Update to 1.75.1

Make sure heartbeat isActive resolves
This does not seem to actually cause an issue (not resolving ends up with the same behavior as resolving with false) but I am not sure if the hanging promises would be a memory leak so seems best to fix.
2026-04-13 21:32:52 -05:00 · 2023-02-13 07:45:24 -09:00 · 2023-02-08 11:43:40 -09:00 · 2023-02-08 11:42:28 -09:00 · 2023-02-07 13:57:53 -09:00 · 2023-02-07 13:57:52 -09:00
108 changed files with 2951 additions and 1985 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -3,3 +3,5 @@
 ci/helm-chart/ @Matthew-Beckett @alexgorbatchev

 docs/install.md @GNUxeava
+
+src/node/i18n/locales/zh-cn.json @zhaozhiming
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@@ -0,0 +1,31 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+      time: "06:00"
+      timezone: "America/Chicago"
+    labels: []
+    commit-message:
+      prefix: "chore"
+
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+      time: "06:00"
+      timezone: "America/Chicago"
+    commit-message:
+      prefix: "chore"
+    labels: []
+    ignore:
+      # Ignore patch updates for all dependencies
+      - dependency-name: "*"
+        update-types:
+          - version-update:semver-patch
+      # Ignore major updates to Node.js types, because they need to
+      # correspond to the Node.js engine version
+      - dependency-name: "@types/node"
+        update-types:
+          - version-update:semver-major
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -22,38 +22,51 @@ concurrency:
 # will skip running `yarn install` if it successfully fetched from cache

 jobs:
-  fmt:
+  prettier:
    name: Format with Prettier
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    timeout-minutes: 5
    steps:
      - name: Checkout repo
        uses: actions/checkout@v3

+      - name: Run prettier with actionsx/prettier
+        uses: actionsx/prettier@v2
+        with:
+          args: --check --loglevel=warn .
+
+  doctoc:
+    name: Doctoc markdown files
+    runs-on: ubuntu-20.04
+    timeout-minutes: 5
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v26.1
+        with:
+          files: |
+            docs/**
+
      - name: Install Node.js v16
+        if: steps.changed-files.outputs.any_changed == 'true'
        uses: actions/setup-node@v3
        with:
          node-version: "16"
+          cache: "yarn"

-      - name: Fetch dependencies from cache
-        id: cache-node-modules
-        uses: actions/cache@v3
-        with:
-          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-
+      - name: Install doctoc
+        run: yarn global add doctoc@2.2.1

-      - name: Install dependencies
-        if: steps.cache-node-modules.outputs.cache-hit != 'true'
-        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
-
-      - name: Format files with Prettier
-        run: yarn fmt
+      - name: Run doctoc
+        if: steps.changed-files.outputs.any_changed == 'true'
+        run: yarn doctoc

  lint-helm:
    name: Lint Helm chart
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    timeout-minutes: 5
    steps:
      - name: Checkout repo
@@ -70,7 +83,7 @@ jobs:

      - name: Install helm
        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: azure/setup-helm@v3.3
+        uses: azure/setup-helm@v3.5
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

@@ -84,7 +97,7 @@ jobs:

  lint-ts:
    name: Lint TypeScript files
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    timeout-minutes: 5
    steps:
      - name: Checkout repo
@@ -126,9 +139,70 @@ jobs:
        if: steps.changed-files.outputs.any_changed == 'true'
        run: yarn lint:ts

+  lint-actions:
+    name: Lint GitHub Actions
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+      - name: Check workflow files
+        run: |
+          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash)
+          ./actionlint -color -shellcheck= -ignore "set-output"
+        shell: bash
+
+  test-unit:
+    name: Run unit tests
+    runs-on: ubuntu-20.04
+    timeout-minutes: 5
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 2
+
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v26.1
+        with:
+          files: |
+            **/*.ts
+          files_ignore: |
+            lib/vscode/**
+
+      - name: Install Node.js v16
+        if: steps.changed-files.outputs.any_changed == 'true'
+        uses: actions/setup-node@v3
+        with:
+          node-version: "16"
+
+      - name: Fetch dependencies from cache
+        if: steps.changed-files.outputs.any_changed == 'true'
+        id: cache-node-modules
+        uses: actions/cache@v3
+        with:
+          path: "**/node_modules"
+          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            yarn-build-
+
+      - name: Install dependencies
+        if: steps.changed-files.outputs.any_changed == 'true' && steps.cache-node-modules.outputs.cache-hit != 'true'
+        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
+
+      - name: Run unit tests
+        if: steps.changed-files.outputs.any_changed == 'true'
+        run: yarn test:unit
+
+      - name: Upload coverage report to Codecov
+        uses: codecov/codecov-action@v3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+        if: success()
+
  build:
    name: Build code-server
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    timeout-minutes: 30
    env:
      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
@@ -157,15 +231,17 @@ jobs:
        uses: actions/cache@v3
        with:
          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
+          key: yarn-build-code-server-${{ hashFiles('**/yarn.lock') }}
          restore-keys: |
-            yarn-build-
+            yarn-build-code-server-

      - name: Install dependencies
        if: steps.cache-node-modules.outputs.cache-hit != 'true'
        run: yarn --frozen-lockfile

      - name: Build code-server
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: yarn build

      # Get Code's git hash.  When this changes it means the content is
@@ -174,10 +250,6 @@ jobs:
        id: vscode-rev
        run: echo "::set-output name=rev::$(git rev-parse HEAD:./lib/vscode)"

-      - name: Get version
-        id: version
-        run: echo "::set-output name=version::$(jq -r .version package.json)"
-
      # We need to rebuild when we have a new version of Code, when any of
      # the patches changed, or when the code-server version changes (since
      # it gets embedded into the code).  Use VSCODE_CACHE_VERSION to
@@ -187,25 +259,14 @@ jobs:
        uses: actions/cache@v3
        with:
          path: lib/vscode-reh-web-*
-          key: vscode-reh-package-${{ secrets.VSCODE_CACHE_VERSION }}-${{ steps.vscode-rev.outputs.rev }}-${{ steps.version.outputs.version }}-${{ hashFiles('patches/*.diff', 'ci/build/build-vscode.sh') }}
+          key: vscode-reh-package-${{ secrets.VSCODE_CACHE_VERSION }}-${{ steps.vscode-rev.outputs.rev }}-${{ hashFiles('patches/*.diff', 'ci/build/build-vscode.sh') }}

      - name: Build vscode
+        env:
+          VERSION: "0.0.0"
        if: steps.cache-vscode.outputs.cache-hit != 'true'
        run: yarn build:vscode

-      # Our code imports code from VS Code's `out` directory meaning VS Code
-      # must be built before running these tests.
-      # TODO: Move to its own step?
-      - name: Run code-server unit tests
-        run: yarn test:unit
-        if: success()
-
-      - name: Upload coverage report to Codecov
-        uses: codecov/codecov-action@v3
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-        if: success()
-
      # The release package does not contain any native modules
      # and is neutral to architecture/os/libc version.
      - name: Create release package
@@ -222,119 +283,10 @@ jobs:
          name: npm-package
          path: ./package.tar.gz

-  npm:
-    name: Publish npm package
-    # the npm-package gets uploaded as an artifact in Build
-    # so we need that to complete before this runs
-    needs: build
-    # This environment "npm" requires someone from
-    # coder/code-server-reviewers to approve the PR before this job runs.
-    environment: npm
-    # Only run if PR comes from base repo or event is not a PR
-    # Reason: forks cannot access secrets and this will always fail
-    if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request'
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@v3
-
-      - name: Download artifact
-        uses: actions/download-artifact@v3
-        id: download
-        with:
-          name: "npm-package"
-          path: release-npm-package
-
-      - name: Run ./ci/steps/publish-npm.sh
-        run: yarn publish:npm
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-          # NOTE@jsjoeio
-          # NPM_ENVIRONMENT intentionally not set here.
-          # Instead, itis determined in publish-npm.sh script
-          # using GITHUB environment variables
-
-      - name: Comment npm information
-        uses: marocchino/sticky-pull-request-comment@v2
-        with:
-          GITHUB_TOKEN: ${{ github.token }}
-          header: npm-dev-build
-          message: |
-            ✨ code-server dev build published to npm for PR #${{ github.event.number }}!
-            * _Last publish status_: success
-            * _Commit_: ${{ github.event.pull_request.head.sha }}
-
-            To install in a local project, run:
-            ```shell-session
-            npm install @coder/code-server-pr@${{ github.event.number }}
-            ```
-
-            To install globally, run:
-            ```shell-session
-            npm install -g @coder/code-server-pr@${{ github.event.number }}
-            ```
-
  test-e2e:
    name: Run e2e tests
    needs: build
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@v3
-
-      - name: Install Node.js v16
-        uses: actions/setup-node@v3
-        with:
-          node-version: "16"
-
-      - name: Fetch dependencies from cache
-        id: cache-node-modules
-        uses: actions/cache@v3
-        with:
-          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-
-
-      - name: Download npm package
-        uses: actions/download-artifact@v3
-        with:
-          name: npm-package
-
-      - name: Decompress npm package
-        run: tar -xzf package.tar.gz
-
-      - name: Install release package dependencies
-        run: cd release && yarn install
-
-      - name: Install dependencies
-        if: steps.cache-node-modules.outputs.cache-hit != 'true'
-        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
-
-      - name: Install Playwright OS dependencies
-        run: |
-          ./test/node_modules/.bin/playwright install-deps
-          ./test/node_modules/.bin/playwright install
-
-      - name: Run end-to-end tests
-        run: CODE_SERVER_TEST_ENTRY=./release yarn test:e2e --global-timeout 840000
-
-      - name: Upload test artifacts
-        if: always()
-        uses: actions/upload-artifact@v3
-        with:
-          name: failed-test-videos
-          path: ./test/test-results
-
-      - name: Remove release packages and test artifacts
-        run: rm -rf ./release ./test/test-results
-
-  test-e2e-proxy:
-    name: Run e2e tests behind proxy
-    needs: build
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    timeout-minutes: 25
    steps:
      - name: Checkout repo
@@ -363,7 +315,63 @@ jobs:
        run: tar -xzf package.tar.gz

      - name: Install release package dependencies
-        run: cd release && yarn install
+        run: cd release && npm install --unsafe-perm --omit=dev
+
+      - name: Install dependencies
+        if: steps.cache-node-modules.outputs.cache-hit != 'true'
+        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
+
+      - name: Install Playwright OS dependencies
+        run: |
+          ./test/node_modules/.bin/playwright install-deps
+          ./test/node_modules/.bin/playwright install
+
+      - name: Run end-to-end tests
+        run: CODE_SERVER_TEST_ENTRY=./release yarn test:e2e
+
+      - name: Upload test artifacts
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: failed-test-videos
+          path: ./test/test-results
+
+      - name: Remove release packages and test artifacts
+        run: rm -rf ./release ./test/test-results
+
+  test-e2e-proxy:
+    name: Run e2e tests behind proxy
+    needs: build
+    runs-on: ubuntu-20.04
+    timeout-minutes: 25
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Install Node.js v16
+        uses: actions/setup-node@v3
+        with:
+          node-version: "16"
+
+      - name: Fetch dependencies from cache
+        id: cache-node-modules
+        uses: actions/cache@v3
+        with:
+          path: "**/node_modules"
+          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            yarn-build-
+
+      - name: Download npm package
+        uses: actions/download-artifact@v3
+        with:
+          name: npm-package
+
+      - name: Decompress npm package
+        run: tar -xzf package.tar.gz
+
+      - name: Install release package dependencies
+        run: cd release && npm install --unsafe-perm --omit=dev

      - name: Install dependencies
        if: steps.cache-node-modules.outputs.cache-hit != 'true'
@@ -375,7 +383,7 @@ jobs:
          ./test/node_modules/.bin/playwright install

      - name: Cache Caddy
-        uses: actions/cache@v2
+        uses: actions/cache@v3
        id: caddy-cache
        with:
          path: |
@@ -388,7 +396,7 @@ jobs:
        if: steps.caddy-cache.outputs.cache-hit != 'true'
        run: |
          gh release download v2.5.2 --repo caddyserver/caddy --pattern "caddy_2.5.2_linux_amd64.tar.gz"
-          mkdir -p ~/.cache/caddy 
+          mkdir -p ~/.cache/caddy
          tar -xzf caddy_2.5.2_linux_amd64.tar.gz --directory ~/.cache/caddy

      - name: Start Caddy
--- a/.github/workflows/docs-preview.yaml
+++ b/.github/workflows/docs-preview.yaml
@@ -1,46 +0,0 @@
-name: Docs preview
-
-on:
-  pull_request:
-    branches:
-      - main
-    paths:
-      - "docs/**"
-
-permissions:
-  actions: none
-  checks: none
-  contents: read
-  deployments: none
-  issues: none
-  packages: none
-  pull-requests: write
-  repository-projects: none
-  security-events: none
-  statuses: none
-
-jobs:
-  preview:
-    name: Docs preview
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Set outputs
-        id: vars
-        run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
-
-      - name: Comment Credentials
-        uses: marocchino/sticky-pull-request-comment@v2
-        # Only run if PR comes from base repo
-        # Reason: forks cannot access secrets and this will always fail
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        with:
-          GITHUB_TOKEN: ${{ github.token }}
-          header: codercom-preview-docs
-          message: |
-            ✨ code-server docs for PR #${{ github.event.number }} is ready! It will be updated on every commit.
-            * _Host_: https://coder.com/docs/code-server/${{ steps.vars.outputs.sha_short }}
-            * _Last deploy status_: success
-            * _Commit_: ${{ github.event.pull_request.head.sha }}
-            * _Workflow status_: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
--- a/.github/workflows/installer.yaml
+++ b/.github/workflows/installer.yaml
@@ -41,7 +41,7 @@ jobs:
  alpine:
    name: Test installer on Alpine
    runs-on: ubuntu-latest
-    container: "alpine:3.16"
+    container: "alpine:3.17"
    steps:
      - name: Checkout repo
        uses: actions/checkout@v3
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -4,6 +4,11 @@ on:
  # Shows the manual trigger in GitHub UI
  # helpful as a back-up in case the GitHub Actions Workflow fails
  workflow_dispatch:
+    inputs:
+      version:
+        description: The version to publish (include "v", i.e. "v4.9.1").
+        type: string
+        required: true

  release:
    types: [released]
@@ -24,23 +29,25 @@ jobs:
      - name: Checkout code-server
        uses: actions/checkout@v3

-      - name: Get version
-        id: version
-        run: echo "::set-output name=version::$(jq -r .version package.json)"
-
-      - name: Download artifact
-        uses: dawidd6/action-download-artifact@v2
-        id: download
+      - name: Download npm package from release artifacts
+        uses: robinraju/release-downloader@v1.7
        with:
-          branch: release/v${{ steps.version.outputs.version }}
-          workflow: build.yaml
-          workflow_conclusion: completed
-          name: "npm-package"
-          path: release-npm-package
+          repository: "coder/code-server"
+          tag: ${{ github.event.inputs.version || github.ref_name }}
+          fileName: "package.tar.gz"
+          out-file-path: "release-npm-package"
+
+      # NOTE@jsjoeio - we do this so we can strip out the v
+      # i.e. v4.9.1 -> 4.9.1
+      - name: Get and set VERSION
+        run: |
+          TAG="${{ github.event.inputs.version || github.ref_name }}"
+          echo "VERSION=${TAG#v}" >> $GITHUB_ENV

      - name: Publish npm package and tag with "latest"
        run: yarn publish:npm
        env:
+          VERSION: ${{ env.VERSION }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
          NPM_ENVIRONMENT: "production"
@@ -64,9 +71,18 @@ jobs:
          git config --global user.name cdrci
          git config --global user.email opensource@coder.com

+      # NOTE@jsjoeio - we do this so we can strip out the v
+      # i.e. v4.9.1 -> 4.9.1
+      - name: Get and set VERSION
+        run: |
+          TAG="${{ github.event.inputs.version || github.ref_name }}"
+          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
+
      - name: Bump code-server homebrew version
        env:
+          VERSION: ${{ env.VERSION }}
          HOMEBREW_GITHUB_API_TOKEN: ${{secrets.HOMEBREW_GITHUB_API_TOKEN}}
+
        run: ./ci/steps/brew-bump.sh

  aur:
@@ -75,6 +91,7 @@ jobs:
    timeout-minutes: 10
    env:
      GH_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
+
    steps:
      # We need to checkout code-server so we can get the version
      - name: Checkout code-server
@@ -83,13 +100,6 @@ jobs:
          fetch-depth: 0
          path: "./code-server"

-      - name: Get code-server version
-        id: version
-        run: |
-          pushd code-server
-          echo "::set-output name=version::$(jq -r .version package.json)"
-          popd
-
      - name: Checkout code-server-aur repo
        uses: actions/checkout@v3
        with:
@@ -97,27 +107,44 @@ jobs:
          token: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
          ref: "master"

+      - name: Merge in master
+        run: |
+          git remote add upstream https://github.com/coder/code-server-aur.git
+          git fetch upstream
+          git merge upstream/master
+
      - name: Configure git
        run: |
          git config --global user.name cdrci
          git config --global user.email opensource@coder.com

+      # NOTE@jsjoeio - we do this so we can strip out the v
+      # i.e. v4.9.1 -> 4.9.1
+      - name: Get and set VERSION
+        run: |
+          TAG="${{ github.event.inputs.version || github.ref_name }}"
+          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
+
      - name: Validate package
        uses: hapakaien/archlinux-package-action@v2
+        env:
+          VERSION: ${{ env.VERSION }}
        with:
-          pkgver: ${{ steps.version.outputs.version }}
+          pkgver: ${{ env.VERSION }}
          updpkgsums: true
          srcinfo: true

      - name: Open PR
        # We need to git push -u otherwise gh will prompt
        # asking where to push the branch.
+        env:
+          VERSION: ${{ env.VERSION }}
        run: |
-          git checkout -b update-version-${{ steps.version.outputs.version }}
+          git checkout -b update-version-${{ env.VERSION }}
          git add . 
-          git commit -m "chore: updating version to ${{ steps.version.outputs.version }}"
+          git commit -m "chore: updating version to ${{ env.VERSION }}"
          git push -u origin $(git branch --show)
-          gh pr create --repo coder/code-server-aur --title "chore: bump version to ${{ steps.version.outputs.version }}" --body "PR opened by @$GITHUB_ACTOR" --assignee $GITHUB_ACTOR
+          gh pr create --repo coder/code-server-aur --title "chore: bump version to ${{ env.VERSION }}" --body "PR opened by @$GITHUB_ACTOR" --assignee $GITHUB_ACTOR
  docker:
    runs-on: ubuntu-20.04
    steps:
@@ -143,19 +170,23 @@ jobs:
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

-      - name: Get version
-        id: version
-        run: echo "::set-output name=version::$(jq -r .version package.json)"
+      # NOTE@jsjoeio - we do this so we can strip out the v
+      # i.e. v4.9.1 -> 4.9.1
+      - name: Get and set VERSION
+        run: |
+          TAG="${{ github.event.inputs.version || github.ref_name }}"
+          echo "VERSION=${TAG#v}" >> $GITHUB_ENV

      - name: Download release artifacts
-        uses: robinraju/release-downloader@v1.5
+        uses: robinraju/release-downloader@v1.7
        with:
          repository: "coder/code-server"
-          tag: v${{ steps.version.outputs.version }}
+          tag: v${{ env.VERSION }}
          fileName: "*.deb"
          out-file-path: "release-packages"

      - name: Publish to Docker
        run: yarn publish:docker
        env:
+          VERSION: ${{ env.VERSION }}
          GITHUB_TOKEN: ${{ github.token }}
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -2,6 +2,11 @@ name: Draft release

 on:
  workflow_dispatch:
+    inputs:
+      version:
+        description: The version to publish (include "v", i.e. "v4.9.1").
+        type: string
+        required: true

 permissions:
  contents: write # For creating releases.
@@ -21,6 +26,7 @@ jobs:
    name: x86-64 Linux build
    runs-on: ubuntu-latest
    timeout-minutes: 15
+    needs: npm-version
    container: "centos:7"
    env:
      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
@@ -38,11 +44,13 @@ jobs:
        run: |
          yum install -y epel-release centos-release-scl make
          yum install -y devtoolset-9-{make,gcc,gcc-c++} jq rsync python3
+          # for keytar
+          yum install -y libsecret-devel

      - name: Install nfpm and envsubst
        run: |
          mkdir -p ~/.local/bin
-          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
+          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.22.2/nfpm_2.22.2_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
          curl -sSfL https://github.com/a8m/envsubst/releases/download/v1.1.0/envsubst-`uname -s`-`uname -m` -o envsubst
          chmod +x envsubst
          mv envsubst ~/.local/bin
@@ -51,15 +59,10 @@ jobs:
      - name: Install yarn
        run: npm install -g yarn

-      - name: Download artifacts
-        uses: dawidd6/action-download-artifact@v2
-        id: download
+      - name: Download npm package
+        uses: actions/download-artifact@v3
        with:
-          branch: ${{ github.ref }}
-          workflow: build.yaml
-          workflow_conclusion: completed
-          check_artifacts: true
-          name: npm-package
+          name: npm-release-package

      - name: Decompress npm package
        run: tar -xzf package.tar.gz
@@ -67,19 +70,9 @@ jobs:
      # NOTE: && here is deliberate - GitHub puts each line in its own `.sh`
      # file when running inside a docker container.
      - name: Build standalone release
-        run: source scl_source enable devtoolset-9 && yarn release:standalone
-
-      - name: Fetch dependencies from cache
-        id: cache-node-modules
-        uses: actions/cache@v3
-        with:
-          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-
+        run: source scl_source enable devtoolset-9 && npm run release:standalone

      - name: Install test dependencies
-        if: steps.cache-node-modules.outputs.cache-hit != 'true'
        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile

      - name: Run integration tests on standalone release
@@ -91,7 +84,16 @@ jobs:
          token: ${{ secrets.CODECOV_TOKEN }}
        if: success()

+      # NOTE@jsjoeio - we do this so we can strip out the v
+      # i.e. v4.9.1 -> 4.9.1
+      - name: Get and set VERSION
+        run: |
+          TAG="${{ inputs.version || github.ref_name }}"
+          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
+
      - name: Build packages with nfpm
+        env:
+          VERSION: ${{ env.VERSION }}
        run: yarn package

      - uses: softprops/action-gh-release@v1
@@ -117,12 +119,13 @@ jobs:
  # but this means we don't need to maintain a self-hosted runner!

