,9 +2,9 @@
 set -euo pipefail
 
 help() {
-  echo >&2 "  You can build the standalone release with 'yarn release:standalone'"
+  echo >&2 "  You can build the standalone release with 'npm run release:standalone'"
   echo >&2 "  Or you can pass in a custom path."
-  echo >&2 "  CODE_SERVER_PATH='/var/tmp/coder/code-server/bin/code-server' yarn test:integration"
+  echo >&2 "  CODE_SERVER_PATH='/var/tmp/coder/code-server/bin/code-server' npm run test:integration"
 }
 
 # Make sure a code-server release works. You can pass in the path otherwise it
@@ -33,7 +33,7 @@ main() {
     exit 1
   fi
 
-  CODE_SERVER_PATH="$path" CS_DISABLE_PLUGINS=true ./test/node_modules/.bin/jest "$@" --coverage=false --testRegex "./test/integration" --testPathIgnorePatterns "./test/integration/fixtures"
+  CODE_SERVER_PATH="$path" ./test/node_modules/.bin/jest "$@" --coverage=false --testRegex "./test/integration" --testPathIgnorePatterns "./test/integration/fixtures"
 }
 
 main "$@"

ci/dev/test-native.sh

@@ -2,9 +2,9 @@
 set -euo pipefail
 
 help() {
-  echo >&2 "  You can build the standalone release with 'yarn release:standalone'"
+  echo >&2 "  You can build the standalone release with 'npm run release:standalone'"
   echo >&2 "  Or you can pass in a custom path."
-  echo >&2 "  CODE_SERVER_PATH='/var/tmp/coder/code-server/bin/code-server' yarn test:integration"
+  echo >&2 "  CODE_SERVER_PATH='/var/tmp/coder/code-server/bin/code-server' npm run test:integration"
 }
 
 # Make sure a code-server release works. You can pass in the path otherwise it

ci/dev/test-unit.sh

@@ -6,15 +6,10 @@ main() {
 
   source ./ci/lib.sh
 
-  echo "Building test plugin"
-  pushd test/unit/node/test-plugin
-  make -s out/index.js
-  popd
-
   # We must keep jest in a sub-directory. See ../../test/package.json for more
   # information. We must also run it from the root otherwise coverage will not
   # include our source files.
-  CS_DISABLE_PLUGINS=true ./test/node_modules/.bin/jest "$@" --testRegex "./test/unit/.*ts" --testPathIgnorePatterns "./test/unit/node/test-plugin"
+  ./test/node_modules/.bin/jest "$@" --testRegex "./test/unit/.*ts"
 }
 
 main "$@"

ci/dev/watch.ts

@@ -45,9 +45,11 @@ class Watcher {
 
   private readonly compilers: DevelopmentCompilers = {
     codeServer: spawn("tsc", ["--watch", "--pretty", "--preserveWatchOutput"], { cwd: this.rootPath }),
-    vscode: spawn("yarn", ["watch"], { cwd: this.paths.vscodeDir }),
-    vscodeWebExtensions: spawn("yarn", ["watch-web"], { cwd: this.paths.vscodeDir }),
-    plugins: this.paths.pluginDir ? spawn("yarn", ["build", "--watch"], { cwd: this.paths.pluginDir }) : undefined,
+    vscode: spawn("npm", ["run", "watch"], { cwd: this.paths.vscodeDir }),
+    vscodeWebExtensions: spawn("npm", ["run", "watch-web"], { cwd: this.paths.vscodeDir }),
+    plugins: this.paths.pluginDir
+      ? spawn("npm", ["run", "build", "--watch"], { cwd: this.paths.pluginDir })
+      : undefined,
   }
 
   public async initialize(): Promise<void> {

ci/helm-chart/Chart.yaml

@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.5.1
+version: 3.31.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 4.9.1
+appVersion: 4.104.2

ci/helm-chart/templates/deployment.yaml

@@ -7,8 +7,11 @@ metadata:
     helm.sh/chart: {{ include "code-server.chart" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- if .Values.annotations }}
+  annotations: {{- toYaml .Values.annotations | nindent 4 }}
+  {{- end }}
 spec:
-  replicas: 1
+  replicas: {{ .Values.replicaCount | default 1 }}
   strategy:
     type: Recreate
   selector:
@@ -20,6 +23,9 @@ spec:
       labels:
         app.kubernetes.io/name: {{ include "code-server.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
+      {{- if .Values.podAnnotations }}
+      annotations: {{- toYaml .Values.podAnnotations | nindent 8 }}
+      {{- end }}
     spec:
       imagePullSecrets: {{- toYaml .Values.imagePullSecrets | nindent 8 }}
       {{- if .Values.hostnameOverride }}
@@ -32,8 +38,9 @@ spec:
       securityContext:
         fsGroup: {{ .Values.securityContext.fsGroup }}
       {{- end }}
-      {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+      {{- if or (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.extraInitContainers }}
       initContainers:
+      {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
       - name: init-chmod-data
         image: busybox:latest
         imagePullPolicy: IfNotPresent
@@ -47,6 +54,7 @@ spec:
         volumeMounts:
         - name: data
           mountPath: /home/coder
+      {{- end }}
 {{- if .Values.extraInitContainers }}
 {{ tpl .Values.extraInitContainers . | indent 6}}
 {{- end }}
@@ -174,9 +182,12 @@ spec:
         {{- if .existingClaim }}
         persistentVolumeClaim:
           claimName: {{ .existingClaim }}
-        {{- else }}
+        {{- else if .hostPath }}
         hostPath:
           path: {{ .hostPath }}
           type: Directory
+        {{- else }}
+        emptyDir:
+          {{- toYaml .emptyDir | nindent 10 }}
         {{- end }}
       {{- end }}

ci/helm-chart/templates/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.existingSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -11,8 +12,9 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 type: Opaque
 data:
-  {{ if .Values.password }}
+  {{- if .Values.password }}
   password: "{{ .Values.password | b64enc }}"
-  {{ else }}
+  {{- else }}
   password: "{{ randAlphaNum 24 | b64enc }}"
-  {{ end }}
+  {{- end }}
+{{- end }}

ci/helm-chart/values.yaml

@@ -6,7 +6,7 @@ replicaCount: 1
 
 image:
   repository: codercom/code-server
-  tag: '4.9.1'
+  tag: '4.104.2'
   pullPolicy: Always
 
 # Specifies one or more secrets to be used when pulling images from a
@@ -19,6 +19,9 @@ nameOverride: ""
 fullnameOverride: ""
 hostnameOverride: ""
 
+# The existing secret to use for code-server authentication in the frontend. the password is stored in the secret under the key `password`
+# existingSecret: ""
+
 serviceAccount:
   # Specifies whether a service account should be created
   create: true
@@ -28,6 +31,9 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name: ""
 
+# Specifies annotations for deployment
+annotations: {}
+
 podAnnotations: {}
 
 podSecurityContext: {}
@@ -71,9 +77,10 @@ extraArgs: []
 # Optional additional environment variables
 extraVars: []
 #  - name: DISABLE_TELEMETRY
-#    value: true
+#    value: "true"
+# if dind is desired:
 #  - name: DOCKER_HOST
-#    value: "tcp://localhost:2375"
+#    value: "tcp://localhost:2376"
 
 ##
 ## Init containers parameters:
@@ -136,25 +143,39 @@ lifecycle:
   #      - -c
   #      - curl -s -L SOME_SCRIPT | bash
 
+  # for dind, the following may be helpful
+  # postStart:
+  #   exec:
+  #     command:
+  #       - /bin/sh
+  #       - -c
+  #       - |
+  #         sudo apt-get update \
+  #           && sudo apt-get install -y docker.io
+
 ## Enable an Specify container in extraContainers.
 ## This is meant to allow adding code-server dependencies, like docker-dind.
 extraContainers: |
 # If docker-dind is used, DOCKER_HOST env is mandatory to set in "extraVars"
-#- name: docker-dind
-#  image: docker:19.03-dind
-#  imagePullPolicy: IfNotPresent
-#  resources:
-#    requests:
-#      cpu: 250m
-#      memory: 256M
-#  securityContext:
-#    privileged: true
-#    procMount: Default
-#  env:
-#  - name: DOCKER_TLS_CERTDIR
-#    value: ""
-#  - name: DOCKER_DRIVER
-#    value: "overlay2"
+# - name: docker-dind
+#   image: docker:28.3.2-dind
+#   imagePullPolicy: IfNotPresent
+#   resources:
+#     requests:
+#       cpu: 1
+#       ephemeral-storage: "50Gi"
+#       memory: 10Gi
+#   securityContext:
+#     privileged: true
+#     procMount: Default
+#   env:
+#     - name: DOCKER_TLS_CERTDIR
+#       value: "" # disable TLS setup
+#   command:
+#     - dockerd
+#     - --host=unix:///var/run/docker.sock
+#     - --host=tcp://0.0.0.0:2376
+
 
 extraInitContainers: |
 # - name: customization
@@ -190,6 +211,7 @@ extraVolumeMounts: []
   #   readOnly: true
   #   existingClaim: volume-claim
   #   hostPath: ""
+  #   emptyDir: {}
 
 extraConfigmapMounts: []
   # - name: certs-configmap

ci/release-image/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:experimental
 
-ARG BASE=debian:11
+ARG BASE=debian:12
 FROM scratch AS packages
 COPY release-packages/code-server*.deb /tmp/
 
@@ -10,18 +10,19 @@ RUN apt-get update \
   && apt-get install -y \
     curl \
     dumb-init \
-    zsh \
-    htop \
-    locales \
-    man \
-    nano \
     git \
     git-lfs \
-    procps \
-    openssh-client \
-    sudo \
-    vim.tiny \
+    htop \
+    locales \
     lsb-release \
+    man-db \
+    nano \
+    openssh-client \
+    procps \
+    sudo \
+    vim-tiny \
+    wget \
+    zsh \
   && git lfs install \
   && rm -rf /var/lib/apt/lists/*
 
@@ -30,11 +31,14 @@ RUN sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen \
   && locale-gen
 ENV LANG=en_US.UTF-8
 
-RUN adduser --gecos '' --disabled-password coder \
+RUN if grep -q 1000 /etc/passwd; then \
+    userdel -r "$(id -un 1000)"; \
+  fi \
+  && adduser --gecos '' --disabled-password coder \
   && echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
 
 RUN ARCH="$(dpkg --print-architecture)" \
-  && curl -fsSL "https://github.com/boxboat/fixuid/releases/download/v0.5/fixuid-0.5-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - \
+  && curl -fsSL "https://github.com/boxboat/fixuid/releases/download/v0.6.0/fixuid-0.6.0-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - \
   && chown root:root /usr/local/bin/fixuid \
   && chmod 4755 /usr/local/bin/fixuid \
   && mkdir -p /etc/fixuid \

ci/release-image/Dockerfile.fedora

@@ -0,0 +1,51 @@
+# syntax=docker/dockerfile:experimental
+
+ARG BASE=fedora:39
+FROM scratch AS packages
+COPY release-packages/code-server*.rpm /tmp/
+
+FROM $BASE
+
+RUN dnf update -y \
+    && dnf install -y \
+    curl \
+    git \
+    git-lfs \
+    htop \
+    nano \
+    openssh-clients \
+    procps \
+    wget \
+    zsh \
+    dumb-init \
+    glibc-langpack-en \
+    && rm -rf /var/cache/dnf
+RUN git lfs install
+
+ENV LANG=en_US.UTF-8
+RUN echo 'LANG="en_US.UTF-8"' > /etc/locale.conf
+
+RUN useradd -u 1000 coder && echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
+
+RUN ARCH="$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g')" \
+  && curl -fsSL "https://github.com/boxboat/fixuid/releases/download/v0.6.0/fixuid-0.6.0-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - \
+  && chown root:root /usr/local/bin/fixuid \
+  && chmod 4755 /usr/local/bin/fixuid \
+  && mkdir -p /etc/fixuid \
+  && printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml
+
+COPY ci/release-image/entrypoint.sh /usr/bin/entrypoint.sh
+RUN --mount=from=packages,src=/tmp,dst=/tmp/packages rpm -i /tmp/packages/code-server*$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g').rpm
+
+# Allow users to have scripts run on container startup to prepare workspace.
+# https://github.com/coder/code-server/issues/5177
+ENV ENTRYPOINTD=${HOME}/entrypoint.d
+
+EXPOSE 8080
+# This way, if someone sets $DOCKER_USER, docker-exec will still work as
+# the uid will remain the same. note: only relevant if -u isn't passed to
+# docker-run.
+USER 1000
+ENV USER=coder
+WORKDIR /home/coder
+ENTRYPOINT ["/usr/bin/entrypoint.sh", "--bind-addr", "0.0.0.0:8080", "."]

ci/release-image/Dockerfile.opensuse

@@ -0,0 +1,51 @@
+# syntax=docker/dockerfile:experimental
+
+ARG BASE=opensuse/tumbleweed
+FROM scratch AS packages
+COPY release-packages/code-server*.rpm /tmp/
+
+FROM $BASE
+
+RUN zypper dup -y \
+    && zypper in -y \
+    curl \
+    git \
+    git-lfs \
+    htop \
+    nano \
+    openssh-clients \
+    procps \
+    wget \
+    zsh \
+    sudo \
+    catatonit \
+    && rm -rf /var/cache/zypp /var/cache/zypper
+RUN git lfs install
+
+ENV LANG=en_US.UTF-8
+RUN echo 'LANG="en_US.UTF-8"' > /etc/locale.conf
+
+RUN useradd -u 1000 coder && echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
+
+RUN ARCH="$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g')" \
+  && curl -fsSL "https://github.com/boxboat/fixuid/releases/download/v0.6.0/fixuid-0.6.0-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - \
+  && chown root:root /usr/local/bin/fixuid \
+  && chmod 4755 /usr/local/bin/fixuid \
+  && mkdir -p /etc/fixuid \
+  && printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml
+
+COPY ci/release-image/entrypoint-catatonit.sh /usr/bin/entrypoint-catatonit.sh
+RUN --mount=from=packages,src=/tmp,dst=/tmp/packages rpm -i /tmp/packages/code-server*$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g').rpm
+
+# Allow users to have scripts run on container startup to prepare workspace.
+# https://github.com/coder/code-server/issues/5177
+ENV ENTRYPOINTD=${HOME}/entrypoint.d
+
+EXPOSE 8080
+# This way, if someone sets $DOCKER_USER, docker-exec will still work as
+# the uid will remain the same. note: only relevant if -u isn't passed to
+# docker-run.
+USER 1000
+ENV USER=coder
+WORKDIR /home/coder
+ENTRYPOINT ["/usr/bin/entrypoint-catatonit.sh", "--bind-addr", "0.0.0.0:8080", "."]

ci/release-image/docker-bake.hcl

@@ -16,8 +16,11 @@ variable "GITHUB_REGISTRY" {
 
 group "default" {
     targets = [
-        "code-server-debian-11", 
+        "code-server-debian-12",
         "code-server-ubuntu-focal",
+        "code-server-ubuntu-noble",
+        "code-server-fedora-39",
+        "code-server-opensuse-tumbleweed",
     ]
 }
 
@@ -45,12 +48,12 @@ function "gen_tags_for_docker_and_ghcr" {
     )
 }
 
-target "code-server-debian-11" {
+target "code-server-debian-12" {
     dockerfile = "ci/release-image/Dockerfile"
     tags = concat(
         gen_tags_for_docker_and_ghcr(""),
         gen_tags_for_docker_and_ghcr("debian"),
-        gen_tags_for_docker_and_ghcr("bullseye"),
+        gen_tags_for_docker_and_ghcr("bookworm"),
     )
     platforms = ["linux/amd64", "linux/arm64"]
 }
@@ -66,3 +69,38 @@ target "code-server-ubuntu-focal" {
     }
     platforms = ["linux/amd64", "linux/arm64"]
 }
+
+target "code-server-ubuntu-noble" {
+    dockerfile = "ci/release-image/Dockerfile"
+    tags = concat(
+        gen_tags_for_docker_and_ghcr("noble"),
+    )
+    args = {
+        BASE = "ubuntu:noble"
+    }
+    platforms = ["linux/amd64", "linux/arm64"]
+}
+
+target "code-server-fedora-39" {
+    dockerfile = "ci/release-image/Dockerfile.fedora"
+    tags = concat(
+        gen_tags_for_docker_and_ghcr("fedora"),
+        gen_tags_for_docker_and_ghcr("39"),
+    )
+    args = {
+        BASE = "fedora:39"
+    }
+    platforms = ["linux/amd64", "linux/arm64"]
+}
+
+target "code-server-opensuse-tumbleweed" {
+    dockerfile = "ci/release-image/Dockerfile.opensuse"
+    tags = concat(
+        gen_tags_for_docker_and_ghcr("opensuse"),
+        gen_tags_for_docker_and_ghcr("tumbleweed"),
+    )
+    args = {
+        BASE = "opensuse/tumbleweed"
+    }
+    platforms = ["linux/amd64", "linux/arm64"]
+}

ci/release-image/entrypoint-catatonit.sh

@@ -0,0 +1,27 @@
+#!/bin/sh
+set -eu
+
+# We do this first to ensure sudo works below when renaming the user.
+# Otherwise the current container UID may not exist in the passwd database.
+eval "$(fixuid -q)"
+
+if [ "${DOCKER_USER-}" ]; then
+  USER="$DOCKER_USER"
+  if [ "$DOCKER_USER" != "$(whoami)" ]; then
+    echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null
+    # Unfortunately we cannot change $HOME as we cannot move any bind mounts
+    # nor can we bind mount $HOME into a new home as that requires a privileged container.
+    sudo usermod --login "$DOCKER_USER" coder
+    sudo groupmod -n "$DOCKER_USER" coder
+
+    sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
+  fi
+fi
+
+# Allow users to have scripts run on container startup to prepare workspace.
+# https://github.com/coder/code-server/issues/5177
+if [ -d "${ENTRYPOINTD}" ]; then
+  find "${ENTRYPOINTD}" -type f -executable -print -exec {} \;
+fi
+
+exec catatonit -- /usr/bin/code-server "$@"

ci/release-image/entrypoint.sh

@@ -7,7 +7,7 @@ eval "$(fixuid -q)"
 
 if [ "${DOCKER_USER-}" ]; then
   USER="$DOCKER_USER"
-  if [ "$DOCKER_USER" != "$(whoami)" ]; then
+  if [ -z "$(id -u "$DOCKER_USER" 2>/dev/null)" ]; then
     echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null
     # Unfortunately we cannot change $HOME as we cannot move any bind mounts
     # nor can we bind mount $HOME into a new home as that requires a privileged container.

ci/steps/publish-npm.sh

@@ -53,11 +53,11 @@ main() {
   # This string is used to determine how we should tag the npm release.
   # Environment can be one of three choices:
   # "development" - this means we tag with the PR number, allowing
-  # a developer to install this version with `yarn add code-server@<pr-number>`
+  # a developer to install this version with `npm install code-server@<pr-number>`
   # "staging" - this means we tag with `beta`, allowing
-  # a developer to install this version with `yarn add code-server@beta`
+  # a developer to install this version with `npm install code-server@beta`
   # "production" - this means we tag with `latest` (default), allowing
-  # a developer to install this version with `yarn add code-server@latest`
+  # a developer to install this version with `npm install code-server@latest`
   if ! is_env_var_set "NPM_ENVIRONMENT"; then
     echo "NPM_ENVIRONMENT is not set."
     echo "Determining in script based on GITHUB environment variables."
@@ -86,7 +86,7 @@ main() {
   if [[ "$NPM_ENVIRONMENT" == "production" ]]; then
     NPM_VERSION="$VERSION"
     # This means the npm version will be published as "stable"
-    # and installed when a user runs `yarn install code-server`
+    # and installed when a user runs `npm install code-server`
     NPM_TAG="latest"
   else
     COMMIT_SHA="$GITHUB_SHA"
@@ -94,7 +94,7 @@ main() {
     if [[ "$NPM_ENVIRONMENT" == "staging" ]]; then
       NPM_VERSION="$VERSION-beta-$COMMIT_SHA"
       # This means the npm version will be tagged with "beta"
-      # and installed when a user runs `yarn install code-server@beta`
+      # and installed when a user runs `npm install code-server@beta`
       NPM_TAG="beta"
       PACKAGE_NAME="@coder/code-server-pr"
     fi
@@ -105,7 +105,7 @@ main() {
       NPM_VERSION="$VERSION-$PR_NUMBER-$COMMIT_SHA"
       PACKAGE_NAME="@coder/code-server-pr"
       # This means the npm version will be tagged with "<pr number>"
-      # and installed when a user runs `yarn install code-server@<pr number>`
+      # and installed when a user runs `npm install code-server@<pr number>`
       NPM_TAG="$PR_NUMBER"
     fi
 
@@ -120,10 +120,7 @@ main() {
     # Example: "version": "4.0.1-4769-ad7b23cfe6ffd72914e34781ef7721b129a23040"
     # Example: "version": "4.0.1-beta-ad7b23cfe6ffd72914e34781ef7721b129a23040"
     pushd release
-    # NOTE@jsjoeio
-    # I originally tried to use `yarn version` but ran into issues and abandoned it.
     npm version "$NPM_VERSION"
-    # NOTE@jsjoeio
     # Use the development package name
     # This is so we don't clutter the code-server versions on npm
     # with development versions.
@@ -134,7 +131,6 @@ main() {
     popd
   fi
 
-  # NOTE@jsjoeio
   # We need to make sure we haven't already published the version.
   # If we get error, continue with script because we want to publish
   # If version is valid, we check if we're publishing the same one
@@ -144,10 +140,10 @@ main() {
     return
   fi
 
-  # NOTE@jsjoeio
   # Since the dev builds are scoped to @coder
   # We pass --access public to ensure npm knows it's not private.
-  yarn publish --non-interactive release --tag "$NPM_TAG" --access public
+  cd release
+  npm publish --tag "$NPM_TAG" --access public
 }
 
 main "$@"

docs/CONTRIBUTING.md

@@ -5,8 +5,6 @@
 
 - [Requirements](#requirements)
   - [Linux-specific requirements](#linux-specific-requirements)
-- [Creating pull requests](#creating-pull-requests)
-  - [Commits and commit history](#commits-and-commit-history)
 - [Development workflow](#development-workflow)
   - [Version updates to Code](#version-updates-to-code)
   - [Patching Code](#patching-code)
@@ -28,19 +26,16 @@
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 <!-- prettier-ignore-end -->
 
-- [Detailed CI and build process docs](../ci)
-
 ## Requirements
 
 The prerequisites for contributing to code-server are almost the same as those
-for [VS
-Code](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites).
+for [VS Code](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites).
 Here is what is needed:
 
-- `node` v16.x
+- `node` v22.x
 - `git` v2.x or greater
 - [`git-lfs`](https://git-lfs.github.com)
-- [`yarn`](https://classic.yarnpkg.com/en/)
+- [`npm`](https://www.npmjs.com/)
   - Used to install JS packages and run scripts
 - [`nfpm`](https://nfpm.goreleaser.com/)
   - Used to build `.deb` and `.rpm` packages
@@ -60,38 +55,23 @@ Here is what is needed:
 
 ### Linux-specific requirements
 
-If you're developing code-server on Linux, make sure you have installed or install the following dependencies:
+If you're developing code-server on Linux, make sure you have installed or
+install the following dependencies:
 
 ```shell
-sudo apt-get install build-essential g++ libx11-dev libxkbfile-dev libsecret-1-dev python-is-python3
+sudo apt-get install build-essential g++ libx11-dev libxkbfile-dev libsecret-1-dev libkrb5-dev python-is-python3
 ```
 
-These are required by Code. See [their Wiki](https://github.com/microsoft/vscode/wiki/How-to-Contribute#prerequisites) for more information.
-
-## Creating pull requests
-
-Please create a [GitHub Issue](https://github.com/coder/code-server/issues) that
-includes context for issues that you see. You can skip this if the proposed fix
-is minor.
-
-In your pull requests (PR), link to the issue that the PR solves.
-
-Please ensure that the base of your PR is the **main** branch.
-
-### Commits and commit history
-
-We prefer a clean commit history. This means you should squash all fixups and
-fixup-type commits before asking for a review (e.g., clean up, squash, then force
-push). If you need help with this, feel free to leave a comment in your PR, and
-we'll guide you.
+These are required by Code. See [their Wiki](https://github.com/microsoft/vscode/wiki/How-to-Contribute#prerequisites)
+for more information.
 
 ## Development workflow
 
 1. `git clone https://github.com/coder/code-server.git` - Clone `code-server`
 2. `git submodule update --init` - Clone `vscode` submodule
 3. `quilt push -a` - Apply patches to the `vscode` submodule.
-4. `yarn` - Install dependencies
-5. `yarn watch` - Launch code-server localhost:8080. code-server will be live
+4. `npm install` - Install dependencies
+5. `npm run watch` - Launch code-server localhost:8080. code-server will be live
    reloaded when changes are made; the browser needs to be refreshed manually.
 
 When pulling down changes that include modifications to the patches you will
@@ -99,55 +79,62 @@ need to apply them with `quilt`. If you pull down changes that update the
 `vscode` submodule you will need to run `git submodule update --init` and
 re-apply the patches.
 
+When you make a change that affects people deploying the marketplace please
+update the changelog as part of your PR.
+
+Note that building code-server takes a very, very long time, and loading it in
+the browser in development mode also takes a very, very long time.
+
+Display language (Spanish, etc) support only works in a full build; it will not
+work in development mode.
+
+Generally we prefer that PRs be squashed into `main` but you can rebase or merge
+if it is important to keep the individual commits (make sure to clean up the
+commits first if you are doing this).
+
 ### Version updates to Code
 
-1. Update the `lib/vscode` submodule to the desired upstream version branch.
+1. Remove any patches with `quilt pop -a`.
+2. Update the `lib/vscode` submodule to the desired upstream version branch.
    1. `cd lib/vscode && git checkout release/1.66 && cd ../..`
-   2. `git add lib && git commit -m "chore: update Code"`
-2. Apply the patches (`quilt push -a`) or restore your stashed changes. At this
-   stage you may need to resolve conflicts. For example use `quilt push -f`,
-   manually apply the rejected portions, then `quilt refresh`.
-3. From the code-server **project root**, run `yarn install`.
-4. Test code-server locally to make sure everything works.
+   2. `git add lib && git commit -m "chore: update to Code <version>"`
+3. Apply the patches one at a time (`quilt push`). If the application succeeds
+   but the lines changed, update the patch with `quilt refresh`. If there are
+   conflicts, then force apply with `quilt push -f`, manually add back the
+   rejected code, then run `quilt refresh`.
+4. From the code-server **project root**, run `npm install`.
 5. Check the Node.js version that's used by Electron (which is shipped with VS
-   Code. If necessary, update your version of Node.js to match.
-6. Commit the updated submodule and patches to `code-server`.
-7. Open a PR.
-
-Tip: if you're certain all patches are applied correctly and you simply need to
-refresh, you can use this trick:
-
-```shell
-while quilt push; do quilt refresh; done
-```
-
-[Source](https://raphaelhertzog.com/2012/08/08/how-to-use-quilt-to-manage-patches-in-debian-packages/)
+   Code. If necessary, update our version of Node.js to match.
 
 ### Patching Code
 
-0. You can go through the patch stack with `quilt push` and `quilt pop`.
-1. Create a new patch (`quilt new {name}.diff`) or use an existing patch.
-2. Add the file(s) you are patching (`quilt add [-P patch] {file}`). A file
+1. You can go through the patch stack with `quilt push` and `quilt pop`.
+2. Create a new patch (`quilt new {name}.diff`) or use an existing patch.
+3. Add the file(s) you are patching (`quilt add [-P patch] {file}`). A file
    **must** be added before you make changes to it.
-3. Make your changes. Patches do not need to be independent of each other but
+4. Make your changes. Patches do not need to be independent of each other but
    each patch must result in a working code-server without any broken in-between
    states otherwise they are difficult to test and modify.
-4. Add your changes to the patch (`quilt refresh`)
-5. Add a comment in the patch about the reason for the patch and how to
+5. Add your changes to the patch (`quilt refresh`)
+6. Add a comment in the patch about the reason for the patch and how to
    reproduce the behavior it fixes or adds. Every patch should have an e2e test
    as well.
 
 ### Build
 
-You can build as follows:
+You can build a full production as follows:
 
 ```shell
-yarn build
-yarn build:vscode
-yarn release
+git submodule update --init
+quilt push -a
+npm install
+npm run build
+VERSION=0.0.0 npm run build:vscode
+npm run release
 ```
 
-_NOTE: this does not keep `node_modules`. If you want them to be kept, use `KEEP_MODULES=1 yarn release` (if you're testing in Coder, you'll want to do this)_
+This does not keep `node_modules`. If you want them to be kept, use
+`KEEP_MODULES=1 npm run release`
 
 Run your build:
 
@@ -158,16 +145,16 @@ npm install --omit=dev # Skip if you used KEEP_MODULES=1
 node .
 ```
 
-Build the release packages (make sure that you run `yarn release` first):
+Then, to build the release package:
 
 ```shell
-yarn release:standalone
-yarn test:integration
-yarn package
+npm run release:standalone
+npm run test:integration
+npm run package
 ```
 
 > On Linux, the currently running distro will become the minimum supported
-> version. In our GitHub Actions CI, we use CentOS 7 for maximum compatibility.
+> version. In our GitHub Actions CI, we use CentOS 8 for maximum compatibility.
 > If you need your builds to support older distros, run the build commands
 > inside a Docker container with all the build requirements installed.
 
@@ -181,27 +168,32 @@ writing, we do this for the following platforms/architectures:
 - Linux arm7l (.tar.gz)
 - Linux armhf.deb
 - Linux armhf.rpm
-- macOS amd64 (Intel-based)
+- macOS arm64.tar.gz
 
-Currently, these are compiled in CI using the `yarn release-standalone` command
-in the `release.yaml` workflow. We then upload them to the draft release and
-distribute via GitHub Releases.
+Currently, these are compiled in CI using the `npm run release:standalone`
+command in the `release.yaml` workflow. We then upload them to the draft release
+and distribute via GitHub Releases.
 
 ### Troubleshooting
 
 #### I see "Forbidden access" when I load code-server in the browser
 
-This means your patches didn't apply correctly. We have a patch to remove the auth from vanilla Code because we use our own.
+This means your patches didn't apply correctly. We have a patch to remove the
+auth from vanilla Code because we use our own.
 
-Try popping off the patches with `quilt pop -a` and reapplying with `quilt push -a`.
+Try popping off the patches with `quilt pop -a` and reapplying with `quilt push
+-a`.
 
 #### "Can only have one anonymous define call per script"
 
-Code might be trying to use a dev or prod HTML in the wrong context. You can try re-running code-server and setting `VSCODE_DEV=1`.
+Code might be trying to use a dev or prod HTML in the wrong context. You can try
+re-running code-server and setting `VSCODE_DEV=1`.
 
 ### Help
 
-If you get stuck or need help, you can always start a new GitHub Discussion [here](https://github.com/coder/code-server/discussions). One of the maintainers will respond and help you out.
+If you get stuck or need help, you can always start a new GitHub Discussion
+[here](https://github.com/coder/code-server/discussions). One of the maintainers
+will respond and help you out.
 
 ## Test
 
@@ -219,7 +211,9 @@ Our unit tests are written in TypeScript and run using
 
 These live under [test/unit](../test/unit).
 
-We use unit tests for functions and things that can be tested in isolation. The file structure is modeled closely after `/src` so it's easy for people to know where test files should live.
+We use unit tests for functions and things that can be tested in isolation. The
+file structure is modeled closely after `/src` so it's easy for people to know
+where test files should live.
 
 ### Script tests
 
@@ -227,12 +221,14 @@ Our script tests are written in bash and run using [bats](https://github.com/bat
 
 These tests live under `test/scripts`.
 
-We use these to test anything related to our scripts (most of which live under `ci`).
+We use these to test anything related to our scripts (most of which live under
+`ci`).
 
 ### Integration tests
 
-These are a work in progress. We build code-server and run tests with `yarn test:integration`, which ensures that code-server builds work on their respective
-platforms.
+These are a work in progress. We build code-server and run tests with `npm run
+test:integration`, which ensures that code-server builds work on their
+respective platforms.
 
 Our integration tests look at components that rely on one another. For example,
 testing the CLI requires us to build and package code-server.
@@ -253,15 +249,10 @@ Take a look at `codeServer.test.ts` to see how you would use it (see
 We also have a model where you can create helpers to use within tests. See
 [models/CodeServer.ts](../test/e2e/models/CodeServer.ts) for an example.
 
-Generally speaking, e2e means testing code-server while running in the browser
-and interacting with it in a way that's similar to how a user would interact
-with it. When running these tests with `yarn test:e2e`, you must have
-code-server running locally. In CI, this is taken care of for you.
-
 ## Structure
 
-The `code-server` script serves as an HTTP API for login and starting a remote
-Code process.
+code-server essentially serves as an HTTP API for logging in and starting a
+remote Code process.
 
 The CLI code is in [src/node](../src/node) and the HTTP routes are implemented
 in [src/node/routes](../src/node/routes).

docs/FAQ.md

@@ -14,6 +14,7 @@
 - [How do I install an extension manually?](#how-do-i-install-an-extension-manually)
 - [How do I use my own extensions marketplace?](#how-do-i-use-my-own-extensions-marketplace)
 - [Where are extensions stored?](#where-are-extensions-stored)
+- [Where is VS Code configuration stored?](#where-is-vs-code-configuration-stored)
 - [How can I reuse my VS Code configuration?](#how-can-i-reuse-my-vs-code-configuration)
 - [How does code-server decide what workspace or folder to open?](#how-does-code-server-decide-what-workspace-or-folder-to-open)
 - [How do I access my Documents/Downloads/Desktop folders in code-server on macOS?](#how-do-i-access-my-documentsdownloadsdesktop-folders-in-code-server-on-macos)
@@ -30,11 +31,14 @@
 - [What's the difference between code-server and Theia?](#whats-the-difference-between-code-server-and-theia)
 - [What's the difference between code-server and OpenVSCode-Server?](#whats-the-difference-between-code-server-and-openvscode-server)
 - [What's the difference between code-server and GitHub Codespaces?](#whats-the-difference-between-code-server-and-github-codespaces)
+- [What's the difference between code-server and VS Code web?](#whats-the-difference-between-code-server-and-vs-code-web)
 - [Does code-server have any security login validation?](#does-code-server-have-any-security-login-validation)
 - [Are there community projects involving code-server?](#are-there-community-projects-involving-code-server)
 - [How do I change the port?](#how-do-i-change-the-port)
 - [How do I hide the coder/coder promotion in Help: Getting Started?](#how-do-i-hide-the-codercoder-promotion-in-help-getting-started)
+- [How do I disable the proxy?](#how-do-i-disable-the-proxy)
 - [How do I disable file download?](#how-do-i-disable-file-download)
+- [Why do web views not work?](#why-do-web-views-not-work)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 <!-- prettier-ignore-end -->
@@ -88,6 +92,12 @@ app (PWA):
 1. Start the editor
 2. Click the **plus** icon in the URL toolbar to install the PWA
 
+If you use Firefox, you can use the appropriate extension to install PWA.
+
+1. Go to the installation [website](https://addons.mozilla.org/en-US/firefox/addon/pwas-for-firefox/) of the add-on
+2. Add the add-on to Firefox
+3. Follow the os-specific instructions on how to install the runtime counterpart
+
 For other browsers, you'll have to remap keybindings for shortcuts to work.
 
 ## Why can't code-server use Microsoft's extension marketplace?
@@ -169,10 +179,10 @@ If you own a marketplace that implements the VS Code Extension Gallery API, you
 can point code-server to it by setting `$EXTENSIONS_GALLERY`.
 This corresponds directly with the `extensionsGallery` entry in in VS Code's `product.json`.
 
-For example, to use the legacy Coder extensions marketplace:
+For example:
 
