codehost 0.1.0 → 0.3.1

package/src/cli/vscode-install.ts

@@ -0,0 +1,222 @@
+import { spawnSync } from "node:child_process";
+import { existsSync, mkdirSync, readFileSync, renameSync, rmSync, writeFileSync } from "node:fs";
+import { readdir } from "node:fs/promises";
+import { homedir, tmpdir } from "node:os";
+import { join } from "node:path";
+
+// Resolves a runnable VS Code CLI binary for `code serve-web`. Strategy
+// ("managed, prefer system"): honor an explicit override, then a system `code`
+// on PATH, otherwise download + cache Microsoft's standalone ~31MB "VS Code
+// CLI" binary for this platform. The standalone CLI fully supports serve-web
+// with the same flags as a full install. Update cadence is "check but cache":
+// the managed binary's version is re-checked against the stable channel at most
+// once per ~24h; otherwise the cached binary is used with no network call.
+
+const CACHE_ROOT = join(homedir(), ".codehost", "vscode");
+const STATE_FILE = join(CACHE_ROOT, "state.json");
+const CHECK_INTERVAL_MS = 24 * 60 * 60 * 1000;
+const UPDATE_API = "https://update.code.visualstudio.com/api/update";
+
+interface Manifest {
+  url: string;
+  version: string;
+  productVersion: string;
+  sha256hash: string;
+}
+
+interface State {
+  /** Commit-style version id from the manifest. */
+  version: string;
+  /** Human version, e.g. "1.123.0". */
+  productVersion: string;
+  /** Absolute path to the extracted `code`/`code.exe`. */
+  binPath: string;
+  /** Wall-clock ms of the last manifest check. */
+  checkedAt: number;
+}
+
+/**
+ * Return a path (or bare `"code"`) that can be spawned to run `serve-web`.
+ * Downloads and caches the standalone CLI on first use when no system VS Code
+ * is available. `opts.force` skips the 24h throttle (used by `codehost update`).
+ */
+export async function resolveCodeBinary(opts: { force?: boolean } = {}): Promise<string> {
+  const override = process.env.CODEHOST_CODE_BIN;
+  if (override) {
+    if (!existsSync(override)) {
+      throw new Error(`CODEHOST_CODE_BIN points to a missing file: ${override}`);
+    }
+    return override;
+  }
+
+  // Prefer a user-owned `code` on PATH — but only if it actually runs. A broken
+  // or stub `code` should fall through to a managed install/upgrade.
+  const system = Bun.which("code");
+  if (system && runsOk(system)) return system;
+
+  return ensureManagedBinary(opts.force ?? false);
+}
+
+async function ensureManagedBinary(force: boolean): Promise<string> {
+  const key = platformKey();
+  const state = readState();
+
+  const fresh = state && existsSync(state.binPath) && Date.now() - state.checkedAt < CHECK_INTERVAL_MS;
+  if (fresh && !force) return state!.binPath;
+
+  let manifest: Manifest;
+  try {
+    manifest = await fetchManifest(key);
+  } catch (err) {
+    // Offline: fall back to whatever we have cached, otherwise fail loudly.
+    if (state && existsSync(state.binPath)) {
+      console.warn(`[codehost] could not check for VS Code updates (${(err as Error).message}); using cached ${state.productVersion}`);
+      return state.binPath;
+    }
+    throw new Error(
+      `Unable to download VS Code and none is cached: ${(err as Error).message}. ` +
+        `Install VS Code's \`code\` CLI manually, or set CODEHOST_CODE_BIN to an existing binary.`,
+    );
+  }
+
+  // Already on the latest stable: just refresh the throttle timestamp.
+  if (state && state.version === manifest.version && existsSync(state.binPath)) {
+    writeState({ ...state, checkedAt: Date.now() });
+    return state.binPath;
+  }
+
+  console.log(`[codehost] installing VS Code ${manifest.productVersion} (${key})…`);
+  const binPath = await downloadAndExtract(manifest, key);
+  writeState({
+    version: manifest.version,
+    productVersion: manifest.productVersion,
+    binPath,
+    checkedAt: Date.now(),
+  });
+  console.log(`[codehost] VS Code ${manifest.productVersion} ready at ${binPath}`);
+  return binPath;
+}
+
+/** Map this host to a `cli-<os>-<arch>` key understood by the update API. */
+function platformKey(): string {
+  const arch = process.arch; // "x64" | "arm64" | "arm" | ...
+  if (process.platform === "darwin") {
+    return arch === "arm64" ? "cli-darwin-arm64" : "cli-darwin-x64";
+  }
+  if (process.platform === "win32") {
+    return arch === "arm64" ? "cli-win32-arm64" : "cli-win32-x64";