  # NOTE@jsjoeio:
-  # We used to use 16.04 until GitHub deprecated it on September 20, 2021
-  # See here: https://github.com/actions/virtual-environments/pull/3862/files
+  # We used to use 18.04 until GitHub browned it out on December 15, 2022
+  # See here: https://github.com/actions/runner-images/issues/6002
  package-linux-cross:
    name: Linux cross-compile builds
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-20.04
    timeout-minutes: 15
+    needs: npm-version
    strategy:
      matrix:
        include:
@@ -159,19 +162,16 @@ jobs:
        env:
          PACKAGE: ${{ format('g++-{0}', matrix.prefix) }}

-      - name: Download artifacts
-        uses: dawidd6/action-download-artifact@v2
-        id: download
+      - name: Download npm package
+        uses: actions/download-artifact@v3
        with:
-          branch: ${{ github.ref }}
-          workflow: build.yaml
-          workflow_conclusion: completed
-          check_artifacts: true
-          name: npm-package
+          name: npm-release-package

      - name: Decompress npm package
        run: tar -xzf package.tar.gz

+      # NOTE@jsjoeio - npm fails here
+      # so use yarn
      - name: Build standalone release
        run: yarn release:standalone

@@ -181,7 +181,16 @@ jobs:
          tar -xf node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}.tar.xz node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}/bin/node --strip-components=2
          mv ./node ./release-standalone/lib/node

+      # NOTE@jsjoeio - we do this so we can strip out the v
+      # i.e. v4.9.1 -> 4.9.1
+      - name: Get and set VERSION
+        run: |
+          TAG="${{ inputs.version || github.ref_name }}"
+          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
+
      - name: Build packages with nfpm
+        env:
+          VERSION: ${{ env.VERSION }}
        run: yarn package ${NPM_CONFIG_ARCH}

      - uses: softprops/action-gh-release@v1
@@ -194,6 +203,7 @@ jobs:
    name: x86-64 macOS build
    runs-on: macos-latest
    timeout-minutes: 15
+    needs: npm-version
    steps:
      - name: Checkout repo
        uses: actions/checkout@v3
@@ -209,39 +219,33 @@ jobs:
          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
          echo "$HOME/.local/bin" >> $GITHUB_PATH

-      - name: Download artifacts
-        uses: dawidd6/action-download-artifact@v2
-        id: download
+      - name: Download npm package
+        uses: actions/download-artifact@v3
        with:
-          branch: ${{ github.ref }}
-          workflow: build.yaml
-          workflow_conclusion: completed
-          check_artifacts: true
-          name: npm-package
+          name: npm-release-package

      - name: Decompress npm package
        run: tar -xzf package.tar.gz

      - name: Build standalone release
-        run: yarn release:standalone
-
-      - name: Fetch dependencies from cache
-        id: cache-node-modules
-        uses: actions/cache@v3
-        with:
-          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-
+        run: npm run release:standalone

      - name: Install test dependencies
-        if: steps.cache-node-modules.outputs.cache-hit != 'true'
        run: SKIP_SUBMODULE_DEPS=1 yarn install

      - name: Run native module tests on standalone release
        run: yarn test:native

+      # NOTE@jsjoeio - we do this so we can strip out the v
+      # i.e. v4.9.1 -> 4.9.1
+      - name: Get and set VERSION
+        run: |
+          TAG="${{ inputs.version || github.ref_name }}"
+          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
+
      - name: Build packages with nfpm
+        env:
+          VERSION: ${{ env.VERSION }}
        run: yarn package

      - uses: softprops/action-gh-release@v1
@@ -249,3 +253,68 @@ jobs:
          draft: true
          discussion_category_name: "📣 Announcements"
          files: ./release-packages/*
+
+  npm-package:
+    name: Upload npm package
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    needs: npm-version
+    steps:
+      - name: Download npm package
+        uses: actions/download-artifact@v3
+        with:
+          name: npm-release-package
+
+      - uses: softprops/action-gh-release@v1
+        with:
+          draft: true
+          discussion_category_name: "📣 Announcements"
+          files: ./package.tar.gz
+
+  npm-version:
+    name: Modify package.json version
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Download artifacts
+        uses: dawidd6/action-download-artifact@v2
+        id: download
+        with:
+          branch: ${{ github.ref }}
+          workflow: build.yaml
+          workflow_conclusion: completed
+          name: npm-package
+          check_artifacts: false
+          if_no_artifact_found: fail
+
+      - name: Decompress npm package
+        run: tar -xzf package.tar.gz
+
+      # NOTE@jsjoeio - we do this so we can strip out the v
+      # i.e. v4.9.1 -> 4.9.1
+      - name: Get and set VERSION
+        run: |
+          TAG="${{ inputs.version || github.ref_name }}"
+          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
+
+      - name: Modify version
+        env:
+          VERSION: ${{ env.VERSION }}
+        run: |
+          echo "Updating version in root package.json"
+          npm version --prefix release "$VERSION"
+
+          echo "Updating version in lib/vscode/product.json"
+          tmp=$(mktemp) 
+          jq ".codeServerVersion = \"$VERSION\"" release/lib/vscode/product.json > "$tmp" && mv "$tmp" release/lib/vscode/product.json
+          # Ensure it has the same permissions as before
+          chmod 644 release/lib/vscode/product.json
+
+      - name: Compress release package
+        run: tar -czf package.tar.gz release
+
+      - name: Upload npm package artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: npm-release-package
+          path: ./package.tar.gz
--- a/.github/workflows/scripts.yaml
+++ b/.github/workflows/scripts.yaml
@@ -38,7 +38,7 @@ jobs:
    name: Run script unit tests
    runs-on: ubuntu-latest
    # This runs on Alpine to make sure we're testing with actual sh.
-    container: "alpine:3.16"
+    container: "alpine:3.17"
    steps:
      - name: Checkout repo
        uses: actions/checkout@v3
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -65,7 +65,7 @@ jobs:
          fetch-depth: 0

      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac
+        uses: aquasecurity/trivy-action@cff3e9a7f62c41dd51975266d0ae235709e39c41
        with:
          scan-type: "fs"
          scan-ref: "."
--- a/.github/workflows/trivy-docker.yaml
+++ b/.github/workflows/trivy-docker.yaml
@@ -51,7 +51,7 @@ jobs:
        uses: actions/checkout@v3

      - name: Run Trivy vulnerability scanner in image mode
-        uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac
+        uses: aquasecurity/trivy-action@cff3e9a7f62c41dd51975266d0ae235709e39c41
        with:
          image-ref: "docker.io/codercom/code-server:latest"
          ignore-unfixed: true
--- a/.prettierignore
+++ b/.prettierignore
@@ -1 +1,9 @@
-lib/vscode
+lib/vscode
+lib/vscode-reh-web-linux-x64
+release-standalone
+release-packages
+release
+helm-chart
+test/scripts
+test/e2e/extensions/test-extension
+.pc
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,109 @@ Code v99.99.999

 -->

+## [4.10.0](https://github.com/coder/code-server/releases/tag/v4.10.0) - TBD
+
+Code v1.75.0
+
+### Changed
+
+- Updated to Code 1.75.0
+
+## [4.9.1](https://github.com/coder/code-server/releases/tag/v4.9.1) - 2022-12-15
+
+Code v1.73.1
+
+### Changed
+
+- Updated a couple steps in the build and release process to ensure we're using
+  `npm` and `yarn` consistently depending on the step.
+
+### Fixed
+
+- Fixed an issue with code-server version not displaying in the Help > About window.
+- Fixed terminal not loading on macOS clients.
+
+## [4.9.0](https://github.com/coder/code-server/releases/tag/v4.9.0) - 2022-12-06
+
+Code v1.73.1
+
+### Changed
+
+- Upgraded to Code 1.73.1
+
+### Added
+
+- `/security.txt` added as a route with info on our security policy information thanks to @ghuntley
+
+### Fixed
+
+- Installing on majaro images should now work thanks to @MrPeacockNLB for
+  adding the `--noconfirm` flag in `install.sh`
+
+### Known Issues
+
+- `--cert` on Ubuntu 22.04: OpenSSL v3 is used which breaks `pem` meaning the
+  `--cert` feature will not work. [Reference](https://github.com/adobe/fetch/pull/318#issuecomment-1306070259)
+
+## [4.8.3](https://github.com/coder/code-server/releases/tag/v4.8.3) - 2022-11-07
+
+Code v1.72.1
+
+### Added
+
+- install script now supports arch-like (i.e. manjaro, endeavourous, etc.)
+  architectures
+
+### Changed
+
+- Updated text in the Getting Started page.
+
+## [4.8.2](https://github.com/coder/code-server/releases/tag/v4.8.2) - 2022-11-02
+
+Code v1.72.1
+
+### Added
+
+- New text in the Getting Started page with info about
+  `coder/coder`. This is enabled by default but can be disabled by passing the CLI
+  flag `--disable-getting-started-override` or setting
+  `CS_DISABLE_GETTING_STARTED_OVERRIDE=1` or
+  `CS_DISABLE_GETTING_STARTED_OVERRIDE=true`.
+
+## [4.8.1](https://github.com/coder/code-server/releases/tag/v4.8.1) - 2022-10-28
+
+Code v1.72.1
+
+### Fixed
+
+- Fixed CSP error introduced in 4.8.0 that caused issues with webviews and most
+  extensions.
+
+## [4.8.0](https://github.com/coder/code-server/releases/tag/v4.8.0) - 2022-10-24
+
+Code v1.72.1
+
+### Added
+
+- Support for the Ports panel which leverages code-server's built-in proxy. It
+  also uses `VSCODE_PROXY_URI` where `{{port}}` is replace when forwarding a port.
+  Example: `VSCODE_PROXY_URI=https://{{port}}.kyle.dev` would forward an
+  application running on localhost:3000 to https://3000.kyle.dev
+- Support for `--disable-workspace-trust` CLI flag
+- Support for `--goto` flag to open file @ line:column
+- Added Ubuntu-based images for Docker releases. If you run into issues with
+  `PATH` being overwritten in Docker please try the Ubuntu image as this is a
+  problem in the Debian base image.
+
+### Changed
+
+- Updated Code to 1.72.1
+
+### Fixed
+
+- Enabled `BROWSER` environment variable
+- Patched `asExternalUri` to work so now extensions run inside code-server can use it
+
 ## [4.7.1](https://github.com/coder/code-server/releases/tag/v4.7.1) - 2022-09-30

 Code v1.71.2
--- a/ci/build/build-vscode.sh
+++ b/ci/build/build-vscode.sh
@@ -42,6 +42,12 @@ main() {

  pushd lib/vscode

+  if [[ ! ${VERSION-} ]]; then
+    echo "VERSION not set. Please set before running this script:"
+    echo "VERSION='0.0.0' yarn build:vscode"
+    exit 1
+  fi
+
  # Set the commit Code will embed into the product.json.  We need to do this
  # since Code tries to get the commit from the `.git` directory which will fail
  # as it is a submodule.
--- a/ci/build/nfpm.yaml
+++ b/ci/build/nfpm.yaml
@@ -4,7 +4,7 @@ platform: "linux"
 version: "v${VERSION}"
 section: "devel"
 priority: "optional"
-maintainer: "Anmol Sethi <hi@nhooyr.io>"
+maintainer: "Joe Previte <joe@coder.com>"
 description: |
  Run VS Code in the browser.
 vendor: "Coder"
@@ -22,4 +22,4 @@ contents:
    dst: /usr/lib/systemd/user/code-server.service

  - src: ./release-standalone/*
-    dst: /usr/lib/code-server/
+    dst: /usr/lib/code-server
--- a/ci/build/npm-postinstall.sh
+++ b/ci/build/npm-postinstall.sh
@@ -124,27 +124,18 @@ main() {
 }

 install_with_yarn_or_npm() {
+  echo "User agent: ${npm_config_user_agent-none}"
  # NOTE@edvincent: We want to keep using the package manager that the end-user was using to install the package.
  # This also ensures that when *we* run `yarn` in the development process, the yarn.lock file is used.
  case "${npm_config_user_agent-}" in
-    yarn*)
-      if [ -f "yarn.lock" ]; then
-        yarn --production --frozen-lockfile --no-default-rc
-      else
-        echo "yarn.lock file not present, not running in development mode. use npm to install code-server!"
-        exit 1
-      fi
-      ;;
    npm*)
-      if [ -f "yarn.lock" ]; then
-        echo "yarn.lock file present, running in development mode. use yarn to install code-server!"
-        exit 1
-      else
-        # HACK: NPM's use of semver doesn't like resolving some peerDependencies that vscode (upstream) brings in the form of pre-releases.
-        # The legacy behavior doesn't complain about pre-releases being used, falling back to that for now.
-        # See https://github.com//pull/5071
-        npm install --unsafe-perm --legacy-peer-deps --omit=dev
-      fi
+      # HACK: NPM's use of semver doesn't like resolving some peerDependencies that vscode (upstream) brings in the form of pre-releases.
+      # The legacy behavior doesn't complain about pre-releases being used, falling back to that for now.
+      # See https://github.com//pull/5071
+      npm install --unsafe-perm --legacy-peer-deps --omit=dev
+      ;;
+    yarn*)
+      yarn --production --frozen-lockfile --no-default-rc
      ;;
    *)
      echo "Could not determine which package manager is being used to install code-server"
--- a/ci/build/release-prep.sh
+++ b/ci/build/release-prep.sh
@@ -1,103 +0,0 @@
-#!/usr/bin/env bash
-# Description: This is a script to make the release process easier
-# Run it with `yarn release:prep` and it will do the following:
-# 1. Check that you have gh installed and that you're signed in
-# 2. Update the version of code-server (package.json, docs, etc.)
-# 3. Update the code coverage badge in the README
-# 4. Open a draft PR using the release_template.md and view in browser
-# If you want to perform a dry run of this script run DRY_RUN=1 yarn release:prep
-
-set -euo pipefail
-
-CHECKMARK="\xE2\x9C\x94"
-DASH="-"
-
-main() {
-  if [ "${DRY_RUN-}" = 1 ]; then
-    echo "Performing a dry run..."
-    CMD="echo"
-  else
-    CMD=''
-  fi
-
-  cd "$(dirname "$0")/../.."
-
-  # Check that gh is installed
-  if ! command -v gh &> /dev/null; then
-    echo "gh could not be found."
-    echo "We use this with the release-github-draft.sh and release-github-assets.sh scripts."
-    echo -e "See docs here: https://github.com/cli/cli#installation"
-    exit
-  fi
-
-  # Check that they have jq installed
-  if ! command -v jq &> /dev/null; then
-    echo "jq could not be found."
-    echo "We use this to parse the package.json and grab the current version of code-server."
-    echo -e "See docs here: https://stedolan.github.io/jq/download/"
-    exit
-  fi
-
-  # Check that they have rg installed
-  if ! command -v rg &> /dev/null; then
-    echo "rg could not be found."
-    echo "We use this when updating files across the codebase."
-    echo -e "See docs here: https://github.com/BurntSushi/ripgrep#installation"
-    exit
-  fi
-
-  # Check that they have node installed
-  if ! command -v node &> /dev/null; then
-    echo "node could not be found."
-    echo "That's surprising..."
-    echo "We use it in this script for getting the package.json version"
-    echo -e "See docs here: https://nodejs.org/en/download/"
-    exit
-  fi
-
-  # Check that gh is authenticated
-  if ! gh auth status -h github.com &> /dev/null; then
-    echo "gh isn't authenticated to github.com."
-    echo "This is needed for our scripts that use gh."
-    echo -e "See docs regarding authentication: https://cli.github.com/manual/gh_auth_login"
-    exit
-  fi
-
-  # Note: we need to set upstream as well or the gh pr create step will fail
-  # See: https://github.com/cli/cli/issues/575
-  CURRENT_BRANCH=$(git branch | grep '\*' | cut -d' ' -f2-)
-  if [[ -z $(git config "branch.${CURRENT_BRANCH}.remote") ]]; then
-    echo "Doesn't look like you've pushed this branch to remote"
-    # Note: we need to set upstream as well or the gh pr create step will fail
-    # See: https://github.com/cli/cli/issues/575
-    echo "Please set the upstream and then run the script"
-    exit 1
-  fi
-
-  # credit to jakwuh for this solution
-  # https://gist.github.com/DarrenN/8c6a5b969481725a4413#gistcomment-1971123
-  CODE_SERVER_CURRENT_VERSION=$(node -pe "require('./package.json').version")
-  # Ask which version we should update to
-  # In the future, we'll automate this and determine the latest version automatically
-  echo -e "$DASH Current version: ${CODE_SERVER_CURRENT_VERSION}"
-  # The $'\n' adds a line break. See: https://stackoverflow.com/a/39581815/3015595
-  CODE_SERVER_VERSION_TO_UPDATE=$(git rev-parse --abbrev-ref HEAD | perl -pe '($_)=/([0-9]+([.][0-9]+)+)/')
-  echo -e "$CHECKMARK Version in branch name"
-  echo -e "$CHECKMARK Updating to: $CODE_SERVER_VERSION_TO_UPDATE"
-
-  $CMD rg -g '!yarn.lock' -g '!*.svg' -g '!CHANGELOG.md' -g '!lib/vscode/**' --files-with-matches --fixed-strings "${CODE_SERVER_CURRENT_VERSION}" | $CMD xargs sd "$CODE_SERVER_CURRENT_VERSION" "$CODE_SERVER_VERSION_TO_UPDATE"
-
-  $CMD git commit --no-verify -am "chore(release): bump version to $CODE_SERVER_VERSION_TO_UPDATE"
-
-  # This runs from the root so that's why we use this path vs. ../../
-  RELEASE_TEMPLATE_STRING=$(cat ./.github/PULL_REQUEST_TEMPLATE/release_template.md)
-
-  echo -e "\nOpening a draft PR on GitHub"
-  # To read about these flags, visit the docs: https://cli.github.com/manual/gh_pr_create
-  $CMD gh pr create --base main --title "release: $CODE_SERVER_VERSION_TO_UPDATE" --body "$RELEASE_TEMPLATE_STRING" --reviewer @coder/code-server --repo coder/code-server --draft --assignee "@me"
-
-  # Open PR in browser
-  $CMD gh pr view --web
-}
-
-main "$@"
--- a/ci/dev/doctoc.sh
+++ b/ci/dev/doctoc.sh
@@ -4,24 +4,6 @@ set -euo pipefail
 main() {
  cd "$(dirname "$0")/../.."

-  local prettierExts
-  prettierExts=(
-    "*.js"
-    "*.ts"
-    "*.tsx"
-    "*.html"
-    "*.json"
-    "*.css"
-    "*.md"
-    "*.toml"
-    "*.yaml"
-    "*.yml"
-    "*.sh"
-  )
-  prettier --write --loglevel=warn $(
-    git ls-files "${prettierExts[@]}" | grep -v "lib/vscode" | grep -v 'helm-chart'
-  )
-
  doctoc --title '# FAQ' docs/FAQ.md > /dev/null
  doctoc --title '# Setup Guide' docs/guide.md > /dev/null
  doctoc --title '# Install' docs/install.md > /dev/null
@@ -32,12 +14,11 @@ main() {
  doctoc --title '# iPad' docs/ipad.md > /dev/null
  doctoc --title '# Termux' docs/termux.md > /dev/null

-  # TODO: replace with a method that generates fewer false positives.
  if [[ ${CI-} && $(git ls-files --other --modified --exclude-standard) ]]; then
    echo "Files need generation or are formatted incorrectly:"
    git -c color.ui=always status | grep --color=no '\[31m'
    echo "Please run the following locally:"
-    echo "  yarn fmt"
+    echo "  yarn doctoc"
    exit 1
  fi
 }
--- a/ci/dev/test-unit.sh
+++ b/ci/dev/test-unit.sh
@@ -11,22 +11,6 @@ main() {
  make -s out/index.js
  popd

-  # Our code imports from `out` in order to work during development but if you
-  # have only built for production you will have not have this directory.  In
-  # that case symlink `out` to a production build directory.
-  if [[ ! -e lib/vscode/out ]]; then
-    pushd lib
-    local out=(vscode-reh-web-*)
-    if [[ -d "${out[0]}" ]]; then
-      ln -s "../${out[0]}/out" ./vscode/out
-    else
-      echo "Could not find lib/vscode/out or lib/vscode-reh-web-*"
-      echo "Code must be built before running unit tests"
-      exit 1
-    fi
-    popd
-  fi
-
  # We must keep jest in a sub-directory. See ../../test/package.json for more
  # information. We must also run it from the root otherwise coverage will not
  # include our source files.
--- a/ci/dev/watch.ts
+++ b/ci/dev/watch.ts
@@ -1,4 +1,4 @@
-import { spawn, fork, ChildProcess } from "child_process"
+import { spawn, ChildProcess } from "child_process"
 import * as path from "path"
 import { onLine, OnLineCallback } from "../../src/node/util"

@@ -30,12 +30,13 @@ class Watcher {

    // Pass CLI args, save for `node` and the initial script name.
    const args = process.argv.slice(2)
-    this.webServer = fork(path.join(this.rootPath, "out/node/entry.js"), args)
+    this.webServer = spawn("node", [path.join(this.rootPath, "out/node/entry.js"), ...args])
+    onLine(this.webServer, (line) => console.log("[code-server]", line))
    const { pid } = this.webServer

-    this.webServer.on("exit", () => console.log("[Code Server]", `Web process ${pid} exited`))
+    this.webServer.on("exit", () => console.log("[code-server]", `Web process ${pid} exited`))

-    console.log("\n[Code Server]", `Spawned web server process ${pid}`)
+    console.log("\n[code-server]", `Spawned web server process ${pid}`)
  }

  //#endregion
@@ -82,10 +83,10 @@ class Watcher {
  private parseVSCodeLine: OnLineCallback = (strippedLine, originalLine) => {
    if (!strippedLine.length) return

-    console.log("[VS Code]", originalLine)
+    console.log("[Code OSS]", originalLine)

    if (strippedLine.includes("Finished compilation with")) {
-      console.log("[VS Code] ✨ Finished compiling! ✨", "(Refresh your web browser ♻️)")
+      console.log("[Code OSS] ✨ Finished compiling! ✨", "(Refresh your web browser ♻️)")
      this.reloadWebServer()
    }
  }
@@ -93,10 +94,10 @@ class Watcher {
  private parseCodeServerLine: OnLineCallback = (strippedLine, originalLine) => {
    if (!strippedLine.length) return

-    console.log("[Compiler][Code Server]", originalLine)
+    console.log("[Compiler][code-server]", originalLine)

    if (strippedLine.includes("Watching for file changes")) {
-      console.log("[Compiler][Code Server]", "Finished compiling!", "(Refresh your web browser ♻️)")
+      console.log("[Compiler][code-server]", "Finished compiling!", "(Refresh your web browser ♻️)")
      this.reloadWebServer()
    }
  }
--- a/ci/helm-chart/Chart.yaml
+++ b/ci/helm-chart/Chart.yaml
@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.2.3
+version: 3.4.1

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 4.7.1
+appVersion: 4.9.1
--- a/ci/helm-chart/values.yaml
+++ b/ci/helm-chart/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1

 image:
  repository: codercom/code-server
-  tag: '4.7.1'
+  tag: '4.9.1'
  pullPolicy: Always

 # Specifies one or more secrets to be used when pulling images from a
--- a/ci/lib.sh
+++ b/ci/lib.sh
@@ -9,10 +9,6 @@ popd() {
  builtin popd > /dev/null
 }

-pkg_json_version() {
-  jq -r .version package.json
-}
-
 vscode_version() {
  jq -r .version lib/vscode/package.json
 }
@@ -48,8 +44,6 @@ rsync() {
  command rsync -a --del "$@"
 }

-VERSION="$(pkg_json_version)"
-export VERSION
 ARCH="$(arch)"
 export ARCH
 OS=$(os)
--- a/ci/release-image/Dockerfile
+++ b/ci/release-image/Dockerfile
@@ -1,12 +1,13 @@
 # syntax=docker/dockerfile:experimental

+ARG BASE=debian:11
 FROM scratch AS packages
 COPY release-packages/code-server*.deb /tmp/

-FROM debian:11
+FROM $BASE

 RUN apt-get update \
- && apt-get install -y \
+  && apt-get install -y \
    curl \
    dumb-init \
    zsh \
@@ -29,15 +30,15 @@ RUN sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen \
  && locale-gen
 ENV LANG=en_US.UTF-8

-RUN adduser --gecos '' --disabled-password coder && \
-  echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
+RUN adduser --gecos '' --disabled-password coder \
+  && echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd

-RUN ARCH="$(dpkg --print-architecture)" && \
-    curl -fsSL "https://github.com/boxboat/fixuid/releases/download/v0.5/fixuid-0.5-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - && \
-    chown root:root /usr/local/bin/fixuid && \
-    chmod 4755 /usr/local/bin/fixuid && \
-    mkdir -p /etc/fixuid && \
-    printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml
+RUN ARCH="$(dpkg --print-architecture)" \
+  && curl -fsSL "https://github.com/boxboat/fixuid/releases/download/v0.5/fixuid-0.5-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - \
+  && chown root:root /usr/local/bin/fixuid \
+  && chmod 4755 /usr/local/bin/fixuid \
+  && mkdir -p /etc/fixuid \
+  && printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml

 COPY ci/release-image/entrypoint.sh /usr/bin/entrypoint.sh
 RUN --mount=from=packages,src=/tmp,dst=/tmp/packages dpkg -i /tmp/packages/code-server*$(dpkg --print-architecture).deb
--- a/ci/release-image/docker-bake.hcl
+++ b/ci/release-image/docker-bake.hcl
@@ -6,17 +6,63 @@ variable "VERSION" {
    default = "latest"
 }

-group "default" {
-    targets = ["code-server"]
+variable "DOCKER_REGISTRY" {
+    default = "docker.io/codercom/code-server"
 }

-target "code-server" {
-    dockerfile = "ci/release-image/Dockerfile"
-    tags = [
-        "docker.io/codercom/code-server:latest",
-        notequal("latest",VERSION) ? "docker.io/codercom/code-server:${VERSION}" : "",
-        "ghcr.io/coder/code-server:latest",
-        notequal("latest",VERSION) ? "ghcr.io/coder/code-server:${VERSION}" : "",
+variable "GITHUB_REGISTRY" {
+    default = "ghcr.io/coder/code-server"
+}
+
+group "default" {
+    targets = [
+        "code-server-debian-11", 
+        "code-server-ubuntu-focal",
    ]
+}
+
+function "prepend_hyphen_if_not_null" {
+    params = [tag]
+    result = notequal("","${tag}") ? "-${tag}" : "${tag}"
+}
+
+# use empty tag (tag="") to generate default tags
+function "gen_tags" {
+    params = [registry, tag]
+    result = notequal("","${registry}") ? [
+        notequal("", "${tag}") ? "${registry}:${tag}" : "${registry}:latest",
+        notequal("latest",VERSION) ? "${registry}:${VERSION}${prepend_hyphen_if_not_null(tag)}" : "",
+    ] : []
+}
+
+# helper function to generate tags for docker registry and github registry.
+# set (DOCKER|GITHUB)_REGISTRY="" to disable corresponding registry
+function "gen_tags_for_docker_and_ghcr" {
+    params = [tag]
+    result = concat(
+        gen_tags("${DOCKER_REGISTRY}", "${tag}"),
+        gen_tags("${GITHUB_REGISTRY}", "${tag}"),
+    )
+}
+
+target "code-server-debian-11" {
+    dockerfile = "ci/release-image/Dockerfile"
+    tags = concat(
+        gen_tags_for_docker_and_ghcr(""),
+        gen_tags_for_docker_and_ghcr("debian"),
+        gen_tags_for_docker_and_ghcr("bullseye"),
+    )
+    platforms = ["linux/amd64", "linux/arm64"]
+}
+
+target "code-server-ubuntu-focal" {
+    dockerfile = "ci/release-image/Dockerfile"
+    tags = concat(
+        gen_tags_for_docker_and_ghcr("ubuntu"),
+        gen_tags_for_docker_and_ghcr("focal"),
+    )
+    args = {
+        BASE = "ubuntu:focal"
+    }
    platforms = ["linux/amd64", "linux/arm64"]
 }
--- a/ci/steps/docker-buildx-push.sh
+++ b/ci/steps/docker-buildx-push.sh
@@ -3,9 +3,8 @@ set -euo pipefail

 main() {
  cd "$(dirname "$0")/../.."
-  # ci/lib.sh sets VERSION so it's available to ci/release-image/docker-bake.hcl
-  # to push the VERSION tag.
-  source ./ci/lib.sh
+  # NOTE@jsjoeio - this script assumes VERSION exists as an
+  # environment variable.