 ```bash
-export EXTENSIONS_GALLERY='{"serviceUrl": "https://extensions.coder.com/api"}'
+export EXTENSIONS_GALLERY='{"serviceUrl": "https://my-extensions/api"}'
 ```
 
 Though you can technically use Microsoft's marketplace in this manner, we
@@ -185,10 +195,20 @@ docs](https://github.com/VSCodium/vscodium/blob/master/DOCS.md#extensions--marke
 
 ## Where are extensions stored?
 
-Extensions are store, by default, to `~/.local/share/code-server/extensions`.
+Extensions are stored in `~/.local/share/code-server/extensions` by default.
 
-If you set the `XDG_DATA_HOME` environment variable, the data directory will be
-`$XDG_DATA_HOME/code-server/extensions`. In general, we try to follow the XDG directory spec.
+On Linux and macOS if you set the `XDG_DATA_HOME` environment variable, the
+extensions directory will be `$XDG_DATA_HOME/code-server/extensions`. In
+general, we try to follow the XDG directory spec.
+
+## Where is VS Code configuration stored?
+
+VS Code configuration such as settings and keybindings are stored in
+`~/.local/share/code-server` by default.
+
+On Linux and macOS if you set the `XDG_DATA_HOME` environment variable, the data
+directory will be `$XDG_DATA_HOME/code-server`. In general, we try to follow the
+XDG directory spec.
 
 ## How can I reuse my VS Code configuration?
 
@@ -303,12 +323,8 @@ As long as there is an active browser connection, code-server touches
 `~/.local/share/code-server/heartbeat` once a minute.
 
 If you want to shutdown code-server if there hasn't been an active connection
-after a predetermined amount of time, you can do so by checking continuously for
-the last modified time on the heartbeat file. If it is older than X minutes (or
-whatever amount of time you'd like), you can kill code-server.
-
-Eventually, [#1636](https://github.com/coder/code-server/issues/1636) will make
-this process better.
+after a predetermined amount of time, you can use the --idle-timeout-seconds flag
+or set an `CODE_SERVER_IDLE_TIMEOUT_SECONDS` environment variable.
 
 ## How do I change the password?
 
@@ -338,6 +354,12 @@ hashed-password: "$argon2i$v=19$m=4096,t=3,p=1$wST5QhBgk2lu1ih4DMuxvg$LS1alrVdIW
 
 The `hashed-password` field takes precedence over `password`.
 
+If you're using Docker Compose file, in order to make this work, you need to change all the single $ to $$. For example:
+
+```yaml
+- HASHED_PASSWORD=$$argon2i$$v=19$$m=4096,t=3,p=1$$wST5QhBgk2lu1ih4DMuxvg$$LS1alrVdIWtvZHwnzCM1DUGg+5DTO3Dt1d5v9XtLws4
+```
+
 ## Is multi-tenancy possible?
 
 If you want to run multiple code-servers on shared infrastructure, we recommend
@@ -358,6 +380,9 @@ mount into `/home/coder/myproject` from inside the `code-server` container. You
 need to make sure the Docker daemon's `/home/coder/myproject` is the same as the
 one mounted inside the `code-server` container, and the mount will work.
 
+If you want Docker enabled when deploying on Kubernetes, look at the `values.yaml`
+file for the 3 fields: `extraVars`, `lifecycle.postStart`, and `extraContainers`.
+
 ## How do I disable telemetry?
 
 Use the `--disable-telemetry` flag to disable telemetry.
@@ -390,19 +415,13 @@ Theia doesn't allow you to reuse your existing VS Code config.
 ## What's the difference between code-server and OpenVSCode-Server?
 
 code-server and OpenVSCode-Server both allow you to access VS Code via a
-browser. The two projects also use their own [forks of VS Code](https://github.com/coder/vscode) to
-leverage modern VS Code APIs and stay up to date with the upsteam version.
+browser. OpenVSCode-Server is a direct fork of VS Code with changes comitted
+directly while code-server pulls VS Code in via a submodule and makes changes
+via patch files.
 
-However, OpenVSCode-Server is scoped at only making VS Code available in the web browser.
-code-server includes some other features:
-
-- password auth
-- proxy web ports
-- certificate support
-- plugin API
-- settings sync (coming soon)
-
-For more details, see [this discussion post](https://github.com/coder/code-server/discussions/4267#discussioncomment-1411583).
+However, OpenVSCode-Server is scoped at only making VS Code available as-is in
+the web browser. code-server contains additional changes to make the self-hosted
+experience better (see the next section for details).
 
 ## What's the difference between code-server and GitHub Codespaces?
 
@@ -410,8 +429,32 @@ Both code-server and GitHub Codespaces allow you to access VS Code via a
 browser. GitHub Codespaces, however, is a closed-source, paid service offered by
 GitHub and Microsoft.
 
-On the other hand, code-server is self-hosted, free, open-source, and
-can be run on any machine with few limitations.
+On the other hand, code-server is self-hosted, free, open-source, and can be run
+on any machine with few limitations.
+
+Specific changes include:
+
+- Password authentication
+- The ability to host at sub-paths
+- Self-contained web views that do not call out to Microsoft's servers
+- The ability to use your own marketplace and collect your own telemetry
+- Built-in proxy for accessing ports on the remote machine integrated into
+  VS Code's ports panel
+- Settings are stored on disk like desktop VS Code, instead of in browser
+  storage (note that state is still stored in browser storage).
+- Wrapper process that spawns VS Code on-demand and has a separate CLI
+- Notification when updates are available
+- [Some other things](https://github.com/coder/code-server/tree/main/patches)
+
+Some of these changes appear very unlikely to ever be adopted by Microsoft.
+Some may make their way upstream, further closing the gap, but at the moment it
+looks like there will always be some subtle differences.
+
+## What's the difference between code-server and VS Code web?
+
+VS Code web (which can be ran using `code serve-web`) has the same differences
+as the Codespaces section above. VS Code web can be a better choice if you need
+access to the official Microsoft marketplace.
 
 ## Does code-server have any security login validation?
 
@@ -437,6 +480,38 @@ You can pass the flag `--disable-getting-started-override` to `code-server` or
 you can set the environment variable `CS_DISABLE_GETTING_STARTED_OVERRIDE=1` or
 `CS_DISABLE_GETTING_STARTED_OVERRIDE=true`.
 
+## How do I disable the proxy?
+
+You can pass the flag `--disable-proxy` to `code-server` or
+you can set the environment variable `CS_DISABLE_PROXY=1` or
+`CS_DISABLE_PROXY=true`.
+
+Note, this option currently only disables the proxy routes to forwarded ports, including
+the domain and path proxy routes over HTTP and WebSocket; however, it does not
+disable the automatic port forwarding in the VS Code workbench itself. In other words,
+user will still see the Ports tab and notifications, but will not be able to actually
+use access the ports. It is recommended to set `remote.autoForwardPorts` to `false`
+when using the option.
+
 ## How do I disable file download?
 
 You can pass the flag `--disable-file-downloads` to `code-server`
+
+## Why do web views not work?
+
+Web views rely on service workers, and service workers are only available in a
+secure context, so most likely the answer is that you are using an insecure
+context (for example an IP address).
+
+If this happens, in the browser log you will see something like:
+
+> Error loading webview: Error: Could not register service workers: SecurityError: Failed to register a ServiceWorker for scope with script: An SSL certificate error occurred when fetching the script..
+
+To fix this, you must either:
+
+- Access over localhost/127.0.0.1 which is always considered secure.
+- Use a domain with a real certificate (for example with Let's Encrypt).
+- Use a trusted self-signed certificate with [mkcert](https://mkcert.dev) (or
+  create and trust a certificate manually).
+- Disable security if your browser allows it. For example, in Chromium see
+  `chrome://flags/#unsafely-treat-insecure-origin-as-secure`

docs/MAINTAINING.md

@@ -3,24 +3,13 @@
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 # Maintaining
 
-- [Team](#team)
-  - [Onboarding](#onboarding)
-  - [Offboarding](#offboarding)
-- [Workflow](#workflow)
-  - [Milestones](#milestones)
-  - [Triage](#triage)
-- [Versioning](#versioning)
-- [Pull requests](#pull-requests)
-  - [Merge strategies](#merge-strategies)
-  - [Changelog](#changelog)
-- [Releases](#releases)
-  - [Publishing a release](#publishing-a-release)
+- [Releasing](#releasing)
     - [Release Candidates](#release-candidates)
     - [AUR](#aur)
     - [Docker](#docker)
     - [Homebrew](#homebrew)
+    - [nixpkgs](#nixpkgs)
     - [npm](#npm)
-- [Syncing with upstream Code](#syncing-with-upstream-code)
 - [Testing](#testing)
 - [Documentation](#documentation)
   - [Troubleshooting](#troubleshooting)
@@ -28,131 +17,30 @@
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 <!-- prettier-ignore-end -->
 
-This document is meant to serve current and future maintainers of code-server,
-as well as share our workflow for maintaining the project.
+We keep code-server up to date with VS Code releases (there are usually two or
+three a month) but we are not generally actively developing code-server aside
+from fixing regressions.
 
-## Team
+Most of the work is keeping on top of issues and discussions.
 
-Current maintainers:
+## Releasing
 
-- @code-asher
-- @jsjoeio
-
-Occasionally, other Coder employees may step in time to time to assist with code-server.
-
-### Onboarding
-
-To onboard a new maintainer to the project, please make sure to do the following:
-
-- [ ] Add to [coder/code-server](https://github.com/orgs/coder/teams/code-server)
-- [ ] Add as Admin under [Repository Settings > Access](https://github.com/coder/code-server/settings/access)
-- [ ] Add to [npm Coder org](https://www.npmjs.com/org/coder)
-- [ ] Add as [AUR maintainer](https://aur.archlinux.org/packages/code-server/) (talk to Colin)
-- [ ] Introduce to community via Discussion (see [example](https://github.com/coder/code-server/discussions/3955))
-
-### Offboarding
-
-Very similar to Onboarding but Remove maintainer from all teams and revoke access. Please also do the following:
-
-- [ ] Write farewell post via Discussion (see [example](https://github.com/coder/code-server/discussions/3933))
-
-## Workflow
-
-The workflow used by code-server maintainers aims to be easy to understood by
-the community and easy enough for new maintainers to jump in and start
-contributing on day one.
-
-### Milestones
-
-We operate mainly using
-[milestones](https://github.com/coder/code-server/milestones). This was heavily
-inspired by our friends over at [vscode](https://github.com/microsoft/vscode).
-
-Here are the milestones we use and how we use them:
-
-- "Backlog" -> Work not yet planned for a specific release.
-- "On Deck" -> Work under consideration for upcoming milestones.
-- "Backlog Candidates" -> Work that is not yet accepted for the backlog. We wait
-  for the community to weigh in.
-- "<Month>" -> Work to be done for said month.
-
-With this flow, any un-assigned issues are essentially in triage state. Once
-triaged, issues are either "Backlog" or "Backlog Candidates". They will
-eventually move to "On Deck" (or be closed). Lastly, they will end up on a
-version milestone where they will be worked on.
-
-### Triage
-
-We use the following process for triaging GitHub issues:
-
-1. Create an issue
-1. Add appropriate labels to the issue (including "needs-investigation" if we
-   should look into it further)
-1. Add the issue to a milestone
-   1. If it should be fixed soon, add to version milestone or "On Deck"
-   2. If not urgent, add to "Backlog"
-   3. Otherwise, add to "Backlog Candidate" for future consideration
-
-## Versioning
-
-`<major.minor.patch>`
-
-The code-server project follows traditional [semantic
-versioning](https://semver.org/), with the objective of minimizing major changes
-that break backward compatibility. We increment the patch level for all
-releases, except when the upstream Visual Studio Code project increments its
-minor version or we change the plugin API in a backward-compatible manner. In
-those cases, we increment the minor version rather than the patch level.
-
-## Pull requests
-
-Ideally, every PR should fix an issue. If it doesn't, make sure it's associated
-with a version milestone.
-
-If a PR does fix an issue, don't add it to the version milestone. Otherwise, the
-version milestone will have duplicate information: the issue and the PR fixing
-the issue.
-
-### Merge strategies
-
-For most things, we recommend the **squash and merge** strategy. There
-may be times where **creating a merge commit** makes sense as well. Use your
-best judgment. If you're unsure, you can always discuss in the PR with the team.
-
-### Changelog
-
-To save time when creating a new release for code-server, we keep a running
-changelog at `CHANGELOG.md`.
-
-If either the author or reviewer of a PR believes the change should be mentioned
-in the changelog, then it should be added.
-
-If there is not a **Next Version** when you modify `CHANGELOG.md`, please add it
-using the template you see near the top of the changelog.
-
-When writing your changelog item, ask yourself:
-
-1. How do these changes affect code-server users?
-2. What actions do they need to take (if any)?
-
-If you need inspiration, we suggest looking at the [Emacs
-changelog](https://github.com/emacs-mirror/emacs/blob/master/etc/NEWS).
-
-## Releases
-
-### Publishing a release
-
-1. Go to GitHub Actions > Draft release > Run workflow on the commit you want to
+1. Check that the changelog lists all the important changes.
+2. Make sure the changelog entry lists the current version of VS Code.
+3. Update the changelog with the release date.
+4. Go to GitHub Actions > Draft release > Run workflow on the commit you want to
    release. Make sure CI has finished the build workflow on that commit or this
-   will fail.
-2. CI will automatically grab the build artifact on that commit, inject the
-   version into the `package.json`, put together platform-specific packages, and
-   upload those packages to a draft release.
-3. Summarize the major changes in the `CHANGELOG.md`.
-4. Copy the relevant changelog section to the release then publish it.
-5. CI will automatically publish the NPM package, Docker image, and update
-   Homebrew using the published release assets.
-6. Bump the chart version in `Chart.yaml` and merge in the changelog updates.
+   will fail. For the version we match VS Code's minor and patch version. The
+   patch number may become temporarily out of sync if we need to put out a
+   patch, but if we make our own minor change then we will not release it until
+   the next minor VS Code release.
+5. CI will automatically grab the build artifact on that commit (which is why CI
+   has to have completed), inject the provided version into the `package.json`,
+   put together platform-specific packages, and upload those packages to a draft
+   release.
+6. Update the resulting draft release with the changelog contents.
+7. Publish the draft release after validating it.
+8. Bump the Helm chart version once the Docker images have published.
 
 #### Release Candidates
 
@@ -171,7 +59,7 @@ We publish to AUR as a package [here](https://aur.archlinux.org/packages/code-se
 
 #### Docker
 
-We publish code-server as a Docker image [here](https://registry.hub.docker.com/r/codercom/code-server), tagging it both with the version and latest.
+We publish code-server as a Docker image [here](https://hub.docker.com/r/codercom/code-server), tagging it both with the version and latest.
 
 This is currently automated with the release process.
 
@@ -186,37 +74,44 @@ This is currently automated with the release process (but may fail occasionally)
 brew bump-formula-pr --version="${VERSION}" code-server --no-browse --no-audit
 ```
 
+#### nixpkgs
+
+We publish code-server in nixpkgs but it must be updated manually.
+
 #### npm
 
 We publish code-server as a npm package [here](https://www.npmjs.com/package/code-server/v/latest).
 
 This is currently automated with the release process.
 
-## Syncing with upstream Code
-
-Refer to the [contributing docs](https://coder.com/docs/code-server/latest/CONTRIBUTING#version-updates-to-code) for information on how to update Code within code-server.
-
 ## Testing
 
 Our testing structure is laid out under our [Contributing docs](https://coder.com/docs/code-server/latest/CONTRIBUTING#test).
 
-We hope to eventually hit 100% test coverage with our unit tests, and maybe one day our scripts (coverage not tracked currently).
-
 If you're ever looking to add more tests, here are a few ways to get started:
 
-- run `yarn test:unit` and look at the coverage chart. You'll see all the uncovered lines. This is a good place to start.
-- look at `test/scripts` to see which scripts are tested. We can always use more tests there.
+- run `npm run test:unit` and look at the coverage chart. You'll see all the
+  uncovered lines. This is a good place to start.
+- look at `test/scripts` to see which scripts are tested. We can always use more
+  tests there.
 - look at `test/e2e`. We can always use more end-to-end tests.
 
-Otherwise, talk to a current maintainer and ask which part of the codebase is lacking most when it comes to tests.
+Otherwise, talk to a current maintainer and ask which part of the codebase is
+lacking most when it comes to tests.
 
 ## Documentation
 
 ### Troubleshooting
 
-Our docs are hosted on [Vercel](https://vercel.com/). Vercel only shows logs in realtime, which means you need to have the logs open in one tab and reproduce your error in another tab. Since our logs are private to Coder the organization, you can only follow these steps if you're a Coder employee. Ask a maintainer for help if you need it.
+Our docs are hosted on [Vercel](https://vercel.com/). Vercel only shows logs in
+realtime, which means you need to have the logs open in one tab and reproduce
+your error in another tab. Since our logs are private to Coder the organization,
+you can only follow these steps if you're a Coder employee. Ask a maintainer for
+help if you need it.
 
-Taking a real scenario, let's say you wanted to troubleshoot [this docs change](https://github.com/coder/code-server/pull/4042). Here is how you would do it:
+Taking a real scenario, let's say you wanted to troubleshoot [this docs
+change](https://github.com/coder/code-server/pull/4042). Here is how you would
+do it:
 
 1. Go to https://vercel.com/codercom/codercom
 2. Click "View Function Logs"

docs/README.md

@@ -1,11 +1,12 @@
 # code-server
 
-[!["GitHub Discussions"](https://img.shields.io/badge/%20GitHub-%20Discussions-gray.svg?longCache=true&logo=github&colorB=purple)](https://github.com/coder/code-server/discussions) [!["Join us on Slack"](https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen)](https://coder.com/community) [![Twitter Follow](https://img.shields.io/twitter/follow/CoderHQ?label=%40CoderHQ&style=social)](https://twitter.com/coderhq) [![codecov](https://codecov.io/gh/coder/code-server/branch/main/graph/badge.svg?token=5iM9farjnC)](https://codecov.io/gh/coder/code-server) [![See latest](https://img.shields.io/static/v1?label=Docs&message=see%20latest&color=blue)](https://coder.com/docs/code-server/latest)
+[!["GitHub Discussions"](https://img.shields.io/badge/%20GitHub-%20Discussions-gray.svg?longCache=true&logo=github&colorB=purple)](https://github.com/coder/code-server/discussions) [!["Join us on Slack"](https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen)](https://coder.com/community) [![Twitter Follow](https://img.shields.io/twitter/follow/CoderHQ?label=%40CoderHQ&style=social)](https://twitter.com/coderhq) [![Discord](https://img.shields.io/discord/747933592273027093)](https://discord.com/invite/coder) [![codecov](https://codecov.io/gh/coder/code-server/branch/main/graph/badge.svg?token=5iM9farjnC)](https://codecov.io/gh/coder/code-server) [![See latest](https://img.shields.io/static/v1?label=Docs&message=see%20latest&color=blue)](https://coder.com/docs/code-server/latest)
 
 Run [VS Code](https://github.com/Microsoft/vscode) on any machine anywhere and
 access it in the browser.
 
-![Screenshot](./assets/screenshot.png)
+![Screenshot](./assets/screenshot-1.png)
+![Screenshot](./assets/screenshot-2.png)
 
 ## Highlights
 
@@ -23,7 +24,7 @@ on how to set up a Google VM on which you can install code-server.
 
 ## Getting started
 
-There are four ways to get started:
+There are five ways to get started:
 
 1. Using the [install
    script](https://github.com/coder/code-server/blob/main/install.sh), which
@@ -34,6 +35,9 @@ There are four ways to get started:
 3. Deploy code-server to your team with [coder/coder](https://cdr.co/coder-github)
 4. Using our one-click buttons and guides to [deploy code-server to a cloud
    provider](https://github.com/coder/deploy-code-server) ⚡
+5. Using the [code-server feature for
+   devcontainers](https://github.com/coder/devcontainer-features/blob/main/src/code-server/README.md),
+   if you already use devcontainers in your project.
 
 If you use the install script, you can preview what occurs during the install
 process:
@@ -72,7 +76,7 @@ details.
 Interested in [working at Coder](https://coder.com/careers)? Check out [our open
 positions](https://coder.com/careers#openings)!
 
-## For Organizations
+## For Teams
 
-Want remote development for your organization or enterprise? Visit [our
-website](https://coder.com) to learn more about Coder.
+We develop [coder/coder](https://cdr.co/coder-github) to help teams to
+adopt remote development.

docs/SECURITY.md

@@ -17,10 +17,8 @@ We use the following tools to help us stay on top of vulnerability mitigation.
     - Comprehensive vulnerability scanner that runs on PRs into the default
       branch and scans both our container image and repository code (see
       `trivy-scan-repo` and `trivy-scan-image` jobs in `build.yaml`)
-- [`audit-ci`](https://github.com/IBM/audit-ci)
-  - Audits npm and Yarn dependencies in CI (see `Audit for vulnerabilities` step
-    in `build.yaml`) on PRs into the default branch and fails CI if moderate or
-    higher vulnerabilities (see the `audit.sh` script) are present.
+- `npm audit`
+  - Audits NPM dependencies.
 
 ## Supported Versions
 

docs/android.md

@@ -11,13 +11,21 @@ curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash
 ```
 
 6. Exit the terminal using `exit` and then reopen the terminal
-7. Install and use Node.js 16:
+7. Install and use Node.js 22:
 
 ```shell
-nvm install 16
-nvm use 16
+nvm install 22
+nvm use 22
 ```
 
-8. Install code-server globally on device with: `npm install --global code-server --unsafe-perm`
+8. Install code-server globally on device with: `npm install --global code-server`
 9. Run code-server with `code-server`
 10. Access on localhost:8080 in your browser
+
+# Running code-server using Nix-on-Droid
+
+1. Install Nix-on-Droid from [F-Droid](https://f-droid.org/packages/com.termux.nix/)
+2. Start app
+3. Spawn a shell with code-server by running `nix-shell -p code-server`
+4. Run code-server with `code-server`
+5. Access on localhost:8080 in your browser

docs/coder.md

@@ -33,5 +33,16 @@ resource "coder_app" "code-server" {
 }
 ```
 
+Or use our official [`code-server`](https://registry.coder.com/modules/code-server) module from the Coder [module registry](htpps://registry.coder.com/modules):
+
+```terraform
+module "code-server" {
+  source     = "registry.coder.com/modules/code-server/coder"
+  version    = "1.0.5"
+  agent_id   = coder_agent.example.id
+  extensions = ["dracula-theme.theme-dracula", "ms-azuretools.vscode-docker"]
+}
+```
+
 If you run into issues, ask for help on the `coder/coder` [Discussions
 here](https://github.com/coder/coder/discussions).

docs/guide.md

@@ -19,9 +19,12 @@
   - [Proxying to create a React app](#proxying-to-create-a-react-app)
   - [Proxying to a Vue app](#proxying-to-a-vue-app)
   - [Proxying to an Angular app](#proxying-to-an-angular-app)
-- [SSH into code-server on VS Code](#ssh-into-code-server-on-vs-code)
-  - [Option 1: cloudflared tunnel](#option-1-cloudflared-tunnel)
-  - [Option 2: ngrok tunnel](#option-2-ngrok-tunnel)
+  - [Proxying to a Svelte app](#proxying-to-a-svelte-app)
+  - [Prefixing `/absproxy/<port>` with a path](#prefixing-absproxyport-with-a-path)
+  - [Preflight requests](#preflight-requests)
+- [Internationalization and customization](#internationalization-and-customization)
+  - [Available keys and placeholders](#available-keys-and-placeholders)
+  - [Legacy flag](#legacy-flag)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 <!-- prettier-ignore-end -->
@@ -120,27 +123,27 @@ access code-server on an iPad or do not want to use SSH port forwarding.
 
 1. This option requires that the remote machine be exposed to the internet. Make sure that your instance allows HTTP/HTTPS traffic.
 
-1. You'll need a domain name (if you don't have one, you can purchase one from
+2. You'll need a domain name (if you don't have one, you can purchase one from
    [Google Domains](https://domains.google.com) or the domain service of your
-   choice)). Once you have a domain name, add an A record to your domain that contains your
+   choice). Once you have a domain name, add an A record to your domain that contains your
    instance's IP address.
 
-1. Install [Caddy](https://caddyserver.com/docs/download#debian-ubuntu-raspbian):
+3. Install [Caddy](https://caddyserver.com/docs/download#debian-ubuntu-raspbian):
 
-```console
-sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
-curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
-curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
-sudo apt update
-sudo apt install caddy
-```
+   ```console
+   sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
+   curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+   curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
+   sudo apt update
+   sudo apt install caddy
+   ```
 
-1. Replace `/etc/caddy/Caddyfile` using `sudo` so that the file looks like this:
+4. Replace `/etc/caddy/Caddyfile` using `sudo` so that the file looks like this:
 
    ```text
-   mydomain.com
-
-   reverse_proxy 127.0.0.1:8080
+   mydomain.com {
+     reverse_proxy 127.0.0.1:8080
+   }
    ```
 
    If you want to serve code-server from a sub-path, you can do so as follows:
@@ -154,7 +157,7 @@ sudo apt install caddy
 
    Remember to replace `mydomain.com` with your domain name!
 
-1. Reload Caddy:
+5. Reload Caddy:
 
    ```console
    sudo systemctl reload caddy
@@ -165,21 +168,22 @@ At this point, you should be able to access code-server via
 
 ### Using Let's Encrypt with NGINX
 
-1. This option requires that the remote machine be exposed to the internet. Make sure that your instance allows HTTP/HTTPS traffic.
+1. This option requires that the remote machine be exposed to the internet. Make
+   sure that your instance allows HTTP/HTTPS traffic.
 
-1. You'll need a domain name (if you don't have one, you can purchase one from
+2. You'll need a domain name (if you don't have one, you can purchase one from
    [Google Domains](https://domains.google.com) or the domain service of your
-   choice)). Once you have a domain name, add an A record to your domain that contains your
+   choice). Once you have a domain name, add an A record to your domain that contains your
    instance's IP address.
 
-1. Install NGINX:
+3. Install NGINX:
 
    ```bash
    sudo apt update
    sudo apt install -y nginx certbot python3-certbot-nginx
    ```
 
-1. Update `/etc/nginx/sites-available/code-server` using sudo with the following
+4. Update `/etc/nginx/sites-available/code-server` using sudo with the following
    configuration:
 
    ```text
@@ -190,7 +194,7 @@ At this point, you should be able to access code-server via
 
        location / {
          proxy_pass http://localhost:8080/;
-         proxy_set_header Host $host;
+         proxy_set_header Host $http_host;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection upgrade;
          proxy_set_header Accept-Encoding gzip;
@@ -200,13 +204,11 @@ At this point, you should be able to access code-server via
 
    Be sure to replace `mydomain.com` with your domain name!
 
-1. Enable the config:
-
+5. Enable the config:
    ```console
    sudo ln -s ../sites-available/code-server /etc/nginx/sites-enabled/code-server
    sudo certbot --non-interactive --redirect --agree-tos --nginx -d mydomain.com -m me@example.com
    ```
-
    Be sure to replace `me@example.com` with your actual email.
 
 At this point, you should be able to access code-server via
@@ -272,9 +274,9 @@ should see OSSStatus: 9836 in the browser console.
 If you want to use external authentication mechanism (e.g., Sign in with
 Google), you can do this with a reverse proxy such as:
 
-- [Pomerium](https://www.pomerium.io/guides/code-server.html)
-- [oauth2_proxy](https://github.com/pusher/oauth2_proxy)
-- [Cloudflare Access](https://teams.cloudflare.com/access)
+- [Pomerium](https://www.pomerium.com/docs/guides/code-server.html)
+- [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/)
+- [Cloudflare Access](https://www.cloudflare.com/zero-trust/products/access/)
 
 ## HTTPS and self-signed certificates
 
@@ -293,7 +295,9 @@ redirect all HTTP requests to HTTPS.
 > You can use [Let's Encrypt](https://letsencrypt.org/) to get a TLS certificate
 > for free.
 
-Note: if you set `proxy_set_header Host $host;` in your reverse proxy config, it will change the address displayed in the green section of code-server in the bottom left to show the correct address.
+Note: if you set `proxy_set_header Host $host;` in your reverse proxy config, it
+will change the address displayed in the green section of code-server in the
+bottom left to show the correct address.
 
 ## Accessing web services
 
@@ -379,14 +383,16 @@ PUBLIC_URL=/absproxy/3000 \
   BROWSER=none yarn start
 ```
 
-You should then be able to visit `https://my-code-server-address.io/absproxy/3000` to see your app exposed through
-code-server!
+You should then be able to visit
+`https://my-code-server-address.io/absproxy/3000` to see your app exposed
+through code-server.
 
 > We highly recommend using the subdomain approach instead to avoid this class of issue.
 
 ### Proxying to a Vue app
 
-Similar to the situation with React apps, you have to make a few modifications to proxy a Vue app.
+Similar to the situation with React apps, you have to make a few modifications
+to proxy a Vue app.
 
 1. add `vue.config.js`
 2. update the values to match this (you can use any free port):
@@ -407,99 +413,100 @@ Read more about `publicPath` in the [Vue.js docs](https://cli.vuejs.org/config/#
 
 ### Proxying to an Angular app
 
-In order to use code-server's built-in proxy with Angular, you need to make the following changes in your app:
+In order to use code-server's built-in proxy with Angular, you need to make the
+following changes in your app:
 
 1. use `<base href="./.">` in `src/index.html`
 2. add `--serve-path /absproxy/4200` to `ng serve` in your `package.json`
 
 For additional context, see [this GitHub Discussion](https://github.com/coder/code-server/discussions/5439#discussioncomment-3371983).
 
-## SSH into code-server on VS Code
+### Proxying to a Svelte app
 
-[![SSH](https://img.shields.io/badge/SSH-363636?style=for-the-badge&logo=GNU+Bash&logoColor=ffffff)](https://ohmyz.sh/) [![Terminal](https://img.shields.io/badge/Terminal-2E2E2E?style=for-the-badge&logo=Windows+Terminal&logoColor=ffffff)](https://img.shields.io/badge/Terminal-2E2E2E?style=for-the-badge&logo=Windows+Terminal&logoColor=ffffff) [![Visual Studio Code](https://img.shields.io/badge/Visual_Studio_Code-007ACC?style=for-the-badge&logo=Visual+Studio+Code&logoColor=ffffff)](vscode:extension/ms-vscode-remote.remote-ssh)
+In order to use code-server's built-in proxy with Svelte, you need to make the
+following changes in your app:
 
-Follow these steps where code-server is running:
+1. Add `svelte.config.js` if you don't already have one
+2. Update the values to match this (you can use any free port):
 
-1. Install `openssh-server`, `wget`, and `unzip`.
-
-```bash
-# example for Debian and Ubuntu operating systems
-sudo apt update
-sudo apt install wget unzip openssh-server
+```js
+const config = {
+  kit: {
+    paths: {
+      base: "/absproxy/5173",
+    },
+  },
+}
 ```
 
-2. Start the SSH server and set the password for your user, if you haven't already. If you use [deploy-code-server](https://github.com/coder/deploy-code-server),
+3. Access app at `<code-server-root>/absproxy/5173/` e.g. `http://localhost:8080/absproxy/5173/
 
-```bash
-sudo service ssh start
-sudo passwd {user} # replace user with your code-server user
+For additional context, see [this Github Issue](https://github.com/sveltejs/kit/issues/2958)
+
+### Prefixing `/absproxy/<port>` with a path
+
+This is a case where you need to serve an application via `absproxy` as
+explained above while serving code-server itself from a path other than the root
+in your domain.
+
+For example: `http://my-code-server.com/user/123/workspace/my-app`. To achieve
+this result:
+
+1. Start code-server with the switch `--abs-proxy-base-path=/user/123/workspace`
+2. Follow one of the instructions above for your framework.
+
+### Preflight requests
+
+By default, if you have auth enabled, code-server will authenticate all proxied
+requests including preflight requests. This can cause issues because preflight
+requests do not typically include credentials. To allow all preflight requests
+through the proxy without authentication, use `--skip-auth-preflight`.
+
+## Internationalization and customization
+
+code-server allows you to provide a JSON file to configure certain strings. This
+can be used for both internationalization and customization.
+
+Create a JSON file with your custom strings:
+
+```json
+{
+  "WELCOME": "Welcome to {{app}}",
+  "LOGIN_TITLE": "{{app}} Access Portal",
+  "LOGIN_BELOW": "Please log in to continue",
+  "PASSWORD_PLACEHOLDER": "Enter Password"
+}
 ```
 
-### Option 1: cloudflared tunnel
-
-[![Cloudflared](https://img.shields.io/badge/Cloudflared-E4863B?style=for-the-badge&logo=cloudflare&logoColor=ffffff)](https://github.com/cloudflare/cloudflared)
-
-1.  Install [cloudflared](https://github.com/cloudflare/cloudflared#installing-cloudflared) on your local computer and remote server
-2.  Then go to `~/.ssh/config` and add the following on your local computer:
+Then reference the file:
 
 ```shell
-Host *.trycloudflare.com
-HostName %h
-User user
-Port 22
-ProxyCommand "cloudflared location" access ssh --hostname %h
+code-server --i18n /path/to/custom-strings.json
 ```
 
-3. Run `cloudflared tunnel --url ssh://localhost:22` on the remote server
+Or this can be done in the config file:
 
-4. Finally on VS Code or any IDE that supports SSH, run `ssh user@https://your-link.trycloudflare.com` or `ssh user@your-link.trycloudflare.com`
-
-### Option 2: ngrok tunnel
-
-[![Ngrok](https://img.shields.io/badge/Ngrok-1F1E37?style=for-the-badge&logo=ngrok&logoColor=ffffff)](https://ngrok.com/)
-
-1.  Make a new account for ngrok [here](https://dashboard.ngrok.com/login)
-
-2.  Now, get the ngrok binary with `wget` and unzip it with `unzip`:
-
-```bash
-wget "https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip"
-unzip "ngrok-stable-linux-amd64.zip"
+```yaml
+i18n: /path/to/custom-strings.json
 ```
 
-5.  Then, go to [dashboard.ngrok.com](https://dashboard.ngrok.com) and go to the `Your Authtoken` section.
-6.  Copy the Authtoken shown there.
-7.  Now, go to the folder where you unzipped ngrok and store the Authtoken from the ngrok Dashboard.
+You can combine this with the `--locale` flag to configure language support for
+both code-server and VS Code in cases where code-server has no support but VS
+Code does. If you are using this for internationalization, please consider
+sending us a pull request to contribute it to `src/node/i18n/locales`.
 
-```bash
-./ngrok authtoken YOUR_AUTHTOKEN # replace YOUR_AUTHTOKEN with the ngrok authtoken.
-```
+### Available keys and placeholders
 
-8.  Now, forward port 22, which is the SSH port with this command:
+Refer to [../src/node/i18n/locales/en.json](../src/node/i18n/locales/en.json)
+for a full list of the available keys for translations. Note that the only
+placeholders supported for each key are the ones used in the default string.
 
