feat: support configurable CLI global config#1011
Merged
Merged
Conversation
code-asher
reviewed
Jun 17, 2026
EhabY
force-pushed
the
feat/global-config
branch
3 times, most recently
from
9a72ccf to
6d03c00
Compare
Collaborator
Author
|
With 7e5d315 we have the following. @code-asher I think this simplified things a bit and we can further cut down if we drop support for <0.25 (very old tbh - 3 years old). Global config / credential changes (vs
|
| Mode / version | main |
new |
|---|---|---|
| keyring (mac/win, 2.29+) | coder login --use-token-as-session <url> |
same |
| file, 0.25+ | extension writes <dir>/session + <dir>/url |
coder login --use-token-as-session <url> --global-config <dir> |
| file, <0.25 | extension writes the files | extension writes the files (fallback) |
READ
| Mode / version | main |
new |
|---|---|---|
| keyring (2.31+) | coder login token --url <url> |
same |
| file, 2.31+ | nothing (only keyring was read) | coder login token --url <url> --global-config <dir> |
| <2.31 | nothing | nothing |
DELETE
rm <default> files always runs: it is the only deleter when coder logout is unavailable (<0.25 or binary unresolvable), and it sweeps the default dir, which coder logout --global-config <override> does not touch.
| Mode / version | main |
new |
|---|---|---|
| keyring (2.29+) | coder logout --url <url> --yes + rm <default> files |
same |
| file, 0.25+ | rm <default> files only |
coder logout --url <url> --global-config <dir> --yes + rm <default> files |
| file, <0.25 / no binary | rm <default> files |
rm <default> files (no coder logout) |
Config dir / --global-config
main |
new | |
|---|---|---|
| Custom dir | not configurable | --global-config in coder.globalFlags (2.31+, file mode) |
| Binary cache | under <default> |
always plugin dir (coder.binaryDestination still applies) |
What it means for the user (vs main)
- New: point the extension at a shared CLI dir (
--global-config=~/.config/coderv2incoder.globalFlags) to share login with the terminalcoder, on 2.31+. - New: on 2.31+ the extension picks up file based CLI credentials (
mainonly read the keyring). - File writes/deletes now go through
coder login/coder logoutinstead of the extension touching the files directly. - No change for keyring users.
EhabY
force-pushed
the
feat/global-config
branch
2 times, most recently
from
36cfde3 to
b69b20b
Compare
EhabY
commented
Jun 25, 2026
code-asher
approved these changes
Jun 25, 2026
Split src/util.ts into focused modules: src/util/uri.ts (toSafeHost,
removeTrailingSlashes, resolveUiUrl, openInBrowser) and
src/util/authority.ts (Remote SSH authority helpers), replacing
src/uri/utils.ts. Migrate all importers and mirror the unit tests.
Make CliCredentialManager.readToken return the token together with its
source ("keyring" | "files") so LoginCoordinator labels the login
method from the actual source instead of re-deriving it from whether
keyring is enabled.
…malization - Add loginCoordinator test for the keyring_token method (source: "keyring") - Add comprehensive toRemoteAuthority tests over varied URI types - Test toSafeHost/normalizeUrl with Arabic alongside Japanese IDNs - Consolidate the trim + strip-trailing-slashes logic into a shared normalizeUrl in util/uri, reused by resolveUiUrl and cliCredentialManager
Replace the dedicated `coder.globalConfig` setting with a `--global-config` passthrough in `coder.globalFlags`, honored on 2.31.0+. The extension no longer reads/writes the CLI credential files itself: it writes via `coder login` (0.25.0+, `--use-token-as-session`), reads via `coder login token` (2.31.0+), and deletes via `coder logout` (keyring or file with `--global-config`). Direct file writes remain only as a pre-0.25 fallback. The binary cache no longer follows the config dir.
- Bump the minimum supported deployment version to 0.25.0 (where `coder login` lives), gating on `featureSet.cliLogin`, and move the compatibility check before credential configuration so older servers get a clear message. - Remove the pre-0.25 direct-file-write fallback; credential writes now always go through `coder login`. Drop the now-unused `vscodessh` feature flag and the dead `CredentialFileError` class plus its `filesystem`/`file` telemetry categories. - Collapse the `resolveCli` overloads into one throwing resolver; the best-effort read path catches instead. - Fix the stale `coder.globalConfig` CHANGELOG entry (the setting was dropped) and two pre-existing test typecheck breaks (`toSafeHost` import path and a `CliAuth.allowOverride` literal).
Routing file-mode credentials through `coder login`/`logout` means the credential binary resolver now runs in the login and logout flows, not just on connect. It previously fell back to `fetchBinary` on a cache miss, so a file-mode user's login (including auto-login on startup) or logout could trigger a surprise CLI download with a progress popup, where before it was silent file I/O. Make the resolver locate-only. The connect and CLI-command flows still fetch the binary first, so credential ops become best-effort against an already-present binary and never download on their own. If no binary exists yet, credential sharing is simply skipped until a real connection fetches one.
- rename FeatureSet.keyringTokenRead to tokenRead (token subcommand works for both stores) - rename resolveUiUrl to resolveCoderDashboardUrl - clarify openInBrowser docstring (connectionUrl is arbitrary) - split buildGlobalFlags on auth mode to drop the nested ternary
EhabY
force-pushed
the
feat/global-config
branch
from
c320dd2 to
5ddf592
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
coder.globalConfigas a machine-scoped directory setting for the CLI--global-configpath, withCODER_CONFIG_DIRfallback and existing per-deployment storage as the default.PathResolver, CLI auth flags, credential file reads/writes/deletes, active remote reload prompts, and support bundle settings.Closes #185.
Testing
pnpm test:extension ./test/unit/cliConfig.test.ts ./test/unit/core/pathResolver.test.ts ./test/unit/core/cliCredentialManager.test.ts ./test/unit/login/loginCoordinator.test.ts ./test/unit/supportBundle/settings.test.tspnpm testpnpm typecheckpnpm lintpnpm format:checkpnpm buildgit diff --checkGenerated by Coder Agents.
Implementation plan
coder.globalConfigsetting for a directory path and keepcoder.globalFlagsfrom overriding managed--global-config/--use-keyringflags.PathResolver:coder.globalConfigfirst, thenCODER_CONFIG_DIR, then the existing<globalStorage>/<safeHostname>default.--urlfor active supported keyring auth, otherwise--global-config <resolvedDir>.