feat: use environment variables for CLI auth instead of file flags

Pass CODER_URL and CODER_SESSION_TOKEN via SSH SetEnv directive instead
of using --session-token-file and --url-file CLI flags. This simplifies
the auth flow by using environment variables that the CLI natively supports.

Changes:
- Remove --session-token-file and --url-file from vscodessh ProxyCommand
- Add CODER_URL and CODER_SESSION_TOKEN to SSH SetEnv directive
- Update doc comments to reflect persistence-only purpose of file storage
- Keep file-based storage for extension's own credential persistence

Author: ibetitsmike

src/core/cliManager.ts

@@ -710,10 +710,10 @@ export class CliManager {
 	}
 
 	/**
-	 * Update the URL for the deployment with the provided label on disk which can
-	 * be used by the CLI via --url-file.  If the URL is falsey, do nothing.
+	 * Update the URL for the deployment with the provided label on disk for
+	 * persistence.  If the URL is falsey, do nothing.
 	 *
-	 * If the label is empty, read the old deployment-unaware config instead.
+	 * If the label is empty, use the old deployment-unaware path instead.
 	 */
 	private async updateUrlForCli(
 		label: string,
@@ -728,10 +728,9 @@ export class CliManager {
 
 	/**
 	 * Update the session token for a deployment with the provided label on disk
-	 * which can be used by the CLI via --session-token-file.  If the token is
-	 * null, do nothing.
+	 * for persistence.  If the token is null, do nothing.
 	 *
-	 * If the label is empty, read the old deployment-unaware config instead.
+	 * If the label is empty, use the old deployment-unaware path instead.
 	 */
 	private async updateTokenForCli(
 		label: string,

src/remote/remote.ts

@@ -479,6 +479,8 @@ export class Remote {
 					binaryPath,
 					logDir,
 					featureSet,
+					baseUrlRaw,
+					token,
 				);
 			} catch (error) {
 				this.logger.warn("Failed to configure SSH", error);
@@ -597,6 +599,8 @@ export class Remote {
 		binaryPath: string,
 		logDir: string,
 		featureSet: FeatureSet,
+		url: string,
+		token: string,
 	) {
 		let deploymentSSHConfig = {};
 		try {
@@ -677,9 +681,7 @@ export class Remote {
 			? `${escapeCommandArg(binaryPath)}${globalConfigs} ssh --stdio --usage-app=vscode --disable-autostart --network-info-dir ${escapeCommandArg(this.pathResolver.getNetworkInfoPath())}${await this.formatLogArg(logDir)} --ssh-host-prefix ${hostPrefix} %h`
 			: `${escapeCommandArg(binaryPath)}${globalConfigs} vscodessh --network-info-dir ${escapeCommandArg(
 					this.pathResolver.getNetworkInfoPath(),
-				)}${await this.formatLogArg(logDir)} --session-token-file ${escapeCommandArg(this.pathResolver.getSessionTokenPath(label))} --url-file ${escapeCommandArg(
-					this.pathResolver.getUrlPath(label),
-				)} %h`;
+				)}${await this.formatLogArg(logDir)} %h`;
 
 		const sshValues: SSHValues = {
 			Host: hostPrefix + `*`,
@@ -690,9 +692,9 @@ export class Remote {
 			LogLevel: "ERROR",
 		};
 		if (sshSupportsSetEnv()) {
-			// This allows for tracking the number of extension
-			// users connected to workspaces!
-			sshValues.SetEnv = " CODER_SSH_SESSION_TYPE=vscode";
+			// Pass Coder URL, session token, and session type via environment.
+			// The CLI reads CODER_URL and CODER_SESSION_TOKEN from the environment.
+			sshValues.SetEnv = ` CODER_URL=${url} CODER_SESSION_TOKEN=${token} CODER_SSH_SESSION_TYPE=vscode`;
 		}
 
 		await sshConfig.update(label, sshValues, sshConfigOverrides);