-```bash
-./ngrok tcp 22
-```
+The `--app-name` flag controls the `{{app}}` placeholder in templates. If you
+want to change the name, you can either:
 
-Now, you get a screen in the terminal like this:
+1. Set `--app-name` (potentially alongside `--i18n`)
+2. Use `--i18n` and hardcode the name in your strings
 
-```console
-ngrok by @inconshreveable(Ctrl+C to quit)
+### Legacy flag
 
-Session Status                online
-Account                       {Your name} (Plan: Free)
-Version                       2.3.40
-Region                        United States (us)
-Web Interface                 http://127.0.0.1:4040
-Forwarding                    tcp://0.tcp.ngrok.io:19028 -> localhost:22
-```
-
-In this case, copy the forwarded link `0.tcp.ngrok.io` and remember the port number `19028`. Type this on your local Visual Studio Code:
-
-```bash
-ssh user@0.tcp.ngrok.io -p 19028
-```
-
-The port redirects you to the default SSH port 22, and you can then successfully connect to code-server by entering the password you set for the user.
-
-Note: the port and the url provided by ngrok will change each time you run it so modify as needed.
+The `--welcome-text` flag is now deprecated. Use the `WELCOME` key instead.

docs/install.md

@@ -82,13 +82,11 @@ _exact_ same commands presented in the rest of this document.
 - For Arch Linux, code-server will install the AUR package.
 - For any unrecognized Linux operating system, code-server will install the
   latest standalone release into `~/.local`.
-
   - Ensure that you add `~/.local/bin` to your `$PATH` to run code-server.
 
 - For macOS, code-server will install the Homebrew package (if you don't have
   Homebrew installed, code-server will install the latest standalone release
   into `~/.local`).
-
   - Ensure that you add `~/.local/bin` to your `$PATH` to run code-server.
 
 - For FreeBSD, code-server will install the [npm package](#npm) with `npm`
@@ -103,10 +101,9 @@ _exact_ same commands presented in the rest of this document.
 We recommend installing with `npm` when:
 
 1. You aren't using a machine with `amd64` or `arm64`.
-1. You are installing code-server on Windows
-1. You're on Linux with `glibc` < v2.17, `glibcxx` < v3.4.18 on `amd64`, `glibc`
-   < v2.23, or `glibcxx` < v3.4.21 on `arm64`.
-1. You're running Alpine Linux or are using a non-glibc libc. See
+2. You are installing code-server on Windows.
+3. You're on Linux with `glibc` < v2.28 or `glibcxx` < v3.4.21.
+4. You're running Alpine Linux or are using a non-glibc libc. See
    [#1430](https://github.com/coder/code-server/issues/1430#issuecomment-629883198)
    for more information.
 
@@ -123,8 +120,8 @@ node binary and node modules.
 We create the standalone releases using the [npm package](#npm), and we
 then create the remaining releases using the standalone version.
 
-The only requirement to use the standalone release is `glibc` >= 2.17 and
-`glibcxx` >= v3.4.18 on Linux (for macOS, there is no minimum system
+The only requirement to use the standalone release is `glibc` >= 2.28 and
+`glibcxx` >= v3.4.21 on Linux (for macOS, there is no minimum system
 requirement).
 
 To use a standalone release:
@@ -280,6 +277,7 @@ brew services start code-server
 # outside the container.
 mkdir -p ~/.config
 docker run -it --name code-server -p 127.0.0.1:8080:8080 \
+  -v "$HOME/.local:/home/coder/.local" \
   -v "$HOME/.config:/home/coder/.config" \
   -v "$PWD:/home/coder/project" \
   -u "$(id -u):$(id -g)" \

docs/npm.md

@@ -30,7 +30,7 @@ includes installing instructions based on your operating system.
 ## Node.js version
 
 We use the same major version of Node.js shipped with Code's remote, which is
-currently `16.x`. VS Code also [lists Node.js
+currently `22.x`. VS Code also [lists Node.js
 requirements](https://github.com/microsoft/vscode/wiki/How-to-Contribute#prerequisites).
 
 Using other versions of Node.js [may lead to unexpected
@@ -62,8 +62,7 @@ Proceed to [installing](#installing)
 ## Alpine
 
 ```bash
-apk add alpine-sdk bash libstdc++ libc6-compat
-npm config set python python3
+apk add alpine-sdk bash libstdc++ libc6-compat python3 krb5-dev
 ```
 
 Proceed to [installing](#installing)
@@ -79,7 +78,7 @@ Proceed to [installing](#installing)
 ## FreeBSD
 
 ```sh
-pkg install -y git python npm-node16 pkgconf
+pkg install -y git python npm-node22 pkgconf
 pkg install -y libinotify
 ```
 
@@ -92,12 +91,12 @@ Installing code-server requires all of the [prerequisites for VS Code developmen
 Next, install code-server with:
 
 ```bash
-npm install --global code-server --unsafe-perm
+npm install --global code-server
 code-server
 # Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
 ```
 
-A `postinstall.sh` script will attempt to run. Select your terminal (e.g., Git bash) as the default application for `.sh` files. If an additional dialog does not appear, run the install command again.
+A `postinstall.sh` script will attempt to run. Select your terminal (e.g., Git bash) as the default shell for npm run-scripts. If an additional dialog does not appear, run the install command again.
 
 If the `code-server` command is not found, you'll need to [add a directory to your PATH](https://www.architectryan.com/2018/03/17/add-to-the-path-on-windows-10/). To find the directory, use the following command:
 
@@ -112,7 +111,7 @@ For help and additional troubleshooting, see [#1397](https://github.com/coder/co
 After adding the dependencies for your OS, install the code-server package globally:
 
 ```bash
-npm install --global code-server --unsafe-perm
+npm install --global code-server
 code-server
 # Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
 ```
@@ -144,8 +143,8 @@ To debug installation issues, install with `npm`:
 
 ```shell
 # Uninstall
-npm uninstall --global --unsafe-perm code-server > /dev/null 2>&1
+npm uninstall --global code-server > /dev/null 2>&1
 
 # Install with logging
-npm install --loglevel verbose --global --unsafe-perm code-server
+npm install --loglevel verbose --global code-server
 ```

docs/requirements.md

@@ -22,7 +22,7 @@ The following steps walk you through setting up a VM running Debian using Google
 Cloud (though you are welcome to use any machine or VM provider).
 
 If you're [signing up with Google](https://console.cloud.google.com/getting-started) for the first time, you should get a 3-month trial with
-$300 of credits.
+\$300 of credits.
 
 After you sign up and create a new Google Cloud Provider (GCP) project, create a
 new Compute Engine VM instance:

docs/termux.md

@@ -8,7 +8,9 @@
 - [Upgrade](#upgrade)
 - [Known Issues](#known-issues)
   - [Git won't work in `/sdcard`](#git-wont-work-in-sdcard)
+  - [Many extensions including language packs fail to install](#many-extensions-including-language-packs-fail-to-install)
 - [Extra](#extra)
+  - [Keyboard Shortcuts and Tab Key](#keyboard-shortcuts-and-tab-key)
   - [Create a new user](#create-a-new-user)
   - [Install Go](#install-go)
   - [Install Python](#install-python)
@@ -55,7 +57,7 @@ npm config set python python3
 node -v
 ```
 
-you will get node version `v16.15.0`
+you will get Node version `v22`
 
 5. Now install code-server following our guide on [installing with npm](./npm.md)
 
@@ -68,7 +70,7 @@ code-server --auth none
 7. If already installed then use the following command for upgradation.
 