+  }
+  // Linux: distinguish musl (Alpine) from glibc, and map arch.
+  const os = isMusl() ? "alpine" : "linux";
+  if (arch === "arm64") return `cli-${os}-arm64`;
+  if (arch === "arm") return `cli-${os}-armhf`;
+  return `cli-${os}-x64`;
+}
+
+/** True if `<bin> --version` exits cleanly — i.e. the binary actually works. */
+function runsOk(bin: string): boolean {
+  const r = spawnSync(bin, ["--version"], { stdio: "ignore", timeout: 10_000 });
+  return r.status === 0;
+}
+
+function isMusl(): boolean {
+  if (existsSync("/etc/alpine-release")) return true;
+  // `ldd --version` mentions "musl" on musl systems; ignore failures.
+  const r = spawnSync("ldd", ["--version"], { encoding: "utf8" });
+  return /musl/i.test(`${r.stdout ?? ""}${r.stderr ?? ""}`);
+}
+
+async function fetchManifest(key: string): Promise<Manifest> {
+  const res = await fetch(`${UPDATE_API}/${key}/stable/latest`);
+  if (!res.ok) throw new Error(`manifest HTTP ${res.status} for ${key}`);
+  const m = (await res.json()) as Partial<Manifest>;
+  if (!m.url || !m.version || !m.sha256hash) {
+    throw new Error(`malformed manifest for ${key}`);
+  }
+  return {
+    url: m.url,
+    version: m.version,
+    productVersion: m.productVersion ?? m.version,
+    sha256hash: m.sha256hash,
+  };
+}
+
+async function downloadAndExtract(manifest: Manifest, key: string): Promise<string> {
+  mkdirSync(CACHE_ROOT, { recursive: true });
+  const isZip = manifest.url.endsWith(".zip");
+  const tmpArchive = join(tmpdir(), `codehost-vscode-${manifest.version}${isZip ? ".zip" : ".tar.gz"}`);
+
+  const res = await fetch(manifest.url);
+  if (!res.ok) throw new Error(`download HTTP ${res.status}`);
+  await Bun.write(tmpArchive, res);
+
+  await verifySha256(tmpArchive, manifest.sha256hash);
+
+  // Extract into a fresh temp dir, then move the single binary into the cache.
+  const extractDir = join(tmpdir(), `codehost-vscode-x-${manifest.version}`);
+  rmSync(extractDir, { recursive: true, force: true });
+  mkdirSync(extractDir, { recursive: true });
+  // bsdtar (macOS / Windows 10+) extracts .zip via `tar -xf`; GNU tar handles
+  // the Linux .tar.gz with `-xzf`.
+  const tarArgs = isZip ? ["-xf", tmpArchive] : ["-xzf", tmpArchive];
+  const tar = spawnSync("tar", [...tarArgs, "-C", extractDir], { encoding: "utf8" });
+  if (tar.status !== 0) {
+    throw new Error(`failed to extract VS Code archive: ${tar.stderr ?? tar.error?.message ?? "tar error"}`);
+  }
+
+  const exe = process.platform === "win32" ? "code.exe" : "code";
+  const found = await findFile(extractDir, exe);
+  if (!found) throw new Error(`extracted archive did not contain ${exe}`);
+
+  const destDir = join(CACHE_ROOT, manifest.version);
+  rmSync(destDir, { recursive: true, force: true });
+  mkdirSync(destDir, { recursive: true });
+  const destBin = join(destDir, exe);
+  renameSync(found, destBin);
+  if (process.platform !== "win32") {
+    const { chmodSync } = await import("node:fs");
+    chmodSync(destBin, 0o755);
+  }
+
+  rmSync(tmpArchive, { force: true });
+  rmSync(extractDir, { recursive: true, force: true });
+  return destBin;
+}
+
+async function verifySha256(path: string, expected: string): Promise<void> {
+  const hasher = new Bun.CryptoHasher("sha256");
+  hasher.update(await Bun.file(path).arrayBuffer());
+  const actual = hasher.digest("hex");
+  if (actual.toLowerCase() !== expected.toLowerCase()) {
+    rmSync(path, { force: true });
+    throw new Error(`sha256 mismatch (expected ${expected}, got ${actual})`);
+  }
+}
+
+/** Shallow-first search for a file named `name` under `dir`. */
+async function findFile(dir: string, name: string): Promise<string | null> {
+  const entries = await readdir(dir, { withFileTypes: true });
+  for (const e of entries) {
+    if (e.isFile() && e.name === name) return join(dir, e.name);
+  }
+  for (const e of entries) {
+    if (e.isDirectory()) {
+      const hit = await findFile(join(dir, e.name), name);
+      if (hit) return hit;
+    }
+  }
+  return null;
+}
+
+function readState(): State | null {
+  try {
+    return JSON.parse(readFileSync(STATE_FILE, "utf8")) as State;
+  } catch {
+    return null;
+  }
+}
+
+function writeState(state: State): void {
+  mkdirSync(CACHE_ROOT, { recursive: true });
+  writeFileSync(STATE_FILE, JSON.stringify(state, null, 2));
+}

