Remove homebrew step

It has been broken for a long time (No available formula with the name
"code-server") but it looks like they have their own bot publishing
updates anyway.

.git-blame-ignore-revs

@@ -0,0 +1,2 @@
+# Prettier 3.4.2
+9b0340a09276f93c054d705d1b9a5f24cc5dbc97

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -20,6 +20,8 @@ body:
           - **Remote OS**: Ubuntu
           - **Remote Architecture**: amd64
           - **`code-server --version`**: 4.0.1
+
+        Please do not just put "latest" for the version.
       value: |
         - Web Browser:
         - Local OS:
@@ -84,6 +86,18 @@ body:
     validations:
       required: true
 
+  - type: dropdown
+    attributes:
+      label: Does this bug reproduce in VS Code web?
+      description: If the bug reproduces in VS Code web, submit the issue upstream instead (https://github.com/microsoft/vscode). You can run VS Code web with `code serve-web`.
+      options:
+        - Yes, this is also broken in VS Code web
+        - No, this works as expected in VS Code web
+        - This cannot be tested in VS Code web
+        - I did not test VS Code web
+    validations:
+      required: true
+
   - type: dropdown
     attributes:
       label: Does this bug reproduce in GitHub Codespaces?

.github/workflows/build.yaml

@@ -22,215 +22,178 @@ concurrency:
 # will skip running `npm install` if it successfully fetched from cache
 
 jobs:
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      ci: ${{ steps.filter.outputs.ci }}
+      code: ${{ steps.filter.outputs.code }}
+      deps: ${{ steps.filter.outputs.deps }}
+      docs: ${{ steps.filter.outputs.docs }}
+      helm: ${{ steps.filter.outputs.helm }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v6
+      - name: Check changed files
+        uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: |
+            ci:
+              - ".github/**"
+              - "ci/**"
+            docs:
+              - "docs/**"
+              - "README.md"
+              - "CHANGELOG.md"
+            helm:
+              - "ci/helm-chart/**"
+            code:
+              - "src/**"
+              - "test/**"
+            deps:
+              - "lib/**"
+              - "patches/**"
+              - "package-lock.json"
+              - "test/package-lock.json"
+      - id: debug
+        run: |
+          echo "${{ toJSON(steps.filter )}}"
+
   prettier:
-    name: Format with Prettier
+    name: Run prettier check
     runs-on: ubuntu-22.04
     timeout-minutes: 5
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-
-      - name: Run prettier with actionsx/prettier
-        uses: actionsx/prettier@v3
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
-          args: --check --log-level=warn .
+          node-version-file: .node-version
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - run: npx prettier --check .
 
   doctoc:
     name: Doctoc markdown files
     runs-on: ubuntu-22.04
     timeout-minutes: 5
+    needs: changes
+    if: needs.changes.outputs.docs == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-
-      - name: Get changed files
-        id: changed-files
-        uses: tj-actions/changed-files@v45
-        with:
-          files: |
-            docs/**
-
-      - name: Install Node.js
-        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
           cache: npm
           cache-dependency-path: |
             package-lock.json
             test/package-lock.json
-
-      - if: steps.changed-files.outputs.any_changed == 'true'
-        run: SKIP_SUBMODULE_DEPS=1 npm ci
-
-      - if: steps.changed-files.outputs.any_changed == 'true'
-        run: npm run doctoc
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - run: npm run doctoc
 
   lint-helm:
     name: Lint Helm chart
     runs-on: ubuntu-22.04
     timeout-minutes: 5
+    needs: changes
+    if: needs.changes.outputs.helm == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 2
-
-      - name: Get changed files
-        id: changed-files
-        uses: tj-actions/changed-files@v45
-        with:
-          files: |
-            ci/helm-chart/**
-
-      - name: Install helm
-        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: azure/setup-helm@v4
+      - uses: actions/checkout@v6
+      - uses: azure/setup-helm@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-
-      - if: steps.changed-files.outputs.any_changed == 'true'
-        run: helm plugin install https://github.com/instrumenta/helm-kubeval
-
-      - if: steps.changed-files.outputs.any_changed == 'true'
-        run: helm kubeval ci/helm-chart
+      - run: helm plugin install https://github.com/instrumenta/helm-kubeval
+      - run: helm kubeval ci/helm-chart
 
   lint-ts:
     name: Lint TypeScript files
     runs-on: ubuntu-22.04
     timeout-minutes: 5
+    needs: changes
+    if: needs.changes.outputs.code == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 2
-
-      - name: Get changed files
-        id: changed-files
-        uses: tj-actions/changed-files@v45
-        with:
-          files: |
-            **/*.ts
-            **/*.js
-          files_ignore: |
-            lib/vscode/**
-
-      - name: Install Node.js
-        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
           cache: npm
           cache-dependency-path: |
             package-lock.json
             test/package-lock.json
-
-      - if: steps.changed-files.outputs.any_changed == 'true'
-        run: SKIP_SUBMODULE_DEPS=1 npm ci
-
-      - name: Lint TypeScript files
-        if: steps.changed-files.outputs.any_changed == 'true'
-        run: npm run lint:ts
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - run: npm run lint:ts
 
   lint-actions:
     name: Lint GitHub Actions
     runs-on: ubuntu-latest
+    needs: changes
+    if: needs.changes.outputs.ci == 'true'
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Check workflow files
         run: |
-          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.7.1
-          ./actionlint -color -shellcheck= -ignore "set-output"
+          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.7.9
+          ./actionlint -color -shellcheck= -ignore "softprops/action-gh-release"
         shell: bash
 
   test-unit:
     name: Run unit tests
     runs-on: ubuntu-22.04
     timeout-minutes: 5
+    needs: changes
+    if: needs.changes.outputs.code == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 2
-
-      - name: Get changed files
-        id: changed-files
-        uses: tj-actions/changed-files@v45
-        with:
-          files: |
-            **/*.ts
-          files_ignore: |
-            lib/vscode/**
-
-      - name: Install Node.js
-        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
           cache: npm
           cache-dependency-path: |
             package-lock.json
             test/package-lock.json
-
-      - if: steps.changed-files.outputs.any_changed == 'true'
-        run: SKIP_SUBMODULE_DEPS=1 npm ci
-
-      - if: steps.changed-files.outputs.any_changed == 'true'
-        run: npm run test:unit
-
-      - name: Upload coverage report to Codecov
-        uses: codecov/codecov-action@v4
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - run: npm run test:unit
+      - uses: codecov/codecov-action@v5
+        if: success()
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
-        if: success()
 
   build:
     name: Build code-server
     runs-on: ubuntu-22.04
-    timeout-minutes: 60
+    timeout-minutes: 70
     env:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
       DISABLE_V8_COMPILE_CACHE: 1
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           submodules: true
-
-      - name: Install system dependencies
-        run: sudo apt update && sudo apt install -y libkrb5-dev
-
-      - name: Install quilt
-        uses: awalsh128/cache-apt-pkgs-action@latest
+      - run: sudo apt update && sudo apt install -y libkrb5-dev
+      - uses: awalsh128/cache-apt-pkgs-action@latest
         with:
           packages: quilt
           version: 1.0
-
-      - name: Patch Code
-        run: quilt push -a
-
-      - name: Install Node.js
-        uses: actions/setup-node@v4
+      - run: quilt push -a
+      - uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
           cache: npm
           cache-dependency-path: |
             package-lock.json
             test/package-lock.json
-
       - run: SKIP_SUBMODULE_DEPS=1 npm ci
-
-      - env:
+      - run: npm run build
+        env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: npm run build
-
       # Get Code's git hash.  When this changes it means the content is
       # different and we need to rebuild.
       - name: Get latest lib/vscode rev
         id: vscode-rev
         run: echo "rev=$(git rev-parse HEAD:./lib/vscode)" >> $GITHUB_OUTPUT
-
       # We need to rebuild when we have a new version of Code, when any of
       # the patches changed, or when the code-server version changes (since
       # it gets embedded into the code).  Use VSCODE_CACHE_VERSION to
@@ -241,7 +204,6 @@ jobs:
         with:
           path: lib/vscode-reh-web-*
           key: vscode-reh-package-${{ secrets.VSCODE_CACHE_VERSION }}-${{ steps.vscode-rev.outputs.rev }}-${{ hashFiles('patches/*.diff', 'ci/build/build-vscode.sh') }}
-
       - name: Build vscode
         env:
           VERSION: "0.0.0"
@@ -251,107 +213,77 @@ jobs:
           npm ci
           popd
           npm run build:vscode
-
       # The release package does not contain any native modules
       # and is neutral to architecture/os/libc version.
       - run: npm run release
         if: success()
-
       # https://github.com/actions/upload-artifact/issues/38
       - run: tar -czf package.tar.gz release
-
-      - name: Upload npm package artifact
-        uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v4
         with:
           name: npm-package
           path: ./package.tar.gz
 
   test-e2e:
     name: Run e2e tests
-    needs: build
     runs-on: ubuntu-22.04
     timeout-minutes: 25
+    needs: [changes, build]
+    if: needs.changes.outputs.code == 'true' || needs.changes.outputs.deps == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-
-      - name: Install system dependencies
-        run: sudo apt update && sudo apt install -y libkrb5-dev
-
-      - name: Install Node.js
-        uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - run: sudo apt update && sudo apt install -y libkrb5-dev
+      - uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
           cache: npm
           cache-dependency-path: |
             package-lock.json
             test/package-lock.json
-
       - run: SKIP_SUBMODULE_DEPS=1 npm ci
-
-      - name: Download npm package
-        uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v5
         with:
           name: npm-package
-
       - run: tar -xzf package.tar.gz
-
       - run: cd release && npm install --unsafe-perm --omit=dev
-
       - name: Install Playwright OS dependencies
         run: |
           ./test/node_modules/.bin/playwright install-deps
           ./test/node_modules/.bin/playwright install
-
       - run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e
-
-      - name: Upload test artifacts
+      - uses: actions/upload-artifact@v4
         if: always()
-        uses: actions/upload-artifact@v4
         with:
           name: failed-test-videos
           path: ./test/test-results
-
-      - name: Remove release packages and test artifacts
-        run: rm -rf ./release ./test/test-results
+      - run: rm -rf ./release ./test/test-results
 
   test-e2e-proxy:
     name: Run e2e tests behind proxy
-    needs: build
     runs-on: ubuntu-22.04
     timeout-minutes: 25
+    needs: [changes, build]
+    if: needs.changes.outputs.code == 'true' || needs.changes.outputs.deps == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-
-      - name: Install system dependencies
-        run: sudo apt update && sudo apt install -y libkrb5-dev
-
-      - name: Install Node.js
-        uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - run: sudo apt update && sudo apt install -y libkrb5-dev
+      - uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
           cache: npm
           cache-dependency-path: |
             package-lock.json
             test/package-lock.json
-
       - run: SKIP_SUBMODULE_DEPS=1 npm ci
-
-      - name: Download npm package
-        uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v5
         with:
           name: npm-package
-
       - run: tar -xzf package.tar.gz
-
       - run: cd release && npm install --unsafe-perm --omit=dev
-
       - name: Install Playwright OS dependencies
         run: |
           ./test/node_modules/.bin/playwright install-deps
           ./test/node_modules/.bin/playwright install
-
       - name: Cache Caddy
         uses: actions/cache@v4
         id: caddy-cache
@@ -359,7 +291,6 @@ jobs:
           path: |
             ~/.cache/caddy
           key: cache-caddy-2.5.2
-
       - name: Install Caddy
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -368,16 +299,13 @@ jobs:
           gh release download v2.5.2 --repo caddyserver/caddy --pattern "caddy_2.5.2_linux_amd64.tar.gz"
           mkdir -p ~/.cache/caddy
           tar -xzf caddy_2.5.2_linux_amd64.tar.gz --directory ~/.cache/caddy
-
-      - run: sudo ~/.cache/caddy/caddy start --config ./ci/Caddyfile
-
+      - run: ~/.cache/caddy/caddy start --config ./ci/Caddyfile
       - run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e:proxy
+      - run: ~/.cache/caddy/caddy stop --config ./ci/Caddyfile
+        if: always()
 
-      - if: always()
-        run: sudo ~/.cache/caddy/caddy stop --config ./ci/Caddyfile
-
-      - if: always()
-        uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v4
+        if: always()
         with:
           name: failed-test-videos-proxy
           path: ./test/test-results

.github/workflows/installer.yaml

@@ -30,7 +30,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Install code-server
         run: ./install.sh
@@ -44,7 +44,7 @@ jobs:
     container: "alpine:3.17"
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Install curl
         run: apk add curl
@@ -67,7 +67,7 @@ jobs:
 
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Install code-server
         run: ./install.sh

.github/workflows/publish.yaml

@@ -25,15 +25,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code-server
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Install Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
 
       - name: Download npm package from release artifacts
-        uses: robinraju/release-downloader@v1.11
+        uses: robinraju/release-downloader@v1.12
         with:
           repository: "coder/code-server"
           tag: ${{ github.event.inputs.version || github.ref_name }}
@@ -53,38 +53,6 @@ jobs:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
           NPM_ENVIRONMENT: "production"
 
-  homebrew:
-    needs: npm
-    runs-on: ubuntu-latest
-    steps:
-      # Ensure things are up to date
-      # Suggested by homebrew maintainers
-      # https://github.com/Homebrew/discussions/discussions/1532#discussioncomment-782633
-      - name: Set up Homebrew
-        id: set-up-homebrew
-        uses: Homebrew/actions/setup-homebrew@master
-
-      - name: Checkout code-server
-        uses: actions/checkout@v4
-
-      - name: Configure git
-        run: |
-          git config --global user.name cdrci
-          git config --global user.email opensource@coder.com
-
-      # Strip out the v (v4.9.1 -> 4.9.1).
-      - name: Get and set VERSION
-        run: |
-          TAG="${{ github.event.inputs.version || github.ref_name }}"
-          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
-
-      - name: Bump code-server homebrew version
-        env:
-          VERSION: ${{ env.VERSION }}
-          HOMEBREW_GITHUB_API_TOKEN: ${{secrets.HOMEBREW_GITHUB_API_TOKEN}}
-
-        run: ./ci/steps/brew-bump.sh
-
   aur:
     runs-on: ubuntu-latest
     timeout-minutes: 10
@@ -94,13 +62,13 @@ jobs:
     steps:
       # We need to checkout code-server so we can get the version
       - name: Checkout code-server
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
           path: "./code-server"
 
       - name: Checkout code-server-aur repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           repository: "cdrci/code-server-aur"
           token: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
@@ -124,7 +92,7 @@ jobs:
           echo "VERSION=${TAG#v}" >> $GITHUB_ENV
 
       - name: Validate package
-        uses: heyhusen/archlinux-package-action@v2.2.1
+        uses: heyhusen/archlinux-package-action@v2.4.0
         env:
           VERSION: ${{ env.VERSION }}
         with:
@@ -145,10 +113,10 @@ jobs:
           gh pr create --repo coder/code-server-aur --title "chore: bump version to ${{ env.VERSION }}" --body "PR opened by @$GITHUB_ACTOR" --assignee $GITHUB_ACTOR
 
   docker:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout code-server
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -176,7 +144,7 @@ jobs:
           echo "VERSION=${TAG#v}" >> $GITHUB_ENV
 
       - name: Download deb artifacts
-        uses: robinraju/release-downloader@v1.11
+        uses: robinraju/release-downloader@v1.12
         with:
           repository: "coder/code-server"
           tag: v${{ env.VERSION }}
@@ -184,7 +152,7 @@ jobs:
           out-file-path: "release-packages"
 
       - name: Download rpm artifacts
-        uses: robinraju/release-downloader@v1.11
+        uses: robinraju/release-downloader@v1.12
         with:
           repository: "coder/code-server"
           tag: v${{ env.VERSION }}

.github/workflows/release.yaml

@@ -19,95 +19,27 @@ concurrency:
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 jobs:
-  package-linux-amd64:
-    name: x86-64 Linux build
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    needs: npm-version
-    container: "centos:8"
-    env:
-      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-
-      - name: Install Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-
-      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-
-      - name: Install development tools
-        run: |
-          cd /etc/yum.repos.d/
-          sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
-          sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
-          yum install -y gcc-c++ make jq rsync python3 libsecret-devel krb5-devel
-
-      - name: Install nfpm and envsubst
-        run: |
-          mkdir -p ~/.local/bin
-          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.22.2/nfpm_2.22.2_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
-          curl -sSfL https://github.com/a8m/envsubst/releases/download/v1.1.0/envsubst-`uname -s`-`uname -m` -o envsubst
-          chmod +x envsubst
-          mv envsubst ~/.local/bin
-          echo "$HOME/.local/bin" >> $GITHUB_PATH
-
-      - name: Download npm package
-        uses: actions/download-artifact@v4
-        with:
-          name: npm-release-package
-
-      - run: tar -xzf package.tar.gz
-
-      - run: npm run release:standalone
-
-      - run: npm run test:integration
-
-      - name: Upload coverage report to Codecov
-        uses: codecov/codecov-action@v4
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-        if: success()
-        continue-on-error: true
-
-      # Strip out the v (v4.9.1 -> 4.9.1).
-      - name: Get and set VERSION
-        run: |
-          TAG="${{ inputs.version || github.ref_name }}"
-          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
-
-      - env:
-          VERSION: ${{ env.VERSION }}
-        run: npm run package
-
-      - uses: softprops/action-gh-release@v1
-        with:
-          draft: true
-          discussion_category_name: "📣 Announcements"
-          files: ./release-packages/*
-
   package-linux-cross:
-    name: Linux cross-compile builds
+    name: ${{ matrix.prefix }}
     runs-on: ubuntu-latest
     timeout-minutes: 15
     needs: npm-version
-    container: "debian:buster"
+    container: "python:3.8-slim-buster"
     strategy:
       matrix:
         include:
+          - prefix: x86_64-linux-gnu
+            npm_arch: x64
+            apt_arch: amd64
+            package_arch: amd64
           - prefix: aarch64-linux-gnu
             npm_arch: arm64
             apt_arch: arm64
+            package_arch: arm64
           - prefix: arm-linux-gnueabihf
             npm_arch: armv7l
             apt_arch: armhf
+            package_arch: armv7l
 
     env:
       AR: ${{ format('{0}-ar', matrix.prefix) }}
@@ -121,16 +53,17 @@ jobs:
       PKG_CONFIG_PATH: ${{ format('/usr/lib/{0}/pkgconfig', matrix.prefix) }}
       TARGET_ARCH: ${{ matrix.apt_arch }}
       npm_config_arch: ${{ matrix.npm_arch }}
+      PKG_ARCH: ${{ matrix.package_arch }}
       # Not building from source results in an x86_64 argon2, as if
       # npm_config_arch is being ignored.
       npm_config_build_from_source: true
 
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Install Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
           cache: npm
@@ -140,8 +73,9 @@ jobs:
 
       - name: Install cross-compiler and system dependencies
         run: |
+          sed -i 's/deb\.debian\.org/archive.debian.org/g' /etc/apt/sources.list
           dpkg --add-architecture $TARGET_ARCH
-          apt-get update && apt-get install -y --no-install-recommends \
+          apt update && apt install -y --no-install-recommends \
             crossbuild-essential-$TARGET_ARCH \
             libx11-dev:$TARGET_ARCH \
             libx11-xcb-dev:$TARGET_ARCH \
@@ -149,8 +83,7 @@ jobs:
             libsecret-1-dev:$TARGET_ARCH \
             libkrb5-dev:$TARGET_ARCH \
             ca-certificates \
-            curl wget rsync gettext-base \
-            python3
+            curl wget rsync gettext-base
 
       - run: SKIP_SUBMODULE_DEPS=1 npm ci
 
@@ -161,7 +94,7 @@ jobs:
           echo "$HOME/.local/bin" >> $GITHUB_PATH
 
       - name: Download npm package
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: npm-release-package
 
@@ -183,7 +116,7 @@ jobs:
 
       - env:
           VERSION: ${{ env.VERSION }}
-        run: npm run package ${npm_config_arch}
+        run: npm run package $PKG_ARCH
 
       - uses: softprops/action-gh-release@v1
         with:
@@ -193,15 +126,18 @@ jobs:
 
   package-macos-amd64:
     name: x86-64 macOS build
-    runs-on: macos-latest
+    runs-on: macos-15-intel
     timeout-minutes: 15
     needs: npm-version
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Install Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
           cache: npm
@@ -224,7 +160,68 @@ jobs:
       - run: brew install python-setuptools
 
       - name: Download npm package
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
+        with:
+          name: npm-release-package
+
+      - run: tar -xzf package.tar.gz
+      - run: npm run release:standalone
+      - run: npm run test:native
+
+      # Strip out the v (v4.9.1 -> 4.9.1).
+      - name: Get and set VERSION
+        run: |
+          TAG="${{ inputs.version || github.ref_name }}"
+          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
+
+      - name: Build packages with nfpm
+        env:
+          VERSION: ${{ env.VERSION }}
+        run: npm run package
+
+      - uses: softprops/action-gh-release@v1
+        with:
+          draft: true
+          discussion_category_name: "📣 Announcements"
+          files: ./release-packages/*
+
+  package-macos-arm64:
+    name: arm64 macOS build
+    runs-on: macos-latest
+    timeout-minutes: 15
+    needs: npm-version
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v6
+
+      - name: Install Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version-file: .node-version
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+
+      - name: Install nfpm
+        run: |
+          mkdir -p ~/.local/bin
+          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+      # The version of node-gyp we use depends on distutils but it was removed
+      # in Python 3.12.  It seems to be fixed in the latest node-gyp so when we
+      # next update Node we can probably remove this.  For now, install
+      # setuptools since it contains distutils.
+      - run: brew install python-setuptools
+
+      - name: Download npm package
+        uses: actions/download-artifact@v5
         with:
           name: npm-release-package
 
@@ -256,7 +253,7 @@ jobs:
     needs: npm-version
     steps:
       - name: Download npm package
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: npm-release-package
 
@@ -272,7 +269,7 @@ jobs:
     timeout-minutes: 15
     steps:
       - name: Download artifacts
-        uses: dawidd6/action-download-artifact@v6
+        uses: dawidd6/action-download-artifact@v11
         id: download
         with:
           branch: ${{ github.ref }}

.github/workflows/scripts.yaml

@@ -41,7 +41,7 @@ jobs:
     container: "alpine:3.17"
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Install test utilities
         run: apk add bats checkbashisms
@@ -58,7 +58,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Install lint utilities
         run: sudo apt install shellcheck

.github/workflows/security.yaml

@@ -25,12 +25,12 @@ jobs:
     timeout-minutes: 15
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
       - name: Install Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
 
@@ -43,15 +43,15 @@ jobs:
     permissions:
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
+        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -72,11 +72,11 @@ jobs:
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/autobuild to send a status report
     name: Analyze with CodeQL
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

.github/workflows/trivy-docker.yaml

@@ -44,14 +44,14 @@ concurrency:
 
 jobs:
   trivy-scan-image:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Run Trivy vulnerability scanner in image mode
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
+        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
         with:
           image-ref: "docker.io/codercom/code-server:latest"
           ignore-unfixed: true

.node-version

@@ -1 +1 @@
-20.18.0
+22.20.0

CHANGELOG.md

@@ -22,6 +22,268 @@ Code v99.99.999
 
 ## Unreleased
 
+## [4.104.2](https://github.com/coder/code-server/releases/tag/v4.104.2) - 2025-09-26
+
+Code v1.104.2
+
+### Changed
+
+- Update to Code 1.104.2.
+
+## [4.104.1](https://github.com/coder/code-server/releases/tag/v4.104.1) - 2025-09-19
+
+Code v1.104.1
+
+### Changed
+
+- Update to Code 1.104.1.
+
+## [4.104.0](https://github.com/coder/code-server/releases/tag/v4.104.0) - 2025-09-15
+
+Code v1.104.0
+
+### Fixed
+
+- Fix "extension not found" errors from Open VSX when trying to install the
+  latest version of an extension.
+
+### Changed
+
+- Update to Code 1.104.0.
+
+## [4.103.2](https://github.com/coder/code-server/releases/tag/v4.103.2) - 2025-08-25
+
+Code v1.103.2
+
+### Changed
+
+- Update to Code 1.103.2.
+
+## [4.103.1](https://github.com/coder/code-server/releases/tag/v4.103.1) - 2025-08-15
+
+Code v1.103.1
+
+### Changed
+
+- Update to Code 1.103.1.
+
+## [4.103.0](https://github.com/coder/code-server/releases/tag/v4.103.0) - 2025-08-12
+
+Code v1.103.0
+
+### Changed
+
+- Update to Code 1.103.0.
+
+## [4.102.2](https://github.com/coder/code-server/releases/tag/v4.102.2) - 2025-07-24
+
+Code v1.102.2
+
+### Changed
+
+- Update to Code 1.102.2.
+
+## [4.102.1](https://github.com/coder/code-server/releases/tag/v4.102.1) - 2025-07-17
+
+Code v1.102.1
+
+### Changed
+
+- Update to Code 1.102.1.
+
+## [4.102.0](https://github.com/coder/code-server/releases/tag/v4.102.0) - 2025-07-16
+
+Code v1.102.0
+
+### Changed
+
+- Update to Code 1.102.0.
+
+### Added
+
+- Custom strings can be configured using the `--i18n` flag set to a JSON
+  file. This can be used for either translation (and can be used alongside
+  `--locale`) or for customizing the strings. See
+  [./src/node/i18n/locales/en.json](./src/node/i18n/locales/en.json) for the
+  available keys.
+
+## [4.101.2](https://github.com/coder/code-server/releases/tag/v4.101.2) - 2025-06-25
+
+Code v1.101.2
+
+### Changed
+
+- Update to Code 1.101.2.
+
+### Fixed
+
+- Fix web views not loading due to 401 when requesting the service worker.
+
+## [4.101.1](https://github.com/coder/code-server/releases/tag/v4.101.1) - 2025-06-20
+
+Code v1.101.1
+
+### Changed
+
+- Update to Code 1.101.1.
+
+## [4.101.0](https://github.com/coder/code-server/releases/tag/v4.101.0) - 2025-06-20
+
+Code v1.101.0
+
+### Changed
+
+- Update to Code 1.101.0.
+
+## [4.100.3](https://github.com/coder/code-server/releases/tag/v4.100.3) - 2025-06-03
+
+Code v1.100.3
+
+### Changed
+
+- Update to Code 1.100.3.
+
+## [4.100.2](https://github.com/coder/code-server/releases/tag/v4.100.2) - 2025-05-15
+
+Code v1.100.2
+
+### Changed
+
+- Update to Code 1.100.2.
+
+## [4.100.1](https://github.com/coder/code-server/releases/tag/v4.100.1) - 2025-05-13
+
+Code v1.100.1
+
+### Changed
+
+- Update to Code 1.100.1.
+
+## [4.100.0](https://github.com/coder/code-server/releases/tag/v4.100.0) - 2025-05-12
+
+Code v1.100.0
+
+### Added
+
+- Trusted domains for links can now be set at run-time by configuring
+  `linkProtectionTrustedDomains` in the `lib/vscode/product.json` file or via
+  the `--link-protection-trusted-domains` flag.
+
+### Changed
+
+- Update to Code 1.100.0.
+- Disable extension signature verification, which previously was skipped by
+  default (the package used for verification is not available to OSS builds of
+  VS Code) but now reportedly throws hard errors making it impossible to install
+  extensions.
+
+### Fixed
+
+- Flags with repeatable options now work via the config file.
+
+## [4.99.4](https://github.com/coder/code-server/releases/tag/v4.99.4) - 2025-05-02
+
+Code v1.99.3
+
+### Security
+
+- Validate that ports in the path proxy are numbers, to prevent proxying to
+  arbitrary domains.
+
+## [4.99.3](https://github.com/coder/code-server/releases/tag/v4.99.3) - 2025-04-17
+
+Code v1.99.3
+
+### Added
+
+- Added `--skip-auth-preflight` flag to let preflight requests through the
+  proxy.
+
+### Changed
+
+- Update to Code 1.99.3.
+
+## [4.99.2](https://github.com/coder/code-server/releases/tag/v4.99.2) - 2025-04-10
+
+Code v1.99.2
+
+### Changed
+
+- Update to Code 1.99.2.
+
+## [4.99.1](https://github.com/coder/code-server/releases/tag/v4.99.1) - 2025-04-08
+
+Code v1.99.1
+
+### Changed
+
+- Update to Code 1.99.1.
+
+## [4.99.0](https://github.com/coder/code-server/releases/tag/v4.99.0) - 2025-04-07
+
+Code v1.99.0
+
+### Changed
+
+- Update to Code 1.99.0.
+
+## [4.98.0](https://github.com/coder/code-server/releases/tag/v4.98.0) - 2025-03-07
+
+Code v1.98.0
+
+### Changed
+
+- Update to Code 1.98.0.
+
+## [4.97.2](https://github.com/coder/code-server/releases/tag/v4.96.4) - 2025-02-18
+
+Code v1.97.2
+
+### Added
+
+- Added back macOS amd64 builds.
+
+### Changed
+
+- Update to Code 1.97.2.
+- Softened dark mode login page colors.
+
+## [4.96.4](https://github.com/coder/code-server/releases/tag/v4.96.4) - 2025-01-20
+
+Code v1.96.4
+
+### Changed
+
+- Update to Code 1.96.4.
+
+## [4.96.2](https://github.com/coder/code-server/releases/tag/v4.96.2) - 2024-12-20
+
+Code v1.96.2
+
+### Changed
+
+- Update to Code 1.96.2.
+
+## [4.96.1](https://github.com/coder/code-server/releases/tag/v4.96.1) - 2024-12-18
+
+Code v1.96.1
+
+### Added
+
+- Dark color scheme for login and error pages.
+
+### Changed
+
+- Update to Code 1.96.1.
+
+## [4.95.3](https://github.com/coder/code-server/releases/tag/v4.95.3) - 2024-11-18
+
+Code v1.95.3
+
+### Changed
+
+- Update to Code 1.95.3.
+
 ## [4.95.2](https://github.com/coder/code-server/releases/tag/v4.95.2) - 2024-11-12
 
 Code v1.95.2
@@ -601,7 +863,6 @@ Code v1.68.1
   would be accessible at `my.domain/proxy/8000/` without any authentication.
 