  # NOTE@jsjoeio - this script assumes that you've downloaded
  # the release-packages artifact to ./release-packages before
--- a/ci/steps/publish-npm.sh
+++ b/ci/steps/publish-npm.sh
@@ -19,12 +19,6 @@ main() {
  # This is because npm won't publish your package unless it's a new version.
  # i.e. for development, we bump the version to <current version>-<pr number>-<commit sha>
  # example: "version": "4.0.1-4769-ad7b23cfe6ffd72914e34781ef7721b129a23040"
-  # We need the current package.json VERSION
-  if ! is_env_var_set "VERSION"; then
-    echo "VERSION is not set. Cannot publish to npm without VERSION."
-    exit 1
-  fi
-
  # We use this to grab the PR_NUMBER
  if ! is_env_var_set "GITHUB_REF"; then
    echo "GITHUB_REF is not set. Are you running this locally? We rely on values provided by GitHub."
@@ -102,6 +96,7 @@ main() {
      # This means the npm version will be tagged with "beta"
      # and installed when a user runs `yarn install code-server@beta`
      NPM_TAG="beta"
+      PACKAGE_NAME="@coder/code-server-pr"
    fi

    if [[ "$NPM_ENVIRONMENT" == "development" ]]; then
--- a/docs/CODE_OF_CONDUCT.md
+++ b/docs/CODE_OF_CONDUCT.md
@@ -1,5 +1,18 @@
+<!-- prettier-ignore-start -->
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+# Contributor Covenant Code of Conduct
+
+- [Contributor Covenant Code of Conduct](#contributor-covenant-code-of-conduct)
+  - [Our Pledge](#our-pledge)
+  - [Our Standards](#our-standards)
+  - [Our Responsibilities](#our-responsibilities)
+  - [Scope](#scope)
+  - [Enforcement](#enforcement)
+  - [Attribution](#attribution)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+<!-- prettier-ignore-end -->

 # Contributor Covenant Code of Conduct

--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -1,3 +1,4 @@
+<!-- prettier-ignore-start -->
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 # Contributing
@@ -10,9 +11,10 @@
  - [Version updates to Code](#version-updates-to-code)
  - [Patching Code](#patching-code)
  - [Build](#build)
+    - [Creating a Standalone Release](#creating-a-standalone-release)
  - [Troubleshooting](#troubleshooting)
    - [I see "Forbidden access" when I load code-server in the browser](#i-see-forbidden-access-when-i-load-code-server-in-the-browser)
-  - ["Can only have one anonymous define call per script"](#can-only-have-one-anonymous-define-call-per-script)
+    - ["Can only have one anonymous define call per script"](#can-only-have-one-anonymous-define-call-per-script)
  - [Help](#help)
 - [Test](#test)
  - [Unit tests](#unit-tests)
@@ -24,6 +26,7 @@
  - [Currently Known Issues](#currently-known-issues)

 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
+<!-- prettier-ignore-end -->

 - [Detailed CI and build process docs](../ci)

@@ -168,6 +171,22 @@ yarn package
 > If you need your builds to support older distros, run the build commands
 > inside a Docker container with all the build requirements installed.

+#### Creating a Standalone Release
+
+Part of the build process involves creating standalone releases. At the time of
+writing, we do this for the following platforms/architectures:
+
+- Linux amd64 (.tar.gz, .deb, and .rpm)
+- Linux arm64 (.tar.gz, .deb, and .rpm)
+- Linux arm7l (.tar.gz)
+- Linux armhf.deb
+- Linux armhf.rpm
+- macOS amd64 (Intel-based)
+
+Currently, these are compiled in CI using the `yarn release-standalone` command
+in the `release.yaml` workflow. We then upload them to the draft release and
+distribute via GitHub Releases.
+
 ### Troubleshooting

 #### I see "Forbidden access" when I load code-server in the browser
@@ -176,7 +195,7 @@ This means your patches didn't apply correctly. We have a patch to remove the au

 Try popping off the patches with `quilt pop -a` and reapplying with `quilt push -a`.

-### "Can only have one anonymous define call per script"
+#### "Can only have one anonymous define call per script"

 Code might be trying to use a dev or prod HTML in the wrong context. You can try re-running code-server and setting `VSCODE_DEV=1`.

--- a/docs/FAQ.md
+++ b/docs/FAQ.md
@@ -1,3 +1,4 @@
+<!-- prettier-ignore-start -->
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 # FAQ
@@ -25,14 +26,18 @@
 - [Is multi-tenancy possible?](#is-multi-tenancy-possible)
 - [Can I use Docker in a code-server container?](#can-i-use-docker-in-a-code-server-container)
 - [How do I disable telemetry?](#how-do-i-disable-telemetry)
+- [What's the difference between code-server and Coder?](#whats-the-difference-between-code-server-and-coder)
 - [What's the difference between code-server and Theia?](#whats-the-difference-between-code-server-and-theia)
 - [What's the difference between code-server and OpenVSCode-Server?](#whats-the-difference-between-code-server-and-openvscode-server)
 - [What's the difference between code-server and GitHub Codespaces?](#whats-the-difference-between-code-server-and-github-codespaces)
 - [Does code-server have any security login validation?](#does-code-server-have-any-security-login-validation)
 - [Are there community projects involving code-server?](#are-there-community-projects-involving-code-server)
 - [How do I change the port?](#how-do-i-change-the-port)
+- [How do I hide the coder/coder promotion in Help: Getting Started?](#how-do-i-hide-the-codercoder-promotion-in-help-getting-started)
+- [How do I disable file download?](#how-do-i-disable-file-download)

 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
+<!-- prettier-ignore-end -->

 ## Questions?

@@ -359,6 +364,15 @@ Use the `--disable-telemetry` flag to disable telemetry.

 > We use the data collected only to improve code-server.

+## What's the difference between code-server and Coder?
+
+code-server and Coder are both applications that can be installed on any
+machine. The main difference is who they serve. Out of the box, code-server is
+simply VS Code in the browser while Coder is a tool for provisioning remote
+development environments via Terraform.
+
+code-server was built for individuals while Coder was built for teams. In Coder, you create Workspaces which can have applications like code-server. If you're looking for a team solution, you should reach for [Coder](https://github.com/coder/coder).
+
 ## What's the difference between code-server and Theia?

 At a high level, code-server is a patched fork of VS Code that runs in the
@@ -416,3 +430,13 @@ There are two ways to change the port on which code-server runs:

 1. with an environment variable e.g. `PORT=3000 code-server`
 2. using the flag `--bind-addr` e.g. `code-server --bind-addr localhost:3000`
+
+## How do I hide the coder/coder promotion in Help: Getting Started?
+
+You can pass the flag `--disable-getting-started-override` to `code-server` or
+you can set the environment variable `CS_DISABLE_GETTING_STARTED_OVERRIDE=1` or
+`CS_DISABLE_GETTING_STARTED_OVERRIDE=true`.
+
+## How do I disable file download?
+
+You can pass the flag `--disable-file-downloads` to `code-server`
--- a/docs/MAINTAINING.md
+++ b/docs/MAINTAINING.md
@@ -1,3 +1,4 @@
+<!-- prettier-ignore-start -->
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 # Maintaining
@@ -14,6 +15,7 @@
  - [Changelog](#changelog)
 - [Releases](#releases)
  - [Publishing a release](#publishing-a-release)
+    - [Release Candidates](#release-candidates)
    - [AUR](#aur)
    - [Docker](#docker)
    - [Homebrew](#homebrew)
@@ -24,6 +26,7 @@
  - [Troubleshooting](#troubleshooting)

 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
+<!-- prettier-ignore-end -->

 This document is meant to serve current and future maintainers of code-server,
 as well as share our workflow for maintaining the project.
@@ -139,17 +142,28 @@ changelog](https://github.com/emacs-mirror/emacs/blob/master/etc/NEWS).

 ### Publishing a release

-1. Create a new branch called `release/v0.0.0` (replace 0s with actual version aka v4.5.0)
-   1. If you don't do this, the `npm-brew` GitHub workflow will fail. It looks for the release artifacts under the branch pattern.
-1. Run `yarn release:prep`
-1. Bump chart version in `Chart.yaml`.
-1. Summarize the major changes in the `CHANGELOG.md`
-1. Download CI artifacts and make sure code-server works locally.
-1. Merge PR and wait for CI build on `main` to finish.
-1. Go to GitHub Actions > Draft release > Run workflow off `main`. CI will automatically upload the artifacts to the release.
-1. Add the release notes from the `CHANGELOG.md` and publish release. CI will automatically grab the
-   artifacts, publish the NPM package from `npm-package`, and publish the Docker
-   Hub image from `release-images`.
+1. Go to GitHub Actions > Draft release > Run workflow on the commit you want to
+   release. Make sure CI has finished the build workflow on that commit or this
+   will fail.
+2. CI will automatically grab the build artifact on that commit, inject the
+   version into the `package.json`, put together platform-specific packages, and
+   upload those packages to a draft release.
+3. Summarize the major changes in the `CHANGELOG.md`.
+4. Copy the relevant changelog section to the release then publish it.
+5. CI will automatically publish the NPM package, Docker image, and update
+   Homebrew using the published release assets.
+6. Bump the chart version in `Chart.yaml` and merge in the changelog updates.
+
+#### Release Candidates
+
+We prefer to do release candidates so the community can test things before a
+full-blown release. To do this follow the same steps as above but:
+
+1. Add a `-rc.<number>` suffix to the version.
+2. When you publish the release select "pre-release". CI will not automatically
+   publish pre-releases.
+3. Do not update the chart version or merge in the changelog until the final
+   release.

 #### AUR

--- a/docs/README.md
+++ b/docs/README.md
@@ -16,7 +16,7 @@ access it in the browser.

 ## Requirements

-See [requirements](requirements.md) for minimum specs, as well as instructions
+See [requirements](https://coder.com/docs/code-server/latest/requirements) for minimum specs, as well as instructions
 on how to set up a Google VM on which you can install code-server.

 **TL;DR:** Linux machine with WebSockets enabled, 1 GB RAM, and 2 vCPUs
--- a/docs/coder.md
+++ b/docs/coder.md
@@ -0,0 +1,37 @@
+# Coder
+
+To install and run code-server in a Coder workspace, we suggest using the `install.sh`
+script in your template like so:
+
+```terraform
+resource "coder_agent" "dev" {
+  arch           = "amd64"
+  os             = "linux"
+  startup_script = <<EOF
+    #!/bin/sh
+    set -x
+    # install and start code-server
+    curl -fsSL https://code-server.dev/install.sh | sh -s -- --version 4.8.3
+    code-server --auth none --port 13337 &
+    EOF
+}
+
+resource "coder_app" "code-server" {
+  agent_id     = coder_agent.dev.id
+  slug         = "code-server"
+  display_name = "code-server"
+  url          = "http://localhost:13337/"
+  icon         = "/icon/code.svg"
+  subdomain    = false
+  share        = "owner"
+
+  healthcheck {
+    url       = "http://localhost:13337/healthz"
+    interval  = 3
+    threshold = 10
+  }
+}
+```
+
+If you run into issues, ask for help on the `coder/coder` [Discussions
+here](https://github.com/coder/coder/discussions).
--- a/docs/guide.md
+++ b/docs/guide.md
@@ -1,3 +1,4 @@
+<!-- prettier-ignore-start -->
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 # Setup Guide
@@ -13,6 +14,7 @@
 - [Accessing web services](#accessing-web-services)
  - [Using a subdomain](#using-a-subdomain)
  - [Using a subpath](#using-a-subpath)
+  - [Using your own proxy](#using-your-own-proxy)
  - [Stripping `/proxy/<port>` from the request path](#stripping-proxyport-from-the-request-path)
  - [Proxying to create a React app](#proxying-to-create-a-react-app)
  - [Proxying to a Vue app](#proxying-to-a-vue-app)
@@ -22,6 +24,7 @@
  - [Option 2: ngrok tunnel](#option-2-ngrok-tunnel)

 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
+<!-- prettier-ignore-end -->

 This article will walk you through exposing code-server securely once you've
 completed the [installation process](install.md).
@@ -89,11 +92,10 @@ we recommend using another method, such as [Let's Encrypt](#let-encrypt) instead
   using [mutagen](https://mutagen.io/documentation/introduction/installation)
   to do so. Once you've installed mutagen, you can port forward as follows:

-   ```console
+   ```shell
   # This is the same as the above SSH command, but it runs in the background
   # continuously. Be sure to add `mutagen daemon start` to your ~/.bashrc to
   # start the mutagen daemon when you open a shell.
-   
   mutagen forward create --name=code-server tcp:127.0.0.1:8080 < instance-ip > :tcp:127.0.0.1:8080
   ```

@@ -315,12 +317,32 @@ To set your domain, start code-server with the `--proxy-domain` flag:
 code-server --proxy-domain <domain>
 ```

-Now you can browse to `<port>.<domain>`. Note that this uses the host header, so
-ensure your reverse proxy (if you're using one) forwards that information.
+For instance, if you have code-server exposed on `domain.tld` and a Python
+server running on port 8080 of the same machine code-server is running on, you
+could run code-server with `--proxy-domain domain.tld` and access the Python
+server via `8080.domain.tld`.
+
+Note that this uses the host header, so ensure your reverse proxy (if you're
+using one) forwards that information.

 ### Using a subpath

-Simply browse to `/proxy/<port>/`.
+Simply browse to `/proxy/<port>/`. For instance, if you have code-server
+exposed on `domain.tld` and a Python server running on port 8080 of the same
+machine code-server is running on, you could access the Python server via
+`domain.tld/proxy/8000`.
+
+### Using your own proxy
+
+You can make extensions and the ports panel use your own proxy by setting
+`VSCODE_PROXY_URI`. For example if you set
+`VSCODE_PROXY_URI=https://{{port}}.kyle.dev` when an application is detected
+running on port 3000 of the same machine code-server is running on the ports
+panel will create a link to https://3000.kyle.dev instead of pointing to the
+built-in subpath-based proxy.
+
+Note: relative paths are also supported i.e.
+`VSCODE_PROXY_URI=./proxy/{{port}}`

 ### Stripping `/proxy/<port>` from the request path

@@ -417,20 +439,20 @@ sudo passwd {user} # replace user with your code-server user

 [![Cloudflared](https://img.shields.io/badge/Cloudflared-E4863B?style=for-the-badge&logo=cloudflare&logoColor=ffffff)](https://github.com/cloudflare/cloudflared)

-1.  Install [cloudflared](https://github.com/cloudflare/cloudflared#installing-cloudflared) on your local computer
-2.  Then go to `~/.ssh/config` and add the following:
+1.  Install [cloudflared](https://github.com/cloudflare/cloudflared#installing-cloudflared) on your local computer and remote server
+2.  Then go to `~/.ssh/config` and add the following on your local computer:

 ```shell
 Host *.trycloudflare.com
 HostName %h
-User root
+User user
 Port 22
 ProxyCommand "cloudflared location" access ssh --hostname %h
 ```

 3. Run `cloudflared tunnel --url ssh://localhost:22` on the remote server

-4. Finally on VS Code or any IDE that supports SSH, run `ssh coder@https://your-link.trycloudflare.com` or `ssh coder@your-link.trycloudflare.com`
+4. Finally on VS Code or any IDE that supports SSH, run `ssh user@https://your-link.trycloudflare.com` or `ssh user@your-link.trycloudflare.com`

 ### Option 2: ngrok tunnel

--- a/docs/helm.md
+++ b/docs/helm.md
@@ -1,6 +1,6 @@
 # code-server Helm Chart

-[![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square)](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) [![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)](https://img.shields.io/badge/Type-application-informational?style=flat-square) [![AppVersion: 4.7.1](https://img.shields.io/badge/AppVersion-4.7.1-informational?style=flat-square)](https://img.shields.io/badge/AppVersion-4.7.1-informational?style=flat-square)
+[![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square)](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) [![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)](https://img.shields.io/badge/Type-application-informational?style=flat-square) [![AppVersion: 4.8.0](https://img.shields.io/badge/AppVersion-4.8.0-informational?style=flat-square)](https://img.shields.io/badge/AppVersion-4.8.0-informational?style=flat-square)

 [code-server](https://github.com/coder/code-server) code-server is VS Code running
 on a remote server, accessible through the browser.
@@ -73,7 +73,7 @@ and their default values.
 | hostnameOverride                            | string | `""`                     |
 | image.pullPolicy                            | string | `"Always"`               |
 | image.repository                            | string | `"codercom/code-server"` |
-| image.tag                                   | string | `"4.7.1"`                |
+| image.tag                                   | string | `"4.8.0"`                |
 | imagePullSecrets                            | list   | `[]`                     |
 | ingress.enabled                             | bool   | `false`                  |
 | nameOverride                                | string | `""`                     |
--- a/docs/install.md
+++ b/docs/install.md
@@ -1,3 +1,4 @@
+<!-- prettier-ignore-start -->
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 # Install
@@ -24,6 +25,7 @@
  - [Debian, Ubuntu](#debian-ubuntu-1)

 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
+<!-- prettier-ignore-end -->

 This document demonstrates how to install `code-server` on various distros and
 operating systems.
@@ -57,6 +59,7 @@ following flags:
 - `--prefix=/usr/local`: install a standalone release archive system-wide.
 - `--version=X.X.X`: install version `X.X.X` instead of latest version.
 - `--help`: see usage docs.
+- `--edge`: install the latest edge version (i.e. pre-release)

 When done, the install script prints out instructions for running and starting
 code-server.
--- a/docs/ipad.md
+++ b/docs/ipad.md
@@ -1,3 +1,4 @@
+<!-- prettier-ignore-start -->
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 # iPad
@@ -13,6 +14,7 @@
  - [Sharing a self-signed certificate with an iPad](#sharing-a-self-signed-certificate-with-an-ipad)

 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
+<!-- prettier-ignore-end -->

 Once you've installed code-server, you can access it from an iPad.

--- a/docs/manifest.json
+++ b/docs/manifest.json
@@ -1,5 +1,5 @@
 {
-  "versions": ["v4.7.1"],
+  "versions": ["v4.8.0"],
  "routes": [
    {
      "title": "Home",
@@ -37,6 +37,11 @@
      "icon_path": "assets/images/icons/usage.svg",
      "path": "./guide.md",
      "children": [
+        {
+          "title": "Coder",
+          "description": "How to run code-server in Coder",
+          "path": "./coder.md"
+        },
        {
          "title": "--link",
          "description": "How to run code-server --link",
--- a/docs/npm.md
+++ b/docs/npm.md
@@ -1,3 +1,4 @@
+<!-- prettier-ignore-start -->
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 # npm Install Requirements
@@ -15,6 +16,7 @@
  - [Debugging install issues with npm](#debugging-install-issues-with-npm)

 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
+<!-- prettier-ignore-end -->

 If you're installing code-server via `npm`, you'll need to install additional
 dependencies required to build the native modules used by VS Code. This article
--- a/docs/termux.md
+++ b/docs/termux.md
@@ -1,3 +1,4 @@
+<!-- prettier-ignore-start -->
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 # Termux
@@ -11,60 +12,16 @@
  - [Create a new user](#create-a-new-user)
  - [Install Go](#install-go)
  - [Install Python](#install-python)
-  - [Working with PRoot](#working-with-proot)

 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
+<!-- prettier-ignore-end -->

 ## Install

 1. Get [Termux](https://f-droid.org/en/packages/com.termux/) from **F-Droid**.
-2. Install Debian by running the following:
-   - Run `termux-setup-storage` to allow storage access, or else code-server won't be able to read from `/sdcard`.\
-     > The following command is from [proot-distro](https://github.com/termux/proot-distro), but you can also use [Andronix](https://andronix.app/).
-     > After Debian is installed the `~ $` will change to `root@localhost`.
-
-```bash
-pkg update -y && pkg install proot-distro -y && proot-distro install debian && proot-distro login debian
-```
-
-3. Run the following commands to setup Debian:
-
-```bash
-apt update && apt upgrade -y && apt-get install sudo vim git -y
-```
-
-4. Install [NVM](https://github.com/nvm-sh/nvm#install--update-script) by following the install guide in the README, just a curl/wget command.
-
-5. Set up NVM for multi-user. After installing NVM it automatically adds the necessary commands for it to work, but it will only work if you are logged in as root:
-
-   - Copy the lines NVM asks you to run after running the install script.
-   - Run `nano /root/.bashrc` and comment out those lines by adding a `#` at the start.
-   - Run `nano /etc/profile` and paste those lines at the end of the file. Make sure to replace `$HOME` with `/root` on the first line.
-   - Now run `exit`
-   - Start Debian again `proot-distro login debian`
-
-6. After following the instructions and setting up NVM you can now install the [required node version](https://coder.com/docs/code-server/latest/npm#nodejs-version) by running:
-
-```bash
-nvm install v<major_version_here>
-```
-
-7. To install `code-server` run the following:
-   > To check the install process (Will not actually install code-server)
-   > If it all looks good, you can install code-server by running the second command
-
-```bash
-curl -fsSL https://code-server.dev/install.sh | sh -s -- --dry-run
-```
-
-```bash
-curl -fsSL https://code-server.dev/install.sh | sh
-```
-
-8. You can now start code server by simply running `code-server`.
-
-> Consider using a new user instead of root, read [here](https://www.howtogeek.com/124950/htg-explains-why-you-shouldnt-log-into-your-linux-system-as-root/) why using root is not recommended.\
-> Learn how to add a user [here](#create-a-new-user).
+2. Run `pkg install tur-repo`
+3. Run `pkg install code-server`
+4. You can now start code server by simply running `code-server`.