package/src/cli/vscode.ts

@@ -1,4 +1,5 @@
 import { spawn, type Subprocess } from "bun";
+import { resolveCodeBinary } from "./vscode-install";
 
 export interface VscodeServer {
   port: number;
@@ -23,6 +24,10 @@ export interface LaunchOptions {
  */
 export async function launchVscode(opts: LaunchOptions): Promise<VscodeServer> {
   const port = opts.port && opts.port > 0 ? opts.port : await freePort();
+  // NB: no `--default-folder` — current VS Code `serve-web` (≥1.x) doesn't
+  // accept it and exits with "unexpected argument". The workspace is opened by
+  // the browser instead, via the `?folder=` query the page appends to the
+  // iframe URL (see src/web/discovery.tsx). `cwd` below still roots the server.
   const args = [
     "serve-web",
     "--host",
@@ -31,14 +36,13 @@ export async function launchVscode(opts: LaunchOptions): Promise<VscodeServer> {
     String(port),
     "--server-base-path",
     opts.basePath,
-    "--default-folder",
-    opts.dir,
     "--without-connection-token",
     "--accept-server-license-terms",
   ];
 
-  console.log(`[codehost] launching: code ${args.join(" ")}`);
-  const proc = spawn(["code", ...args], {
+  const codeBin = await resolveCodeBinary();
+  console.log(`[codehost] launching: ${codeBin} ${args.join(" ")}`);
+  const proc = spawn([codeBin, ...args], {
     cwd: opts.dir,
     stdout: "inherit",
     stderr: "inherit",