   If all of the following apply to you please update as soon as possible:
-
   - You run code-server with the built-in password authentication.
   - You run unprotected HTTP services on ports accessible by code-server.
 

ci/build/build-release.sh

@@ -44,10 +44,6 @@ bundle_code_server() {
   rsync src/browser/pages/*.css "$RELEASE_PATH/src/browser/pages"
   rsync src/browser/robots.txt "$RELEASE_PATH/src/browser"
 
-  # Add typings for plugins
-  mkdir -p "$RELEASE_PATH/typings"
-  rsync typings/pluginapi.d.ts "$RELEASE_PATH/typings"
-
   # Adds the commit to package.json
   jq --slurp '(.[0] | del(.scripts,.jest,.devDependencies)) * .[1]' package.json <(
     cat << EOF

ci/build/build-standalone-release.sh

@@ -16,7 +16,7 @@ main() {
   # Package managers may shim their own "node" wrapper into the PATH, so run
   # node and ask it for its true path.
   local node_path
-  node_path="$(node <<< 'console.info(process.execPath)')"
+  node_path="$(node -p process.execPath)"
 
   mkdir -p "$RELEASE_PATH/bin"
   mkdir -p "$RELEASE_PATH/lib"

ci/build/build-vscode.sh

@@ -112,7 +112,9 @@ EOF
   # this because we have an NPM package that could be installed on any platform.
   # The correct platform dependencies and scripts will be installed as part of
   # the post-install during `npm install` or when building a standalone release.
-  npm run gulp "vscode-reh-web-linux-x64${MINIFY:+-min}"
+  node --max-old-space-size=16384 --optimize-for-size \
+       ./node_modules/gulp/bin/gulp.js \
+       "vscode-reh-web-linux-x64${MINIFY:+-min}"
 
   # Reset so if you develop after building you will not be stuck with the wrong
   # commit (the dev client will use `oss-dev` but the dev server will still use

ci/build/npm-postinstall.sh

@@ -76,8 +76,8 @@ main() {
     echo "USE AT YOUR OWN RISK!"
   fi
 
-  if [ "$major_node_version" -ne "${FORCE_NODE_VERSION:-20}" ]; then
-    echo "ERROR: code-server currently requires node v20."
+  if [ "$major_node_version" -ne "${FORCE_NODE_VERSION:-22}" ]; then
+    echo "ERROR: code-server currently requires node v22."
     if [ -n "$FORCE_NODE_VERSION" ]; then
       echo "However, you have overrided the version check to use v$FORCE_NODE_VERSION."
     fi

ci/dev/gen_icons.sh

@@ -1,44 +1,50 @@
 #!/bin/sh
 set -eu
 
+# Generate icons from a single favicon.svg.  favicon.svg should have no fill
+# colors set.
 main() {
   cd src/browser/media
 
-  # We need .ico for backwards compatibility.
-  # The other two are the only icon sizes required by Chrome and
-  # we use them for stuff like apple-touch-icon as well.
-  # https://web.dev/add-manifest/
+  # We need .ico for backwards compatibility.  The other two are the only icon
+  # sizes required by Chrome and we use them for stuff like apple-touch-icon as
+  # well.  https://web.dev/add-manifest/
   #
   # This should be enough and we can always add more if there are problems.
-
+  #
+  # -quiet to avoid https://github.com/ImageMagick/ImageMagick/issues/884
   # -background defaults to white but we want it transparent.
+  # -density somehow makes the image both sharper and smaller in file size.
+  #
   # https://imagemagick.org/script/command-line-options.php#background
-  convert -quiet -background transparent -resize 256x256 favicon.svg favicon.ico
-  # We do not generate the pwa-icon from the favicon as they are slightly different
-  # designs and sizes.
-  # See favicon.afdesign and #2401 for details on the differences.
-  convert -quiet -background transparent -resize 192x192 pwa-icon.png pwa-icon-192.png
-  convert -quiet -background transparent -resize 512x512 pwa-icon.png pwa-icon-512.png
+  convert -quiet -background transparent \
+          -resize 256x256 -density 256x256 \
+          favicon.svg favicon.ico
 
-  # We use -quiet above to avoid https://github.com/ImageMagick/ImageMagick/issues/884
+  # Generate PWA icons.  There should be enough padding to support masking.
+  convert -quiet -border 60x60 -bordercolor white -background white \
+          -resize 192x192 -density 192x192 \
+          favicon.svg pwa-icon-maskable-192.png
+  convert -quiet -border 160x160 -bordercolor white -background white \
+          -resize 512x512 -density 512x512 \
+          favicon.svg pwa-icon-maskable-512.png
 
-  # The following adds dark mode support for the favicon as favicon-dark-support.svg
-  # There is no similar capability for pwas or .ico so we can only add support to the svg.
-  favicon_dark_style="<style>
-@media (prefers-color-scheme: dark) {
-  * {
-    fill: white;
-  }
-}
-</style>"
-  # See https://stackoverflow.com/a/22901380/4283659
-  # This escapes all newlines so that sed will accept them.
-  favicon_dark_style="$(printf "%s\n" "$favicon_dark_style" | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/\\n/g')"
-  sed "$(
-    cat -n << EOF
-s%<rect id="favicon"%$favicon_dark_style<rect id="favicon"%
-EOF
-  )" favicon.svg > favicon-dark-support.svg
+  # Generate non-maskable PWA icons.
+  magick pwa-icon-maskable-192.png \
+         \( +clone -threshold 101% -fill white -draw "roundRectangle 0,0 %[fx:int(w)],%[fx:int(h)] 50,50" \) \
+         -channel-fx "| gray=>alpha" \
+         pwa-icon-192.png
+  magick pwa-icon-maskable-512.png \
+         \( +clone -threshold 101% -fill white -draw "roundRectangle 0,0 %[fx:int(w)],%[fx:int(h)] 100,100" \) \
+         -channel-fx "| gray=>alpha" \
+         pwa-icon-512.png
+
+  # The following adds dark mode support for the favicon as
+  # favicon-dark-support.svg There is no similar capability for pwas or .ico so
+  # we can only add support to the svg.
+  favicon_dark_style="<style>@media (prefers-color-scheme: dark) {* { fill: white; }}</style>"
+  cp favicon.svg favicon-dark-support.svg
+  sed "s%<path%$favicon_dark_style\n  <path%" favicon.svg > favicon-dark-support.svg
 }
 
 main "$@"

ci/dev/test-integration.sh

@@ -33,7 +33,7 @@ main() {
     exit 1
   fi
 
-  CODE_SERVER_PATH="$path" CS_DISABLE_PLUGINS=true ./test/node_modules/.bin/jest "$@" --coverage=false --testRegex "./test/integration" --testPathIgnorePatterns "./test/integration/fixtures"
+  CODE_SERVER_PATH="$path" ./test/node_modules/.bin/jest "$@" --coverage=false --testRegex "./test/integration" --testPathIgnorePatterns "./test/integration/fixtures"
 }
 
 main "$@"

ci/dev/test-unit.sh

@@ -6,15 +6,10 @@ main() {
 
   source ./ci/lib.sh
 
-  echo "Building test plugin"
-  pushd test/unit/node/test-plugin
-  make -s out/index.js
-  popd
-
   # We must keep jest in a sub-directory. See ../../test/package.json for more
   # information. We must also run it from the root otherwise coverage will not
   # include our source files.
-  CS_DISABLE_PLUGINS=true ./test/node_modules/.bin/jest "$@" --testRegex "./test/unit/.*ts" --testPathIgnorePatterns "./test/unit/node/test-plugin"
+  ./test/node_modules/.bin/jest "$@" --testRegex "./test/unit/.*ts"
 }
 
 main "$@"

ci/helm-chart/Chart.yaml

@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.24.0
+version: 3.31.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 4.93.1
+appVersion: 4.104.2

ci/helm-chart/templates/deployment.yaml

@@ -7,8 +7,11 @@ metadata:
     helm.sh/chart: {{ include "code-server.chart" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- if .Values.annotations }}
+  annotations: {{- toYaml .Values.annotations | nindent 4 }}
+  {{- end }}
 spec:
-  replicas: 1
+  replicas: {{ .Values.replicaCount | default 1 }}
   strategy:
     type: Recreate
   selector:
@@ -35,8 +38,9 @@ spec:
       securityContext:
         fsGroup: {{ .Values.securityContext.fsGroup }}
       {{- end }}
-      {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+      {{- if or (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.extraInitContainers }}
       initContainers:
+      {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
       - name: init-chmod-data
         image: busybox:latest
         imagePullPolicy: IfNotPresent
@@ -50,6 +54,7 @@ spec:
         volumeMounts:
         - name: data
           mountPath: /home/coder
+      {{- end }}
 {{- if .Values.extraInitContainers }}
 {{ tpl .Values.extraInitContainers . | indent 6}}
 {{- end }}

ci/helm-chart/values.yaml

@@ -6,7 +6,7 @@ replicaCount: 1
 
 image:
   repository: codercom/code-server
-  tag: '4.93.1'
+  tag: '4.104.2'
   pullPolicy: Always
 
 # Specifies one or more secrets to be used when pulling images from a
@@ -19,6 +19,9 @@ nameOverride: ""
 fullnameOverride: ""
 hostnameOverride: ""
 
+# The existing secret to use for code-server authentication in the frontend. the password is stored in the secret under the key `password`
+# existingSecret: ""
+
 serviceAccount:
   # Specifies whether a service account should be created
   create: true
@@ -28,6 +31,9 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name: ""
 
+# Specifies annotations for deployment
+annotations: {}
+
 podAnnotations: {}
 
 podSecurityContext: {}
@@ -72,8 +78,9 @@ extraArgs: []
 extraVars: []
 #  - name: DISABLE_TELEMETRY
 #    value: "true"
+# if dind is desired:
 #  - name: DOCKER_HOST
-#    value: "tcp://localhost:2375"
+#    value: "tcp://localhost:2376"
 
 ##
 ## Init containers parameters:
@@ -136,25 +143,39 @@ lifecycle:
   #      - -c
   #      - curl -s -L SOME_SCRIPT | bash
 
+  # for dind, the following may be helpful
+  # postStart:
+  #   exec:
+  #     command:
+  #       - /bin/sh
+  #       - -c
+  #       - |
+  #         sudo apt-get update \
+  #           && sudo apt-get install -y docker.io
+
 ## Enable an Specify container in extraContainers.
 ## This is meant to allow adding code-server dependencies, like docker-dind.
 extraContainers: |
 # If docker-dind is used, DOCKER_HOST env is mandatory to set in "extraVars"
-#- name: docker-dind
-#  image: docker:19.03-dind
+# - name: docker-dind
+#   image: docker:28.3.2-dind
 #   imagePullPolicy: IfNotPresent
 #   resources:
 #     requests:
-#      cpu: 250m
-#      memory: 256M
+#       cpu: 1
+#       ephemeral-storage: "50Gi"
+#       memory: 10Gi
 #   securityContext:
 #     privileged: true
 #     procMount: Default
 #   env:
 #     - name: DOCKER_TLS_CERTDIR
-#    value: ""
-#  - name: DOCKER_DRIVER
-#    value: "overlay2"
+#       value: "" # disable TLS setup
+#   command:
+#     - dockerd
+#     - --host=unix:///var/run/docker.sock
+#     - --host=tcp://0.0.0.0:2376
+
 
 extraInitContainers: |
 # - name: customization

ci/release-image/Dockerfile

@@ -31,7 +31,10 @@ RUN sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen \
   && locale-gen
 ENV LANG=en_US.UTF-8
 
-RUN adduser --gecos '' --disabled-password coder \
+RUN if grep -q 1000 /etc/passwd; then \
+    userdel -r "$(id -un 1000)"; \
+  fi \
+  && adduser --gecos '' --disabled-password coder \
   && echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
 
 RUN ARCH="$(dpkg --print-architecture)" \

docs/CONTRIBUTING.md

@@ -32,7 +32,7 @@ The prerequisites for contributing to code-server are almost the same as those
 for [VS Code](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites).
 Here is what is needed:
 
-- `node` v20.x
+- `node` v22.x
 - `git` v2.x or greater
 - [`git-lfs`](https://git-lfs.github.com)
 - [`npm`](https://www.npmjs.com/)

docs/FAQ.md

@@ -31,6 +31,7 @@
 - [What's the difference between code-server and Theia?](#whats-the-difference-between-code-server-and-theia)
 - [What's the difference between code-server and OpenVSCode-Server?](#whats-the-difference-between-code-server-and-openvscode-server)
 - [What's the difference between code-server and GitHub Codespaces?](#whats-the-difference-between-code-server-and-github-codespaces)
+- [What's the difference between code-server and VS Code web?](#whats-the-difference-between-code-server-and-vs-code-web)
 - [Does code-server have any security login validation?](#does-code-server-have-any-security-login-validation)
 - [Are there community projects involving code-server?](#are-there-community-projects-involving-code-server)
 - [How do I change the port?](#how-do-i-change-the-port)
@@ -322,12 +323,8 @@ As long as there is an active browser connection, code-server touches
 `~/.local/share/code-server/heartbeat` once a minute.
 
 If you want to shutdown code-server if there hasn't been an active connection
-after a predetermined amount of time, you can do so by checking continuously for
-the last modified time on the heartbeat file. If it is older than X minutes (or
-whatever amount of time you'd like), you can kill code-server.
-
-Eventually, [#1636](https://github.com/coder/code-server/issues/1636) will make
-this process better.
+after a predetermined amount of time, you can use the --idle-timeout-seconds flag
+or set an `CODE_SERVER_IDLE_TIMEOUT_SECONDS` environment variable.
 
 ## How do I change the password?
 
@@ -383,6 +380,9 @@ mount into `/home/coder/myproject` from inside the `code-server` container. You
 need to make sure the Docker daemon's `/home/coder/myproject` is the same as the
 one mounted inside the `code-server` container, and the mount will work.
 
+If you want Docker enabled when deploying on Kubernetes, look at the `values.yaml`
+file for the 3 fields: `extraVars`, `lifecycle.postStart`, and `extraContainers`.
+
 ## How do I disable telemetry?
 
 Use the `--disable-telemetry` flag to disable telemetry.
@@ -440,6 +440,8 @@ Specific changes include:
 - The ability to use your own marketplace and collect your own telemetry
 - Built-in proxy for accessing ports on the remote machine integrated into
   VS Code's ports panel
+- Settings are stored on disk like desktop VS Code, instead of in browser
+  storage (note that state is still stored in browser storage).
 - Wrapper process that spawns VS Code on-demand and has a separate CLI
 - Notification when updates are available
 - [Some other things](https://github.com/coder/code-server/tree/main/patches)
@@ -448,6 +450,12 @@ Some of these changes appear very unlikely to ever be adopted by Microsoft.
 Some may make their way upstream, further closing the gap, but at the moment it
 looks like there will always be some subtle differences.
 
+## What's the difference between code-server and VS Code web?
+
+VS Code web (which can be ran using `code serve-web`) has the same differences
+as the Codespaces section above. VS Code web can be a better choice if you need
+access to the official Microsoft marketplace.
+
 ## Does code-server have any security login validation?
 
 code-server supports setting a single password and limits logins to two per

docs/README.md

@@ -1,6 +1,6 @@
 # code-server
 
-[!["GitHub Discussions"](https://img.shields.io/badge/%20GitHub-%20Discussions-gray.svg?longCache=true&logo=github&colorB=purple)](https://github.com/coder/code-server/discussions) [!["Join us on Slack"](https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen)](https://coder.com/community) [![Twitter Follow](https://img.shields.io/twitter/follow/CoderHQ?label=%40CoderHQ&style=social)](https://twitter.com/coderhq) [![codecov](https://codecov.io/gh/coder/code-server/branch/main/graph/badge.svg?token=5iM9farjnC)](https://codecov.io/gh/coder/code-server) [![See latest](https://img.shields.io/static/v1?label=Docs&message=see%20latest&color=blue)](https://coder.com/docs/code-server/latest)
+[!["GitHub Discussions"](https://img.shields.io/badge/%20GitHub-%20Discussions-gray.svg?longCache=true&logo=github&colorB=purple)](https://github.com/coder/code-server/discussions) [!["Join us on Slack"](https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen)](https://coder.com/community) [![Twitter Follow](https://img.shields.io/twitter/follow/CoderHQ?label=%40CoderHQ&style=social)](https://twitter.com/coderhq) [![Discord](https://img.shields.io/discord/747933592273027093)](https://discord.com/invite/coder) [![codecov](https://codecov.io/gh/coder/code-server/branch/main/graph/badge.svg?token=5iM9farjnC)](https://codecov.io/gh/coder/code-server) [![See latest](https://img.shields.io/static/v1?label=Docs&message=see%20latest&color=blue)](https://coder.com/docs/code-server/latest)
 
 Run [VS Code](https://github.com/Microsoft/vscode) on any machine anywhere and
 access it in the browser.
@@ -24,7 +24,7 @@ on how to set up a Google VM on which you can install code-server.
 
 ## Getting started
 
-There are four ways to get started:
+There are five ways to get started:
 
 1. Using the [install
    script](https://github.com/coder/code-server/blob/main/install.sh), which
@@ -35,6 +35,9 @@ There are four ways to get started:
 3. Deploy code-server to your team with [coder/coder](https://cdr.co/coder-github)
 4. Using our one-click buttons and guides to [deploy code-server to a cloud
    provider](https://github.com/coder/deploy-code-server) ⚡
+5. Using the [code-server feature for
+   devcontainers](https://github.com/coder/devcontainer-features/blob/main/src/code-server/README.md),
+   if you already use devcontainers in your project.
 
 If you use the install script, you can preview what occurs during the install
 process:

docs/android.md

@@ -11,11 +11,11 @@ curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash
 ```
 
 6. Exit the terminal using `exit` and then reopen the terminal
-7. Install and use Node.js 20:
+7. Install and use Node.js 22:
 
 ```shell
-nvm install 18
-nvm use 18
+nvm install 22
+nvm use 22
 ```
 
 8. Install code-server globally on device with: `npm install --global code-server`

docs/guide.md

@@ -21,6 +21,10 @@
   - [Proxying to an Angular app](#proxying-to-an-angular-app)
   - [Proxying to a Svelte app](#proxying-to-a-svelte-app)
   - [Prefixing `/absproxy/<port>` with a path](#prefixing-absproxyport-with-a-path)
+  - [Preflight requests](#preflight-requests)
+- [Internationalization and customization](#internationalization-and-customization)
+  - [Available keys and placeholders](#available-keys-and-placeholders)
+  - [Legacy flag](#legacy-flag)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 <!-- prettier-ignore-end -->
@@ -119,22 +123,22 @@ access code-server on an iPad or do not want to use SSH port forwarding.
 
 1. This option requires that the remote machine be exposed to the internet. Make sure that your instance allows HTTP/HTTPS traffic.
 
-1. You'll need a domain name (if you don't have one, you can purchase one from
+2. You'll need a domain name (if you don't have one, you can purchase one from
    [Google Domains](https://domains.google.com) or the domain service of your
-   choice)). Once you have a domain name, add an A record to your domain that contains your
+   choice). Once you have a domain name, add an A record to your domain that contains your
    instance's IP address.
 
-1. Install [Caddy](https://caddyserver.com/docs/download#debian-ubuntu-raspbian):
+3. Install [Caddy](https://caddyserver.com/docs/download#debian-ubuntu-raspbian):
 
-```console
-sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
-curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
-curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
-sudo apt update
-sudo apt install caddy
-```
+   ```console
+   sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
+   curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+   curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
+   sudo apt update
+   sudo apt install caddy
+   ```
 
-1. Replace `/etc/caddy/Caddyfile` using `sudo` so that the file looks like this:
+4. Replace `/etc/caddy/Caddyfile` using `sudo` so that the file looks like this:
 
    ```text
    mydomain.com {
@@ -153,7 +157,7 @@ sudo apt install caddy
 
    Remember to replace `mydomain.com` with your domain name!
 
-1. Reload Caddy:
+5. Reload Caddy:
 
    ```console
    sudo systemctl reload caddy
@@ -164,21 +168,22 @@ At this point, you should be able to access code-server via
 
 ### Using Let's Encrypt with NGINX
 
-1. This option requires that the remote machine be exposed to the internet. Make sure that your instance allows HTTP/HTTPS traffic.
+1. This option requires that the remote machine be exposed to the internet. Make
+   sure that your instance allows HTTP/HTTPS traffic.
 
-1. You'll need a domain name (if you don't have one, you can purchase one from
+2. You'll need a domain name (if you don't have one, you can purchase one from
    [Google Domains](https://domains.google.com) or the domain service of your
-   choice)). Once you have a domain name, add an A record to your domain that contains your
+   choice). Once you have a domain name, add an A record to your domain that contains your
    instance's IP address.
 
-1. Install NGINX:
+3. Install NGINX:
 
    ```bash
    sudo apt update
    sudo apt install -y nginx certbot python3-certbot-nginx
    ```
 
-1. Update `/etc/nginx/sites-available/code-server` using sudo with the following
+4. Update `/etc/nginx/sites-available/code-server` using sudo with the following
    configuration:
 
    ```text
@@ -199,13 +204,11 @@ At this point, you should be able to access code-server via
 
    Be sure to replace `mydomain.com` with your domain name!
 
-1. Enable the config:
-
+5. Enable the config:
    ```console
    sudo ln -s ../sites-available/code-server /etc/nginx/sites-enabled/code-server
    sudo certbot --non-interactive --redirect --agree-tos --nginx -d mydomain.com -m me@example.com
    ```
-
    Be sure to replace `me@example.com` with your actual email.
 
 At this point, you should be able to access code-server via
@@ -271,9 +274,9 @@ should see OSSStatus: 9836 in the browser console.
 If you want to use external authentication mechanism (e.g., Sign in with
 Google), you can do this with a reverse proxy such as:
 
-- [Pomerium](https://www.pomerium.io/guides/code-server.html)
-- [oauth2_proxy](https://github.com/pusher/oauth2_proxy)
-- [Cloudflare Access](https://teams.cloudflare.com/access)
+- [Pomerium](https://www.pomerium.com/docs/guides/code-server.html)
+- [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/)
+- [Cloudflare Access](https://www.cloudflare.com/zero-trust/products/access/)
 
 ## HTTPS and self-signed certificates
 
@@ -292,7 +295,9 @@ redirect all HTTP requests to HTTPS.
 > You can use [Let's Encrypt](https://letsencrypt.org/) to get a TLS certificate
 > for free.
 
-Note: if you set `proxy_set_header Host $host;` in your reverse proxy config, it will change the address displayed in the green section of code-server in the bottom left to show the correct address.
+Note: if you set `proxy_set_header Host $host;` in your reverse proxy config, it
+will change the address displayed in the green section of code-server in the
+bottom left to show the correct address.
 
 ## Accessing web services
 
@@ -378,14 +383,16 @@ PUBLIC_URL=/absproxy/3000 \
   BROWSER=none yarn start
 ```
 
-You should then be able to visit `https://my-code-server-address.io/absproxy/3000` to see your app exposed through
-code-server!
+You should then be able to visit
+`https://my-code-server-address.io/absproxy/3000` to see your app exposed
+through code-server.
 
 > We highly recommend using the subdomain approach instead to avoid this class of issue.
 
 ### Proxying to a Vue app
 
-Similar to the situation with React apps, you have to make a few modifications to proxy a Vue app.
+Similar to the situation with React apps, you have to make a few modifications
+to proxy a Vue app.
 
 1. add `vue.config.js`
 2. update the values to match this (you can use any free port):
@@ -406,7 +413,8 @@ Read more about `publicPath` in the [Vue.js docs](https://cli.vuejs.org/config/#
 
 ### Proxying to an Angular app
 
-In order to use code-server's built-in proxy with Angular, you need to make the following changes in your app:
+In order to use code-server's built-in proxy with Angular, you need to make the
+following changes in your app:
 
 1. use `<base href="./.">` in `src/index.html`
 2. add `--serve-path /absproxy/4200` to `ng serve` in your `package.json`
@@ -415,7 +423,8 @@ For additional context, see [this GitHub Discussion](https://github.com/coder/co
 
 ### Proxying to a Svelte app
 
-In order to use code-server's built-in proxy with Svelte, you need to make the following changes in your app:
+In order to use code-server's built-in proxy with Svelte, you need to make the
+following changes in your app:
 
 1. Add `svelte.config.js` if you don't already have one
 2. Update the values to match this (you can use any free port):
@@ -436,9 +445,68 @@ For additional context, see [this Github Issue](https://github.com/sveltejs/kit/
 
 ### Prefixing `/absproxy/<port>` with a path
 
-This is a case where you need to serve an application via `absproxy` as explained above while serving `codeserver` itself from a path other than the root in your domain.
+This is a case where you need to serve an application via `absproxy` as
+explained above while serving code-server itself from a path other than the root
+in your domain.
 
-For example: `http://my-code-server.com/user/123/workspace/my-app`. To achieve this result:
+For example: `http://my-code-server.com/user/123/workspace/my-app`. To achieve
+this result:
 
-1. Start code server with the switch `--abs-proxy-base-path=/user/123/workspace`
+1. Start code-server with the switch `--abs-proxy-base-path=/user/123/workspace`
 2. Follow one of the instructions above for your framework.
+
+### Preflight requests
+
+By default, if you have auth enabled, code-server will authenticate all proxied
+requests including preflight requests. This can cause issues because preflight
+requests do not typically include credentials. To allow all preflight requests
+through the proxy without authentication, use `--skip-auth-preflight`.
+
+## Internationalization and customization
+
+code-server allows you to provide a JSON file to configure certain strings. This
+can be used for both internationalization and customization.
+
+Create a JSON file with your custom strings:
+
+```json
+{
+  "WELCOME": "Welcome to {{app}}",
+  "LOGIN_TITLE": "{{app}} Access Portal",
+  "LOGIN_BELOW": "Please log in to continue",
+  "PASSWORD_PLACEHOLDER": "Enter Password"
+}
+```
+
+Then reference the file:
+
+```shell
+code-server --i18n /path/to/custom-strings.json
+```
+
+Or this can be done in the config file:
+
+```yaml
+i18n: /path/to/custom-strings.json
+```
+
+You can combine this with the `--locale` flag to configure language support for
+both code-server and VS Code in cases where code-server has no support but VS
+Code does. If you are using this for internationalization, please consider
+sending us a pull request to contribute it to `src/node/i18n/locales`.
+
+### Available keys and placeholders
+
+Refer to [../src/node/i18n/locales/en.json](../src/node/i18n/locales/en.json)
+for a full list of the available keys for translations. Note that the only
+placeholders supported for each key are the ones used in the default string.
+
+The `--app-name` flag controls the `{{app}}` placeholder in templates. If you
+want to change the name, you can either:
+
+1. Set `--app-name` (potentially alongside `--i18n`)
+2. Use `--i18n` and hardcode the name in your strings
+
+### Legacy flag
+
+The `--welcome-text` flag is now deprecated. Use the `WELCOME` key instead.

docs/install.md

@@ -82,13 +82,11 @@ _exact_ same commands presented in the rest of this document.
 - For Arch Linux, code-server will install the AUR package.
 - For any unrecognized Linux operating system, code-server will install the
   latest standalone release into `~/.local`.
-
   - Ensure that you add `~/.local/bin` to your `$PATH` to run code-server.
 
 - For macOS, code-server will install the Homebrew package (if you don't have
   Homebrew installed, code-server will install the latest standalone release
   into `~/.local`).
-
   - Ensure that you add `~/.local/bin` to your `$PATH` to run code-server.
 
 - For FreeBSD, code-server will install the [npm package](#npm) with `npm`

docs/npm.md

@@ -30,7 +30,7 @@ includes installing instructions based on your operating system.
 ## Node.js version
 
 We use the same major version of Node.js shipped with Code's remote, which is
-currently `20.x`. VS Code also [lists Node.js
+currently `22.x`. VS Code also [lists Node.js
 requirements](https://github.com/microsoft/vscode/wiki/How-to-Contribute#prerequisites).
 
 Using other versions of Node.js [may lead to unexpected
@@ -62,8 +62,7 @@ Proceed to [installing](#installing)
 ## Alpine
 
 ```bash
-apk add alpine-sdk bash libstdc++ libc6-compat
-npm config set python python3
+apk add alpine-sdk bash libstdc++ libc6-compat python3 krb5-dev
 ```
 