 ```
-npm update --global code-server --unsafe-perm
+npm update --global code-server
 ```
 
 ## Upgrade
@@ -87,8 +89,50 @@ Potential Workaround :
 1. Create a soft-link from the debian-fs to your folder in `/sdcard`
 2. Use git from termux (preferred)
 
+### Many extensions including language packs fail to install
+
+Issue: Android is not seen as a Linux environment but as a separate, unsupported platform, so code-server only allows [Web Extensions](https://code.visualstudio.com/api/extension-guides/web-extensions), refusing to download extensions that run on the server.\
+Fix: None\
+Potential workarounds :
+
+Either
+
+- Manually download extensions as `.vsix` file and install them via `Extensions: Install from VSIX...` in the Command Palette.
+
+- Use an override to pretend the platform is Linux:
+
+Create a JS script that patches `process.platform`:
+
+```js
+// android-as-linux.js
+Object.defineProperty(process, "platform", {
+  get() {
+    return "linux"
+  },
+})
+```
+
+Then use Node's `--require` option to make sure it is loaded before `code-server` starts:
+
+```sh
+NODE_OPTIONS="--require /path/to/android-as-linux.js" code-server
+```
+
+⚠️ Note that Android and Linux are not 100% compatible, so use these workarounds at your own risk. Extensions that have native dependencies other than Node or that directly interact with the OS might cause issues.
+
 ## Extra
 
+### Keyboard Shortcuts and Tab Key
+
+In order to support the tab key and use keyboard shortcuts, add this to your
+settings.json:
+
+```json
+{
+  "keyboard.dispatch": "keyCode"
+}
+```
+
 ### Create a new user
 
 To create a new user follow these simple steps -

eslint.config.mjs

@@ -0,0 +1,84 @@
+import { fixupConfigRules } from "@eslint/compat"
+import globals from "globals"
+import tsParser from "@typescript-eslint/parser"
+import path from "node:path"
+import { fileURLToPath } from "node:url"
+import js from "@eslint/js"
+import { FlatCompat } from "@eslint/eslintrc"
+
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = path.dirname(__filename)
+const compat = new FlatCompat({
+  baseDirectory: __dirname,
+  recommendedConfig: js.configs.recommended,
+  allConfig: js.configs.all,
+})
+
+export default [
+  ...fixupConfigRules(
+    compat.extends(
+      "eslint:recommended",
+      "plugin:@typescript-eslint/recommended",
+      "plugin:import/recommended",
+      "plugin:import/typescript",
+      "plugin:prettier/recommended",
+      "prettier",
+    ),
+  ),
+  {
+    languageOptions: {
+      globals: {
+        ...globals.browser,
+        ...globals.jest,
+        ...globals.node,
+      },
+
+      parser: tsParser,
+      ecmaVersion: 2018,
+      sourceType: "module",
+    },
+
+    settings: {
+      "import/resolver": {
+        typescript: {
+          alwaysTryTypes: true,
+        },
+      },
+    },
+
+    rules: {
+      "@typescript-eslint/no-unused-vars": [
+        "error",
+        {
+          args: "none",
+        },
+      ],
+
+      "no-dupe-class-members": "off",
+      "@typescript-eslint/no-use-before-define": "off",
+      "@typescript-eslint/no-non-null-assertion": "off",
+      "@typescript-eslint/ban-types": "off",
+      "@typescript-eslint/no-var-requires": "off",
+      "@typescript-eslint/explicit-module-boundary-types": "off",
+      "@typescript-eslint/no-explicit-any": "off",
+      "@typescript-eslint/no-extra-semi": "off",
+      "@typescript-eslint/no-require-imports": "off",
+      "@typescript-eslint/no-unused-vars": "off", // TODO: Fix these.
+      "@typescript-eslint/no-empty-object-type": "off",
+      eqeqeq: "error",
+
+      "import/order": [
+        "error",
+        {
+          alphabetize: {
+            order: "asc",
+          },
+
+          groups: [["builtin", "external", "internal"], "parent", "sibling"],
+        },
+      ],
+
+      "no-async-promise-executor": "off",
+    },
+  },
+]

flake.lock

@@ -1,12 +1,15 @@
 {
   "nodes": {
     "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
       "locked": {
-        "lastModified": 1659877975,
-        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
         "type": "github"
       },
       "original": {
@@ -17,16 +20,18 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1660639432,
-        "narHash": "sha256-2WDiboOCfB0LhvnDVMXOAr8ZLDfm3WdO54CkoDPwN1A=",
-        "owner": "NixOS",
+        "lastModified": 1739303263,
+        "narHash": "sha256-c/Z/6gZLN8BIpYh1B3qMzEn0TArjf4F2lmy59lDLVBM=",
+        "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "6c6409e965a6c883677be7b9d87a95fab6c3472e",
+        "rev": "6cc4213488e886db863878a1e3dc26cc932d38b8",
         "type": "github"
       },
       "original": {
-        "id": "nixpkgs",
-        "type": "indirect"
+        "owner": "nixos",
+        "ref": "nixos-unstable-small",
+        "repo": "nixpkgs",
+        "type": "github"
       }
     },
     "root": {
@@ -34,6 +39,21 @@
         "flake-utils": "flake-utils",
         "nixpkgs": "nixpkgs"
       }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -1,22 +1,34 @@
 {
   description = "code-server";
 
-  inputs.flake-utils.url = "github:numtide/flake-utils";
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
 
   outputs = { self, nixpkgs, flake-utils }:
     flake-utils.lib.eachDefaultSystem
       (system:
         let pkgs = nixpkgs.legacyPackages.${system};
-            nodejs = pkgs.nodejs-16_x;
-            yarn' = pkgs.yarn.override { inherit nodejs; };
+            nodejs = pkgs.nodejs_22;
         in {
           devShells.default = pkgs.mkShell {
             nativeBuildInputs = with pkgs; [
-              nodejs yarn' python pkg-config git rsync jq moreutils quilt bats
+              imagemagick
+              nodejs
+              python3
+              pkg-config
+              git
+              rsync
+              jq
+              moreutils
+              quilt
+              bats
+              openssl
             ];
-            buildInputs = with pkgs; (lib.optionals (!stdenv.isDarwin) [ libsecret ]
+            buildInputs = with pkgs; (lib.optionals (!stdenv.isDarwin) [ libsecret libkrb5 ]
                           ++ (with xorg; [ libX11 libxkbfile ])
-                          ++ lib.optionals stdenv.isDarwin (with pkgs.darwin.apple_sdk.frameworks; [ 
+                          ++ lib.optionals stdenv.isDarwin (with pkgs.darwin.apple_sdk.frameworks; [
                             AppKit Cocoa CoreServices Security xcbuild
                           ]));
           };

install.sh

@@ -46,7 +46,7 @@ Usage:
       Sets the prefix used by standalone release archives. Defaults to ~/.local
       The release is unarchived into ~/.local/lib/code-server-X.X.X
       and the binary symlinked into ~/.local/bin/code-server
-      To install system wide pass ---prefix=/usr/local
+      To install system wide pass --prefix=/usr/local
 
   --rsh <bin>
       Specifies the remote shell for remote installation. Defaults to ssh.
@@ -424,7 +424,7 @@ install_standalone() {
 }
 
 install_npm() {
-  echoh "Installing latest from npm."
+  echoh "Installing v$VERSION from npm."
   echoh
 
   NPM_PATH="${YARN_PATH-npm}"
@@ -436,12 +436,12 @@ install_npm() {
     fi
     echoh "Installing with npm."
     echoh
-    "$sh_c" "$NPM_PATH" install -g code-server --unsafe-perm
+    "$sh_c" "$NPM_PATH" install -g "code-server@$VERSION" --unsafe-perm
     NPM_BIN_DIR="\$($NPM_PATH bin -g)" echo_npm_postinstall
     return
   fi
   echoerr "Please install npm to install code-server!"
-  echoerr "You will need at least node v12 and a few C dependencies."
+  echoerr "You will need at least node v20 and a few C dependencies."
   echoerr "See the docs https://coder.com/docs/code-server/latest/install#npm"
 
   exit 1
@@ -461,9 +461,9 @@ npm_fallback() {
 # Determine if we have standalone releases on GitHub for the system's arch.
 has_standalone() {
   case $ARCH in
-    amd64) return 0 ;;
-    # We only have amd64 for macOS.
-    arm64)
+    arm64) return 0 ;;
+    # We only have arm64 for macOS.
+    amd64)
       [ "$(distro)" != macos ]
       return
       ;;

lib/vscode

@@ -1 +1 @@
-Subproject commit 441438abd1ac652551dbe4d408dfcec8a499b8bf
+Subproject commit 302ff6a2e235c95b88e587d4a4b6eeb1b6613297

package.json

@@ -23,92 +23,74 @@
     "test:native": "./ci/dev/test-native.sh",
     "test:scripts": "./ci/dev/test-scripts.sh",
     "package": "./ci/build/build-packages.sh",
-    "prettier": "prettier --write --loglevel=warn --cache .",
+    "prettier": "prettier --write --log-level=warn --cache .",
+    "preinstall": "node ./ci/dev/preinstall.js",
     "postinstall": "./ci/dev/postinstall.sh",
     "publish:npm": "./ci/steps/publish-npm.sh",
     "publish:docker": "./ci/steps/docker-buildx-push.sh",
-    "_audit": "./ci/dev/audit.sh",
-    "fmt": "yarn prettier && ./ci/dev/doctoc.sh",
+    "fmt": "npm run prettier && ./ci/dev/doctoc.sh",
     "lint:scripts": "./ci/dev/lint-scripts.sh",
     "lint:ts": "eslint --max-warnings=0 --fix $(git ls-files '*.ts' '*.js' | grep -v 'lib/vscode')",
-    "test": "echo 'Run yarn test:unit or yarn test:e2e' && exit 1",
-    "ci": "./ci/dev/ci.sh",
+    "test": "echo 'Run npm run test:unit or npm run test:e2e' && exit 1",
     "watch": "VSCODE_DEV=1 VSCODE_IPC_HOOK_CLI= NODE_OPTIONS='--max_old_space_size=32384 --trace-warnings' ts-node ./ci/dev/watch.ts",
     "icons": "./ci/dev/gen_icons.sh"
   },
   "main": "out/node/entry.js",
   "devDependencies": {
-    "@schemastore/package": "^0.0.6",
-    "@types/compression": "^1.7.0",
-    "@types/cookie-parser": "^1.4.2",
-    "@types/express": "^4.17.8",
-    "@types/http-proxy": "^1.17.4",
-    "@types/js-yaml": "^4.0.0",
-    "@types/node": "^16.0.0",
-    "@types/pem": "^1.9.5",
+    "@eslint/compat": "^1.2.0",
+    "@eslint/eslintrc": "^3.1.0",
+    "@eslint/js": "^9.12.0",
+    "@schemastore/package": "^0.0.10",
+    "@types/compression": "^1.7.3",
+    "@types/cookie-parser": "^1.4.4",
+    "@types/eslint__js": "^8.42.3",
+    "@types/express": "^5.0.0",
+    "@types/http-proxy": "1.17.7",
+    "@types/js-yaml": "^4.0.6",
+    "@types/node": "22.x",
+    "@types/pem": "^1.14.1",
     "@types/proxy-from-env": "^1.0.1",
     "@types/safe-compare": "^1.1.0",
-    "@types/semver": "^7.1.0",
-    "@types/split2": "^3.2.0",
-    "@types/trusted-types": "^2.0.2",
-    "@types/ws": "^8.5.3",
-    "@typescript-eslint/eslint-plugin": "^5.41.0",
-    "@typescript-eslint/parser": "^5.41.0",
-    "audit-ci": "^6.0.0",
-    "doctoc": "2.2.1",
-    "eslint": "^8.26.0",
-    "eslint-config-prettier": "^8.5.0",
-    "eslint-import-resolver-typescript": "^3.5.2",
-    "eslint-plugin-import": "^2.26.0",
-    "eslint-plugin-prettier": "^4.2.1",
-    "prettier": "2.8.0",
-    "prettier-plugin-sh": "^0.12.8",
-    "ts-node": "^10.0.0",
-    "typescript": "^4.6.2"
-  },
-  "resolutions": {
-    "ansi-regex": "^5.0.1",
-    "normalize-package-data": "^5.0.0",
-    "doctoc/underscore": "^1.13.1",
-    "doctoc/**/trim": "^1.0.0",
-    "postcss": "^8.2.1",
-    "browserslist": "^4.16.5",
-    "safe-buffer": "^5.1.1",
-    "vfile-message": "^2.0.2",
-    "tar": "^6.1.9",
-    "path-parse": "^1.0.7",
-    "vm2": "^3.9.11",
-    "follow-redirects": "^1.14.8",
-    "node-fetch": "^2.6.7",
-    "nanoid": "^3.1.31",
-    "minimist": "npm:minimist-lite@2.2.1",
-    "glob-parent": "^6.0.1",
-    "@types/node": "^16.0.0",
-    "qs": "^6.7.3"
+    "@types/semver": "^7.5.2",
+    "@types/trusted-types": "^2.0.4",
+    "@types/ws": "^8.5.5",
+    "doctoc": "^2.2.1",
+    "eslint": "^9.12.0",
+    "eslint-config-prettier": "^9.0.0",
+    "eslint-import-resolver-typescript": "^4.4.4",
+    "eslint-plugin-import": "^2.28.1",
+    "eslint-plugin-prettier": "^5.0.0",
+    "globals": "^16.1.0",
+    "prettier": "3.6.2",
+    "prettier-plugin-sh": "^0.14.0",
+    "ts-node": "^10.9.1",
+    "typescript": "^5.6.2",
+    "typescript-eslint": "^8.8.0"
   },
   "dependencies": {
-    "@coder/logger": "^3.0.0",
-    "argon2": "0.30.3",
+    "@coder/logger": "^3.0.1",
+    "argon2": "^0.31.1",
     "compression": "^1.7.4",
-    "cookie-parser": "^1.4.5",
-    "env-paths": "^2.2.0",
-    "express": "5.0.0-alpha.8",
-    "http-proxy": "^1.18.0",
+    "cookie-parser": "^1.4.6",
+    "env-paths": "^2.2.1",
+    "express": "^5.0.1",
+    "http-proxy": "^1.18.1",
     "httpolyglot": "^0.1.2",
-    "i18next": "^22.4.6",
-    "js-yaml": "^4.0.0",
+    "i18next": "^25.3.0",
+    "js-yaml": "^4.1.0",
     "limiter": "^2.1.0",
-    "pem": "^1.14.2",
-    "proxy-agent": "^5.0.0",
-    "qs": "6.11.0",
-    "rotating-file-stream": "^3.0.0",
-    "safe-buffer": "^5.1.1",
+    "pem": "^1.14.8",
+    "proxy-agent": "^6.3.1",
+    "qs": "6.14.0",
+    "rotating-file-stream": "^3.1.1",
     "safe-compare": "^1.1.4",
-    "semver": "^7.1.3",
-    "split2": "^4.0.0",
-    "ws": "^8.0.0",
+    "semver": "^7.5.4",
+    "ws": "^8.14.2",
     "xdg-basedir": "^4.0.0"
   },
+  "resolutions": {
+    "@types/node": "22.x"
+  },
   "bin": {
     "code-server": "out/node/entry.js"
   },
@@ -122,7 +104,7 @@
     "remote-development"
   ],
   "engines": {
-    "node": "16"
+    "node": "22"
   },
   "jest": {
     "transform": {

patches/base-path.diff

@@ -10,7 +10,7 @@ Index: code-server/lib/vscode/src/vs/base/common/network.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/network.ts
 +++ code-server/lib/vscode/src/vs/base/common/network.ts
-@@ -166,7 +166,9 @@ class RemoteAuthoritiesImpl {
+@@ -237,7 +237,9 @@ class RemoteAuthoritiesImpl {
  		return URI.from({
  			scheme: platform.isWeb ? this._preferredWebSchema : Schemas.vscodeRemoteResource,
  			authority: `${host}:${port}`,
@@ -46,18 +46,18 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench-dev.html
 +		<link rel="icon" href="{{BASE}}/_static/src/browser/media/favicon-dark-support.svg" />
 +		<link rel="alternate icon" href="{{BASE}}/_static/src/browser/media/favicon.ico" type="image/x-icon" />
 +		<link rel="manifest" href="{{VS_BASE}}/manifest.json" crossorigin="use-credentials" />
- 	</head>
+ 		<style id="vscode-css-modules" type="text/css" media="screen"></style>
  
- 	<body aria-label="">
+ 	</head>
 @@ -39,7 +39,7 @@
- 	<script src="{{WORKBENCH_WEB_BASE_URL}}/out/vs/loader.js"></script>
- 	<script src="{{WORKBENCH_WEB_BASE_URL}}/out/vs/webPackagePaths.js"></script>
+ 
+ 	<!-- Startup (do not modify order of script tags!) -->
  	<script>
 -		const baseUrl = new URL('{{WORKBENCH_WEB_BASE_URL}}', window.location.origin).toString();
 +		const baseUrl = new URL('{{WORKBENCH_WEB_BASE_URL}}', window.location).toString();
- 		Object.keys(self.webPackagePaths).map(function (key, index) {
- 			self.webPackagePaths[key] = `${baseUrl}/remote/web/node_modules/${key}/${self.webPackagePaths[key]}`;
- 		});
+ 		globalThis._VSCODE_FILE_ROOT = baseUrl + '/out/';
+ 	</script>
+ 	<script>
 Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.html
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench.html
@@ -83,99 +83,90 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.html
 +		<link rel="icon" href="{{BASE}}/_static/src/browser/media/favicon-dark-support.svg" />
 +		<link rel="alternate icon" href="{{BASE}}/_static/src/browser/media/favicon.ico" type="image/x-icon" />
 +		<link rel="manifest" href="{{VS_BASE}}/manifest.json" crossorigin="use-credentials" />
- 		<link data-name="vs/workbench/workbench.web.main" rel="stylesheet" href="{{WORKBENCH_WEB_BASE_URL}}/out/vs/workbench/workbench.web.main.css">
+ 		<link rel="stylesheet" href="{{WORKBENCH_WEB_BASE_URL}}/out/vs/code/browser/workbench/workbench.css">
  
  	</head>
-@@ -38,7 +38,7 @@
- 	<script src="{{WORKBENCH_WEB_BASE_URL}}/out/vs/loader.js"></script>
- 	<script src="{{WORKBENCH_WEB_BASE_URL}}/out/vs/webPackagePaths.js"></script>
+@@ -36,7 +36,7 @@
+ 
+ 	<!-- Startup (do not modify order of script tags!) -->
  	<script>
 -		const baseUrl = new URL('{{WORKBENCH_WEB_BASE_URL}}', window.location.origin).toString();
 +		const baseUrl = new URL('{{WORKBENCH_WEB_BASE_URL}}', window.location).toString();
- 		Object.keys(self.webPackagePaths).map(function (key, index) {
- 			self.webPackagePaths[key] = `${baseUrl}/node_modules/${key}/${self.webPackagePaths[key]}`;
- 		});
+ 		globalThis._VSCODE_FILE_ROOT = baseUrl + '/out/';
+ 	</script>
+ 	<script>
 Index: code-server/lib/vscode/src/vs/platform/remote/browser/browserSocketFactory.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/remote/browser/browserSocketFactory.ts
 +++ code-server/lib/vscode/src/vs/platform/remote/browser/browserSocketFactory.ts
-@@ -274,6 +274,7 @@ export class BrowserSocketFactory implem
- 
- 	connect(host: string, port: number, path: string, query: string, debugLabel: string, callback: IConnectCallback): void {
- 		const webSocketSchema = (/^https:/.test(window.location.href) ? 'wss' : 'ws');
-+		path = (window.location.pathname + "/" + path).replace(/\/\/+/g, "/")
- 		const socket = this._webSocketFactory.create(`${webSocketSchema}://${(/:/.test(host) && !/\[/.test(host)) ? `[${host}]` : host}:${port}${path}?${query}&skipWebSocketFrames=false`, debugLabel);
- 		const errorListener = socket.onError((err) => callback(err, undefined));
- 		socket.onOpen(() => {
-@@ -282,6 +283,3 @@ export class BrowserSocketFactory implem
- 		});
- 	}
- }
--
--
--
+@@ -282,6 +282,7 @@ export class BrowserSocketFactory implem
+ 	connect({ host, port }: WebSocketRemoteConnection, path: string, query: string, debugLabel: string): Promise<ISocket> {
+ 		return new Promise<ISocket>((resolve, reject) => {
+ 			const webSocketSchema = (/^https:/.test(mainWindow.location.href) ? 'wss' : 'ws');
++			path = (mainWindow.location.pathname + "/" + path).replace(/\/\/+/g, "/")
+ 			const socket = this._webSocketFactory.create(`${webSocketSchema}://${(/:/.test(host) && !/\[/.test(host)) ? `[${host}]` : host}:${port}${path}?${query}&skipWebSocketFrames=false`, debugLabel);
+ 			const disposables = new DisposableStore();
+ 			disposables.add(socket.onError(reject));
 Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -267,12 +267,11 @@ export class WebClientServer {
- 			return void res.end();
- 		}
+@@ -245,7 +245,9 @@ export class WebClientServer {
+ 		};
  
--		const getFirstHeader = (headerName: string) => {
--			const val = req.headers[headerName];
--			return Array.isArray(val) ? val[0] : val;
--		};
--
--		const remoteAuthority = getFirstHeader('x-original-host') || getFirstHeader('x-forwarded-host') || req.headers.host;
+ 		// Prefix routes with basePath for clients
+-		const basePath = getFirstHeader('x-forwarded-prefix') || this._basePath;
++		const rootBase = relativeRoot(getOriginalUrl(req))
++		const vscodeBase = relativePath(getOriginalUrl(req))
++		const basePath = vscodeBase || getFirstHeader('x-forwarded-prefix') || this._basePath;
+ 
+ 		const queryConnectionToken = parsedUrl.query[connectionTokenQueryName];
+ 		if (typeof queryConnectionToken === 'string') {
+@@ -284,10 +286,14 @@ export class WebClientServer {
+ 		};
+ 
+ 		const useTestResolver = (!this._environmentService.isBuilt && this._environmentService.args['use-test-resolver']);
 +		// For now we are getting the remote authority from the client to avoid
 +		// needing specific configuration for reverse proxies to work.  Set this to
 +		// something invalid to make sure we catch code that is using this value
 +		// from the backend when it should not.
-+		const remoteAuthority = 'remote';
+ 		let remoteAuthority = (
+ 			useTestResolver
+ 				? 'test+test'
+-				: (getFirstHeader('x-original-host') || getFirstHeader('x-forwarded-host') || req.headers.host)
++				: 'remote'
+ 		);
  		if (!remoteAuthority) {
  			return serveError(req, res, 400, `Bad request.`);
- 		}
-@@ -298,6 +297,8 @@ export class WebClientServer {
- 			scopes: [['user:email'], ['repo']]
- 		} : undefined;
+@@ -334,6 +340,7 @@ export class WebClientServer {
  
-+		const base = relativeRoot(getOriginalUrl(req))
-+		const vscodeBase = relativePath(getOriginalUrl(req))
- 
- 		const workbenchWebConfiguration = {
- 			remoteAuthority,
-@@ -309,6 +310,7 @@ export class WebClientServer {
- 			workspaceUri: resolveWorkspaceURI(this._environmentService.args['default-workspace']),
- 			productConfiguration: <Partial<IProductConfiguration>>{
- 				codeServerVersion: this._productService.codeServerVersion,
-+				rootEndpoint: base,
- 				embedderIdentifier: 'server-distro',
- 				extensionsGallery: this._webExtensionResourceUrlTemplate ? {
- 					...this._productService.extensionsGallery,
-@@ -326,8 +328,10 @@ export class WebClientServer {
- 		const values: { [key: string]: string } = {
- 			WORKBENCH_WEB_CONFIGURATION: asJSON(workbenchWebConfiguration),
+ 		const productConfiguration: Partial<Mutable<IProductConfiguration>> = {
+ 			codeServerVersion: this._productService.codeServerVersion,
++			rootEndpoint: rootBase,
+ 			embedderIdentifier: 'server-distro',
+ 			extensionsGallery: this._webExtensionResourceUrlTemplate && this._productService.extensionsGallery ? {
+ 				...this._productService.extensionsGallery,
+@@ -387,7 +394,9 @@ export class WebClientServer {
  			WORKBENCH_AUTH_SESSION: authSessionInfo ? asJSON(authSessionInfo) : '',
--			WORKBENCH_WEB_BASE_URL: this._staticRoute,
--			WORKBENCH_NLS_BASE_URL: nlsBaseUrl ? `${nlsBaseUrl}${!nlsBaseUrl.endsWith('/') ? '/' : ''}${this._productService.commit}/${this._productService.version}/` : '',
-+			WORKBENCH_WEB_BASE_URL: vscodeBase + this._staticRoute,
-+			WORKBENCH_NLS_BASE_URL: vscodeBase + (nlsBaseUrl ? `${nlsBaseUrl}${!nlsBaseUrl.endsWith('/') ? '/' : ''}${this._productService.commit}/${this._productService.version}/` : ''),
-+			BASE: base,
-+			VS_BASE: vscodeBase,
+ 			WORKBENCH_WEB_BASE_URL: staticRoute,
+ 			WORKBENCH_NLS_URL,
+-			WORKBENCH_NLS_FALLBACK_URL: `${staticRoute}/out/nls.messages.js`
++			WORKBENCH_NLS_FALLBACK_URL: `${staticRoute}/out/nls.messages.js`,
++			BASE: rootBase,
++			VS_BASE: basePath,
  		};
  
- 
-@@ -344,7 +348,7 @@ export class WebClientServer {
+ 		// DEV ---------------------------------------------------------------------------------------
+@@ -424,7 +433,7 @@ export class WebClientServer {
  			'default-src \'self\';',
  			'img-src \'self\' https: data: blob:;',
  			'media-src \'self\';',
--			`script-src 'self' 'unsafe-eval' ${this._getScriptCspHashes(data).join(' ')} 'sha256-fh3TwPMflhsEIpR8g1OYTIMVWhXTLcjQ9kh2tIpmv54=' http://${remoteAuthority};`, // the sha is the same as in src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
-+			`script-src 'self' 'unsafe-eval' ${this._getScriptCspHashes(data).join(' ')} 'sha256-fh3TwPMflhsEIpR8g1OYTIMVWhXTLcjQ9kh2tIpmv54=';`, // the sha is the same as in src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
+-			`script-src 'self' 'unsafe-eval' ${WORKBENCH_NLS_BASE_URL ?? ''} blob: 'nonce-1nline-m4p' ${this._getScriptCspHashes(data).join(' ')} '${webWorkerExtensionHostIframeScriptSHA}' 'sha256-/r7rqQ+yrxt57sxLuQ6AMYcy/lUpvAIzHjIJt/OeLWU=' ${useTestResolver ? '' : `http://${remoteAuthority}`};`,  // the sha is the same as in src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
++			`script-src 'self' 'unsafe-eval' ${WORKBENCH_NLS_BASE_URL ?? ''} blob: 'nonce-1nline-m4p' ${this._getScriptCspHashes(data).join(' ')} '${webWorkerExtensionHostIframeScriptSHA}' 'sha256-/r7rqQ+yrxt57sxLuQ6AMYcy/lUpvAIzHjIJt/OeLWU=' ${useTestResolver ? '' : ``};`,  // the sha is the same as in src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
  			'child-src \'self\';',
  			`frame-src 'self' https://*.vscode-cdn.net data:;`,
- 			'worker-src \'self\' data:;',
-@@ -417,3 +421,70 @@ export class WebClientServer {
+ 			'worker-src \'self\' data: blob:;',
+@@ -497,3 +506,70 @@ export class WebClientServer {
  		return void res.end(data);
  	}
  }
@@ -250,7 +241,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -32,6 +32,7 @@ export type ExtensionVirtualWorkspaceSup
+@@ -66,6 +66,7 @@ export type ExtensionVirtualWorkspaceSup
  
  export interface IProductConfiguration {
  	readonly codeServerVersion?: string
@@ -262,39 +253,53 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench.ts
 +++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
-@@ -489,6 +489,7 @@ function doCreateUri(path: string, query
- 		});
+@@ -339,7 +339,8 @@ class LocalStorageURLCallbackProvider ex
+ 			this.startListening();
+ 		}
+ 
+-		return URI.parse(mainWindow.location.href).with({ path: this._callbackRoute, query: queryParams.join('&') });
++		const path = (mainWindow.location.pathname + "/" + this._callbackRoute).replace(/\/\/+/g, "/");
++		return URI.parse(mainWindow.location.href).with({ path: path, query: queryParams.join('&') });
  	}
  
-+	path = (window.location.pathname + "/" + path).replace(/\/\/+/g, "/")
- 	return URI.parse(window.location.href).with({ path, query });
+ 	private startListening(): void {
+@@ -584,17 +585,6 @@ class WorkspaceProvider implements IWork
+ 	}
  }
  
-@@ -500,7 +501,7 @@ function doCreateUri(path: string, query
+-function readCookie(name: string): string | undefined {
+-	const cookies = document.cookie.split('; ');
+-	for (const cookie of cookies) {
+-		if (cookie.startsWith(name + '=')) {
+-			return cookie.substring(name.length + 1);
+-		}
+-	}
+-
+-	return undefined;
+-}
+-
+ (function () {
+ 
+ 	// Find config by checking for DOM
+@@ -604,8 +594,8 @@ function readCookie(name: string): strin
  	if (!configElement || !configElementAttribute) {
  		throw new Error('Missing web configuration element');
  	}
 -	const config: IWorkbenchConstructionOptions & { folderUri?: UriComponents; workspaceUri?: UriComponents; callbackRoute: string } = JSON.parse(configElementAttribute);
+-	const secretStorageKeyPath = readCookie('vscode-secret-key-path');
 +	const config: IWorkbenchConstructionOptions & { folderUri?: UriComponents; workspaceUri?: UriComponents; callbackRoute: string } = { ...JSON.parse(configElementAttribute), remoteAuthority: location.host }
++	const secretStorageKeyPath = (window.location.pathname + "/mint-key").replace(/\/\/+/g, "/");
+ 	const secretStorageCrypto = secretStorageKeyPath && ServerKeyedAESCrypto.supported()
+ 		? new ServerKeyedAESCrypto(secretStorageKeyPath) : new TransparentCrypto();
  
- 	// Create workbench
- 	create(document.body, {
 Index: code-server/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
 +++ code-server/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
-@@ -16,7 +16,6 @@ import { getServiceMachineId } from 'vs/
- import { IStorageService } from 'vs/platform/storage/common/storage';
- import { TelemetryLevel } from 'vs/platform/telemetry/common/telemetry';
- import { getTelemetryLevel, supportsTelemetry } from 'vs/platform/telemetry/common/telemetryUtils';
--import { RemoteAuthorities } from 'vs/base/common/network';
- import { getRemoteServerRootPath } from 'vs/platform/remote/common/remoteHosts';
- 
- export const WEB_EXTENSION_RESOURCE_END_POINT = 'web-extension-resource';
-@@ -75,7 +74,7 @@ export abstract class AbstractExtensionR
- 	public getExtensionGalleryResourceURL(galleryExtension: { publisher: string; name: string; version: string }, path?: string): URI | undefined {
- 		if (this._extensionGalleryResourceUrlTemplate) {
- 			const uri = URI.parse(format2(this._extensionGalleryResourceUrlTemplate, { publisher: galleryExtension.publisher, name: galleryExtension.name, version: galleryExtension.version, path: 'extension' }));
+@@ -120,7 +120,7 @@ export abstract class AbstractExtensionR
+ 					: version,
+ 				path: 'extension'
+ 			}));
 -			return this._isWebExtensionResourceEndPoint(uri) ? uri.with({ scheme: RemoteAuthorities.getPreferredWebSchema() }) : uri;
 +			return this._isWebExtensionResourceEndPoint(uri) ? URI.joinPath(URI.parse(window.location.href), uri.path) : uri;
  		}

patches/cli-window-open.diff

@@ -17,7 +17,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTe
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
-@@ -100,10 +100,14 @@ class RemoteTerminalBackend extends Base
+@@ -107,10 +107,14 @@ class RemoteTerminalBackend extends Base
  			}
  			const reqId = e.reqId;
  			const commandId = e.commandId;

patches/clipboard.diff

@@ -0,0 +1,135 @@
+Index: code-server/lib/vscode/src/vs/workbench/api/browser/mainThreadCLICommands.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/api/browser/mainThreadCLICommands.ts
++++ code-server/lib/vscode/src/vs/workbench/api/browser/mainThreadCLICommands.ts
+@@ -8,6 +8,7 @@ import { isWeb } from '../../../base/com
+ import { isString } from '../../../base/common/types.js';
+ import { URI, UriComponents } from '../../../base/common/uri.js';
+ import { localize } from '../../../nls.js';
++import { IClipboardService } from '../../../platform/clipboard/common/clipboardService.js';
+ import { CommandsRegistry, ICommandService } from '../../../platform/commands/common/commands.js';
+ import { IExtensionGalleryService, IExtensionManagementService } from '../../../platform/extensionManagement/common/extensionManagement.js';
+ import { ExtensionManagementCLI } from '../../../platform/extensionManagement/common/extensionManagementCLI.js';
+@@ -95,6 +96,11 @@ CommandsRegistry.registerCommand('_remot
+ 
+ });
+ 
++CommandsRegistry.registerCommand('_remoteCLI.setClipboard', function (accessor: ServicesAccessor, content: string) {
++	const clipboardService = accessor.get(IClipboardService);
++	clipboardService.writeText(content);
++})
++
+ class RemoteExtensionManagementCLI extends ExtensionManagementCLI {
+ 
+ 	private _location: string | undefined;
+Index: code-server/lib/vscode/src/vs/workbench/api/node/extHostCLIServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/api/node/extHostCLIServer.ts
++++ code-server/lib/vscode/src/vs/workbench/api/node/extHostCLIServer.ts
+@@ -44,7 +44,12 @@ export interface ExtensionManagementPipe
+ 	force?: boolean;
+ }
+ 
+-export type PipeCommand = OpenCommandPipeArgs | StatusPipeArgs | OpenExternalCommandPipeArgs | ExtensionManagementPipeArgs;
++export interface ClipboardPipeArgs {
++	type: 'clipboard';
++	content: string;
++}
++
++export type PipeCommand = OpenCommandPipeArgs | StatusPipeArgs | OpenExternalCommandPipeArgs | ExtensionManagementPipeArgs | ClipboardPipeArgs;
+ 
+ export interface ICommandsExecuter {
+ 	executeCommand<T>(id: string, ...args: any[]): Promise<T>;
+@@ -106,6 +111,9 @@ export class CLIServerBase {
+ 					case 'extensionManagement':
+ 						returnObj = await this.manageExtensions(data);
+ 						break;
++					case 'clipboard':
++						returnObj = await this.clipboard(data);
++						break;
+ 					default:
+ 						sendResponse(404, `Unknown message type: ${data.type}`);
+ 						break;
+@@ -173,6 +181,10 @@ export class CLIServerBase {
+ 		return await this._commands.executeCommand<string | undefined>('_remoteCLI.getSystemStatus');
+ 	}
+ 
++	private async clipboard(data: ClipboardPipeArgs): Promise<undefined> {
++		return await this._commands.executeCommand('_remoteCLI.setClipboard', data.content);
++	}
++
+ 	dispose(): void {
+ 		this._server.close();
+ 
+Index: code-server/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
++++ code-server/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
+@@ -98,7 +98,7 @@ class RemoteTerminalBackend extends Base
+ 			}
+ 		});
+ 
+-		const allowedCommands = ['_remoteCLI.openExternal', '_remoteCLI.windowOpen', '_remoteCLI.getSystemStatus', '_remoteCLI.manageExtensions'];
++		const allowedCommands = ['_remoteCLI.openExternal', '_remoteCLI.windowOpen', '_remoteCLI.getSystemStatus', '_remoteCLI.manageExtensions', '_remoteCLI.setClipboard'];
+ 		this._remoteTerminalChannel.onExecuteCommand(async e => {
+ 			// Ensure this request for for this window
+ 			const pty = this._ptys.get(e.persistentProcessId);
+Index: code-server/lib/vscode/src/vs/platform/environment/common/argv.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/environment/common/argv.ts
++++ code-server/lib/vscode/src/vs/platform/environment/common/argv.ts
+@@ -137,6 +137,7 @@ export interface NativeParsedArgs {
+ 	'disable-chromium-sandbox'?: boolean;
+ 	sandbox?: boolean;
+ 	'enable-coi'?: boolean;
++	'stdin-to-clipboard'?: boolean;
+ 	'unresponsive-sample-interval'?: string;
+ 	'unresponsive-sample-period'?: string;
+ 	'enable-rdp-display-tracking'?: boolean;
+Index: code-server/lib/vscode/src/vs/platform/environment/node/argv.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/environment/node/argv.ts
++++ code-server/lib/vscode/src/vs/platform/environment/node/argv.ts
+@@ -105,6 +105,7 @@ export const OPTIONS: OptionDescriptions
+ 	'user-data-dir': { type: 'string', cat: 'o', args: 'dir', description: localize('userDataDir', "Specifies the directory that user data is kept in. Can be used to open multiple distinct instances of Code.") },
+ 	'profile': { type: 'string', 'cat': 'o', args: 'profileName', description: localize('profileName', "Opens the provided folder or workspace with the given profile and associates the profile with the workspace. If the profile does not exist, a new empty one is created.") },
+ 	'help': { type: 'boolean', cat: 'o', alias: 'h', description: localize('help', "Print usage.") },
++	'stdin-to-clipboard': { type: 'boolean', cat: 'o', alias: 'c', description: localize('clipboard', "copies the STDIN to the clipboard") },
+ 
+ 	'extensions-dir': { type: 'string', deprecates: ['extensionHomePath'], cat: 'e', args: 'dir', description: localize('extensionHomePath', "Set the root path for extensions.") },
+ 	'extensions-download-dir': { type: 'string' },
+Index: code-server/lib/vscode/src/vs/server/node/server.cli.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/server.cli.ts
++++ code-server/lib/vscode/src/vs/server/node/server.cli.ts
+@@ -77,6 +77,7 @@ const isSupportedForPipe = (optionId: ke
+ 		case 'verbose':
+ 		case 'remote':
+ 		case 'locate-shell-integration-path':
++		case 'stdin-to-clipboard':
+ 			return true;
+ 		default:
+ 			return false;
+@@ -300,6 +301,22 @@ export async function main(desc: Product
+ 			}
+ 		}
+ 	} else {
++		if (parsedArgs['stdin-to-clipboard']) {
++			if(!hasStdinWithoutTty()) {
++				console.error("stdin has a tty.");
++				return;
++			}
++			const stdinBuffer = fs.readFileSync(0); // STDIN_FILENO = 0
++			const clipboardContent = stdinBuffer.toString();
++			sendToPipe({
++				type: 'clipboard',
++				content: clipboardContent
++			}, verbose).catch(e => {
++				console.error('Error when requesting status:', e);
++			});
++			return;
++		}
++
+ 		if (parsedArgs.status) {
+ 			await sendToPipe({
+ 				type: 'status'

patches/disable-builtin-ext-update.diff

@@ -7,7 +7,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsWorkbenchService.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsWorkbenchService.ts
-@@ -243,6 +243,10 @@ export class Extension implements IExten
+@@ -341,6 +341,10 @@ export class Extension implements IExten
  			if (this.type === ExtensionType.System && this.productService.quality === 'stable') {
  				return false;
  			}

patches/disable-downloads.diff

@@ -1,183 +0,0 @@
-Add option to disable file downloads via CLI
-
-This patch adds support for a new CLI flag called `--disable-file-downloads`
-which allows a user to remove the "Download..." option that shows up when you
-right-click files in Code. The default value for this is `false`.
-
-To test this, start code-server with `--disable-file-downloads`, open editor,
-right-click on a file (not a folder) and you should **not** see the
-"Download..." option.
-
-Index: code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
-===================================================================
---- code-server.orig/lib/vscode/src/vs/workbench/browser/web.api.ts
-+++ code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
-@@ -266,6 +266,11 @@ export interface IWorkbenchConstructionO
- 	 */
- 	readonly userDataPath?: string
- 
-+	/**
-+	 * Whether the "Download..." option is enabled for files.
-+	 */
-+	readonly isEnabledFileDownloads?: boolean
-+
- 	//#endregion
- 
- 	//#region Profile options
-Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
-===================================================================
---- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
-+++ code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
-@@ -32,6 +32,11 @@ export interface IBrowserWorkbenchEnviro
- 	 * Options used to configure the workbench.
- 	 */
- 	readonly options?: IWorkbenchConstructionOptions;
-+
-+	/**
-+	 * Enable downloading files via menu actions.
-+	 */
-+	readonly isEnabledFileDownloads?: boolean;
- }
- 
- export class BrowserWorkbenchEnvironmentService implements IBrowserWorkbenchEnvironmentService {
-@@ -104,6 +109,13 @@ export class BrowserWorkbenchEnvironment
- 		return this.options.userDataPath;
- 	}
- 
-+	get isEnabledFileDownloads(): boolean {
-+		if (typeof this.options.isEnabledFileDownloads === "undefined") {
-+			throw new Error('isEnabledFileDownloads was not provided to the browser');
-+		}
-+		return this.options.isEnabledFileDownloads;
-+	}
-+
- 	@memoize
- 	get argvResource(): URI { return joinPath(this.userRoamingDataHome, 'argv.json'); }
- 
-Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
-===================================================================
---- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
-+++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
-@@ -14,6 +14,7 @@ export const serverOptions: OptionDescri
- 	/* ----- code-server ----- */
- 	'disable-update-check': { type: 'boolean' },
- 	'auth': { type: 'string' },
-+	'disable-file-downloads': { type: 'boolean' },
- 
- 	/* ----- server setup ----- */
- 
-@@ -94,6 +95,7 @@ export interface ServerParsedArgs {
- 	/* ----- code-server ----- */
- 	'disable-update-check'?: boolean;
- 	'auth'?: string
-+	'disable-file-downloads'?: boolean;
- 
- 	/* ----- server setup ----- */
- 
-Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-===================================================================
---- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
-+++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -304,6 +304,7 @@ export class WebClientServer {
- 			remoteAuthority,
- 			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
- 			userDataPath: this._environmentService.userDataPath,
-+			isEnabledFileDownloads: !this._environmentService.args['disable-file-downloads'],
- 			_wrapWebWorkerExtHostInIframe,
- 			developmentOptions: { enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined, logLevel: this._logService.getLevel() },
- 			settingsSyncOptions: !this._environmentService.isBuilt && this._environmentService.args['enable-sync'] ? { enabled: true } : undefined,
-Index: code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
-===================================================================
---- code-server.orig/lib/vscode/src/vs/workbench/browser/contextkeys.ts
-+++ code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
-@@ -7,12 +7,11 @@ import { Event } from 'vs/base/common/ev
- import { Disposable } from 'vs/base/common/lifecycle';
- import { IContextKeyService, IContextKey } from 'vs/platform/contextkey/common/contextkey';