 ## NPM Installation

@@ -100,7 +57,7 @@ node -v

 you will get node version `v16.15.0`

-5. Now install code-server following our guide on [installing with npm][./npm.md](./npm.md)
+5. Now install code-server following our guide on [installing with npm](./npm.md)

 6. Congratulation code-server is installed on your device using the following command.

@@ -200,35 +157,3 @@ eval "$(pyenv virtualenv-init -)"
 7. Run `touch /root/.pyenv/version && echo "your_version_here" > /root/.pyenv/version`
 8. (You may have to start Debian again) Run `python3 -V` to verify if PATH works or not.
   > If `python3` doesn't work but pyenv says that the install was successful in step 6 then try running `$PYENV_ROOT/versions/your_version/bin/python3`.
-
-### Working with PRoot
-
-Debian PRoot Distro Dev Environment
-
- Since Node and code-server are installed in the Debian PRoot distro, your `~/.ssh/` configuration, `~/.bashrc`, git, npm packages, etc. should be setup in PRoot as well.
- The terminal accessible in code-server will bring up the filesystem and `~/.bashrc` in the Debian PRoot distro.
-
-Accessing files in the Debian PRoot Distro
-
- The `/data/data/com.termux/files/home` directory in PRoot accesses the termux home directory (`~`)
- The `/sdcard` directory in PRoot accesses the Android storage directory, though there are [known issues with git and files in the `/sdcard` path](#git-wont-work-in-sdcard)
-
-Accessing the Debian PRoot distro/Starting code-server
-
- Run the following command to access the Debian PRoot distro, from the termux shell:
-
-```bash
-proot-distro login debian
-```
-
- Run the following command to start code-server directly in the Debian PRoot distro, from the termux shell:
-
-```bash
-proot-distro login debian -- code-server
-```
-
- If you [created a new user](#create-a-new-user), you'll need to insert the `--user <username>` option between `login` and `debian` in the commands above to run as the user instead of root in PRoot.
-
-Additional information on PRoot and Termux
-
- Additional information on using your Debian PRoot Distro can be [found here](https://github.com/termux/proot-distro#functionality-overview).
--- a/flake.nix
+++ b/flake.nix
@@ -12,13 +12,13 @@
        in {
          devShells.default = pkgs.mkShell {
            nativeBuildInputs = with pkgs; [
-              nodejs yarn' python pkg-config git rsync jq moreutils
+              nodejs yarn' python pkg-config git rsync jq moreutils quilt bats
            ];
            buildInputs = with pkgs; (lib.optionals (!stdenv.isDarwin) [ libsecret ]
                          ++ (with xorg; [ libX11 libxkbfile ])
-                          ++ lib.optionals stdenv.isDarwin [
-                            AppKit Cocoa CoreServices Security cctools xcbuild
-                          ]);
+                          ++ lib.optionals stdenv.isDarwin (with pkgs.darwin.apple_sdk.frameworks; [ 
+                            AppKit Cocoa CoreServices Security xcbuild
+                          ]));
          };
        }
      );
--- a/install.sh
+++ b/install.sh
@@ -131,6 +131,11 @@ Or, if you don't want/need a background service you can run:
 EOF
 }

+echo_coder_postinstall() {
+  echoh
+  echoh "Deploy code-server for your team with Coder: https://github.com/coder/coder"
+}
+
 main() {
  if [ "${TRACE-}" ]; then
    set -x
@@ -243,6 +248,7 @@ main() {
  if [ "$METHOD" = standalone ]; then
    if has_standalone; then
      install_standalone
+      echo_coder_postinstall
      exit 0
    else
      echoerr "There are no standalone releases for $ARCH"
@@ -286,6 +292,8 @@ main() {
      npm_fallback install_standalone
      ;;
  esac
+
+  echo_coder_postinstall
 }

 parse_arg() {
@@ -379,7 +387,7 @@ install_aur() {
  if [ ! "${DRY_RUN-}" ]; then
    cd "$CACHE_DIR/code-server-aur"
  fi
-  sh_c makepkg -si
+  sh_c makepkg -si --noconfirm

  echo_systemd_postinstall AUR
 }
@@ -482,7 +490,7 @@ os() {
 # - amzn, centos, rhel, fedora, ... -> fedora
 # - opensuse-{leap,tumbleweed} -> opensuse
 # - alpine -> alpine
-# - arch -> arch
+# - arch, manjaro, endeavouros, ... -> arch
 #
 # Inspired by https://github.com/docker/docker-install/blob/26ff363bcf3b3f5a00498ac43694bf1c7d9ce16c/install.sh#L111-L120.
 distro() {
@@ -496,7 +504,7 @@ distro() {
      . /etc/os-release
      if [ "${ID_LIKE-}" ]; then
        for id_like in $ID_LIKE; do
-          case "$id_like" in debian | fedora | opensuse)
+          case "$id_like" in debian | fedora | opensuse | arch)
            echo "$id_like"
            return
            ;;
@@ -553,6 +561,8 @@ sh_c() {
 sudo_sh_c() {
  if [ "$(id -u)" = 0 ]; then
    sh_c "$@"
+  elif command_exists doas; then
+    sh_c "doas $*"
  elif command_exists sudo; then
    sh_c "sudo $*"
  elif command_exists su; then
@@ -561,7 +571,7 @@ sudo_sh_c() {
    echoh
    echoerr "This script needs to run the following command as root."
    echoerr "  $*"
-    echoerr "Please install sudo or su."
+    echoerr "Please install doas, sudo, or su."
    exit 1
  fi
 }
--- a/lib/vscode
+++ b/lib/vscode
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "code-server",
  "license": "MIT",
-  "version": "4.7.1",
+  "version": "0.0.0",
  "description": "Run VS Code on a remote server.",
  "homepage": "https://github.com/coder/code-server",
  "bugs": {
@@ -12,6 +12,7 @@
    "clean": "./ci/build/clean.sh",
    "build": "./ci/build/build-code-server.sh",
    "build:vscode": "./ci/build/build-vscode.sh",
+    "doctoc": "./ci/dev/doctoc.sh",
    "release": "./ci/build/build-release.sh",
    "release:standalone": "./ci/build/build-standalone-release.sh",
    "release:prep": "./ci/build/release-prep.sh",
@@ -22,11 +23,12 @@
    "test:native": "./ci/dev/test-native.sh",
    "test:scripts": "./ci/dev/test-scripts.sh",
    "package": "./ci/build/build-packages.sh",
+    "prettier": "prettier --write --loglevel=warn --cache .",
    "postinstall": "./ci/dev/postinstall.sh",
    "publish:npm": "./ci/steps/publish-npm.sh",
    "publish:docker": "./ci/steps/docker-buildx-push.sh",
    "_audit": "./ci/dev/audit.sh",
-    "fmt": "./ci/dev/fmt.sh",
+    "fmt": "yarn prettier && ./ci/dev/doctoc.sh",
    "lint:scripts": "./ci/dev/lint-scripts.sh",
    "lint:ts": "eslint --max-warnings=0 --fix $(git ls-files '*.ts' '*.js' | grep -v 'lib/vscode')",
    "test": "echo 'Run yarn test:unit or yarn test:e2e' && exit 1",
@@ -50,23 +52,23 @@
    "@types/split2": "^3.2.0",
    "@types/trusted-types": "^2.0.2",
    "@types/ws": "^8.5.3",
-    "@typescript-eslint/eslint-plugin": "^5.23.0",
-    "@typescript-eslint/parser": "^5.23.0",
+    "@typescript-eslint/eslint-plugin": "^5.41.0",
+    "@typescript-eslint/parser": "^5.41.0",
    "audit-ci": "^6.0.0",
-    "doctoc": "^2.0.0",
-    "eslint": "^7.7.0",
+    "doctoc": "2.2.1",
+    "eslint": "^8.26.0",
    "eslint-config-prettier": "^8.5.0",
-    "eslint-import-resolver-typescript": "^2.5.0",
-    "eslint-plugin-import": "^2.18.2",
-    "eslint-plugin-prettier": "^4.0.0",
-    "prettier": "^2.2.1",
-    "prettier-plugin-sh": "^0.12.0",
+    "eslint-import-resolver-typescript": "^3.5.2",
+    "eslint-plugin-import": "^2.26.0",
+    "eslint-plugin-prettier": "^4.2.1",
+    "prettier": "2.8.0",
+    "prettier-plugin-sh": "^0.12.8",
    "ts-node": "^10.0.0",
    "typescript": "^4.6.2"
  },
  "resolutions": {
    "ansi-regex": "^5.0.1",
-    "normalize-package-data": "^4.0.0",
+    "normalize-package-data": "^5.0.0",
    "doctoc/underscore": "^1.13.1",
    "doctoc/**/trim": "^1.0.0",
    "postcss": "^8.2.1",
@@ -81,19 +83,21 @@
    "nanoid": "^3.1.31",
    "minimist": "npm:minimist-lite@2.2.1",
    "glob-parent": "^6.0.1",
-    "@types/node": "^16.0.0"
+    "@types/node": "^16.0.0",
+    "qs": "^6.7.3"
  },
  "dependencies": {
    "@coder/logger": "^3.0.0",
-    "argon2": "^0.29.0",
+    "argon2": "0.30.3",
    "compression": "^1.7.4",
    "cookie-parser": "^1.4.5",
    "env-paths": "^2.2.0",
    "express": "5.0.0-alpha.8",
    "http-proxy": "^1.18.0",
    "httpolyglot": "^0.1.2",
+    "i18next": "^22.4.6",
    "js-yaml": "^4.0.0",
-    "limiter": "^1.1.5",
+    "limiter": "^2.1.0",
    "pem": "^1.14.2",
    "proxy-agent": "^5.0.0",
    "qs": "6.11.0",
@@ -114,7 +118,8 @@
    "ide",
    "coder",
    "vscode-remote",
-    "browser-ide"
+    "browser-ide",
+    "remote-development"
  ],
  "engines": {
    "node": "16"
--- a/patches/base-path.diff
+++ b/patches/base-path.diff
@@ -10,7 +10,7 @@ Index: code-server/lib/vscode/src/vs/base/common/network.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/network.ts
 +++ code-server/lib/vscode/src/vs/base/common/network.ts
-@@ -162,7 +162,9 @@ class RemoteAuthoritiesImpl {
+@@ -166,7 +166,9 @@ class RemoteAuthoritiesImpl {
 		return URI.from({
 			scheme: platform.isWeb ? this._preferredWebSchema : Schemas.vscodeRemoteResource,
 			authority: `${host}:${port}`,
@@ -104,7 +104,7 @@ Index: code-server/lib/vscode/src/vs/platform/remote/browser/browserSocketFactor
 	connect(host: string, port: number, path: string, query: string, debugLabel: string, callback: IConnectCallback): void {
 		const webSocketSchema = (/^https:/.test(window.location.href) ? 'wss' : 'ws');
 +		path = (window.location.pathname + "/" + path).replace(/\/\/+/g, "/")
- 		const socket = this._webSocketFactory.create(`${webSocketSchema}://${/:/.test(host) ? `[${host}]` : host}:${port}${path}?${query}&skipWebSocketFrames=false`, debugLabel);
+ 		const socket = this._webSocketFactory.create(`${webSocketSchema}://${(/:/.test(host) && !/\[/.test(host)) ? `[${host}]` : host}:${port}${path}?${query}&skipWebSocketFrames=false`, debugLabel);
 		const errorListener = socket.onError((err) => callback(err, undefined));
 		socket.onOpen(() => {
@@ -282,6 +283,3 @@ export class BrowserSocketFactory implem
@@ -119,7 +119,7 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
@@ -267,12 +267,11 @@ export class WebClientServer {
- 			return res.end();
+ 			return void res.end();
 		}
 
 -		const getFirstHeader = (headerName: string) => {
@@ -176,7 +176,7 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 			`frame-src 'self' https://*.vscode-cdn.net data:;`,
 			'worker-src \'self\' data:;',
@@ -417,3 +421,70 @@ export class WebClientServer {
- 		return res.end(data);
+ 		return void res.end(data);
 	}
 }
 +
@@ -262,7 +262,7 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench.ts
 +++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
-@@ -485,6 +485,7 @@ function doCreateUri(path: string, query
+@@ -489,6 +489,7 @@ function doCreateUri(path: string, query
 		});
 	}
 
@@ -270,7 +270,7 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
 	return URI.parse(window.location.href).with({ path, query });
 }
 
-@@ -496,7 +497,7 @@ function doCreateUri(path: string, query
+@@ -500,7 +501,7 @@ function doCreateUri(path: string, query
 	if (!configElement || !configElementAttribute) {
 		throw new Error('Missing web configuration element');
 	}
@@ -279,10 +279,10 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
 
 	// Create workbench
 	create(document.body, {
-Index: code-server/lib/vscode/src/vs/workbench/services/extensionResourceLoader/common/extensionResourceLoader.ts
+Index: code-server/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
 ===================================================================
--- code-server.orig/lib/vscode/src/vs/workbench/services/extensionResourceLoader/common/extensionResourceLoader.ts
-+++ code-server/lib/vscode/src/vs/workbench/services/extensionResourceLoader/common/extensionResourceLoader.ts
+--- code-server.orig/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
+++ code-server/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
@@ -16,7 +16,6 @@ import { getServiceMachineId } from 'vs/
 import { IStorageService } from 'vs/platform/storage/common/storage';
 import { TelemetryLevel } from 'vs/platform/telemetry/common/telemetry';
--- a/patches/cli-window-open.diff
+++ b/patches/cli-window-open.diff
@@ -8,7 +8,7 @@ To test:
 2. Open code-server
 3. Open terminal
 4. Open another code-server window
-5. Run code-server with a file or directory argument
+5. Run node ./out/node/entry.js with a file or directory argument

 The file or directory should only open from the instance attached to that
 terminal.
@@ -17,7 +17,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTe
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
-@@ -99,10 +99,14 @@ class RemoteTerminalBackend extends Base
+@@ -100,10 +100,14 @@ class RemoteTerminalBackend extends Base
 			}
 			const reqId = e.reqId;
 			const commandId = e.commandId;
--- a/patches/disable-builtin-ext-update.diff
+++ b/patches/disable-builtin-ext-update.diff
@@ -7,7 +7,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsWorkbenchService.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsWorkbenchService.ts
-@@ -236,6 +236,10 @@ export class Extension implements IExten
+@@ -243,6 +243,10 @@ export class Extension implements IExten
 			if (this.type === ExtensionType.System && this.productService.quality === 'stable') {
 				return false;
 			}
@@ -18,14 +18,3 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
 			if (!this.local.preRelease && this.gallery.properties.isPreReleaseVersion) {
 				return false;
 			}
-@@ -1121,6 +1125,10 @@ export class ExtensionsWorkbenchService 
- 				// Skip if check updates only for builtin extensions and current extension is not builtin.
- 				continue;
- 			}
-+			if (installed.type !== ExtensionType.User) {
-+				// Never update builtin extensions.
-+				continue;
-+			}
- 			if (installed.isBuiltin && (!installed.local?.identifier.uuid || (!isWeb && this.productService.quality === 'stable'))) {
- 				// Skip checking updates for a builtin extension if it does not has Marketplace identifier or the current product is VS Code Desktop stable.
- 				continue;
--- a/patches/disable-downloads.diff
+++ b/patches/disable-downloads.diff
@@ -12,7 +12,7 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/web.api.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
-@@ -267,6 +267,11 @@ export interface IWorkbenchConstructionO
+@@ -266,6 +266,11 @@ export interface IWorkbenchConstructionO
 	 */
 	readonly userDataPath?: string
 
@@ -23,12 +23,12 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
 +
 	//#endregion
 
- 
+ 	//#region Profile options
 Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
 +++ code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
-@@ -31,6 +31,11 @@ export interface IBrowserWorkbenchEnviro
+@@ -32,6 +32,11 @@ export interface IBrowserWorkbenchEnviro
 	 * Options used to configure the workbench.
 	 */
 	readonly options?: IWorkbenchConstructionOptions;
@@ -40,7 +40,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/envi
 }
 
 export class BrowserWorkbenchEnvironmentService implements IBrowserWorkbenchEnvironmentService {
-@@ -62,6 +67,13 @@ export class BrowserWorkbenchEnvironment
+@@ -104,6 +109,13 @@ export class BrowserWorkbenchEnvironment
 		return this.options.userDataPath;
 	}
 
@@ -66,7 +66,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 
 	/* ----- server setup ----- */
 
-@@ -95,6 +96,7 @@ export interface ServerParsedArgs {
+@@ -94,6 +95,7 @@ export interface ServerParsedArgs {
 	/* ----- code-server ----- */
 	'disable-update-check'?: boolean;
 	'auth'?: string
@@ -84,8 +84,8 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 			userDataPath: this._environmentService.userDataPath,
 +			isEnabledFileDownloads: !this._environmentService.args['disable-file-downloads'],
 			_wrapWebWorkerExtHostInIframe,
- 			developmentOptions: {
- 				enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined,
+ 			developmentOptions: { enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined, logLevel: this._logService.getLevel() },
+ 			settingsSyncOptions: !this._environmentService.isBuilt && this._environmentService.args['enable-sync'] ? { enabled: true } : undefined,
 Index: code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/contextkeys.ts
@@ -93,16 +93,16 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
@@ -7,12 +7,11 @@ import { Event } from 'vs/base/common/ev
 import { Disposable } from 'vs/base/common/lifecycle';
 import { IContextKeyService, IContextKey } from 'vs/platform/contextkey/common/contextkey';
- import { InputFocusedContext, IsMacContext, IsLinuxContext, IsWindowsContext, IsWebContext, IsMacNativeContext, IsDevelopmentContext, IsIOSContext, ProductQualityContext } from 'vs/platform/contextkey/common/contextkeys';
-import { SplitEditorsVertically, InEditorZenModeContext, ActiveEditorCanRevertContext, ActiveEditorGroupLockedContext, ActiveEditorCanSplitInGroupContext, SideBySideEditorActiveContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, ActiveEditorContext, EditorsVisibleContext, TextCompareEditorVisibleContext, TextCompareEditorActiveContext, ActiveEditorGroupEmptyContext, MultipleEditorGroupsContext, EditorTabsVisibleContext, IsCenteredLayoutContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorReadonlyContext, EditorAreaVisibleContext, ActiveEditorAvailableEditorIdsContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext } from 'vs/workbench/common/contextkeys';
-+import { SplitEditorsVertically, InEditorZenModeContext, ActiveEditorCanRevertContext, ActiveEditorGroupLockedContext, ActiveEditorCanSplitInGroupContext, SideBySideEditorActiveContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, ActiveEditorContext, EditorsVisibleContext, TextCompareEditorVisibleContext, TextCompareEditorActiveContext, ActiveEditorGroupEmptyContext, MultipleEditorGroupsContext, EditorTabsVisibleContext, IsCenteredLayoutContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorReadonlyContext, EditorAreaVisibleContext, ActiveEditorAvailableEditorIdsContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, IsEnabledFileDownloads } from 'vs/workbench/common/contextkeys';
+ import { InputFocusedContext, IsMacContext, IsLinuxContext, IsWindowsContext, IsWebContext, IsMacNativeContext, IsDevelopmentContext, IsIOSContext, ProductQualityContext, IsMobileContext } from 'vs/platform/contextkey/common/contextkeys';
+-import { SplitEditorsVertically, InEditorZenModeContext, ActiveEditorCanRevertContext, ActiveEditorGroupLockedContext, ActiveEditorCanSplitInGroupContext, SideBySideEditorActiveContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, ActiveEditorContext, EditorsVisibleContext, TextCompareEditorVisibleContext, TextCompareEditorActiveContext, ActiveEditorGroupEmptyContext, MultipleEditorGroupsContext, EditorTabsVisibleContext, IsCenteredLayoutContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorReadonlyContext, EditorAreaVisibleContext, ActiveEditorAvailableEditorIdsContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext } from 'vs/workbench/common/contextkeys';
+import { SplitEditorsVertically, InEditorZenModeContext, ActiveEditorCanRevertContext, ActiveEditorGroupLockedContext, ActiveEditorCanSplitInGroupContext, SideBySideEditorActiveContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, ActiveEditorContext, EditorsVisibleContext, TextCompareEditorVisibleContext, TextCompareEditorActiveContext, ActiveEditorGroupEmptyContext, MultipleEditorGroupsContext, EditorTabsVisibleContext, IsCenteredLayoutContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorReadonlyContext, EditorAreaVisibleContext, ActiveEditorAvailableEditorIdsContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, IsEnabledFileDownloads } from 'vs/workbench/common/contextkeys';
 import { TEXT_DIFF_EDITOR_ID, EditorInputCapabilities, SIDE_BY_SIDE_EDITOR_ID, DEFAULT_EDITOR_ASSOCIATION } from 'vs/workbench/common/editor';
 import { trackFocus, addDisposableListener, EventType } from 'vs/base/browser/dom';
 import { preferredSideBySideGroupDirection, GroupDirection, IEditorGroupsService } from 'vs/workbench/services/editor/common/editorGroupsService';
 import { IConfigurationService } from 'vs/platform/configuration/common/configuration';
 -import { IWorkbenchEnvironmentService } from 'vs/workbench/services/environment/common/environmentService';
 import { IEditorService } from 'vs/workbench/services/editor/common/editorService';
- import { WorkbenchState, IWorkspaceContextService } from 'vs/platform/workspace/common/workspace';
+ import { WorkbenchState, IWorkspaceContextService, isTemporaryWorkspace } from 'vs/platform/workspace/common/workspace';
 import { IWorkbenchLayoutService, Parts, positionToString } from 'vs/workbench/services/layout/browser/layoutService';
@@ -25,6 +24,7 @@ import { IPaneCompositePartService } fro
 import { Schemas } from 'vs/base/common/network';
@@ -112,7 +112,7 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
 
 export class WorkbenchContextKeysHandler extends Disposable {
 	private inputFocusedContext: IContextKey<boolean>;
-@@ -76,7 +76,7 @@ export class WorkbenchContextKeysHandler
+@@ -77,7 +77,7 @@ export class WorkbenchContextKeysHandler
 		@IContextKeyService private readonly contextKeyService: IContextKeyService,
 		@IWorkspaceContextService private readonly contextService: IWorkspaceContextService,
 		@IConfigurationService private readonly configurationService: IConfigurationService,
@@ -121,7 +121,7 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
 		@IProductService private readonly productService: IProductService,
 		@IEditorService private readonly editorService: IEditorService,
 		@IEditorResolverService private readonly editorResolverService: IEditorResolverService,
-@@ -199,6 +199,9 @@ export class WorkbenchContextKeysHandler
+@@ -202,6 +202,9 @@ export class WorkbenchContextKeysHandler
 		this.auxiliaryBarVisibleContext = AuxiliaryBarVisibleContext.bindTo(this.contextKeyService);
 		this.auxiliaryBarVisibleContext.set(this.layoutService.isVisible(Parts.AUXILIARYBAR_PART));
 
@@ -135,16 +135,16 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions.contribution.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions.contribution.ts
-@@ -22,7 +22,7 @@ import { CLOSE_SAVED_EDITORS_COMMAND_ID,
+@@ -20,7 +20,7 @@ import { CLOSE_SAVED_EDITORS_COMMAND_ID,
 import { AutoSaveAfterShortDelayContext } from 'vs/workbench/services/filesConfiguration/common/filesConfigurationService';
 import { WorkbenchListDoubleSelection } from 'vs/platform/list/browser/listService';
 import { Schemas } from 'vs/base/common/network';
-import { DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, WorkbenchStateContext, WorkspaceFolderCountContext, SidebarFocusContext, ActiveEditorCanRevertContext, ActiveEditorContext, ResourceContextKey } from 'vs/workbench/common/contextkeys';
-+import { DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, WorkbenchStateContext, WorkspaceFolderCountContext, SidebarFocusContext, ActiveEditorCanRevertContext, ActiveEditorContext, ResourceContextKey, IsEnabledFileDownloads } from 'vs/workbench/common/contextkeys';
+-import { DirtyWorkingCopiesContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, WorkbenchStateContext, WorkspaceFolderCountContext, SidebarFocusContext, ActiveEditorCanRevertContext, ActiveEditorContext, ResourceContextKey, ActiveEditorAvailableEditorIdsContext } from 'vs/workbench/common/contextkeys';
+import { DirtyWorkingCopiesContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, WorkbenchStateContext, WorkspaceFolderCountContext, SidebarFocusContext, ActiveEditorCanRevertContext, ActiveEditorContext, ResourceContextKey, ActiveEditorAvailableEditorIdsContext, IsEnabledFileDownloads } from 'vs/workbench/common/contextkeys';
 import { IsWebContext } from 'vs/platform/contextkey/common/contextkeys';
 import { ServicesAccessor } from 'vs/platform/instantiation/common/instantiation';
- import { ThemeIcon } from 'vs/platform/theme/common/themeService';
-@@ -477,13 +477,16 @@ MenuRegistry.appendMenuItem(MenuId.Explo
+ import { ThemeIcon } from 'vs/base/common/themables';
+@@ -484,13 +484,16 @@ MenuRegistry.appendMenuItem(MenuId.Explo
 		id: DOWNLOAD_COMMAND_ID,
 		title: DOWNLOAD_LABEL
 	},
@@ -172,7 +172,7 @@ Index: code-server/lib/vscode/src/vs/workbench/common/contextkeys.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/common/contextkeys.ts
 +++ code-server/lib/vscode/src/vs/workbench/common/contextkeys.ts
-@@ -30,6 +30,8 @@ export const IsFullscreenContext = new R
+@@ -32,6 +32,8 @@ export const IsFullscreenContext = new R
 
 export const HasWebFileSystemAccess = new RawContextKey<boolean>('hasWebFileSystemAccess', false, true); // Support for FileSystemAccess web APIs (https://wicg.github.io/file-system-access)
 
--- a/patches/display-language.diff
+++ b/patches/display-language.diff
@@ -19,7 +19,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverServices.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/serverServices.ts
 +++ code-server/lib/vscode/src/vs/server/node/serverServices.ts
-@@ -212,6 +212,9 @@ export async function setupServerService
+@@ -220,6 +220,9 @@ export async function setupServerService
 		const channel = new ExtensionManagementChannel(extensionManagementService, (ctx: RemoteAgentConnectionContext) => getUriTransformer(ctx.remoteAuthority));
 		socketServer.registerChannel('extensions', channel);
 
@@ -39,11 +39,11 @@ Index: code-server/lib/vscode/src/vs/base/common/platform.ts
  *--------------------------------------------------------------------------------------------*/
 -import * as nls from 'vs/nls';
 -
- const LANGUAGE_DEFAULT = 'en';
+ export const LANGUAGE_DEFAULT = 'en';
 
 let _isWindows = false;
-@@ -81,17 +79,19 @@ if (typeof navigator === 'object' && !is
- 	_isLinux = _userAgent.indexOf('Linux') >= 0;
+@@ -86,17 +84,19 @@ if (typeof navigator === 'object' && !is
+ 	_isMobile = _userAgent?.indexOf('Mobi') >= 0;
 	_isWeb = true;
 
 -	const configuredLocale = nls.getConfiguredDefaultLocale(
@@ -125,7 +125,7 @@ Index: code-server/lib/vscode/src/vs/platform/environment/common/environmentServ
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/environment/common/environmentService.ts
 +++ code-server/lib/vscode/src/vs/platform/environment/common/environmentService.ts
-@@ -105,7 +105,7 @@ export abstract class AbstractNativeEnvi
+@@ -107,7 +107,7 @@ export abstract class AbstractNativeEnvi
 			return URI.file(join(vscodePortable, 'argv.json'));
 		}
 