 Proceed to [installing](#installing)
@@ -79,7 +78,7 @@ Proceed to [installing](#installing)
 ## FreeBSD
 
 ```sh
-pkg install -y git python npm-node20 pkgconf
+pkg install -y git python npm-node22 pkgconf
 pkg install -y libinotify
 ```
 

docs/termux.md

@@ -57,7 +57,7 @@ npm config set python python3
 node -v
 ```
 
-you will get Node version `v20`
+you will get Node version `v22`
 
 5. Now install code-server following our guide on [installing with npm](./npm.md)
 

flake.lock

@@ -5,11 +5,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1726560853,
-        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
         "type": "github"
       },
       "original": {
@@ -20,11 +20,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1730359060,
-        "narHash": "sha256-Hkk0mf4pgvX9Ut0YA397nsFqMLhzFVBdFHc4PhBrxYE=",
+        "lastModified": 1739303263,
+        "narHash": "sha256-c/Z/6gZLN8BIpYh1B3qMzEn0TArjf4F2lmy59lDLVBM=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "e19cfce6f3f08d07653157d8826f5c920c770d7b",
+        "rev": "6cc4213488e886db863878a1e3dc26cc932d38b8",
         "type": "github"
       },
       "original": {

flake.nix

@@ -10,10 +10,11 @@
     flake-utils.lib.eachDefaultSystem
       (system:
         let pkgs = nixpkgs.legacyPackages.${system};
-            nodejs = pkgs.nodejs_20;
+            nodejs = pkgs.nodejs_22;
         in {
           devShells.default = pkgs.mkShell {
             nativeBuildInputs = with pkgs; [
+              imagemagick
               nodejs
               python3
               pkg-config

lib/vscode

@@ -1 +1 @@
-Subproject commit f1a4fb101478ce6ec82fe9627c43efbf9e98c813
+Subproject commit bf9252a2fb45be6893dd8870c0bf37e2e1766d61

package.json

@@ -30,7 +30,7 @@
     "publish:docker": "./ci/steps/docker-buildx-push.sh",
     "fmt": "npm run prettier && ./ci/dev/doctoc.sh",
     "lint:scripts": "./ci/dev/lint-scripts.sh",
-    "lint:ts": "eslint --max-warnings=0 --fix $(git ls-files '*.ts' '*.js' | grep -v 'lib/vscode' | grep -v test-plugin)",
+    "lint:ts": "eslint --max-warnings=0 --fix $(git ls-files '*.ts' '*.js' | grep -v 'lib/vscode')",
     "test": "echo 'Run npm run test:unit or npm run test:e2e' && exit 1",
     "watch": "VSCODE_DEV=1 VSCODE_IPC_HOOK_CLI= NODE_OPTIONS='--max_old_space_size=32384 --trace-warnings' ts-node ./ci/dev/watch.ts",
     "icons": "./ci/dev/gen_icons.sh"
@@ -44,10 +44,10 @@
     "@types/compression": "^1.7.3",
     "@types/cookie-parser": "^1.4.4",
     "@types/eslint__js": "^8.42.3",
-    "@types/express": "^4.17.17",
+    "@types/express": "^5.0.0",
     "@types/http-proxy": "1.17.7",
     "@types/js-yaml": "^4.0.6",
-    "@types/node": "20.x",
+    "@types/node": "22.x",
     "@types/pem": "^1.14.1",
     "@types/proxy-from-env": "^1.0.1",
     "@types/safe-compare": "^1.1.0",
@@ -57,11 +57,11 @@
     "doctoc": "^2.2.1",
     "eslint": "^9.12.0",
     "eslint-config-prettier": "^9.0.0",
-    "eslint-import-resolver-typescript": "^3.6.0",
+    "eslint-import-resolver-typescript": "^4.4.4",
     "eslint-plugin-import": "^2.28.1",
     "eslint-plugin-prettier": "^5.0.0",
-    "globals": "^15.10.0",
-    "prettier": "^3.0.3",
+    "globals": "^16.1.0",
+    "prettier": "3.6.2",
     "prettier-plugin-sh": "^0.14.0",
     "ts-node": "^10.9.1",
     "typescript": "^5.6.2",
@@ -73,24 +73,23 @@
     "compression": "^1.7.4",
     "cookie-parser": "^1.4.6",
     "env-paths": "^2.2.1",
-    "express": "5.0.0-beta.3",
+    "express": "^5.0.1",
     "http-proxy": "^1.18.1",
     "httpolyglot": "^0.1.2",
-    "i18next": "^23.5.1",
+    "i18next": "^25.3.0",
     "js-yaml": "^4.1.0",
     "limiter": "^2.1.0",
     "pem": "^1.14.8",
     "proxy-agent": "^6.3.1",
-    "qs": "6.13.0",
+    "qs": "6.14.0",
     "rotating-file-stream": "^3.1.1",
-    "safe-buffer": "^5.2.1",
     "safe-compare": "^1.1.4",
     "semver": "^7.5.4",
     "ws": "^8.14.2",
     "xdg-basedir": "^4.0.0"
   },
   "resolutions": {
-    "@types/node": "20.x"
+    "@types/node": "22.x"
   },
   "bin": {
     "code-server": "out/node/entry.js"
@@ -105,7 +104,7 @@
     "remote-development"
   ],
   "engines": {
-    "node": "20"
+    "node": "22"
   },
   "jest": {
     "transform": {

patches/base-path.diff

@@ -10,7 +10,7 @@ Index: code-server/lib/vscode/src/vs/base/common/network.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/network.ts
 +++ code-server/lib/vscode/src/vs/base/common/network.ts
-@@ -220,7 +220,9 @@ class RemoteAuthoritiesImpl {
+@@ -237,7 +237,9 @@ class RemoteAuthoritiesImpl {
  		return URI.from({
  			scheme: platform.isWeb ? this._preferredWebSchema : Schemas.vscodeRemoteResource,
  			authority: `${host}:${port}`,
@@ -99,33 +99,38 @@ Index: code-server/lib/vscode/src/vs/platform/remote/browser/browserSocketFactor
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/remote/browser/browserSocketFactory.ts
 +++ code-server/lib/vscode/src/vs/platform/remote/browser/browserSocketFactory.ts
-@@ -281,6 +281,7 @@ export class BrowserSocketFactory implem
+@@ -282,6 +282,7 @@ export class BrowserSocketFactory implem
  	connect({ host, port }: WebSocketRemoteConnection, path: string, query: string, debugLabel: string): Promise<ISocket> {
  		return new Promise<ISocket>((resolve, reject) => {
  			const webSocketSchema = (/^https:/.test(mainWindow.location.href) ? 'wss' : 'ws');
 +			path = (mainWindow.location.pathname + "/" + path).replace(/\/\/+/g, "/")
  			const socket = this._webSocketFactory.create(`${webSocketSchema}://${(/:/.test(host) && !/\[/.test(host)) ? `[${host}]` : host}:${port}${path}?${query}&skipWebSocketFrames=false`, debugLabel);
- 			const errorListener = socket.onError(reject);
- 			socket.onOpen(() => {
+ 			const disposables = new DisposableStore();
+ 			disposables.add(socket.onError(reject));
 Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -271,16 +271,15 @@ export class WebClientServer {
- 			return void res.end();
- 		}
+@@ -245,7 +245,9 @@ export class WebClientServer {
+ 		};
+ 
+ 		// Prefix routes with basePath for clients
+-		const basePath = getFirstHeader('x-forwarded-prefix') || this._basePath;
++		const rootBase = relativeRoot(getOriginalUrl(req))
++		const vscodeBase = relativePath(getOriginalUrl(req))
++		const basePath = vscodeBase || getFirstHeader('x-forwarded-prefix') || this._basePath;
+ 
+ 		const queryConnectionToken = parsedUrl.query[connectionTokenQueryName];
+ 		if (typeof queryConnectionToken === 'string') {
+@@ -284,10 +286,14 @@ export class WebClientServer {
+ 		};
  
--		const getFirstHeader = (headerName: string) => {
--			const val = req.headers[headerName];
--			return Array.isArray(val) ? val[0] : val;
--		};
--
  		const useTestResolver = (!this._environmentService.isBuilt && this._environmentService.args['use-test-resolver']);
 +		// For now we are getting the remote authority from the client to avoid
 +		// needing specific configuration for reverse proxies to work.  Set this to
 +		// something invalid to make sure we catch code that is using this value
 +		// from the backend when it should not.
- 		const remoteAuthority = (
+ 		let remoteAuthority = (
  			useTestResolver
  				? 'test+test'
 -				: (getFirstHeader('x-original-host') || getFirstHeader('x-forwarded-host') || req.headers.host)
@@ -133,43 +138,26 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
  		);
  		if (!remoteAuthority) {
  			return serveError(req, res, 400, `Bad request.`);
-@@ -307,8 +306,12 @@ export class WebClientServer {
- 			scopes: [['user:email'], ['repo']]
- 		} : undefined;
+@@ -334,6 +340,7 @@ export class WebClientServer {
  
-+		const base = relativeRoot(getOriginalUrl(req))
-+		const vscodeBase = relativePath(getOriginalUrl(req))
-+
- 		const productConfiguration = {
+ 		const productConfiguration: Partial<Mutable<IProductConfiguration>> = {
  			codeServerVersion: this._productService.codeServerVersion,
-+			rootEndpoint: base,
++			rootEndpoint: rootBase,
  			embedderIdentifier: 'server-distro',
  			extensionsGallery: this._webExtensionResourceUrlTemplate && this._productService.extensionsGallery ? {
  				...this._productService.extensionsGallery,
-@@ -337,7 +340,7 @@ export class WebClientServer {
- 			folderUri: resolveWorkspaceURI(this._environmentService.args['default-folder']),
- 			workspaceUri: resolveWorkspaceURI(this._environmentService.args['default-workspace']),
- 			productConfiguration,
--			callbackRoute: this._callbackRoute
-+			callbackRoute: vscodeBase + this._callbackRoute
- 		};
- 
- 		const cookies = cookie.parse(req.headers.cookie || '');
-@@ -354,9 +357,11 @@ export class WebClientServer {
- 		const values: { [key: string]: string } = {
- 			WORKBENCH_WEB_CONFIGURATION: asJSON(workbenchWebConfiguration),
+@@ -387,7 +394,9 @@ export class WebClientServer {
  			WORKBENCH_AUTH_SESSION: authSessionInfo ? asJSON(authSessionInfo) : '',
--			WORKBENCH_WEB_BASE_URL: this._staticRoute,
-+			WORKBENCH_WEB_BASE_URL: vscodeBase + this._staticRoute,
+ 			WORKBENCH_WEB_BASE_URL: staticRoute,
  			WORKBENCH_NLS_URL,
--			WORKBENCH_NLS_FALLBACK_URL: `${this._staticRoute}/out/nls.messages.js`
-+			WORKBENCH_NLS_FALLBACK_URL: `${vscodeBase}${this._staticRoute}/out/nls.messages.js`,
-+			BASE: base,
-+			VS_BASE: vscodeBase,
+-			WORKBENCH_NLS_FALLBACK_URL: `${staticRoute}/out/nls.messages.js`
++			WORKBENCH_NLS_FALLBACK_URL: `${staticRoute}/out/nls.messages.js`,
++			BASE: rootBase,
++			VS_BASE: basePath,
  		};
  
  		// DEV ---------------------------------------------------------------------------------------
-@@ -393,7 +398,7 @@ export class WebClientServer {
+@@ -424,7 +433,7 @@ export class WebClientServer {
  			'default-src \'self\';',
  			'img-src \'self\' https: data: blob:;',
  			'media-src \'self\';',
@@ -178,7 +166,7 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
  			'child-src \'self\';',
  			`frame-src 'self' https://*.vscode-cdn.net data:;`,
  			'worker-src \'self\' data: blob:;',
-@@ -466,3 +471,70 @@ export class WebClientServer {
+@@ -497,3 +506,70 @@ export class WebClientServer {
  		return void res.end(data);
  	}
  }
@@ -253,7 +241,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -56,6 +56,7 @@ export type ExtensionVirtualWorkspaceSup
+@@ -65,6 +65,7 @@ export type ExtensionVirtualWorkspaceSup
  
  export interface IProductConfiguration {
  	readonly codeServerVersion?: string
@@ -265,7 +253,7 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench.ts
 +++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
-@@ -317,7 +317,8 @@ class LocalStorageURLCallbackProvider ex
+@@ -339,7 +339,8 @@ class LocalStorageURLCallbackProvider ex
  			this.startListening();
  		}
  
@@ -275,7 +263,7 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
  	}
  
  	private startListening(): void {
-@@ -563,17 +564,6 @@ class WorkspaceProvider implements IWork
+@@ -584,17 +585,6 @@ class WorkspaceProvider implements IWork
  	}
  }
  
@@ -293,7 +281,7 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
  (function () {
  
  	// Find config by checking for DOM
-@@ -582,8 +572,8 @@ function readCookie(name: string): strin
+@@ -604,8 +594,8 @@ function readCookie(name: string): strin
  	if (!configElement || !configElementAttribute) {
  		throw new Error('Missing web configuration element');
  	}
@@ -308,7 +296,7 @@ Index: code-server/lib/vscode/src/vs/platform/extensionResourceLoader/common/ext
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
 +++ code-server/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
-@@ -98,7 +98,7 @@ export abstract class AbstractExtensionR
+@@ -120,7 +120,7 @@ export abstract class AbstractExtensionR
  					: version,
  				path: 'extension'
  			}));

patches/cli-window-open.diff

@@ -17,7 +17,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTe
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
-@@ -106,10 +106,14 @@ class RemoteTerminalBackend extends Base
+@@ -107,10 +107,14 @@ class RemoteTerminalBackend extends Base
  			}
  			const reqId = e.reqId;
  			const commandId = e.commandId;

patches/clipboard.diff

@@ -26,7 +26,7 @@ Index: code-server/lib/vscode/src/vs/workbench/api/node/extHostCLIServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/api/node/extHostCLIServer.ts
 +++ code-server/lib/vscode/src/vs/workbench/api/node/extHostCLIServer.ts
-@@ -43,7 +43,12 @@ export interface ExtensionManagementPipe
+@@ -44,7 +44,12 @@ export interface ExtensionManagementPipe
  	force?: boolean;
  }
  
@@ -40,7 +40,7 @@ Index: code-server/lib/vscode/src/vs/workbench/api/node/extHostCLIServer.ts
  
  export interface ICommandsExecuter {
  	executeCommand<T>(id: string, ...args: any[]): Promise<T>;
-@@ -105,6 +110,9 @@ export class CLIServerBase {
+@@ -106,6 +111,9 @@ export class CLIServerBase {
  					case 'extensionManagement':
  						returnObj = await this.manageExtensions(data);
  						break;
@@ -50,7 +50,7 @@ Index: code-server/lib/vscode/src/vs/workbench/api/node/extHostCLIServer.ts
  					default:
  						sendResponse(404, `Unknown message type: ${data.type}`);
  						break;
-@@ -172,6 +180,10 @@ export class CLIServerBase {
+@@ -173,6 +181,10 @@ export class CLIServerBase {
  		return await this._commands.executeCommand<string | undefined>('_remoteCLI.getSystemStatus');
  	}
  
@@ -65,7 +65,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTe
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
-@@ -97,7 +97,7 @@ class RemoteTerminalBackend extends Base
+@@ -98,7 +98,7 @@ class RemoteTerminalBackend extends Base
  			}
  		});
  
@@ -78,19 +78,19 @@ Index: code-server/lib/vscode/src/vs/platform/environment/common/argv.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/environment/common/argv.ts
 +++ code-server/lib/vscode/src/vs/platform/environment/common/argv.ts
-@@ -119,6 +119,7 @@ export interface NativeParsedArgs {
+@@ -137,6 +137,7 @@ export interface NativeParsedArgs {
+ 	'disable-chromium-sandbox'?: boolean;
  	sandbox?: boolean;
- 
  	'enable-coi'?: boolean;
 +	'stdin-to-clipboard'?: boolean;
- 
- 	// chromium command line args: https://electronjs.org/docs/all#supported-chrome-command-line-switches
- 	'no-proxy-server'?: boolean;
+ 	'unresponsive-sample-interval'?: string;
+ 	'unresponsive-sample-period'?: string;
+ 	'enable-rdp-display-tracking'?: boolean;
 Index: code-server/lib/vscode/src/vs/platform/environment/node/argv.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/environment/node/argv.ts
 +++ code-server/lib/vscode/src/vs/platform/environment/node/argv.ts
-@@ -90,6 +90,7 @@ export const OPTIONS: OptionDescriptions
+@@ -105,6 +105,7 @@ export const OPTIONS: OptionDescriptions
  	'user-data-dir': { type: 'string', cat: 'o', args: 'dir', description: localize('userDataDir', "Specifies the directory that user data is kept in. Can be used to open multiple distinct instances of Code.") },
  	'profile': { type: 'string', 'cat': 'o', args: 'profileName', description: localize('profileName', "Opens the provided folder or workspace with the given profile and associates the profile with the workspace. If the profile does not exist, a new empty one is created.") },
  	'help': { type: 'boolean', cat: 'o', alias: 'h', description: localize('help', "Print usage.") },
@@ -102,7 +102,7 @@ Index: code-server/lib/vscode/src/vs/server/node/server.cli.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/server.cli.ts
 +++ code-server/lib/vscode/src/vs/server/node/server.cli.ts
-@@ -76,6 +76,7 @@ const isSupportedForPipe = (optionId: ke
+@@ -77,6 +77,7 @@ const isSupportedForPipe = (optionId: ke
  		case 'verbose':
  		case 'remote':
  		case 'locate-shell-integration-path':
@@ -110,7 +110,7 @@ Index: code-server/lib/vscode/src/vs/server/node/server.cli.ts
  			return true;
  		default:
  			return false;
-@@ -293,6 +294,22 @@ export async function main(desc: Product
+@@ -295,6 +296,22 @@ export async function main(desc: Product
  			}
  		}
  	} else {
@@ -131,5 +131,5 @@ Index: code-server/lib/vscode/src/vs/server/node/server.cli.ts
 +		}
 +
  		if (parsedArgs.status) {
- 			sendToPipe({
+ 			await sendToPipe({
  				type: 'status'

patches/disable-builtin-ext-update.diff

@@ -7,7 +7,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsWorkbenchService.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsWorkbenchService.ts
-@@ -315,6 +315,10 @@ export class Extension implements IExten
+@@ -341,6 +341,10 @@ export class Extension implements IExten
  			if (this.type === ExtensionType.System && this.productService.quality === 'stable') {
  				return false;
  			}

patches/display-language.diff

@@ -11,16 +11,16 @@ Index: code-server/lib/vscode/src/vs/server/node/serverServices.ts
 +++ code-server/lib/vscode/src/vs/server/node/serverServices.ts
 @@ -12,7 +12,7 @@ import * as path from '../../base/common
  import { IURITransformer } from '../../base/common/uriIpc.js';
- import { getMachineId, getSqmMachineId, getdevDeviceId } from '../../base/node/id.js';
+ import { getMachineId, getSqmMachineId, getDevDeviceId } from '../../base/node/id.js';
  import { Promises } from '../../base/node/pfs.js';
 -import { ClientConnectionEvent, IMessagePassingProtocol, IPCServer, StaticRouter } from '../../base/parts/ipc/common/ipc.js';
 +import { ClientConnectionEvent, IMessagePassingProtocol, IPCServer, ProxyChannel, StaticRouter } from '../../base/parts/ipc/common/ipc.js';
  import { ProtocolConstants } from '../../base/parts/ipc/common/ipc.net.js';
  import { IConfigurationService } from '../../platform/configuration/common/configuration.js';
  import { ConfigurationService } from '../../platform/configuration/common/configurationService.js';
-@@ -243,6 +243,9 @@ export async function setupServerService
- 		const channel = new ExtensionManagementChannel(extensionManagementService, (ctx: RemoteAgentConnectionContext) => getUriTransformer(ctx.remoteAuthority));
- 		socketServer.registerChannel('extensions', channel);
+@@ -272,6 +272,9 @@ export async function setupServerService
+ 
+ 		socketServer.registerChannel('mcpManagement', new McpManagementChannel(mcpManagementService, (ctx: RemoteAgentConnectionContext) => getUriTransformer(ctx.remoteAuthority)));
  
 +		const languagePackChannel = ProxyChannel.fromService<RemoteAgentConnectionContext>(accessor.get(ILanguagePackService), disposables);
 +		socketServer.registerChannel('languagePacks', languagePackChannel);
@@ -32,7 +32,7 @@ Index: code-server/lib/vscode/src/vs/platform/environment/common/environmentServ
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/environment/common/environmentService.ts
 +++ code-server/lib/vscode/src/vs/platform/environment/common/environmentService.ts
-@@ -101,7 +101,7 @@ export abstract class AbstractNativeEnvi
+@@ -98,7 +98,7 @@ export abstract class AbstractNativeEnvi
  			return URI.file(join(vscodePortable, 'argv.json'));
  		}
  
@@ -153,31 +153,15 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -26,6 +26,7 @@ import { URI } from '../../base/common/u
+@@ -25,6 +25,7 @@ import { URI } from '../../base/common/u
  import { streamToBuffer } from '../../base/common/buffer.js';
  import { IProductConfiguration } from '../../base/common/product.js';
- import { isString } from '../../base/common/types.js';
+ import { isString, Mutable } from '../../base/common/types.js';
 +import { getLocaleFromConfig, getBrowserNLSConfiguration } from './remoteLanguagePacks.js';
  import { CharCode } from '../../base/common/charCode.js';
  import { IExtensionManifest } from '../../platform/extensions/common/extensions.js';
  import { ICSSDevelopmentService } from '../../platform/cssDev/node/cssDevService.js';
-@@ -98,6 +99,7 @@ export class WebClientServer {
- 	private readonly _webExtensionResourceUrlTemplate: URI | undefined;
- 
- 	private readonly _staticRoute: string;
-+	private readonly _serverRoot: string;
- 	private readonly _callbackRoute: string;
- 	private readonly _webExtensionRoute: string;
- 
-@@ -113,6 +115,7 @@ export class WebClientServer {
- 	) {
- 		this._webExtensionResourceUrlTemplate = this._productService.extensionsGallery?.resourceUrlTemplate ? URI.parse(this._productService.extensionsGallery.resourceUrlTemplate) : undefined;
- 
-+		this._serverRoot = serverRootPath;
- 		this._staticRoute = `${serverRootPath}/static`;
- 		this._callbackRoute = `${serverRootPath}/callback`;
- 		this._webExtensionRoute = `/web-extension-resource`;
-@@ -351,14 +354,22 @@ export class WebClientServer {
+@@ -385,14 +386,22 @@ export class WebClientServer {
  		};
  
  		const cookies = cookie.parse(req.headers.cookie || '');
@@ -193,7 +177,7 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 +			try {
 +				const nlsFile = await getBrowserNLSConfiguration(locale, this._environmentService.userDataPath);
 +				WORKBENCH_NLS_URL = nlsFile
-+					? `${vscodeBase}${this._serverRoot}/vscode-remote-resource?path=${encodeURIComponent(nlsFile)}`
++					? `${vscodeBase}/vscode-remote-resource?path=${encodeURIComponent(nlsFile)}`
 +					: '';
 +			} catch (error) {
 +				console.error("Failed to generate translations", error);
@@ -206,7 +190,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 +++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
-@@ -19,6 +19,7 @@ export const serverOptions: OptionDescri
+@@ -21,6 +21,7 @@ export const serverOptions: OptionDescri
  	'disable-file-downloads': { type: 'boolean' },
  	'disable-file-uploads': { type: 'boolean' },
  	'disable-getting-started-override': { type: 'boolean' },
@@ -214,7 +198,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
  
  	/* ----- server setup ----- */
  
-@@ -105,6 +106,7 @@ export interface ServerParsedArgs {
+@@ -110,6 +111,7 @@ export interface ServerParsedArgs {
  	'disable-file-downloads'?: boolean;
  	'disable-file-uploads'?: boolean;
  	'disable-getting-started-override'?: boolean,
@@ -260,10 +244,10 @@ Index: code-server/lib/vscode/src/vs/platform/languagePacks/browser/languagePack
 +		return this.languagePackService.getInstalledLanguages()
  	}
  }
-Index: code-server/lib/vscode/src/vs/workbench/services/localization/electron-sandbox/localeService.ts
+Index: code-server/lib/vscode/src/vs/workbench/services/localization/electron-browser/localeService.ts
 ===================================================================
---- code-server.orig/lib/vscode/src/vs/workbench/services/localization/electron-sandbox/localeService.ts
-+++ code-server/lib/vscode/src/vs/workbench/services/localization/electron-sandbox/localeService.ts
+--- code-server.orig/lib/vscode/src/vs/workbench/services/localization/electron-browser/localeService.ts
++++ code-server/lib/vscode/src/vs/workbench/services/localization/electron-browser/localeService.ts
 @@ -51,7 +51,8 @@ class NativeLocaleService implements ILo
  		@IProductService private readonly productService: IProductService
  	) { }
@@ -288,7 +272,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsActions.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsActions.ts
-@@ -433,9 +433,6 @@ export class InstallAction extends Exten
+@@ -475,9 +475,6 @@ export class InstallAction extends Exten
  		if (this.extension.isBuiltin) {
  			return;
  		}
@@ -298,7 +282,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
  		if (this.extension.state !== ExtensionState.Uninstalled) {
  			return;
  		}
-@@ -740,7 +737,7 @@ export abstract class InstallInOtherServ
+@@ -782,7 +779,7 @@ export abstract class InstallInOtherServ
  		}
  
  		if (isLanguagePackExtension(this.extension.local.manifest)) {
@@ -307,7 +291,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
  		}
  
  		// Prefers to run on UI
-@@ -2001,17 +1998,6 @@ export class SetLanguageAction extends E
+@@ -2073,17 +2070,6 @@ export class SetLanguageAction extends E
  	update(): void {
  		this.enabled = false;
  		this.class = SetLanguageAction.DisabledClass;
@@ -325,7 +309,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
  	}
  
  	override async run(): Promise<any> {
-@@ -2028,7 +2014,6 @@ export class ClearLanguageAction extends
+@@ -2100,7 +2086,6 @@ export class ClearLanguageAction extends
  	private static readonly DisabledClass = `${this.EnabledClass} disabled`;
  
  	constructor(
@@ -333,7 +317,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
  		@ILocaleService private readonly localeService: ILocaleService,
  	) {
  		super(ClearLanguageAction.ID, ClearLanguageAction.TITLE.value, ClearLanguageAction.DisabledClass, false);
-@@ -2038,17 +2023,6 @@ export class ClearLanguageAction extends
+@@ -2110,17 +2095,6 @@ export class ClearLanguageAction extends
  	update(): void {
  		this.enabled = false;
  		this.class = ClearLanguageAction.DisabledClass;
@@ -351,28 +335,16 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
  	}
  
  	override async run(): Promise<any> {
-Index: code-server/lib/vscode/build/gulpfile.reh.js
-===================================================================
---- code-server.orig/lib/vscode/build/gulpfile.reh.js
-+++ code-server/lib/vscode/build/gulpfile.reh.js
-@@ -58,6 +58,7 @@ const serverResourceIncludes = [
- 
- 	// NLS
- 	'out-build/nls.messages.json',
-+	'out-build/nls.keys.json', // Required to generate translations.
- 
- 	// Process monitor
- 	'out-build/vs/base/node/cpuUsage.sh',
 Index: code-server/lib/vscode/src/vs/workbench/workbench.web.main.internal.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/workbench.web.main.internal.ts
 +++ code-server/lib/vscode/src/vs/workbench/workbench.web.main.internal.ts
-@@ -52,7 +52,7 @@ import './services/dialogs/browser/fileD
+@@ -55,7 +55,7 @@ import './services/dialogs/browser/fileD
  import './services/host/browser/browserHostService.js';
  import './services/lifecycle/browser/lifecycleService.js';
  import './services/clipboard/browser/clipboardService.js';
 -import './services/localization/browser/localeService.js';
-+import './services/localization/electron-sandbox/localeService.js';
++import './services/localization/electron-browser/localeService.js';
  import './services/path/browser/pathService.js';
  import './services/themes/browser/browserHostColorSchemeService.js';
  import './services/encryption/browser/encryptionService.js';

patches/external-file-actions.diff

@@ -90,7 +90,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 +++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
-@@ -16,6 +16,8 @@ export const serverOptions: OptionDescri
+@@ -18,6 +18,8 @@ export const serverOptions: OptionDescri
  	/* ----- code-server ----- */
  	'disable-update-check': { type: 'boolean' },
  	'auth': { type: 'string' },
@@ -99,7 +99,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
  
  	/* ----- server setup ----- */
  
-@@ -99,6 +101,8 @@ export interface ServerParsedArgs {
+@@ -104,6 +106,8 @@ export interface ServerParsedArgs {
  	/* ----- code-server ----- */
  	'disable-update-check'?: boolean;
  	'auth'?: string;
@@ -112,9 +112,9 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -335,6 +335,8 @@ export class WebClientServer {
- 			serverBasePath: this._basePath,
- 			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
+@@ -369,6 +369,8 @@ export class WebClientServer {
+ 			serverBasePath: basePath,
+ 			webviewEndpoint: staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
  			userDataPath: this._environmentService.userDataPath,
 +			isEnabledFileDownloads: !this._environmentService.args['disable-file-downloads'],
 +			isEnabledFileUploads: !this._environmentService.args['disable-file-uploads'],
@@ -125,13 +125,12 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/contextkeys.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
-@@ -7,11 +7,11 @@ import { Event } from '../../base/common
+@@ -6,10 +6,10 @@
  import { Disposable } from '../../base/common/lifecycle.js';
  import { IContextKeyService, IContextKey, setConstant as setConstantContextKey } from '../../platform/contextkey/common/contextkey.js';
- import { InputFocusedContext, IsMacContext, IsLinuxContext, IsWindowsContext, IsWebContext, IsMacNativeContext, IsDevelopmentContext, IsIOSContext, ProductQualityContext, IsMobileContext } from '../../platform/contextkey/common/contextkeys.js';
--import { SplitEditorsVertically, InEditorZenModeContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsMainEditorCenteredLayoutContext, MainEditorAreaVisibleContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, TitleBarVisibleContext, TitleBarStyleContext, IsAuxiliaryWindowFocusedContext, ActiveEditorGroupEmptyContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorGroupLockedContext, MultipleEditorGroupsContext, EditorsVisibleContext } from '../common/contextkeys.js';
-+import { SplitEditorsVertically, InEditorZenModeContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsMainEditorCenteredLayoutContext, MainEditorAreaVisibleContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, TitleBarVisibleContext, TitleBarStyleContext, IsAuxiliaryWindowFocusedContext, ActiveEditorGroupEmptyContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorGroupLockedContext, MultipleEditorGroupsContext, EditorsVisibleContext, IsEnabledFileDownloads, IsEnabledFileUploads } from '../common/contextkeys.js';
- import { trackFocus, addDisposableListener, EventType, onDidRegisterWindow, getActiveWindow, isEditableElement } from '../../base/browser/dom.js';
+ import { IsMacContext, IsLinuxContext, IsWindowsContext, IsWebContext, IsMacNativeContext, IsDevelopmentContext, IsIOSContext, ProductQualityContext, IsMobileContext } from '../../platform/contextkey/common/contextkeys.js';
+-import { SplitEditorsVertically, InEditorZenModeContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsMainEditorCenteredLayoutContext, MainEditorAreaVisibleContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, TitleBarVisibleContext, TitleBarStyleContext, IsAuxiliaryWindowFocusedContext, ActiveEditorGroupEmptyContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorGroupLockedContext, MultipleEditorGroupsContext, EditorsVisibleContext, AuxiliaryBarMaximizedContext, InAutomationContext } from '../common/contextkeys.js';
++import { SplitEditorsVertically, InEditorZenModeContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsMainEditorCenteredLayoutContext, MainEditorAreaVisibleContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, TitleBarVisibleContext, TitleBarStyleContext, IsAuxiliaryWindowFocusedContext, ActiveEditorGroupEmptyContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorGroupLockedContext, MultipleEditorGroupsContext, EditorsVisibleContext, AuxiliaryBarMaximizedContext, InAutomationContext, IsEnabledFileDownloads, IsEnabledFileUploads } from '../common/contextkeys.js';
  import { preferredSideBySideGroupDirection, GroupDirection, IEditorGroupsService } from '../services/editor/common/editorGroupsService.js';