- import { InputFocusedContext, IsMacContext, IsLinuxContext, IsWindowsContext, IsWebContext, IsMacNativeContext, IsDevelopmentContext, IsIOSContext, ProductQualityContext, IsMobileContext } from 'vs/platform/contextkey/common/contextkeys';
--import { SplitEditorsVertically, InEditorZenModeContext, ActiveEditorCanRevertContext, ActiveEditorGroupLockedContext, ActiveEditorCanSplitInGroupContext, SideBySideEditorActiveContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, ActiveEditorContext, EditorsVisibleContext, TextCompareEditorVisibleContext, TextCompareEditorActiveContext, ActiveEditorGroupEmptyContext, MultipleEditorGroupsContext, EditorTabsVisibleContext, IsCenteredLayoutContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorReadonlyContext, EditorAreaVisibleContext, ActiveEditorAvailableEditorIdsContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext } from 'vs/workbench/common/contextkeys';
-+import { SplitEditorsVertically, InEditorZenModeContext, ActiveEditorCanRevertContext, ActiveEditorGroupLockedContext, ActiveEditorCanSplitInGroupContext, SideBySideEditorActiveContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, ActiveEditorContext, EditorsVisibleContext, TextCompareEditorVisibleContext, TextCompareEditorActiveContext, ActiveEditorGroupEmptyContext, MultipleEditorGroupsContext, EditorTabsVisibleContext, IsCenteredLayoutContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorReadonlyContext, EditorAreaVisibleContext, ActiveEditorAvailableEditorIdsContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, IsEnabledFileDownloads } from 'vs/workbench/common/contextkeys';
- import { TEXT_DIFF_EDITOR_ID, EditorInputCapabilities, SIDE_BY_SIDE_EDITOR_ID, DEFAULT_EDITOR_ASSOCIATION } from 'vs/workbench/common/editor';
- import { trackFocus, addDisposableListener, EventType } from 'vs/base/browser/dom';
- import { preferredSideBySideGroupDirection, GroupDirection, IEditorGroupsService } from 'vs/workbench/services/editor/common/editorGroupsService';
- import { IConfigurationService } from 'vs/platform/configuration/common/configuration';
--import { IWorkbenchEnvironmentService } from 'vs/workbench/services/environment/common/environmentService';
- import { IEditorService } from 'vs/workbench/services/editor/common/editorService';
- import { WorkbenchState, IWorkspaceContextService, isTemporaryWorkspace } from 'vs/platform/workspace/common/workspace';
- import { IWorkbenchLayoutService, Parts, positionToString } from 'vs/workbench/services/layout/browser/layoutService';
-@@ -25,6 +24,7 @@ import { IPaneCompositePartService } fro
- import { Schemas } from 'vs/base/common/network';
- import { WebFileSystemAccess } from 'vs/platform/files/browser/webFileSystemAccess';
- import { IProductService } from 'vs/platform/product/common/productService';
-+import { IBrowserWorkbenchEnvironmentService } from 'vs/workbench/services/environment/browser/environmentService';
- 
- export class WorkbenchContextKeysHandler extends Disposable {
- 	private inputFocusedContext: IContextKey<boolean>;
-@@ -77,7 +77,7 @@ export class WorkbenchContextKeysHandler
- 		@IContextKeyService private readonly contextKeyService: IContextKeyService,
- 		@IWorkspaceContextService private readonly contextService: IWorkspaceContextService,
- 		@IConfigurationService private readonly configurationService: IConfigurationService,
--		@IWorkbenchEnvironmentService private readonly environmentService: IWorkbenchEnvironmentService,
-+		@IBrowserWorkbenchEnvironmentService private readonly environmentService: IBrowserWorkbenchEnvironmentService,
- 		@IProductService private readonly productService: IProductService,
- 		@IEditorService private readonly editorService: IEditorService,
- 		@IEditorResolverService private readonly editorResolverService: IEditorResolverService,
-@@ -202,6 +202,9 @@ export class WorkbenchContextKeysHandler
- 		this.auxiliaryBarVisibleContext = AuxiliaryBarVisibleContext.bindTo(this.contextKeyService);
- 		this.auxiliaryBarVisibleContext.set(this.layoutService.isVisible(Parts.AUXILIARYBAR_PART));
- 
-+		// code-server
-+		IsEnabledFileDownloads.bindTo(this.contextKeyService).set(this.environmentService.isEnabledFileDownloads ?? true)
-+
- 		this.registerListeners();
- 	}
- 
-Index: code-server/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions.contribution.ts
-===================================================================
---- code-server.orig/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions.contribution.ts
-+++ code-server/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions.contribution.ts
-@@ -20,7 +20,7 @@ import { CLOSE_SAVED_EDITORS_COMMAND_ID,
- import { AutoSaveAfterShortDelayContext } from 'vs/workbench/services/filesConfiguration/common/filesConfigurationService';
- import { WorkbenchListDoubleSelection } from 'vs/platform/list/browser/listService';
- import { Schemas } from 'vs/base/common/network';
--import { DirtyWorkingCopiesContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, WorkbenchStateContext, WorkspaceFolderCountContext, SidebarFocusContext, ActiveEditorCanRevertContext, ActiveEditorContext, ResourceContextKey, ActiveEditorAvailableEditorIdsContext } from 'vs/workbench/common/contextkeys';
-+import { DirtyWorkingCopiesContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, WorkbenchStateContext, WorkspaceFolderCountContext, SidebarFocusContext, ActiveEditorCanRevertContext, ActiveEditorContext, ResourceContextKey, ActiveEditorAvailableEditorIdsContext, IsEnabledFileDownloads } from 'vs/workbench/common/contextkeys';
- import { IsWebContext } from 'vs/platform/contextkey/common/contextkeys';
- import { ServicesAccessor } from 'vs/platform/instantiation/common/instantiation';
- import { ThemeIcon } from 'vs/base/common/themables';
-@@ -484,13 +484,16 @@ MenuRegistry.appendMenuItem(MenuId.Explo
- 		id: DOWNLOAD_COMMAND_ID,
- 		title: DOWNLOAD_LABEL
- 	},
--	when: ContextKeyExpr.or(
--		// native: for any remote resource
--		ContextKeyExpr.and(IsWebContext.toNegated(), ResourceContextKey.Scheme.notEqualsTo(Schemas.file)),
--		// web: for any files
--		ContextKeyExpr.and(IsWebContext, ExplorerFolderContext.toNegated(), ExplorerRootContext.toNegated()),
--		// web: for any folders if file system API support is provided
--		ContextKeyExpr.and(IsWebContext, HasWebFileSystemAccess)
-+	when: ContextKeyExpr.and(
-+		IsEnabledFileDownloads,
-+		ContextKeyExpr.or(
-+			// native: for any remote resource
-+			ContextKeyExpr.and(IsWebContext.toNegated(), ResourceContextKey.Scheme.notEqualsTo(Schemas.file)),
-+			// web: for any files
-+			ContextKeyExpr.and(IsWebContext, ExplorerFolderContext.toNegated(), ExplorerRootContext.toNegated()),
-+			// web: for any folders if file system API support is provided
-+			ContextKeyExpr.and(IsWebContext, HasWebFileSystemAccess)
-+		)
- 	)
- }));
- 
-Index: code-server/lib/vscode/src/vs/workbench/common/contextkeys.ts
-===================================================================
---- code-server.orig/lib/vscode/src/vs/workbench/common/contextkeys.ts
-+++ code-server/lib/vscode/src/vs/workbench/common/contextkeys.ts
-@@ -32,6 +32,8 @@ export const IsFullscreenContext = new R
- 
- export const HasWebFileSystemAccess = new RawContextKey<boolean>('hasWebFileSystemAccess', false, true); // Support for FileSystemAccess web APIs (https://wicg.github.io/file-system-access)
- 
-+export const IsEnabledFileDownloads = new RawContextKey<boolean>('isEnabledFileDownloads', true, true);
-+
- //#endregion
- 
- 

patches/display-language.diff

@@ -1,131 +1,38 @@
 Add display language support
 
-We can remove this once upstream supports all language packs.
-
-1. Proxies language packs to the service on the backend.
-2. NLS configuration is embedded into the HTML for the browser to pick up.  This
-   code to generate this configuration is copied from the native portion.
-3. Remove configuredLocale since we have our own thing.
-4. Move the argv.json file to the server instead of in-browser storage.  This is
-   where the current locale is stored and currently the server needs to be able
-   to read it.
-5. Add the locale flag.
-6. Remove the redundant locale verification.  It does the same as the existing
-   one but is worse because it does not handle non-existent or empty files.
-7. Replace some caching and Node requires because code-server does not restart
-   when changing the language unlike native Code.
+VS Code web appears to implement language support by setting a cookie and
+downloading language packs from a URL configured in the product.json. This patch
+supports language pack extensions and uses files on the remote to set the
+language instead, so it works like the desktop version.
 
 Index: code-server/lib/vscode/src/vs/server/node/serverServices.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/serverServices.ts
 +++ code-server/lib/vscode/src/vs/server/node/serverServices.ts
-@@ -220,6 +220,9 @@ export async function setupServerService
- 		const channel = new ExtensionManagementChannel(extensionManagementService, (ctx: RemoteAgentConnectionContext) => getUriTransformer(ctx.remoteAuthority));
- 		socketServer.registerChannel('extensions', channel);
+@@ -12,7 +12,7 @@ import * as path from '../../base/common
+ import { IURITransformer } from '../../base/common/uriIpc.js';
+ import { getMachineId, getSqmMachineId, getDevDeviceId } from '../../base/node/id.js';
+ import { Promises } from '../../base/node/pfs.js';
+-import { ClientConnectionEvent, IMessagePassingProtocol, IPCServer, StaticRouter } from '../../base/parts/ipc/common/ipc.js';
++import { ClientConnectionEvent, IMessagePassingProtocol, IPCServer, ProxyChannel, StaticRouter } from '../../base/parts/ipc/common/ipc.js';
+ import { ProtocolConstants } from '../../base/parts/ipc/common/ipc.net.js';
+ import { IConfigurationService } from '../../platform/configuration/common/configuration.js';
+ import { ConfigurationService } from '../../platform/configuration/common/configurationService.js';
+@@ -272,6 +272,9 @@ export async function setupServerService
  
-+		const languagePackChannel = ProxyChannel.fromService<RemoteAgentConnectionContext>(accessor.get(ILanguagePackService));
+ 		socketServer.registerChannel('mcpManagement', new McpManagementChannel(mcpManagementService, (ctx: RemoteAgentConnectionContext) => getUriTransformer(ctx.remoteAuthority)));
+ 
++		const languagePackChannel = ProxyChannel.fromService<RemoteAgentConnectionContext>(accessor.get(ILanguagePackService), disposables);
 +		socketServer.registerChannel('languagePacks', languagePackChannel);
 +
- 		const encryptionChannel = ProxyChannel.fromService<RemoteAgentConnectionContext>(accessor.get(IEncryptionMainService));
- 		socketServer.registerChannel('encryption', encryptionChannel);
+ 		// clean up extensions folder
+ 		remoteExtensionsScanner.whenExtensionsReady().then(() => extensionManagementService.cleanUp());
  
-Index: code-server/lib/vscode/src/vs/base/common/platform.ts
-===================================================================
---- code-server.orig/lib/vscode/src/vs/base/common/platform.ts
-+++ code-server/lib/vscode/src/vs/base/common/platform.ts
-@@ -2,8 +2,6 @@
-  *  Copyright (c) Microsoft Corporation. All rights reserved.
-  *  Licensed under the MIT License. See License.txt in the project root for license information.
-  *--------------------------------------------------------------------------------------------*/
--import * as nls from 'vs/nls';
--
- export const LANGUAGE_DEFAULT = 'en';
- 
- let _isWindows = false;
-@@ -86,17 +84,19 @@ if (typeof navigator === 'object' && !is
- 	_isMobile = _userAgent?.indexOf('Mobi') >= 0;
- 	_isWeb = true;
- 
--	const configuredLocale = nls.getConfiguredDefaultLocale(
--		// This call _must_ be done in the file that calls `nls.getConfiguredDefaultLocale`
--		// to ensure that the NLS AMD Loader plugin has been loaded and configured.
--		// This is because the loader plugin decides what the default locale is based on
--		// how it's able to resolve the strings.
--		nls.localize({ key: 'ensureLoaderPluginIsLoaded', comment: ['{Locked}'] }, '_')
--	);
--
--	_locale = configuredLocale || LANGUAGE_DEFAULT;
-+	_locale = LANGUAGE_DEFAULT;
- 
- 	_language = _locale;
-+	const el = typeof document !== 'undefined' && document.getElementById('vscode-remote-nls-configuration');
-+	const rawNlsConfig = el && el.getAttribute('data-settings');
-+	if (rawNlsConfig) {
-+		try {
-+			const nlsConfig: NLSConfig = JSON.parse(rawNlsConfig);
-+			_locale = nlsConfig.locale;
-+			_translationsConfigFile = nlsConfig._translationsConfigFile;
-+			_language = nlsConfig.availableLanguages['*'] || LANGUAGE_DEFAULT;
-+		} catch (error) { /* Oh well. */ }
-+	}
- }
- 
- // Native environment
-Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.html
-===================================================================
---- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench.html
-+++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench.html
-@@ -23,6 +23,9 @@
- 		<!-- Workbench Auth Session -->
- 		<meta id="vscode-workbench-auth-session" data-settings="{{WORKBENCH_AUTH_SESSION}}">
- 
-+		<!-- NLS Configuration -->
-+		<meta id="vscode-remote-nls-configuration" data-settings="{{NLS_CONFIGURATION}}">
-+
- 		<!-- Workbench Icon/Manifest/CSS -->
- 		<link rel="icon" href="{{BASE}}/_static/src/browser/media/favicon-dark-support.svg" />
- 		<link rel="alternate icon" href="{{BASE}}/_static/src/browser/media/favicon.ico" type="image/x-icon" />
-@@ -46,15 +49,26 @@
- 		// Set up nls if the user is not using the default language (English)
- 		const nlsConfig = {};
- 		const locale = window.localStorage.getItem('vscode.nls.locale') || navigator.language;
--		if (!locale.startsWith('en')) {
--			nlsConfig['vs/nls'] = {
--				availableLanguages: {
--					'*': locale
--				},
--				translationServiceUrl: '{{WORKBENCH_NLS_BASE_URL}}'
--			};
--		}
--
-+		try {
-+			nlsConfig['vs/nls'] = JSON.parse(document.getElementById("vscode-remote-nls-configuration").getAttribute("data-settings"))
-+			if (nlsConfig['vs/nls']._resolvedLanguagePackCoreLocation) {
-+				const bundles = Object.create(null)
-+				nlsConfig['vs/nls'].loadBundle = (bundle, _language, cb) => {
-+					const result = bundles[bundle]
-+					if (result) {
-+						return cb(undefined, result)
-+					}
-+					const path = nlsConfig['vs/nls']._resolvedLanguagePackCoreLocation + "/" + bundle.replace(/\//g, "!") + ".nls.json"
-+					fetch(`{{WORKBENCH_WEB_BASE_URL}}/../vscode-remote-resource?path=${encodeURIComponent(path)}`)
-+						.then((response) => response.json())
-+						.then((json) => {
-+							bundles[bundle] = json
-+							cb(undefined, json)
-+						})
-+						.catch(cb)
-+				}
-+			}
-+		} catch (error) { /* Probably fine. */ }
- 		require.config({
- 			baseUrl: `${baseUrl}/out`,
- 			recordStats: true,
 Index: code-server/lib/vscode/src/vs/platform/environment/common/environmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/environment/common/environmentService.ts
 +++ code-server/lib/vscode/src/vs/platform/environment/common/environmentService.ts
-@@ -107,7 +107,7 @@ export abstract class AbstractNativeEnvi
+@@ -98,7 +98,7 @@ export abstract class AbstractNativeEnvi
  			return URI.file(join(vscodePortable, 'argv.json'));
  		}
  
@@ -138,31 +45,37 @@ Index: code-server/lib/vscode/src/vs/server/node/remoteLanguagePacks.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/remoteLanguagePacks.ts
 +++ code-server/lib/vscode/src/vs/server/node/remoteLanguagePacks.ts
-@@ -30,6 +30,12 @@ export function getNLSConfiguration(lang
- 				if (InternalNLSConfiguration.is(value)) {
- 					value._languagePackSupport = true;
- 				}
-+				// If the configuration has no results keep trying since code-server
-+				// doesn't restart when a language is installed so this result would
-+				// persist (the plugin might not be installed yet for example).
-+				if (value.locale !== 'en' && value.locale !== 'en-us' && Object.keys(value.availableLanguages).length === 0) {
-+					_cache.delete(key);
-+				}
- 				return value;
- 			});
- 			_cache.set(key, result);
-@@ -44,3 +50,43 @@ export namespace InternalNLSConfiguratio
- 		return candidate && typeof candidate._languagePackId === 'string';
+@@ -3,6 +3,8 @@
+  *  Licensed under the MIT License. See License.txt in the project root for license information.
+  *--------------------------------------------------------------------------------------------*/
+ 
++import { promises as fs } from 'fs';
++import * as path from 'path';
+ import { FileAccess } from '../../base/common/network.js';
+ import { join } from '../../base/common/path.js';
+ import type { INLSConfiguration } from '../../nls.js';
+@@ -33,7 +35,94 @@ export async function getNLSConfiguratio
+ 	if (!result) {
+ 		result = resolveNLSConfiguration({ userLocale: language, osLocale: language, commit: product.commit, userDataPath, nlsMetadataPath });
+ 		nlsConfigurationCache.set(cacheKey, result);
++		// If the language pack does not yet exist, it defaults to English, which is
++		// then cached and you have to restart even if you then install the pack.
++		result.then((r) => {
++			if (!language.startsWith('en') && r.resolvedLanguage.startsWith('en')) {
++				nlsConfigurationCache.delete(cacheKey);
++			}
++		})
  	}
+ 
+ 	return result;
  }
 +
 +/**
-+ * The code below is copied from from src/main.js.
++ * Copied from from src/main.js.
 + */
-+
 +export const getLocaleFromConfig = async (argvResource: string): Promise<string> => {
 +	try {
-+		const content = stripComments(await fs.promises.readFile(argvResource, 'utf8'));
++		const content = stripComments(await fs.readFile(argvResource, 'utf8'));
 +		return JSON.parse(content).locale;
 +	} catch (error) {
 +		if (error.code !== "ENOENT") {
@@ -172,6 +85,9 @@ Index: code-server/lib/vscode/src/vs/server/node/remoteLanguagePacks.ts
 +	}
 +};
 +
++/**
++ * Copied from from src/main.js.
++ */
 +const stripComments = (content: string): string => {
 +	const regexp = /('(?:[^\\']*(?:\\.)?)*')|('(?:[^\\']*(?:\\.)?)*')|(\/\*(?:\r?\n|.)*?\*\/)|(\/{2,}.*?(?:(?:\r?\n)|$))/g;
 +
@@ -195,86 +111,116 @@ Index: code-server/lib/vscode/src/vs/server/node/remoteLanguagePacks.ts
 +		}
 +	});
 +};
++
++/**
++ * Generate translations then return a path to a JavaScript file that sets the
++ * translations into global variables.  This file is loaded by the browser to
++ * set global variables that the loader uses when looking for translations.
++ *
++ * Normally, VS Code pulls these files from a CDN but we want them to be local.
++ */
++export async function getBrowserNLSConfiguration(locale: string, userDataPath: string): Promise<string> {
++	if (locale.startsWith('en')) {
++		return ''; // Use fallback translations.
++	}
++
++	const nlsConfig = await getNLSConfiguration(locale, userDataPath);
++	const messagesFile = nlsConfig?.languagePack?.messagesFile;
++	const resolvedLanguage = nlsConfig?.resolvedLanguage;
++	if (!messagesFile || !resolvedLanguage) {
++		return ''; // Use fallback translations.
++	}
++
++	const nlsFile = path.join(path.dirname(messagesFile), "nls.messages.js");
++	try {
++		await fs.stat(nlsFile);
++		return nlsFile; // We already generated the file.
++	} catch (error) {
++		// ENOENT is fine, that just means we need to generate the file.
++		if (error.code !== 'ENOENT') {
++			throw error;
++		}
++	}
++
++	const messages = (await fs.readFile(messagesFile)).toString();
++	const content = `globalThis._VSCODE_NLS_MESSAGES=${messages};
++globalThis._VSCODE_NLS_LANGUAGE=${JSON.stringify(resolvedLanguage)};`
++	await fs.writeFile(nlsFile, content, "utf-8");
++
++	return nlsFile;
++}
 Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -26,6 +26,7 @@ import { URI } from 'vs/base/common/uri'
- import { streamToBuffer } from 'vs/base/common/buffer';
- import { IProductConfiguration } from 'vs/base/common/product';
- import { isString } from 'vs/base/common/types';
-+import { getLocaleFromConfig, getNLSConfiguration } from 'vs/server/node/remoteLanguagePacks';
- import { CharCode } from 'vs/base/common/charCode';
- import { getRemoteServerRootPath } from 'vs/platform/remote/common/remoteHosts';
- 
-@@ -299,6 +300,8 @@ export class WebClientServer {
- 
- 		const base = relativeRoot(getOriginalUrl(req))
- 		const vscodeBase = relativePath(getOriginalUrl(req))
-+		const locale = this._environmentService.args.locale || await getLocaleFromConfig(this._environmentService.argvResource.fsPath);
-+		const nlsConfiguration = await getNLSConfiguration(locale, this._environmentService.userDataPath)
- 
- 		const workbenchWebConfiguration = {
- 			remoteAuthority,
-@@ -336,6 +339,7 @@ export class WebClientServer {
- 			WORKBENCH_NLS_BASE_URL: vscodeBase + (nlsBaseUrl ? `${nlsBaseUrl}${!nlsBaseUrl.endsWith('/') ? '/' : ''}${this._productService.commit}/${this._productService.version}/` : ''),
- 			BASE: base,
- 			VS_BASE: vscodeBase,
-+			NLS_CONFIGURATION: asJSON(nlsConfiguration),
+@@ -25,6 +25,7 @@ import { URI } from '../../base/common/u
+ import { streamToBuffer } from '../../base/common/buffer.js';
+ import { IProductConfiguration } from '../../base/common/product.js';
+ import { isString, Mutable } from '../../base/common/types.js';
++import { getLocaleFromConfig, getBrowserNLSConfiguration } from './remoteLanguagePacks.js';
+ import { CharCode } from '../../base/common/charCode.js';
+ import { IExtensionManifest } from '../../platform/extensions/common/extensions.js';
+ import { ICSSDevelopmentService } from '../../platform/cssDev/node/cssDevService.js';
+@@ -385,14 +386,22 @@ export class WebClientServer {
  		};
  
+ 		const cookies = cookie.parse(req.headers.cookie || '');
+-		const locale = cookies['vscode.nls.locale'] || req.headers['accept-language']?.split(',')[0]?.toLowerCase() || 'en';
++		const locale = this._environmentService.args.locale || await getLocaleFromConfig(this._environmentService.argvResource.fsPath) || cookies['vscode.nls.locale'] || req.headers['accept-language']?.split(',')[0]?.toLowerCase() || 'en';
+ 		let WORKBENCH_NLS_BASE_URL: string | undefined;
+ 		let WORKBENCH_NLS_URL: string;
+ 		if (!locale.startsWith('en') && this._productService.nlsCoreBaseUrl) {
+ 			WORKBENCH_NLS_BASE_URL = this._productService.nlsCoreBaseUrl;
+ 			WORKBENCH_NLS_URL = `${WORKBENCH_NLS_BASE_URL}${this._productService.commit}/${this._productService.version}/${locale}/nls.messages.js`;
+ 		} else {
+-			WORKBENCH_NLS_URL = ''; // fallback will apply
++			try {
++				const nlsFile = await getBrowserNLSConfiguration(locale, this._environmentService.userDataPath);
++				WORKBENCH_NLS_URL = nlsFile
++					? `${vscodeBase}/vscode-remote-resource?path=${encodeURIComponent(nlsFile)}`
++					: '';
++			} catch (error) {
++				console.error("Failed to generate translations", error);
++				WORKBENCH_NLS_URL = '';
++			}
+ 		}
  
+ 		const values: { [key: string]: string } = {
 Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 +++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
-@@ -15,6 +15,7 @@ export const serverOptions: OptionDescri
- 	'disable-update-check': { type: 'boolean' },
- 	'auth': { type: 'string' },
+@@ -22,6 +22,7 @@ export const serverOptions: OptionDescri
  	'disable-file-downloads': { type: 'boolean' },
+ 	'disable-file-uploads': { type: 'boolean' },
+ 	'disable-getting-started-override': { type: 'boolean' },
 +	'locale': { type: 'string' },
  
  	/* ----- server setup ----- */
  
-@@ -96,6 +97,7 @@ export interface ServerParsedArgs {
- 	'disable-update-check'?: boolean;
- 	'auth'?: string
+@@ -113,6 +114,7 @@ export interface ServerParsedArgs {
  	'disable-file-downloads'?: boolean;
+ 	'disable-file-uploads'?: boolean;
+ 	'disable-getting-started-override'?: boolean,
 +	'locale'?: string
  
  	/* ----- server setup ----- */
  
-Index: code-server/lib/vscode/src/vs/workbench/workbench.web.main.ts
-===================================================================
---- code-server.orig/lib/vscode/src/vs/workbench/workbench.web.main.ts
-+++ code-server/lib/vscode/src/vs/workbench/workbench.web.main.ts
-@@ -119,8 +119,9 @@ import 'vs/workbench/contrib/logs/browse
- // Explorer
- import 'vs/workbench/contrib/files/browser/files.web.contribution';
- 
--// Localization
--import 'vs/workbench/contrib/localization/browser/localization.contribution';
-+// Localization.  This does not actually import anything specific to Electron so
-+// it should be safe.
-+import 'vs/workbench/contrib/localization/electron-sandbox/localization.contribution';
- 
- // Performance
- import 'vs/workbench/contrib/performance/browser/performance.web.contribution';
 Index: code-server/lib/vscode/src/vs/platform/languagePacks/browser/languagePacks.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/languagePacks/browser/languagePacks.ts
 +++ code-server/lib/vscode/src/vs/platform/languagePacks/browser/languagePacks.ts
-@@ -6,18 +6,24 @@
- import { CancellationTokenSource } from 'vs/base/common/cancellation';
- import { Language } from 'vs/base/common/platform';
- import { URI } from 'vs/base/common/uri';
-+import { ProxyChannel } from 'vs/base/parts/ipc/common/ipc';
- import { IExtensionGalleryService } from 'vs/platform/extensionManagement/common/extensionManagement';
- import { IExtensionResourceLoaderService } from 'vs/platform/extensionResourceLoader/common/extensionResourceLoader';
--import { ILanguagePackItem, LanguagePackBaseService } from 'vs/platform/languagePacks/common/languagePacks';
-+import { ILanguagePackItem, ILanguagePackService, LanguagePackBaseService } from 'vs/platform/languagePacks/common/languagePacks';
- import { ILogService } from 'vs/platform/log/common/log';
-+import { IRemoteAgentService } from 'vs/workbench/services/remote/common/remoteAgentService';
+@@ -5,18 +5,24 @@
+ 
+ import { CancellationTokenSource } from '../../../base/common/cancellation.js';
+ import { URI } from '../../../base/common/uri.js';
++import { ProxyChannel } from '../../../base/parts/ipc/common/ipc.js';
+ import { IExtensionGalleryService } from '../../extensionManagement/common/extensionManagement.js';
+ import { IExtensionResourceLoaderService } from '../../extensionResourceLoader/common/extensionResourceLoader.js';
+-import { ILanguagePackItem, LanguagePackBaseService } from '../common/languagePacks.js';
++import { ILanguagePackItem, ILanguagePackService, LanguagePackBaseService } from '../common/languagePacks.js';
+ import { ILogService } from '../../log/common/log.js';
++import { IRemoteAgentService } from '../../../workbench/services/remote/common/remoteAgentService.js';
  
  export class WebLanguagePacksService extends LanguagePackBaseService {
 +	private readonly languagePackService: ILanguagePackService;
@@ -289,8 +235,8 @@ Index: code-server/lib/vscode/src/vs/platform/languagePacks/browser/languagePack
 +		this.languagePackService = ProxyChannel.toService<ILanguagePackService>(remoteAgentService.getConnection()!.getChannel('languagePacks'))
  	}
  
- 	async getBuiltInExtensionTranslationsUri(id: string): Promise<URI | undefined> {
-@@ -73,6 +79,6 @@ export class WebLanguagePacksService ext
+ 	async getBuiltInExtensionTranslationsUri(id: string, language: string): Promise<URI | undefined> {
+@@ -72,6 +78,6 @@ export class WebLanguagePacksService ext
  
  	// Web doesn't have a concept of language packs, so we just return an empty array
  	getInstalledLanguages(): Promise<ILanguagePackItem[]> {
@@ -298,11 +244,11 @@ Index: code-server/lib/vscode/src/vs/platform/languagePacks/browser/languagePack
 +		return this.languagePackService.getInstalledLanguages()
  	}
  }
-Index: code-server/lib/vscode/src/vs/workbench/contrib/localization/electron-sandbox/localeService.ts
+Index: code-server/lib/vscode/src/vs/workbench/services/localization/electron-browser/localeService.ts
 ===================================================================
---- code-server.orig/lib/vscode/src/vs/workbench/contrib/localization/electron-sandbox/localeService.ts
-+++ code-server/lib/vscode/src/vs/workbench/contrib/localization/electron-sandbox/localeService.ts
-@@ -41,7 +41,8 @@ export class NativeLocaleService impleme
+--- code-server.orig/lib/vscode/src/vs/workbench/services/localization/electron-browser/localeService.ts
++++ code-server/lib/vscode/src/vs/workbench/services/localization/electron-browser/localeService.ts
+@@ -51,7 +51,8 @@ class NativeLocaleService implements ILo
  		@IProductService private readonly productService: IProductService
  	) { }
  
@@ -312,7 +258,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/localization/electron-san
  		try {
  			const content = await this.textFileService.read(this.environmentService.argvResource, { encoding: 'utf8' });
  
-@@ -68,9 +69,6 @@ export class NativeLocaleService impleme
+@@ -78,9 +79,6 @@ class NativeLocaleService implements ILo
  	}
  
  	private async writeLocaleValue(locale: string | undefined): Promise<boolean> {
@@ -322,3 +268,83 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/localization/electron-san
  		await this.jsonEditingService.write(this.environmentService.argvResource, [{ path: ['locale'], value: locale }], true);
  		return true;
  	}
+Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsActions.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsActions.ts
++++ code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsActions.ts
+@@ -475,9 +475,6 @@ export class InstallAction extends Exten
+ 		if (this.extension.isBuiltin) {
+ 			return;
+ 		}
+-		if (this.extensionsWorkbenchService.canSetLanguage(this.extension)) {
+-			return;
+-		}
+ 		if (this.extension.state !== ExtensionState.Uninstalled) {
+ 			return;
+ 		}
+@@ -782,7 +779,7 @@ export abstract class InstallInOtherServ
+ 		}
+ 
+ 		if (isLanguagePackExtension(this.extension.local.manifest)) {
+-			return true;
++			return false;
+ 		}
+ 
+ 		// Prefers to run on UI
+@@ -2073,17 +2070,6 @@ export class SetLanguageAction extends E
+ 	update(): void {
+ 		this.enabled = false;
+ 		this.class = SetLanguageAction.DisabledClass;
+-		if (!this.extension) {
+-			return;
+-		}
+-		if (!this.extensionsWorkbenchService.canSetLanguage(this.extension)) {
+-			return;
+-		}
+-		if (this.extension.gallery && language === getLocale(this.extension.gallery)) {
+-			return;
+-		}
+-		this.enabled = true;
+-		this.class = SetLanguageAction.EnabledClass;
+ 	}
+ 
+ 	override async run(): Promise<any> {
+@@ -2100,7 +2086,6 @@ export class ClearLanguageAction extends
+ 	private static readonly DisabledClass = `${this.EnabledClass} disabled`;
+ 
+ 	constructor(
+-		@IExtensionsWorkbenchService private readonly extensionsWorkbenchService: IExtensionsWorkbenchService,
+ 		@ILocaleService private readonly localeService: ILocaleService,
+ 	) {
+ 		super(ClearLanguageAction.ID, ClearLanguageAction.TITLE.value, ClearLanguageAction.DisabledClass, false);
+@@ -2110,17 +2095,6 @@ export class ClearLanguageAction extends
+ 	update(): void {
+ 		this.enabled = false;
+ 		this.class = ClearLanguageAction.DisabledClass;
+-		if (!this.extension) {
+-			return;
+-		}
+-		if (!this.extensionsWorkbenchService.canSetLanguage(this.extension)) {
+-			return;
+-		}
+-		if (this.extension.gallery && language !== getLocale(this.extension.gallery)) {
+-			return;
+-		}
+-		this.enabled = true;
+-		this.class = ClearLanguageAction.EnabledClass;
+ 	}
+ 
+ 	override async run(): Promise<any> {
+Index: code-server/lib/vscode/src/vs/workbench/workbench.web.main.internal.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/workbench.web.main.internal.ts
++++ code-server/lib/vscode/src/vs/workbench/workbench.web.main.internal.ts
+@@ -54,7 +54,7 @@ import './services/dialogs/browser/fileD
+ import './services/host/browser/browserHostService.js';
+ import './services/lifecycle/browser/lifecycleService.js';
+ import './services/clipboard/browser/clipboardService.js';
+-import './services/localization/browser/localeService.js';
++import './services/localization/electron-browser/localeService.js';
+ import './services/path/browser/pathService.js';
+ import './services/themes/browser/browserHostColorSchemeService.js';
+ import './services/encryption/browser/encryptionService.js';

patches/external-file-actions.diff

@@ -0,0 +1,356 @@
+Add option to disable file downloads and uploads via cli
+
+This patch adds support for a new CLI flag called `--disable-file-downloads`
+which allows a user to remove the "Download..." option that shows up when you
+right-click files in Code. It also disables the "Show Local" button on the dialog 
+for Save, Save-As and Save Workspace. The default value for this is `false`.
+
+This patch also add support for a new CLI flag called `--disable-file-uploads`
+which disables the drag to upload functionality and the "Upload..." option when you
+right-click folders in Code. It also disables the "Show Local" button on the dialog 
+for opening a file. The default value for this is `false`.
+
+This patch also adds trace log statements for when a file is read and written to disk.
+
+To test disabling downloads, start code-server with `--disable-file-downloads`, open editor,
+right-click on a file (not a folder) and you should **not** see the
+"Download..." option. When saving a file or workspace, the "Show Local" button 
+should **not** appear on the dialog that comes on screen.
+
+To test disabling uploads, start code-server with `--disable-file-uploads`, open editor,
+right-click on a folder (not a file) and you should **not** see the
+"Upload..." option. If you drag a file into the file navigator, the file should **not** upload 
+and appear in the file navigator. When opening a file, the "Show Local" button 
+should **not** appear on the dialog that comes on screen.
+
+Index: code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/browser/web.api.ts
++++ code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
+@@ -303,6 +303,16 @@ export interface IWorkbenchConstructionO
+ 	 */
+ 	readonly userDataPath?: string
+ 
++	/**
++	 * Whether the "Download..." option is enabled for files.
++	 */
++	readonly isEnabledFileDownloads?: boolean
++
++	/**
++	 * Whether the "Upload..." button is enabled.
++	 */
++	readonly isEnabledFileUploads?: boolean
++
+ 	//#endregion
+ 
+ 	//#region Profile options
+Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
++++ code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
+@@ -34,6 +34,16 @@ export interface IBrowserWorkbenchEnviro
+ 	readonly options?: IWorkbenchConstructionOptions;
+ 
+ 	/**
++	 * Enable downloading files via menu actions.
++	 */
++	readonly isEnabledFileDownloads?: boolean;
++
++	/**
++	 * Enable uploading files via menu actions.
++	 */
++	readonly isEnabledFileUploads?: boolean;
++
++	/**
+ 	 * Gets whether a resolver extension is expected for the environment.
+ 	 */
+ 	readonly expectsResolverExtension: boolean;
+@@ -111,6 +121,20 @@ export class BrowserWorkbenchEnvironment
+ 		return this.options.userDataPath;
+ 	}
+ 
++	get isEnabledFileDownloads(): boolean {
++		if (typeof this.options.isEnabledFileDownloads === "undefined") {
++			throw new Error('isEnabledFileDownloads was not provided to the browser');
++		}
++		return this.options.isEnabledFileDownloads;
++	}
++
++	get isEnabledFileUploads(): boolean {
++		if (typeof this.options.isEnabledFileUploads === "undefined") {
++			throw new Error('isEnabledFileUploads was not provided to the browser');
++		}
++		return this.options.isEnabledFileUploads;
++	}
++
+ 	@memoize
+ 	get argvResource(): URI { return joinPath(this.userRoamingDataHome, 'argv.json'); }
+ 
+Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
++++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+@@ -19,6 +19,8 @@ export const serverOptions: OptionDescri
+ 	/* ----- code-server ----- */
+ 	'disable-update-check': { type: 'boolean' },
+ 	'auth': { type: 'string' },
++	'disable-file-downloads': { type: 'boolean' },
++	'disable-file-uploads': { type: 'boolean' },
+ 
+ 	/* ----- server setup ----- */
+ 
+@@ -107,6 +109,8 @@ export interface ServerParsedArgs {
+ 	/* ----- code-server ----- */
+ 	'disable-update-check'?: boolean;
+ 	'auth'?: string;
++	'disable-file-downloads'?: boolean;
++	'disable-file-uploads'?: boolean;
+ 
+ 	/* ----- server setup ----- */
+ 
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -369,6 +369,8 @@ export class WebClientServer {
+ 			serverBasePath: basePath,
+ 			webviewEndpoint: staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
+ 			userDataPath: this._environmentService.userDataPath,
++			isEnabledFileDownloads: !this._environmentService.args['disable-file-downloads'],
++			isEnabledFileUploads: !this._environmentService.args['disable-file-uploads'],
+ 			_wrapWebWorkerExtHostInIframe,
+ 			developmentOptions: { enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined, logLevel: this._logService.getLevel() },
+ 			settingsSyncOptions: !this._environmentService.isBuilt && this._environmentService.args['enable-sync'] ? { enabled: true } : undefined,
+Index: code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/browser/contextkeys.ts
++++ code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
+@@ -6,10 +6,10 @@
+ import { Disposable } from '../../base/common/lifecycle.js';
+ import { IContextKeyService, IContextKey, setConstant as setConstantContextKey } from '../../platform/contextkey/common/contextkey.js';
+ import { IsMacContext, IsLinuxContext, IsWindowsContext, IsWebContext, IsMacNativeContext, IsDevelopmentContext, IsIOSContext, ProductQualityContext, IsMobileContext } from '../../platform/contextkey/common/contextkeys.js';
+-import { SplitEditorsVertically, InEditorZenModeContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsMainEditorCenteredLayoutContext, MainEditorAreaVisibleContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, TitleBarVisibleContext, TitleBarStyleContext, IsAuxiliaryWindowFocusedContext, ActiveEditorGroupEmptyContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorGroupLockedContext, MultipleEditorGroupsContext, EditorsVisibleContext, AuxiliaryBarMaximizedContext, InAutomationContext } from '../common/contextkeys.js';
++import { SplitEditorsVertically, InEditorZenModeContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsMainEditorCenteredLayoutContext, MainEditorAreaVisibleContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, TitleBarVisibleContext, TitleBarStyleContext, IsAuxiliaryWindowFocusedContext, ActiveEditorGroupEmptyContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorGroupLockedContext, MultipleEditorGroupsContext, EditorsVisibleContext, AuxiliaryBarMaximizedContext, InAutomationContext, IsEnabledFileDownloads, IsEnabledFileUploads } from '../common/contextkeys.js';
+ import { preferredSideBySideGroupDirection, GroupDirection, IEditorGroupsService } from '../services/editor/common/editorGroupsService.js';
+ import { IConfigurationService } from '../../platform/configuration/common/configuration.js';
+-import { IWorkbenchEnvironmentService } from '../services/environment/common/environmentService.js';
++import { IBrowserWorkbenchEnvironmentService } from '../services/environment/browser/environmentService.js';
+ import { WorkbenchState, IWorkspaceContextService, isTemporaryWorkspace } from '../../platform/workspace/common/workspace.js';