@@ -216,7 +216,7 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 
 		const workbenchWebConfiguration = {
 			remoteAuthority,
-@@ -339,6 +342,7 @@ export class WebClientServer {
+@@ -336,6 +339,7 @@ export class WebClientServer {
 			WORKBENCH_NLS_BASE_URL: vscodeBase + (nlsBaseUrl ? `${nlsBaseUrl}${!nlsBaseUrl.endsWith('/') ? '/' : ''}${this._productService.commit}/${this._productService.version}/` : ''),
 			BASE: base,
 			VS_BASE: vscodeBase,
@@ -236,7 +236,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 
 	/* ----- server setup ----- */
 
-@@ -97,6 +98,7 @@ export interface ServerParsedArgs {
+@@ -96,6 +97,7 @@ export interface ServerParsedArgs {
 	'disable-update-check'?: boolean;
 	'auth'?: string
 	'disable-file-downloads'?: boolean;
@@ -248,7 +248,7 @@ Index: code-server/lib/vscode/src/vs/workbench/workbench.web.main.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/workbench.web.main.ts
 +++ code-server/lib/vscode/src/vs/workbench/workbench.web.main.ts
-@@ -122,8 +122,9 @@ import 'vs/workbench/contrib/logs/browse
+@@ -119,8 +119,9 @@ import 'vs/workbench/contrib/logs/browse
 // Explorer
 import 'vs/workbench/contrib/files/browser/files.web.contribution';
 
@@ -264,27 +264,35 @@ Index: code-server/lib/vscode/src/vs/platform/languagePacks/browser/languagePack
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/languagePacks/browser/languagePacks.ts
 +++ code-server/lib/vscode/src/vs/platform/languagePacks/browser/languagePacks.ts
-@@ -4,10 +4,23 @@
-  *--------------------------------------------------------------------------------------------*/
- 
- import { ILanguagePackItem, LanguagePackBaseService } from 'vs/platform/languagePacks/common/languagePacks';
+@@ -6,18 +6,24 @@
+ import { CancellationTokenSource } from 'vs/base/common/cancellation';
+ import { Language } from 'vs/base/common/platform';
+ import { URI } from 'vs/base/common/uri';
 +import { ProxyChannel } from 'vs/base/parts/ipc/common/ipc';
-+import { ILanguagePackService } from 'vs/platform/languagePacks/common/languagePacks';
+ import { IExtensionGalleryService } from 'vs/platform/extensionManagement/common/extensionManagement';
+ import { IExtensionResourceLoaderService } from 'vs/platform/extensionResourceLoader/common/extensionResourceLoader';
+-import { ILanguagePackItem, LanguagePackBaseService } from 'vs/platform/languagePacks/common/languagePacks';
+import { ILanguagePackItem, ILanguagePackService, LanguagePackBaseService } from 'vs/platform/languagePacks/common/languagePacks';
+ import { ILogService } from 'vs/platform/log/common/log';
 +import { IRemoteAgentService } from 'vs/workbench/services/remote/common/remoteAgentService';
-+import { IExtensionGalleryService } from 'vs/platform/extensionManagement/common/extensionManagement';
 
 export class WebLanguagePacksService extends LanguagePackBaseService {
-	// Web doesn't have a concept of language packs, so we just return an empty array
 +	private readonly languagePackService: ILanguagePackService;
 +
-+	constructor(
+ 	constructor(
 +		@IRemoteAgentService remoteAgentService: IRemoteAgentService,
-+		@IExtensionGalleryService extensionGalleryService: IExtensionGalleryService
-+	) {
-+		super(extensionGalleryService)
-+		this.languagePackService = ProxyChannel.toService<ILanguagePackService>(remoteAgentService.getConnection()!.getChannel('languagePacks'));
-+	}
-+
+ 		@IExtensionResourceLoaderService private readonly extensionResourceLoaderService: IExtensionResourceLoaderService,
+ 		@IExtensionGalleryService extensionGalleryService: IExtensionGalleryService,
+ 		@ILogService private readonly logService: ILogService
+ 	) {
+ 		super(extensionGalleryService);
+		this.languagePackService = ProxyChannel.toService<ILanguagePackService>(remoteAgentService.getConnection()!.getChannel('languagePacks'))
+ 	}
+ 
+ 	async getBuiltInExtensionTranslationsUri(id: string): Promise<URI | undefined> {
+@@ -73,6 +79,6 @@ export class WebLanguagePacksService ext
+ 
+ 	// Web doesn't have a concept of language packs, so we just return an empty array
 	getInstalledLanguages(): Promise<ILanguagePackItem[]> {
 -		return Promise.resolve([]);
 +		return this.languagePackService.getInstalledLanguages()
@@ -314,19 +322,3 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/localization/electron-san
 		await this.jsonEditingService.write(this.environmentService.argvResource, [{ path: ['locale'], value: locale }], true);
 		return true;
 	}
-Index: code-server/lib/vscode/src/vs/base/node/languagePacks.js
-===================================================================
--- code-server.orig/lib/vscode/src/vs/base/node/languagePacks.js
-+++ code-server/lib/vscode/src/vs/base/node/languagePacks.js
-@@ -73,7 +73,10 @@
- 		function getLanguagePackConfigurations(userDataPath) {
- 			const configFile = path.join(userDataPath, 'languagepacks.json');
- 			try {
-				return nodeRequire(configFile);
-+				// This must not use Node's require otherwise it will be cached forever.
-+				// Code can get away with this since the process actually restarts but
-+				// that is not currently the case with code-server.
-+				return JSON.parse(fs.readFileSync(configFile, "utf8"));
- 			} catch (err) {
- 				// Do nothing. If we can't read the file we have no
- 				// language pack config.
--- a/patches/exec-argv.diff
+++ b/patches/exec-argv.diff
@@ -1,24 +0,0 @@
-Preserve process.execArgv
-
-This ensures flags like `--prof` are passed down to the code-server process so
-we can profile everything.
-
-To test this:
-1. run `./lib/node --prof .` 
-2. in another terminal, run `ps -ejww`
-
-You should see `--prof` next to every code-server process. 
-
-Index: code-server/lib/vscode/src/vs/server/node/extensionHostConnection.ts
-===================================================================
--- code-server.orig/lib/vscode/src/vs/server/node/extensionHostConnection.ts
-+++ code-server/lib/vscode/src/vs/server/node/extensionHostConnection.ts
-@@ -228,7 +228,7 @@ export class ExtensionHostConnection {
- 
- 	public async start(startParams: IRemoteExtensionHostStartParams): Promise<void> {
- 		try {
-			let execArgv: string[] = [];
-+			let execArgv: string[] = process.execArgv ? process.execArgv.filter(a => !/^--inspect(-brk)?=/.test(a)) : [];
- 			if (startParams.port && !(<any>process).pkg) {
- 				execArgv = [`--inspect${startParams.break ? '-brk' : ''}=${startParams.port}`];
- 			}
--- a/patches/getting-started.diff
+++ b/patches/getting-started.diff
@@ -0,0 +1,252 @@
+Modify Help: Getting Started
+
+This modifies some text on the Getting Started page and adds text about using
+code-server on a team.
+
+It is enabled by default but can be overriden using the cli flag
+`--disable-getting-started-override`.
+
+Index: code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/browser/gettingStarted.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/browser/gettingStarted.ts
+++ code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/browser/gettingStarted.ts
+@@ -60,7 +60,7 @@ import { GettingStartedIndexList } from
+ import { StandardKeyboardEvent } from 'vs/base/browser/keyboardEvent';
+ import { KeyCode } from 'vs/base/common/keyCodes';
+ import { getTelemetryLevel } from 'vs/platform/telemetry/common/telemetryUtils';
+-import { WorkbenchStateContext } from 'vs/workbench/common/contextkeys';
+import { IsEnabledCoderGettingStarted, WorkbenchStateContext } from 'vs/workbench/common/contextkeys';
+ import { OpenFolderViaWorkspaceAction } from 'vs/workbench/browser/actions/workspaceActions';
+ import { OpenRecentAction } from 'vs/workbench/browser/actions/windowActions';
+ import { Toggle } from 'vs/base/browser/ui/toggle/toggle';
+@@ -759,6 +759,72 @@ export class GettingStartedPage extends
+ 			$('p.subtitle.description', {}, localize({ key: 'gettingStarted.editingEvolved', comment: ['Shown as subtitle on the Welcome page.'] }, "Editing evolved"))
+ 		);
+ 
+		let gettingStartedCoder: HTMLElement = $('.header', {});
+		if (this.contextService.contextMatchesRules(IsEnabledCoderGettingStarted)) {
+			gettingStartedCoder = $('.gettingStartedCategory', {},
+				$('h2', {
+					style: 'margin-bottom: 12px',
+				}, 'Next Up'),
+				$('a', {
+					href: 'https://cdr.co/code-server-to-coder',
+					target: '_blank',
+				},
+					$('button', {
+						style: [
+							'padding: 10px 16px	',
+							'border-radius: 4px',
+							'background: linear-gradient(94.04deg, #7934DA 0%, #4D52E0 101.2%)',
+							'color: white',
+							'overflow: hidden',
+							'margin-right: 14px',
+						].join(';'),
+					},
+					$('h3', {
+						style: [
+							'margin: 0px 0px 6px',
+							'font-weight: 500',
+						].join(';'),
+					}, 'Deploy code-server for your team'),
+					$('p', {
+						style: [
+							'margin: 0',
+							'font-size: 13px',
+							'color: #dcdee2',
+						].join(';'),
+					}, 'Provision software development environments on your infrastructure with Coder.'),
+					$('p', {
+						style: [
+							'margin-top: 8px',
+							'font-size: 13px',
+							'color: #dcdee2',
+						].join(';'),
+					}, 'Coder is a self-service portal which provisions via Terraform—Linux, macOS, Windows, x86, ARM, and, of course, Kubernetes based infrastructure.'),
+					$('p', {
+						style: [
+							'margin: 0',
+							'margin-top: 8px',
+							'font-size: 13px',
+							'display: flex',
+							'align-items: center',
+						].join(';'),
+					}, 'Get started ', $('span', {
+						class: ThemeIcon.asClassName(Codicon.arrowRight),
+						style: [
+							'color: white',
+							'margin-left: 8px',
+						].join(';'),
+					})),
+					$('img', {
+						src: './_static/src/browser/media/templates.png',
+						style: [
+							'margin-bottom: -65px',
+						].join(';'),
+					}),
+					),
+				),
+			);
+	   }
+
+ 
+ 		const leftColumn = $('.categories-column.categories-column-left', {},);
+ 		const rightColumn = $('.categories-column.categories-column-right', {},);
+@@ -776,13 +842,23 @@ export class GettingStartedPage extends
+ 		const layoutLists = () => {
+ 			if (gettingStartedList.itemCount) {
+ 				this.container.classList.remove('noWalkthroughs');
+-				reset(leftColumn, startList.getDomElement(), recentList.getDomElement());
+-				reset(rightColumn, gettingStartedList.getDomElement());
+				if (this.contextService.contextMatchesRules(IsEnabledCoderGettingStarted)) {
+					reset(leftColumn, startList.getDomElement(), recentList.getDomElement(), gettingStartedList.getDomElement());
+					reset(rightColumn, gettingStartedCoder);
+				} else {
+					reset(leftColumn, startList.getDomElement(), recentList.getDomElement());
+					reset(rightColumn, gettingStartedList.getDomElement());
+				}
+
+ 				recentList.setLimit(5);
+ 			}
+ 			else {
+ 				this.container.classList.add('noWalkthroughs');
+-				reset(leftColumn, startList.getDomElement());
+				if (this.contextService.contextMatchesRules(IsEnabledCoderGettingStarted)) {
+					reset(leftColumn, startList.getDomElement(), gettingStartedCoder);
+				} else {
+					reset(leftColumn, startList.getDomElement());
+				}
+ 				reset(rightColumn, recentList.getDomElement());
+ 				recentList.setLimit(10);
+ 			}
+Index: code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/browser/media/gettingStarted.css
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/browser/media/gettingStarted.css
+++ code-server/lib/vscode/src/vs/workbench/contrib/welcomeGettingStarted/browser/media/gettingStarted.css
+@@ -60,6 +60,15 @@
+ 	display: block;
+ }
+ 
+.monaco-workbench .part.editor > .content .gettingStartedContainer .coder {
+	margin-bottom: 0.2em;
+}
+
+.monaco-workbench .part.editor>.content .gettingStartedContainer .coder-coder {
+	font-size: 1em;
+	margin-top: 0.2em;
+}
+
+ .monaco-workbench.hc-black .part.editor>.content .gettingStartedContainer .subtitle,
+ .monaco-workbench.hc-light .part.editor>.content .gettingStartedContainer .subtitle {
+ 	font-weight: 200;
+Index: code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/browser/web.api.ts
+++ code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
+@@ -271,6 +271,11 @@ export interface IWorkbenchConstructionO
+ 	 */
+ 	readonly isEnabledFileDownloads?: boolean
+ 
+	/**
+	 * Whether to use Coder's custom Getting Started text.
+	 */
+	readonly isEnabledCoderGettingStarted?: boolean
+
+ 	//#endregion
+ 
+ 	//#region Profile options
+Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
+++ code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
+@@ -37,6 +37,11 @@ export interface IBrowserWorkbenchEnviro
+ 	 * Enable downloading files via menu actions.
+ 	 */
+ 	readonly isEnabledFileDownloads?: boolean;
+
+	/**
+	 * Enable Coder's custom getting started text.
+	 */
+	readonly isEnabledCoderGettingStarted?: boolean;
+ }
+ 
+ export class BrowserWorkbenchEnvironmentService implements IBrowserWorkbenchEnvironmentService {
+@@ -116,6 +121,13 @@ export class BrowserWorkbenchEnvironment
+ 		return this.options.isEnabledFileDownloads;
+ 	}
+ 
+	get isEnabledCoderGettingStarted(): boolean {
+		if (typeof this.options.isEnabledCoderGettingStarted === "undefined") {
+			throw new Error('isEnabledCoderGettingStarted was not provided to the browser');
+		}
+		return this.options.isEnabledCoderGettingStarted;
+	}
+
+ 	@memoize
+ 	get argvResource(): URI { return joinPath(this.userRoamingDataHome, 'argv.json'); }
+ 
+Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+@@ -16,6 +16,7 @@ export const serverOptions: OptionDescri
+ 	'auth': { type: 'string' },
+ 	'disable-file-downloads': { type: 'boolean' },
+ 	'locale': { type: 'string' },
+	'disable-getting-started-override': { type: 'boolean' },
+ 
+ 	/* ----- server setup ----- */
+ 
+@@ -98,6 +99,7 @@ export interface ServerParsedArgs {
+ 	'auth'?: string
+ 	'disable-file-downloads'?: boolean;
+ 	'locale'?: string
+	'disable-getting-started-override'?: boolean;
+ 
+ 	/* ----- server setup ----- */
+ 
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
+++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -308,6 +308,7 @@ export class WebClientServer {
+ 			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
+ 			userDataPath: this._environmentService.userDataPath,
+ 			isEnabledFileDownloads: !this._environmentService.args['disable-file-downloads'],
+			isEnabledCoderGettingStarted: !this._environmentService.args['disable-getting-started-override'],
+ 			_wrapWebWorkerExtHostInIframe,
+ 			developmentOptions: { enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined, logLevel: this._logService.getLevel() },
+ 			settingsSyncOptions: !this._environmentService.isBuilt && this._environmentService.args['enable-sync'] ? { enabled: true } : undefined,
+Index: code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/browser/contextkeys.ts
+++ code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
+@@ -7,7 +7,7 @@ import { Event } from 'vs/base/common/ev
+ import { Disposable } from 'vs/base/common/lifecycle';
+ import { IContextKeyService, IContextKey } from 'vs/platform/contextkey/common/contextkey';
+ import { InputFocusedContext, IsMacContext, IsLinuxContext, IsWindowsContext, IsWebContext, IsMacNativeContext, IsDevelopmentContext, IsIOSContext, ProductQualityContext, IsMobileContext } from 'vs/platform/contextkey/common/contextkeys';
+-import { SplitEditorsVertically, InEditorZenModeContext, ActiveEditorCanRevertContext, ActiveEditorGroupLockedContext, ActiveEditorCanSplitInGroupContext, SideBySideEditorActiveContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, ActiveEditorContext, EditorsVisibleContext, TextCompareEditorVisibleContext, TextCompareEditorActiveContext, ActiveEditorGroupEmptyContext, MultipleEditorGroupsContext, EditorTabsVisibleContext, IsCenteredLayoutContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorReadonlyContext, EditorAreaVisibleContext, ActiveEditorAvailableEditorIdsContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, IsEnabledFileDownloads } from 'vs/workbench/common/contextkeys';
+import { SplitEditorsVertically, InEditorZenModeContext, ActiveEditorCanRevertContext, ActiveEditorGroupLockedContext, ActiveEditorCanSplitInGroupContext, SideBySideEditorActiveContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, ActiveEditorContext, EditorsVisibleContext, TextCompareEditorVisibleContext, TextCompareEditorActiveContext, ActiveEditorGroupEmptyContext, MultipleEditorGroupsContext, EditorTabsVisibleContext, IsCenteredLayoutContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorReadonlyContext, EditorAreaVisibleContext, ActiveEditorAvailableEditorIdsContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, TemporaryWorkspaceContext, IsEnabledFileDownloads, IsEnabledCoderGettingStarted } from 'vs/workbench/common/contextkeys';
+ import { TEXT_DIFF_EDITOR_ID, EditorInputCapabilities, SIDE_BY_SIDE_EDITOR_ID, DEFAULT_EDITOR_ASSOCIATION } from 'vs/workbench/common/editor';
+ import { trackFocus, addDisposableListener, EventType } from 'vs/base/browser/dom';
+ import { preferredSideBySideGroupDirection, GroupDirection, IEditorGroupsService } from 'vs/workbench/services/editor/common/editorGroupsService';
+@@ -204,6 +204,7 @@ export class WorkbenchContextKeysHandler
+ 
+ 		// code-server
+ 		IsEnabledFileDownloads.bindTo(this.contextKeyService).set(this.environmentService.isEnabledFileDownloads ?? true)
+		IsEnabledCoderGettingStarted.bindTo(this.contextKeyService).set(this.environmentService.isEnabledCoderGettingStarted ?? true)
+ 
+ 		this.registerListeners();
+ 	}
+Index: code-server/lib/vscode/src/vs/workbench/common/contextkeys.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/common/contextkeys.ts
+++ code-server/lib/vscode/src/vs/workbench/common/contextkeys.ts
+@@ -33,6 +33,7 @@ export const IsFullscreenContext = new R
+ export const HasWebFileSystemAccess = new RawContextKey<boolean>('hasWebFileSystemAccess', false, true); // Support for FileSystemAccess web APIs (https://wicg.github.io/file-system-access)
+ 
+ export const IsEnabledFileDownloads = new RawContextKey<boolean>('isEnabledFileDownloads', true, true);
+export const IsEnabledCoderGettingStarted = new RawContextKey<boolean>('isEnabledCoderGettingStarted', true, true);
+ 
+ //#endregion
+ 
--- a/patches/integration.diff
+++ b/patches/integration.diff
@@ -38,7 +38,7 @@ Index: code-server/lib/vscode/src/vs/server/node/server.main.ts
 -const LOCAL_HISTORY_HOME = join(APP_SETTINGS_HOME, 'History');
 -const MACHINE_SETTINGS_HOME = join(USER_DATA_PATH, 'Machine');
 -args['user-data-dir'] = USER_DATA_PATH;
-const APP_ROOT = dirname(FileAccess.asFileUri('', require).fsPath);
+-const APP_ROOT = dirname(FileAccess.asFileUri('').fsPath);
 -const BUILTIN_EXTENSIONS_FOLDER_PATH = join(APP_ROOT, 'extensions');
 -args['builtin-extensions-dir'] = BUILTIN_EXTENSIONS_FOLDER_PATH;
 -args['extensions-dir'] = args['extensions-dir'] || join(REMOTE_DATA_FOLDER, 'extensions');
@@ -58,7 +58,7 @@ Index: code-server/lib/vscode/src/vs/server/node/server.main.ts
 +	const LOCAL_HISTORY_HOME = join(APP_SETTINGS_HOME, 'History');
 +	const MACHINE_SETTINGS_HOME = join(USER_DATA_PATH, 'Machine');
 +	args['user-data-dir'] = USER_DATA_PATH;
-+	const APP_ROOT = dirname(FileAccess.asFileUri('', require).fsPath);
+	const APP_ROOT = dirname(FileAccess.asFileUri('').fsPath);
 +	const BUILTIN_EXTENSIONS_FOLDER_PATH = args['builtin-extensions-dir'] || join(APP_ROOT, 'extensions');
 +	args['builtin-extensions-dir'] = BUILTIN_EXTENSIONS_FOLDER_PATH;
 +	args['extensions-dir'] = args['extensions-dir'] || join(REMOTE_DATA_FOLDER, 'extensions');
@@ -95,7 +95,7 @@ Index: code-server/lib/vscode/src/vs/base/common/processes.ts
 --- code-server.orig/lib/vscode/src/vs/base/common/processes.ts
 +++ code-server/lib/vscode/src/vs/base/common/processes.ts
@@ -111,6 +111,8 @@ export function sanitizeProcessEnvironme
- 		/^VSCODE_(?!SHELL_LOGIN).+$/,
+ 		/^VSCODE_(?!(PORTABLE|SHELL_LOGIN)).+$/,
 		/^SNAP(|_.*)$/,
 		/^GDK_PIXBUF_.+$/,
 +		/^CODE_SERVER_.+$/,
@@ -107,7 +107,7 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/parts/dialogs/dialogHandl
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/parts/dialogs/dialogHandler.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/parts/dialogs/dialogHandler.ts
-@@ -143,8 +143,11 @@ export class BrowserDialogHandler implem
+@@ -145,8 +145,11 @@ export class BrowserDialogHandler implem
 
 	async about(): Promise<void> {
 		const detailString = (useAgo: boolean): string => {
@@ -184,7 +184,7 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/web.main.ts
 import { ITelemetryService } from 'vs/platform/telemetry/common/telemetry';
 import { IProgressService } from 'vs/platform/progress/common/progress';
 import { DelayedLogChannel } from 'vs/workbench/services/output/common/delayedLogChannel';
-@@ -116,6 +117,9 @@ export class BrowserMain extends Disposa
+@@ -119,6 +120,9 @@ export class BrowserMain extends Disposa
 		// Startup
 		const instantiationService = workbench.startup();
 
@@ -221,12 +221,13 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench-dev.html
 
 		<!-- Disable pinch zooming -->
 		<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">
-@@ -26,8 +27,9 @@
+@@ -26,9 +27,9 @@
 		<meta id="vscode-workbench-builtin-extensions" data-settings="{{WORKBENCH_BUILTIN_EXTENSIONS}}">
 
 		<!-- Workbench Icon/Manifest/CSS -->
 -		<link rel="icon" href="{{WORKBENCH_WEB_BASE_URL}}/resources/server/favicon.ico" type="image/x-icon" />
 -		<link rel="manifest" href="{{WORKBENCH_WEB_BASE_URL}}/resources/server/manifest.json" crossorigin="use-credentials" />
+-
 +		<link rel="icon" href="/_static/src/browser/media/favicon-dark-support.svg" />
 +		<link rel="alternate icon" href="/_static/src/browser/media/favicon.ico" type="image/x-icon" />
 +		<link rel="manifest" href="/manifest.json" crossorigin="use-credentials" />
--- a/patches/local-storage.diff
+++ b/patches/local-storage.diff
@@ -26,13 +26,13 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
 +			userDataPath: this._environmentService.userDataPath,
 			_wrapWebWorkerExtHostInIframe,
- 			developmentOptions: {
- 				enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined,
+ 			developmentOptions: { enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined, logLevel: this._logService.getLevel() },
+ 			settingsSyncOptions: !this._environmentService.isBuilt && this._environmentService.args['enable-sync'] ? { enabled: true } : undefined,
 Index: code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/web.api.ts
 +++ code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
-@@ -262,6 +262,11 @@ export interface IWorkbenchConstructionO
+@@ -261,6 +261,11 @@ export interface IWorkbenchConstructionO
 	 */
 	readonly configurationDefaults?: Record<string, any>;
 
@@ -43,13 +43,13 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
 +
 	//#endregion
 
- 
+ 	//#region Profile options
 Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
 +++ code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
-@@ -53,7 +53,14 @@ export class BrowserWorkbenchEnvironment
- 	get logFile(): URI { return joinPath(this.logsHome, 'window.log'); }
+@@ -95,7 +95,14 @@ export class BrowserWorkbenchEnvironment
+ 	get logFile(): URI { return joinPath(this.windowLogsPath, 'window.log'); }
 