  import { IConfigurationService } from '../../platform/configuration/common/configuration.js';
 -import { IWorkbenchEnvironmentService } from '../services/environment/common/environmentService.js';
@@ -139,7 +138,7 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
  import { WorkbenchState, IWorkspaceContextService, isTemporaryWorkspace } from '../../platform/workspace/common/workspace.js';
  import { IWorkbenchLayoutService, Parts, positionToString } from '../services/layout/browser/layoutService.js';
  import { getRemoteName } from '../../platform/remote/common/remoteHosts.js';
-@@ -70,7 +70,7 @@ export class WorkbenchContextKeysHandler
+@@ -69,7 +69,7 @@ export class WorkbenchContextKeysHandler
  		@IContextKeyService private readonly contextKeyService: IContextKeyService,
  		@IWorkspaceContextService private readonly contextService: IWorkspaceContextService,
  		@IConfigurationService private readonly configurationService: IConfigurationService,
@@ -148,9 +147,9 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
  		@IProductService private readonly productService: IProductService,
  		@IEditorGroupsService private readonly editorGroupService: IEditorGroupsService,
  		@IEditorService private readonly editorService: IEditorService,
-@@ -197,6 +197,10 @@ export class WorkbenchContextKeysHandler
- 		this.auxiliaryBarVisibleContext = AuxiliaryBarVisibleContext.bindTo(this.contextKeyService);
- 		this.auxiliaryBarVisibleContext.set(this.layoutService.isVisible(Parts.AUXILIARYBAR_PART));
+@@ -199,6 +199,10 @@ export class WorkbenchContextKeysHandler
+ 		this.auxiliaryBarMaximizedContext = AuxiliaryBarMaximizedContext.bindTo(this.contextKeyService);
+ 		this.auxiliaryBarMaximizedContext.set(this.layoutService.isAuxiliaryBarMaximized());
  
 +		// code-server
 +		IsEnabledFileDownloads.bindTo(this.contextKeyService).set(this.environmentService.isEnabledFileDownloads ?? true)
@@ -165,14 +164,14 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions
 +++ code-server/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions.contribution.ts
 @@ -20,7 +20,7 @@ import { CLOSE_SAVED_EDITORS_COMMAND_ID,
  import { AutoSaveAfterShortDelayContext } from '../../../services/filesConfiguration/common/filesConfigurationService.js';
- import { WorkbenchListDoubleSelection, WorkbenchTreeFindOpen } from '../../../../platform/list/browser/listService.js';
+ import { WorkbenchListDoubleSelection } from '../../../../platform/list/browser/listService.js';
  import { Schemas } from '../../../../base/common/network.js';
 -import { DirtyWorkingCopiesContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, WorkbenchStateContext, WorkspaceFolderCountContext, SidebarFocusContext, ActiveEditorCanRevertContext, ActiveEditorContext, ResourceContextKey, ActiveEditorAvailableEditorIdsContext, MultipleEditorsSelectedInGroupContext, TwoEditorsSelectedInGroupContext, SelectedEditorsInGroupFileOrUntitledResourceContextKey } from '../../../common/contextkeys.js';
 +import { IsEnabledFileDownloads, IsEnabledFileUploads, DirtyWorkingCopiesContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, WorkbenchStateContext, WorkspaceFolderCountContext, SidebarFocusContext, ActiveEditorCanRevertContext, ActiveEditorContext, ResourceContextKey, ActiveEditorAvailableEditorIdsContext, MultipleEditorsSelectedInGroupContext, TwoEditorsSelectedInGroupContext, SelectedEditorsInGroupFileOrUntitledResourceContextKey } from '../../../common/contextkeys.js';
  import { IsWebContext } from '../../../../platform/contextkey/common/contextkeys.js';
  import { ServicesAccessor } from '../../../../platform/instantiation/common/instantiation.js';
  import { ThemeIcon } from '../../../../base/common/themables.js';
-@@ -572,13 +572,16 @@ MenuRegistry.appendMenuItem(MenuId.Explo
+@@ -571,13 +571,16 @@ MenuRegistry.appendMenuItem(MenuId.Explo
  		id: DOWNLOAD_COMMAND_ID,
  		title: DOWNLOAD_LABEL
  	},
@@ -196,7 +195,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions
  	)
  }));
  
-@@ -590,6 +593,7 @@ MenuRegistry.appendMenuItem(MenuId.Explo
+@@ -589,6 +592,7 @@ MenuRegistry.appendMenuItem(MenuId.Explo
  		title: UPLOAD_LABEL,
  	},
  	when: ContextKeyExpr.and(
@@ -208,16 +207,16 @@ Index: code-server/lib/vscode/src/vs/workbench/common/contextkeys.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/common/contextkeys.ts
 +++ code-server/lib/vscode/src/vs/workbench/common/contextkeys.ts
-@@ -40,6 +40,9 @@ export const HasWebFileSystemAccess = ne
+@@ -39,6 +39,9 @@ export const EmbedderIdentifierContext =
  
- export const EmbedderIdentifierContext = new RawContextKey<string | undefined>('embedderIdentifier', undefined, localize('embedderIdentifier', 'The identifier of the embedder according to the product service, if one is defined'));
+ export const InAutomationContext = new RawContextKey<boolean>('inAutomation', false, localize('inAutomation', "Whether VS Code is running under automation/smoke test"));
  
 +export const IsEnabledFileDownloads = new RawContextKey<boolean>('isEnabledFileDownloads', true, true);
 +export const IsEnabledFileUploads = new RawContextKey<boolean>('isEnabledFileUploads', true, true);
 +
  //#endregion
  
- 
+ //#region < --- Window --- >
 Index: code-server/lib/vscode/src/vs/workbench/services/dialogs/browser/simpleFileDialog.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/dialogs/browser/simpleFileDialog.ts
@@ -231,7 +230,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/dialogs/browser/simpleFi
  import { IRemoteAgentService } from '../../remote/common/remoteAgentService.js';
  import { IContextKeyService, IContextKey, RawContextKey } from '../../../../platform/contextkey/common/contextkey.js';
  import { equalsIgnoreCase, format, startsWithIgnoreCase } from '../../../../base/common/strings.js';
-@@ -139,7 +139,7 @@ export class SimpleFileDialog extends Di
+@@ -144,7 +144,7 @@ export class SimpleFileDialog extends Di
  		@IFileDialogService private readonly fileDialogService: IFileDialogService,
  		@IModelService private readonly modelService: IModelService,
  		@ILanguageService private readonly languageService: ILanguageService,
@@ -240,10 +239,10 @@ Index: code-server/lib/vscode/src/vs/workbench/services/dialogs/browser/simpleFi
  		@IRemoteAgentService private readonly remoteAgentService: IRemoteAgentService,
  		@IPathService protected readonly pathService: IPathService,
  		@IKeybindingService private readonly keybindingService: IKeybindingService,
-@@ -283,20 +283,22 @@ export class SimpleFileDialog extends Di
- 			this.filePickBox.sortByLabel = false;
- 			this.filePickBox.ignoreFocusOut = true;
+@@ -311,20 +311,22 @@ export class SimpleFileDialog extends Di
+ 			this.filePickBox.placeholder = nls.localize('remoteFileDialog.placeholder', "Folder path");
  			this.filePickBox.ok = true;
+ 			this.filePickBox.okLabel = typeof this.options.openLabel === 'string' ? this.options.openLabel : this.options.openLabel?.withoutMnemonic;
 -			if ((this.scheme !== Schemas.file) && this.options && this.options.availableFileSystems && (this.options.availableFileSystems.length > 1) && (this.options.availableFileSystems.indexOf(Schemas.file) > -1)) {
 -				this.filePickBox.customButton = true;
 -				this.filePickBox.customLabel = nls.localize('remoteFileDialog.local', 'Show Local');
@@ -286,10 +285,10 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/files/browser/views/explo
  import { mainWindow } from '../../../../../base/browser/window.js';
  import { IExplorerFileContribution, explorerFileContribRegistry } from '../explorerFileContrib.js';
 +import { IBrowserWorkbenchEnvironmentService } from '../../../../services/environment/browser/environmentService.js';
- 
- export class ExplorerDelegate implements IListVirtualDelegate<ExplorerItem> {
- 
-@@ -1030,7 +1031,8 @@ export class FileDragAndDrop implements
+ import { WorkbenchCompressibleAsyncDataTree } from '../../../../../platform/list/browser/listService.js';
+ import { ISearchService, QueryType, getExcludes, ISearchConfiguration, ISearchComplete, IFileQuery } from '../../../../services/search/common/search.js';
+ import { CancellationToken } from '../../../../../base/common/cancellation.js';
+@@ -1594,7 +1595,8 @@ export class FileDragAndDrop implements
  		@IConfigurationService private configurationService: IConfigurationService,
  		@IInstantiationService private instantiationService: IInstantiationService,
  		@IWorkspaceEditingService private workspaceEditingService: IWorkspaceEditingService,
@@ -299,7 +298,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/files/browser/views/explo
  	) {
  		const updateDropEnablement = (e: IConfigurationChangeEvent | undefined) => {
  			if (!e || e.affectsConfiguration('explorer.enableDragAndDrop')) {
-@@ -1255,15 +1257,17 @@ export class FileDragAndDrop implements
+@@ -1819,15 +1821,17 @@ export class FileDragAndDrop implements
  
  			// External file DND (Import/Upload file)
  			if (data instanceof NativeDragAndDropData) {
@@ -330,7 +329,7 @@ Index: code-server/lib/vscode/src/vs/platform/files/node/diskFileSystemProviderS
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/files/node/diskFileSystemProviderServer.ts
 +++ code-server/lib/vscode/src/vs/platform/files/node/diskFileSystemProviderServer.ts
-@@ -92,6 +92,7 @@ export abstract class AbstractDiskFileSy
+@@ -99,6 +99,7 @@ export abstract class AbstractDiskFileSy
  
  	private async readFile(uriTransformer: IURITransformer, _resource: UriComponents, opts?: IFileAtomicReadOptions): Promise<VSBuffer> {
  		const resource = this.transformIncoming(uriTransformer, _resource, true);
@@ -338,7 +337,7 @@ Index: code-server/lib/vscode/src/vs/platform/files/node/diskFileSystemProviderS
  		const buffer = await this.provider.readFile(resource, opts);
  
  		return VSBuffer.wrap(buffer);
-@@ -110,6 +111,7 @@ export abstract class AbstractDiskFileSy
+@@ -117,6 +118,7 @@ export abstract class AbstractDiskFileSy
  			}
  		});
  
@@ -346,7 +345,7 @@ Index: code-server/lib/vscode/src/vs/platform/files/node/diskFileSystemProviderS
  		const fileStream = this.provider.readFileStream(resource, opts, cts.token);
  		listenStream(fileStream, {
  			onData: chunk => emitter.fire(VSBuffer.wrap(chunk)),
-@@ -130,7 +132,7 @@ export abstract class AbstractDiskFileSy
+@@ -137,7 +139,7 @@ export abstract class AbstractDiskFileSy
  
  	private writeFile(uriTransformer: IURITransformer, _resource: UriComponents, content: VSBuffer, opts: IFileWriteOptions): Promise<void> {
  		const resource = this.transformIncoming(uriTransformer, _resource);

patches/getting-started.diff

@@ -19,7 +19,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/bro
  import { renderFormattedText } from '../../../../base/browser/formattedTextRenderer.js';
  import { StandardKeyboardEvent } from '../../../../base/browser/keyboardEvent.js';
  import { Button } from '../../../../base/browser/ui/button/button.js';
-@@ -54,7 +54,7 @@ import { IRecentFolder, IRecentWorkspace
+@@ -53,7 +53,7 @@ import { IRecentFolder, IRecentWorkspace
  import { OpenRecentAction } from '../../../browser/actions/windowActions.js';
  import { OpenFileFolderAction, OpenFolderAction, OpenFolderViaWorkspaceAction } from '../../../browser/actions/workspaceActions.js';
  import { EditorPane } from '../../../browser/parts/editor/editorPane.js';
@@ -28,7 +28,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/bro
  import { IEditorOpenContext, IEditorSerializer } from '../../../common/editor.js';
  import { IWebviewElement, IWebviewService } from '../../webview/browser/webview.js';
  import './gettingStartedColors.js';
-@@ -826,6 +826,72 @@ export class GettingStartedPage extends
+@@ -902,6 +902,72 @@ export class GettingStartedPage extends
  			$('p.subtitle.description', {}, localize({ key: 'gettingStarted.editingEvolved', comment: ['Shown as subtitle on the Welcome page.'] }, "Editing evolved"))
  		);
  
@@ -101,7 +101,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/bro
  		const leftColumn = $('.categories-column.categories-column-left', {},);
  		const rightColumn = $('.categories-column.categories-column-right', {},);
  
-@@ -861,6 +927,9 @@ export class GettingStartedPage extends
+@@ -937,6 +1003,9 @@ export class GettingStartedPage extends
  				recentList.setLimit(5);
  				reset(leftColumn, startList.getDomElement(), recentList.getDomElement());
  			}
@@ -181,7 +181,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 +++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
-@@ -18,6 +18,7 @@ export const serverOptions: OptionDescri
+@@ -20,6 +20,7 @@ export const serverOptions: OptionDescri
  	'auth': { type: 'string' },
  	'disable-file-downloads': { type: 'boolean' },
  	'disable-file-uploads': { type: 'boolean' },
@@ -189,7 +189,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
  
  	/* ----- server setup ----- */
  
-@@ -103,6 +104,7 @@ export interface ServerParsedArgs {
+@@ -108,6 +109,7 @@ export interface ServerParsedArgs {
  	'auth'?: string;
  	'disable-file-downloads'?: boolean;
  	'disable-file-uploads'?: boolean;
@@ -201,7 +201,7 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -339,6 +339,7 @@ export class WebClientServer {
+@@ -373,6 +373,7 @@ export class WebClientServer {
  			userDataPath: this._environmentService.userDataPath,
  			isEnabledFileDownloads: !this._environmentService.args['disable-file-downloads'],
  			isEnabledFileUploads: !this._environmentService.args['disable-file-uploads'],
@@ -213,16 +213,16 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/contextkeys.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
-@@ -7,7 +7,7 @@ import { Event } from '../../base/common
+@@ -6,7 +6,7 @@
  import { Disposable } from '../../base/common/lifecycle.js';
  import { IContextKeyService, IContextKey, setConstant as setConstantContextKey } from '../../platform/contextkey/common/contextkey.js';
- import { InputFocusedContext, IsMacContext, IsLinuxContext, IsWindowsContext, IsWebContext, IsMacNativeContext, IsDevelopmentContext, IsIOSContext, ProductQualityContext, IsMobileContext } from '../../platform/contextkey/common/contextkeys.js';
--import { SplitEditorsVertically, InEditorZenModeContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsMainEditorCenteredLayoutContext, MainEditorAreaVisibleContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, TitleBarVisibleContext, TitleBarStyleContext, IsAuxiliaryWindowFocusedContext, ActiveEditorGroupEmptyContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorGroupLockedContext, MultipleEditorGroupsContext, EditorsVisibleContext, IsEnabledFileDownloads, IsEnabledFileUploads } from '../common/contextkeys.js';
-+import { SplitEditorsVertically, InEditorZenModeContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsMainEditorCenteredLayoutContext, MainEditorAreaVisibleContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, TitleBarVisibleContext, TitleBarStyleContext, IsAuxiliaryWindowFocusedContext, ActiveEditorGroupEmptyContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorGroupLockedContext, MultipleEditorGroupsContext, EditorsVisibleContext, IsEnabledFileDownloads, IsEnabledFileUploads, IsEnabledCoderGettingStarted, } from '../common/contextkeys.js';
- import { trackFocus, addDisposableListener, EventType, onDidRegisterWindow, getActiveWindow, isEditableElement } from '../../base/browser/dom.js';
+ import { IsMacContext, IsLinuxContext, IsWindowsContext, IsWebContext, IsMacNativeContext, IsDevelopmentContext, IsIOSContext, ProductQualityContext, IsMobileContext } from '../../platform/contextkey/common/contextkeys.js';
+-import { SplitEditorsVertically, InEditorZenModeContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsMainEditorCenteredLayoutContext, MainEditorAreaVisibleContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, TitleBarVisibleContext, TitleBarStyleContext, IsAuxiliaryWindowFocusedContext, ActiveEditorGroupEmptyContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorGroupLockedContext, MultipleEditorGroupsContext, EditorsVisibleContext, AuxiliaryBarMaximizedContext, InAutomationContext, IsEnabledFileDownloads, IsEnabledFileUploads } from '../common/contextkeys.js';
++import { SplitEditorsVertically, InEditorZenModeContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, EmbedderIdentifierContext, EditorTabsVisibleContext, IsMainEditorCenteredLayoutContext, MainEditorAreaVisibleContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsMainWindowFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, TitleBarVisibleContext, TitleBarStyleContext, IsAuxiliaryWindowFocusedContext, ActiveEditorGroupEmptyContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorGroupLockedContext, MultipleEditorGroupsContext, EditorsVisibleContext, AuxiliaryBarMaximizedContext, InAutomationContext, IsEnabledFileDownloads, IsEnabledFileUploads, IsEnabledCoderGettingStarted, } from '../common/contextkeys.js';
  import { preferredSideBySideGroupDirection, GroupDirection, IEditorGroupsService } from '../services/editor/common/editorGroupsService.js';
  import { IConfigurationService } from '../../platform/configuration/common/configuration.js';
-@@ -200,6 +200,7 @@ export class WorkbenchContextKeysHandler
+ import { IBrowserWorkbenchEnvironmentService } from '../services/environment/browser/environmentService.js';
+@@ -202,6 +202,7 @@ export class WorkbenchContextKeysHandler
  		// code-server
  		IsEnabledFileDownloads.bindTo(this.contextKeyService).set(this.environmentService.isEnabledFileDownloads ?? true)
  		IsEnabledFileUploads.bindTo(this.contextKeyService).set(this.environmentService.isEnabledFileUploads ?? true)
@@ -234,7 +234,7 @@ Index: code-server/lib/vscode/src/vs/workbench/common/contextkeys.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/common/contextkeys.ts
 +++ code-server/lib/vscode/src/vs/workbench/common/contextkeys.ts
-@@ -42,6 +42,7 @@ export const EmbedderIdentifierContext =
+@@ -41,6 +41,7 @@ export const InAutomationContext = new R
  
  export const IsEnabledFileDownloads = new RawContextKey<boolean>('isEnabledFileDownloads', true, true);
  export const IsEnabledFileUploads = new RawContextKey<boolean>('isEnabledFileUploads', true, true);

patches/integration.diff

@@ -109,24 +109,6 @@ Index: code-server/lib/vscode/src/vs/base/common/processes.ts
  	];
  	const envKeys = Object.keys(env);
  	envKeys
-Index: code-server/lib/vscode/src/vs/workbench/browser/parts/dialogs/dialogHandler.ts
-===================================================================
---- code-server.orig/lib/vscode/src/vs/workbench/browser/parts/dialogs/dialogHandler.ts
-+++ code-server/lib/vscode/src/vs/workbench/browser/parts/dialogs/dialogHandler.ts
-@@ -77,8 +77,11 @@ export class BrowserDialogHandler extend
- 
- 	async about(): Promise<void> {
- 		const detailString = (useAgo: boolean): string => {
--			return localize('aboutDetail',
--				"Version: {0}\nCommit: {1}\nDate: {2}\nBrowser: {3}",
-+			return localize('aboutCodeServerDetail',
-+				"code-server: {0}",
-+				this.productService.codeServerVersion ? `v${this.productService.codeServerVersion}` : 'Unknown'
-+			) + '\n' + localize('aboutDetail',
-+				"Code: {0}\nCommit: {1}\nDate: {2}\nBrowser: {3}",
- 				this.productService.version || 'Unknown',
- 				this.productService.commit || 'Unknown',
- 				this.productService.date ? `${this.productService.date}${useAgo ? ' (' + fromNow(new Date(this.productService.date), true) + ')' : ''}` : 'Unknown',
 Index: code-server/lib/vscode/src/vs/workbench/browser/client.ts
 ===================================================================
 --- /dev/null
@@ -187,10 +169,10 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/web.main.ts
  import { IndexedDB } from '../../base/browser/indexedDB.js';
  import { WebFileSystemAccess } from '../../platform/files/browser/webFileSystemAccess.js';
 +import { CodeServerClient } from '../../workbench/browser/client.js';
- import { ITelemetryService } from '../../platform/telemetry/common/telemetry.js';
  import { IProgressService } from '../../platform/progress/common/progress.js';
  import { DelayedLogChannel } from '../services/output/common/delayedLogChannel.js';
-@@ -131,6 +132,9 @@ export class BrowserMain extends Disposa
+ import { dirname, joinPath } from '../../base/common/resources.js';
+@@ -130,6 +131,9 @@ export class BrowserMain extends Disposa
  		// Startup
  		const instantiationService = workbench.startup();
  
@@ -204,7 +186,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -55,6 +55,8 @@ export type ExtensionVirtualWorkspaceSup
+@@ -64,6 +64,8 @@ export type ExtensionVirtualWorkspaceSup
  };
  
  export interface IProductConfiguration {
@@ -269,10 +251,10 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -308,6 +308,7 @@ export class WebClientServer {
+@@ -333,6 +333,7 @@ export class WebClientServer {
  		} : undefined;
  
- 		const productConfiguration = {
+ 		const productConfiguration: Partial<Mutable<IProductConfiguration>> = {
 +			codeServerVersion: this._productService.codeServerVersion,
  			embedderIdentifier: 'server-distro',
  			extensionsGallery: this._webExtensionResourceUrlTemplate && this._productService.extensionsGallery ? {
@@ -281,9 +263,9 @@ Index: code-server/lib/vscode/src/server-main.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/server-main.ts
 +++ code-server/lib/vscode/src/server-main.ts
-@@ -25,6 +25,9 @@ const __dirname = path.dirname(fileURLTo
+@@ -22,6 +22,9 @@ import { IServerAPI } from './vs/server/
  perf.mark('code/server/start');
- (globalThis as any).vscodeServerStartTime = performance.now();
+ (globalThis as { vscodeServerStartTime?: number }).vscodeServerStartTime = performance.now();
  
 +// This is not indented to make the diff less noisy.  We need to move this out
 +// of the top-level so it will not run immediately and we can control the start.
@@ -291,13 +273,13 @@ Index: code-server/lib/vscode/src/server-main.ts
  // Do a quick parse to determine if a server or the cli needs to be started
  const parsedArgs = minimist(process.argv.slice(2), {
  	boolean: ['start-server', 'list-extensions', 'print-ip-address', 'help', 'version', 'accept-server-license-terms', 'update-extensions'],
-@@ -153,6 +156,7 @@ if (shouldSpawnCli) {
+@@ -150,6 +153,7 @@ if (shouldSpawnCli) {
  		}
  	});
  }
 +}
  
- function sanitizeStringArg(val: any): string | undefined {
+ function sanitizeStringArg(val: unknown): string | undefined {
  	if (Array.isArray(val)) { // if an argument is passed multiple times, minimist creates an array
 @@ -283,3 +287,22 @@ function prompt(question: string): Promi
  		});
@@ -310,7 +292,7 @@ Index: code-server/lib/vscode/src/server-main.ts
 +		osLocale: 'en',
 +		commit: product.commit,
 +		userDataPath: '',
-+		nlsMetadataPath: __dirname,
++		nlsMetadataPath: import.meta.dirname,
 +	});
 +	return loadCode(nlsConfiguration);
 +}
@@ -322,3 +304,21 @@ Index: code-server/lib/vscode/src/server-main.ts
 +if (!process.env.CODE_SERVER_PARENT_PID) {
 +	start();
 +}
+Index: code-server/lib/vscode/src/vs/platform/dialogs/browser/dialog.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/dialogs/browser/dialog.ts
++++ code-server/lib/vscode/src/vs/platform/dialogs/browser/dialog.ts
+@@ -45,8 +45,11 @@ export function createWorkbenchDialogOpt
+ 
+ export function createBrowserAboutDialogDetails(productService: IProductService): { title: string; details: string; detailsToCopy: string } {
+ 	const detailString = (useAgo: boolean): string => {
+-		return localize('aboutDetail',
+-			"Version: {0}\nCommit: {1}\nDate: {2}\nBrowser: {3}",
++		return localize('aboutCodeServerDetail',
++			"code-server: {0}",
++			productService.codeServerVersion ? `v${productService.codeServerVersion}` : 'Unknown'
++		) + '\n' + localize('aboutDetail',
++			"Code: {0}\nCommit: {1}\nDate: {2}\nBrowser: {3}",
+ 			productService.version || 'Unknown',
+ 			productService.commit || 'Unknown',
+ 			productService.date ? `${productService.date}${useAgo ? ' (' + fromNow(new Date(productService.date), true) + ')' : ''}` : 'Unknown',

patches/local-storage.diff

@@ -18,10 +18,10 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -330,6 +330,7 @@ export class WebClientServer {
+@@ -364,6 +364,7 @@ export class WebClientServer {
  			remoteAuthority,
- 			serverBasePath: this._basePath,
- 			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
+ 			serverBasePath: basePath,
+ 			webviewEndpoint: staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
 +			userDataPath: this._environmentService.userDataPath,
  			_wrapWebWorkerExtHostInIframe,
  			developmentOptions: { enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined, logLevel: this._logService.getLevel() },
@@ -32,7 +32,7 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
 @@ -298,6 +298,11 @@ export interface IWorkbenchConstructionO
  	 */
- 	readonly configurationDefaults?: Record<string, any>;
+ 	readonly configurationDefaults?: Record<string, unknown>;
  
 +	/**
 +	 * Path to the user data directory.
@@ -66,7 +66,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/configuration/browser/co
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/configuration/browser/configurationService.ts
 +++ code-server/lib/vscode/src/vs/workbench/services/configuration/browser/configurationService.ts
-@@ -145,8 +145,10 @@ export class WorkspaceService extends Di
+@@ -147,8 +147,10 @@ export class WorkspaceService extends Di
  		this.workspaceConfiguration = this._register(new WorkspaceConfiguration(configurationCache, fileService, uriIdentityService, logService));
  		this._register(this.workspaceConfiguration.onDidUpdateConfiguration(fromCache => {
  			this.onWorkspaceConfigurationChanged(fromCache).then(() => {
@@ -79,7 +79,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/configuration/browser/co
  			});
  		}));
  
-@@ -552,6 +554,12 @@ export class WorkspaceService extends Di
+@@ -556,6 +558,12 @@ export class WorkspaceService extends Di
  			previousFolders = this.workspace.folders;
  			this.workspace.update(workspace);
  		} else {

patches/logout.diff

@@ -8,7 +8,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -58,6 +58,7 @@ export interface IProductConfiguration {
+@@ -67,6 +67,7 @@ export interface IProductConfiguration {
  	readonly codeServerVersion?: string
  	readonly rootEndpoint?: string
  	readonly updateEndpoint?: string
@@ -20,7 +20,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 +++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
-@@ -15,6 +15,7 @@ import { URI } from '../../base/common/u
+@@ -17,6 +17,7 @@ import { join } from '../../base/common/
  export const serverOptions: OptionDescriptions<Required<ServerParsedArgs>> = {
  	/* ----- code-server ----- */
  	'disable-update-check': { type: 'boolean' },
@@ -28,7 +28,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
  
  	/* ----- server setup ----- */
  
-@@ -97,6 +98,7 @@ export const serverOptions: OptionDescri
+@@ -102,6 +103,7 @@ export const serverOptions: OptionDescri
  export interface ServerParsedArgs {
  	/* ----- code-server ----- */
  	'disable-update-check'?: boolean;
@@ -40,14 +40,14 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -313,6 +313,7 @@ export class WebClientServer {
+@@ -341,6 +341,7 @@ export class WebClientServer {
  			codeServerVersion: this._productService.codeServerVersion,
- 			rootEndpoint: base,
- 			updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
-+			logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? base + '/logout' : undefined,
+ 			rootEndpoint: rootBase,
+ 			updateEndpoint: !this._environmentService.args['disable-update-check'] ? rootBase + '/update/check' : undefined,
++			logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? rootBase + '/logout' : undefined,
  			embedderIdentifier: 'server-distro',
  			extensionsGallery: this._productService.extensionsGallery,
- 		} satisfies Partial<IProductConfiguration>;
+ 		};
 Index: code-server/lib/vscode/src/vs/workbench/browser/client.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/client.ts

patches/marketplace.diff

@@ -19,7 +19,7 @@ Index: code-server/lib/vscode/src/vs/platform/product/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/product/common/product.ts
 +++ code-server/lib/vscode/src/vs/platform/product/common/product.ts
-@@ -47,6 +47,16 @@ else if (globalThis._VSCODE_PRODUCT_JSON
+@@ -49,6 +49,17 @@ else if (globalThis._VSCODE_PRODUCT_JSON
  			version: pkg.version
  		});
  	}
@@ -28,6 +28,7 @@ Index: code-server/lib/vscode/src/vs/platform/product/common/product.ts
 +		extensionsGallery: env.EXTENSIONS_GALLERY ? JSON.parse(env.EXTENSIONS_GALLERY) : (product.extensionsGallery || {
 +			serviceUrl: "https://open-vsx.org/vscode/gallery",
 +			itemUrl: "https://open-vsx.org/vscode/item",
++			extensionUrlTemplate: "https://open-vsx.org/vscode/gallery/{publisher}/{name}/latest",
 +			resourceUrlTemplate: "https://open-vsx.org/vscode/asset/{publisher}/{name}/{version}/Microsoft.VisualStudio.Code.WebResources/{path}",
 +			controlUrl: "",
 +			recommendationsUrl: "",
@@ -40,31 +41,30 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -115,7 +115,7 @@ export class WebClientServer {
+@@ -326,7 +326,6 @@ export class WebClientServer {
  
- 		this._staticRoute = `${serverRootPath}/static`;
- 		this._callbackRoute = `${serverRootPath}/callback`;
--		this._webExtensionRoute = `${serverRootPath}/web-extension-resource`;
-+		this._webExtensionRoute = `/web-extension-resource`;
- 	}
+ 		const staticRoute = posix.join(basePath, this._productPath, STATIC_PATH);
+ 		const callbackRoute = posix.join(basePath, this._productPath, CALLBACK_PATH);
+-		const webExtensionRoute = posix.join(basePath, this._productPath, WEB_EXTENSION_PATH);
  
- 	/**
-@@ -313,14 +313,7 @@ export class WebClientServer {
+ 		const resolveWorkspaceURI = (defaultLocation?: string) => defaultLocation && URI.file(resolve(defaultLocation)).with({ scheme: Schemas.vscodeRemote, authority: remoteAuthority });
+ 
+@@ -342,14 +341,7 @@ export class WebClientServer {
  			codeServerVersion: this._productService.codeServerVersion,
- 			rootEndpoint: base,
+ 			rootEndpoint: rootBase,
  			embedderIdentifier: 'server-distro',
 -			extensionsGallery: this._webExtensionResourceUrlTemplate && this._productService.extensionsGallery ? {
 -				...this._productService.extensionsGallery,
 -				resourceUrlTemplate: this._webExtensionResourceUrlTemplate.with({
 -					scheme: 'http',
 -					authority: remoteAuthority,
--					path: `${this._webExtensionRoute}/${this._webExtensionResourceUrlTemplate.authority}${this._webExtensionResourceUrlTemplate.path}`