+ import { IWorkbenchLayoutService, Parts, positionToString } from '../services/layout/browser/layoutService.js';
+ import { getRemoteName } from '../../platform/remote/common/remoteHosts.js';
+@@ -69,7 +69,7 @@ export class WorkbenchContextKeysHandler
+ 		@IContextKeyService private readonly contextKeyService: IContextKeyService,
+ 		@IWorkspaceContextService private readonly contextService: IWorkspaceContextService,
+ 		@IConfigurationService private readonly configurationService: IConfigurationService,
+-		@IWorkbenchEnvironmentService private readonly environmentService: IWorkbenchEnvironmentService,
++		@IBrowserWorkbenchEnvironmentService private readonly environmentService: IBrowserWorkbenchEnvironmentService,
+ 		@IProductService private readonly productService: IProductService,
+ 		@IEditorGroupsService private readonly editorGroupService: IEditorGroupsService,
+ 		@IEditorService private readonly editorService: IEditorService,
+@@ -199,6 +199,10 @@ export class WorkbenchContextKeysHandler
+ 		this.auxiliaryBarMaximizedContext = AuxiliaryBarMaximizedContext.bindTo(this.contextKeyService);
+ 		this.auxiliaryBarMaximizedContext.set(this.layoutService.isAuxiliaryBarMaximized());
+ 
++		// code-server
++		IsEnabledFileDownloads.bindTo(this.contextKeyService).set(this.environmentService.isEnabledFileDownloads ?? true)
++		IsEnabledFileUploads.bindTo(this.contextKeyService).set(this.environmentService.isEnabledFileUploads ?? true)
++
+ 		this.registerListeners();
+ 	}
+ 
+Index: code-server/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions.contribution.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions.contribution.ts
++++ code-server/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions.contribution.ts
+@@ -20,7 +20,7 @@ import { CLOSE_SAVED_EDITORS_COMMAND_ID,
+ import { AutoSaveAfterShortDelayContext } from '../../../services/filesConfiguration/common/filesConfigurationService.js';
+ import { WorkbenchListDoubleSelection } from '../../../../platform/list/browser/listService.js';
+ import { Schemas } from '../../../../base/common/network.js';
+-import { DirtyWorkingCopiesContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, WorkbenchStateContext, WorkspaceFolderCountContext, SidebarFocusContext, ActiveEditorCanRevertContext, ActiveEditorContext, ResourceContextKey, ActiveEditorAvailableEditorIdsContext, MultipleEditorsSelectedInGroupContext, TwoEditorsSelectedInGroupContext, SelectedEditorsInGroupFileOrUntitledResourceContextKey } from '../../../common/contextkeys.js';
++import { IsEnabledFileDownloads, IsEnabledFileUploads, DirtyWorkingCopiesContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, WorkbenchStateContext, WorkspaceFolderCountContext, SidebarFocusContext, ActiveEditorCanRevertContext, ActiveEditorContext, ResourceContextKey, ActiveEditorAvailableEditorIdsContext, MultipleEditorsSelectedInGroupContext, TwoEditorsSelectedInGroupContext, SelectedEditorsInGroupFileOrUntitledResourceContextKey } from '../../../common/contextkeys.js';
+ import { IsWebContext } from '../../../../platform/contextkey/common/contextkeys.js';
+ import { ServicesAccessor } from '../../../../platform/instantiation/common/instantiation.js';
+ import { ThemeIcon } from '../../../../base/common/themables.js';
+@@ -571,13 +571,16 @@ MenuRegistry.appendMenuItem(MenuId.Explo
+ 		id: DOWNLOAD_COMMAND_ID,
+ 		title: DOWNLOAD_LABEL
+ 	},
+-	when: ContextKeyExpr.or(
+-		// native: for any remote resource
+-		ContextKeyExpr.and(IsWebContext.toNegated(), ResourceContextKey.Scheme.notEqualsTo(Schemas.file)),
+-		// web: for any files
+-		ContextKeyExpr.and(IsWebContext, ExplorerFolderContext.toNegated(), ExplorerRootContext.toNegated()),
+-		// web: for any folders if file system API support is provided
+-		ContextKeyExpr.and(IsWebContext, HasWebFileSystemAccess)
++	when: ContextKeyExpr.and(
++		IsEnabledFileDownloads,
++		ContextKeyExpr.or(
++			// native: for any remote resource
++			ContextKeyExpr.and(IsWebContext.toNegated(), ResourceContextKey.Scheme.notEqualsTo(Schemas.file)),
++			// web: for any files
++			ContextKeyExpr.and(IsWebContext, ExplorerFolderContext.toNegated(), ExplorerRootContext.toNegated()),
++			// web: for any folders if file system API support is provided
++			ContextKeyExpr.and(IsWebContext, HasWebFileSystemAccess)
++		)
+ 	)
+ }));
+ 
+@@ -589,6 +592,7 @@ MenuRegistry.appendMenuItem(MenuId.Explo
+ 		title: UPLOAD_LABEL,
+ 	},
+ 	when: ContextKeyExpr.and(
++		IsEnabledFileUploads,
+ 		// only in web
+ 		IsWebContext,
+ 		// only on folders
+Index: code-server/lib/vscode/src/vs/workbench/common/contextkeys.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/common/contextkeys.ts
++++ code-server/lib/vscode/src/vs/workbench/common/contextkeys.ts
+@@ -39,6 +39,9 @@ export const EmbedderIdentifierContext =
+ 
+ export const InAutomationContext = new RawContextKey<boolean>('inAutomation', false, localize('inAutomation', "Whether VS Code is running under automation/smoke test"));
+ 
++export const IsEnabledFileDownloads = new RawContextKey<boolean>('isEnabledFileDownloads', true, true);
++export const IsEnabledFileUploads = new RawContextKey<boolean>('isEnabledFileUploads', true, true);
++
+ //#endregion
+ 
+ //#region < --- Window --- >
+Index: code-server/lib/vscode/src/vs/workbench/services/dialogs/browser/simpleFileDialog.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/services/dialogs/browser/simpleFileDialog.ts
++++ code-server/lib/vscode/src/vs/workbench/services/dialogs/browser/simpleFileDialog.ts
+@@ -18,7 +18,7 @@ import { IModelService } from '../../../
+ import { ILanguageService } from '../../../../editor/common/languages/language.js';
+ import { getIconClasses } from '../../../../editor/common/services/getIconClasses.js';
+ import { Schemas } from '../../../../base/common/network.js';
+-import { IWorkbenchEnvironmentService } from '../../environment/common/environmentService.js';
++import { IBrowserWorkbenchEnvironmentService } from '../../environment/browser/environmentService.js';
+ import { IRemoteAgentService } from '../../remote/common/remoteAgentService.js';
+ import { IContextKeyService, IContextKey, RawContextKey } from '../../../../platform/contextkey/common/contextkey.js';
+ import { equalsIgnoreCase, format, startsWithIgnoreCase } from '../../../../base/common/strings.js';
+@@ -144,7 +144,7 @@ export class SimpleFileDialog extends Di
+ 		@IFileDialogService private readonly fileDialogService: IFileDialogService,
+ 		@IModelService private readonly modelService: IModelService,
+ 		@ILanguageService private readonly languageService: ILanguageService,
+-		@IWorkbenchEnvironmentService protected readonly environmentService: IWorkbenchEnvironmentService,
++		@IBrowserWorkbenchEnvironmentService protected readonly environmentService: IBrowserWorkbenchEnvironmentService,
+ 		@IRemoteAgentService private readonly remoteAgentService: IRemoteAgentService,
+ 		@IPathService protected readonly pathService: IPathService,
+ 		@IKeybindingService private readonly keybindingService: IKeybindingService,
+@@ -311,20 +311,22 @@ export class SimpleFileDialog extends Di
+ 			this.filePickBox.placeholder = nls.localize('remoteFileDialog.placeholder', "Folder path");
+ 			this.filePickBox.ok = true;
+ 			this.filePickBox.okLabel = typeof this.options.openLabel === 'string' ? this.options.openLabel : this.options.openLabel?.withoutMnemonic;
+-			if ((this.scheme !== Schemas.file) && this.options && this.options.availableFileSystems && (this.options.availableFileSystems.length > 1) && (this.options.availableFileSystems.indexOf(Schemas.file) > -1)) {
+-				this.filePickBox.customButton = true;
+-				this.filePickBox.customLabel = nls.localize('remoteFileDialog.local', 'Show Local');
+-				let action;
+-				if (isSave) {
+-					action = SaveLocalFileCommand;
+-				} else {
+-					action = this.allowFileSelection ? (this.allowFolderSelection ? OpenLocalFileFolderCommand : OpenLocalFileCommand) : OpenLocalFolderCommand;
+-				}
+-				const keybinding = this.keybindingService.lookupKeybinding(action.ID);
+-				if (keybinding) {
+-					const label = keybinding.getLabel();
+-					if (label) {
+-						this.filePickBox.customHover = format('{0} ({1})', action.LABEL, label);
++			if ((isSave && this.environmentService.isEnabledFileDownloads) || (!isSave && this.environmentService.isEnabledFileUploads)) {
++				if ((this.scheme !== Schemas.file) && this.options && this.options.availableFileSystems && (this.options.availableFileSystems.length > 1) && (this.options.availableFileSystems.indexOf(Schemas.file) > -1)) {
++					this.filePickBox.customButton = true;
++					this.filePickBox.customLabel = nls.localize('remoteFileDialog.local', 'Show Local');
++					let action;
++					if (isSave) {
++						action = SaveLocalFileCommand;
++					} else {
++						action = this.allowFileSelection ? (this.allowFolderSelection ? OpenLocalFileFolderCommand : OpenLocalFileCommand) : OpenLocalFolderCommand;
++					}
++					const keybinding = this.keybindingService.lookupKeybinding(action.ID);
++					if (keybinding) {
++						const label = keybinding.getLabel();
++						if (label) {
++							this.filePickBox.customHover = format('{0} ({1})', action.LABEL, label);
++						}
+ 					}
+ 				}
+ 			}
+Index: code-server/lib/vscode/src/vs/workbench/contrib/files/browser/views/explorerViewer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/files/browser/views/explorerViewer.ts
++++ code-server/lib/vscode/src/vs/workbench/contrib/files/browser/views/explorerViewer.ts
+@@ -65,6 +65,7 @@ import { timeout } from '../../../../../
+ import { IFilesConfigurationService } from '../../../../services/filesConfiguration/common/filesConfigurationService.js';
+ import { mainWindow } from '../../../../../base/browser/window.js';
+ import { IExplorerFileContribution, explorerFileContribRegistry } from '../explorerFileContrib.js';
++import { IBrowserWorkbenchEnvironmentService } from '../../../../services/environment/browser/environmentService.js';
+ import { WorkbenchCompressibleAsyncDataTree } from '../../../../../platform/list/browser/listService.js';
+ import { ISearchService, QueryType, getExcludes, ISearchConfiguration, ISearchComplete, IFileQuery } from '../../../../services/search/common/search.js';
+ import { CancellationToken } from '../../../../../base/common/cancellation.js';
+@@ -1594,7 +1595,8 @@ export class FileDragAndDrop implements
+ 		@IConfigurationService private configurationService: IConfigurationService,
+ 		@IInstantiationService private instantiationService: IInstantiationService,
+ 		@IWorkspaceEditingService private workspaceEditingService: IWorkspaceEditingService,
+-		@IUriIdentityService private readonly uriIdentityService: IUriIdentityService
++		@IUriIdentityService private readonly uriIdentityService: IUriIdentityService,
++		@IBrowserWorkbenchEnvironmentService protected readonly environmentService: IBrowserWorkbenchEnvironmentService
+ 	) {
+ 		const updateDropEnablement = (e: IConfigurationChangeEvent | undefined) => {
+ 			if (!e || e.affectsConfiguration('explorer.enableDragAndDrop')) {
+@@ -1819,15 +1821,17 @@ export class FileDragAndDrop implements
+ 
+ 			// External file DND (Import/Upload file)
+ 			if (data instanceof NativeDragAndDropData) {
+-				// Use local file import when supported
+-				if (!isWeb || (isTemporaryWorkspace(this.contextService.getWorkspace()) && WebFileSystemAccess.supported(mainWindow))) {
+-					const fileImport = this.instantiationService.createInstance(ExternalFileImport);
+-					await fileImport.import(resolvedTarget, originalEvent, mainWindow);
+-				}
+-				// Otherwise fallback to browser based file upload
+-				else {
+-					const browserUpload = this.instantiationService.createInstance(BrowserFileUpload);
+-					await browserUpload.upload(target, originalEvent);
++				if (this.environmentService.isEnabledFileUploads) {
++					// Use local file import when supported
++					if (!isWeb || (isTemporaryWorkspace(this.contextService.getWorkspace()) && WebFileSystemAccess.supported(mainWindow))) {
++						const fileImport = this.instantiationService.createInstance(ExternalFileImport);
++						await fileImport.import(resolvedTarget, originalEvent, mainWindow);
++					}
++					// Otherwise fallback to browser based file upload
++					else {
++						const browserUpload = this.instantiationService.createInstance(BrowserFileUpload);
++						await browserUpload.upload(target, originalEvent);
++					}
+ 				}
+ 			}
+ 
+Index: code-server/lib/vscode/src/vs/platform/files/node/diskFileSystemProviderServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/files/node/diskFileSystemProviderServer.ts
++++ code-server/lib/vscode/src/vs/platform/files/node/diskFileSystemProviderServer.ts
+@@ -99,6 +99,7 @@ export abstract class AbstractDiskFileSy
+ 
+ 	private async readFile(uriTransformer: IURITransformer, _resource: UriComponents, opts?: IFileAtomicReadOptions): Promise<VSBuffer> {
+ 		const resource = this.transformIncoming(uriTransformer, _resource, true);
++		this.logService.trace(`File action: readFile ${resource.path}`);
+ 		const buffer = await this.provider.readFile(resource, opts);
+ 
+ 		return VSBuffer.wrap(buffer);
+@@ -117,6 +118,7 @@ export abstract class AbstractDiskFileSy
+ 			}
+ 		});
+ 
++		this.logService.trace(`File action: readFileStream ${resource.path}`);
+ 		const fileStream = this.provider.readFileStream(resource, opts, cts.token);
+ 		listenStream(fileStream, {
+ 			onData: chunk => emitter.fire(VSBuffer.wrap(chunk)),
+@@ -137,7 +139,7 @@ export abstract class AbstractDiskFileSy
+ 
+ 	private writeFile(uriTransformer: IURITransformer, _resource: UriComponents, content: VSBuffer, opts: IFileWriteOptions): Promise<void> {
+ 		const resource = this.transformIncoming(uriTransformer, _resource);
+-
++		this.logService.trace(`File action: writeFile ${resource.path}`);
+ 		return this.provider.writeFile(resource, content.buffer, opts);
+ 	}
+ 

patches/getting-started.diff

@@ -10,16 +10,25 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/bro
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/browser/gettingStarted.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/browser/gettingStarted.ts
-@@ -60,7 +60,7 @@ import { GettingStartedIndexList } from
- import { StandardKeyboardEvent } from 'vs/base/browser/keyboardEvent';
- import { KeyCode } from 'vs/base/common/keyCodes';
- import { getTelemetryLevel } from 'vs/platform/telemetry/common/telemetryUtils';
--import { WorkbenchStateContext } from 'vs/workbench/common/contextkeys';
-+import { IsEnabledCoderGettingStarted, WorkbenchStateContext } from 'vs/workbench/common/contextkeys';
- import { OpenFolderViaWorkspaceAction } from 'vs/workbench/browser/actions/workspaceActions';
- import { OpenRecentAction } from 'vs/workbench/browser/actions/windowActions';
- import { Toggle } from 'vs/base/browser/ui/toggle/toggle';
-@@ -759,6 +759,72 @@ export class GettingStartedPage extends
+@@ -3,7 +3,7 @@
+  *  Licensed under the MIT License. See License.txt in the project root for license information.
+  *--------------------------------------------------------------------------------------------*/
+ 
+-import { $, Dimension, addDisposableListener, append, clearNode, reset } from '../../../../base/browser/dom.js';
++import { $, Dimension, addDisposableListener, append, clearNode, reset, prepend } from '../../../../base/browser/dom.js';
+ import { renderFormattedText } from '../../../../base/browser/formattedTextRenderer.js';
+ import { StandardKeyboardEvent } from '../../../../base/browser/keyboardEvent.js';
+ import { Button } from '../../../../base/browser/ui/button/button.js';
+@@ -53,7 +53,7 @@ import { IRecentFolder, IRecentWorkspace
+ import { OpenRecentAction } from '../../../browser/actions/windowActions.js';
+ import { OpenFileFolderAction, OpenFolderAction, OpenFolderViaWorkspaceAction } from '../../../browser/actions/workspaceActions.js';
+ import { EditorPane } from '../../../browser/parts/editor/editorPane.js';
+-import { WorkbenchStateContext } from '../../../common/contextkeys.js';
++import { IsEnabledCoderGettingStarted, WorkbenchStateContext } from '../../../common/contextkeys.js';
+ import { IEditorOpenContext, IEditorSerializer } from '../../../common/editor.js';
+ import { IWebviewElement, IWebviewService } from '../../webview/browser/webview.js';
+ import './gettingStartedColors.js';
+@@ -916,6 +916,72 @@ export class GettingStartedPage extends
  			$('p.subtitle.description', {}, localize({ key: 'gettingStarted.editingEvolved', comment: ['Shown as subtitle on the Welcome page.'] }, "Editing evolved"))
  		);
  
@@ -87,38 +96,21 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/bro
 +					),
 +				),
 +			);
-+	   }
++		}
 +
- 
  		const leftColumn = $('.categories-column.categories-column-left', {},);
  		const rightColumn = $('.categories-column.categories-column-right', {},);
-@@ -776,13 +842,23 @@ export class GettingStartedPage extends
- 		const layoutLists = () => {
- 			if (gettingStartedList.itemCount) {
- 				this.container.classList.remove('noWalkthroughs');
--				reset(leftColumn, startList.getDomElement(), recentList.getDomElement());
--				reset(rightColumn, gettingStartedList.getDomElement());
-+				if (this.contextService.contextMatchesRules(IsEnabledCoderGettingStarted)) {
-+					reset(leftColumn, startList.getDomElement(), recentList.getDomElement(), gettingStartedList.getDomElement());
-+					reset(rightColumn, gettingStartedCoder);
-+				} else {
-+					reset(leftColumn, startList.getDomElement(), recentList.getDomElement());
-+					reset(rightColumn, gettingStartedList.getDomElement());
-+				}
-+
+ 
+@@ -951,6 +1017,9 @@ export class GettingStartedPage extends
  				recentList.setLimit(5);
+ 				reset(leftColumn, startList.getDomElement(), recentList.getDomElement());
  			}
- 			else {
- 				this.container.classList.add('noWalkthroughs');
--				reset(leftColumn, startList.getDomElement());
-+				if (this.contextService.contextMatchesRules(IsEnabledCoderGettingStarted)) {
-+					reset(leftColumn, startList.getDomElement(), gettingStartedCoder);
-+				} else {
-+					reset(leftColumn, startList.getDomElement());
-+				}
- 				reset(rightColumn, recentList.getDomElement());
- 				recentList.setLimit(10);
- 			}
++			if (this.contextService.contextMatchesRules(IsEnabledCoderGettingStarted)) {
++				prepend(rightColumn, gettingStartedCoder)
++			}
+ 		};
+ 
+ 		gettingStartedList.onDidChange(layoutLists);
 Index: code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/browser/media/gettingStarted.css
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/browser/media/gettingStarted.css
@@ -131,21 +123,21 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/bro
 +	margin-bottom: 0.2em;
 +}
 +
-+.monaco-workbench .part.editor>.content .gettingStartedContainer .coder-coder {
++.monaco-workbench .part.editor > .content .gettingStartedContainer .coder-coder {
 +	font-size: 1em;
 +	margin-top: 0.2em;
 +}
 +
- .monaco-workbench.hc-black .part.editor>.content .gettingStartedContainer .subtitle,
- .monaco-workbench.hc-light .part.editor>.content .gettingStartedContainer .subtitle {
+ .monaco-workbench.hc-black .part.editor > .content .gettingStartedContainer .subtitle,
+ .monaco-workbench.hc-light .part.editor > .content .gettingStartedContainer .subtitle {
  	font-weight: 200;
 Index: code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/web.api.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
-@@ -271,6 +271,11 @@ export interface IWorkbenchConstructionO
+@@ -313,6 +313,11 @@ export interface IWorkbenchConstructionO
  	 */
- 	readonly isEnabledFileDownloads?: boolean
+ 	readonly isEnabledFileUploads?: boolean
  
 +	/**
 +	 * Whether to use Coder's custom Getting Started text.
@@ -159,20 +151,20 @@ Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/envi
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
 +++ code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
-@@ -37,6 +37,11 @@ export interface IBrowserWorkbenchEnviro
- 	 * Enable downloading files via menu actions.
- 	 */
- 	readonly isEnabledFileDownloads?: boolean;
-+
-+	/**
+@@ -44,6 +44,11 @@ export interface IBrowserWorkbenchEnviro
+ 	readonly isEnabledFileUploads?: boolean;
+ 
+ 	/**
 +	 * Enable Coder's custom getting started text.
 +	 */
 +	readonly isEnabledCoderGettingStarted?: boolean;
- }
- 
- export class BrowserWorkbenchEnvironmentService implements IBrowserWorkbenchEnvironmentService {
-@@ -116,6 +121,13 @@ export class BrowserWorkbenchEnvironment
- 		return this.options.isEnabledFileDownloads;
++
++	/**
+ 	 * Gets whether a resolver extension is expected for the environment.
+ 	 */
+ 	readonly expectsResolverExtension: boolean;
+@@ -135,6 +140,13 @@ export class BrowserWorkbenchEnvironment
+ 		return this.options.isEnabledFileUploads;
  	}
  
 +	get isEnabledCoderGettingStarted(): boolean {
@@ -189,19 +181,19 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 +++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
-@@ -16,6 +16,7 @@ export const serverOptions: OptionDescri
+@@ -21,6 +21,7 @@ export const serverOptions: OptionDescri
  	'auth': { type: 'string' },
  	'disable-file-downloads': { type: 'boolean' },
- 	'locale': { type: 'string' },
+ 	'disable-file-uploads': { type: 'boolean' },
 +	'disable-getting-started-override': { type: 'boolean' },
  
  	/* ----- server setup ----- */
  
-@@ -98,6 +99,7 @@ export interface ServerParsedArgs {
- 	'auth'?: string
+@@ -111,6 +112,7 @@ export interface ServerParsedArgs {
+ 	'auth'?: string;
  	'disable-file-downloads'?: boolean;
- 	'locale'?: string
-+	'disable-getting-started-override'?: boolean;
+ 	'disable-file-uploads'?: boolean;
++	'disable-getting-started-override'?: boolean,
  
  	/* ----- server setup ----- */
  
@@ -209,10 +201,10 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -308,6 +308,7 @@ export class WebClientServer {
- 			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
+@@ -373,6 +373,7 @@ export class WebClientServer {
  			userDataPath: this._environmentService.userDataPath,
  			isEnabledFileDownloads: !this._environmentService.args['disable-file-downloads'],
+ 			isEnabledFileUploads: !this._environmentService.args['disable-file-uploads'],
 +			isEnabledCoderGettingStarted: !this._environmentService.args['disable-getting-started-override'],
  			_wrapWebWorkerExtHostInIframe,
  			developmentOptions: { enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined, logLevel: this._logService.getLevel() },
@@ -221,19 +213,19 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/contextkeys.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
-@@ -7,7 +7,7 @@ import { Event } from 'vs/base/common/ev
- import { Disposable } from 'vs/base/common/lifecycle';
- import { IContextKeyService, IContextKey } from 'vs/platform/contextkey/common/contextkey';
- import { InputFocusedContext, IsMacContext, IsLinuxContext, IsWindowsContext, IsWebContext, IsMacNativeContext, IsDevelopmentContext, IsIOSContext, ProductQualityContext, IsMobileContext } from 'vs/platform/contextkey/common/contextkeys';
--import { SplitEditorsVertically, InEditorZenModeContext, ActiveEditorCanRevertContext, ActiveEditorGroupLockedContext, ActiveEditorCanSplitInGroupContext, SideBySideEditorActiveContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, ActiveEditorContext, EditorsVisibleContext, TextCompareEditorVisibleContext, TextCompareEditorActiveContext, ActiveEditorGroupEmptyContext, MultipleEditorGroupsContext, EditorTabsVisibleContext, IsCenteredLayoutContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorReadonlyContext, EditorAreaVisibleContext, ActiveEditorAvailableEditorIdsContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, IsEnabledFileDownloads } from 'vs/workbench/common/contextkeys';
-+import { SplitEditorsVertically, InEditorZenModeContext, ActiveEditorCanRevertContext, ActiveEditorGroupLockedContext, ActiveEditorCanSplitInGroupContext, SideBySideEditorActiveContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, ActiveEditorContext, EditorsVisibleContext, TextCompareEditorVisibleContext, TextCompareEditorActiveContext, ActiveEditorGroupEmptyContext, MultipleEditorGroupsContext, EditorTabsVisibleContext, IsCenteredLayoutContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorReadonlyContext, EditorAreaVisibleContext, ActiveEditorAvailableEditorIdsContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, IsEnabledFileDownloads, IsEnabledCoderGettingStarted } from 'vs/workbench/common/contextkeys';
- import { TEXT_DIFF_EDITOR_ID, EditorInputCapabilities, SIDE_BY_SIDE_EDITOR_ID, DEFAULT_EDITOR_ASSOCIATION } from 'vs/workbench/common/editor';
- import { trackFocus, addDisposableListener, EventType } from 'vs/base/browser/dom';
- import { preferredSideBySideGroupDirection, GroupDirection, IEditorGroupsService } from 'vs/workbench/services/editor/common/editorGroupsService';
-@@ -204,6 +204,7 @@ export class WorkbenchContextKeysHandler
- 
+@@ -6,7 +6,7 @@
+ import { Disposable } from '../../base/common/lifecycle.js';
+ import { IContextKeyService, IContextKey, setConstant as setConstantContextKey } from '../../platform/contextkey/common/contextkey.js';
+ import { IsMacContext, IsLinuxContext, IsWindowsContext, IsWebContext, IsMacNativeContext, IsDevelopmentContext, IsIOSContext, ProductQualityContext, IsMobileContext } from '../../platform/contextkey/common/contextkeys.js';
+-import { SplitEditorsVertically, InEditorZenModeContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsMainEditorCenteredLayoutContext, MainEditorAreaVisibleContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, TitleBarVisibleContext, TitleBarStyleContext, IsAuxiliaryWindowFocusedContext, ActiveEditorGroupEmptyContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorGroupLockedContext, MultipleEditorGroupsContext, EditorsVisibleContext, AuxiliaryBarMaximizedContext, InAutomationContext, IsEnabledFileDownloads, IsEnabledFileUploads } from '../common/contextkeys.js';
++import { SplitEditorsVertically, InEditorZenModeContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsMainEditorCenteredLayoutContext, MainEditorAreaVisibleContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, TitleBarVisibleContext, TitleBarStyleContext, IsAuxiliaryWindowFocusedContext, ActiveEditorGroupEmptyContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorGroupLockedContext, MultipleEditorGroupsContext, EditorsVisibleContext, AuxiliaryBarMaximizedContext, InAutomationContext, IsEnabledFileDownloads, IsEnabledFileUploads, IsEnabledCoderGettingStarted, } from '../common/contextkeys.js';
+ import { preferredSideBySideGroupDirection, GroupDirection, IEditorGroupsService } from '../services/editor/common/editorGroupsService.js';
+ import { IConfigurationService } from '../../platform/configuration/common/configuration.js';
+ import { IBrowserWorkbenchEnvironmentService } from '../services/environment/browser/environmentService.js';
+@@ -202,6 +202,7 @@ export class WorkbenchContextKeysHandler
  		// code-server
  		IsEnabledFileDownloads.bindTo(this.contextKeyService).set(this.environmentService.isEnabledFileDownloads ?? true)
+ 		IsEnabledFileUploads.bindTo(this.contextKeyService).set(this.environmentService.isEnabledFileUploads ?? true)
 +		IsEnabledCoderGettingStarted.bindTo(this.contextKeyService).set(this.environmentService.isEnabledCoderGettingStarted ?? true)
  
  		this.registerListeners();
@@ -242,10 +234,10 @@ Index: code-server/lib/vscode/src/vs/workbench/common/contextkeys.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/common/contextkeys.ts
 +++ code-server/lib/vscode/src/vs/workbench/common/contextkeys.ts
-@@ -33,6 +33,7 @@ export const IsFullscreenContext = new R
- export const HasWebFileSystemAccess = new RawContextKey<boolean>('hasWebFileSystemAccess', false, true); // Support for FileSystemAccess web APIs (https://wicg.github.io/file-system-access)
+@@ -41,6 +41,7 @@ export const InAutomationContext = new R
  
  export const IsEnabledFileDownloads = new RawContextKey<boolean>('isEnabledFileDownloads', true, true);
+ export const IsEnabledFileUploads = new RawContextKey<boolean>('isEnabledFileUploads', true, true);
 +export const IsEnabledCoderGettingStarted = new RawContextKey<boolean>('isEnabledCoderGettingStarted', true, true);
  
  //#endregion

patches/github-auth.diff

@@ -1,106 +0,0 @@
-Add the ability to provide a GitHub token
-
-To test install the GitHub PR extension and start code-server with GITHUB_TOKEN
-or set github-auth in the config file.  The extension should be authenticated.
-
-Index: code-server/lib/vscode/src/vs/platform/credentials/node/credentialsMainService.ts
-===================================================================
---- code-server.orig/lib/vscode/src/vs/platform/credentials/node/credentialsMainService.ts
-+++ code-server/lib/vscode/src/vs/platform/credentials/node/credentialsMainService.ts
-@@ -5,9 +5,18 @@
- 
- import { InMemoryCredentialsProvider } from 'vs/platform/credentials/common/credentials';
- import { ILogService } from 'vs/platform/log/common/log';
--import { INativeEnvironmentService } from 'vs/platform/environment/common/environment';
-+import { IServerEnvironmentService } from 'vs/server/node/serverEnvironmentService';
- import { IProductService } from 'vs/platform/product/common/productService';
- import { BaseCredentialsMainService, KeytarModule } from 'vs/platform/credentials/common/credentialsMainService';
-+import { generateUuid } from 'vs/base/common/uuid';
-+import { equals as arrayEquals } from 'vs/base/common/arrays';
-+
-+interface IToken {
-+	accessToken: string
-+	account?: { label: string }
-+	id: string
-+	scopes: string[]
-+}
- 
- export class CredentialsWebMainService extends BaseCredentialsMainService {
- 	// Since we fallback to the in-memory credentials provider, we do not need to surface any Keytar load errors
-@@ -16,10 +25,15 @@ export class CredentialsWebMainService e
- 
- 	constructor(
- 		@ILogService logService: ILogService,
--		@INativeEnvironmentService private readonly environmentMainService: INativeEnvironmentService,
-+		@IServerEnvironmentService private readonly environmentMainService: IServerEnvironmentService,
- 		@IProductService private readonly productService: IProductService,
- 	) {
- 		super(logService);
-+		if (this.environmentMainService.args["github-auth"]) {
-+			this.storeGitHubToken(this.environmentMainService.args["github-auth"]).catch((error) => {
-+				this.logService.error('Failed to store provided GitHub token', error)
-+			})
-+		}
- 	}
- 
- 	// If the credentials service is running on the server, we add a suffix -server to differentiate from the location that the
-@@ -48,4 +62,59 @@ export class CredentialsWebMainService e
- 		}
- 		return this._keytarCache;
- 	}
-+
-+	private async storeGitHubToken(githubToken: string): Promise<void> {
-+		const extensionId = 'vscode.github-authentication';
-+		const service = `${await this.getSecretStoragePrefix()}${extensionId}`;
-+		const account = 'github.auth';
-+		const scopes = [['read:user', 'user:email', 'repo']]
-+
-+		// Oddly the scopes need to match exactly so we cannot just have one token
-+		// with all the scopes, instead we have to duplicate the token for each
-+		// expected set of scopes.
-+		const tokens: IToken[] = scopes.map((scopes) => ({
-+			id: generateUuid(),
-+			scopes: scopes.sort(), // Sort for comparing later.
-+			accessToken: githubToken,
-+		}));
-+
-+		const raw = await this.getPassword(service, account)
-+
-+		let existing: {
-+			content: IToken[]
-+		} | undefined;
-+
-+		if (raw) {
-+			try {
-+				const json = JSON.parse(raw);
-+				json.content = JSON.parse(json.content);
-+				existing = json;
-+			} catch (error) {
-+				this.logService.error('Failed to parse existing GitHub credentials', error)
-+			}
-+		}
-+
-+		// Keep tokens for account and scope combinations we do not have in case
-+		// there is an extension that uses scopes we have not accounted for (in
-+		// these cases the user will need to manually authenticate the extension
-+		// through the UI) or the user has tokens for other accounts.
-+		if (existing?.content) {
-+			existing.content = existing.content.filter((existingToken) => {
-+				const scopes = existingToken.scopes.sort();
-+				return !(tokens.find((token) => {
-+					return arrayEquals(scopes, token.scopes)
-+						&& token.account?.label === existingToken.account?.label;
-+				}))
-+			})
-+		}
-+
-+		return this.setPassword(service, account, JSON.stringify({
-+			extensionId,
-+			...(existing || {}),
-+			content: JSON.stringify([
-+				...tokens,
-+				...(existing?.content || []),
-+			])
-+		}));
-+	}
- }

patches/insecure-notification.diff

@@ -17,9 +17,9 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/client.ts
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/client.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/client.ts
 @@ -1,7 +1,10 @@
- import { Disposable } from 'vs/base/common/lifecycle';
-+import { localize } from 'vs/nls';
-+import { INotificationService, Severity } from 'vs/platform/notification/common/notification';
+ import { Disposable } from "../../base/common/lifecycle.js";
++import { localize } from '../../nls.js';
++import { INotificationService, Severity } from '../../platform/notification/common/notification.js';
  
  export class CodeServerClient extends Disposable {
  	constructor (

patches/integration.diff

@@ -3,26 +3,28 @@ Prepare Code for integration with code-server
 1. We already have the arguments so allow passing them in.  There is also a
    slight change in a few directories to preserve the directory structure we
    have been using and to not override passed-in arguments.
-2. Modify the terminal environment to filter out code-server environment variables.
-3. Add the code-server version to the help dialog.
-4. Add ready events for use in an iframe.
-5. Add our icons.
-6. Use our own manifest.
+2. Modify the entry point to allow importing the code, instead of just running
+   the server immediately.
+3. Modify the terminal environment to filter out code-server environment variables.
+4. Add the code-server version to the help dialog.
+5. Add ready events for use in an iframe.
+6. Add our icons and remove the existing ones.
+7. Use our own manifest.
 
 Index: code-server/lib/vscode/src/vs/server/node/server.main.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/server.main.ts
 +++ code-server/lib/vscode/src/vs/server/node/server.main.ts
 @@ -12,7 +12,7 @@ import { createServer as doCreateServer,
- import { parseArgs, ErrorReporter } from 'vs/platform/environment/node/argv';
- import { join, dirname } from 'vs/base/common/path';
+ import { parseArgs, ErrorReporter } from '../../platform/environment/node/argv.js';
+ import { join, dirname } from '../../base/common/path.js';
  import { performance } from 'perf_hooks';
--import { serverOptions } from 'vs/server/node/serverEnvironmentService';
-+import { serverOptions, ServerParsedArgs } from 'vs/server/node/serverEnvironmentService';
- import product from 'vs/platform/product/common/product';
- import * as perf from 'vs/base/common/performance';
+-import { serverOptions } from './serverEnvironmentService.js';
++import { serverOptions, ServerParsedArgs } from './serverEnvironmentService.js';
+ import product from '../../platform/product/common/product.js';
+ import * as perf from '../../base/common/performance.js';
  
-@@ -34,38 +34,43 @@ const errorReporter: ErrorReporter = {
+@@ -34,38 +34,47 @@ const errorReporter: ErrorReporter = {
  	}
  };
  
@@ -78,7 +80,7 @@ Index: code-server/lib/vscode/src/vs/server/node/server.main.ts
   */
 -export function spawnCli() {
 -	runCli(args, REMOTE_DATA_FOLDER, serverOptions);
-+export function spawnCli(args = parse()): Promise<void> {
++function spawnCli(args = parse()): Promise<void> {
 +	return runCli(args, createDirs(args), serverOptions);
  }
  
@@ -87,15 +89,19 @@ Index: code-server/lib/vscode/src/vs/server/node/server.main.ts
   */
 -export function createServer(address: string | net.AddressInfo | null): Promise<IServerAPI> {
 -	return doCreateServer(address, args, REMOTE_DATA_FOLDER);
-+export function createServer(address: string | net.AddressInfo | null, args = parse()): Promise<IServerAPI> {
++function createServer(address: string | net.AddressInfo | null, args = parse()): Promise<IServerAPI> {
 +	return doCreateServer(address, args, createDirs(args));
  }
++
++// The aliases prevent the names getting mangled during minification which would
++// make it difficult to import.
++export { spawnCli as spawnCli, createServer as createServer };
 Index: code-server/lib/vscode/src/vs/base/common/processes.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/processes.ts
 +++ code-server/lib/vscode/src/vs/base/common/processes.ts
 @@ -111,6 +111,8 @@ export function sanitizeProcessEnvironme
- 		/^VSCODE_(?!(PORTABLE|SHELL_LOGIN)).+$/,
+ 		/^VSCODE_(?!(PORTABLE|SHELL_LOGIN|ENV_REPLACE|ENV_APPEND|ENV_PREPEND)).+$/,
  		/^SNAP(|_.*)$/,
  		/^GDK_PIXBUF_.+$/,
 +		/^CODE_SERVER_.+$/,
@@ -103,30 +109,12 @@ Index: code-server/lib/vscode/src/vs/base/common/processes.ts
  	];
  	const envKeys = Object.keys(env);
  	envKeys
-Index: code-server/lib/vscode/src/vs/workbench/browser/parts/dialogs/dialogHandler.ts
-===================================================================
---- code-server.orig/lib/vscode/src/vs/workbench/browser/parts/dialogs/dialogHandler.ts
-+++ code-server/lib/vscode/src/vs/workbench/browser/parts/dialogs/dialogHandler.ts
-@@ -145,8 +145,11 @@ export class BrowserDialogHandler implem
- 
- 	async about(): Promise<void> {
- 		const detailString = (useAgo: boolean): string => {
--			return localize('aboutDetail',
--				"Version: {0}\nCommit: {1}\nDate: {2}\nBrowser: {3}",
-+			return localize('aboutCodeServerDetail',
-+				"code-server: {0}",
-+				this.productService.codeServerVersion ? `v${this.productService.codeServerVersion}` : 'Unknown'
-+			) + '\n' + localize('aboutDetail',
-+				"Code: {0}\nCommit: {1}\nDate: {2}\nBrowser: {3}",
- 				this.productService.version || 'Unknown',
- 				this.productService.commit || 'Unknown',
- 				this.productService.date ? `${this.productService.date}${useAgo ? ' (' + fromNow(new Date(this.productService.date), true) + ')' : ''}` : 'Unknown',
 Index: code-server/lib/vscode/src/vs/workbench/browser/client.ts
 ===================================================================
 --- /dev/null
 +++ code-server/lib/vscode/src/vs/workbench/browser/client.ts
 @@ -0,0 +1,46 @@
-+import { Disposable } from 'vs/base/common/lifecycle';
++import { Disposable } from "../../base/common/lifecycle.js";
 +
 +export class CodeServerClient extends Disposable {
 +	constructor (
@@ -176,15 +164,15 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/web.main.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/web.main.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/web.main.ts
-@@ -69,6 +69,7 @@ import { IndexedDB } from 'vs/base/brows
- import { BrowserCredentialsService } from 'vs/workbench/services/credentials/browser/credentialsService';