package/src/shared/repo.ts

@@ -0,0 +1,104 @@
+// Shared helpers for GitHub-shaped deep links and matching them to a daemon.
+// Used by the web resolver (src/web) and conceptually mirrors the daemon's
+// repo identity (src/cli/git.ts).
+
+import type { PeerInfo, PeerMeta } from "./signaling";
+
+export const DEFAULT_LAYOUT = "{owner}/{repo}/tree/{branch}";
+
+export interface RepoTarget {
+  provider: "gh";
+  owner: string;
+  name: string;
+  /** Branch from the deep link, if present. */
+  branch?: string;
+}
+
+/** A direct folder mount address: `/dev/<absolute-fs-path>`. */
+export interface DevTarget {
+  path: string;
+}
+
+export type DeepLink =
+  | { type: "repo"; target: RepoTarget }
+  | { type: "dev"; target: DevTarget }
+  | null;
+
+/**
+ * Parse a deep-link pathname:
+ *   /gh/<owner>/<repo>                  -> repo target (default branch)
+ *   /gh/<owner>/<repo>/tree/<branch>    -> repo target (branch; may contain slashes)
+ *   /dev/<fs-path>                      -> direct folder mount
+ * Anything else -> null (normal app).
+ */
+export function parseDeepLink(pathname: string): DeepLink {
+  const clean = pathname.replace(/\/+$/, "");
+  const gh = clean.match(/^\/gh\/([^/]+)\/([^/]+)(?:\/tree\/(.+))?$/);
+  if (gh) {
+    return {
+      type: "repo",
+      target: { provider: "gh", owner: gh[1], name: gh[2], branch: gh[3] },
+    };
+  }
+  const dev = clean.match(/^\/dev\/(.+)$/);
+  if (dev) {
+    return { type: "dev", target: { path: `/${dev[1].replace(/^\/+/, "")}` } };
+  }
+  return null;
+}
+
+/** Normalized repo key, e.g. "gh/owner/repo". */
+export function repoKey(t: Pick<RepoTarget, "owner" | "name">): string {
+  return `gh/${t.owner}/${t.name}`;
+}
+
+/** Fill a layout template from a repo target (default branch -> "main"). */
+export function fillLayout(layout: string, t: RepoTarget): string {
+  return layout
+    .replace(/\{owner\}/g, t.owner)
+    .replace(/\{repo\}/g, t.name)
+    .replace(/\{branch\}/g, t.branch || "main");
+}
+
+export interface Resolution {
+  peerId: string;
+  /** Folder to open via ?folder= (root kind); undefined opens the repo as-is. */
+  folder?: string;
+}
+
+/**
+ * Pick the best live server for a repo deep link. Prefers an exact `repo`
+ * daemon; otherwise falls back to a `root` daemon that can open the subfolder.
+ * Returns null if nothing matches.
+ */
+export function resolveRepoTarget(servers: PeerInfo[], target: RepoTarget): Resolution | null {
+  const key = repoKey(target);
+  const repoMatch = servers.find(
+    (s) => s.meta?.kind !== "root" && s.meta?.repo === key && branchOk(s.meta, target),
+  );
+  if (repoMatch) return { peerId: repoMatch.peerId };
+
+  const root = servers.find((s) => s.meta?.kind === "root");
+  if (root && root.meta) {
+    const folder = `${trimSlash(root.meta.cwd)}/${fillLayout(root.meta.layout || DEFAULT_LAYOUT, target)}`;
+    return { peerId: root.peerId, folder };
+  }
+  return null;
+}
+
+/** Pick a `dev`/repo server whose served cwd matches a /dev/<path> target. */
+export function resolveDevTarget(servers: PeerInfo[], target: DevTarget): Resolution | null {
+  const want = trimSlash(target.path);
+  const hit = servers.find((s) => s.meta && trimSlash(s.meta.cwd) === want);
+  return hit ? { peerId: hit.peerId } : null;
+}
+
+function branchOk(meta: PeerMeta, target: RepoTarget): boolean {
+  // No branch requested, or the server doesn't report one -> accept; else exact.
+  if (!target.branch || !meta.branch) return true;
+  return meta.branch === target.branch;
+}
+
+function trimSlash(p: string): string {
+  return p.replace(/\/+$/, "");
+}

package/src/shared/signaling.ts

@@ -4,14 +4,30 @@
 
 export type Role = "server" | "viewer";
 
-/** Metadata a `codehost serve` daemon advertises about itself. */
+/** Metadata a `codehost serve`/`dev` daemon advertises about itself. */
 export interface PeerMeta {
   /** Human label, defaults to hostname. */
   name: string;
-  /** Directory the VS Code instance is serving. */
+  /** Directory the VS Code instance is serving (the repo dir, or the root). */
   cwd: string;
   /** Hostname of the machine running the daemon. */
   host: string;
+  /**
+   * "repo": serves a single folder (`codehost dev`), git-identified when possible.
+   * "root": serves a workspace root (`codehost serve`) whose repos live under it.
+   * Absent is treated as "repo" for backward compatibility.
+   */
+  kind?: "repo" | "root";
+  /** repo kind: normalized identity, e.g. "gh/snomiao/codehost". */
+  repo?: string;
+  /** repo kind: current branch, e.g. "main". */
+  branch?: string;
+  /**
+   * root kind: on-disk layout of repos under `cwd`, as a template filled from a
+   * deep link — default "{owner}/{repo}/tree/{branch}". The opened folder is
+   * `cwd + "/" + fill(layout, target)`.
+   */
+  layout?: string;
 }
 
 export interface PeerInfo {

package/src/web/config.ts

@@ -3,19 +3,56 @@
 // (vite on :5173) it talks to `wrangler dev` on :8787. Override either with
 // localStorage key "codehost.signal".
 