+-					path: `${webExtensionRoute}/${this._webExtensionResourceUrlTemplate.authority}${this._webExtensionResourceUrlTemplate.path}`
 -				}).toString(true)
 -			} : undefined
 +			extensionsGallery: this._productService.extensionsGallery,
- 		} satisfies Partial<IProductConfiguration>;
+ 		};
  
- 		if (!this._environmentService.isBuilt) {
+ 		const proposedApi = this._environmentService.args['enable-proposed-api'];
 Index: code-server/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
@@ -75,9 +75,9 @@ Index: code-server/lib/vscode/src/vs/platform/extensionResourceLoader/common/ext
  import { getTelemetryLevel, supportsTelemetry } from '../../telemetry/common/telemetryUtils.js';
 -import { RemoteAuthorities } from '../../../base/common/network.js';
  import { TargetPlatform } from '../../extensions/common/extensions.js';
- 
- const WEB_EXTENSION_RESOURCE_END_POINT_SEGMENT = '/web-extension-resource/';
-@@ -140,9 +139,9 @@ export abstract class AbstractExtensionR
+ import { ExtensionGalleryResourceType, getExtensionGalleryManifestResourceUri, IExtensionGalleryManifest, IExtensionGalleryManifestService } from '../../extensionManagement/common/extensionGalleryManifest.js';
+ import { ILogService } from '../../log/common/log.js';
+@@ -163,9 +162,9 @@ export abstract class AbstractExtensionR
  	}
  
  	protected _isWebExtensionResourceEndPoint(uri: URI): boolean {

patches/proposed-api.diff

@@ -10,7 +10,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/extensions/common/extens
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/common/extensions.ts
 +++ code-server/lib/vscode/src/vs/workbench/services/extensions/common/extensions.ts
-@@ -313,10 +313,7 @@ function extensionDescriptionArrayToMap(
+@@ -321,10 +321,7 @@ function extensionDescriptionArrayToMap(
  }
  
  export function isProposedApiEnabled(extension: IExtensionDescription, proposal: ApiProposalName): boolean {

patches/proxy-uri.diff

@@ -30,7 +30,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -59,6 +59,7 @@ export interface IProductConfiguration {
+@@ -68,6 +68,7 @@ export interface IProductConfiguration {
  	readonly rootEndpoint?: string
  	readonly updateEndpoint?: string
  	readonly logoutEndpoint?: string
@@ -71,19 +71,19 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -314,6 +314,7 @@ export class WebClientServer {
- 			rootEndpoint: base,
- 			updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
- 			logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? base + '/logout' : undefined,
-+			proxyEndpointTemplate: process.env.VSCODE_PROXY_URI ?? base + '/proxy/{{port}}/',
+@@ -342,6 +342,7 @@ export class WebClientServer {
+ 			rootEndpoint: rootBase,
+ 			updateEndpoint: !this._environmentService.args['disable-update-check'] ? rootBase + '/update/check' : undefined,
+ 			logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? rootBase + '/logout' : undefined,
++			proxyEndpointTemplate: process.env.VSCODE_PROXY_URI ?? rootBase + '/proxy/{{port}}/',
  			embedderIdentifier: 'server-distro',
  			extensionsGallery: this._productService.extensionsGallery,
- 		} satisfies Partial<IProductConfiguration>;
+ 		};
 Index: code-server/lib/vscode/src/vs/workbench/contrib/terminal/common/terminalEnvironment.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/terminal/common/terminalEnvironment.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/terminal/common/terminalEnvironment.ts
-@@ -291,7 +291,7 @@ export async function createTerminalEnvi
+@@ -292,7 +292,7 @@ export async function createTerminalEnvi
  
  		// Sanitize the environment, removing any undesirable VS Code and Electron environment
  		// variables
@@ -96,7 +96,7 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench.ts
 +++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
-@@ -19,6 +19,7 @@ import { ISecretStorageProvider } from '
+@@ -20,6 +20,7 @@ import { ISecretStorageProvider } from '
  import { isFolderToOpen, isWorkspaceToOpen } from '../../../platform/window/common/window.js';
  import type { IWorkbenchConstructionOptions, IWorkspace, IWorkspaceProvider } from '../../../workbench/browser/web.api.js';
  import { AuthenticationSessionInfo } from '../../../workbench/services/authentication/browser/authenticationService.js';
@@ -104,7 +104,7 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
  import type { IURLCallbackProvider } from '../../../workbench/services/url/browser/urlService.js';
  import { create } from '../../../workbench/workbench.web.main.internal.js';
  
-@@ -584,6 +585,39 @@ class WorkspaceProvider implements IWork
+@@ -606,6 +607,39 @@ class WorkspaceProvider implements IWork
  		settingsSyncOptions: config.settingsSyncOptions ? { enabled: config.settingsSyncOptions.enabled, } : undefined,
  		workspaceProvider: WorkspaceProvider.create(config),
  		urlCallbackProvider: new LocalStorageURLCallbackProvider(config.callbackRoute),
@@ -148,7 +148,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/remote/browser/remoteExpl
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/remote/browser/remoteExplorer.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/remote/browser/remoteExplorer.ts
-@@ -77,8 +77,8 @@ export class ForwardedPortsView extends
+@@ -83,8 +83,8 @@ export class ForwardedPortsView extends
  	private async enableForwardedPortsFeatures() {
  		this.contextKeyListener.clear();
  

patches/series

@@ -20,3 +20,5 @@ getting-started.diff
 keepalive.diff
 clipboard.diff
 display-language.diff
+trusted-domains.diff
+signature-verification.diff

patches/service-worker.diff

@@ -6,7 +6,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -60,6 +60,10 @@ export interface IProductConfiguration {
+@@ -69,6 +69,10 @@ export interface IProductConfiguration {
  	readonly updateEndpoint?: string
  	readonly logoutEndpoint?: string
  	readonly proxyEndpointTemplate?: string
@@ -54,14 +54,14 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -315,6 +315,10 @@ export class WebClientServer {
- 			updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
- 			logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? base + '/logout' : undefined,
- 			proxyEndpointTemplate: process.env.VSCODE_PROXY_URI ?? base + '/proxy/{{port}}/',
+@@ -343,6 +343,10 @@ export class WebClientServer {
+ 			updateEndpoint: !this._environmentService.args['disable-update-check'] ? rootBase + '/update/check' : undefined,
+ 			logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? rootBase + '/logout' : undefined,
+ 			proxyEndpointTemplate: process.env.VSCODE_PROXY_URI ?? rootBase + '/proxy/{{port}}/',
 +			serviceWorker: {
 +				scope: vscodeBase + '/',
-+				path: base + '/_static/out/browser/serviceWorker.js',
++				path: rootBase + '/_static/out/browser/serviceWorker.js',
 +			},
  			embedderIdentifier: 'server-distro',
  			extensionsGallery: this._productService.extensionsGallery,
- 		} satisfies Partial<IProductConfiguration>;
+ 		};

patches/signature-verification.diff

@@ -0,0 +1,34 @@
+Disable signature verification.
+
+Extension signature verification is now mandatory for all platforms and needs to be disabled.
+
+Index: code-server/lib/vscode/src/vs/platform/extensionManagement/node/extensionManagementService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/extensionManagement/node/extensionManagementService.ts
++++ code-server/lib/vscode/src/vs/platform/extensionManagement/node/extensionManagementService.ts
+@@ -34,6 +34,7 @@ import {
+ 	ExtensionSignatureVerificationCode,
+ 	computeSize,
+ 	IAllowedExtensionsService,
++	// @ts-expect-error no-unused-variable
+ 	VerifyExtensionSignatureConfigKey,
+ 	shouldRequireRepositorySignatureFor,
+ } from '../common/extensionManagement.js';
+@@ -87,6 +88,7 @@ export class ExtensionManagementService
+ 		@IDownloadService private downloadService: IDownloadService,
+ 		@IInstantiationService private readonly instantiationService: IInstantiationService,
+ 		@IFileService private readonly fileService: IFileService,
++		// @ts-expect-error no-unused-variable
+ 		@IConfigurationService private readonly configurationService: IConfigurationService,
+ 		@IExtensionGalleryManifestService protected readonly extensionGalleryManifestService: IExtensionGalleryManifestService,
+ 		@IProductService productService: IProductService,
+@@ -339,8 +341,7 @@ export class ExtensionManagementService
+ 
+ 	private async downloadExtension(extension: IGalleryExtension, operation: InstallOperation, verifySignature: boolean, clientTargetPlatform?: TargetPlatform): Promise<{ readonly location: URI; readonly verificationStatus: ExtensionSignatureVerificationCode | undefined }> {
+ 		if (verifySignature) {
+-			const value = this.configurationService.getValue(VerifyExtensionSignatureConfigKey);
+-			verifySignature = isBoolean(value) ? value : true;
++			verifySignature = false;
+ 		}
+ 		const { location, verificationStatus } = await this.extensionsDownloader.download(extension, operation, verifySignature, clientTargetPlatform);
+ 		const shouldRequireSignature = shouldRequireRepositorySignatureFor(extension.private, await this.extensionGalleryManifestService.getExtensionGalleryManifest());

patches/sourcemaps.diff

@@ -10,29 +10,29 @@ Index: code-server/lib/vscode/build/gulpfile.reh.js
 ===================================================================
 --- code-server.orig/lib/vscode/build/gulpfile.reh.js
 +++ code-server/lib/vscode/build/gulpfile.reh.js
-@@ -253,8 +253,7 @@ function packageTask(type, platform, arc
+@@ -257,8 +257,7 @@ function packageTask(type, platform, arc
  
  		const src = gulp.src(sourceFolderName + '/**', { base: '.' })
  			.pipe(rename(function (path) { path.dirname = path.dirname.replace(new RegExp('^' + sourceFolderName), 'out'); }))
 -			.pipe(util.setExecutableBit(['**/*.sh']))
--			.pipe(filter(['**', '!**/*.js.map']));
+-			.pipe(filter(['**', '!**/*.{js,css}.map']));
 +			.pipe(util.setExecutableBit(['**/*.sh']));
  
  		const workspaceExtensionPoints = ['debuggers', 'jsonValidation'];
  		const isUIExtension = (manifest) => {
-@@ -293,9 +292,9 @@ function packageTask(type, platform, arc
+@@ -297,9 +296,9 @@ function packageTask(type, platform, arc
  			.map(name => `.build/extensions/${name}/**`);
  
  		const extensions = gulp.src(extensionPaths, { base: '.build', dot: true });
 -		const extensionsCommonDependencies = gulp.src('.build/extensions/node_modules/**', { base: '.build', dot: true });
 -		const sources = es.merge(src, extensions, extensionsCommonDependencies)
 +		const extensionsCommonDependencies = gulp.src('.build/extensions/node_modules/**', { base: '.build', dot: true })
- 			.pipe(filter(['**', '!**/*.js.map'], { dot: true }));
+ 			.pipe(filter(['**', '!**/*.{js,css}.map'], { dot: true }));
 +		const sources = es.merge(src, extensions, extensionsCommonDependencies);
  
  		let version = packageJson.version;
  		const quality = product.quality;
-@@ -454,7 +453,7 @@ function tweakProductForServerWeb(produc
+@@ -452,7 +451,7 @@ function tweakProductForServerWeb(produc
  	const minifyTask = task.define(`minify-vscode-${type}`, task.series(
  		bundleTask,
  		util.rimraf(`out-vscode-${type}-min`),

patches/store-socket.diff

@@ -21,18 +21,18 @@ Index: code-server/lib/vscode/src/vs/workbench/api/node/extHostExtensionService.
  
 +import * as _http from 'http';
  import * as performance from '../../../base/common/performance.js';
+ import type * as vscode from 'vscode';
  import { createApiFactoryAndRegisterActors } from '../common/extHost.api.impl.js';
- import { RequireInterceptor } from '../common/extHostRequireInterceptor.js';
-@@ -17,6 +18,7 @@ import { ExtensionRuntime } from '../com
+@@ -18,6 +19,7 @@ import { ExtensionRuntime } from '../com
  import { CLIServer } from './extHostCLIServer.js';
- import { realpathSync } from '../../../base/node/extpath.js';
+ import { realpathSync } from '../../../base/node/pfs.js';
  import { ExtHostConsoleForwarder } from './extHostConsoleForwarder.js';
 +import { IExtHostWorkspace } from '../common/extHostWorkspace.js';
  import { ExtHostDiskFileSystemProvider } from './extHostDiskFileSystemProvider.js';
- import { createRequire } from 'node:module';
- const require = createRequire(import.meta.url);
-@@ -97,6 +99,52 @@ export class ExtHostExtensionService ext
- 		await interceptor.install();
+ import nodeModule from 'node:module';
+ import { assertType } from '../../../base/common/types.js';
+@@ -226,6 +228,52 @@ export class ExtHostExtensionService ext
+ 
  		performance.mark('code/extHost/didInitAPI');
  
 +		(async () => {
@@ -96,7 +96,7 @@ Index: code-server/lib/vscode/src/vs/workbench/api/node/extensionHostProcess.ts
  import minimist from 'minimist';
  import * as nativeWatchdog from 'native-watchdog';
  import * as net from 'net';
-@@ -422,7 +423,28 @@ async function startExtensionHostProcess
+@@ -451,7 +452,28 @@ async function startExtensionHostProcess
  	);
  
  	// rewrite onTerminate-function to be a proper shutdown

patches/telemetry.diff

@@ -28,8 +28,8 @@ Index: code-server/lib/vscode/src/vs/server/node/serverServices.ts
  import { NullPolicyService } from '../../platform/policy/common/policy.js';
  import { OneDataSystemAppender } from '../../platform/telemetry/node/1dsAppender.js';
  import { LoggerService } from '../../platform/log/node/loggerService.js';
-@@ -151,11 +153,23 @@ export async function setupServerService
- 	const requestService = new RequestService(configurationService, environmentService, logService);
+@@ -166,11 +168,23 @@ export async function setupServerService
+ 	const requestService = new RequestService('remote', configurationService, environmentService, logService);
  	services.set(IRequestService, requestService);
  
 +	let isContainer = undefined;
@@ -134,20 +134,20 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -319,6 +319,8 @@ export class WebClientServer {
+@@ -347,6 +347,8 @@ export class WebClientServer {
  				scope: vscodeBase + '/',
- 				path: base + '/_static/out/browser/serviceWorker.js',
+ 				path: rootBase + '/_static/out/browser/serviceWorker.js',
  			},
 +			enableTelemetry: this._productService.enableTelemetry,
 +			telemetryEndpoint: this._productService.telemetryEndpoint,
  			embedderIdentifier: 'server-distro',
  			extensionsGallery: this._productService.extensionsGallery,
- 		} satisfies Partial<IProductConfiguration>;
+ 		};
 Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -64,6 +64,7 @@ export interface IProductConfiguration {
+@@ -73,6 +73,7 @@ export interface IProductConfiguration {
  		readonly path: string;
  		readonly scope: string;
  	}
@@ -159,7 +159,7 @@ Index: code-server/lib/vscode/src/vs/platform/product/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/product/common/product.ts
 +++ code-server/lib/vscode/src/vs/platform/product/common/product.ts
-@@ -55,7 +55,8 @@ else if (globalThis._VSCODE_PRODUCT_JSON
+@@ -58,7 +58,8 @@ else if (globalThis._VSCODE_PRODUCT_JSON
  			resourceUrlTemplate: "https://open-vsx.org/vscode/asset/{publisher}/{name}/{version}/Microsoft.VisualStudio.Code.WebResources/{path}",
  			controlUrl: "",
  			recommendationsUrl: "",

patches/trusted-domains.diff

@@ -0,0 +1,49 @@
+Allow configuring trusted domains via product.json or flag.
+
+Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
++++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+@@ -22,6 +22,7 @@ export const serverOptions: OptionDescri
+ 	'disable-file-uploads': { type: 'boolean' },
+ 	'disable-getting-started-override': { type: 'boolean' },
+ 	'locale': { type: 'string' },
++	'link-protection-trusted-domains': { type: 'string[]' },
+ 
+ 	/* ----- server setup ----- */
+ 
+@@ -112,6 +113,7 @@ export interface ServerParsedArgs {
+ 	'disable-file-uploads'?: boolean;
+ 	'disable-getting-started-override'?: boolean,
+ 	'locale'?: string
++	'link-protection-trusted-domains'?: string[],
+ 
+ 	/* ----- server setup ----- */
+ 
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -338,6 +338,14 @@ export class WebClientServer {
+ 			scopes: [['user:email'], ['repo']]
+ 		} : undefined;
+ 
++		const linkProtectionTrustedDomains: string[] = [];
++		if (this._environmentService.args['link-protection-trusted-domains']) {
++			linkProtectionTrustedDomains.push(...this._environmentService.args['link-protection-trusted-domains']);
++		}
++		if (this._productService.linkProtectionTrustedDomains) {
++			linkProtectionTrustedDomains.push(...this._productService.linkProtectionTrustedDomains);
++		}
++
+ 		const productConfiguration: Partial<Mutable<IProductConfiguration>> = {
+ 			codeServerVersion: this._productService.codeServerVersion,
+ 			rootEndpoint: rootBase,
+@@ -352,6 +360,7 @@ export class WebClientServer {
+ 			telemetryEndpoint: this._productService.telemetryEndpoint,
+ 			embedderIdentifier: 'server-distro',
+ 			extensionsGallery: this._productService.extensionsGallery,
++			linkProtectionTrustedDomains,
+ 		};
+ 
+ 		const proposedApi = this._environmentService.args['enable-proposed-api'];

patches/unique-db.diff

@@ -21,7 +21,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/storage/browser/storageS
  
  export class BrowserStorageService extends AbstractStorageService {
  
-@@ -298,7 +299,11 @@ export class IndexedDBStorageDatabase ex
+@@ -300,7 +301,11 @@ export class IndexedDBStorageDatabase ex
  	}
  
  	static async createWorkspaceStorage(workspaceId: string, logService: ILogService): Promise<IIndexedDBStorageDatabase> {

patches/update-check.diff

@@ -93,7 +93,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -57,6 +57,7 @@ export type ExtensionVirtualWorkspaceSup
+@@ -66,6 +66,7 @@ export type ExtensionVirtualWorkspaceSup
  export interface IProductConfiguration {
  	readonly codeServerVersion?: string
  	readonly rootEndpoint?: string
@@ -105,20 +105,20 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -312,6 +312,7 @@ export class WebClientServer {
- 		const productConfiguration = {
+@@ -340,6 +340,7 @@ export class WebClientServer {
+ 		const productConfiguration: Partial<Mutable<IProductConfiguration>> = {
  			codeServerVersion: this._productService.codeServerVersion,
- 			rootEndpoint: base,
-+			updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
+ 			rootEndpoint: rootBase,
++			updateEndpoint: !this._environmentService.args['disable-update-check'] ? rootBase + '/update/check' : undefined,
  			embedderIdentifier: 'server-distro',
  			extensionsGallery: this._productService.extensionsGallery,
- 		} satisfies Partial<IProductConfiguration>;
+ 		};
 Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 +++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
-@@ -13,6 +13,8 @@ import { memoize } from '../../base/comm
- import { URI } from '../../base/common/uri.js';
+@@ -15,6 +15,8 @@ import { joinPath } from '../../base/com
+ import { join } from '../../base/common/path.js';
  
  export const serverOptions: OptionDescriptions<Required<ServerParsedArgs>> = {
 +	/* ----- code-server ----- */
@@ -126,7 +126,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
  
  	/* ----- server setup ----- */
  
-@@ -93,6 +95,8 @@ export const serverOptions: OptionDescri
+@@ -98,6 +100,8 @@ export const serverOptions: OptionDescri
  };
  
  export interface ServerParsedArgs {

patches/webview.diff

@@ -41,7 +41,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/envi
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
 +++ code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
-@@ -225,7 +225,7 @@ export class BrowserWorkbenchEnvironment
+@@ -220,7 +220,7 @@ export class BrowserWorkbenchEnvironment
  
  	@memoize
  	get webviewExternalEndpoint(): string {
@@ -54,11 +54,11 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -326,6 +326,7 @@ export class WebClientServer {
+@@ -360,6 +360,7 @@ export class WebClientServer {
  		const workbenchWebConfiguration = {
  			remoteAuthority,
- 			serverBasePath: this._basePath,
-+			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
+ 			serverBasePath: basePath,
++			webviewEndpoint: staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
  			_wrapWebWorkerExtHostInIframe,
  			developmentOptions: { enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined, logLevel: this._logService.getLevel() },
  			settingsSyncOptions: !this._environmentService.isBuilt && this._environmentService.args['enable-sync'] ? { enabled: true } : undefined,
@@ -70,29 +70,21 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
  	<meta charset="UTF-8">
  
  	<meta http-equiv="Content-Security-Policy"
--		content="default-src 'none'; script-src 'sha256-DXeP32g8BdMsVuVabYTmznoTH59F7M7UtV0vXemEFqc=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
-+		content="default-src 'none'; script-src 'sha256-z5v/0xE4zQPgV1fazhHB/UlsTzdm39hRMk3V8Av0HI4=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
- 
+-		content="default-src 'none'; script-src 'sha256-ZcIhtIuU4M9PbKfs7w/CLqHimFJRK8L7mYTXOfiUv0I=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
++		content="default-src 'none'; script-src 'sha256-dVbEBqfV68sWYG05nAX+55pv4dls0VnI6ZDMMV/0GYQ=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
  
  	<!-- Disable pinch zooming -->
-@@ -349,6 +349,12 @@
+ 	<meta name="viewport"
+@@ -256,7 +256,7 @@
+ 			}
  
- 				const hostname = location.hostname;
- 
-+				// It is safe to run if we are on the same host.
-+				const parent = new URL(parentOrigin)
-+				if (parent.hostname === hostname) {
-+					return start(parentOrigin)
-+				}
-+
- 				if (!crypto.subtle) {
- 					// cannot validate, not running in a secure context
- 					throw new Error(`'crypto.subtle' is not available so webviews will not work. This is likely because the editor is not running in a secure context (https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts).`);
-Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
-===================================================================
---- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
-+++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
-@@ -343,6 +343,12 @@
+ 			const swPath = encodeURI(`service-worker.js?v=${expectedWorkerVersion}&vscode-resource-base-authority=${searchParams.get('vscode-resource-base-authority')}&remoteAuthority=${searchParams.get('remoteAuthority') ?? ''}`);
+-			navigator.serviceWorker.register(swPath, { type: 'module' })
++			navigator.serviceWorker.register(swPath)
+ 				.then(async registration => {
+ 					/**
+ 					 * @param {MessageEvent} event
+@@ -370,6 +370,12 @@
  
  				const hostname = location.hostname;
  
@@ -113,12 +105,12 @@ Index: code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWor
  		<meta http-equiv="Content-Security-Policy" content="
  			default-src 'none';
  			child-src 'self' data: blob:;
--			script-src 'self' 'unsafe-eval' 'sha256-xM2KVDKIoeb8vVxk4ezEUsxdTZh5wFnKO3YmFhy9tkk=' https: http://localhost:* blob:;
-+			script-src 'self' 'unsafe-eval' 'sha256-6eZXxikxkENULU0EOkVQSd4hglGixLg3Aow9psZ6u2Y=' https: http://localhost:* blob:;
+-			script-src 'self' 'unsafe-eval' 'sha256-cl8ijlOzEe+0GRCQNJQu2k6nUQ0fAYNYIuuKEm72JDs=' https: http://localhost:* blob:;
++			script-src 'self' 'unsafe-eval' 'sha256-yhZXuB8LS6t73dvNg6rtLX8y4PHLnqRm5+6DdOGkOcw=' https: http://localhost:* blob:;
  			connect-src 'self' https: wss: http://localhost:* http://127.0.0.1:* ws://localhost:* ws://127.0.0.1:*;"/>
  	</head>
  	<body>
-@@ -23,6 +23,13 @@
+@@ -25,6 +25,13 @@
  			// validation not requested
  			return start();
  		}

src/browser/favicon.afdesign

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:625d2049c38ae27df0613fa533020e889fa98affd603050f46d3748be7b90d0b
-size 38675

src/browser/media/favicon-dark-support.svg

@@ -1,7 +1,4 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg width="100%" height="100%" viewBox="0 0 2250 2250" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;"><style>
-@media (prefers-color-scheme: dark) {
-  * {
-    fill: white;
-  }
-}
-</style><rect id="favicon" x="0" y="0" width="2250" height="2250" style="fill:none;"/><g id="favicon1" serif:id="favicon"><path d="M1991.66,1034.72c-38.493,0 -64.144,-22.57 -64.144,-68.897l-0,-266.084c-0,-169.867 -69.982,-263.709 -250.762,-263.709l-83.976,0l-0,179.368l25.661,0c71.144,0 104.967,39.201 104.967,109.285l0,235.201c0,102.156 30.324,143.733 96.806,165.114c-66.482,20.196 -96.806,62.958 -96.806,165.114l0,174.621c0,48.7 0,96.216 -12.829,144.917c-12.829,45.141 -33.823,87.903 -62.98,124.726c-16.329,21.386 -34.991,39.202 -55.981,55.835l-0,23.755l83.971,-0c180.781,-0 250.763,-93.843 250.763,-263.709l-0,-266.084c-0,-47.516 24.485,-68.897 64.144,-68.897l47.822,-0l-0,-179.37l-46.656,-0l0,-1.186Z" style="fill-rule:nonzero;"/><path d="M1420.16,706.904l-258.923,0c-5.833,0 -10.495,-4.752 -10.495,-10.691l-0,-20.192c-0,-5.941 4.662,-10.692 10.495,-10.692l260.089,0c5.83,0 10.495,4.751 10.495,10.692l0,20.192c0,5.939 -5.833,10.691 -11.661,10.691Z" style="fill-rule:nonzero;"/><path d="M1464.48,963.474l-188.942,0c-5.833,0 -10.501,-4.754 -10.501,-10.693l0,-20.192c0,-5.938 4.668,-10.691 10.501,-10.691l188.942,-0c5.833,-0 10.495,4.753 10.495,10.691l-0,20.192c-0,4.754 -4.662,10.693 -10.495,10.693Z" style="fill-rule:nonzero;"/><path d="M1539.12,835.188l-377.885,0c-5.833,0 -10.495,-4.75 -10.495,-10.689l-0,-20.196c-0,-5.939 4.662,-10.69 10.495,-10.69l376.719,0c5.833,0 10.499,4.751 10.499,10.69l-0,20.196c-0,4.75 -3.5,10.689 -9.333,10.689Z" style="fill-rule:nonzero;"/><path d="M861.493,765.074c25.658,0 51.319,2.376 75.811,8.316l0,-48.705c0,-68.897 34.989,-109.285 104.971,-109.285l25.658,0l-0,-179.368l-83.977,0c-180.781,0 -250.758,93.842 -250.758,263.709l0,87.901c40.819,-14.252 83.977,-22.568 128.295,-22.568Z" style="fill-rule:nonzero;"/><path d="M1618.44,1411.25c-18.662,-150.861 -132.962,-276.776 -279.919,-305.285c-40.818,-8.314 -81.642,-9.504 -121.295,-2.376c-1.166,-0 -1.166,-1.189 -2.332,-1.189c-64.148,-136.605 -201.772,-226.884 -351.063,-226.884c-149.289,-0 -285.747,87.905 -351.062,224.51c-1.166,-0 -1.166,1.188 -2.332,1.188c-41.987,-4.753 -83.975,-2.379 -125.963,8.314c-144.623,35.634 -254.257,159.175 -274.085,308.847c-2.332,15.441 -3.499,30.883 -3.499,45.141c0,45.136 30.325,86.713 74.645,92.652c54.817,8.317 102.636,-34.448 101.469,-89.089c0,-8.317 0,-17.821 1.167,-26.134c9.331,-76.025 66.48,-140.168 141.123,-157.99c23.328,-5.939 46.654,-7.124 68.814,-3.559c71.146,9.502 141.124,-27.324 171.449,-91.467c22.162,-47.516 57.151,-89.094 103.804,-111.664c51.314,-24.946 109.633,-28.506 163.286,-9.499c55.979,20.192 97.966,62.954 123.627,116.409c26.824,52.27 39.653,89.093 96.805,96.221c23.325,3.559 88.639,2.374 113.132,1.185c47.82,0 95.64,16.631 129.463,51.079c22.156,23.757 38.485,53.455 45.486,86.715c10.495,53.455 -2.334,106.908 -33.825,147.296c-22.162,28.509 -52.485,49.89 -86.308,59.394c-16.329,4.754 -32.657,5.939 -48.986,5.939l-257.757,0c-51.314,0 -92.138,-41.573 -92.138,-93.842l0,-348.049c0,-14.251 -11.661,-26.13 -25.658,-26.13l-36.156,0c-71.148,1.185 -128.295,81.964 -128.295,167.488l-0,312.415c-0,92.652 73.476,167.488 164.451,167.488c0,0 404.714,-1.19 410.544,-1.19c93.304,-9.503 179.614,-58.204 237.927,-133.04c58.319,-72.46 85.142,-167.492 73.481,-264.894Z" style="fill-rule:nonzero;"/></g></svg>
+<svg width="100%" height="100%" viewBox="0 0 147 147" xmlns="http://www.w3.org/2000/svg">
+  <style>@media (prefers-color-scheme: dark) {* { fill: white; }}</style>
+  <path d="m42.4214,39.655c-24.4057,0 -42.1554,13.1721 -42.1554,33.845c0,20.5814 18.4892,33.845 42.1554,33.845c23.6662,0 38.1803,-11.6171 38.7349,-28.7225l-21.0777,-0.4574c-0.9244,9.3303 -9.1059,15.1845 -17.6572,15.1845c-11.7406,0 -20.4306,-7.5922 -20.4306,-19.8496c0,-12.2574 8.69,-19.9868 20.4306,-20.2155c8.5513,-0.183 16.9177,5.9457 17.4723,15.276l21.0777,-0.6403c-0.4622,-16.8311 -14.1442,-28.2652 -38.55,-28.2652zm48.8446,2l55.468,0l0,64.0311l-55.468,0l0,-64.0311z" clip-rule="evenodd" fill-rule="evenodd"/>
+</svg>

src/browser/media/favicon.svg

@@ -1 +1,3 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg width="100%" height="100%" viewBox="0 0 2250 2250" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;"><rect id="favicon" x="0" y="0" width="2250" height="2250" style="fill:none;"/><g id="favicon1" serif:id="favicon"><path d="M1991.66,1034.72c-38.493,0 -64.144,-22.57 -64.144,-68.897l-0,-266.084c-0,-169.867 -69.982,-263.709 -250.762,-263.709l-83.976,0l-0,179.368l25.661,0c71.144,0 104.967,39.201 104.967,109.285l0,235.201c0,102.156 30.324,143.733 96.806,165.114c-66.482,20.196 -96.806,62.958 -96.806,165.114l0,174.621c0,48.7 0,96.216 -12.829,144.917c-12.829,45.141 -33.823,87.903 -62.98,124.726c-16.329,21.386 -34.991,39.202 -55.981,55.835l-0,23.755l83.971,-0c180.781,-0 250.763,-93.843 250.763,-263.709l-0,-266.084c-0,-47.516 24.485,-68.897 64.144,-68.897l47.822,-0l-0,-179.37l-46.656,-0l0,-1.186Z" style="fill-rule:nonzero;"/><path d="M1420.16,706.904l-258.923,0c-5.833,0 -10.495,-4.752 -10.495,-10.691l-0,-20.192c-0,-5.941 4.662,-10.692 10.495,-10.692l260.089,0c5.83,0 10.495,4.751 10.495,10.692l0,20.192c0,5.939 -5.833,10.691 -11.661,10.691Z" style="fill-rule:nonzero;"/><path d="M1464.48,963.474l-188.942,0c-5.833,0 -10.501,-4.754 -10.501,-10.693l0,-20.192c0,-5.938 4.668,-10.691 10.501,-10.691l188.942,-0c5.833,-0 10.495,4.753 10.495,10.691l-0,20.192c-0,4.754 -4.662,10.693 -10.495,10.693Z" style="fill-rule:nonzero;"/><path d="M1539.12,835.188l-377.885,0c-5.833,0 -10.495,-4.75 -10.495,-10.689l-0,-20.196c-0,-5.939 4.662,-10.69 10.495,-10.69l376.719,0c5.833,0 10.499,4.751 10.499,10.69l-0,20.196c-0,4.75 -3.5,10.689 -9.333,10.689Z" style="fill-rule:nonzero;"/><path d="M861.493,765.074c25.658,0 51.319,2.376 75.811,8.316l0,-48.705c0,-68.897 34.989,-109.285 104.971,-109.285l25.658,0l-0,-179.368l-83.977,0c-180.781,0 -250.758,93.842 -250.758,263.709l0,87.901c40.819,-14.252 83.977,-22.568 128.295,-22.568Z" style="fill-rule:nonzero;"/><path d="M1618.44,1411.25c-18.662,-150.861 -132.962,-276.776 -279.919,-305.285c-40.818,-8.314 -81.642,-9.504 -121.295,-2.376c-1.166,-0 -1.166,-1.189 -2.332,-1.189c-64.148,-136.605 -201.772,-226.884 -351.063,-226.884c-149.289,-0 -285.747,87.905 -351.062,224.51c-1.166,-0 -1.166,1.188 -2.332,1.188c-41.987,-4.753 -83.975,-2.379 -125.963,8.314c-144.623,35.634 -254.257,159.175 -274.085,308.847c-2.332,15.441 -3.499,30.883 -3.499,45.141c0,45.136 30.325,86.713 74.645,92.652c54.817,8.317 102.636,-34.448 101.469,-89.089c0,-8.317 0,-17.821 1.167,-26.134c9.331,-76.025 66.48,-140.168 141.123,-157.99c23.328,-5.939 46.654,-7.124 68.814,-3.559c71.146,9.502 141.124,-27.324 171.449,-91.467c22.162,-47.516 57.151,-89.094 103.804,-111.664c51.314,-24.946 109.633,-28.506 163.286,-9.499c55.979,20.192 97.966,62.954 123.627,116.409c26.824,52.27 39.653,89.093 96.805,96.221c23.325,3.559 88.639,2.374 113.132,1.185c47.82,0 95.64,16.631 129.463,51.079c22.156,23.757 38.485,53.455 45.486,86.715c10.495,53.455 -2.334,106.908 -33.825,147.296c-22.162,28.509 -52.485,49.89 -86.308,59.394c-16.329,4.754 -32.657,5.939 -48.986,5.939l-257.757,0c-51.314,0 -92.138,-41.573 -92.138,-93.842l0,-348.049c0,-14.251 -11.661,-26.13 -25.658,-26.13l-36.156,0c-71.148,1.185 -128.295,81.964 -128.295,167.488l-0,312.415c-0,92.652 73.476,167.488 164.451,167.488c0,0 404.714,-1.19 410.544,-1.19c93.304,-9.503 179.614,-58.204 237.927,-133.04c58.319,-72.46 85.142,-167.492 73.481,-264.894Z" style="fill-rule:nonzero;"/></g></svg>