 	@memoize
 -	get userRoamingDataHome(): URI { return URI.file('/User').with({ scheme: Schemas.vscodeUserData }); }
--- a/patches/log-level.diff
+++ b/patches/log-level.diff
@@ -1,21 +0,0 @@
-Propagate the log level to the client
-
-This can be tested by using `--log trace`.  You should see plenty of debug and
-trace logs in the console.
-
-Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-===================================================================
--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
-+++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -304,7 +304,10 @@ export class WebClientServer {
- 			remoteAuthority,
- 			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
- 			_wrapWebWorkerExtHostInIframe,
-			developmentOptions: { enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined },
-+			developmentOptions: {
-+				enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined,
-+				logLevel: this._logService.getLevel(),
-+			},
- 			settingsSyncOptions: !this._environmentService.isBuilt && this._environmentService.args['enable-sync'] ? { enabled: true } : undefined,
- 			enableWorkspaceTrust: !this._environmentService.args['disable-workspace-trust'],
- 			folderUri: resolveWorkspaceURI(this._environmentService.args['default-folder']),
--- a/patches/logout.diff
+++ b/patches/logout.diff
@@ -21,14 +21,14 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 --- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 +++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
@@ -13,6 +13,7 @@ import { IEnvironmentService, INativeEnv
- export const serverOptions: OptionDescriptions<ServerParsedArgs> = {
+ export const serverOptions: OptionDescriptions<Required<ServerParsedArgs>> = {
 	/* ----- code-server ----- */
 	'disable-update-check': { type: 'boolean' },
 +	'auth': { type: 'string' },
 
 	/* ----- server setup ----- */
 
-@@ -93,6 +94,7 @@ export const serverOptions: OptionDescri
+@@ -92,6 +93,7 @@ export const serverOptions: OptionDescri
 export interface ServerParsedArgs {
 	/* ----- code-server ----- */
 	'disable-update-check'?: boolean;
--- a/patches/marketplace.diff
+++ b/patches/marketplace.diff
@@ -19,22 +19,23 @@ Index: code-server/lib/vscode/src/vs/platform/product/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/product/common/product.ts
 +++ code-server/lib/vscode/src/vs/platform/product/common/product.ts
-@@ -45,7 +45,14 @@ else if (typeof require?.__$__nodeRequir
+@@ -47,6 +47,16 @@ else if (globalThis._VSCODE_PRODUCT_JSON
+ 			version: pkg.version
+ 		});
 	}
- 
- 	Object.assign(product, {
-		version: pkg.version
-+		version: pkg.version,
+
+	Object.assign(product, {
 +		extensionsGallery: env.EXTENSIONS_GALLERY ? JSON.parse(env.EXTENSIONS_GALLERY) : (product.extensionsGallery || {
 +			serviceUrl: "https://open-vsx.org/vscode/gallery",
 +			itemUrl: "https://open-vsx.org/vscode/item",
 +			resourceUrlTemplate: "https://open-vsx.org/vscode/asset/{publisher}/{name}/{version}/Microsoft.VisualStudio.Code.WebResources/{path}",
 +			controlUrl: "",
 +			recommendationsUrl: "",
-+		}),
- 	});
+		})
+	});
 }
 
+ // Web environment or unknown
 Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
@@ -64,10 +65,10 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 			},
 			callbackRoute: this._callbackRoute
 		};
-Index: code-server/lib/vscode/src/vs/workbench/services/extensionResourceLoader/common/extensionResourceLoader.ts
+Index: code-server/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
 ===================================================================
--- code-server.orig/lib/vscode/src/vs/workbench/services/extensionResourceLoader/common/extensionResourceLoader.ts
-+++ code-server/lib/vscode/src/vs/workbench/services/extensionResourceLoader/common/extensionResourceLoader.ts
+--- code-server.orig/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
+++ code-server/lib/vscode/src/vs/platform/extensionResourceLoader/common/extensionResourceLoader.ts
@@ -16,7 +16,6 @@ import { getServiceMachineId } from 'vs/
 import { IStorageService } from 'vs/platform/storage/common/storage';
 import { TelemetryLevel } from 'vs/platform/telemetry/common/telemetry';
--- a/patches/parent-origin.diff
+++ b/patches/parent-origin.diff
@@ -1,24 +0,0 @@
-Remove parentOriginHash checko
-
-This fixes webviews from not working properly due to a change upstream.
-Upstream added a check to ensure parent authority is encoded into the webview
-origin. Since our webview origin is the parent authority, we can bypass this
-check.
-
-Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/main.js
-===================================================================
--- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/main.js
-+++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/main.js
-@@ -317,6 +317,12 @@ const hostMessaging = new class HostMess
- 		const id = searchParams.get('id');
- 
- 		const hostname = location.hostname;
-+
-+		// It is safe to run if we are on the same host.
-+		const parent = new URL(parentOrigin)
-+		if (parent.hostname == location.hostname) {
-+			return start(parentOrigin)
-+		}
- 
- 		if (!crypto.subtle) {
- 			// cannot validate, not running in a secure context
--- a/patches/proposed-api.diff
+++ b/patches/proposed-api.diff
@@ -1,6 +1,7 @@
 Unconditionally enable the proposed API

-To test run an extension that uses the proposed API.
+To test run an extension that uses the proposed API (i.e.
+https://github.com/microsoft/vscode-extension-samples/tree/ddae6c0c9ff203b4ed6f6b43bfacdd0834215f83/proposed-api-sample)

 We also override isProposedApiEnabled in case an extension does not declare the
 APIs it needs correctly (the Jupyter extension had this issue).
@@ -9,7 +10,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/extensions/common/abstra
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/common/abstractExtensionService.ts
 +++ code-server/lib/vscode/src/vs/workbench/services/extensions/common/abstractExtensionService.ts
-@@ -1458,7 +1458,7 @@ class ProposedApiController {
+@@ -1486,7 +1486,7 @@ class ProposedApiController {
 
 		this._envEnabledExtensions = new Set((_environmentService.extensionEnabledProposedApi ?? []).map(id => ExtensionIdentifier.toKey(id)));
 
@@ -22,7 +23,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/extensions/common/extens
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/common/extensions.ts
 +++ code-server/lib/vscode/src/vs/workbench/services/extensions/common/extensions.ts
-@@ -359,10 +359,7 @@ function extensionDescriptionArrayToMap(
+@@ -364,10 +364,7 @@ function extensionDescriptionArrayToMap(
 }
 
 export function isProposedApiEnabled(extension: IExtensionDescription, proposal: ApiProposalName): boolean {
--- a/patches/proxy-uri.diff
+++ b/patches/proxy-uri.diff
@@ -10,6 +10,22 @@ extensions, use --extensions-dir, or symlink it).

 This has e2e tests.

+For the `asExternalUri` changes, you'll need to test manually by:
+1. running code-server with the test extension
+2. Command Palette > code-server: asExternalUri test
+3. input a url like http://localhost:3000
+4. it should show a notification and show output as <code-server>/proxy/3000
+
+Do the same thing but set `VSCODE_PROXY_URI: "https://{{port}}-main-workspace-name-user-name.coder.com"`
+and the output should replace `{{port}}` with port used in input url.
+
+This also enables the forwared ports view panel by default.
+
+Lastly, it adds a tunnelProvider so that ports are forwarded using code-server's
+built-in proxy. You can test this by starting a server i.e. `python3 -m
+http.server` and it should show a notification and show up in the ports panel
+using the /proxy/port.
+
 Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
@@ -26,31 +42,31 @@ Index: code-server/lib/vscode/src/vs/platform/remote/browser/remoteAuthorityReso
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/platform/remote/browser/remoteAuthorityResolverService.ts
 +++ code-server/lib/vscode/src/vs/platform/remote/browser/remoteAuthorityResolverService.ts
-@@ -8,7 +8,7 @@ import { Disposable } from 'vs/base/comm
- import { RemoteAuthorities } from 'vs/base/common/network';
+@@ -11,7 +11,7 @@ import { StopWatch } from 'vs/base/commo
 import { URI } from 'vs/base/common/uri';
+ import { ILogService } from 'vs/platform/log/common/log';
 import { IProductService } from 'vs/platform/product/common/productService';
-import { IRemoteAuthorityResolverService, IRemoteConnectionData, ResolvedAuthority, ResolverResult } from 'vs/platform/remote/common/remoteAuthorityResolver';
-+import { IRemoteAuthorityResolverService, IRemoteConnectionData, ResolvedAuthority, ResolvedOptions, ResolverResult } from 'vs/platform/remote/common/remoteAuthorityResolver';
+-import { IRemoteAuthorityResolverService, IRemoteConnectionData, ResolvedAuthority, ResolverResult, getRemoteAuthorityPrefix } from 'vs/platform/remote/common/remoteAuthorityResolver';
+import { IRemoteAuthorityResolverService, IRemoteConnectionData, ResolvedAuthority, ResolvedOptions, ResolverResult, getRemoteAuthorityPrefix } from 'vs/platform/remote/common/remoteAuthorityResolver';
 import { getRemoteServerRootPath, parseAuthorityWithOptionalPort } from 'vs/platform/remote/common/remoteHosts';
 
 export class RemoteAuthorityResolverService extends Disposable implements IRemoteAuthorityResolverService {
-@@ -23,7 +23,7 @@ export class RemoteAuthorityResolverServ
- 	private readonly _connectionToken: Promise<string> | string | undefined;
- 	private readonly _connectionTokens: Map<string, string>;
- 
-	constructor(@IProductService productService: IProductService, connectionToken: Promise<string> | string | undefined, resourceUriProvider: ((uri: URI) => URI) | undefined) {
-+	constructor(@IProductService productService: IProductService, connectionToken: Promise<string> | string | undefined, resourceUriProvider: ((uri: URI) => URI) | undefined, private readonly proxyEndpointTemplate?: string) {
+@@ -29,7 +29,7 @@ export class RemoteAuthorityResolverServ
+ 	constructor(
+ 		connectionToken: Promise<string> | string | undefined,
+ 		resourceUriProvider: ((uri: URI) => URI) | undefined,
+-		@IProductService productService: IProductService,
+		@IProductService private readonly productService: IProductService,
+ 		@ILogService private readonly _logService: ILogService,
+ 	) {
 		super();
- 		this._connectionToken = connectionToken;
- 		this._connectionTokens = new Map<string, string>();
-@@ -61,9 +61,14 @@ export class RemoteAuthorityResolverServ
- 
- 	private async _doResolveAuthority(authority: string): Promise<ResolverResult> {
+@@ -75,9 +75,14 @@ export class RemoteAuthorityResolverServ
 		const connectionToken = await Promise.resolve(this._connectionTokens.get(authority) || this._connectionToken);
+ 		performance.mark(`code/didResolveConnectionToken/${authorityPrefix}`);
+ 		this._logService.info(`Resolved connection token (${authorityPrefix}) after ${sw.elapsed()} ms`);
 +		let options: ResolvedOptions | undefined;
-+		if (this.proxyEndpointTemplate) {
-+			const proxyUrl = new URL(this.proxyEndpointTemplate, window.location.href);
+		if (this.productService.proxyEndpointTemplate) {
+			const proxyUrl = new URL(this.productService.proxyEndpointTemplate, window.location.href);
 +			options = { extensionHostEnv: { VSCODE_PROXY_URI: decodeURIComponent(proxyUrl.toString()) }}
 +		}
 		const defaultPort = (/^https:/.test(window.location.href) ? 443 : 80);
@@ -68,28 +84,15 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 				rootEndpoint: base,
 				updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
 				logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? base + '/logout' : undefined,
-+				proxyEndpointTemplate: base + '/proxy/{{port}}',
+				proxyEndpointTemplate: process.env.VSCODE_PROXY_URI ?? base + '/proxy/{{port}}/',
 				embedderIdentifier: 'server-distro',
 				extensionsGallery: this._productService.extensionsGallery,
 			},
-Index: code-server/lib/vscode/src/vs/workbench/browser/web.main.ts
-===================================================================
--- code-server.orig/lib/vscode/src/vs/workbench/browser/web.main.ts
-+++ code-server/lib/vscode/src/vs/workbench/browser/web.main.ts
-@@ -247,7 +247,7 @@ export class BrowserMain extends Disposa
- 
- 		// Remote
- 		const connectionToken = environmentService.options.connectionToken || getCookieValue(connectionTokenCookieName);
-		const remoteAuthorityResolverService = new RemoteAuthorityResolverService(productService, connectionToken, this.configuration.resourceUriProvider);
-+		const remoteAuthorityResolverService = new RemoteAuthorityResolverService(productService, connectionToken, this.configuration.resourceUriProvider, this.configuration.productConfiguration?.proxyEndpointTemplate);
- 		serviceCollection.set(IRemoteAuthorityResolverService, remoteAuthorityResolverService);
- 
- 		// Signing
 Index: code-server/lib/vscode/src/vs/workbench/contrib/terminal/common/terminalEnvironment.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/terminal/common/terminalEnvironment.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/terminal/common/terminalEnvironment.ts
-@@ -388,7 +388,7 @@ export async function createTerminalEnvi
+@@ -383,7 +383,7 @@ export async function createTerminalEnvi
 
 		// Sanitize the environment, removing any undesirable VS Code and Electron environment
 		// variables
@@ -98,3 +101,68 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/terminal/common/terminalE
 
 		// Merge config (settings) and ShellLaunchConfig environments
 		mergeEnvironments(env, allowedEnvFromConfig);
+Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench.ts
+++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
+@@ -21,6 +21,7 @@ import type { ICredentialsProvider } fro
+ import type { IURLCallbackProvider } from 'vs/workbench/services/url/browser/urlService';
+ import type { IWorkbenchConstructionOptions } from 'vs/workbench/browser/web.api';
+ import type { IWorkspace, IWorkspaceProvider } from 'vs/workbench/services/host/browser/browserHostService';
+import { extractLocalHostUriMetaDataForPortMapping, TunnelOptions, TunnelCreationOptions } from 'vs/platform/tunnel/common/tunnel';
+ 
+ interface ICredential {
+ 	service: string;
+@@ -511,6 +512,38 @@ function doCreateUri(path: string, query
+ 		} : undefined,
+ 		workspaceProvider: WorkspaceProvider.create(config),
+ 		urlCallbackProvider: new LocalStorageURLCallbackProvider(config.callbackRoute),
+-		credentialsProvider: config.remoteAuthority ? undefined : new LocalStorageCredentialsProvider() // with a remote, we don't use a local credentials provider
+		credentialsProvider: config.remoteAuthority ? undefined : new LocalStorageCredentialsProvider(), // with a remote, we don't use a local credentials provider
+		resolveExternalUri: (uri: URI): Promise<URI> => {
+			let resolvedUri = uri
+			const localhostMatch = extractLocalHostUriMetaDataForPortMapping(resolvedUri)
+
+			if (localhostMatch && resolvedUri.authority !== location.host) {
+				if (config.productConfiguration && config.productConfiguration.proxyEndpointTemplate) {
+					resolvedUri = URI.parse(new URL(config.productConfiguration.proxyEndpointTemplate.replace('{{port}}', localhostMatch.port.toString()), window.location.href).toString())
+				} else {
+					throw new Error(`Failed to resolve external URI: ${uri.toString()}. Could not determine base url because productConfiguration missing.`)
+				}
+			}
+
+			// If not localhost, return unmodified
+			return Promise.resolve(resolvedUri)
+		},
+		tunnelProvider: {
+			tunnelFactory: (tunnelOptions: TunnelOptions, tunnelCreationOptions: TunnelCreationOptions) => {
+				const onDidDispose: Emitter<void> = new Emitter();
+				let isDisposed = false;
+				return Promise.resolve({
+					remoteAddress: tunnelOptions.remoteAddress,
+					localAddress: `localhost:${tunnelOptions.remoteAddress.port}`,
+					onDidDispose: onDidDispose.event,
+					dispose: () => {
+						if (!isDisposed) {
+							isDisposed = true;
+							onDidDispose.fire();
+						}
+					}
+				})
+			}
+		}
+ 	});
+ })();
+Index: code-server/lib/vscode/src/vs/workbench/contrib/remote/browser/remoteExplorer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/remote/browser/remoteExplorer.ts
+++ code-server/lib/vscode/src/vs/workbench/contrib/remote/browser/remoteExplorer.ts
+@@ -73,7 +73,7 @@ export class ForwardedPortsView extends
+ 			this.contextKeyListener = undefined;
+ 		}
+ 
+-		const viewEnabled: boolean = !!forwardedPortsViewEnabled.getValue(this.contextKeyService);
+		const viewEnabled: boolean = true;
+ 
+ 		if (this.environmentService.remoteAuthority && viewEnabled) {
+ 			const viewContainer = await this.getViewContainer();
--- a/patches/series
+++ b/patches/series
@@ -11,7 +11,6 @@ store-socket.diff
 proxy-uri.diff
 github-auth.diff
 unique-db.diff
-log-level.diff
 local-storage.diff
 service-worker.diff
 sourcemaps.diff
@@ -19,4 +18,4 @@ disable-downloads.diff
 telemetry.diff
 display-language.diff
 cli-window-open.diff
-exec-argv.diff
+getting-started.diff
--- a/patches/service-worker.diff
+++ b/patches/service-worker.diff
@@ -17,21 +17,6 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 
 	readonly version: string;
 	readonly date?: string;
-Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-===================================================================
--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
-+++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -319,6 +319,10 @@ export class WebClientServer {
- 				updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
- 				logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? base + '/logout' : undefined,
- 				proxyEndpointTemplate: base + '/proxy/{{port}}',
-+				serviceWorker: {
-+					scope: vscodeBase + '/',
-+					path: base + '/_static/out/browser/serviceWorker.js',
-+				},
- 				embedderIdentifier: 'server-distro',
- 				extensionsGallery: this._productService.extensionsGallery,
- 			},
 Index: code-server/lib/vscode/src/vs/workbench/browser/client.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/browser/client.ts
@@ -65,3 +50,18 @@ Index: code-server/lib/vscode/src/vs/workbench/browser/client.ts
 +		}
 +	}
 }
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
+++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -316,6 +316,10 @@ export class WebClientServer {
+ 				updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
+ 				logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? base + '/logout' : undefined,
+ 				proxyEndpointTemplate: process.env.VSCODE_PROXY_URI ?? base + '/proxy/{{port}}/',
+				serviceWorker: {
+					scope: vscodeBase + '/',
+					path: base + '/_static/out/browser/serviceWorker.js',
+				},
+ 				embedderIdentifier: 'server-distro',
+ 				extensionsGallery: this._productService.extensionsGallery,
+ 			},
--- a/patches/sourcemaps.diff
+++ b/patches/sourcemaps.diff
@@ -10,7 +10,7 @@ Index: code-server/lib/vscode/build/gulpfile.reh.js
 ===================================================================
 --- code-server.orig/lib/vscode/build/gulpfile.reh.js
 +++ code-server/lib/vscode/build/gulpfile.reh.js
-@@ -196,8 +196,7 @@ function packageTask(type, platform, arc
+@@ -192,8 +192,7 @@ function packageTask(type, platform, arc
 
 		const src = gulp.src(sourceFolderName + '/**', { base: '.' })
 			.pipe(rename(function (path) { path.dirname = path.dirname.replace(new RegExp('^' + sourceFolderName), 'out'); }))
@@ -20,7 +20,7 @@ Index: code-server/lib/vscode/build/gulpfile.reh.js
 
 		const workspaceExtensionPoints = ['debuggers', 'jsonValidation'];
 		const isUIExtension = (manifest) => {
-@@ -236,9 +235,9 @@ function packageTask(type, platform, arc
+@@ -232,9 +231,9 @@ function packageTask(type, platform, arc
 			.map(name => `.build/extensions/${name}/**`);
 
 		const extensions = gulp.src(extensionPaths, { base: '.build', dot: true });
@@ -32,12 +32,12 @@ Index: code-server/lib/vscode/build/gulpfile.reh.js
 
 		let version = packageJson.version;
 		const quality = product.quality;
-@@ -373,7 +372,7 @@ function tweakProductForServerWeb(produc
+@@ -389,7 +388,7 @@ function tweakProductForServerWeb(produc
 	const minifyTask = task.define(`minify-vscode-${type}`, task.series(
 		optimizeTask,
 		util.rimraf(`out-vscode-${type}-min`),
-		common.minifyTask(`out-vscode-${type}`, `https://ticino.blob.core.windows.net/sourcemaps/${commit}/core`)
-+		common.minifyTask(`out-vscode-${type}`, '')
+-		optimize.minifyTask(`out-vscode-${type}`, `https://ticino.blob.core.windows.net/sourcemaps/${commit}/core`)
+		optimize.minifyTask(`out-vscode-${type}`, ``)
 	));
 	gulp.task(minifyTask);
 
--- a/patches/telemetry.diff
+++ b/patches/telemetry.diff
@@ -1,9 +1,10 @@
 Add support for telemetry endpoint

 To test:
-1. Create a RequestBin - https://requestbin.io/
+1. Create a mock API using [RequestBin](https://requestbin.io/) or [Beeceptor](https://beeceptor.com/)
 2. Run code-server with `CS_TELEMETRY_URL` set: 
-  i.e. `CS_TELEMETRY_URL="https://requestbin.io/1ebub9z1" ./code-server-4.7.1-macos-amd64/bin/code-server`
+  i.e. `CS_TELEMETRY_URL="https://requestbin.io/1ebub9z1" ./code-server-<version>-macos-amd64/bin/code-server`
+  NOTE: it has to be a production build.
 3. Load code-server in browser an do things (i.e. open a file)
 4. Refresh RequestBin and you should see logs

@@ -11,15 +12,15 @@ Index: code-server/lib/vscode/src/vs/server/node/serverServices.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/serverServices.ts
 +++ code-server/lib/vscode/src/vs/server/node/serverServices.ts
-@@ -71,6 +71,7 @@ import { IExtensionsScannerService } fro
+@@ -70,6 +70,7 @@ import { IExtensionsScannerService } fro
 import { ExtensionsScannerService } from 'vs/server/node/extensionsScannerService';
- import { ExtensionsProfileScannerService, IExtensionsProfileScannerService } from 'vs/platform/extensionManagement/common/extensionsProfileScannerService';
- import { IUserDataProfilesService, UserDataProfilesService } from 'vs/platform/userDataProfile/common/userDataProfile';
+ import { IExtensionsProfileScannerService } from 'vs/platform/extensionManagement/common/extensionsProfileScannerService';
+ import { IUserDataProfilesService } from 'vs/platform/userDataProfile/common/userDataProfile';
 +import { TelemetryClient } from "vs/server/node/telemetryClient";
 import { NullPolicyService } from 'vs/platform/policy/common/policy';
 import { OneDataSystemAppender } from 'vs/platform/telemetry/node/1dsAppender';
- 
-@@ -133,10 +134,13 @@ export async function setupServerService
+ import { LoggerService } from 'vs/platform/log/node/loggerService';
+@@ -142,10 +143,13 @@ export async function setupServerService
 	const machineId = await getMachineId();
 	const isInternal = isInternalTelemetry(productService, configurationService);
 	if (supportsTelemetry(productService, environmentService)) {
@@ -93,7 +94,7 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
 +++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
-@@ -324,6 +324,7 @@ export class WebClientServer {
+@@ -321,6 +321,7 @@ export class WebClientServer {
 					scope: vscodeBase + '/',
 					path: base + '/_static/out/browser/serviceWorker.js',
 				},
--- a/patches/unique-db.diff
+++ b/patches/unique-db.diff
@@ -14,23 +14,23 @@ Index: code-server/lib/vscode/src/vs/workbench/services/storage/browser/storageS
 --- code-server.orig/lib/vscode/src/vs/workbench/services/storage/browser/storageService.ts
 +++ code-server/lib/vscode/src/vs/workbench/services/storage/browser/storageService.ts
@@ -17,6 +17,7 @@ import { AbstractStorageService, isProfi
- import { IUserDataProfile } from 'vs/platform/userDataProfile/common/userDataProfile';
+ import { isUserDataProfile, IUserDataProfile } from 'vs/platform/userDataProfile/common/userDataProfile';
 import { IAnyWorkspaceIdentifier } from 'vs/platform/workspace/common/workspace';
 import { IUserDataProfileService } from 'vs/workbench/services/userDataProfile/common/userDataProfile';
 +import { hash } from 'vs/base/common/hash';
 
 export class BrowserStorageService extends AbstractStorageService {
 
-@@ -67,7 +68,11 @@ export class BrowserStorageService exten
- 					return `global-${this.profileStorageProfile.id}`;
- 				}
- 			case StorageScope.WORKSPACE:
-				return this.payload.id;
-+				// Add a unique ID based on the current path for per-workspace databases.
-+				// This prevents workspaces on different machines that share the same domain
-+				// and file path from colliding (since it does not appear IndexedDB can be
-+				// scoped to a path) as long as they are hosted on different paths.
-+				return this.payload.id + '-' + hash(location.pathname.toString().replace(/\/$/, "")).toString(16);
- 		}
+@@ -297,7 +298,11 @@ export class IndexedDBStorageDatabase ex
 	}
 
+ 	static async createWorkspaceStorage(workspaceId: string, logService: ILogService): Promise<IIndexedDBStorageDatabase> {
+-		return IndexedDBStorageDatabase.create({ id: workspaceId }, logService);
+		// Add a unique ID based on the current path for per-workspace databases.
+		// This prevents workspaces on different machines that share the same domain
+		// and file path from colliding (since it does not appear IndexedDB can be
+		// scoped to a path) as long as they are hosted on different paths.
+		return IndexedDBStorageDatabase.create({ id: workspaceId + '-' + hash(location.pathname.toString().replace(/\/$/, "")).toString(16) }, logService);
+ 	}
+ 
+ 	static async create(options: IndexedDBStorageDatabaseOptions, logService: ILogService): Promise<IIndexedDBStorageDatabase> {
--- a/patches/update-check.diff
+++ b/patches/update-check.diff
@@ -120,13 +120,13 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
@@ -11,6 +11,8 @@ import { refineServiceDecorator } from '
 import { IEnvironmentService, INativeEnvironmentService } from 'vs/platform/environment/common/environment';
 
- export const serverOptions: OptionDescriptions<ServerParsedArgs> = {
+ export const serverOptions: OptionDescriptions<Required<ServerParsedArgs>> = {
 +	/* ----- code-server ----- */
 +	'disable-update-check': { type: 'boolean' },
 
 	/* ----- server setup ----- */
 
-@@ -89,6 +91,8 @@ export const serverOptions: OptionDescri
+@@ -88,6 +90,8 @@ export const serverOptions: OptionDescri
 };
 
 export interface ServerParsedArgs {
--- a/patches/webview.diff
+++ b/patches/webview.diff
@@ -20,11 +20,28 @@ webview host is separate by default but we serve on the same host).