- import { IWorkspace } from 'vs/workbench/services/host/browser/browserHostService';
- import { WebFileSystemAccess } from 'vs/platform/files/browser/webFileSystemAccess';
-+import { CodeServerClient } from 'vs/workbench/browser/client';
- import { ITelemetryService } from 'vs/platform/telemetry/common/telemetry';
- import { IProgressService } from 'vs/platform/progress/common/progress';
- import { DelayedLogChannel } from 'vs/workbench/services/output/common/delayedLogChannel';
-@@ -119,6 +120,9 @@ export class BrowserMain extends Disposa
+@@ -64,6 +64,7 @@ import { IOpenerService } from '../../pl
+ import { mixin, safeStringify } from '../../base/common/objects.js';
+ import { IndexedDB } from '../../base/browser/indexedDB.js';
+ import { WebFileSystemAccess } from '../../platform/files/browser/webFileSystemAccess.js';
++import { CodeServerClient } from '../../workbench/browser/client.js';
+ import { IProgressService } from '../../platform/progress/common/progress.js';
+ import { DelayedLogChannel } from '../services/output/common/delayedLogChannel.js';
+ import { dirname, joinPath } from '../../base/common/resources.js';
+@@ -133,6 +134,9 @@ export class BrowserMain extends Disposa
  		// Startup
  		const instantiationService = workbench.startup();
  
@@ -198,7 +186,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -31,6 +31,8 @@ export type ExtensionVirtualWorkspaceSup
+@@ -65,6 +65,8 @@ export type ExtensionVirtualWorkspaceSup
  };
  
  export interface IProductConfiguration {
@@ -221,19 +209,18 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench-dev.html
  
  		<!-- Disable pinch zooming -->
  		<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">
-@@ -26,9 +27,9 @@
+@@ -26,8 +27,9 @@
  		<meta id="vscode-workbench-builtin-extensions" data-settings="{{WORKBENCH_BUILTIN_EXTENSIONS}}">
  
  		<!-- Workbench Icon/Manifest/CSS -->
 -		<link rel="icon" href="{{WORKBENCH_WEB_BASE_URL}}/resources/server/favicon.ico" type="image/x-icon" />
 -		<link rel="manifest" href="{{WORKBENCH_WEB_BASE_URL}}/resources/server/manifest.json" crossorigin="use-credentials" />
--
 +		<link rel="icon" href="/_static/src/browser/media/favicon-dark-support.svg" />
 +		<link rel="alternate icon" href="/_static/src/browser/media/favicon.ico" type="image/x-icon" />
 +		<link rel="manifest" href="/manifest.json" crossorigin="use-credentials" />
- 	</head>
+ 		<style id="vscode-css-modules" type="text/css" media="screen"></style>
  
- 	<body aria-label="">
+ 	</head>
 Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.html
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench.html
@@ -257,18 +244,81 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.html
 +		<link rel="icon" href="/_static/src/browser/media/favicon-dark-support.svg" />
 +		<link rel="alternate icon" href="/_static/src/browser/media/favicon.ico" type="image/x-icon" />
 +		<link rel="manifest" href="/manifest.json" crossorigin="use-credentials" />
- 		<link data-name="vs/workbench/workbench.web.main" rel="stylesheet" href="{{WORKBENCH_WEB_BASE_URL}}/out/vs/workbench/workbench.web.main.css">
+ 		<link rel="stylesheet" href="{{WORKBENCH_WEB_BASE_URL}}/out/vs/code/browser/workbench/workbench.css">
  
  	</head>
 Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -308,6 +308,7 @@ export class WebClientServer {
- 			folderUri: resolveWorkspaceURI(this._environmentService.args['default-folder']),
- 			workspaceUri: resolveWorkspaceURI(this._environmentService.args['default-workspace']),
- 			productConfiguration: <Partial<IProductConfiguration>>{
-+				codeServerVersion: this._productService.codeServerVersion,
- 				embedderIdentifier: 'server-distro',
- 				extensionsGallery: this._webExtensionResourceUrlTemplate ? {
- 					...this._productService.extensionsGallery,
+@@ -333,6 +333,7 @@ export class WebClientServer {
+ 		} : undefined;
+ 
+ 		const productConfiguration: Partial<Mutable<IProductConfiguration>> = {
++			codeServerVersion: this._productService.codeServerVersion,
+ 			embedderIdentifier: 'server-distro',
+ 			extensionsGallery: this._webExtensionResourceUrlTemplate && this._productService.extensionsGallery ? {
+ 				...this._productService.extensionsGallery,
+Index: code-server/lib/vscode/src/server-main.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/server-main.ts
++++ code-server/lib/vscode/src/server-main.ts
+@@ -22,6 +22,9 @@ import { IServerAPI } from './vs/server/
+ perf.mark('code/server/start');
+ (globalThis as { vscodeServerStartTime?: number }).vscodeServerStartTime = performance.now();
+ 
++// This is not indented to make the diff less noisy.  We need to move this out
++// of the top-level so it will not run immediately and we can control the start.
++async function start() {
+ // Do a quick parse to determine if a server or the cli needs to be started
+ const parsedArgs = minimist(process.argv.slice(2), {
+ 	boolean: ['start-server', 'list-extensions', 'print-ip-address', 'help', 'version', 'accept-server-license-terms', 'update-extensions'],
+@@ -150,6 +153,7 @@ if (shouldSpawnCli) {
+ 		}
+ 	});
+ }
++}
+ 
+ function sanitizeStringArg(val: unknown): string | undefined {
+ 	if (Array.isArray(val)) { // if an argument is passed multiple times, minimist creates an array
+@@ -283,3 +287,22 @@ function prompt(question: string): Promi
+ 		});
+ 	});
+ }
++
++async function loadCodeWithNls() {
++	const nlsConfiguration = await resolveNLSConfiguration({
++		userLocale: 'en',
++		osLocale: 'en',
++		commit: product.commit,
++		userDataPath: '',
++		nlsMetadataPath: import.meta.dirname,
++	});
++	return loadCode(nlsConfiguration);
++}
++
++// This alias prevents the name getting mangled during minification which would
++// make it difficult to import.
++export { loadCodeWithNls as loadCodeWithNls };
++
++if (!process.env.CODE_SERVER_PARENT_PID) {
++	start();
++}
+Index: code-server/lib/vscode/src/vs/platform/dialogs/browser/dialog.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/dialogs/browser/dialog.ts
++++ code-server/lib/vscode/src/vs/platform/dialogs/browser/dialog.ts
+@@ -45,8 +45,11 @@ export function createWorkbenchDialogOpt
+ 
+ export function createBrowserAboutDialogDetails(productService: IProductService): { title: string; details: string; detailsToCopy: string } {
+ 	const detailString = (useAgo: boolean): string => {
+-		return localize('aboutDetail',
+-			"Version: {0}\nCommit: {1}\nDate: {2}\nBrowser: {3}",
++		return localize('aboutCodeServerDetail',
++			"code-server: {0}",
++			productService.codeServerVersion ? `v${productService.codeServerVersion}` : 'Unknown'
++		) + '\n' + localize('aboutDetail',
++			"Code: {0}\nCommit: {1}\nDate: {2}\nBrowser: {3}",
+ 			productService.version || 'Unknown',
+ 			productService.commit || 'Unknown',
+ 			productService.date ? `${productService.date}${useAgo ? ' (' + fromNow(new Date(productService.date), true) + ')' : ''}` : 'Unknown',

patches/keepalive.diff

@@ -0,0 +1,15 @@
+This can be removed after upgrading to Node >= 19 as keepAlive is defaulted to
+true after 19.
+
+Index: code-server/lib/vscode/src/vs/platform/request/node/proxy.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/request/node/proxy.ts
++++ code-server/lib/vscode/src/vs/platform/request/node/proxy.ts
+@@ -42,6 +42,7 @@ export async function getProxyAgent(rawR
+ 		port: (proxyEndpoint.port ? +proxyEndpoint.port : 0) || (proxyEndpoint.protocol === 'https' ? 443 : 80),
+ 		auth: proxyEndpoint.auth,
+ 		rejectUnauthorized: isBoolean(options.strictSSL) ? options.strictSSL : true,
++		keepAlive: true,
+ 	};
+ 
+ 	if (requestURL.protocol === 'http:') {

patches/local-storage.diff

@@ -1,29 +1,27 @@
 Make storage local to the remote server
 
-This solves two problems:
-  1. Extensions running in the browser (like Vim) might use these paths
-     directly instead of using the file service and most likely can't write
-     to `/User` on disk.
-  2. Settings will be stored in the file system instead of in browser
-     storage. Using browser storage makes sharing or seeding settings
-     between browsers difficult. We may want to revisit this once/if we get
-     settings sync.
+This makes user settings will be stored in the file system instead of in browser
+storage. Using browser storage makes sharing or seeding settings between
+browsers difficult and remote settings is not a sufficient replacement because
+some settings are only allowed to be set on the user level.
 
 Unfortunately this does not affect state which uses a separate method with
 IndexedDB and does not appear nearly as easy to redirect to disk.
 
-To test install the Vim extension and make sure something that uses file storage
-works (history recall for example) and change settings from the UI and on disk
-while making sure they appear on the other side.
+To test change settings from the UI and on disk while making sure they appear on
+the other side.
+
+This patch also resolves a bug where a global value for workspace initialization
+is used in a non async-safe way.
 
 Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -303,6 +303,7 @@ export class WebClientServer {
- 		const workbenchWebConfiguration = {
+@@ -364,6 +364,7 @@ export class WebClientServer {
  			remoteAuthority,
- 			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
+ 			serverBasePath: basePath,
+ 			webviewEndpoint: staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
 +			userDataPath: this._environmentService.userDataPath,
  			_wrapWebWorkerExtHostInIframe,
  			developmentOptions: { enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined, logLevel: this._logService.getLevel() },
@@ -32,9 +30,9 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/web.api.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
-@@ -261,6 +261,11 @@ export interface IWorkbenchConstructionO
+@@ -298,6 +298,11 @@ export interface IWorkbenchConstructionO
  	 */
- 	readonly configurationDefaults?: Record<string, any>;
+ 	readonly configurationDefaults?: Record<string, unknown>;
  
 +	/**
 +	 * Path to the user data directory.
@@ -48,7 +46,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/envi
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
 +++ code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
-@@ -95,7 +95,14 @@ export class BrowserWorkbenchEnvironment
+@@ -102,7 +102,14 @@ export class BrowserWorkbenchEnvironment
  	get logFile(): URI { return joinPath(this.windowLogsPath, 'window.log'); }
  
  	@memoize
@@ -64,3 +62,33 @@ Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/envi
  
  	@memoize
  	get argvResource(): URI { return joinPath(this.userRoamingDataHome, 'argv.json'); }
+Index: code-server/lib/vscode/src/vs/workbench/services/configuration/browser/configurationService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/services/configuration/browser/configurationService.ts
++++ code-server/lib/vscode/src/vs/workbench/services/configuration/browser/configurationService.ts
+@@ -147,8 +147,10 @@ export class WorkspaceService extends Di
+ 		this.workspaceConfiguration = this._register(new WorkspaceConfiguration(configurationCache, fileService, uriIdentityService, logService));
+ 		this._register(this.workspaceConfiguration.onDidUpdateConfiguration(fromCache => {
+ 			this.onWorkspaceConfigurationChanged(fromCache).then(() => {
+-				this.workspace.initialized = this.workspaceConfiguration.initialized;
+-				this.checkAndMarkWorkspaceComplete(fromCache);
++				if (this.workspace) { // The workspace may not have been created yet.
++					this.workspace.initialized = this.workspaceConfiguration.initialized;
++					this.checkAndMarkWorkspaceComplete(fromCache);
++				}
+ 			});
+ 		}));
+ 
+@@ -556,6 +558,12 @@ export class WorkspaceService extends Di
+ 			previousFolders = this.workspace.folders;
+ 			this.workspace.update(workspace);
+ 		} else {
++			// It is possible for the configuration to become initialized in between
++			// when the workspace was created and this function was called, so check
++			// the configuration again now.
++			if (!workspace.initialized && this.workspaceConfiguration.initialized) {
++				workspace.initialized = true;
++			}
+ 			this.workspace = workspace;
+ 		}
+ 

patches/logout.diff

@@ -8,7 +8,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -34,6 +34,7 @@ export interface IProductConfiguration {
+@@ -68,6 +68,7 @@ export interface IProductConfiguration {
  	readonly codeServerVersion?: string
  	readonly rootEndpoint?: string
  	readonly updateEndpoint?: string
@@ -20,7 +20,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 +++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
-@@ -13,6 +13,7 @@ import { IEnvironmentService, INativeEnv
+@@ -18,6 +18,7 @@ import { ProtocolConstants } from '../..
  export const serverOptions: OptionDescriptions<Required<ServerParsedArgs>> = {
  	/* ----- code-server ----- */
  	'disable-update-check': { type: 'boolean' },
@@ -28,11 +28,11 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
  
  	/* ----- server setup ----- */
  
-@@ -92,6 +93,7 @@ export const serverOptions: OptionDescri
+@@ -105,6 +106,7 @@ export const serverOptions: OptionDescri
  export interface ServerParsedArgs {
  	/* ----- code-server ----- */
  	'disable-update-check'?: boolean;
-+	'auth'?: string
++	'auth'?: string;
  
  	/* ----- server setup ----- */
  
@@ -40,27 +40,27 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -313,6 +313,7 @@ export class WebClientServer {
- 				codeServerVersion: this._productService.codeServerVersion,
- 				rootEndpoint: base,
- 				updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
-+				logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? base + '/logout' : undefined,
- 				embedderIdentifier: 'server-distro',
- 				extensionsGallery: this._productService.extensionsGallery,
- 			},
+@@ -341,6 +341,7 @@ export class WebClientServer {
+ 			codeServerVersion: this._productService.codeServerVersion,
+ 			rootEndpoint: rootBase,
+ 			updateEndpoint: !this._environmentService.args['disable-update-check'] ? rootBase + '/update/check' : undefined,
++			logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? rootBase + '/logout' : undefined,
+ 			embedderIdentifier: 'server-distro',
+ 			extensionsGallery: this._productService.extensionsGallery,
+ 		};
 Index: code-server/lib/vscode/src/vs/workbench/browser/client.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/client.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/client.ts
 @@ -1,11 +1,15 @@
- import { Disposable } from 'vs/base/common/lifecycle';
- import { localize } from 'vs/nls';
-+import { MenuId, MenuRegistry } from 'vs/platform/actions/common/actions';
-+import { CommandsRegistry } from 'vs/platform/commands/common/commands';
- import { ILogService } from 'vs/platform/log/common/log';
- import { INotificationService, Severity } from 'vs/platform/notification/common/notification';
- import { IProductService } from 'vs/platform/product/common/productService';
- import { IStorageService, StorageScope, StorageTarget } from 'vs/platform/storage/common/storage';
+ import { Disposable } from "../../base/common/lifecycle.js";
+ import { localize } from '../../nls.js';
++import { MenuId, MenuRegistry } from '../../platform/actions/common/actions.js';
++import { CommandsRegistry } from '../../platform/commands/common/commands.js';
+ import { ILogService } from '../../platform/log/common/log.js';
+ import { INotificationService, Severity } from '../../platform/notification/common/notification.js';
+ import { IProductService } from '../../platform/product/common/productService.js';
+ import { IStorageService, StorageScope, StorageTarget } from '../../platform/storage/common/storage.js';
  
  export class CodeServerClient extends Disposable {
 +	static LOGOUT_COMMAND_ID = 'code-server.logout';

patches/marketplace.diff

@@ -12,14 +12,14 @@ in-between and has web extensions install directly from the marketplace.
 
 This can be tested by setting EXTENSIONS_GALLERY set to:
 
-    '{"serviceUrl": "https://extensions.coder.com/api"}'
+    '{"serviceUrl": "https://my-extensions/api"}'
 
 
 Index: code-server/lib/vscode/src/vs/platform/product/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/product/common/product.ts
 +++ code-server/lib/vscode/src/vs/platform/product/common/product.ts
-@@ -47,6 +47,16 @@ else if (globalThis._VSCODE_PRODUCT_JSON
+@@ -49,6 +49,17 @@ else if (globalThis._VSCODE_PRODUCT_JSON
  			version: pkg.version
  		});
  	}
@@ -28,6 +28,7 @@ Index: code-server/lib/vscode/src/vs/platform/product/common/product.ts
 +		extensionsGallery: env.EXTENSIONS_GALLERY ? JSON.parse(env.EXTENSIONS_GALLERY) : (product.extensionsGallery || {
 +			serviceUrl: "https://open-vsx.org/vscode/gallery",
 +			itemUrl: "https://open-vsx.org/vscode/item",
++			extensionUrlTemplate: "https://open-vsx.org/vscode/gallery/{publisher}/{name}/latest",
 +			resourceUrlTemplate: "https://open-vsx.org/vscode/asset/{publisher}/{name}/{version}/Microsoft.VisualStudio.Code.WebResources/{path}",
 +			controlUrl: "",
 +			recommendationsUrl: "",
@@ -40,49 +41,67 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -111,7 +111,7 @@ export class WebClientServer {
- 		const serverRootPath = getRemoteServerRootPath(_productService);
- 		this._staticRoute = `${serverRootPath}/static`;
- 		this._callbackRoute = `${serverRootPath}/callback`;
--		this._webExtensionRoute = `${serverRootPath}/web-extension-resource`;
-+		this._webExtensionRoute = `/web-extension-resource`;
- 	}
+@@ -326,7 +326,6 @@ export class WebClientServer {
  
- 	/**
-@@ -312,14 +312,7 @@ export class WebClientServer {
- 				codeServerVersion: this._productService.codeServerVersion,
- 				rootEndpoint: base,
- 				embedderIdentifier: 'server-distro',
--				extensionsGallery: this._webExtensionResourceUrlTemplate ? {
--					...this._productService.extensionsGallery,
--					'resourceUrlTemplate': this._webExtensionResourceUrlTemplate.with({
--						scheme: 'http',
--						authority: remoteAuthority,
--						path: `${this._webExtensionRoute}/${this._webExtensionResourceUrlTemplate.authority}${this._webExtensionResourceUrlTemplate.path}`
--					}).toString(true)
--				} : undefined
-+				extensionsGallery: this._productService.extensionsGallery,
- 			},
- 			callbackRoute: this._callbackRoute
+ 		const staticRoute = posix.join(basePath, this._productPath, STATIC_PATH);
+ 		const callbackRoute = posix.join(basePath, this._productPath, CALLBACK_PATH);
+-		const webExtensionRoute = posix.join(basePath, this._productPath, WEB_EXTENSION_PATH);
+ 
+ 		const resolveWorkspaceURI = (defaultLocation?: string) => defaultLocation && URI.file(resolve(defaultLocation)).with({ scheme: Schemas.vscodeRemote, authority: remoteAuthority });
+ 
+@@ -342,14 +341,7 @@ export class WebClientServer {
+ 			codeServerVersion: this._productService.codeServerVersion,
+ 			rootEndpoint: rootBase,
+ 			embedderIdentifier: 'server-distro',
+-			extensionsGallery: this._webExtensionResourceUrlTemplate && this._productService.extensionsGallery ? {
+-				...this._productService.extensionsGallery,
+-				resourceUrlTemplate: this._webExtensionResourceUrlTemplate.with({
+-					scheme: 'http',
+-					authority: remoteAuthority,
+-					path: `${webExtensionRoute}/${this._webExtensionResourceUrlTemplate.authority}${this._webExtensionResourceUrlTemplate.path}`
+-				}).toString(true)
+-			} : undefined
++			extensionsGallery: this._productService.extensionsGallery,
  		};
+ 
+ 		const proposedApi = this._environmentService.args['enable-proposed-api'];
 Index: code-server/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
 +++ code-server/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
-@@ -16,7 +16,6 @@ import { getServiceMachineId } from 'vs/
- import { IStorageService } from 'vs/platform/storage/common/storage';
- import { TelemetryLevel } from 'vs/platform/telemetry/common/telemetry';
- import { getTelemetryLevel, supportsTelemetry } from 'vs/platform/telemetry/common/telemetryUtils';
--import { getRemoteServerRootPath } from 'vs/platform/remote/common/remoteHosts';
+@@ -15,7 +15,6 @@ import { getServiceMachineId } from '../
+ import { IStorageService } from '../../storage/common/storage.js';
+ import { TelemetryLevel } from '../../telemetry/common/telemetry.js';
+ import { getTelemetryLevel, supportsTelemetry } from '../../telemetry/common/telemetryUtils.js';
+-import { RemoteAuthorities } from '../../../base/common/network.js';
+ import { TargetPlatform } from '../../extensions/common/extensions.js';
+ import { ExtensionGalleryResourceType, getExtensionGalleryManifestResourceUri, IExtensionGalleryManifest, IExtensionGalleryManifestService } from '../../extensionManagement/common/extensionGalleryManifest.js';
+ import { ILogService } from '../../log/common/log.js';
+@@ -163,9 +162,9 @@ export abstract class AbstractExtensionR
+ 	}
  
- export const WEB_EXTENSION_RESOURCE_END_POINT = 'web-extension-resource';
+ 	protected _isWebExtensionResourceEndPoint(uri: URI): boolean {
+-		const uriPath = uri.path, serverRootPath = RemoteAuthorities.getServerRootPath();
+-		// test if the path starts with the server root path followed by the web extension resource end point segment
+-		return uriPath.startsWith(serverRootPath) && uriPath.startsWith(WEB_EXTENSION_RESOURCE_END_POINT_SEGMENT, serverRootPath.length);
++		const uriPath = uri.path;
++		// test if the path starts with the web extension resource end point segment
++		return uriPath.startsWith(WEB_EXTENSION_RESOURCE_END_POINT_SEGMENT);
+ 	}
  
-@@ -60,7 +59,7 @@ export abstract class AbstractExtensionR
- 		private readonly _environmentService: IEnvironmentService,
- 		private readonly _configurationService: IConfigurationService,
- 	) {
--		this._webExtensionResourceEndPoint = `${getRemoteServerRootPath(_productService)}/${WEB_EXTENSION_RESOURCE_END_POINT}/`;
-+		this._webExtensionResourceEndPoint = `/${WEB_EXTENSION_RESOURCE_END_POINT}/`;
- 		if (_productService.extensionsGallery) {
- 			this._extensionGalleryResourceUrlTemplate = _productService.extensionsGallery.resourceUrlTemplate;
- 			this._extensionGalleryAuthority = this._extensionGalleryResourceUrlTemplate ? this._getExtensionGalleryAuthority(URI.parse(this._extensionGalleryResourceUrlTemplate)) : undefined;
+ }
+Index: code-server/lib/vscode/src/vs/platform/externalServices/common/marketplace.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/externalServices/common/marketplace.ts
++++ code-server/lib/vscode/src/vs/platform/externalServices/common/marketplace.ts
+@@ -26,6 +26,10 @@ export async function resolveMarketplace
+ 		'User-Agent': `VSCode ${version} (${productService.nameShort})`
+ 	};
+ 
++	if (productService.extensionsGallery?.authorizationHeaderToken) {
++		headers['Authorization'] = `Bearer ${productService.extensionsGallery.authorizationHeaderToken}`;
++	}
++
+ 	if (supportsTelemetry(productService, environmentService) && getTelemetryLevel(configurationService) === TelemetryLevel.USAGE) {
+ 		const serviceMachineId = await getServiceMachineId(environmentService, fileService, storageService);
+ 		headers['X-Market-User-Id'] = serviceMachineId;

patches/proposed-api.diff

@@ -6,24 +6,11 @@ https://github.com/microsoft/vscode-extension-samples/tree/ddae6c0c9ff203b4ed6f6
 We also override isProposedApiEnabled in case an extension does not declare the
 APIs it needs correctly (the Jupyter extension had this issue).
 
-Index: code-server/lib/vscode/src/vs/workbench/services/extensions/common/abstractExtensionService.ts
-===================================================================
---- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/common/abstractExtensionService.ts
-+++ code-server/lib/vscode/src/vs/workbench/services/extensions/common/abstractExtensionService.ts
-@@ -1486,7 +1486,7 @@ class ProposedApiController {
- 
- 		this._envEnabledExtensions = new Set((_environmentService.extensionEnabledProposedApi ?? []).map(id => ExtensionIdentifier.toKey(id)));
- 
--		this._envEnablesProposedApiForAll =
-+		this._envEnablesProposedApiForAll = true ||
- 			!_environmentService.isBuilt || // always allow proposed API when running out of sources
- 			(_environmentService.isExtensionDevelopment && productService.quality !== 'stable') || // do not allow proposed API against stable builds when developing an extension
- 			(this._envEnabledExtensions.size === 0 && Array.isArray(_environmentService.extensionEnabledProposedApi)); // always allow proposed API if --enable-proposed-api is provided without extension ID
 Index: code-server/lib/vscode/src/vs/workbench/services/extensions/common/extensions.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/common/extensions.ts
 +++ code-server/lib/vscode/src/vs/workbench/services/extensions/common/extensions.ts
-@@ -364,10 +364,7 @@ function extensionDescriptionArrayToMap(
+@@ -321,10 +321,7 @@ function extensionDescriptionArrayToMap(
  }
  
  export function isProposedApiEnabled(extension: IExtensionDescription, proposal: ApiProposalName): boolean {
@@ -35,3 +22,16 @@ Index: code-server/lib/vscode/src/vs/workbench/services/extensions/common/extens
  }
  
  export function checkProposedApiEnabled(extension: IExtensionDescription, proposal: ApiProposalName): void {
+Index: code-server/lib/vscode/src/vs/workbench/services/extensions/common/extensionsProposedApi.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/common/extensionsProposedApi.ts
++++ code-server/lib/vscode/src/vs/workbench/services/extensions/common/extensionsProposedApi.ts
+@@ -31,7 +31,7 @@ export class ExtensionsProposedApi {
+ 
+ 		this._envEnabledExtensions = new Set((_environmentService.extensionEnabledProposedApi ?? []).map(id => ExtensionIdentifier.toKey(id)));
+ 
+-		this._envEnablesProposedApiForAll =
++		this._envEnablesProposedApiForAll = true ||
+ 			!_environmentService.isBuilt || // always allow proposed API when running out of sources
+ 			(_environmentService.isExtensionDevelopment && productService.quality !== 'stable') || // do not allow proposed API against stable builds when developing an extension
+ 			(this._envEnabledExtensions.size === 0 && Array.isArray(_environmentService.extensionEnabledProposedApi)); // always allow proposed API if --enable-proposed-api is provided without extension ID

patches/proxy-uri.diff

@@ -30,7 +30,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -35,6 +35,7 @@ export interface IProductConfiguration {
+@@ -69,6 +69,7 @@ export interface IProductConfiguration {
  	readonly rootEndpoint?: string
  	readonly updateEndpoint?: string
  	readonly logoutEndpoint?: string
@@ -42,57 +42,48 @@ Index: code-server/lib/vscode/src/vs/platform/remote/browser/remoteAuthorityReso
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/remote/browser/remoteAuthorityResolverService.ts
 +++ code-server/lib/vscode/src/vs/platform/remote/browser/remoteAuthorityResolverService.ts
-@@ -11,7 +11,7 @@ import { StopWatch } from 'vs/base/commo
- import { URI } from 'vs/base/common/uri';
- import { ILogService } from 'vs/platform/log/common/log';
- import { IProductService } from 'vs/platform/product/common/productService';
--import { IRemoteAuthorityResolverService, IRemoteConnectionData, ResolvedAuthority, ResolverResult, getRemoteAuthorityPrefix } from 'vs/platform/remote/common/remoteAuthorityResolver';
-+import { IRemoteAuthorityResolverService, IRemoteConnectionData, ResolvedAuthority, ResolvedOptions, ResolverResult, getRemoteAuthorityPrefix } from 'vs/platform/remote/common/remoteAuthorityResolver';
- import { getRemoteServerRootPath, parseAuthorityWithOptionalPort } from 'vs/platform/remote/common/remoteHosts';
- 
- export class RemoteAuthorityResolverService extends Disposable implements IRemoteAuthorityResolverService {
-@@ -29,7 +29,7 @@ export class RemoteAuthorityResolverServ
- 	constructor(
+@@ -35,7 +35,7 @@ export class RemoteAuthorityResolverServ
  		connectionToken: Promise<string> | string | undefined,
  		resourceUriProvider: ((uri: URI) => URI) | undefined,
+ 		serverBasePath: string | undefined,
 -		@IProductService productService: IProductService,
 +		@IProductService private readonly productService: IProductService,
  		@ILogService private readonly _logService: ILogService,
  	) {
  		super();
-@@ -75,9 +75,14 @@ export class RemoteAuthorityResolverServ
+@@ -86,9 +86,14 @@ export class RemoteAuthorityResolverServ
  		const connectionToken = await Promise.resolve(this._connectionTokens.get(authority) || this._connectionToken);
  		performance.mark(`code/didResolveConnectionToken/${authorityPrefix}`);
  		this._logService.info(`Resolved connection token (${authorityPrefix}) after ${sw.elapsed()} ms`);
 +		let options: ResolvedOptions | undefined;
 +		if (this.productService.proxyEndpointTemplate) {
-+			const proxyUrl = new URL(this.productService.proxyEndpointTemplate, window.location.href);
++			const proxyUrl = new URL(this.productService.proxyEndpointTemplate, mainWindow.location.href);
 +			options = { extensionHostEnv: { VSCODE_PROXY_URI: decodeURIComponent(proxyUrl.toString()) }}
 +		}
- 		const defaultPort = (/^https:/.test(window.location.href) ? 443 : 80);
+ 		const defaultPort = (/^https:/.test(mainWindow.location.href) ? 443 : 80);
  		const { host, port } = parseAuthorityWithOptionalPort(authority, defaultPort);
--		const result: ResolverResult = { authority: { authority, host: host, port: port, connectionToken } };
-+		const result: ResolverResult = { authority: { authority, host: host, port: port, connectionToken }, options };
- 		RemoteAuthorities.set(authority, result.authority.host, result.authority.port);
+-		const result: ResolverResult = { authority: { authority, connectTo: new WebSocketRemoteConnection(host, port), connectionToken } };
++		const result: ResolverResult = { authority: { authority, connectTo: new WebSocketRemoteConnection(host, port), connectionToken }, options };
+ 		RemoteAuthorities.set(authority, host, port);
  		this._cache.set(authority, result);
  		this._onDidChangeConnectionData.fire();
 Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -314,6 +314,7 @@ export class WebClientServer {
- 				rootEndpoint: base,
- 				updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
- 				logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? base + '/logout' : undefined,
-+				proxyEndpointTemplate: process.env.VSCODE_PROXY_URI ?? base + '/proxy/{{port}}/',
- 				embedderIdentifier: 'server-distro',
- 				extensionsGallery: this._productService.extensionsGallery,
- 			},
+@@ -342,6 +342,7 @@ export class WebClientServer {
+ 			rootEndpoint: rootBase,
+ 			updateEndpoint: !this._environmentService.args['disable-update-check'] ? rootBase + '/update/check' : undefined,
+ 			logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? rootBase + '/logout' : undefined,
++			proxyEndpointTemplate: process.env.VSCODE_PROXY_URI ?? rootBase + '/proxy/{{port}}/',
+ 			embedderIdentifier: 'server-distro',
+ 			extensionsGallery: this._productService.extensionsGallery,
+ 		};
 Index: code-server/lib/vscode/src/vs/workbench/contrib/terminal/common/terminalEnvironment.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/terminal/common/terminalEnvironment.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/terminal/common/terminalEnvironment.ts
-@@ -383,7 +383,7 @@ export async function createTerminalEnvi
+@@ -292,7 +292,7 @@ export async function createTerminalEnvi
  
  		// Sanitize the environment, removing any undesirable VS Code and Electron environment
  		// variables
@@ -105,33 +96,32 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench.ts
 +++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
-@@ -21,6 +21,7 @@ import type { ICredentialsProvider } fro
- import type { IURLCallbackProvider } from 'vs/workbench/services/url/browser/urlService';
- import type { IWorkbenchConstructionOptions } from 'vs/workbench/browser/web.api';
- import type { IWorkspace, IWorkspaceProvider } from 'vs/workbench/services/host/browser/browserHostService';
-+import { extractLocalHostUriMetaDataForPortMapping, TunnelOptions, TunnelCreationOptions } from 'vs/platform/tunnel/common/tunnel';
+@@ -20,6 +20,7 @@ import { ISecretStorageProvider } from '
+ import { isFolderToOpen, isWorkspaceToOpen } from '../../../platform/window/common/window.js';
+ import type { IWorkbenchConstructionOptions, IWorkspace, IWorkspaceProvider } from '../../../workbench/browser/web.api.js';
+ import { AuthenticationSessionInfo } from '../../../workbench/services/authentication/browser/authenticationService.js';
++import { extractLocalHostUriMetaDataForPortMapping, TunnelOptions, TunnelCreationOptions } from '../../../platform/tunnel/common/tunnel.js';
+ import type { IURLCallbackProvider } from '../../../workbench/services/url/browser/urlService.js';
+ import { create } from '../../../workbench/workbench.web.main.internal.js';
  
- interface ICredential {
- 	service: string;
-@@ -511,6 +512,38 @@ function doCreateUri(path: string, query
- 		} : undefined,
+@@ -606,6 +607,39 @@ class WorkspaceProvider implements IWork
+ 		settingsSyncOptions: config.settingsSyncOptions ? { enabled: config.settingsSyncOptions.enabled, } : undefined,
  		workspaceProvider: WorkspaceProvider.create(config),
  		urlCallbackProvider: new LocalStorageURLCallbackProvider(config.callbackRoute),
--		credentialsProvider: config.remoteAuthority ? undefined : new LocalStorageCredentialsProvider() // with a remote, we don't use a local credentials provider
-+		credentialsProvider: config.remoteAuthority ? undefined : new LocalStorageCredentialsProvider(), // with a remote, we don't use a local credentials provider
 +		resolveExternalUri: (uri: URI): Promise<URI> => {
 +			let resolvedUri = uri
 +			const localhostMatch = extractLocalHostUriMetaDataForPortMapping(resolvedUri)
-+
 +			if (localhostMatch && resolvedUri.authority !== location.host) {
 +				if (config.productConfiguration && config.productConfiguration.proxyEndpointTemplate) {
-+					resolvedUri = URI.parse(new URL(config.productConfiguration.proxyEndpointTemplate.replace('{{port}}', localhostMatch.port.toString()), window.location.href).toString())
++					const renderedTemplate = config.productConfiguration.proxyEndpointTemplate
++						.replace('{{port}}', localhostMatch.port.toString())
++						.replace('{{host}}', window.location.host)
++					resolvedUri = URI.parse(new URL(renderedTemplate, window.location.href).toString())
 +				} else {
 +					throw new Error(`Failed to resolve external URI: ${uri.toString()}. Could not determine base url because productConfiguration missing.`)
 +				}
 +			}
-+
-+			// If not localhost, return unmodified
++			// If not localhost, return unmodified.
 +			return Promise.resolve(resolvedUri)
 +		},
 +		tunnelProvider: {
@@ -150,19 +140,22 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
 +					}
 +				})
 +			}
-+		}
- 	});
- })();
++		},
+ 		secretStorageProvider: config.remoteAuthority && !secretStorageKeyPath
+ 			? undefined /* with a remote without embedder-preferred storage, store on the remote */
+ 			: new LocalStorageSecretStorageProvider(secretStorageCrypto),
 Index: code-server/lib/vscode/src/vs/workbench/contrib/remote/browser/remoteExplorer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/remote/browser/remoteExplorer.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/remote/browser/remoteExplorer.ts
-@@ -73,7 +73,7 @@ export class ForwardedPortsView extends
- 			this.contextKeyListener = undefined;
- 		}
+@@ -83,8 +83,8 @@ export class ForwardedPortsView extends
+ 	private async enableForwardedPortsFeatures() {
+ 		this.contextKeyListener.clear();
  
+-		const featuresEnabled: boolean = !!forwardedPortsFeaturesEnabled.getValue(this.contextKeyService);
 -		const viewEnabled: boolean = !!forwardedPortsViewEnabled.getValue(this.contextKeyService);
++		const featuresEnabled: boolean = true;
 +		const viewEnabled: boolean = true;
  
- 		if (this.environmentService.remoteAuthority && viewEnabled) {
- 			const viewContainer = await this.getViewContainer();
+ 		if (featuresEnabled || viewEnabled) {
+ 			// Also enable the view if it isn't already.

patches/series

@@ -9,13 +9,16 @@ update-check.diff
 logout.diff
 store-socket.diff
 proxy-uri.diff
-github-auth.diff
 unique-db.diff
 local-storage.diff
 service-worker.diff
 sourcemaps.diff
-disable-downloads.diff
+external-file-actions.diff
 telemetry.diff
-display-language.diff
 cli-window-open.diff
 getting-started.diff
+keepalive.diff
+clipboard.diff
+display-language.diff
+trusted-domains.diff
+signature-verification.diff

patches/service-worker.diff

@@ -6,7 +6,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -36,6 +36,10 @@ export interface IProductConfiguration {
+@@ -70,6 +70,10 @@ export interface IProductConfiguration {
  	readonly updateEndpoint?: string
  	readonly logoutEndpoint?: string
  	readonly proxyEndpointTemplate?: string
@@ -54,14 +54,14 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -316,6 +316,10 @@ export class WebClientServer {
- 				updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
- 				logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? base + '/logout' : undefined,
- 				proxyEndpointTemplate: process.env.VSCODE_PROXY_URI ?? base + '/proxy/{{port}}/',
-+				serviceWorker: {
-+					scope: vscodeBase + '/',
-+					path: base + '/_static/out/browser/serviceWorker.js',
-+				},
- 				embedderIdentifier: 'server-distro',
- 				extensionsGallery: this._productService.extensionsGallery,
- 			},
+@@ -343,6 +343,10 @@ export class WebClientServer {
+ 			updateEndpoint: !this._environmentService.args['disable-update-check'] ? rootBase + '/update/check' : undefined,
+ 			logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? rootBase + '/logout' : undefined,
+ 			proxyEndpointTemplate: process.env.VSCODE_PROXY_URI ?? rootBase + '/proxy/{{port}}/',
++			serviceWorker: {
++				scope: vscodeBase + '/',
++				path: rootBase + '/_static/out/browser/serviceWorker.js',
++			},
+ 			embedderIdentifier: 'server-distro',
+ 			extensionsGallery: this._productService.extensionsGallery,
+ 		};

patches/signature-verification.diff

@@ -0,0 +1,34 @@
+Disable signature verification.
+
+Extension signature verification is now mandatory for all platforms and needs to be disabled.
+
+Index: code-server/lib/vscode/src/vs/platform/extensionManagement/node/extensionManagementService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/extensionManagement/node/extensionManagementService.ts
++++ code-server/lib/vscode/src/vs/platform/extensionManagement/node/extensionManagementService.ts
+@@ -34,6 +34,7 @@ import {
+ 	ExtensionSignatureVerificationCode,
+ 	computeSize,
+ 	IAllowedExtensionsService,
++	// @ts-expect-error no-unused-variable
+ 	VerifyExtensionSignatureConfigKey,
+ 	shouldRequireRepositorySignatureFor,
+ } from '../common/extensionManagement.js';
+@@ -87,6 +88,7 @@ export class ExtensionManagementService
+ 		@IDownloadService private downloadService: IDownloadService,
+ 		@IInstantiationService private readonly instantiationService: IInstantiationService,
+ 		@IFileService private readonly fileService: IFileService,
++		// @ts-expect-error no-unused-variable