+<svg width="100%" height="100%" viewBox="0 0 147 147" xmlns="http://www.w3.org/2000/svg">
+  <path d="m42.4214,39.655c-24.4057,0 -42.1554,13.1721 -42.1554,33.845c0,20.5814 18.4892,33.845 42.1554,33.845c23.6662,0 38.1803,-11.6171 38.7349,-28.7225l-21.0777,-0.4574c-0.9244,9.3303 -9.1059,15.1845 -17.6572,15.1845c-11.7406,0 -20.4306,-7.5922 -20.4306,-19.8496c0,-12.2574 8.69,-19.9868 20.4306,-20.2155c8.5513,-0.183 16.9177,5.9457 17.4723,15.276l21.0777,-0.6403c-0.4622,-16.8311 -14.1442,-28.2652 -38.55,-28.2652zm48.8446,2l55.468,0l0,64.0311l-55.468,0l0,-64.0311z" clip-rule="evenodd" fill-rule="evenodd"/>
+</svg>

src/browser/pages/error.css

@@ -11,6 +11,7 @@
 
 .error-display > .body {
   color: #444;
+  color: light-dark(#444, #ccc);
   font-size: 1.2rem;
 }
 

src/browser/pages/error.html

@@ -10,7 +10,7 @@
       http-equiv="Content-Security-Policy"
       content="style-src 'self'; manifest-src 'self'; img-src 'self' data:; font-src 'self' data:;"
     />
-
+    <meta name="color-scheme" content="light dark" />
     <title>{{ERROR_TITLE}} - code-server</title>
     <link rel="icon" href="{{CS_STATIC_BASE}}/src/browser/media/favicon-dark-support.svg" />
     <link rel="alternate icon" href="{{CS_STATIC_BASE}}/src/browser/media/favicon.ico" />

src/browser/pages/global.css

@@ -1,3 +1,7 @@
+:root {
+  color-scheme: light dark;
+}
+
 html,
 body,
 #root {
@@ -7,9 +11,12 @@ body,
 
 body {
   background: rgb(244, 247, 252);
+  background: light-dark(rgb(244, 247, 252), #111827);
   color: #111;
+  color: light-dark(#111, #ddd);
   margin: 0;
-  font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji",
+  font-family:
+    -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji",
     "Segoe UI Emoji", "Segoe UI Symbol";
   overflow: hidden;
 }
@@ -23,12 +30,15 @@ button {
 
 .-button {
   background-color: rgb(87, 114, 245);
+  background-color: light-dark(rgb(87, 114, 245), rgb(26, 86, 219));
   border-radius: 5px;
   border: none;
   box-sizing: border-box;
   color: white;
+  color: light-dark(white, white);
   cursor: pointer;
   padding: 18px 20px;
+  font-weight: 500;
   text-decoration: none;
 }
 
@@ -45,9 +55,10 @@ button {
 
 .card-box {
   background-color: rgb(250, 253, 258);
+  background-color: light-dark(rgb(250, 253, 258), #1f2937);
   border-radius: 5px;
   box-shadow:
-    rgba(60, 66, 87, 0.117647) 0px 7px 14px 0px,
+    light-dark(rgba(60, 66, 87, 0.117647), rgba(10, 10, 10, 0.617647)) 0px 7px 14px 0px,
     rgba(0, 0, 0, 0.117647) 0px 3px 6px 0px;
   max-width: 650px;
   width: 100%;
@@ -55,7 +66,9 @@ button {
 
 .card-box > .header {
   border-bottom: 1px solid #ddd;
+  border-bottom: 1px solid light-dark(#ddd, #111827);
   color: #444;
+  color: light-dark(#444, #fff);
   padding: 30px;
 }
 
@@ -66,6 +79,7 @@ button {
 
 .card-box > .header > .sub {
   color: #555;
+  color: light-dark(#555, #9ca3af);
   margin-top: 10px;
 }
 

src/browser/pages/login.css

@@ -30,14 +30,23 @@ body {
 
 .login-form > .field > .password {
   background-color: rgb(244, 247, 252);
+  background-color: light-dark(rgb(244, 247, 252), #374151);
   border-radius: 5px;
   border: 1px solid #ddd;
+  border: 1px solid light-dark(#ddd, #4b5563);
   box-sizing: border-box;
-  color: black;
   flex: 1;
   padding: 16px;
 }
 
+.login-form > .field > .password::placeholder {
+  color: rgb(148 163 184);
+}
+
+.login-form > .field > .password:focus {
+  outline: 2px solid rgb(63, 131, 248);
+}
+
 .login-form > .user {
   display: none;
 }

src/browser/pages/login.html

@@ -10,6 +10,7 @@
       http-equiv="Content-Security-Policy"
       content="style-src 'self'; script-src 'self' 'unsafe-inline'; manifest-src 'self'; img-src 'self' data:; font-src 'self' data:;"
     />
+    <meta name="color-scheme" content="light dark" />
     <title>{{I18N_LOGIN_TITLE}}</title>
     <link rel="icon" href="{{CS_STATIC_BASE}}/src/browser/media/favicon-dark-support.svg" />
     <link rel="alternate icon" href="{{CS_STATIC_BASE}}/src/browser/media/favicon.ico" />

src/node/cli.ts

@@ -30,7 +30,7 @@ export enum LogLevel {
 export class OptionalString extends Optional<string> {}
 
 /**
- * Code flags provided by the user.
+ * (VS) Code flags provided by the user.
  */
 export interface UserProvidedCodeArgs {
   "disable-telemetry"?: boolean
@@ -53,7 +53,9 @@ export interface UserProvidedCodeArgs {
   "disable-getting-started-override"?: boolean
   "disable-proxy"?: boolean
   "session-socket"?: string
-  "abs-proxy-base-path"?: string
+  "link-protection-trusted-domains"?: string[]
+  // locale is used by both VS Code and code-server.
+  locale?: string
 }
 
 /**
@@ -73,7 +75,6 @@ export interface UserProvidedArgs extends UserProvidedCodeArgs {
   enable?: string[]
   help?: boolean
   host?: string
-  locale?: string
   port?: number
   json?: boolean
   log?: LogLevel
@@ -84,12 +85,16 @@ export interface UserProvidedArgs extends UserProvidedCodeArgs {
   "trusted-origins"?: string[]
   version?: boolean
   "proxy-domain"?: string[]
+  "skip-auth-preflight"?: boolean
   "reuse-window"?: boolean
   "new-window"?: boolean
   "ignore-last-opened"?: boolean
   verbose?: boolean
   "app-name"?: string
   "welcome-text"?: string
+  "abs-proxy-base-path"?: string
+  i18n?: string
+  "idle-timeout-seconds"?: number
   /* Positional arguments. */
   _?: string[]
 }
@@ -193,6 +198,10 @@ export const options: Options<Required<UserProvidedArgs>> = {
   enable: { type: "string[]" },
   help: { type: "boolean", short: "h", description: "Show this output." },
   json: { type: "boolean" },
+  "link-protection-trusted-domains": {
+    type: "string[]",
+    description: "Links matching a trusted domain can be opened without link protection.",
+  },
   locale: {
     // The preferred way to set the locale is via the UI.
     type: "string",
@@ -252,6 +261,10 @@ export const options: Options<Required<UserProvidedArgs>> = {
     description: "GitHub authentication token (can only be passed in via $GITHUB_TOKEN or the config file).",
   },
   "proxy-domain": { type: "string[]", description: "Domain used for proxying ports." },
+  "skip-auth-preflight": {
+    type: "boolean",
+    description: "Allows preflight requests through proxy without authentication.",
+  },
   "ignore-last-opened": {
     type: "boolean",
     short: "e",
@@ -273,17 +286,28 @@ export const options: Options<Required<UserProvidedArgs>> = {
   "app-name": {
     type: "string",
     short: "an",
-    description: "The name to use in branding. Will be shown in titlebar and welcome message",
+    description:
+      "Will replace the {{app}} placeholder in any strings, which by default includes the title bar and welcome message",
   },
   "welcome-text": {
     type: "string",
     short: "w",
     description: "Text to show on login page",
+    deprecated: true,
   },
   "abs-proxy-base-path": {
     type: "string",
     description: "The base path to prefix to all absproxy requests",
   },
+  i18n: {
+    type: "string",
+    path: true,
+    description: "Path to JSON file with custom translations. Merges with default strings and supports all i18n keys.",
+  },
+  "idle-timeout-seconds": {
+    type: "number",
+    description: "Timeout in seconds to wait before shutting down when idle.",
+  },
 }
 
 export const optionDescriptions = (opts: Partial<Options<Required<UserProvidedArgs>>> = options): string[] => {
@@ -377,6 +401,10 @@ export const parse = (
         throw new Error("--github-auth can only be set in the config file or passed in via $GITHUB_TOKEN")
       }
 
+      if (key === "idle-timeout-seconds" && Number(value) <= 60) {
+        throw new Error("--idle-timeout-seconds must be greater than 60 seconds.")
+      }
+
       const option = options[key]
       if (option.type === "boolean") {
         ;(args[key] as boolean) = true
@@ -592,6 +620,16 @@ export async function setDefaults(cliArgs: UserProvidedArgs, configArgs?: Config
     args["github-auth"] = process.env.GITHUB_TOKEN
   }
 
+  if (process.env.CODE_SERVER_IDLE_TIMEOUT_SECONDS) {
+    if (isNaN(Number(process.env.CODE_SERVER_IDLE_TIMEOUT_SECONDS))) {
+      logger.info("CODE_SERVER_IDLE_TIMEOUT_SECONDS must be a number")
+    }
+    if (Number(process.env.CODE_SERVER_IDLE_TIMEOUT_SECONDS) <= 60) {
+      throw new Error("--idle-timeout-seconds must be greater than 60 seconds.")
+    }
+    args["idle-timeout-seconds"] = Number(process.env.CODE_SERVER_IDLE_TIMEOUT_SECONDS)
+  }
+
   // Ensure they're not readable by child processes.
   delete process.env.PASSWORD
   delete process.env.HASHED_PASSWORD
@@ -702,12 +740,16 @@ export function parseConfigFile(configFile: string, configPath: string): ConfigA
 
   // We convert the config file into a set of flags.
   // This is a temporary measure until we add a proper CLI library.
-  const configFileArgv = Object.entries(config).map(([optName, opt]) => {
+  const configFileArgv = Object.entries(config)
+    .map(([optName, opt]) => {
       if (opt === true) {
         return `--${optName}`
+      } else if (Array.isArray(opt)) {
+        return opt.map((o) => `--${optName}=${o}`)
       }
       return `--${optName}=${opt}`
     })
+    .flat()
   const args = parse(configFileArgv, {
     configFile: configPath,
   })

src/node/heart.ts

@@ -1,5 +1,6 @@
 import { logger } from "@coder/logger"
 import { promises as fs } from "fs"
+import { Emitter } from "../common/emitter"
 
 /**
  * Provides a heartbeat using a local file to indicate activity.
@@ -8,6 +9,9 @@ export class Heart {
   private heartbeatTimer?: NodeJS.Timeout
   private heartbeatInterval = 60000
   public lastHeartbeat = 0
+  private readonly _onChange = new Emitter<"alive" | "expired" | "unknown">()
+  readonly onChange = this._onChange.event
+  private state: "alive" | "expired" | "unknown" = "expired"
 
   public constructor(
     private readonly heartbeatPath: string,
@@ -17,6 +21,13 @@ export class Heart {
     this.alive = this.alive.bind(this)
   }
 
+  private setState(state: typeof this.state) {
+    if (this.state !== state) {
+      this.state = state
+      this._onChange.emit(this.state)
+    }
+  }
+
   public alive(): boolean {
     const now = Date.now()
     return now - this.lastHeartbeat < this.heartbeatInterval
@@ -28,6 +39,7 @@ export class Heart {
    */
   public async beat(): Promise<void> {
     if (this.alive()) {
+      this.setState("alive")
       return
     }
 
@@ -36,7 +48,22 @@ export class Heart {
     if (typeof this.heartbeatTimer !== "undefined") {
       clearTimeout(this.heartbeatTimer)
     }
-    this.heartbeatTimer = setTimeout(() => heartbeatTimer(this.isActive, this.beat), this.heartbeatInterval)
+
+    this.heartbeatTimer = setTimeout(async () => {
+      try {
+        if (await this.isActive()) {
+          this.beat()
+        } else {
+          this.setState("expired")
+        }
+      } catch (error: unknown) {
+        logger.warn((error as Error).message)
+        this.setState("unknown")
+      }
+    }, this.heartbeatInterval)
+
+    this.setState("alive")
+
     try {
       return await fs.writeFile(this.heartbeatPath, "")
     } catch (error: any) {
@@ -53,20 +80,3 @@ export class Heart {
     }
   }
 }
-
-/**
- * Helper function for the heartbeatTimer.
- *
- * If heartbeat is active, call beat. Otherwise do nothing.
- *
- * Extracted to make it easier to test.
- */
-export async function heartbeatTimer(isActive: Heart["isActive"], beat: Heart["beat"]) {
-  try {
-    if (await isActive()) {
-      beat()
-    }
-  } catch (error: unknown) {
-    logger.warn((error as Error).message)
-  }
-}

src/node/http.ts

@@ -1,9 +1,8 @@
 import { field, logger } from "@coder/logger"
 import * as express from "express"
-import * as expressCore from "express-serve-static-core"
 import * as http from "http"
 import * as net from "net"
-import * as qs from "qs"
+import qs from "qs"
 import { Disposable } from "../common/emitter"
 import { CookieKeys, HttpCode, HttpError } from "../common/http"
 import { normalize } from "../common/util"
@@ -185,12 +184,7 @@ export const constructRedirectPath = (req: express.Request, query: qs.ParsedQs,
  * preserved.  `to` should be a simple path without any query parameters
  * `override` will merge with the existing query (use `undefined` to unset).
  */
-export const redirect = (
-  req: express.Request,
-  res: express.Response,
-  to: string,
-  override: expressCore.Query = {},
-): void => {
+export const redirect = (req: express.Request, res: express.Response, to: string, override: qs.ParsedQs = {}): void => {
   const query = Object.assign({}, req.query, override)
   Object.keys(override).forEach((key) => {
     if (typeof override[key] === "undefined") {

src/node/i18n/index.ts

@@ -1,3 +1,4 @@
+import { promises as fs } from "fs"
 import i18next, { init } from "i18next"
 import * as en from "./locales/en.json"
 import * as ja from "./locales/ja.json"
@@ -5,13 +6,7 @@ import * as th from "./locales/th.json"
 import * as ur from "./locales/ur.json"
 import * as zhCn from "./locales/zh-cn.json"
 
-init({
-  lng: "en",
-  fallbackLng: "en", // language to use if translations in user language are not available.
-  returnNull: false,
-  lowerCaseLng: true,
-  debug: process.env.NODE_ENV === "development",
-  resources: {
+const defaultResources = {
   en: {
     translation: en,
   },
@@ -27,7 +22,38 @@ init({
   ur: {
     translation: ur,
   },
-  },
+}
+
+export async function loadCustomStrings(filePath: string): Promise<void> {
+  try {
+    // Read custom strings from file path only
+    const fileContent = await fs.readFile(filePath, "utf8")
+    const customStringsData = JSON.parse(fileContent)
+
+    // User-provided strings override all languages.
+    Object.keys(defaultResources).forEach((locale) => {
+      i18next.addResourceBundle(locale, "translation", customStringsData)
+    })
+  } catch (error) {
+    if (error && typeof error === "object" && "code" in error && error.code === "ENOENT") {
+      throw new Error(`Custom strings file not found: ${filePath}\nPlease ensure the file exists and is readable.`)
+    } else if (error instanceof SyntaxError) {
+      throw new Error(`Invalid JSON in custom strings file: ${filePath}\n${error.message}`)
+    } else {
+      throw new Error(
+        `Failed to load custom strings from ${filePath}: ${error instanceof Error ? error.message : String(error)}`,
+      )
+    }
+  }
+}
+
+init({
+  lng: "en",
+  fallbackLng: "en", // language to use if translations in user language are not available.
+  returnNull: false,
+  lowerCaseLng: true,
+  debug: process.env.NODE_ENV === "development",
+  resources: defaultResources,
 })
 
 export default i18next

src/node/main.ts

@@ -1,14 +1,17 @@
 import { field, logger } from "@coder/logger"
 import http from "http"
+import * as os from "os"
 import * as path from "path"
 import { Disposable } from "../common/emitter"
 import { plural } from "../common/util"
 import { createApp, ensureAddress } from "./app"
 import { AuthType, DefaultedArgs, Feature, toCodeArgs, UserProvidedArgs } from "./cli"
 import { commit, version, vsRootPath } from "./constants"
+import { loadCustomStrings } from "./i18n"
 import { register } from "./routes"
 import { VSCodeModule } from "./routes/vscode"
 import { isDirectory, open } from "./util"
+import { wrapper } from "./wrapper"
 
 /**
  * Return true if the user passed an extension-related VS Code flag.
@@ -51,7 +54,11 @@ export const runCodeCli = async (args: DefaultedArgs): Promise<void> => {
   try {
     // See vscode.loadVSCode for more on this jank.
     process.env.CODE_SERVER_PARENT_PID = process.pid.toString()
-    const modPath = path.join(vsRootPath, "out/server-main.js")
+    let modPath = path.join(vsRootPath, "out/server-main.js")
+    if (os.platform() === "win32") {
+      // On Windows, absolute paths of ESM modules must be a valid file URI.
+      modPath = "file:///" + modPath.replace(/\\/g, "/")
+    }
     const mod = (await eval(`import("${modPath}")`)) as VSCodeModule
     const serverModule = await mod.loadCodeWithNls()
     await serverModule.spawnCli(await toCodeArgs(args))
@@ -117,6 +124,12 @@ export const runCodeServer = async (
 ): Promise<{ dispose: Disposable["dispose"]; server: http.Server }> => {
   logger.info(`code-server ${version} ${commit}`)
 
+  // Load custom strings if provided
+  if (args.i18n) {
+    await loadCustomStrings(args.i18n)
+    logger.info("Loaded custom strings")
+  }
+
   logger.info(`Using user-data-dir ${args["user-data-dir"]}`)
   logger.debug(`Using extensions-dir ${args["extensions-dir"]}`)
 
@@ -129,7 +142,7 @@ export const runCodeServer = async (
   const app = await createApp(args)
   const protocol = args.cert ? "https" : "http"
   const serverAddress = ensureAddress(app.server, protocol)
-  const disposeRoutes = await register(app, args)
+  const { disposeRoutes, heart } = await register(app, args)
 
   logger.info(`Using config file ${args.config}`)
   logger.info(`${protocol.toUpperCase()} server listening on ${serverAddress.toString()}`)
@@ -139,6 +152,8 @@ export const runCodeServer = async (
       logger.info("    - Using password from $PASSWORD")
     } else if (args.usingEnvHashedPassword) {
       logger.info("    - Using password from $HASHED_PASSWORD")
+    } else if (args["hashed-password"]) {
+      logger.info(`    - Using hashed-password from ${args.config}`)
     } else {
       logger.info(`    - Using password from ${args.config}`)
     }
@@ -152,12 +167,36 @@ export const runCodeServer = async (
     logger.info("  - Not serving HTTPS")
   }
 
+  if (args["idle-timeout-seconds"]) {
+    logger.info(`  - Idle timeout set to ${args["idle-timeout-seconds"]} seconds`)
+
+    let idleShutdownTimer: NodeJS.Timeout | undefined
+    const startIdleShutdownTimer = () => {
+      idleShutdownTimer = setTimeout(() => {
+        logger.warn(`Idle timeout of ${args["idle-timeout-seconds"]} seconds exceeded`)
+        wrapper.exit(0)
+      }, args["idle-timeout-seconds"]! * 1000)
+    }
+
+    startIdleShutdownTimer()
+
+    heart.onChange((state) => {
+      clearTimeout(idleShutdownTimer)
+      if (state === "expired") {
+        startIdleShutdownTimer()
+      }
+    })
+  }
+
   if (args["disable-proxy"]) {
     logger.info("  - Proxy disabled")
   } else if (args["proxy-domain"].length > 0) {
     logger.info(`  - ${plural(args["proxy-domain"].length, "Proxying the following domain")}:`)
     args["proxy-domain"].forEach((domain) => logger.info(`    - ${domain}`))
   }
+  if (args["skip-auth-preflight"]) {
+    logger.info("  - Skipping authentication for preflight requests")
+  }
   if (process.env.VSCODE_PROXY_URI) {
     logger.info(`Using proxy URI in PORTS tab: ${process.env.VSCODE_PROXY_URI}`)
   }

src/node/plugin.ts

@@ -1,302 +0,0 @@
-import { field, Level, Logger } from "@coder/logger"
-import * as express from "express"
-import * as fs from "fs"
-import * as path from "path"
-import * as semver from "semver"
-import * as pluginapi from "../../typings/pluginapi"
-import { HttpCode, HttpError } from "../common/http"
-import { version } from "./constants"
-import { authenticated, ensureAuthenticated, replaceTemplates } from "./http"
-import { proxy } from "./proxy"
-import * as util from "./util"
-import { Router as WsRouter, WebsocketRouter, wss } from "./wsRouter"
-const fsp = fs.promises
-
-// Represents a required module which could be anything.
-type Module = any
-
-/**
- * Inject code-server when `require`d. This is required because the API provides
- * more than just types so these need to be provided at run-time.
- */
-const originalLoad = require("module")._load
-require("module")._load = function (request: string, parent: object, isMain: boolean): Module {
-  return request === "code-server" ? codeServer : originalLoad.apply(this, [request, parent, isMain])
-}
-
-/**
- * The module you get when importing "code-server".
- */
-export const codeServer = {
-  HttpCode,
-  HttpError,
-  Level,
-  authenticated,
-  ensureAuthenticated,
-  express,
-  field,
-  proxy,
-  replaceTemplates,
-  WsRouter,
-  wss,
-}
-
-interface Plugin extends pluginapi.Plugin {
-  /**
-   * These fields are populated from the plugin's package.json
-   * and now guaranteed to exist.
-   */
-  name: string
-  version: string
-
-  /**
-   * path to the node module on the disk.
-   */
-  modulePath: string
-}
-
-interface Application extends pluginapi.Application {
-  /*
-   * Clone of the above without functions.
-   */
-  plugin: Omit<Plugin, "init" | "deinit" | "router" | "applications">
-}
-
-/**
- * PluginAPI implements the plugin API described in typings/pluginapi.d.ts
- * Please see that file for details.
- */
-export class PluginAPI {
-  private readonly plugins = new Map<string, Plugin>()
-  private readonly logger: Logger
-
-  public constructor(
-    logger: Logger,
-    /**
-     * These correspond to $CS_PLUGIN_PATH and $CS_PLUGIN respectively.
-     */
-    private readonly csPlugin = "",
-    private readonly csPluginPath = `${path.join(util.paths.data, "plugins")}:/usr/share/code-server/plugins`,
-    private readonly workingDirectory: string | undefined = undefined,
-  ) {
-    this.logger = logger.named("pluginapi")
-  }
-
-  /**
-   * applications grabs the full list of applications from
-   * all loaded plugins.
-   */
-  public async applications(): Promise<Application[]> {
-    const apps = new Array<Application>()
-    for (const [, p] of this.plugins) {
-      if (!p.applications) {
-        continue
-      }
-      const pluginApps = await p.applications()
-
-      // Add plugin key to each app.
-      apps.push(
-        ...pluginApps.map((app) => {
-          app = { ...app, path: path.join(p.routerPath, app.path || "") }
-          app = { ...app, iconPath: path.join(app.path || "", app.iconPath) }
-          return {
-            ...app,
-            plugin: {
-              name: p.name,
-              version: p.version,
-              modulePath: p.modulePath,
-
-              displayName: p.displayName,
-              description: p.description,
-              routerPath: p.routerPath,
-              homepageURL: p.homepageURL,
-            },
-          }
-        }),
-      )
-    }
-    return apps
-  }
-
-  /**
-   * mount mounts all plugin routers onto r and websocket routers onto wr.
-   */
-  public mount(r: express.Router, wr: express.Router): void {
-    for (const [, p] of this.plugins) {
-      if (p.router) {
-        r.use(`${p.routerPath}`, p.router())
-      }
-      if (p.wsRouter) {
-        wr.use(`${p.routerPath}`, (p.wsRouter() as WebsocketRouter).router)
-      }
-    }
-  }
-
-  /**
-   * loadPlugins loads all plugins based on this.csPlugin,
-   * this.csPluginPath and the built in plugins.
-   */
-  public async loadPlugins(loadBuiltin = true): Promise<void> {
-    for (const dir of this.csPlugin.split(":")) {
-      if (!dir) {
-        continue
-      }
-      await this.loadPlugin(dir)
-    }
-
-    for (const dir of this.csPluginPath.split(":")) {
-      if (!dir) {
-        continue
-      }
-      await this._loadPlugins(dir)
-    }
-
-    if (loadBuiltin) {
-      await this._loadPlugins(path.join(__dirname, "../../plugins"))
-    }
-  }
-
-  /**
-   * _loadPlugins is the counterpart to loadPlugins.
-   *
-   * It differs in that it loads all plugins in a single
-   * directory whereas loadPlugins uses all available directories
-   * as documented.
-   */
-  private async _loadPlugins(dir: string): Promise<void> {
-    try {
-      const entries = await fsp.readdir(dir, { withFileTypes: true })
-      for (const ent of entries) {
-        if (!ent.isDirectory()) {
-          continue
-        }
-        await this.loadPlugin(path.join(dir, ent.name))
-      }
-    } catch (error: any) {
-      if (error.code !== "ENOENT") {
-        this.logger.warn(`failed to load plugins from ${q(dir)}: ${error.message}`)
-      }
-    }
-  }
-
-  private async loadPlugin(dir: string): Promise<void> {
-    try {
-      const str = await fsp.readFile(path.join(dir, "package.json"), {
-        encoding: "utf8",
-      })
-      const packageJSON: PackageJSON = JSON.parse(str)
-      for (const [, p] of this.plugins) {
-        if (p.name === packageJSON.name) {
-          this.logger.warn(
-            `ignoring duplicate plugin ${q(p.name)} at ${q(dir)}, using previously loaded ${q(p.modulePath)}`,
-          )
-          return
-        }
-      }
-      const p = this._loadPlugin(dir, packageJSON)
-      this.plugins.set(p.name, p)
-    } catch (error: any) {
-      if (error.code !== "ENOENT") {
-        this.logger.warn(`failed to load plugin: ${error.stack}`)
-      }
-    }
-  }
-
-  /**
-   * _loadPlugin is the counterpart to loadPlugin and actually
-   * loads the plugin now that we know there is no duplicate
-   * and that the package.json has been read.
-   */
-  private _loadPlugin(dir: string, packageJSON: PackageJSON): Plugin {
-    dir = path.resolve(dir)
-
-    const logger = this.logger.named(packageJSON.name)
-    logger.debug("loading plugin", field("plugin_dir", dir), field("package_json", packageJSON))
-
-    if (!packageJSON.name) {
-      throw new Error("plugin package.json missing name")
-    }
-    if (!packageJSON.version) {
-      throw new Error("plugin package.json missing version")
-    }
-    if (!packageJSON.engines || !packageJSON.engines["code-server"]) {
-      throw new Error(`plugin package.json missing code-server range like:
-  "engines": {
-    "code-server": "^3.7.0"
-   }
-`)
-    }
-    if (!semver.satisfies(version, packageJSON.engines["code-server"])) {
-      this.logger.warn(
-        `plugin range ${q(packageJSON.engines["code-server"])} incompatible` + ` with code-server version ${version}`,
-      )
-    }
-
-    const pluginModule = require(dir)
-    if (!pluginModule.plugin) {
-      throw new Error("plugin module does not export a plugin")
-    }
-
-    const p = {
-      name: packageJSON.name,
-      version: packageJSON.version,
-      modulePath: dir,
-      ...pluginModule.plugin,
-    } as Plugin
-
-    if (!p.displayName) {
-      throw new Error("plugin missing displayName")
-    }
-    if (!p.description) {
-      throw new Error("plugin missing description")
-    }
-    if (!p.routerPath) {
-      throw new Error("plugin missing router path")
-    }
-    if (!p.routerPath.startsWith("/")) {
-      throw new Error(`plugin router path ${q(p.routerPath)}: invalid`)
-    }
-    if (!p.homepageURL) {
-      throw new Error("plugin missing homepage")
-    }
-
-    p.init({
-      logger: logger,
-      workingDirectory: this.workingDirectory,
-    })
-
-    logger.debug("loaded")
-
-    return p
-  }
-
-  public async dispose(): Promise<void> {
-    await Promise.all(
-      Array.from(this.plugins.values()).map(async (p) => {
-        if (!p.deinit) {
-          return
-        }
-        try {
-          await p.deinit()
-        } catch (error: any) {
-          this.logger.error("plugin failed to deinit", field("name", p.name), field("error", error.message))
-        }
-      }),
-    )
-  }
-}
-
-interface PackageJSON {
-  name: string
-  version: string
-  engines: {
-    "code-server": string
-  }
-}
-
-function q(s: string | undefined): string {
-  if (s === undefined) {
-    s = "undefined"
-  }
-  return JSON.stringify(s)
-}

src/node/routes/apps.ts

@@ -1,17 +0,0 @@
-import * as express from "express"
-import { PluginAPI } from "../plugin"
-
-/**
- * Implements the /api/applications endpoint
- *
- * See typings/pluginapi.d.ts for details.
- */
-export function router(papi: PluginAPI): express.Router {
-  const router = express.Router()
-
-  router.get("/", async (req, res) => {
-    res.json(await papi.applications())
-  })
-
-  return router
-}

src/node/routes/domainProxy.ts

@@ -61,6 +61,11 @@ router.all(/.*/, async (req, res, next) => {
 
   ensureProxyEnabled(req)
 
+  if (req.method === "OPTIONS" && req.args["skip-auth-preflight"]) {
+    // Allow preflight requests with `skip-auth-preflight` flag
+    return next()
+  }
+
   // Must be authenticated to use the proxy.
   const isAuthenticated = await authenticated(req)
   if (!isAuthenticated) {

src/node/routes/errors.ts

@@ -2,11 +2,11 @@ import { logger } from "@coder/logger"
 import express from "express"
 import { promises as fs } from "fs"
 import path from "path"
-import { WebsocketRequest } from "../../../typings/pluginapi"
 import { HttpCode } from "../../common/http"
 import { rootPath } from "../constants"
 import { replaceTemplates } from "../http"
 import { escapeHtml, getMediaMime } from "../util"
+import type { WebsocketRequest } from "../wsRouter"
 
 interface ErrorWithStatusCode {
   statusCode: number

src/node/routes/index.ts

@@ -4,7 +4,6 @@ import * as express from "express"
 import { promises as fs } from "fs"
 import * as path from "path"
 import * as tls from "tls"
-import * as pluginapi from "../../../typings/pluginapi"
 import { Disposable } from "../../common/emitter"
 import { HttpCode, HttpError } from "../../common/http"
 import { plural } from "../../common/util"
@@ -12,12 +11,11 @@ import { App } from "../app"
 import { AuthType, DefaultedArgs } from "../cli"
 import { commit, rootPath } from "../constants"
 import { Heart } from "../heart"
-import { ensureAuthenticated, redirect } from "../http"
-import { PluginAPI } from "../plugin"
+import { redirect } from "../http"
 import { CoderSettings, SettingsProvider } from "../settings"
 import { UpdateProvider } from "../update"
 import { getMediaMime, paths } from "../util"
-import * as apps from "./apps"
+import type { WebsocketRequest } from "../wsRouter"
 import * as domainProxy from "./domainProxy"
 import { errorHandler, wsErrorHandler } from "./errors"
 import * as health from "./health"
@@ -30,7 +28,10 @@ import * as vscode from "./vscode"
 /**
  * Register all routes and middleware.
  */
-export const register = async (app: App, args: DefaultedArgs): Promise<Disposable["dispose"]> => {
+export const register = async (