+/** The signaling host for a given page host, e.g. signal.codehost.dev. */
+function signalHost(hostname: string): string {
+  return `signal.${hostname.replace(/^www\./, "")}`;
+}
+
 function defaultSignalUrl(): string {
-  if (typeof window === "undefined") return "wss://signal.codehost.dev";
-  const { hostname, protocol } = window.location;
+  // Read location off globalThis so this module also type-checks in the Service
+  // Worker build (webworker lib, no `window`). In a worker there's no signaling
+  // anyway; getSignalUrl is page-only and tree-shaken out of the SW bundle.
+  const loc = (globalThis as { location?: { hostname: string; protocol: string } }).location;
+  if (!loc) return "wss://signal.codehost.dev";
+  const { hostname, protocol } = loc;
   const isLocal = hostname === "localhost" || hostname === "127.0.0.1";
   if (isLocal) return "ws://localhost:8787";
   const wsProto = protocol === "https:" ? "wss:" : "ws:";
-  return `${wsProto}//signal.${hostname.replace(/^www\./, "")}`;
+  return `${wsProto}//${signalHost(hostname)}`;
 }
 
 export function getSignalUrl(): string {
-  if (typeof localStorage !== "undefined") {
-    const override = localStorage.getItem("codehost.signal");
-    if (override) return override;
-  }
+  const ls = (globalThis as { localStorage?: { getItem(k: string): string | null } }).localStorage;
+  const override = ls?.getItem("codehost.signal");
+  if (override) return override;
   return defaultSignalUrl();
 }
+
+// --- VS Code CDN proxy ---------------------------------------------------
+// Microsoft's VS Code product CDN sends no CORS headers, so the workbench's
+// cross-origin fetches (e.g. https://main.vscode-cdn.net/extensions/chat.json)
+// are blocked when VS Code runs inside our iframe. The Service Worker rewrites
+// those requests to the signaling Worker's /cdn route, which re-serves them
+// with Access-Control-Allow-Origin: *. See docs/vscode-cdn-proxy.md.
+
+/** Hostname suffix for the CDN we proxy. The Worker is the authoritative gate;
+ *  this lets the SW know which cross-origin requests to rewrite. */
+export const VSCODE_CDN_SUFFIX = ".vscode-cdn.net";
+
+export function isProxiableCdnHost(hostname: string): boolean {
+  return hostname.endsWith(VSCODE_CDN_SUFFIX);
+}
+
+/**
+ * HTTPS base of the signaling host for the current page, e.g.
+ * https://signal.codehost.dev. The SW rewrites blocked CDN requests to
+ * `${base}/cdn/<host>/<path>`. Derived from the live host (never hardcoded) so a
+ * self-hoster serving the page + Worker on their own domain is proxied by their
+ * own Worker at signal.<their-domain>.
+ */
+export function cdnProxyBase(hostname: string, protocol: string): string {
+  const isLocal = hostname === "localhost" || hostname === "127.0.0.1";
+  if (isLocal) return "http://localhost:8787";
+  const httpProto = protocol === "https:" ? "https:" : "http:";
+  return `${httpProto}//${signalHost(hostname)}`;
+}

package/src/web/discovery.tsx

@@ -7,13 +7,54 @@ import { RtcClient } from "./rtc-client";
 import { getSignalUrl } from "./config";
 import { registerTunnelHost } from "./tunnel-host";
 import { connBroker } from "./conn-broker";
+import {
+  type DeepLink,
+  parseDeepLink,
+  repoKey,
+  resolveDevTarget,
+  resolveRepoTarget,
+} from "../shared/repo";
+import { addRoom, historyFor, recordConnection } from "./history";
 
 const TOKEN_KEY = "codehost.token";
 
 type ConnState = "idle" | "connecting" | "connected" | "failed";
 