+ 		@IConfigurationService private readonly configurationService: IConfigurationService,
+ 		@IExtensionGalleryManifestService protected readonly extensionGalleryManifestService: IExtensionGalleryManifestService,
+ 		@IProductService productService: IProductService,
+@@ -339,8 +341,7 @@ export class ExtensionManagementService
+ 
+ 	private async downloadExtension(extension: IGalleryExtension, operation: InstallOperation, verifySignature: boolean, clientTargetPlatform?: TargetPlatform): Promise<{ readonly location: URI; readonly verificationStatus: ExtensionSignatureVerificationCode | undefined }> {
+ 		if (verifySignature) {
+-			const value = this.configurationService.getValue(VerifyExtensionSignatureConfigKey);
+-			verifySignature = isBoolean(value) ? value : true;
++			verifySignature = false;
+ 		}
+ 		const { location, verificationStatus } = await this.extensionsDownloader.download(extension, operation, verifySignature, clientTargetPlatform);
+ 		const shouldRequireSignature = shouldRequireRepositorySignatureFor(extension.private, await this.extensionGalleryManifestService.getExtensionGalleryManifest());

patches/sourcemaps.diff

@@ -6,37 +6,37 @@ not host our source maps there and want them to be self-hosted even if we could.
 
 To test try debugging/browsing the source of a build in a browser.
 
-Index: code-server/lib/vscode/build/gulpfile.reh.js
+Index: code-server/lib/vscode/build/gulpfile.reh.ts
 ===================================================================
---- code-server.orig/lib/vscode/build/gulpfile.reh.js
-+++ code-server/lib/vscode/build/gulpfile.reh.js
-@@ -192,8 +192,7 @@ function packageTask(type, platform, arc
- 
+--- code-server.orig/lib/vscode/build/gulpfile.reh.ts
++++ code-server/lib/vscode/build/gulpfile.reh.ts
+@@ -257,8 +257,7 @@ function packageTask(type: string, platf
+ 	return () => {
  		const src = gulp.src(sourceFolderName + '/**', { base: '.' })
- 			.pipe(rename(function (path) { path.dirname = path.dirname.replace(new RegExp('^' + sourceFolderName), 'out'); }))
+ 			.pipe(rename(function (path) { path.dirname = path.dirname!.replace(new RegExp('^' + sourceFolderName), 'out'); }))
 -			.pipe(util.setExecutableBit(['**/*.sh']))
--			.pipe(filter(['**', '!**/*.js.map']));
+-			.pipe(filter(['**', '!**/*.{js,css}.map']));
 +			.pipe(util.setExecutableBit(['**/*.sh']));
  
  		const workspaceExtensionPoints = ['debuggers', 'jsonValidation'];
- 		const isUIExtension = (manifest) => {
-@@ -232,9 +231,9 @@ function packageTask(type, platform, arc
+ 		const isUIExtension = (manifest: { extensionKind?: string; main?: string; contributes?: Record<string, unknown> }) => {
+@@ -298,9 +297,9 @@ function packageTask(type: string, platf
  			.map(name => `.build/extensions/${name}/**`);
  
  		const extensions = gulp.src(extensionPaths, { base: '.build', dot: true });
 -		const extensionsCommonDependencies = gulp.src('.build/extensions/node_modules/**', { base: '.build', dot: true });
 -		const sources = es.merge(src, extensions, extensionsCommonDependencies)
 +		const extensionsCommonDependencies = gulp.src('.build/extensions/node_modules/**', { base: '.build', dot: true })
- 			.pipe(filter(['**', '!**/*.js.map'], { dot: true }));
+ 			.pipe(filter(['**', '!**/*.{js,css}.map'], { dot: true }));
 +		const sources = es.merge(src, extensions, extensionsCommonDependencies);
  
  		let version = packageJson.version;
- 		const quality = product.quality;
-@@ -389,7 +388,7 @@ function tweakProductForServerWeb(produc
+ 		const quality = (product as typeof product & { quality?: string }).quality;
+@@ -453,7 +452,7 @@ function tweakProductForServerWeb(produc
  	const minifyTask = task.define(`minify-vscode-${type}`, task.series(
- 		optimizeTask,
+ 		bundleTask,
  		util.rimraf(`out-vscode-${type}-min`),
--		optimize.minifyTask(`out-vscode-${type}`, `https://ticino.blob.core.windows.net/sourcemaps/${commit}/core`)
+-		optimize.minifyTask(`out-vscode-${type}`, `https://main.vscode-cdn.net/sourcemaps/${commit}/core`)
 +		optimize.minifyTask(`out-vscode-${type}`, ``)
  	));
  	gulp.task(minifyTask);

patches/store-socket.diff

@@ -1,4 +1,4 @@
-Store a static reference to the IPC socket
+Store the IPC socket with workspace metadata.
 
 This lets us use it to open files inside code-server from outside of
 code-server.
@@ -9,29 +9,120 @@ To test this:
 
 It should open in your existing code-server instance.
 
+When the extension host is terminated, the socket is unregistered.
+
 Index: code-server/lib/vscode/src/vs/workbench/api/node/extHostExtensionService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/api/node/extHostExtensionService.ts
 +++ code-server/lib/vscode/src/vs/workbench/api/node/extHostExtensionService.ts
-@@ -2,7 +2,9 @@
-  *  Copyright (c) Microsoft Corporation. All rights reserved.
+@@ -3,6 +3,7 @@
   *  Licensed under the MIT License. See License.txt in the project root for license information.
   *--------------------------------------------------------------------------------------------*/
--
-+import { promises as fs } from 'fs';
-+import * as os from 'os'
-+import * as path from 'vs/base/common/path';
- import * as performance from 'vs/base/common/performance';
- import { createApiFactoryAndRegisterActors } from 'vs/workbench/api/common/extHost.api.impl';
- import { RequireInterceptor } from 'vs/workbench/api/common/extHostRequireInterceptor';
-@@ -72,6 +74,10 @@ export class ExtHostExtensionService ext
- 		if (this._initData.remote.isRemote && this._initData.remote.authority) {
- 			const cliServer = this._instaService.createInstance(CLIServer);
- 			process.env['VSCODE_IPC_HOOK_CLI'] = cliServer.ipcHandlePath;
-+
-+			fs.writeFile(path.join(os.tmpdir(), 'vscode-ipc'), cliServer.ipcHandlePath).catch((error) => {
-+				this._logService.error(error);
-+			});
- 		}
  
- 		// Module loading tricks
++import * as _http from 'http';
+ import * as performance from '../../../base/common/performance.js';
+ import type * as vscode from 'vscode';
+ import { createApiFactoryAndRegisterActors } from '../common/extHost.api.impl.js';
+@@ -18,6 +19,7 @@ import { ExtensionRuntime } from '../com
+ import { CLIServer } from './extHostCLIServer.js';
+ import { realpathSync } from '../../../base/node/pfs.js';
+ import { ExtHostConsoleForwarder } from './extHostConsoleForwarder.js';
++import { IExtHostWorkspace } from '../common/extHostWorkspace.js';
+ import { ExtHostDiskFileSystemProvider } from './extHostDiskFileSystemProvider.js';
+ import nodeModule from 'node:module';
+ import { assertType } from '../../../base/common/types.js';
+@@ -226,6 +228,52 @@ export class ExtHostExtensionService ext
+ 
+ 		performance.mark('code/extHost/didInitAPI');
+ 
++		(async () => {
++			const socketPath = process.env['VSCODE_IPC_HOOK_CLI'];
++			const codeServerSocketPath = process.env['CODE_SERVER_SESSION_SOCKET']
++			if (!socketPath || !codeServerSocketPath) {
++				return;
++			}
++			const workspace = this._instaService.invokeFunction((accessor) => {
++				const workspaceService = accessor.get(IExtHostWorkspace);
++				return workspaceService.workspace;
++			});
++			const entry = {
++				workspace,
++				socketPath
++			};
++			const message = JSON.stringify({entry});
++			await new Promise<void>((resolve, reject) => {
++				const opts: _http.RequestOptions = {
++					path: '/add-session',
++					socketPath: codeServerSocketPath,
++					method: 'POST',
++					headers: {
++						'content-type': 'application/json',
++					}
++				};
++				const req = _http.request(opts, (res) => {
++					res.on('error', reject);
++					res.on('end', () => {
++						try {
++							if (res.statusCode === 200) {
++								resolve();
++							} else {
++								reject(new Error('Unexpected status code: ' + res.statusCode));
++							}
++						} catch (e: unknown) {
++							reject(e);
++						}
++					});
++				});
++				req.on('error', reject);
++				req.write(message);
++				req.end();
++			});
++		})().catch(error => {
++			this._logService.error(error);
++		});
++
+ 		// Do this when extension service exists, but extensions are not being activated yet.
+ 		const configProvider = await this._extHostConfiguration.getConfigProvider();
+ 		await connectProxyResolver(this._extHostWorkspace, configProvider, this, this._logService, this._mainThreadTelemetryProxy, this._initData, this._store);
+Index: code-server/lib/vscode/src/vs/workbench/api/node/extensionHostProcess.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/api/node/extensionHostProcess.ts
++++ code-server/lib/vscode/src/vs/workbench/api/node/extensionHostProcess.ts
+@@ -3,6 +3,7 @@
+  *  Licensed under the MIT License. See License.txt in the project root for license information.
+  *--------------------------------------------------------------------------------------------*/
+ 
++import * as _http from 'http';
+ import minimist from 'minimist';
+ import * as nativeWatchdog from 'native-watchdog';
+ import * as net from 'net';
+@@ -469,7 +470,28 @@ async function startExtensionHostProcess
+ 	);
+ 
+ 	// rewrite onTerminate-function to be a proper shutdown
+-	onTerminate = (reason: string) => extensionHostMain.terminate(reason);
++	onTerminate = (reason: string) => {
++		extensionHostMain.terminate(reason);
++
++		const socketPath = process.env['VSCODE_IPC_HOOK_CLI'];
++		const codeServerSocketPath = process.env['CODE_SERVER_SESSION_SOCKET']
++		if (!socketPath || !codeServerSocketPath) {
++			return;
++		}
++		const message = JSON.stringify({socketPath});
++		const opts: _http.RequestOptions = {
++			path: '/delete-session',
++			socketPath: codeServerSocketPath,
++			method: 'POST',
++			headers: {
++				'content-type': 'application/json',
++				'accept': 'application/json'
++			}
++		};
++		const req = _http.request(opts);
++		req.write(message);
++		req.end();
++	};
+ }
+ 
+ startExtensionHostProcess().catch((err) => console.log(err));

patches/telemetry.diff

@@ -12,72 +12,112 @@ Index: code-server/lib/vscode/src/vs/server/node/serverServices.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/serverServices.ts
 +++ code-server/lib/vscode/src/vs/server/node/serverServices.ts
-@@ -70,6 +70,7 @@ import { IExtensionsScannerService } fro
- import { ExtensionsScannerService } from 'vs/server/node/extensionsScannerService';
- import { IExtensionsProfileScannerService } from 'vs/platform/extensionManagement/common/extensionsProfileScannerService';
- import { IUserDataProfilesService } from 'vs/platform/userDataProfile/common/userDataProfile';
-+import { TelemetryClient } from "vs/server/node/telemetryClient";
- import { NullPolicyService } from 'vs/platform/policy/common/policy';
- import { OneDataSystemAppender } from 'vs/platform/telemetry/node/1dsAppender';
- import { LoggerService } from 'vs/platform/log/node/loggerService';
-@@ -142,10 +143,13 @@ export async function setupServerService
- 	const machineId = await getMachineId();
+@@ -4,6 +4,7 @@
+  *--------------------------------------------------------------------------------------------*/
+ 
+ import { hostname, release } from 'os';
++import { promises as fs } from 'fs';
+ import { Emitter, Event } from '../../base/common/event.js';
+ import { DisposableStore, toDisposable } from '../../base/common/lifecycle.js';
+ import { Schemas } from '../../base/common/network.js';
+@@ -65,6 +66,7 @@ import { IExtensionsScannerService } fro
+ import { ExtensionsScannerService } from './extensionsScannerService.js';
+ import { IExtensionsProfileScannerService } from '../../platform/extensionManagement/common/extensionsProfileScannerService.js';
+ import { IUserDataProfilesService } from '../../platform/userDataProfile/common/userDataProfile.js';
++import { TelemetryClient } from './telemetryClient.js';
+ import { NullPolicyService } from '../../platform/policy/common/policy.js';
+ import { OneDataSystemAppender } from '../../platform/telemetry/node/1dsAppender.js';
+ import { LoggerService } from '../../platform/log/node/loggerService.js';
+@@ -166,11 +168,23 @@ export async function setupServerService
+ 	const requestService = new RequestService('remote', configurationService, environmentService, logService);
+ 	services.set(IRequestService, requestService);
+ 
++	let isContainer = undefined;
++	try {
++		await fs.stat('/run/.containerenv');
++		isContainer = true;
++	} catch (error) { /* Does not exist, probably. */ }
++	if (!isContainer) {
++		try {
++			const content = await fs.readFile('/proc/self/cgroup', 'utf8')
++			isContainer = content.includes('docker');
++		} catch (error) { /* Permission denied, probably. */ }
++	}
++
+ 	let oneDsAppender: ITelemetryAppender = NullAppender;
  	const isInternal = isInternalTelemetry(productService, configurationService);
  	if (supportsTelemetry(productService, environmentService)) {
--		if (productService.aiConfig && productService.aiConfig.ariaKey) {
-+		const telemetryEndpoint = process.env.CS_TELEMETRY_URL || "https://v1.telemetry.coder.com/track";
-+		if (telemetryEndpoint) {
-+			oneDsAppender = new OneDataSystemAppender(false, eventPrefix, null, () => new TelemetryClient(telemetryEndpoint));
-+		} else if (productService.aiConfig && productService.aiConfig.ariaKey) {
- 			oneDsAppender = new OneDataSystemAppender(isInternal, eventPrefix, null, productService.aiConfig.ariaKey);
--			disposables.add(toDisposable(() => oneDsAppender?.flush())); // Ensure the AI appender is disposed so that it flushes remaining data
+-		if (!isLoggingOnly(productService, environmentService) && productService.aiConfig?.ariaKey) {
+-			oneDsAppender = new OneDataSystemAppender(requestService, isInternal, eventPrefix, null, productService.aiConfig.ariaKey);
++		if (!isLoggingOnly(productService, environmentService) && productService.telemetryEndpoint) {
++			oneDsAppender = new OneDataSystemAppender(requestService, isInternal, eventPrefix, null, () => new TelemetryClient(productService.telemetryEndpoint!, machineId, isContainer));
+ 			disposables.add(toDisposable(() => oneDsAppender?.flush())); // Ensure the AI appender is disposed so that it flushes remaining data
  		}
-+		disposables.add(toDisposable(() => oneDsAppender?.flush())); // Ensure the AI appender is disposed so that it flushes remaining data
  
- 		const config: ITelemetryServiceConfig = {
- 			appenders: [oneDsAppender],
 Index: code-server/lib/vscode/src/vs/server/node/telemetryClient.ts
 ===================================================================
 --- /dev/null
 +++ code-server/lib/vscode/src/vs/server/node/telemetryClient.ts
-@@ -0,0 +1,49 @@
+@@ -0,0 +1,71 @@
 +import { AppInsightsCore, IExtendedTelemetryItem, ITelemetryItem } from '@microsoft/1ds-core-js';
 +import * as https from 'https';
 +import * as http from 'http';
 +import * as os from 'os';
 +
++interface SystemInfo {
++	measurements: Record<string, number | undefined>;
++	properties: Record<string, string | boolean | null | undefined>;
++}
++
 +export class TelemetryClient extends AppInsightsCore {
-+	public constructor(private readonly endpoint: string) {
++	private readonly systemInfo: SystemInfo = {
++		measurements: {},
++		properties: {},
++	};
++
++	public constructor(
++		private readonly endpoint: string,
++		machineId: string,
++		isContainer: boolean | undefined) {
 +		super();
++
++		// os.cpus() can take a very long time sometimes (personally I see 1-2
++		// seconds in a Coder workspace).  This adds up significantly, especially
++		// when many telemetry requests are sent during startup, which can cause
++		// connection timeouts.  Try to cache as much as we can.
++		try {
++			const cpus = os.cpus();
++			this.systemInfo.measurements.cores = cpus.length;
++			this.systemInfo.properties['common.cpuModel'] = cpus[0].model;
++		} catch (error) {}
++
++		try {
++			this.systemInfo.properties['common.shell'] = os.userInfo().shell;
++			this.systemInfo.properties['common.release'] = os.release();
++			this.systemInfo.properties['common.arch'] = os.arch();
++		} catch (error) {}
++
++		this.systemInfo.properties['common.remoteMachineId'] = machineId;
++		this.systemInfo.properties['common.isContainer'] = isContainer;
 +	}
 +
 +	public override track(item: IExtendedTelemetryItem | ITelemetryItem): void {
 +		const options = item.baseData || {}
-+		if (!options.properties) {
-+			options.properties = {};
++		options.measurements = {
++			...(options.measurements || {}),
++			...this.systemInfo.measurements,
 +		}
-+		if (!options.measurements) {
-+			options.measurements = {};
++		options.properties = {
++			...(options.properties || {}),
++			...this.systemInfo.properties,
 +		}
 +
 +		try {
-+			const cpus = os.cpus();
-+			options.measurements.cores = cpus.length;
-+			options.properties['common.cpuModel'] = cpus[0].model;
-+		} catch (error) {}
-+
-+		try {
 +			options.measurements.memoryFree = os.freemem();
 +			options.measurements.memoryTotal = os.totalmem();
 +		} catch (error) {}
 +
 +		try {
-+			options.properties['common.shell'] = os.userInfo().shell;
-+			options.properties['common.release'] = os.release();
-+			options.properties['common.arch'] = os.arch();
-+		} catch (error) {}
-+
-+		try {
 +			const request = (/^http:/.test(this.endpoint) ? http : https).request(this.endpoint, {
 +				method: 'POST',
 +				headers: {
@@ -94,11 +134,38 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -321,6 +321,7 @@ export class WebClientServer {
- 					scope: vscodeBase + '/',
- 					path: base + '/_static/out/browser/serviceWorker.js',
- 				},
-+				enableTelemetry: this._productService.enableTelemetry,
- 				embedderIdentifier: 'server-distro',
- 				extensionsGallery: this._productService.extensionsGallery,
+@@ -347,6 +347,8 @@ export class WebClientServer {
+ 				scope: vscodeBase + '/',
+ 				path: rootBase + '/_static/out/browser/serviceWorker.js',
  			},
++			enableTelemetry: this._productService.enableTelemetry,
++			telemetryEndpoint: this._productService.telemetryEndpoint,
+ 			embedderIdentifier: 'server-distro',
+ 			extensionsGallery: this._productService.extensionsGallery,
+ 		};
+Index: code-server/lib/vscode/src/vs/base/common/product.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/base/common/product.ts
++++ code-server/lib/vscode/src/vs/base/common/product.ts
+@@ -74,6 +74,7 @@ export interface IProductConfiguration {
+ 		readonly path: string;
+ 		readonly scope: string;
+ 	}
++	readonly telemetryEndpoint?: string
+ 
+ 	readonly version: string;
+ 	readonly date?: string;
+Index: code-server/lib/vscode/src/vs/platform/product/common/product.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/product/common/product.ts
++++ code-server/lib/vscode/src/vs/platform/product/common/product.ts
+@@ -58,7 +58,8 @@ else if (globalThis._VSCODE_PRODUCT_JSON
+ 			resourceUrlTemplate: "https://open-vsx.org/vscode/asset/{publisher}/{name}/{version}/Microsoft.VisualStudio.Code.WebResources/{path}",
+ 			controlUrl: "",
+ 			recommendationsUrl: "",
+-		})
++		}),
++		telemetryEndpoint: env.CS_TELEMETRY_URL || product.telemetryEndpoint || "https://v1.telemetry.coder.com/track",
+ 	});
+ }
+ 

patches/trusted-domains.diff

@@ -0,0 +1,49 @@
+Allow configuring trusted domains via product.json or flag.
+
+Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
++++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+@@ -23,6 +23,7 @@ export const serverOptions: OptionDescri
+ 	'disable-file-uploads': { type: 'boolean' },
+ 	'disable-getting-started-override': { type: 'boolean' },
+ 	'locale': { type: 'string' },
++	'link-protection-trusted-domains': { type: 'string[]' },
+ 
+ 	/* ----- server setup ----- */
+ 
+@@ -115,6 +116,7 @@ export interface ServerParsedArgs {
+ 	'disable-file-uploads'?: boolean;
+ 	'disable-getting-started-override'?: boolean,
+ 	'locale'?: string
++	'link-protection-trusted-domains'?: string[],
+ 
+ 	/* ----- server setup ----- */
+ 
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -338,6 +338,14 @@ export class WebClientServer {
+ 			scopes: [['user:email'], ['repo']]
+ 		} : undefined;
+ 
++		const linkProtectionTrustedDomains: string[] = [];
++		if (this._environmentService.args['link-protection-trusted-domains']) {
++			linkProtectionTrustedDomains.push(...this._environmentService.args['link-protection-trusted-domains']);
++		}
++		if (this._productService.linkProtectionTrustedDomains) {
++			linkProtectionTrustedDomains.push(...this._productService.linkProtectionTrustedDomains);
++		}
++
+ 		const productConfiguration: Partial<Mutable<IProductConfiguration>> = {
+ 			codeServerVersion: this._productService.codeServerVersion,
+ 			rootEndpoint: rootBase,
+@@ -352,6 +360,7 @@ export class WebClientServer {
+ 			telemetryEndpoint: this._productService.telemetryEndpoint,
+ 			embedderIdentifier: 'server-distro',
+ 			extensionsGallery: this._productService.extensionsGallery,
++			linkProtectionTrustedDomains,
+ 		};
+ 
+ 		const proposedApi = this._environmentService.args['enable-proposed-api'];

patches/unique-db.diff

@@ -13,15 +13,15 @@ Index: code-server/lib/vscode/src/vs/workbench/services/storage/browser/storageS
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/storage/browser/storageService.ts
 +++ code-server/lib/vscode/src/vs/workbench/services/storage/browser/storageService.ts
-@@ -17,6 +17,7 @@ import { AbstractStorageService, isProfi
- import { isUserDataProfile, IUserDataProfile } from 'vs/platform/userDataProfile/common/userDataProfile';
- import { IAnyWorkspaceIdentifier } from 'vs/platform/workspace/common/workspace';
- import { IUserDataProfileService } from 'vs/workbench/services/userDataProfile/common/userDataProfile';
-+import { hash } from 'vs/base/common/hash';
+@@ -18,6 +18,7 @@ import { AbstractStorageService, isProfi
+ import { isUserDataProfile, IUserDataProfile } from '../../../../platform/userDataProfile/common/userDataProfile.js';
+ import { IAnyWorkspaceIdentifier } from '../../../../platform/workspace/common/workspace.js';
+ import { IUserDataProfileService } from '../../userDataProfile/common/userDataProfile.js';
++import { hash } from '../../../../base/common/hash.js';
  
  export class BrowserStorageService extends AbstractStorageService {
  
-@@ -297,7 +298,11 @@ export class IndexedDBStorageDatabase ex
+@@ -300,7 +301,11 @@ export class IndexedDBStorageDatabase ex
  	}
  
  	static async createWorkspaceStorage(workspaceId: string, logService: ILogService): Promise<IIndexedDBStorageDatabase> {

patches/update-check.diff

@@ -13,12 +13,12 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/client.ts
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/client.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/client.ts
 @@ -1,10 +1,16 @@
- import { Disposable } from 'vs/base/common/lifecycle';
- import { localize } from 'vs/nls';
-+import { ILogService } from 'vs/platform/log/common/log';
- import { INotificationService, Severity } from 'vs/platform/notification/common/notification';
-+import { IProductService } from 'vs/platform/product/common/productService';
-+import { IStorageService, StorageScope, StorageTarget } from 'vs/platform/storage/common/storage';
+ import { Disposable } from "../../base/common/lifecycle.js";
+ import { localize } from '../../nls.js';
++import { ILogService } from '../../platform/log/common/log.js';
+ import { INotificationService, Severity } from '../../platform/notification/common/notification.js';
++import { IProductService } from '../../platform/product/common/productService.js';
++import { IStorageService, StorageScope, StorageTarget } from '../../platform/storage/common/storage.js';
  
  export class CodeServerClient extends Disposable {
  	constructor (
@@ -93,7 +93,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -33,6 +33,7 @@ export type ExtensionVirtualWorkspaceSup
+@@ -67,6 +67,7 @@ export type ExtensionVirtualWorkspaceSup
  export interface IProductConfiguration {
  	readonly codeServerVersion?: string
  	readonly rootEndpoint?: string
@@ -101,24 +101,32 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
  
  	readonly version: string;
  	readonly date?: string;
+@@ -112,6 +113,7 @@ export interface IProductConfiguration {
+ 		readonly resourceUrlTemplate: string;
+ 		readonly nlsBaseUrl: string;
+ 		readonly accessSKUs?: string[];
++		readonly authorizationHeaderToken?: string;
+ 	};
+ 
+ 	readonly mcpGallery?: {
 Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -312,6 +312,7 @@ export class WebClientServer {
- 			productConfiguration: <Partial<IProductConfiguration>>{
- 				codeServerVersion: this._productService.codeServerVersion,
- 				rootEndpoint: base,
-+				updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
- 				embedderIdentifier: 'server-distro',
- 				extensionsGallery: this._productService.extensionsGallery,
- 			},
+@@ -340,6 +340,7 @@ export class WebClientServer {
+ 		const productConfiguration: Partial<Mutable<IProductConfiguration>> = {
+ 			codeServerVersion: this._productService.codeServerVersion,
+ 			rootEndpoint: rootBase,
++			updateEndpoint: !this._environmentService.args['disable-update-check'] ? rootBase + '/update/check' : undefined,
+ 			embedderIdentifier: 'server-distro',
+ 			extensionsGallery: this._productService.extensionsGallery,
+ 		};
 Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 +++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
-@@ -11,6 +11,8 @@ import { refineServiceDecorator } from '
- import { IEnvironmentService, INativeEnvironmentService } from 'vs/platform/environment/common/environment';
+@@ -16,6 +16,8 @@ import { join } from '../../base/common/
+ import { ProtocolConstants } from '../../base/parts/ipc/common/ipc.net.js';
  
  export const serverOptions: OptionDescriptions<Required<ServerParsedArgs>> = {
 +	/* ----- code-server ----- */
@@ -126,7 +134,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
  
  	/* ----- server setup ----- */
  
-@@ -88,6 +90,8 @@ export const serverOptions: OptionDescri
+@@ -101,6 +103,8 @@ export const serverOptions: OptionDescri
  };
  
  export interface ServerParsedArgs {

patches/webview.diff

@@ -41,7 +41,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/envi
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
 +++ code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
-@@ -224,7 +224,7 @@ export class BrowserWorkbenchEnvironment
+@@ -220,7 +220,7 @@ export class BrowserWorkbenchEnvironment
  
  	@memoize
  	get webviewExternalEndpoint(): string {
@@ -54,23 +54,14 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -302,6 +302,7 @@ export class WebClientServer {
- 
+@@ -360,6 +360,7 @@ export class WebClientServer {
  		const workbenchWebConfiguration = {
  			remoteAuthority,
-+			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
+ 			serverBasePath: basePath,
++			webviewEndpoint: staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
  			_wrapWebWorkerExtHostInIframe,
  			developmentOptions: { enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined, logLevel: this._logService.getLevel() },
  			settingsSyncOptions: !this._environmentService.isBuilt && this._environmentService.args['enable-sync'] ? { enabled: true } : undefined,
-@@ -344,7 +345,7 @@ export class WebClientServer {
- 			`script-src 'self' 'unsafe-eval' ${this._getScriptCspHashes(data).join(' ')} 'sha256-fh3TwPMflhsEIpR8g1OYTIMVWhXTLcjQ9kh2tIpmv54=';`, // the sha is the same as in src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
- 			'child-src \'self\';',
- 			`frame-src 'self' https://*.vscode-cdn.net data:;`,
--			'worker-src \'self\' data:;',
-+			'worker-src \'self\' data: blob:;',
- 			'style-src \'self\' \'unsafe-inline\';',
- 			'connect-src \'self\' ws: wss: https:;',
- 			'font-src \'self\' blob:;',
 Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
@@ -79,29 +70,21 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
  	<meta charset="UTF-8">
  
  	<meta http-equiv="Content-Security-Policy"
--		content="default-src 'none'; script-src 'sha256-RaCvj6SRgHm+2C3LKzSAamDwa3Bp4u4iQ1Y2Sm+97tE=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
-+		content="default-src 'none'; script-src 'sha256-mi72idjvdhsPSBMKFqU82FG/kZVJjKR0TfHLE13gB+w=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
+-		content="default-src 'none'; script-src 'sha256-TaWGDzV7c9rUH2q/5ygOyYUHSyHIqBMYfucPh3lnKvU=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
++		content="default-src 'none'; script-src 'sha256-nQZh+9dHKZP2cHbhYlCbWDtqxxJtGjRGBx57zNP2DZM=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
  
  	<!-- Disable pinch zooming -->
  	<meta name="viewport"
-@@ -325,6 +325,12 @@
+@@ -256,7 +256,7 @@
+ 			}
  
- 				const hostname = location.hostname;
- 
-+				// It is safe to run if we are on the same host.
-+				const parent = new URL(parentOrigin)
-+				if (parent.hostname === hostname) {
-+					return start(parentOrigin)
-+				}
-+
- 				if (!crypto.subtle) {
- 					// cannot validate, not running in a secure context
- 					throw new Error(`'crypto.subtle' is not available so webviews will not work. This is likely because the editor is not running in a secure context (https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts).`);
-Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
-===================================================================
---- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
-+++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
-@@ -324,6 +324,12 @@
+ 			const swPath = encodeURI(`service-worker.js?v=${expectedWorkerVersion}&vscode-resource-base-authority=${searchParams.get('vscode-resource-base-authority')}&remoteAuthority=${searchParams.get('remoteAuthority') ?? ''}`);
+-			navigator.serviceWorker.register(swPath, { type: 'module' })
++			navigator.serviceWorker.register(swPath)
+ 				.then(async registration => {
+ 					/**
+ 					 * @param {MessageEvent} event
+@@ -370,6 +370,12 @@
  
  				const hostname = location.hostname;
  
@@ -122,12 +105,12 @@ Index: code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWor
  		<meta http-equiv="Content-Security-Policy" content="
  			default-src 'none';
  			child-src 'self' data: blob:;
--			script-src 'self' 'unsafe-eval' 'sha256-/r7rqQ+yrxt57sxLuQ6AMYcy/lUpvAIzHjIJt/OeLWU=' https:;
-+			script-src 'self' 'unsafe-eval' 'sha256-TkIM/TmudlFEe0ZRp0ptvN54LClwk30Rql4ZPE0hm/I=' https:;
+-			script-src 'self' 'unsafe-eval' 'sha256-cl8ijlOzEe+0GRCQNJQu2k6nUQ0fAYNYIuuKEm72JDs=' https: http://localhost:* blob:;
++			script-src 'self' 'unsafe-eval' 'sha256-yhZXuB8LS6t73dvNg6rtLX8y4PHLnqRm5+6DdOGkOcw=' https: http://localhost:* blob:;
  			connect-src 'self' https: wss: http://localhost:* http://127.0.0.1:* ws://localhost:* ws://127.0.0.1:*;"/>
  	</head>
  	<body>
-@@ -23,6 +23,13 @@
+@@ -25,6 +25,13 @@
  			// validation not requested
  			return start();
  		}

src/browser/favicon.afdesign

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:625d2049c38ae27df0613fa533020e889fa98affd603050f46d3748be7b90d0b
-size 38675

src/browser/media/favicon-dark-support.svg

@@ -1,7 +1,4 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg width="100%" height="100%" viewBox="0 0 2250 2250" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;"><style>
-@media (prefers-color-scheme: dark) {
-  * {
-    fill: white;
-  }
-}
-</style><rect id="favicon" x="0" y="0" width="2250" height="2250" style="fill:none;"/><g id="favicon1" serif:id="favicon"><path d="M1991.66,1034.72c-38.493,0 -64.144,-22.57 -64.144,-68.897l-0,-266.084c-0,-169.867 -69.982,-263.709 -250.762,-263.709l-83.976,0l-0,179.368l25.661,0c71.144,0 104.967,39.201 104.967,109.285l0,235.201c0,102.156 30.324,143.733 96.806,165.114c-66.482,20.196 -96.806,62.958 -96.806,165.114l0,174.621c0,48.7 0,96.216 -12.829,144.917c-12.829,45.141 -33.823,87.903 -62.98,124.726c-16.329,21.386 -34.991,39.202 -55.981,55.835l-0,23.755l83.971,-0c180.781,-0 250.763,-93.843 250.763,-263.709l-0,-266.084c-0,-47.516 24.485,-68.897 64.144,-68.897l47.822,-0l-0,-179.37l-46.656,-0l0,-1.186Z" style="fill-rule:nonzero;"/><path d="M1420.16,706.904l-258.923,0c-5.833,0 -10.495,-4.752 -10.495,-10.691l-0,-20.192c-0,-5.941 4.662,-10.692 10.495,-10.692l260.089,0c5.83,0 10.495,4.751 10.495,10.692l0,20.192c0,5.939 -5.833,10.691 -11.661,10.691Z" style="fill-rule:nonzero;"/><path d="M1464.48,963.474l-188.942,0c-5.833,0 -10.501,-4.754 -10.501,-10.693l0,-20.192c0,-5.938 4.668,-10.691 10.501,-10.691l188.942,-0c5.833,-0 10.495,4.753 10.495,10.691l-0,20.192c-0,4.754 -4.662,10.693 -10.495,10.693Z" style="fill-rule:nonzero;"/><path d="M1539.12,835.188l-377.885,0c-5.833,0 -10.495,-4.75 -10.495,-10.689l-0,-20.196c-0,-5.939 4.662,-10.69 10.495,-10.69l376.719,0c5.833,0 10.499,4.751 10.499,10.69l-0,20.196c-0,4.75 -3.5,10.689 -9.333,10.689Z" style="fill-rule:nonzero;"/><path d="M861.493,765.074c25.658,0 51.319,2.376 75.811,8.316l0,-48.705c0,-68.897 34.989,-109.285 104.971,-109.285l25.658,0l-0,-179.368l-83.977,0c-180.781,0 -250.758,93.842 -250.758,263.709l0,87.901c40.819,-14.252 83.977,-22.568 128.295,-22.568Z" style="fill-rule:nonzero;"/><path d="M1618.44,1411.25c-18.662,-150.861 -132.962,-276.776 -279.919,-305.285c-40.818,-8.314 -81.642,-9.504 -121.295,-2.376c-1.166,-0 -1.166,-1.189 -2.332,-1.189c-64.148,-136.605 -201.772,-226.884 -351.063,-226.884c-149.289,-0 -285.747,87.905 -351.062,224.51c-1.166,-0 -1.166,1.188 -2.332,1.188c-41.987,-4.753 -83.975,-2.379 -125.963,8.314c-144.623,35.634 -254.257,159.175 -274.085,308.847c-2.332,15.441 -3.499,30.883 -3.499,45.141c0,45.136 30.325,86.713 74.645,92.652c54.817,8.317 102.636,-34.448 101.469,-89.089c0,-8.317 0,-17.821 1.167,-26.134c9.331,-76.025 66.48,-140.168 141.123,-157.99c23.328,-5.939 46.654,-7.124 68.814,-3.559c71.146,9.502 141.124,-27.324 171.449,-91.467c22.162,-47.516 57.151,-89.094 103.804,-111.664c51.314,-24.946 109.633,-28.506 163.286,-9.499c55.979,20.192 97.966,62.954 123.627,116.409c26.824,52.27 39.653,89.093 96.805,96.221c23.325,3.559 88.639,2.374 113.132,1.185c47.82,0 95.64,16.631 129.463,51.079c22.156,23.757 38.485,53.455 45.486,86.715c10.495,53.455 -2.334,106.908 -33.825,147.296c-22.162,28.509 -52.485,49.89 -86.308,59.394c-16.329,4.754 -32.657,5.939 -48.986,5.939l-257.757,0c-51.314,0 -92.138,-41.573 -92.138,-93.842l0,-348.049c0,-14.251 -11.661,-26.13 -25.658,-26.13l-36.156,0c-71.148,1.185 -128.295,81.964 -128.295,167.488l-0,312.415c-0,92.652 73.476,167.488 164.451,167.488c0,0 404.714,-1.19 410.544,-1.19c93.304,-9.503 179.614,-58.204 237.927,-133.04c58.319,-72.46 85.142,-167.492 73.481,-264.894Z" style="fill-rule:nonzero;"/></g></svg>
+<svg width="100%" height="100%" viewBox="0 0 147 147" xmlns="http://www.w3.org/2000/svg">
+  <style>@media (prefers-color-scheme: dark) {* { fill: white; }}</style>
+  <path d="m42.4214,39.655c-24.4057,0 -42.1554,13.1721 -42.1554,33.845c0,20.5814 18.4892,33.845 42.1554,33.845c23.6662,0 38.1803,-11.6171 38.7349,-28.7225l-21.0777,-0.4574c-0.9244,9.3303 -9.1059,15.1845 -17.6572,15.1845c-11.7406,0 -20.4306,-7.5922 -20.4306,-19.8496c0,-12.2574 8.69,-19.9868 20.4306,-20.2155c8.5513,-0.183 16.9177,5.9457 17.4723,15.276l21.0777,-0.6403c-0.4622,-16.8311 -14.1442,-28.2652 -38.55,-28.2652zm48.8446,2l55.468,0l0,64.0311l-55.468,0l0,-64.0311z" clip-rule="evenodd" fill-rule="evenodd"/>
+</svg>

src/browser/media/favicon.svg

@@ -1 +1,3 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg width="100%" height="100%" viewBox="0 0 2250 2250" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;"><rect id="favicon" x="0" y="0" width="2250" height="2250" style="fill:none;"/><g id="favicon1" serif:id="favicon"><path d="M1991.66,1034.72c-38.493,0 -64.144,-22.57 -64.144,-68.897l-0,-266.084c-0,-169.867 -69.982,-263.709 -250.762,-263.709l-83.976,0l-0,179.368l25.661,0c71.144,0 104.967,39.201 104.967,109.285l0,235.201c0,102.156 30.324,143.733 96.806,165.114c-66.482,20.196 -96.806,62.958 -96.806,165.114l0,174.621c0,48.7 0,96.216 -12.829,144.917c-12.829,45.141 -33.823,87.903 -62.98,124.726c-16.329,21.386 -34.991,39.202 -55.981,55.835l-0,23.755l83.971,-0c180.781,-0 250.763,-93.843 250.763,-263.709l-0,-266.084c-0,-47.516 24.485,-68.897 64.144,-68.897l47.822,-0l-0,-179.37l-46.656,-0l0,-1.186Z" style="fill-rule:nonzero;"/><path d="M1420.16,706.904l-258.923,0c-5.833,0 -10.495,-4.752 -10.495,-10.691l-0,-20.192c-0,-5.941 4.662,-10.692 10.495,-10.692l260.089,0c5.83,0 10.495,4.751 10.495,10.692l0,20.192c0,5.939 -5.833,10.691 -11.661,10.691Z" style="fill-rule:nonzero;"/><path d="M1464.48,963.474l-188.942,0c-5.833,0 -10.501,-4.754 -10.501,-10.693l0,-20.192c0,-5.938 4.668,-10.691 10.501,-10.691l188.942,-0c5.833,-0 10.495,4.753 10.495,10.691l-0,20.192c-0,4.754 -4.662,10.693 -10.495,10.693Z" style="fill-rule:nonzero;"/><path d="M1539.12,835.188l-377.885,0c-5.833,0 -10.495,-4.75 -10.495,-10.689l-0,-20.196c-0,-5.939 4.662,-10.69 10.495,-10.69l376.719,0c5.833,0 10.499,4.751 10.499,10.69l-0,20.196c-0,4.75 -3.5,10.689 -9.333,10.689Z" style="fill-rule:nonzero;"/><path d="M861.493,765.074c25.658,0 51.319,2.376 75.811,8.316l0,-48.705c0,-68.897 34.989,-109.285 104.971,-109.285l25.658,0l-0,-179.368l-83.977,0c-180.781,0 -250.758,93.842 -250.758,263.709l0,87.901c40.819,-14.252 83.977,-22.568 128.295,-22.568Z" style="fill-rule:nonzero;"/><path d="M1618.44,1411.25c-18.662,-150.861 -132.962,-276.776 -279.919,-305.285c-40.818,-8.314 -81.642,-9.504 -121.295,-2.376c-1.166,-0 -1.166,-1.189 -2.332,-1.189c-64.148,-136.605 -201.772,-226.884 -351.063,-226.884c-149.289,-0 -285.747,87.905 -351.062,224.51c-1.166,-0 -1.166,1.188 -2.332,1.188c-41.987,-4.753 -83.975,-2.379 -125.963,8.314c-144.623,35.634 -254.257,159.175 -274.085,308.847c-2.332,15.441 -3.499,30.883 -3.499,45.141c0,45.136 30.325,86.713 74.645,92.652c54.817,8.317 102.636,-34.448 101.469,-89.089c0,-8.317 0,-17.821 1.167,-26.134c9.331,-76.025 66.48,-140.168 141.123,-157.99c23.328,-5.939 46.654,-7.124 68.814,-3.559c71.146,9.502 141.124,-27.324 171.449,-91.467c22.162,-47.516 57.151,-89.094 103.804,-111.664c51.314,-24.946 109.633,-28.506 163.286,-9.499c55.979,20.192 97.966,62.954 123.627,116.409c26.824,52.27 39.653,89.093 96.805,96.221c23.325,3.559 88.639,2.374 113.132,1.185c47.82,0 95.64,16.631 129.463,51.079c22.156,23.757 38.485,53.455 45.486,86.715c10.495,53.455 -2.334,106.908 -33.825,147.296c-22.162,28.509 -52.485,49.89 -86.308,59.394c-16.329,4.754 -32.657,5.939 -48.986,5.939l-257.757,0c-51.314,0 -92.138,-41.573 -92.138,-93.842l0,-348.049c0,-14.251 -11.661,-26.13 -25.658,-26.13l-36.156,0c-71.148,1.185 -128.295,81.964 -128.295,167.488l-0,312.415c-0,92.652 73.476,167.488 164.451,167.488c0,0 404.714,-1.19 410.544,-1.19c93.304,-9.503 179.614,-58.204 237.927,-133.04c58.319,-72.46 85.142,-167.492 73.481,-264.894Z" style="fill-rule:nonzero;"/></g></svg>
+<svg width="100%" height="100%" viewBox="0 0 147 147" xmlns="http://www.w3.org/2000/svg">
+  <path d="m42.4214,39.655c-24.4057,0 -42.1554,13.1721 -42.1554,33.845c0,20.5814 18.4892,33.845 42.1554,33.845c23.6662,0 38.1803,-11.6171 38.7349,-28.7225l-21.0777,-0.4574c-0.9244,9.3303 -9.1059,15.1845 -17.6572,15.1845c-11.7406,0 -20.4306,-7.5922 -20.4306,-19.8496c0,-12.2574 8.69,-19.9868 20.4306,-20.2155c8.5513,-0.183 16.9177,5.9457 17.4723,15.276l21.0777,-0.6403c-0.4622,-16.8311 -14.1442,-28.2652 -38.55,-28.2652zm48.8446,2l55.468,0l0,64.0311l-55.468,0l0,-64.0311z" clip-rule="evenodd" fill-rule="evenodd"/>
+</svg>