+  app: App,
+  args: DefaultedArgs,
+): Promise<{ disposeRoutes: Disposable["dispose"]; heart: Heart }> => {
   const heart = new Heart(path.join(paths.data, "heartbeat"), async () => {
     return new Promise((resolve, reject) => {
       // getConnections appears to not call the callback when there are no more
@@ -81,65 +82,53 @@ export const register = async (app: App, args: DefaultedArgs): Promise<Disposabl
   app.router.use(common)
   app.wsRouter.use(common)
 
-  app.router.use(async (req, res, next) => {
+  app.router.use(/.*/, async (req, res, next) => {
     // If we're handling TLS ensure all requests are redirected to HTTPS.
     // TODO: This does *NOT* work if you have a base path since to specify the
     // protocol we need to specify the whole path.
     if (args.cert && !(req.connection as tls.TLSSocket).encrypted) {
       return res.redirect(`https://${req.headers.host}${req.originalUrl}`)
     }
+    next()
+  })
 
-    // Return security.txt.
-    if (req.originalUrl === "/security.txt" || req.originalUrl === "/.well-known/security.txt") {
+  app.router.get(["/security.txt", "/.well-known/security.txt"], async (_, res) => {
     const resourcePath = path.resolve(rootPath, "src/browser/security.txt")
     res.set("Content-Type", getMediaMime(resourcePath))
-      return res.send(await fs.readFile(resourcePath))
-    }
+    res.send(await fs.readFile(resourcePath))
+  })
 
-    // Return robots.txt.
-    if (req.originalUrl === "/robots.txt") {
+  app.router.get("/robots.txt", async (_, res) => {
     const resourcePath = path.resolve(rootPath, "src/browser/robots.txt")
     res.set("Content-Type", getMediaMime(resourcePath))
-      return res.send(await fs.readFile(resourcePath))
-    }
-
-    next()
+    res.send(await fs.readFile(resourcePath))
   })
 
   app.router.use("/", domainProxy.router)
   app.wsRouter.use("/", domainProxy.wsRouter.router)
 
-  app.router.all("/proxy/:port/:path(.*)?", async (req, res) => {
+  app.router.all("/proxy/:port{/*path}", async (req, res) => {
     await pathProxy.proxy(req, res)
   })
-  app.wsRouter.get("/proxy/:port/:path(.*)?", async (req) => {
-    await pathProxy.wsProxy(req as pluginapi.WebsocketRequest)
+  app.wsRouter.get("/proxy/:port{/*path}", async (req) => {
+    await pathProxy.wsProxy(req as unknown as WebsocketRequest)
   })
   // These two routes pass through the path directly.
   // So the proxied app must be aware it is running
   // under /absproxy/<someport>/
-  app.router.all("/absproxy/:port/:path(.*)?", async (req, res) => {
+  app.router.all("/absproxy/:port{/*path}", async (req, res) => {
     await pathProxy.proxy(req, res, {
       passthroughPath: true,
       proxyBasePath: args["abs-proxy-base-path"],
     })
   })
-  app.wsRouter.get("/absproxy/:port/:path(.*)?", async (req) => {
-    await pathProxy.wsProxy(req as pluginapi.WebsocketRequest, {
+  app.wsRouter.get("/absproxy/:port{/*path}", async (req) => {
+    await pathProxy.wsProxy(req as unknown as WebsocketRequest, {
       passthroughPath: true,
       proxyBasePath: args["abs-proxy-base-path"],
     })
   })
 
-  let pluginApi: PluginAPI
-  if (!process.env.CS_DISABLE_PLUGINS) {
-    const workingDir = args._ && args._.length > 0 ? path.resolve(args._[args._.length - 1]) : undefined
-    pluginApi = new PluginAPI(logger, process.env.CS_PLUGIN, process.env.CS_PLUGIN_PATH, workingDir)
-    await pluginApi.loadPlugins()
-    pluginApi.mount(app.router, app.wsRouter)
-    app.router.use("/api/applications", ensureAuthenticated, apps.router(pluginApi))
-  }
-
   app.router.use(express.json())
   app.router.use(express.urlencoded({ extended: true }))
 
@@ -172,7 +161,9 @@ export const register = async (app: App, args: DefaultedArgs): Promise<Disposabl
 
   app.router.use("/update", update.router)
 
-  // Note that the root route is replaced in Coder Enterprise by the plugin API.
+  // For historic reasons we also load at /vscode because the root was replaced
+  // by a plugin in v1 of Coder.  The plugin system (which was for internal use
+  // only) has been removed, but leave the additional route for now.
   for (const routePrefix of ["/vscode", "/"]) {
     app.router.use(routePrefix, vscode.router)
     app.wsRouter.use(routePrefix, vscode.wsRouter.router)
@@ -185,9 +176,11 @@ export const register = async (app: App, args: DefaultedArgs): Promise<Disposabl
   app.router.use(errorHandler)
   app.wsRouter.use(wsErrorHandler)
 
-  return () => {
+  return {
+    disposeRoutes: () => {
       heart.dispose()
-    pluginApi?.dispose()
       vscode.dispose()
+    },
+    heart,
   }
 }

src/node/routes/login.ts

@@ -32,6 +32,8 @@ const getRoot = async (req: Request, error?: Error): Promise<string> => {
   i18n.changeLanguage(locale)
   const appName = req.args["app-name"] || "code-server"
   const welcomeText = req.args["welcome-text"] || (i18n.t("WELCOME", { app: appName }) as string)
+
+  // Determine password message using i18n
   let passwordMsg = i18n.t("LOGIN_PASSWORD", { configFile: req.args.config })
   if (req.args.usingEnvPassword) {
     passwordMsg = i18n.t("LOGIN_USING_ENV_PASSWORD")

src/node/routes/pathProxy.ts

@@ -1,9 +1,9 @@
 import { Request, Response } from "express"
 import * as path from "path"
-import * as pluginapi from "../../../typings/pluginapi"
 import { HttpCode, HttpError } from "../../common/http"
 import { ensureProxyEnabled, authenticated, ensureAuthenticated, ensureOrigin, redirect, self } from "../http"
 import { proxy as _proxy } from "../proxy"
+import type { WebsocketRequest } from "../wsRouter"
 
 const getProxyTarget = (
   req: Request,
@@ -13,7 +13,11 @@ const getProxyTarget = (
 ): string => {
   // If there is a base path, strip it out.
   const base = (req as any).base || ""
-  return `http://0.0.0.0:${req.params.port}${opts?.proxyBasePath || ""}/${req.originalUrl.slice(base.length)}`
+  const port = parseInt(req.params.port, 10)
+  if (isNaN(port)) {
+    throw new HttpError("Invalid port", HttpCode.BadRequest)
+  }
+  return `http://0.0.0.0:${port}${opts?.proxyBasePath || ""}/${req.originalUrl.slice(base.length)}`
 }
 
 export async function proxy(
@@ -26,7 +30,9 @@ export async function proxy(
 ): Promise<void> {
   ensureProxyEnabled(req)
 
-  if (!(await authenticated(req))) {
+  if (req.method === "OPTIONS" && req.args["skip-auth-preflight"]) {
+    // Allow preflight requests with `skip-auth-preflight` flag
+  } else if (!(await authenticated(req))) {
     // If visiting the root (/:port only) redirect to the login page.
     if (!req.params.path || req.params.path === "/") {
       const to = self(req)
@@ -49,7 +55,7 @@ export async function proxy(
 }
 
 export async function wsProxy(
-  req: pluginapi.WebsocketRequest,
+  req: WebsocketRequest,
   opts?: {
     passthroughPath?: boolean
     proxyBasePath?: string

src/node/routes/vscode.ts

@@ -4,15 +4,15 @@ import * as express from "express"
 import { promises as fs } from "fs"
 import * as http from "http"
 import * as net from "net"
+import * as os from "os"
 import * as path from "path"
-import { WebsocketRequest } from "../../../typings/pluginapi"
 import { logError } from "../../common/util"
 import { CodeArgs, toCodeArgs } from "../cli"
 import { isDevMode, vsRootPath } from "../constants"
 import { authenticated, ensureAuthenticated, ensureOrigin, redirect, replaceTemplates, self } from "../http"
 import { SocketProxyProvider } from "../socket"
 import { isFile } from "../util"
-import { Router as WsRouter } from "../wsRouter"
+import { type WebsocketRequest, Router as WsRouter } from "../wsRouter"
 
 export const router = express.Router()
 
@@ -58,7 +58,11 @@ async function loadVSCode(req: express.Request): Promise<IVSCodeServerAPI> {
   // which will also require that we switch to ESM, since a hybrid approach
   // breaks importing `rotating-file-stream` for some reason.  To work around
   // this, use `eval` for now, but we should consider switching to ESM.
-  const modPath = path.join(vsRootPath, "out/server-main.js")
+  let modPath = path.join(vsRootPath, "out/server-main.js")
+  if (os.platform() === "win32") {
+    // On Windows, absolute paths of ESM modules must be a valid file URI.
+    modPath = "file:///" + modPath.replace(/\\/g, "/")
+  }
   const mod = (await eval(`import("${modPath}")`)) as VSCodeModule
   const serverModule = await mod.loadCodeWithNls()
   return serverModule.createServer(null, {
@@ -171,7 +175,7 @@ router.get("/manifest.json", async (req, res) => {
   const appName = req.args["app-name"] || "code-server"
   res.writeHead(200, { "Content-Type": "application/manifest+json" })
 
-  return res.end(
+  res.end(
     replaceTemplates(
       req,
       JSON.stringify(
@@ -182,11 +186,22 @@ router.get("/manifest.json", async (req, res) => {
           display: "fullscreen",
           display_override: ["window-controls-overlay"],
           description: "Run Code on a remote server.",
-          icons: [192, 512].map((size) => ({
+          icons: [192, 512]
+            .map((size) => [
+              {
                 src: `{{BASE}}/_static/src/browser/media/pwa-icon-${size}.png`,
                 type: "image/png",
                 sizes: `${size}x${size}`,
-          })),
+                purpose: "any",
+              },
+              {
+                src: `{{BASE}}/_static/src/browser/media/pwa-icon-maskable-${size}.png`,
+                type: "image/png",
+                sizes: `${size}x${size}`,
+                purpose: "maskable",
+              },
+            ])
+            .flat(),
         },
         null,
         2,

src/node/settings.ts

@@ -1,5 +1,5 @@
 import { logger } from "@coder/logger"
-import { Query } from "express-serve-static-core"
+import type { ParsedQs } from "qs"
 import { promises as fs } from "fs"
 
 export type Settings = { [key: string]: Settings | string | boolean | number }
@@ -17,7 +17,7 @@ export class SettingsProvider<T> {
   public async read(): Promise<T> {
     try {
       const raw = (await fs.readFile(this.settingsPath, "utf8")).trim()
-      return raw ? JSON.parse(raw) : {}
+      return raw ? JSON.parse(raw) : ({} as T)
     } catch (error: any) {
       if (error.code !== "ENOENT") {
         logger.warn(error.message)
@@ -52,5 +52,5 @@ export interface UpdateSettings {
  * Global code-server settings.
  */
 export interface CoderSettings extends UpdateSettings {
-  query?: Query
+  query?: ParsedQs
 }

src/node/vscodeSocket.ts

@@ -2,8 +2,9 @@ import { logger } from "@coder/logger"
 import express from "express"
 import * as http from "http"
 import * as path from "path"
-import { HttpCode } from "../common/http"
+import { HttpCode, HttpError } from "../common/http"
 import { listen } from "./app"
+import { errorHandler } from "./routes/errors"
 import { canConnect } from "./util"
 
 export interface EditorSessionEntry {
@@ -44,24 +45,18 @@ export async function makeEditorSessionManagerServer(
     async (req, res) => {
       const filePath = req.query.filePath
       if (!filePath) {
-        res.status(HttpCode.BadRequest).send("filePath is required")
-        return
+        throw new HttpError("filePath is required", HttpCode.BadRequest)
       }
-      try {
       const socketPath = await editorSessionManager.getConnectedSocketPath(filePath)
       const response: GetSessionResponse = { socketPath }
       res.json(response)
-      } catch (error: unknown) {
-        res.status(HttpCode.ServerError).send(error)
-      }
     },
   )
 
   router.post<{}, string, AddSessionRequest | undefined>("/add-session", async (req, res) => {
     const entry = req.body?.entry
     if (!entry) {
-      res.status(400).send("entry is required")
-      return
+      throw new HttpError("entry is required", HttpCode.BadRequest)
     }
     editorSessionManager.addSession(entry)
     res.status(200).send("session added")
@@ -70,13 +65,14 @@ export async function makeEditorSessionManagerServer(
   router.post<{}, string, DeleteSessionRequest | undefined>("/delete-session", async (req, res) => {
     const socketPath = req.body?.socketPath
     if (!socketPath) {
-      res.status(400).send("socketPath is required")
-      return
+      throw new HttpError("socketPath is required", HttpCode.BadRequest)
     }
     editorSessionManager.deleteSession(socketPath)
     res.status(200).send("session deleted")
   })
 
+  router.use(errorHandler)
+
   const server = http.createServer(router)
   try {
     await listen(server, { socket: codeServerSocketPath })

src/node/wsRouter.ts

@@ -1,8 +1,17 @@
 import * as express from "express"
 import * as expressCore from "express-serve-static-core"
 import * as http from "http"
+import * as stream from "stream"
 import Websocket from "ws"
-import * as pluginapi from "../../typings/pluginapi"
+
+export interface WebsocketRequest extends express.Request {
+  ws: stream.Duplex
+  head: Buffer
+}
+
+interface InternalWebsocketRequest extends WebsocketRequest {
+  _ws_handled: boolean
+}
 
 export const handleUpgrade = (app: express.Express, server: http.Server): void => {
   server.on("upgrade", (req, socket, head) => {
@@ -22,9 +31,11 @@ export const handleUpgrade = (app: express.Express, server: http.Server): void =
   })
 }
 
-interface InternalWebsocketRequest extends pluginapi.WebsocketRequest {
-  _ws_handled: boolean
-}
+export type WebSocketHandler = (
+  req: WebsocketRequest,
+  res: express.Response,
+  next: express.NextFunction,
+) => void | Promise<void>
 
 export class WebsocketRouter {
   public readonly router = express.Router()
@@ -36,13 +47,13 @@ export class WebsocketRouter {
    * If the origin header exists it must match the host or the connection will
    * be prevented.
    */
-  public ws(route: expressCore.PathParams, ...handlers: pluginapi.WebSocketHandler[]): void {
+  public ws(route: expressCore.PathParams, ...handlers: WebSocketHandler[]): void {
     this.router.get(
       route,
       ...handlers.map((handler) => {
         const wrapped: express.Handler = (req, res, next) => {
           ;(req as InternalWebsocketRequest)._ws_handled = true
-          return handler(req as pluginapi.WebsocketRequest, res, next)
+          return handler(req as WebsocketRequest, res, next)
         }
         return wrapped
       }),

test/e2e/routes.test.ts

@@ -1,7 +1,26 @@
 import { clean, getMaybeProxiedPathname } from "../utils/helpers"
 import { describe, test, expect } from "./baseFixture"
 
-const routes = ["/", "/vscode", "/vscode/"]
+const routes = {
+  "/": [
+    /\.\/manifest.json/,
+    /\.\/_static\//,
+    /[a-z]+-[0-9a-z]+\/static\//,
+    /http:\/\/localhost:[0-9]+\/[a-z]+-[0-9a-z]+\/static\//,
+  ],
+  "/vscode": [
+    /\.\/vscode\/manifest.json/,
+    /\.\/_static\//,
+    /vscode\/[a-z]+-[0-9a-z]+\/static\//,
+    /http:\/\/localhost:[0-9]+\/vscode\/[a-z]+-[0-9a-z]+\/static\//,
+  ],
+  "/vscode/": [
+    /\.\/manifest.json/,
+    /\.\/\.\.\/_static\//,
+    /[a-z]+-[0-9a-z]+\/static\//,
+    /http:\/\/localhost:[0-9]+\/vscode\/[a-z]+-[0-9a-z]+\/static\//,
+  ],
+}
 
 describe("VS Code Routes", ["--disable-workspace-trust"], {}, async () => {
   const testName = "vscode-routes-default"
@@ -10,7 +29,7 @@ describe("VS Code Routes", ["--disable-workspace-trust"], {}, async () => {
   })
 
   test("should load all route variations", async ({ codeServerPage }) => {
-    for (const route of routes) {
+    for (const [route, matchers] of Object.entries(routes)) {
       await codeServerPage.navigate(route)
 
       // Check there were no redirections
@@ -18,21 +37,16 @@ describe("VS Code Routes", ["--disable-workspace-trust"], {}, async () => {
       const pathname = getMaybeProxiedPathname(url)
       expect(pathname).toBe(route)
 
-      // TODO@jsjoeio
-      // now that we are in a proper browser instead of scraping the HTML we
-      // could possibly intercept requests to make sure assets are loading from
-      // the right spot.
-      //
-      // Check that page loaded from correct route
-      const html = await codeServerPage.page.innerHTML("html")
-      switch (route) {
-        case "/":
-        case "/vscode/":
-          expect(html).toMatch(/src="\.\/[a-z]+-[0-9a-z]+\/static\//)
-          break
-        case "/vscode":
-          expect(html).toMatch(/src="\.\/vscode\/[a-z]+-[0-9a-z]+\/static\//)
-          break
+      // Check that assets are pointing to the right spot.  Some will be
+      // relative, without a leading dot (VS Code's assets).  Some will be
+      // relative with a leading dot (our assets).  Others will have been
+      // resolved against the origin.
+      const elements = await codeServerPage.page.locator("[src]").all()
+      for (const element of elements) {
+        const src = await element.getAttribute("src")
+        if (src && !matchers.some((m) => m.test(src))) {
+          throw new Error(`${src} did not match any validators for route ${route}`)
+        }
       }
     }
   })
@@ -85,7 +99,7 @@ describe("VS Code Routes with no workspace or folder", ["--disable-workspace-tru
 
     // If you visit again without query parameters it will re-attach them by
     // redirecting.  It should always redirect to the same route.
-    for (const route of routes) {
+    for (const route of Object.keys(routes)) {
       await codeServerPage.navigate(route)
       const url = new URL(codeServerPage.page.url())
       const pathname = getMaybeProxiedPathname(url)

test/package-lock.json

@@ -7,11 +7,10 @@
       "license": "MIT",
       "devDependencies": {
         "@jest-mock/express": "^1.4.5",
-        "@playwright/test": "^1.46.0",
+        "@playwright/test": "^1.56.1",
         "@types/jest": "^27.0.2",
         "@types/jsdom": "^16.2.13",
         "@types/node-fetch": "^2.5.8",
-        "@types/supertest": "^2.0.11",
         "@types/wtfnode": "^0.7.0",
         "argon2": "^0.28.0",
         "extract-zip": "^2.0.1",
@@ -19,8 +18,7 @@
         "jest-fetch-mock": "^3.0.3",
         "jsdom": "^16.4.0",
         "node-fetch": "^2.6.7",
-        "playwright": "^1.46.0",
-        "supertest": "^6.1.6",
+        "playwright": "^1.56.1",
         "ts-jest": "^27.0.7",
         "wtfnode": "^0.9.1"
       }
@@ -1014,13 +1012,13 @@
       }
     },
     "node_modules/@playwright/test": {
-      "version": "1.47.2",
-      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.47.2.tgz",
-      "integrity": "sha512-jTXRsoSPONAs8Za9QEQdyjFn+0ZQFjCiIztAIF6bi1HqhBzG9Ma7g1WotyiGqFSBRZjIEqMdT8RUlbk1QVhzCQ==",
+      "version": "1.56.1",
+      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.56.1.tgz",
+      "integrity": "sha512-vSMYtL/zOcFpvJCW71Q/OEGQb7KYBPAdKh35WNSkaZA75JlAO8ED8UN6GUNTm3drWomcbcqRPFqQbLae8yBTdg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright": "1.47.2"
+        "playwright": "1.56.1"
       },
       "bin": {
         "playwright": "cli.js"
@@ -1104,13 +1102,6 @@
         "@babel/types": "^7.20.7"
       }
     },
-    "node_modules/@types/cookiejar": {
-      "version": "2.1.5",
-      "resolved": "https://registry.npmjs.org/@types/cookiejar/-/cookiejar-2.1.5.tgz",
-      "integrity": "sha512-he+DHOWReW0nghN24E1WUqM0efK4kI9oTqDm6XmK8ZPe2djZ90BSNdGnIyCLzCPw7/pogPlGbzI2wHGGmi4O/Q==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/@types/graceful-fs": {
       "version": "4.1.9",
       "resolved": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.9.tgz",
@@ -1171,13 +1162,6 @@
         "@types/tough-cookie": "*"
       }
     },
-    "node_modules/@types/methods": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/@types/methods/-/methods-1.1.4.tgz",
-      "integrity": "sha512-ymXWVrDiCxTBE3+RIrrP533E70eA+9qu7zdWoHuOmGujkYtzf4HQF96b8nwHLqhuf4ykX61IGRIB38CC6/sImQ==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/@types/node": {
       "version": "22.7.4",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-22.7.4.tgz",
@@ -1220,29 +1204,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/@types/superagent": {
-      "version": "8.1.9",
-      "resolved": "https://registry.npmjs.org/@types/superagent/-/superagent-8.1.9.tgz",
-      "integrity": "sha512-pTVjI73witn+9ILmoJdajHGW2jkSaOzhiFYF1Rd3EQ94kymLqB9PjD9ISg7WaALC7+dCHT0FGe9T2LktLq/3GQ==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@types/cookiejar": "^2.1.5",
-        "@types/methods": "^1.1.4",
-        "@types/node": "*",
-        "form-data": "^4.0.0"
-      }
-    },
-    "node_modules/@types/supertest": {
-      "version": "2.0.16",
-      "resolved": "https://registry.npmjs.org/@types/supertest/-/supertest-2.0.16.tgz",
-      "integrity": "sha512-6c2ogktZ06tr2ENoZivgm7YnprnhYE4ZoXGMY+oA7IuAf17M8FWvujXZGmxLv8y0PTyts4x5A+erSwVUFA8XSg==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@types/superagent": "*"
-      }
-    },
     "node_modules/@types/tough-cookie": {
       "version": "4.0.5",
       "resolved": "https://registry.npmjs.org/@types/tough-cookie/-/tough-cookie-4.0.5.tgz",
@@ -1464,13 +1425,6 @@
         "sprintf-js": "~1.0.2"
       }
     },
-    "node_modules/asap": {
-      "version": "2.0.6",
-      "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
-      "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/asynckit": {
       "version": "0.4.0",
       "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
@@ -1689,24 +1643,18 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/call-bind": {
-      "version": "1.0.7",
-      "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz",
-      "integrity": "sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==",
+    "node_modules/call-bind-apply-helpers": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
+      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "es-define-property": "^1.0.0",
         "es-errors": "^1.3.0",
-        "function-bind": "^1.1.2",
-        "get-intrinsic": "^1.2.4",
-        "set-function-length": "^1.2.1"
+        "function-bind": "^1.1.2"
       },
       "engines": {
         "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
       }
     },
     "node_modules/callsites": {
@@ -1883,16 +1831,6 @@
         "node": ">= 0.8"
       }
     },
-    "node_modules/component-emitter": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.3.1.tgz",
-      "integrity": "sha512-T0+barUSQRTUQASh8bx02dl+DhF54GtIDY13Y3m9oWTklKbb3Wv974meRpeZ3lp1JpLVECWWNHC4vaG2XHXouQ==",
-      "dev": true,
-      "license": "MIT",
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/concat-map": {
       "version": "0.0.1",
       "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
@@ -1914,13 +1852,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/cookiejar": {
-      "version": "2.1.4",
-      "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.4.tgz",
-      "integrity": "sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/cross-fetch": {
       "version": "3.1.8",
       "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.8.tgz",
@@ -2030,24 +1961,6 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/define-data-property": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz",
-      "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "es-define-property": "^1.0.0",
-        "es-errors": "^1.3.0",
-        "gopd": "^1.0.1"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
     "node_modules/delayed-stream": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
@@ -2085,17 +1998,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/dezalgo": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/dezalgo/-/dezalgo-1.0.4.tgz",
-      "integrity": "sha512-rXSP0bf+5n0Qonsb+SVVfNfIsimO4HEtmnIpPHY8Q1UCzKlQrDMfdobr8nJOOsRgWCyMRqeSBQzmWUMq7zvVig==",
-      "dev": true,
-      "license": "ISC",
-      "dependencies": {
-        "asap": "^2.0.0",
-        "wrappy": "1"
-      }
-    },
     "node_modules/diff-sequences": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-27.5.1.tgz",
@@ -2130,6 +2032,21 @@
         "node": ">=8"
       }
     },
+    "node_modules/dunder-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
+      "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "gopd": "^1.2.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
     "node_modules/electron-to-chromium": {
       "version": "1.5.32",
       "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.32.tgz",
@@ -2178,14 +2095,11 @@
       }
     },
     "node_modules/es-define-property": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz",
-      "integrity": "sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==",
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
+      "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
       "dev": true,
       "license": "MIT",
-      "dependencies": {
-        "get-intrinsic": "^1.2.4"
-      },
       "engines": {
         "node": ">= 0.4"
       }
@@ -2200,6 +2114,35 @@
         "node": ">= 0.4"
       }
     },
+    "node_modules/es-object-atoms": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
+      "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-set-tostringtag": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz",
+      "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.6",
+        "has-tostringtag": "^1.0.2",
+        "hasown": "^2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
     "node_modules/escalade": {
       "version": "3.2.0",
       "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz",
@@ -2366,13 +2309,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/fast-safe-stringify": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz",
-      "integrity": "sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/fb-watchman": {
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz",
@@ -2421,36 +2357,22 @@
       }
     },
     "node_modules/form-data": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz",
-      "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz",
+      "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "asynckit": "^0.4.0",
         "combined-stream": "^1.0.8",
+        "es-set-tostringtag": "^2.1.0",
+        "hasown": "^2.0.2",
         "mime-types": "^2.1.12"
       },
       "engines": {
         "node": ">= 6"
       }
     },
-    "node_modules/formidable": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/formidable/-/formidable-2.1.2.tgz",
-      "integrity": "sha512-CM3GuJ57US06mlpQ47YcunuUZ9jpm8Vx+P2CGt2j7HpgkKZO/DJYQ0Bobim8G6PFQmK5lOqOOdUXboU+h73A4g==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "dezalgo": "^1.0.4",
-        "hexoid": "^1.0.0",
-        "once": "^1.4.0",
-        "qs": "^6.11.0"
-      },
-      "funding": {
-        "url": "https://ko-fi.com/tunnckoCore/commissions"
-      }
-    },
     "node_modules/fs-minipass": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz",
@@ -2559,17 +2481,22 @@
       }
     },
     "node_modules/get-intrinsic": {
-      "version": "1.2.4",
-      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz",
-      "integrity": "sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==",
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
+      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "es-define-property": "^1.0.1",
         "es-errors": "^1.3.0",
+        "es-object-atoms": "^1.1.1",
         "function-bind": "^1.1.2",
-        "has-proto": "^1.0.1",
-        "has-symbols": "^1.0.3",
-        "hasown": "^2.0.0"
+        "get-proto": "^1.0.1",
+        "gopd": "^1.2.0",
+        "has-symbols": "^1.1.0",
+        "hasown": "^2.0.2",
+        "math-intrinsics": "^1.1.0"
       },
       "engines": {
         "node": ">= 0.4"
@@ -2588,6 +2515,20 @@
         "node": ">=8.0.0"
       }
     },
+    "node_modules/get-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
+      "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "dunder-proto": "^1.0.1",
+        "es-object-atoms": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
     "node_modules/get-stream": {
       "version": "5.2.0",
       "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz",
@@ -2637,13 +2578,13 @@
       }
     },
     "node_modules/gopd": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz",
-      "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==",
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
+      "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
       "dev": true,
       "license": "MIT",
-      "dependencies": {
-        "get-intrinsic": "^1.1.3"
+      "engines": {
+        "node": ">= 0.4"
       },
       "funding": {
         "url": "https://github.com/sponsors/ljharb"
@@ -2666,23 +2607,10 @@
         "node": ">=8"
       }
     },
-    "node_modules/has-property-descriptors": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz",
-      "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "es-define-property": "^1.0.0"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
-    "node_modules/has-proto": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz",
-      "integrity": "sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q==",
+    "node_modules/has-symbols": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
+      "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -2692,12 +2620,15 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
-    "node_modules/has-symbols": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz",
-      "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==",
+    "node_modules/has-tostringtag": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz",
+      "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==",
       "dev": true,
       "license": "MIT",
+      "dependencies": {
+        "has-symbols": "^1.0.3"
+      },
       "engines": {
         "node": ">= 0.4"
       },
@@ -2725,16 +2656,6 @@
         "node": ">= 0.4"
       }
     },
-    "node_modules/hexoid": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/hexoid/-/hexoid-1.0.0.tgz",
-      "integrity": "sha512-QFLV0taWQOZtvIRIAdBChesmogZrtuXvVWsFHZTk2SU+anspqZ2vMnoLg7IE1+Uk16N19APic1BuF8bC8c2m5g==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/html-encoding-sniffer": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-2.0.1.tgz",
@@ -3764,15 +3685,17 @@
       }
     },
     "node_modules/jsdom/node_modules/form-data": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.1.tgz",
-      "integrity": "sha512-RHkBKtLWUVwd7SqRIvCZMEvAMoGUp0XU+seQiZejj0COz3RI3hWP4sCv3gZWWLjJTd7rGwcsF5eKZGii0r/hbg==",
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.4.tgz",
+      "integrity": "sha512-f0cRzm6dkyVYV3nPoooP8XlccPQukegwhAnpoLcXy+X+A8KfpGOoXwDr9FLZd3wzgLaBGQBE3lY93Zm/i1JvIQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "asynckit": "^0.4.0",