 To test, open a few types of webviews (images, markdown, extension details, etc).

+Make sure to update the hash. To do so:
+1. run code-server 
+2. open any webview (i.e. preview Markdown)
+3. see error in console and copy hash
+
+That will test the hash change in pre/index.html
+
+Double-check the console to make sure there are no console errors for the webWorkerExtensionHostIframe
+which also requires a hash change.
+
+parentOriginHash changes
+
+This fixes webviews from not working properly due to a change upstream.
+Upstream added a check to ensure parent authority is encoded into the webview
+origin. Since our webview origin is the parent authority, we can bypass this
+check.
+
 Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
 +++ code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
-@@ -177,7 +177,7 @@ export class BrowserWorkbenchEnvironment
+@@ -224,7 +224,7 @@ export class BrowserWorkbenchEnvironment
 
 	@memoize
 	get webviewExternalEndpoint(): string {
@@ -43,8 +60,17 @@ Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 			remoteAuthority,
 +			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
 			_wrapWebWorkerExtHostInIframe,
- 			developmentOptions: { enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined },
+ 			developmentOptions: { enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined, logLevel: this._logService.getLevel() },
 			settingsSyncOptions: !this._environmentService.isBuilt && this._environmentService.args['enable-sync'] ? { enabled: true } : undefined,
+@@ -344,7 +345,7 @@ export class WebClientServer {
+ 			`script-src 'self' 'unsafe-eval' ${this._getScriptCspHashes(data).join(' ')} 'sha256-fh3TwPMflhsEIpR8g1OYTIMVWhXTLcjQ9kh2tIpmv54=';`, // the sha is the same as in src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
+ 			'child-src \'self\';',
+ 			`frame-src 'self' https://*.vscode-cdn.net data:;`,
+-			'worker-src \'self\' data:;',
+			'worker-src \'self\' data: blob:;',
+ 			'style-src \'self\' \'unsafe-inline\';',
+ 			'connect-src \'self\' ws: wss: https:;',
+ 			'font-src \'self\' blob:;',
 Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
@@ -53,12 +79,12 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
 	<meta charset="UTF-8">
 
 	<meta http-equiv="Content-Security-Policy"
-		content="default-src 'none'; script-src 'sha256-JpX/ganPoxpavjxWCz9DUZgwVZ59o2lwSYTQrziPsdU=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
-+		content="default-src 'none'; script-src 'sha256-BRi/ZOLWtsisl3jAheglVzKmoA1T6n2Mmf2NM4UnIXE=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
+-		content="default-src 'none'; script-src 'sha256-RaCvj6SRgHm+2C3LKzSAamDwa3Bp4u4iQ1Y2Sm+97tE=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
+		content="default-src 'none'; script-src 'sha256-mi72idjvdhsPSBMKFqU82FG/kZVJjKR0TfHLE13gB+w=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
 
 	<!-- Disable pinch zooming -->
 	<meta name="viewport"
-@@ -331,6 +331,12 @@
+@@ -325,6 +325,12 @@
 
 				const hostname = location.hostname;
 
@@ -70,12 +96,12 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
 +
 				if (!crypto.subtle) {
 					// cannot validate, not running in a secure context
- 					throw new Error(`Cannot validate in current context!`);
+ 					throw new Error(`'crypto.subtle' is not available so webviews will not work. This is likely because the editor is not running in a secure context (https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts).`);
 Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
 +++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
-@@ -330,6 +330,12 @@
+@@ -324,6 +324,12 @@
 
 				const hostname = location.hostname;
 
@@ -87,7 +113,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
 +
 				if (!crypto.subtle) {
 					// cannot validate, not running in a secure context
- 					throw new Error(`Cannot validate in current context!`);
+ 					throw new Error(`'crypto.subtle' is not available so webviews will not work. This is likely because the editor is not running in a secure context (https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts).`);
 Index: code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
--- a/renovate.json
+++ b/renovate.json
@@ -6,10 +6,16 @@
      "matchUpdateTypes": ["minor", "patch", "digest"],
      "automerge": true,
      "groupName": "Minor dependency updates"
+    },
+    {
+      "matchDepTypes": ["peerDependencies"],
+      "matchUpdateTypes": ["minor", "patch", "digest"],
+      "automerge": true,
+      "groupName": "Peer dependency updates"
    }
  ],
  "vulnerabilityAlerts": {
    "enabled": "true"
  },
-  "ignoreDeps": ["express"]
+  "ignoreDeps": ["express", "ansi-regex", "env-paths", "limiter", "node", "prettier"]
 }
--- a/src/browser/media/templates.png
+++ b/src/browser/media/templates.png
--- a/src/browser/pages/login.html
+++ b/src/browser/pages/login.html
@@ -10,7 +10,7 @@
      http-equiv="Content-Security-Policy"
      content="style-src 'self'; script-src 'self' 'unsafe-inline'; manifest-src 'self'; img-src 'self' data:; font-src 'self' data:;"
    />
-    <title>code-server login</title>
+    <title>{{I18N_LOGIN_TITLE}}</title>
    <link rel="icon" href="{{CS_STATIC_BASE}}/src/browser/media/favicon-dark-support.svg" />
    <link rel="alternate icon" href="{{CS_STATIC_BASE}}/src/browser/media/favicon.ico" />
    <link rel="manifest" href="{{BASE}}/manifest.json" crossorigin="use-credentials" />
@@ -24,8 +24,8 @@
    <div class="center-container">
      <div class="card-box">
        <div class="header">
-          <h1 class="main">Welcome to code-server</h1>
-          <div class="sub">Please log in below. {{PASSWORD_MSG}}</div>
+          <h1 class="main">{{WELCOME_TEXT}}</h1>
+          <div class="sub">{{I18N_LOGIN_BELOW}} {{PASSWORD_MSG}}</div>
        </div>
        <div class="content">
          <form class="login-form" method="post">
@@ -38,11 +38,11 @@
                autofocus
                class="password"
                type="password"
-                placeholder="PASSWORD"
+                placeholder="{{I18N_PASSWORD_PLACEHOLDER}}"
                name="password"
                autocomplete="current-password"
              />
-              <input class="submit -button" value="SUBMIT" type="submit" />
+              <input class="submit -button" value="{{I18N_SUBMIT}}" type="submit" />
            </div>
            {{ERROR}}
          </form>
--- a/src/browser/security.txt
+++ b/src/browser/security.txt
@@ -0,0 +1,6 @@
+Contact: mailto:security@coder.com
+Acknowledgments: https://coder.com/security/thanks
+Preferred-Languages: en-US
+Canonical: https://coder.com/.well-known/security.txt
+Policy: https://coder.com/security/policy
+Hiring: https://coder.com/careers
--- a/src/node/cli.ts
+++ b/src/node/cli.ts
@@ -1,6 +1,6 @@
 import { field, Level, logger } from "@coder/logger"
 import { promises as fs } from "fs"
-import yaml from "js-yaml"
+import { load } from "js-yaml"
 import * as os from "os"
 import * as path from "path"
 import { canConnect, generateCertificate, generatePassword, humanPath, paths, isNodeJSErrnoException } from "./util"
@@ -50,6 +50,8 @@ export interface UserProvidedCodeArgs {
  "github-auth"?: string
  "disable-update-check"?: boolean
  "disable-file-downloads"?: boolean
+  "disable-workspace-trust"?: boolean
+  "disable-getting-started-override"?: boolean
 }

 /**
@@ -84,6 +86,8 @@ export interface UserProvidedArgs extends UserProvidedCodeArgs {
  "ignore-last-opened"?: boolean
  link?: OptionalString
  verbose?: boolean
+  "app-name"?: string
+  "welcome-text"?: string
  /* Positional arguments. */
  _?: string[]
 }
@@ -163,12 +167,27 @@ export const options: Options<Required<UserProvidedArgs>> = {
    description:
      "Disable file downloads from Code. This can also be set with CS_DISABLE_FILE_DOWNLOADS set to 'true' or '1'.",
  },
+  "disable-workspace-trust": {
+    type: "boolean",
+    description: "Disable Workspace Trust feature. This switch only affects the current session.",
+  },
+  "disable-getting-started-override": {
+    type: "boolean",
+    description: "Disable the coder/coder override in the Help: Getting Started page.",
+  },
  // --enable can be used to enable experimental features. These features
  // provide no guarantees.
  enable: { type: "string[]" },
  help: { type: "boolean", short: "h", description: "Show this output." },
  json: { type: "boolean" },
-  locale: { type: "string" }, // The preferred way to set the locale is via the UI.
+  locale: {
+    // The preferred way to set the locale is via the UI.
+    type: "string",
+    description: `
+      Set vscode display language and language to show on the login page, more info see 
+      https://en.wikipedia.org/wiki/IETF_language_tag
+    `,
+  },
  open: { type: "boolean", description: "Open in browser on startup. Does not work remotely." },

  "bind-addr": {
@@ -233,7 +252,16 @@ export const options: Options<Required<UserProvidedArgs>> = {

  log: { type: LogLevel },
  verbose: { type: "boolean", short: "vvv", description: "Enable verbose logging." },
-
+  "app-name": {
+    type: "string",
+    short: "an",
+    description: "The name to use in branding. Will be shown in titlebar and welcome message",
+  },
+  "welcome-text": {
+    type: "string",
+    short: "w",
+    description: "Text to show on login page",
+  },
  link: {
    type: OptionalString,
    description: `
@@ -547,6 +575,10 @@ export async function setDefaults(cliArgs: UserProvidedArgs, configArgs?: Config
    args["disable-file-downloads"] = true
  }

+  if (process.env.CS_DISABLE_GETTING_STARTED_OVERRIDE?.match(/^(1|true)$/)) {
+    args["disable-getting-started-override"] = true
+  }
+
  const usingEnvHashedPassword = !!process.env.HASHED_PASSWORD
  if (process.env.HASHED_PASSWORD) {
    args["hashed-password"] = process.env.HASHED_PASSWORD
@@ -641,7 +673,7 @@ export function parseConfigFile(configFile: string, configPath: string): ConfigA
    return { config: configPath }
  }

-  const config = yaml.load(configFile, {
+  const config = load(configFile, {
    filename: configPath,
  })
  if (!config || typeof config === "string") {
@@ -789,6 +821,7 @@ export interface CodeArgs extends UserProvidedCodeArgs {
  "without-connection-token"?: boolean
  "without-browser-env-var"?: boolean
  compatibility: string
+  log: string[] | undefined
 }

 /**
@@ -810,5 +843,6 @@ export const toCodeArgs = async (args: DefaultedArgs): Promise<CodeArgs> => {
    help: !!args.help,
    version: !!args.version,
    port: args.port?.toString(),
+    log: args.log ? [args.log] : undefined,
  }
 }
--- a/src/node/i18n/index.ts
+++ b/src/node/i18n/index.ts
@@ -0,0 +1,21 @@
+import i18next, { init } from "i18next"
+import * as en from "./locales/en.json"
+import * as zhCn from "./locales/zh-cn.json"
+
+init({
+  lng: "en",
+  fallbackLng: "en", // language to use if translations in user language are not available.
+  returnNull: false,
+  lowerCaseLng: true,
+  debug: process.env.NODE_ENV === "development",
+  resources: {
+    en: {
+      translation: en,
+    },
+    "zh-cn": {
+      translation: zhCn,
+    },
+  },
+})
+
+export default i18next
--- a/src/node/i18n/locales/en.json
+++ b/src/node/i18n/locales/en.json
@@ -0,0 +1,13 @@
+{
+  "LOGIN_TITLE": "{{app}} login",
+  "LOGIN_BELOW": "Please log in below.",
+  "WELCOME": "Welcome to {{app}}",
+  "LOGIN_PASSWORD": "Check the config file at {{configFile}} for the password.",
+  "LOGIN_USING_ENV_PASSWORD": "Password was set from $PASSWORD.",
+  "LOGIN_USING_HASHED_PASSWORD": "Password was set from $HASHED_PASSWORD.",
+  "SUBMIT": "SUBMIT",
+  "PASSWORD_PLACEHOLDER": "PASSWORD",
+  "LOGIN_RATE_LIMIT": "Login rate limited!",
+  "MISS_PASSWORD": "Missing password",
+  "INCORRECT_PASSWORD": "Incorrect password"
+}
--- a/src/node/i18n/locales/zh-cn.json
+++ b/src/node/i18n/locales/zh-cn.json
@@ -0,0 +1,13 @@
+{
+  "LOGIN_TITLE": "{{app}} 登录",
+  "LOGIN_BELOW": "请在下面登录。",
+  "WELCOME": "欢迎来到 {{app}}",
+  "LOGIN_PASSWORD": "查看配置文件 {{configFile}} 中的密码。",
+  "LOGIN_USING_ENV_PASSWORD": "密码在 $PASSWORD 中设置。",
+  "LOGIN_USING_HASHED_PASSWORD": "密码在 $HASHED_PASSWORD 中设置。",
+  "SUBMIT": "提交",
+  "PASSWORD_PLACEHOLDER": "密码",
+  "LOGIN_RATE_LIMIT": "登录速率限制!",
+  "MISS_PASSWORD": "缺少密码",
+  "INCORRECT_PASSWORD": "密码不正确"
+}
--- a/src/node/main.ts
+++ b/src/node/main.ts
@@ -9,7 +9,7 @@ import { AuthType, DefaultedArgs, Feature, SpawnCodeCli, toCodeArgs, UserProvide
 import { coderCloudBind } from "./coder_cloud"
 import { commit, version } from "./constants"
 import { register } from "./routes"
-import { humanPath, isFile, loadAMDModule, open } from "./util"
+import { humanPath, isDirectory, loadAMDModule, open } from "./util"

 /**
 * Return true if the user passed an extension-related VS Code flag.
@@ -69,14 +69,15 @@ export const openInExistingInstance = async (args: DefaultedArgs, socketPath: st
    fileURIs: [],
    forceReuseWindow: args["reuse-window"],
    forceNewWindow: args["new-window"],
+    gotoLineMode: true,
  }
  const paths = args._ || []
  for (let i = 0; i < paths.length; i++) {
    const fp = path.resolve(paths[i])
-    if (await isFile(fp)) {
-      pipeArgs.fileURIs.push(fp)
-    } else {
+    if (await isDirectory(fp)) {
      pipeArgs.folderURIs.push(fp)
+    } else {
+      pipeArgs.fileURIs.push(fp)
    }
  }
  if (pipeArgs.forceNewWindow && pipeArgs.fileURIs.length > 0) {
--- a/src/node/plugin.ts
+++ b/src/node/plugin.ts
@@ -227,7 +227,7 @@ export class PluginAPI {
 `)
    }
    if (!semver.satisfies(version, packageJSON.engines["code-server"])) {
-      throw new Error(
+      this.logger.warn(
        `plugin range ${q(packageJSON.engines["code-server"])} incompatible` + ` with code-server version ${version}`,
      )
    }
--- a/src/node/routes/index.ts
+++ b/src/node/routes/index.ts
@@ -33,7 +33,15 @@ import { CodeServerRouteWrapper } from "./vscode"
 export const register = async (app: App, args: DefaultedArgs): Promise<Disposable["dispose"]> => {
  const heart = new Heart(path.join(paths.data, "heartbeat"), async () => {
    return new Promise((resolve, reject) => {
+      // getConnections appears to not call the callback when there are no more
+      // connections.  Feels like it must be a bug?  For now add a timer to make
+      // sure we eventually resolve.
+      const timer = setTimeout(() => {
+        logger.debug("Node failed to respond with connections; assuming zero")
+        resolve(false)
+      }, 5000)
      app.server.getConnections((error, count) => {
+        clearTimeout(timer)
        if (error) {
          return reject(error)
        }
@@ -81,6 +89,13 @@ export const register = async (app: App, args: DefaultedArgs): Promise<Disposabl
      return res.redirect(`https://${req.headers.host}${req.originalUrl}`)
    }

+    // Return security.txt.
+    if (req.originalUrl === "/security.txt" || req.originalUrl === "/.well-known/security.txt") {
+      const resourcePath = path.resolve(rootPath, "src/browser/security.txt")
+      res.set("Content-Type", getMediaMime(resourcePath))
+      return res.send(await fs.readFile(resourcePath))
+    }
+
    // Return robots.txt.
    if (req.originalUrl === "/robots.txt") {
      const resourcePath = path.resolve(rootPath, "src/browser/robots.txt")
--- a/src/node/routes/login.ts
+++ b/src/node/routes/login.ts
@@ -7,12 +7,13 @@ import { CookieKeys } from "../../common/http"
 import { rootPath } from "../constants"
 import { authenticated, getCookieOptions, redirect, replaceTemplates } from "../http"
 import { getPasswordMethod, handlePasswordValidation, humanPath, sanitizeString, escapeHtml } from "../util"
+import i18n from "../i18n"

 // RateLimiter wraps around the limiter library for logins.
 // It allows 2 logins every minute plus 12 logins every hour.
 export class RateLimiter {
-  private readonly minuteLimiter = new Limiter(2, "minute")
-  private readonly hourLimiter = new Limiter(12, "hour")
+  private readonly minuteLimiter = new Limiter({ tokensPerInterval: 2, interval: "minute" })
+  private readonly hourLimiter = new Limiter({ tokensPerInterval: 12, interval: "hour" })

  public canTry(): boolean {
    // Note: we must check using >= 1 because technically when there are no tokens left
@@ -28,17 +29,26 @@ export class RateLimiter {

 const getRoot = async (req: Request, error?: Error): Promise<string> => {
  const content = await fs.readFile(path.join(rootPath, "src/browser/pages/login.html"), "utf8")
-  let passwordMsg = `Check the config file at ${humanPath(os.homedir(), req.args.config)} for the password.`
+  const locale = req.args["locale"] || "en"
+  i18n.changeLanguage(locale)
+  const appName = req.args["app-name"] || "code-server"
+  const welcomeText = req.args["welcome-text"] || (i18n.t("WELCOME", { app: appName }) as string)
+  let passwordMsg = i18n.t("LOGIN_PASSWORD", { configFile: humanPath(os.homedir(), req.args.config) })
  if (req.args.usingEnvPassword) {
-    passwordMsg = "Password was set from $PASSWORD."
+    passwordMsg = i18n.t("LOGIN_USING_ENV_PASSWORD")
  } else if (req.args.usingEnvHashedPassword) {
-    passwordMsg = "Password was set from $HASHED_PASSWORD."
+    passwordMsg = i18n.t("LOGIN_USING_HASHED_PASSWORD")
  }

  return replaceTemplates(
    req,
    content
+      .replace(/{{I18N_LOGIN_TITLE}}/g, i18n.t("LOGIN_TITLE", { app: appName }))
+      .replace(/{{WELCOME_TEXT}}/g, welcomeText)
      .replace(/{{PASSWORD_MSG}}/g, passwordMsg)
+      .replace(/{{I18N_LOGIN_BELOW}}/g, i18n.t("LOGIN_BELOW"))
+      .replace(/{{I18N_PASSWORD_PLACEHOLDER}}/g, i18n.t("PASSWORD_PLACEHOLDER"))
+      .replace(/{{I18N_SUBMIT}}/g, i18n.t("SUBMIT"))
      .replace(/{{ERROR}}/, error ? `<div class="error">${escapeHtml(error.message)}</div>` : ""),
  )
 }
@@ -66,11 +76,11 @@ router.post<{}, string, { password: string; base?: string }, { to?: string }>("/
  try {
    // Check to see if they exceeded their login attempts
    if (!limiter.canTry()) {
-      throw new Error("Login rate limited!")
+      throw new Error(i18n.t("LOGIN_RATE_LIMIT") as string)
    }

    if (!password) {
-      throw new Error("Missing password")
+      throw new Error(i18n.t("MISS_PASSWORD") as string)
    }

    const passwordMethod = getPasswordMethod(hashedPasswordFromArgs)
@@ -104,7 +114,7 @@ router.post<{}, string, { password: string; base?: string }, { to?: string }>("/
      }),
    )

-    throw new Error("Incorrect password")
+    throw new Error(i18n.t("INCORRECT_PASSWORD") as string)
  } catch (error: any) {
    const renderedHtml = await getRoot(req, error)
    res.send(renderedHtml)
--- a/src/node/routes/vscode.ts
+++ b/src/node/routes/vscode.ts
@@ -156,9 +156,7 @@ export class CodeServerRouteWrapper {
    try {
      this._codeServerMain = await createVSServer(null, {
        ...(await toCodeArgs(args)),
-        // TODO: Make the browser helper script work.
        "without-connection-token": true,
-        "without-browser-env-var": true,
      })
    } catch (error) {
      logError(logger, "CodeServerRouteWrapper", error)
--- a/src/node/util.ts
+++ b/src/node/util.ts
@@ -482,6 +482,15 @@ export const isFile = async (path: string): Promise<boolean> => {
  }
 }

+export const isDirectory = async (path: string): Promise<boolean> => {
+  try {
+    const stat = await fs.stat(path)
+    return stat.isDirectory()
+  } catch (error) {
+    return false
+  }
+}
+
 /**
 * Escapes any HTML string special characters, like &, <, >, ", and '.
 *
--- a/src/node/wrapper.ts
+++ b/src/node/wrapper.ts
@@ -147,7 +147,7 @@ abstract class Process {
 * Child process that will clean up after itself if the parent goes away and can
 * perform a handshake with the parent and ask it to relaunch.
 */
-class ChildProcess extends Process {
+export class ChildProcess extends Process {
  public logger = logger.named(`child:${process.pid}`)

  public constructor(private readonly parentPid: number) {
--- a/test/e2e/codeServer.test.ts
+++ b/test/e2e/codeServer.test.ts
@@ -4,7 +4,7 @@ import { getMaybeProxiedCodeServer } from "../utils/helpers"
 import { describe, test, expect } from "./baseFixture"
 import { CodeServer } from "./models/CodeServer"

-describe("code-server", [], {}, () => {
+describe("code-server", ["--disable-workspace-trust"], {}, () => {
  // TODO@asher: Generalize this?  Could be nice if we were to ever need
  // multiple migration tests in other suites.
  const instances = new Map<string, CodeServer>()
--- a/test/e2e/displayLang.test.ts
+++ b/test/e2e/displayLang.test.ts
@@ -3,12 +3,17 @@ import { describe, test, expect } from "./baseFixture"

 // Given a code-server environment with Spanish Language Pack extension installed
 // and a languagepacks.json in the data-dir
-describe("--locale es", ["--extensions-dir", path.join(__dirname, "./extensions"), "--locale", "es"], {}, () => {
-  test("should load code-server in Spanish", async ({ codeServerPage }) => {
-    // When
-    const visible = await codeServerPage.page.isVisible("text=Explorador")
+describe(
+  "--locale es",
+  ["--disable-workspace-trust", "--extensions-dir", path.join(__dirname, "./extensions"), "--locale", "es"],
+  {},
+  () => {
+    test("should load code-server in Spanish", async ({ codeServerPage }) => {
+      // When
+      const visible = await codeServerPage.page.isVisible("text=Explorador")

-    // Then
-    expect(visible).toBe(true)
-  })
-})
+      // Then
+      expect(visible).toBe(true)
+    })
+  },
+)
--- a/test/e2e/downloads.test.ts
+++ b/test/e2e/downloads.test.ts
@@ -3,7 +3,7 @@ import * as path from "path"
 import { clean } from "../utils/helpers"
 import { describe, test, expect } from "./baseFixture"

-describe("Downloads (enabled)", [], {}, async () => {
+describe("Downloads (enabled)", ["--disable-workspace-trust"], {}, async () => {
  const testName = "downloads-enabled"
  test.beforeAll(async () => {
    await clean(testName)
@@ -25,7 +25,7 @@ describe("Downloads (enabled)", [], {}, async () => {
  })
 })