         "combined-stream": "^1.0.8",
-        "mime-types": "^2.1.12"
+        "es-set-tostringtag": "^2.1.0",
+        "hasown": "^2.0.2",
+        "mime-types": "^2.1.35"
       },
       "engines": {
         "node": ">= 6"
@@ -3918,6 +3841,16 @@
         "tmpl": "1.0.5"
       }
     },
+    "node_modules/math-intrinsics": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
+      "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
     "node_modules/merge-stream": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz",
@@ -3925,16 +3858,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/methods": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
-      "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
     "node_modules/micromatch": {
       "version": "4.0.8",
       "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
@@ -3949,19 +3872,6 @@
         "node": ">=8.6"
       }
     },
-    "node_modules/mime": {
-      "version": "2.6.0",
-      "resolved": "https://registry.npmjs.org/mime/-/mime-2.6.0.tgz",
-      "integrity": "sha512-USPkMeET31rOMiarsBNIHZKLGgvKc/LrjofAnBlOttf5ajRvqiRA8QsenbcooctK6d6Ts6aqZXBA+XbkKthiQg==",
-      "dev": true,
-      "license": "MIT",
-      "bin": {
-        "mime": "cli.js"
-      },
-      "engines": {
-        "node": ">=4.0.0"
-      }
-    },
     "node_modules/mime-db": {
       "version": "1.52.0",
       "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
@@ -4216,19 +4126,6 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/object-inspect": {
-      "version": "1.13.2",
-      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.2.tgz",
-      "integrity": "sha512-IRZSRuzJiynemAXPYtPe5BoI/RESNYR7TYm50MC5Mqbd3Jmw5y790sErYw3V6SryFJD64b74qQQs9wn5Bg/k3g==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
     "node_modules/once": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
@@ -4408,13 +4305,13 @@
       }
     },
     "node_modules/playwright": {
-      "version": "1.47.2",
-      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.47.2.tgz",
-      "integrity": "sha512-nx1cLMmQWqmA3UsnjaaokyoUpdVaaDhJhMoxX2qj3McpjnsqFHs516QAKYhqHAgOP+oCFTEOCOAaD1RgD/RQfA==",
+      "version": "1.56.1",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.56.1.tgz",
+      "integrity": "sha512-aFi5B0WovBHTEvpM3DzXTUaeN6eN0qWnTkKx4NQaH4Wvcmc153PdaY2UBdSYKaGYw+UyWXSVyxDUg5DoPEttjw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright-core": "1.47.2"
+        "playwright-core": "1.56.1"
       },
       "bin": {
         "playwright": "cli.js"
@@ -4427,9 +4324,9 @@
       }
     },
     "node_modules/playwright-core": {
-      "version": "1.47.2",
-      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.47.2.tgz",
-      "integrity": "sha512-3JvMfF+9LJfe16l7AbSmU555PaTl2tPyQsVInqm3id16pdDfvZ8TTZ/pyzmkbDrZTQefyzU7AIHlZqQnxpqHVQ==",
+      "version": "1.56.1",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.56.1.tgz",
+      "integrity": "sha512-hutraynyn31F+Bifme+Ps9Vq59hKuUCz7H1kDOcBs+2oGguKkWTU50bBWrtz34OUWmIwpBTWDxaRPXrIXkgvmQ==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {
@@ -4531,22 +4428,6 @@
         "node": ">=6"
       }
     },
-    "node_modules/qs": {
-      "version": "6.13.0",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz",
-      "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==",
-      "dev": true,
-      "license": "BSD-3-Clause",
-      "dependencies": {
-        "side-channel": "^1.0.6"
-      },
-      "engines": {
-        "node": ">=0.6"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
     "node_modules/querystringify": {
       "version": "2.2.0",
       "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz",
@@ -4722,24 +4603,6 @@
       "dev": true,
       "license": "ISC"
     },
-    "node_modules/set-function-length": {
-      "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz",
-      "integrity": "sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "define-data-property": "^1.1.4",
-        "es-errors": "^1.3.0",
-        "function-bind": "^1.1.2",
-        "get-intrinsic": "^1.2.4",
-        "gopd": "^1.0.1",
-        "has-property-descriptors": "^1.0.2"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      }
-    },
     "node_modules/shebang-command": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
@@ -4763,25 +4626,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/side-channel": {
-      "version": "1.0.6",
-      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz",
-      "integrity": "sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "call-bind": "^1.0.7",
-        "es-errors": "^1.3.0",
-        "get-intrinsic": "^1.2.4",
-        "object-inspect": "^1.13.1"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
     "node_modules/signal-exit": {
       "version": "3.0.7",
       "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz",
@@ -4932,43 +4776,6 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/superagent": {
-      "version": "8.1.2",
-      "resolved": "https://registry.npmjs.org/superagent/-/superagent-8.1.2.tgz",
-      "integrity": "sha512-6WTxW1EB6yCxV5VFOIPQruWGHqc3yI7hEmZK6h+pyk69Lk/Ut7rLUY6W/ONF2MjBuGjvmMiIpsrVJ2vjrHlslA==",
-      "deprecated": "Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "component-emitter": "^1.3.0",
-        "cookiejar": "^2.1.4",
-        "debug": "^4.3.4",
-        "fast-safe-stringify": "^2.1.1",
-        "form-data": "^4.0.0",
-        "formidable": "^2.1.2",
-        "methods": "^1.1.2",
-        "mime": "2.6.0",
-        "qs": "^6.11.0",
-        "semver": "^7.3.8"
-      },
-      "engines": {
-        "node": ">=6.4.0 <13 || >=14"
-      }
-    },
-    "node_modules/supertest": {
-      "version": "6.3.4",
-      "resolved": "https://registry.npmjs.org/supertest/-/supertest-6.3.4.tgz",
-      "integrity": "sha512-erY3HFDG0dPnhw4U+udPfrzXa4xhSG+n4rxfRuZWCUvjFWwKl+OxWf/7zk50s84/fAAs7vf5QAb9uRa0cCykxw==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "methods": "^1.1.2",
-        "superagent": "^8.1.2"
-      },
-      "engines": {
-        "node": ">=6.4.0"
-      }
-    },
     "node_modules/supports-color": {
       "version": "7.2.0",
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",

test/package.json

@@ -3,11 +3,10 @@
   "#": "We must put jest in a sub-directory otherwise VS Code somehow picks up the types and generates conflicts with mocha.",
   "devDependencies": {
     "@jest-mock/express": "^1.4.5",
-    "@playwright/test": "^1.46.0",
+    "@playwright/test": "^1.56.1",
     "@types/jest": "^27.0.2",
     "@types/jsdom": "^16.2.13",
     "@types/node-fetch": "^2.5.8",
-    "@types/supertest": "^2.0.11",
     "@types/wtfnode": "^0.7.0",
     "argon2": "^0.28.0",
     "extract-zip": "^2.0.1",
@@ -15,8 +14,7 @@
     "jest-fetch-mock": "^3.0.3",
     "jsdom": "^16.4.0",
     "node-fetch": "^2.6.7",
-    "playwright": "^1.46.0",
-    "supertest": "^6.1.6",
+    "playwright": "^1.56.1",
     "ts-jest": "^27.0.7",
     "wtfnode": "^0.9.1"
   },

test/tsconfig.json

@@ -1,5 +1,4 @@
 {
   "extends": "../tsconfig.json",
-  "include": ["./**/*.ts"],
-  "exclude": ["./unit/node/test-plugin"]
+  "include": ["./**/*.ts"]
 }

test/unit/node/cli.test.ts

@@ -6,6 +6,7 @@ import {
   bindAddrFromArgs,
   defaultConfigFile,
   parse,
+  parseConfigFile,
   setDefaults,
   shouldOpenInExistingInstance,
   toCodeArgs,
@@ -74,6 +75,7 @@ describe("parser", () => {
           "--verbose",
           ["--app-name", "custom instance name"],
           ["--welcome-text", "welcome to code"],
+          ["--i18n", "path/to/custom-strings.json"],
           "2",
 
           ["--locale", "ja"],
@@ -108,6 +110,8 @@ describe("parser", () => {
 
           ["--abs-proxy-base-path", "/codeserver/app1"],
 
+          "--skip-auth-preflight",
+
           ["--session-socket", "/tmp/override-code-server-ipc-socket"],
 
           ["--host", "0.0.0.0"],
@@ -142,10 +146,12 @@ describe("parser", () => {
       verbose: true,
       "app-name": "custom instance name",
       "welcome-text": "welcome to code",
+      i18n: path.resolve("path/to/custom-strings.json"),
       version: true,
       "bind-addr": "192.169.0.1:8080",
       "session-socket": "/tmp/override-code-server-ipc-socket",
       "abs-proxy-base-path": "/codeserver/app1",
+      "skip-auth-preflight": true,
     })
   })
 
@@ -284,12 +290,17 @@ describe("parser", () => {
   })
 
   it("should support repeatable flags", async () => {
+    expect(() => parse(["--proxy-domain", ""])).toThrowError(/--proxy-domain requires a value/)
     expect(parse(["--proxy-domain", "*.coder.com"])).toEqual({
       "proxy-domain": ["*.coder.com"],
     })
     expect(parse(["--proxy-domain", "*.coder.com", "--proxy-domain", "test.com"])).toEqual({
       "proxy-domain": ["*.coder.com", "test.com"],
     })
+    // Commas are literal, at the moment.
+    expect(parse(["--proxy-domain", "*.coder.com,test.com"])).toEqual({
+      "proxy-domain": ["*.coder.com,test.com"],
+    })
   })
 
   it("should enforce cert-key with cert value or otherwise generate one", async () => {
@@ -338,6 +349,28 @@ describe("parser", () => {
     })
   })
 
+  it("should parse i18n flag with file path", async () => {
+    // Test with file path (no validation at CLI parsing level)
+    const args = parse(["--i18n", "/path/to/custom-strings.json"])
+    expect(args).toEqual({
+      i18n: "/path/to/custom-strings.json",
+    })
+  })
+
+  it("should parse i18n flag with relative file path", async () => {
+    // Test with relative file path
+    expect(() => parse(["--i18n", "./custom-strings.json"])).not.toThrow()
+    expect(() => parse(["--i18n", "strings.json"])).not.toThrow()
+  })
+
+  it("should support app-name and deprecated welcome-text flags", async () => {
+    const args = parse(["--app-name", "My App", "--welcome-text", "Welcome!"])
+    expect(args).toEqual({
+      "app-name": "My App",
+      "welcome-text": "Welcome!",
+    })
+  })
+
   it("should use env var github token", async () => {
     process.env.GITHUB_TOKEN = "ga-foo"
     const args = parse([])
@@ -487,6 +520,20 @@ describe("parser", () => {
       }),
     ).toThrowError(expectedErrMsg)
   })
+  it("should fail to parse invalid config", () => {
+    expect(() => parseConfigFile("test", "/fake-config-path")).toThrowError("invalid config: test")
+  })
+  it("should parse repeatable options", () => {
+    const configContents = `
+      install-extension:
+        - extension.number1
+        - extension.number2
+    `
+    expect(parseConfigFile(configContents, "/fake-config-path")).toEqual({
+      config: "/fake-config-path",
+      "install-extension": ["extension.number1", "extension.number2"],
+    })
+  })
   it("should ignore optional strings set to false", async () => {
     expect(parse(["--cert=false"])).toEqual({})
   })

test/unit/node/heart.test.ts

@@ -1,6 +1,6 @@
 import { logger } from "@coder/logger"
 import { readFile, writeFile, stat, utimes } from "fs/promises"
-import { Heart, heartbeatTimer } from "../../../src/node/heart"
+import { Heart } from "../../../src/node/heart"
 import { clean, mockLogger, tmpdir } from "../../utils/helpers"
 
 const mockIsActive = (resolveTo: boolean) => jest.fn().mockResolvedValue(resolveTo)
@@ -82,7 +82,52 @@ describe("Heart", () => {
 })
 
 describe("heartbeatTimer", () => {
-  beforeAll(() => {
+  const testName = "heartbeatTimer"
+  let testDir = ""
+  beforeAll(async () => {
+    await clean(testName)
+    testDir = await tmpdir(testName)
+    mockLogger()
+  })
+  afterAll(() => {
+    jest.restoreAllMocks()
+  })
+  beforeEach(() => {
+    jest.useFakeTimers()
+  })
+  afterEach(() => {
+    jest.resetAllMocks()
+    jest.clearAllTimers()
+    jest.useRealTimers()
+  })
+  it("should call isActive when timeout expires", async () => {
+    const isActive = true
+    const mockIsActive = jest.fn().mockResolvedValue(isActive)
+    const heart = new Heart(`${testDir}/shutdown.txt`, mockIsActive)
+    await heart.beat()
+    jest.advanceTimersByTime(60 * 1000)
+    expect(mockIsActive).toHaveBeenCalled()
+  })
+  it("should log a warning when isActive rejects", async () => {
+    const errorMsg = "oh no"
+    const error = new Error(errorMsg)
+    const mockIsActive = jest.fn().mockRejectedValue(error)
+    const heart = new Heart(`${testDir}/shutdown.txt`, mockIsActive)
+    await heart.beat()
+    jest.advanceTimersByTime(60 * 1000)
+
+    expect(mockIsActive).toHaveBeenCalled()
+    expect(logger.warn).toHaveBeenCalledWith(errorMsg)
+  })
+})
+
+describe("stateChange", () => {
+  const testName = "stateChange"
+  let testDir = ""
+  let heart: Heart
+  beforeAll(async () => {
+    await clean(testName)
+    testDir = await tmpdir(testName)
     mockLogger()
   })
   afterAll(() => {
@@ -90,23 +135,28 @@ describe("heartbeatTimer", () => {
   })
   afterEach(() => {
     jest.resetAllMocks()
+    if (heart) {
+      heart.dispose()
+    }
   })
-  it("should call beat when isActive resolves to true", async () => {
-    const isActive = true
-    const mockIsActive = jest.fn().mockResolvedValue(isActive)
-    const mockBeatFn = jest.fn()
-    await heartbeatTimer(mockIsActive, mockBeatFn)
-    expect(mockIsActive).toHaveBeenCalled()
-    expect(mockBeatFn).toHaveBeenCalled()
+  it("should change to alive after a beat", async () => {
+    heart = new Heart(`${testDir}/shutdown.txt`, mockIsActive(true))
+    const mockOnChange = jest.fn()
+    heart.onChange(mockOnChange)
+    await heart.beat()
+
+    expect(mockOnChange.mock.calls[0][0]).toBe("alive")
   })
-  it("should log a warning when isActive rejects", async () => {
-    const errorMsg = "oh no"
-    const error = new Error(errorMsg)
-    const mockIsActive = jest.fn().mockRejectedValue(error)
-    const mockBeatFn = jest.fn()
-    await heartbeatTimer(mockIsActive, mockBeatFn)
-    expect(mockIsActive).toHaveBeenCalled()
-    expect(mockBeatFn).not.toHaveBeenCalled()
-    expect(logger.warn).toHaveBeenCalledWith(errorMsg)
+  it.only("should change to expired when not active", async () => {
+    jest.useFakeTimers()
+    heart = new Heart(`${testDir}/shutdown.txt`, () => new Promise((resolve) => resolve(false)))
+    const mockOnChange = jest.fn()
+    heart.onChange(mockOnChange)
+    await heart.beat()
+
+    await jest.advanceTimersByTime(60 * 1000)
+    expect(mockOnChange.mock.calls[1][0]).toBe("expired")
+    jest.clearAllTimers()
+    jest.useRealTimers()
   })
 })

test/unit/node/i18n.test.ts

@@ -0,0 +1,154 @@
+import { promises as fs } from "fs"
+import * as os from "os"
+import * as path from "path"
+import { loadCustomStrings } from "../../../src/node/i18n"
+
+describe("i18n", () => {
+  let tempDir: string
+  let validJsonFile: string
+  let invalidJsonFile: string
+  let nonExistentFile: string
+
+  beforeEach(async () => {
+    // Create temporary directory for test files
+    tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "code-server-i18n-test-"))
+
+    // Create test files
+    validJsonFile = path.join(tempDir, "valid.json")
+    invalidJsonFile = path.join(tempDir, "invalid.json")
+    nonExistentFile = path.join(tempDir, "does-not-exist.json")
+
+    // Write valid JSON file
+    await fs.writeFile(
+      validJsonFile,
+      JSON.stringify({
+        WELCOME: "Custom Welcome",
+        LOGIN_TITLE: "My Custom App",
+        LOGIN_BELOW: "Please log in to continue",
+      }),
+    )
+
+    // Write invalid JSON file
+    await fs.writeFile(invalidJsonFile, '{"WELCOME": "Missing closing quote}')
+  })
+
+  afterEach(async () => {
+    // Clean up temporary directory
+    await fs.rmdir(tempDir, { recursive: true })
+  })
+
+  describe("loadCustomStrings", () => {
+    it("should load valid JSON file successfully", async () => {
+      // Should not throw an error
+      await expect(loadCustomStrings(validJsonFile)).resolves.toBeUndefined()
+    })
+
+    it("should throw clear error for non-existent file", async () => {
+      await expect(loadCustomStrings(nonExistentFile)).rejects.toThrow(
+        `Custom strings file not found: ${nonExistentFile}\nPlease ensure the file exists and is readable.`,
+      )
+    })
+
+    it("should throw clear error for invalid JSON", async () => {
+      await expect(loadCustomStrings(invalidJsonFile)).rejects.toThrow(
+        `Invalid JSON in custom strings file: ${invalidJsonFile}`,
+      )
+    })
+
+    it("should handle empty JSON object", async () => {
+      const emptyJsonFile = path.join(tempDir, "empty.json")
+      await fs.writeFile(emptyJsonFile, "{}")
+
+      await expect(loadCustomStrings(emptyJsonFile)).resolves.toBeUndefined()
+    })
+
+    it("should handle nested JSON objects", async () => {
+      const nestedJsonFile = path.join(tempDir, "nested.json")
+      await fs.writeFile(
+        nestedJsonFile,
+        JSON.stringify({
+          WELCOME: "Hello World",
+          NESTED: {
+            KEY: "Value",
+          },
+        }),
+      )
+
+      await expect(loadCustomStrings(nestedJsonFile)).resolves.toBeUndefined()
+    })
+
+    it("should handle special characters and unicode", async () => {
+      const unicodeJsonFile = path.join(tempDir, "unicode.json")
+      await fs.writeFile(
+        unicodeJsonFile,
+        JSON.stringify({
+          WELCOME: "欢迎来到 code-server",
+          LOGIN_TITLE: "Willkommen bei {{app}}",
+          SPECIAL: "Special chars: àáâãäåæçèéêë 🚀 ♠️ ∆",
+        }),
+        "utf8",
+      )
+
+      await expect(loadCustomStrings(unicodeJsonFile)).resolves.toBeUndefined()
+    })
+
+    it("should handle generic errors that are not ENOENT or SyntaxError", async () => {
+      const testFile = path.join(tempDir, "test.json")
+      await fs.writeFile(testFile, "{}")
+
+      // Mock fs.readFile to throw a generic error
+      const originalReadFile = fs.readFile
+      const mockError = new Error("Permission denied")
+      fs.readFile = jest.fn().mockRejectedValue(mockError)
+
+      await expect(loadCustomStrings(testFile)).rejects.toThrow(
+        `Failed to load custom strings from ${testFile}: Permission denied`,
+      )
+
+      // Restore original function
+      fs.readFile = originalReadFile
+    })
+
+    it("should handle errors that are not Error instances", async () => {
+      const testFile = path.join(tempDir, "test.json")
+      await fs.writeFile(testFile, "{}")
+
+      // Mock fs.readFile to throw a non-Error object
+      const originalReadFile = fs.readFile
+      fs.readFile = jest.fn().mockRejectedValue("String error")
+
+      await expect(loadCustomStrings(testFile)).rejects.toThrow(
+        `Failed to load custom strings from ${testFile}: String error`,
+      )
+
+      // Restore original function
+      fs.readFile = originalReadFile
+    })
+
+    it("should handle null/undefined errors", async () => {
+      const testFile = path.join(tempDir, "test.json")
+      await fs.writeFile(testFile, "{}")
+
+      // Mock fs.readFile to throw null
+      const originalReadFile = fs.readFile
+      fs.readFile = jest.fn().mockRejectedValue(null)
+
+      await expect(loadCustomStrings(testFile)).rejects.toThrow(`Failed to load custom strings from ${testFile}: null`)
+
+      // Restore original function
+      fs.readFile = originalReadFile
+    })
+
+    it("should complete without errors for valid input", async () => {
+      const testFile = path.join(tempDir, "resource-test.json")
+      const customStrings = {
+        WELCOME: "Custom Welcome Message",
+        LOGIN_TITLE: "Custom Login Title",
+      }
+      await fs.writeFile(testFile, JSON.stringify(customStrings))
+
+      // Should not throw any errors
+      await expect(loadCustomStrings(testFile)).resolves.toBeUndefined()
+    })
+  })
+})

test/unit/node/main.test.ts

@@ -0,0 +1,176 @@
+import { promises as fs } from "fs"
+import * as path from "path"
+import { setDefaults, parse } from "../../../src/node/cli"
+import { loadCustomStrings } from "../../../src/node/i18n"
+import { tmpdir } from "../../utils/helpers"
+
+// Mock the i18n module
+jest.mock("../../../src/node/i18n", () => ({
+  loadCustomStrings: jest.fn(),
+}))
+
+// Mock logger to avoid console output during tests
+jest.mock("@coder/logger", () => ({
+  logger: {
+    info: jest.fn(),
+    debug: jest.fn(),
+    warn: jest.fn(),
+    error: jest.fn(),
+    named: jest.fn(),
+    level: 0,
+  },
+  field: jest.fn(),
+  Level: {
+    Trace: 0,
+    Debug: 1,
+    Info: 2,
+    Warn: 3,
+    Error: 4,
+  },
+}))
+
+const mockedLoadCustomStrings = loadCustomStrings as jest.MockedFunction<typeof loadCustomStrings>
+
+describe("main", () => {
+  let tempDir: string
+  let mockServer: any
+
+  beforeEach(async () => {
+    tempDir = await tmpdir("code-server-main-test")
+
+    // Reset mocks
+    jest.clearAllMocks()
+
+    // Mock the server creation to avoid actually starting a server
+    mockServer = {
+      server: {
+        listen: jest.fn(),
+        address: jest.fn(() => ({ address: "127.0.0.1", port: 8080 })),
+        close: jest.fn(),
+      },
+      editorSessionManagerServer: {
+        address: jest.fn(() => null),
+      },
+      dispose: jest.fn(),
+    }
+  })
+
+  afterEach(async () => {
+    // Clean up temp directory
+    try {
+      await fs.rmdir(tempDir, { recursive: true })
+    } catch (error) {
+      // Ignore cleanup errors
+    }
+  })
+
+  describe("runCodeServer", () => {
+    it("should load custom strings when i18n flag is provided", async () => {
+      // Create a test custom strings file
+      const customStringsFile = path.join(tempDir, "custom-strings.json")
+      await fs.writeFile(
+        customStringsFile,
+        JSON.stringify({
+          WELCOME: "Custom Welcome",
+          LOGIN_TITLE: "My App",
+        }),
+      )
+
+      // Create args with i18n flag
+      const cliArgs = parse([
+        `--config=${path.join(tempDir, "config.yaml")}`,
+        `--user-data-dir=${tempDir}`,
+        "--bind-addr=localhost:0",
+        "--log=warn",
+        "--auth=none",
+        `--i18n=${customStringsFile}`,
+      ])
+      const args = await setDefaults(cliArgs)
+
+      // Mock the app module
+      jest.doMock("../../../src/node/app", () => ({
+        createApp: jest.fn().mockResolvedValue(mockServer),
+        ensureAddress: jest.fn().mockReturnValue(new URL("http://localhost:8080")),
+      }))
+
+      // Mock routes module
+      jest.doMock("../../../src/node/routes", () => ({
+        register: jest.fn().mockResolvedValue({ disposeRoutes: jest.fn() }),
+      }))
+
+      // Mock loadCustomStrings to succeed
+      mockedLoadCustomStrings.mockResolvedValue(undefined)
+
+      // Import runCodeServer after mocking
+      const mainModule = await import("../../../src/node/main")
+      const result = await mainModule.runCodeServer(args)
+
+      // Verify that loadCustomStrings was called with the correct file path
+      expect(mockedLoadCustomStrings).toHaveBeenCalledWith(customStringsFile)
+      expect(mockedLoadCustomStrings).toHaveBeenCalledTimes(1)
+
+      // Clean up
+      await result.dispose()
+    })
+
+    it("should not load custom strings when i18n flag is not provided", async () => {
+      // Create args without i18n flag
+      const cliArgs = parse([
+        `--config=${path.join(tempDir, "config.yaml")}`,
+        `--user-data-dir=${tempDir}`,
+        "--bind-addr=localhost:0",
+        "--log=warn",
+        "--auth=none",
+      ])
+      const args = await setDefaults(cliArgs)
+
+      // Mock the app module
+      jest.doMock("../../../src/node/app", () => ({
+        createApp: jest.fn().mockResolvedValue(mockServer),
+        ensureAddress: jest.fn().mockReturnValue(new URL("http://localhost:8080")),
+      }))
+
+      // Mock routes module
+      jest.doMock("../../../src/node/routes", () => ({
+        register: jest.fn().mockResolvedValue({ disposeRoutes: jest.fn() }),
+      }))
+
+      // Import runCodeServer after mocking
+      const mainModule = await import("../../../src/node/main")
+      const result = await mainModule.runCodeServer(args)
+
+      // Verify that loadCustomStrings was NOT called
+      expect(mockedLoadCustomStrings).not.toHaveBeenCalled()
+
+      // Clean up
+      await result.dispose()
+    })
+
+    it("should handle errors when loadCustomStrings fails", async () => {
+      // Create args with i18n flag pointing to non-existent file
+      const nonExistentFile = path.join(tempDir, "does-not-exist.json")
+      const cliArgs = parse([
+        `--config=${path.join(tempDir, "config.yaml")}`,
+        `--user-data-dir=${tempDir}`,
+        "--bind-addr=localhost:0",
+        "--log=warn",
+        "--auth=none",
+        `--i18n=${nonExistentFile}`,
+      ])
+      const args = await setDefaults(cliArgs)
+
+      // Mock loadCustomStrings to throw an error
+      const mockError = new Error("Custom strings file not found")
+      mockedLoadCustomStrings.mockRejectedValue(mockError)
+
+      // Import runCodeServer after mocking
+      const mainModule = await import("../../../src/node/main")
+
+      // Verify that runCodeServer throws the error from loadCustomStrings
+      await expect(mainModule.runCodeServer(args)).rejects.toThrow("Custom strings file not found")
+
+      // Verify that loadCustomStrings was called
+      expect(mockedLoadCustomStrings).toHaveBeenCalledWith(nonExistentFile)
+    })
+  })
+})

test/unit/node/plugin.test.ts

@@ -1,118 +0,0 @@
-import { logger } from "@coder/logger"
-import * as express from "express"
-import * as fs from "fs"
-import * as path from "path"
-import { HttpCode } from "../../../src/common/http"
-import { AuthType } from "../../../src/node/cli"
-import { codeServer, PluginAPI } from "../../../src/node/plugin"
-import * as apps from "../../../src/node/routes/apps"
-import * as httpserver from "../../utils/httpserver"
-const fsp = fs.promises
-
-// Jest overrides `require` so our usual override doesn't work.
-jest.mock("code-server", () => codeServer, { virtual: true })
-
-/**
- * Use $LOG_LEVEL=debug to see debug logs.
- */
-describe("plugin", () => {
-  let papi: PluginAPI
-  let s: httpserver.HttpServer
-
-  beforeAll(async () => {
-    // Only include the test plugin to avoid contaminating results with other
-    // plugins that might be on the filesystem.
-    papi = new PluginAPI(logger, `${path.resolve(__dirname, "test-plugin")}:meow`, "")
-    await papi.loadPlugins(false)
-
-    const app = express.default()
-    const wsApp = express.default()
-
-    const common: express.RequestHandler = (req, _, next) => {
-      // Routes might use these arguments.
-      req.args = {
-        _: [],
-        auth: AuthType.None,
-        host: "localhost",
-        port: 8080,
-        "proxy-domain": [],
-        config: "~/.config/code-server/config.yaml",
-        verbose: false,
-        "disable-file-downloads": false,
-        usingEnvPassword: false,
-        usingEnvHashedPassword: false,
-        "extensions-dir": "",
-        "user-data-dir": "",
-        "session-socket": "",
-      }
-      next()
-    }
-
-    app.use(common)
-    wsApp.use(common)
-
-    papi.mount(app, wsApp)
-    app.use("/api/applications", apps.router(papi))
-
-    s = new httpserver.HttpServer()
-    await s.listen(app)
-    s.listenUpgrade(wsApp)
-  })
-
-  afterAll(async () => {
-    await s.dispose()
-  })
-
-  it("/api/applications", async () => {
-    const resp = await s.fetch("/api/applications")
-    expect(resp.status).toBe(200)
-    const body = await resp.json()
-    logger.debug(`${JSON.stringify(body)}`)
-    expect(body).toStrictEqual([
-      {
-        name: "Test App",
-        version: "4.0.1",
-
-        description: "This app does XYZ.",
-        iconPath: "/test-plugin/test-app/icon.svg",
-        homepageURL: "https://example.com",
-        path: "/test-plugin/test-app",
-
-        plugin: {
-          name: "test-plugin",
-          version: "1.0.0",
-          modulePath: path.join(__dirname, "test-plugin"),
-
-          displayName: "Test Plugin",
-          description: "Plugin used in code-server tests.",
-          routerPath: "/test-plugin",
-          homepageURL: "https://example.com",
-        },
-      },
-    ])
-  })
-
-  it("/test-plugin/test-app", async () => {
-    const indexHTML = await fsp.readFile(path.join(__dirname, "test-plugin/public/index.html"), {
-      encoding: "utf8",
-    })
-    const resp = await s.fetch("/test-plugin/test-app")
-    expect(resp.status).toBe(200)
-    const body = await resp.text()
-    expect(body).toBe(indexHTML)
-  })
-
-  it("/test-plugin/test-app (websocket)", async () => {
-    const ws = s.ws("/test-plugin/test-app")
-    const message = await new Promise((resolve) => {
-      ws.once("message", (message) => resolve(message))
-    })
-    ws.terminate()
-    expect(message).toBe("hello")
-  })
-
-  it("/test-plugin/error", async () => {
-    const resp = await s.fetch("/test-plugin/error")
-    expect(resp.status).toBe(HttpCode.LargePayload)
-  })
-})

test/unit/node/proxy.test.ts

@@ -268,6 +268,21 @@ describe("proxy", () => {
     const text = await resp.text()
     expect(text).toBe("app being served behind a prefixed path")
   })
+
+  it("should not allow OPTIONS without authentication by default", async () => {
+    process.env.PASSWORD = "test"
+    codeServer = await integration.setup(["--auth=password"])
+    const resp = await codeServer.fetch(proxyPath, { method: "OPTIONS" })
+    expect(resp.status).toBe(401)
+  })
+
+  it("should allow OPTIONS with `skip-auth-preflight` flag", async () => {
+    process.env.PASSWORD = "test"
+    codeServer = await integration.setup(["--auth=password", "--skip-auth-preflight"])
+    e.post("/wsup", (req, res) => {})
+    const resp = await codeServer.fetch(proxyPath, { method: "OPTIONS" })
+    expect(resp.status).toBe(200)
+  })
 })
 
 // NOTE@jsjoeio

test/unit/node/settings.test.ts

@@ -29,7 +29,7 @@ describe("settings", () => {
       const settings = new SettingsProvider<CoderSettings>(pathToMockSettingsFile)
       await settings.read()
       // This happens when we can't parse a JSON (usually error in file)
-      expect(logger.warn).toHaveBeenCalledWith(expect.stringMatching(/Unexpected token/))
+      expect(logger.warn).toHaveBeenCalledWith(expect.stringMatching(/Expected ':'/))
     })
   })
   describe("with invalid settings file path", () => {

test/unit/node/test-plugin/.eslintrc.js

@@ -1,9 +0,0 @@
-module.exports = {
-  settings: {
-    "import/resolver": {
-      typescript: {
-        project: __dirname,
-      },
-    },
-  },
-}