-describe("Downloads (disabled)", ["--disable-file-downloads"], {}, async () => {
+describe("Downloads (disabled)", ["--disable-workspace-trust", "--disable-file-downloads"], {}, async () => {
  const testName = "downloads-disabled"
  test.beforeAll(async () => {
    await clean(testName)
--- a/test/e2e/extensions.test.ts
+++ b/test/e2e/extensions.test.ts
@@ -15,11 +15,11 @@ function runTestExtensionTests() {
    const text = await codeServerPage.page.locator("text=proxyUri").first().textContent()
    // Remove end slash in address
    const normalizedAddress = address.replace(/\/+$/, "")
-    expect(text).toBe(`Info: proxyUri: ${normalizedAddress}/proxy/{{port}}`)
+    expect(text).toBe(`Info: proxyUri: ${normalizedAddress}/proxy/{{port}}/`)
  })
 }

-const flags = ["--extensions-dir", path.join(__dirname, "./extensions")]
+const flags = ["--disable-workspace-trust", "--extensions-dir", path.join(__dirname, "./extensions")]

 describe("Extensions", flags, {}, () => {
  runTestExtensionTests()
--- a/test/e2e/extensions/ms-ceintl.vscode-language-pack-es-1.70.0/package.json
+++ b/test/e2e/extensions/ms-ceintl.vscode-language-pack-es-1.70.0/package.json
@@ -28,5 +28,11 @@
        ]
      }
    ]
+  },
+  "__metadata": {
+    "id": "47e020a1-33db-4cc0-a1b4-42f97781749a",
+    "publisherDisplayName": "MS-CEINTL",
+    "publisherId": "0b0882c3-aee3-4d7c-b5f9-872f9be0a115",
+    "isPreReleaseVersion": false
  }
 }
--- a/test/e2e/extensions/test-extension/extension.ts
+++ b/test/e2e/extensions/test-extension/extension.ts
@@ -2,6 +2,7 @@ import * as vscode from "vscode"

 export function activate(context: vscode.ExtensionContext) {
  vscode.window.showInformationMessage("test extension loaded")
+  // Test extension
  context.subscriptions.push(
    vscode.commands.registerCommand("codeServerTest.proxyUri", () => {
      if (process.env.VSCODE_PROXY_URI) {
@@ -11,4 +12,20 @@ export function activate(context: vscode.ExtensionContext) {
      }
    }),
  )
+
+  // asExternalUri extension
+  context.subscriptions.push(
+    vscode.commands.registerCommand("codeServerTest.asExternalUri", async () => {
+      const input = await vscode.window.showInputBox({
+        prompt: "URL to pass through to asExternalUri",
+      })
+
+      if (input) {
+        const output = await vscode.env.asExternalUri(vscode.Uri.parse(input))
+        vscode.window.showInformationMessage(`input: ${input} output: ${output}`)
+      } else {
+        vscode.window.showErrorMessage(`Failed to run test case. No input provided.`)
+      }
+    }),
+  )
 }
--- a/test/e2e/extensions/test-extension/package.json
+++ b/test/e2e/extensions/test-extension/package.json
@@ -17,6 +17,11 @@
        "command": "codeServerTest.proxyUri",
        "title": "Get proxy URI",
        "category": "code-server"
+      },
+      {
+        "command": "codeServerTest.asExternalUri",
+        "title": "asExternalUri test",
+        "category": "code-server"
      }
    ]
  },
--- a/test/e2e/github.test.ts
+++ b/test/e2e/github.test.ts
@@ -2,7 +2,7 @@ import { test as base } from "@playwright/test"
 import { describe, expect, test } from "./baseFixture"

 if (process.env.GITHUB_TOKEN) {
-  describe("GitHub token", [], {}, () => {
+  describe("GitHub token", ["--disable-workspace-trust"], {}, () => {
    test("should be logged in to pull requests extension", async ({ codeServerPage }) => {
      await codeServerPage.exec("git init")
      await codeServerPage.exec("git remote add origin https://github.com/coder/code-server")
@@ -16,7 +16,7 @@ if (process.env.GITHUB_TOKEN) {
    })
  })

-  describe("No GitHub token", [], { GITHUB_TOKEN: "" }, () => {
+  describe("No GitHub token", ["--disable-workspace-trust"], { GITHUB_TOKEN: "" }, () => {
    test("should not be logged in to pull requests extension", async ({ codeServerPage }) => {
      await codeServerPage.exec("git init")
      await codeServerPage.exec("git remote add origin https://github.com/coder/code-server")
--- a/test/e2e/login.test.ts
+++ b/test/e2e/login.test.ts
@@ -1,7 +1,7 @@
 import { PASSWORD } from "../utils/constants"
 import { describe, test, expect } from "./baseFixture"

-describe("login", ["--auth", "password"], {}, () => {
+describe("login", ["--disable-workspace-trust", "--auth", "password"], {}, () => {
  test("should see the login page", async ({ codeServerPage }) => {
    // It should send us to the login page
    expect(await codeServerPage.page.title()).toBe("code-server login")
--- a/test/e2e/logout.test.ts
+++ b/test/e2e/logout.test.ts
@@ -1,7 +1,7 @@
 // NOTE@jsjoeio commenting out until we can figure out what's wrong
 // import { describe, test, expect } from "./baseFixture"

-// describe("logout", true, [], {}, () => {
+// describe("logout", true, ["--disable-workspace-trust"], {}, () => {
 //   test("should be able logout", async ({ codeServerPage }) => {
 //     // Recommended by Playwright for async navigation
 //     // https://github.com/microsoft/playwright/issues/1987#issuecomment-620182151
--- a/test/e2e/models/CodeServer.ts
+++ b/test/e2e/models/CodeServer.ts
@@ -82,9 +82,6 @@ export class CodeServer {
      path.join(dir, "User/settings.json"),
      JSON.stringify({
        "workbench.startupEditor": "none",
-        // NOTE@jsjoeio - needed to prevent Trust Policy prompt
-        // in end-to-end tests.
-        "security.workspace.trust.enabled": false,
      }),
      "utf8",
    )
@@ -131,6 +128,8 @@ export class CodeServer {
        path.join(dir, "extensions"),
        "--auth",
        "none",
+        // The workspace to open.
+        ...(this.args.includes("--ignore-last-opened") ? [] : [dir]),
        ...this.args,
        // Using port zero will spawn on a random port.
        "--bind-addr",
@@ -142,8 +141,6 @@ export class CodeServer {
        path.join(dir, "config.yaml"),
        "--user-data-dir",
        dir,
-        // The last argument is the workspace to open.
-        dir,
      ]
      this.logger.debug("spawning `node " + args.join(" ") + "`")
      const proc = cp.spawn("node", args, {
--- a/test/e2e/openHelpAbout.test.ts
+++ b/test/e2e/openHelpAbout.test.ts
@@ -1,7 +1,7 @@
 import { version } from "../../src/node/constants"
 import { describe, test, expect } from "./baseFixture"

-describe("Open Help > About", [], {}, () => {
+describe("Open Help > About", ["--disable-workspace-trust"], {}, () => {
  test("should see code-server version in about dialog", async ({ codeServerPage }) => {
    // Open using the menu.
    await codeServerPage.navigateMenus(["Help", "About"])
--- a/test/e2e/routes.test.ts
+++ b/test/e2e/routes.test.ts
@@ -0,0 +1,111 @@
+import { describe, test, expect } from "./baseFixture"
+import { clean, getMaybeProxiedPathname } from "../utils/helpers"
+
+const routes = ["/", "/vscode", "/vscode/"]
+
+describe("VS Code Routes", ["--disable-workspace-trust"], {}, async () => {
+  const testName = "vscode-routes-default"
+  test.beforeAll(async () => {
+    await clean(testName)
+  })
+
+  test("should load all route variations", async ({ codeServerPage }) => {
+    for (const route of routes) {
+      await codeServerPage.navigate(route)
+
+      // Check there were no redirections
+      const url = new URL(codeServerPage.page.url())
+      const pathname = getMaybeProxiedPathname(url)
+      expect(pathname).toBe(route)
+
+      // TODO@jsjoeio
+      // now that we are in a proper browser instead of scraping the HTML we
+      // could possibly intercept requests to make sure assets are loading from
+      // the right spot.
+      //
+      // Check that page loaded from correct route
+      const html = await codeServerPage.page.innerHTML("html")
+      switch (route) {
+        case "/":
+        case "/vscode/":
+          expect(html).toMatch(/src="\.\/[a-z]+-[0-9a-z]+\/static\//)
+          break
+        case "/vscode":
+          expect(html).toMatch(/src="\.\/vscode\/[a-z]+-[0-9a-z]+\/static\//)
+          break
+      }
+    }
+  })
+})
+
+const CODE_WORKSPACE_DIR = process.env.CODE_WORKSPACE_DIR || ""
+describe("VS Code Routes with code-workspace", ["--disable-workspace-trust", CODE_WORKSPACE_DIR], {}, async () => {
+  test("should redirect to the passed in workspace using human-readable query", async ({ codeServerPage }) => {
+    const url = new URL(codeServerPage.page.url())
+    const pathname = getMaybeProxiedPathname(url)
+    expect(pathname).toBe("/")
+    expect(url.search).toBe(`?workspace=${CODE_WORKSPACE_DIR}`)
+  })
+})
+
+const CODE_FOLDER_DIR = process.env.CODE_FOLDER_DIR || ""
+describe("VS Code Routes with code-workspace", ["--disable-workspace-trust", CODE_FOLDER_DIR], {}, async () => {
+  test("should redirect to the passed in folder using human-readable query", async ({ codeServerPage }) => {
+    const url = new URL(codeServerPage.page.url())
+    const pathname = getMaybeProxiedPathname(url)
+    expect(pathname).toBe("/")
+    expect(url.search).toBe(`?folder=${CODE_FOLDER_DIR}`)
+  })
+})
+
+describe(
+  "VS Code Routes with ignore-last-opened",
+  ["--disable-workspace-trust", "--ignore-last-opened"],
+  {},
+  async () => {
+    test("should not redirect", async ({ codeServerPage }) => {
+      const folder = process.env.CODE_FOLDER_DIR
+
+      await codeServerPage.navigate(`/?folder=${folder}`)
+      await codeServerPage.navigate(`/`)
+
+      const url = new URL(codeServerPage.page.url())
+      const pathname = getMaybeProxiedPathname(url)
+      expect(pathname).toBe("/")
+      expect(url.search).toBe("")
+    })
+  },
+)
+
+describe("VS Code Routes with no workspace or folder", ["--disable-workspace-trust"], {}, async () => {
+  test("should redirect to last query folder/workspace", async ({ codeServerPage }) => {
+    const folder = process.env.CODE_FOLDER_DIR
+    const workspace = process.env.CODE_WORKSPACE_DIR
+    await codeServerPage.navigate(`/?folder=${folder}&workspace=${workspace}`)
+
+    // If you visit again without query parameters it will re-attach them by
+    // redirecting.  It should always redirect to the same route.
+    for (const route of routes) {
+      await codeServerPage.navigate(route)
+      const url = new URL(codeServerPage.page.url())
+      const pathname = getMaybeProxiedPathname(url)
+      expect(pathname).toBe(route)
+      expect(url.search).toBe(`?folder=${folder}&workspace=${workspace}`)
+    }
+  })
+})
+
+describe("VS Code Routes with no workspace or folder", ["--disable-workspace-trust"], {}, async () => {
+  test("should not redirect if ew passed in", async ({ codeServerPage }) => {
+    const folder = process.env.CODE_FOLDER_DIR
+    const workspace = process.env.CODE_WORKSPACE_DIR
+    await codeServerPage.navigate(`/?folder=${folder}&workspace=${workspace}`)
+
+    // Closing the folder should stop the redirecting.
+    await codeServerPage.navigate("/?ew=true")
+    let url = new URL(codeServerPage.page.url())
+    const pathname = getMaybeProxiedPathname(url)
+    expect(pathname).toBe("/")
+    expect(url.search).toBe("?ew=true")
+  })
+})
--- a/test/e2e/terminal.test.ts
+++ b/test/e2e/terminal.test.ts
@@ -5,7 +5,7 @@ import util from "util"
 import { clean, getMaybeProxiedCodeServer, tmpdir } from "../utils/helpers"
 import { describe, expect, test } from "./baseFixture"

-describe("Integrated Terminal", [], {}, () => {
+describe("Integrated Terminal", ["--disable-workspace-trust"], {}, () => {
  const testName = "integrated-terminal"
  test.beforeAll(async () => {
    await clean(testName)
--- a/test/e2e/webview.test.ts
+++ b/test/e2e/webview.test.ts
@@ -0,0 +1,28 @@
+import { promises as fs } from "fs"
+import * as path from "path"
+import { describe, test, expect } from "./baseFixture"
+
+describe("Webviews", ["--disable-workspace-trust"], {}, () => {
+  test("should preview a Markdown file", async ({ codeServerPage }) => {
+    // Create Markdown file
+    const heading = "Hello world"
+    const dir = await codeServerPage.workspaceDir
+    const file = path.join(dir, "text.md")
+    await fs.writeFile(file, `# ${heading}`)
+    await codeServerPage.openFile(file)
+
+    // Open Preview
+    await codeServerPage.executeCommandViaMenus("Markdown: Open Preview to the Side")
+    // Wait for the iframe to open and load
+    await codeServerPage.waitForTab(`Preview ${file}`)
+
+    // It's an iframe within an iframe
+    // so we have to do .frameLocator twice
+    const renderedText = await codeServerPage.page
+      .frameLocator("iframe.webview.ready")
+      .frameLocator("#active-frame")
+      .locator("text=Hello world")
+
+    expect(renderedText).toBeVisible
+  })
+})
--- a/test/playwright.config.ts
+++ b/test/playwright.config.ts
@@ -8,6 +8,7 @@ import path from "path"
 //   yarn test:e2e --workers 1        # Run with one worker
 //   yarn test:e2e --project Chromium # Only run on Chromium
 //   yarn test:e2e --grep login       # Run tests matching "login"
+//   PWDEBUG=1 yarn test:e2e          # Run Playwright inspector
 const config: PlaywrightTestConfig = {
  testDir: path.join(__dirname, "e2e"), // Search for tests in this directory.
  timeout: 60000, // Each test is given 60 seconds.
--- a/test/scripts/install.bats
+++ b/test/scripts/install.bats
@@ -11,14 +11,14 @@ function should-use-deb() {
  DISTRO=$1 ARCH=$2 OS=linux run "$SCRIPT" --dry-run
  [ "$status" -eq 0 ]
  [ "${lines[1]}" = "Installing v$VERSION of the $2 deb package from GitHub." ]
-  [ "${lines[-5]}" = "deb package has been installed." ]
+  [ "${lines[-6]}" = "deb package has been installed." ]
 }

 function should-use-rpm() {
  DISTRO=$1 ARCH=$2 OS=linux run "$SCRIPT" --dry-run
  [ "$status" -eq 0 ]
  [ "${lines[1]}" = "Installing v$VERSION of the $2 rpm package from GitHub." ]
-  [ "${lines[-5]}" = "rpm package has been installed." ]
+  [ "${lines[-6]}" = "rpm package has been installed." ]
 }

 function should-fallback-npm() {
@@ -27,21 +27,21 @@ function should-fallback-npm() {
  [ "${lines[1]}" = "No standalone releases for $2." ]
  [ "${lines[2]}" = "Falling back to installation from npm." ]
  [ "${lines[3]}" = "Installing latest from npm." ]
-  [ "${lines[-5]}" = "npm package has been installed." ]
+  [ "${lines[-6]}" = "npm package has been installed." ]
 }

 function should-use-npm() {
  YARN_PATH=true DISTRO=$1 ARCH=$2 OS=linux run "$SCRIPT" --dry-run
  [ "$status" -eq 0 ]
  [ "${lines[1]}" = "Installing latest from npm." ]
-  [ "${lines[-5]}" = "npm package has been installed." ]
+  [ "${lines[-6]}" = "npm package has been installed." ]
 }

 function should-use-aur() {
  DISTRO=$1 ARCH=$2 OS=linux run "$SCRIPT" --dry-run
  [ "$status" -eq 0 ]
  [ "${lines[1]}" = "Installing latest from the AUR." ]
-  [ "${lines[-5]}" = "AUR package has been installed." ]
+  [ "${lines[-6]}" = "AUR package has been installed." ]
 }

 function should-fallback-npm-brew() {
@@ -52,21 +52,21 @@ function should-fallback-npm-brew() {
  [ "${lines[3]}" = "No standalone releases for $1." ]
  [ "${lines[4]}" = "Falling back to installation from npm." ]
  [ "${lines[5]}" = "Installing latest from npm." ]
-  [ "${lines[-5]}" = "npm package has been installed." ]
+  [ "${lines[-6]}" = "npm package has been installed." ]
 }

 function should-use-brew() {
  BREW_PATH=true OS=macos ARCH=$1 run "$SCRIPT" --dry-run
  [ "$status" -eq 0 ]
  [ "${lines[1]}" = "Installing latest from Homebrew." ]
-  [ "${lines[-3]}" = "Brew release has been installed." ]
+  [ "${lines[-4]}" = "Brew release has been installed." ]
 }

 function should-use-standalone() {
  DISTRO=$1 ARCH=$2 OS=$3 run "$SCRIPT" --method standalone --dry-run
  [ "$status" -eq 0 ]
  [ "${lines[1]}" = "Installing v$VERSION of the $2 release from GitHub." ]
-  [[ "${lines[-5]}" = "Standalone release has been installed"* ]]
+  [[ "${lines[-6]}" = "Standalone release has been installed"* ]]
 }

@test "$SCRIPT_NAME: usage with --help" {
@@ -141,7 +141,7 @@ function should-use-standalone() {
  [ "${lines[1]}" = "Homebrew not installed." ]
  [ "${lines[2]}" = "Falling back to standalone installation." ]
  [ "${lines[3]}" = "Installing v$VERSION of the amd64 release from GitHub." ]
-  [[ "${lines[-5]}" = "Standalone release has been installed"* ]]
+  [[ "${lines[-6]}" = "Standalone release has been installed"* ]]
 }
@test "$SCRIPT_NAME: macos i386 (no brew)" {
  should-fallback-npm-brew "i386"
--- a/test/unit/helpers.test.ts
+++ b/test/unit/helpers.test.ts
@@ -1,5 +1,6 @@
 import { promises as fs } from "fs"
-import { clean, getAvailablePort, tmpdir, useEnv } from "../../test/utils/helpers"
+import { clean, getAvailablePort, getMaybeProxiedPathname, tmpdir, useEnv } from "../../test/utils/helpers"
+import { REVERSE_PROXY_BASE_PATH } from "../utils/constants"

 /**
 * This file is for testing test helpers (not core code).
@@ -56,3 +57,22 @@ describe("getAvailablePort", () => {
    expect(portOne).not.toEqual(portTwo)
  })
 })
+
+describe("getMaybeProxiedPathname", () => {
+  it("should return the route", () => {
+    const route = "/vscode"
+    const url = new URL(`http://localhost:3000${route}`)
+    const actual = getMaybeProxiedPathname(url)
+    expect(actual).toBe(route)
+  })
+  it("should strip proxy if env var set", () => {
+    const envKey = "USE_PROXY"
+    const [setValue, resetValue] = useEnv(envKey)
+    setValue("1")
+    const route = "/vscode"
+    const url = new URL(`http://localhost:3000/8000/${REVERSE_PROXY_BASE_PATH}${route}`)
+    const actual = getMaybeProxiedPathname(url)
+    expect(actual).toBe(route)
+    resetValue()
+  })
+})
--- a/test/unit/node/cli.test.ts
+++ b/test/unit/node/cli.test.ts
@@ -43,6 +43,7 @@ describe("parser", () => {
    delete process.env.LOG_LEVEL
    delete process.env.PASSWORD
    delete process.env.CS_DISABLE_FILE_DOWNLOADS
+    delete process.env.CS_DISABLE_GETTING_STARTED_OVERRIDE
    console.log = jest.fn()
  })

@@ -67,6 +68,8 @@ describe("parser", () => {

          "1",
          "--verbose",
+          ["--app-name", "custom instance name"],
+          ["--welcome-text", "welcome to code"],
          "2",

          ["--locale", "ja"],
@@ -95,6 +98,8 @@ describe("parser", () => {

          "--disable-file-downloads",

+          "--disable-getting-started-override",
+
          ["--host", "0.0.0.0"],
          "4",
          "--",
@@ -112,6 +117,7 @@ describe("parser", () => {
        value: path.resolve("path/to/cert"),
      },
      "disable-file-downloads": true,
+      "disable-getting-started-override": true,
      enable: ["feature1", "feature2"],
      help: true,
      host: "0.0.0.0",
@@ -123,6 +129,8 @@ describe("parser", () => {
      socket: path.resolve("mumble"),
      "socket-mode": "777",
      verbose: true,
+      "app-name": "custom instance name",
+      "welcome-text": "welcome to code",
      version: true,
      "bind-addr": "192.169.0.1:8080",
    })
@@ -374,6 +382,30 @@ describe("parser", () => {
    })
  })

+  it("should use env var CS_DISABLE_GETTING_STARTED_OVERRIDE", async () => {
+    process.env.CS_DISABLE_GETTING_STARTED_OVERRIDE = "1"
+    const args = parse([])
+    expect(args).toEqual({})
+
+    const defaultArgs = await setDefaults(args)
+    expect(defaultArgs).toEqual({
+      ...defaults,
+      "disable-getting-started-override": true,
+    })
+  })
+
+  it("should use env var CS_DISABLE_GETTING_STARTED_OVERRIDE set to true", async () => {
+    process.env.CS_DISABLE_GETTING_STARTED_OVERRIDE = "true"
+    const args = parse([])
+    expect(args).toEqual({})
+
+    const defaultArgs = await setDefaults(args)
+    expect(defaultArgs).toEqual({
+      ...defaults,
+      "disable-getting-started-override": true,
+    })
+  })
+
  it("should error if password passed in", () => {
    expect(() => parse(["--password", "supersecret123"])).toThrowError(
      "--password can only be set in the config file or passed in via $PASSWORD",
@@ -763,6 +795,7 @@ describe("toCodeArgs", () => {
    help: false,
    port: "8080",
    version: false,
+    log: undefined,
  }

  const testName = "vscode-args"
--- a/test/unit/node/routes/login.test.ts
+++ b/test/unit/node/routes/login.test.ts
@@ -92,5 +92,62 @@ describe("login", () => {

      expect(htmlContent).toContain("Incorrect password")
    })
+
+    it("should return correct app-name", async () => {
+      process.env.PASSWORD = previousEnvPassword
+      const appName = "testnäme"
+      const codeServer = await integration.setup([`--app-name=${appName}`], "")
+      const resp = await codeServer.fetch("/login", { method: "GET" })
+
+      const htmlContent = await resp.text()
+      expect(resp.status).toBe(200)
+      expect(htmlContent).toContain(`${appName}</h1>`)
+      expect(htmlContent).toContain(`<title>${appName} login</title>`)
+    })
+
+    it("should return correct app-name when unset", async () => {
+      process.env.PASSWORD = previousEnvPassword
+      const appName = "code-server"
+      const codeServer = await integration.setup([], "")
+      const resp = await codeServer.fetch("/login", { method: "GET" })
+
+      const htmlContent = await resp.text()
+      expect(resp.status).toBe(200)
+      expect(htmlContent).toContain(`${appName}</h1>`)
+      expect(htmlContent).toContain(`<title>${appName} login</title>`)
+    })
+
+    it("should return correct welcome text", async () => {
+      process.env.PASSWORD = previousEnvPassword
+      const welcomeText = "Welcome to your code workspace! öäü🔐"
+      const codeServer = await integration.setup([`--welcome-text=${welcomeText}`], "")
+      const resp = await codeServer.fetch("/login", { method: "GET" })
+
+      const htmlContent = await resp.text()
+      expect(resp.status).toBe(200)
+      expect(htmlContent).toContain(welcomeText)
+    })
+
+    it("should return correct welcome text when none is set but app-name is", async () => {
+      process.env.PASSWORD = previousEnvPassword
+      const appName = "testnäme"
+      const codeServer = await integration.setup([`--app-name=${appName}`], "")
+      const resp = await codeServer.fetch("/login", { method: "GET" })
+
+      const htmlContent = await resp.text()
+      expect(resp.status).toBe(200)
+      expect(htmlContent).toContain(`Welcome to ${appName}`)
+    })
+
+    it("should return correct welcome text when locale is set to non-English", async () => {
+      process.env.PASSWORD = previousEnvPassword
+      const locale = "zh-cn"
+      const codeServer = await integration.setup([`--locale=${locale}`], "")
+      const resp = await codeServer.fetch("/login", { method: "GET" })
+
+      const htmlContent = await resp.text()
+      expect(resp.status).toBe(200)
+      expect(htmlContent).toContain(`欢迎来到 code-server`)
+    })
  })
 })
--- a/Show More
+++ b/Show More