+/**
+ * Read a room token handed in the URL fragment as `#t=<token>` (what the CLI
+ * prints/opens after `setup`/`serve`). The page is static, so the fragment
+ * never reaches the server — a safe place for the shared secret. Everything
+ * after `#t=` is the token (URL-encoded by the CLI); returns "" if absent.
+ */
+function tokenFromHash(): string {
+  const m = window.location.hash.match(/^#t=(.+)$/);
+  if (!m) return "";
+  try {
+    return decodeURIComponent(m[1]).trim();
+  } catch {
+    return m[1].trim();
+  }
+}
+
+/** Short label for the "looking for…" state from a deep link. */
+function deepLinkLabel(dl: DeepLink): string | null {
+  if (!dl) return null;
+  return dl.type === "repo" ? `${dl.target.owner}/${dl.target.name}` : dl.target.path;
+}
+
+function folderQuery(folder?: string): string {
+  return folder ? `?folder=${encodeURIComponent(folder)}` : "";
+}
+
 export function Discovery() {
-  const [token, setToken] = useState(() => localStorage.getItem(TOKEN_KEY) ?? "");
+  const [token, setToken] = useState(() => {
+    const fromHash = tokenFromHash();
+    if (fromHash && validateToken(fromHash).ok) {
+      localStorage.setItem(TOKEN_KEY, fromHash);
+      return fromHash;
+    }
+    return localStorage.getItem(TOKEN_KEY) ?? "";
+  });
   const [draft, setDraft] = useState(token);
   const [tokenError, setTokenError] = useState<string | null>(null);
   const [connected, setConnected] = useState(false);
@@ -30,6 +71,15 @@ export function Discovery() {
   const rtcRef = useRef<RtcClient | null>(null);
   const activePeerRef = useRef<string | null>(null);
 
+  // Deep-link resolution (/gh/<owner>/<repo>/... or /dev/<path>): parse once,
+  // auto-connect when a matching server appears, remember the opened folder.
+  const deepLinkRef = useRef<DeepLink>(parseDeepLink(window.location.pathname));
+  const resolvedRef = useRef(false);
+  // A valid token in the URL fragment enables single-server auto-connect.
+  const autoConnectRef = useRef(false);
+  const activeFolderRef = useRef<string | undefined>(undefined);
+  const [resolving, setResolving] = useState<string | null>(() => deepLinkLabel(deepLinkRef.current));
+
   // Register the Service Worker + connection broker once. The broker shares one
   // WebRTC connection per server across tabs; on owner failover it asks us to
   // reload the iframe so it reconnects through the new owner.
@@ -38,8 +88,27 @@ export function Discovery() {
     connBroker.onLost((peerId) => {
       if (peerId !== activePeerRef.current) return;
       setIframeSrc(null);
-      setTimeout(() => setIframeSrc(`/vs/${peerId}/`), 400);
+      const folder = activeFolderRef.current;
+      setTimeout(() => setIframeSrc(`/vs/${peerId}/${folderQuery(folder)}`), 400);
     });
+    // A valid token in the URL fragment (#t=<token>) seeds the room and turns on
+    // single-server auto-connect; consume it from the address bar afterwards so
+    // the secret isn't left visible or re-applied on a manual reload.
+    const urlToken = tokenFromHash();
+    if (urlToken && validateToken(urlToken).ok) {
+      autoConnectRef.current = true;
+      if (window.location.hash) {
+        history.replaceState(null, "", window.location.pathname + window.location.search);
+      }
+    }
+
+    // For a repo deep link, adopt the room that last served it so it resolves
+    // without re-entering a token.
+    const dl = deepLinkRef.current;
+    if (dl?.type === "repo") {
+      const h = historyFor(repoKey(dl.target));
+      if (h?.token) setToken(h.token);
+    }
   }, []);
 
   useEffect(() => {
@@ -48,9 +117,16 @@ export function Discovery() {
       url: getSignalUrl(),
       token,
       role: "viewer",
-      onOpen: () => setConnected(true),
+      onOpen: () => {
+        setConnected(true);
+        addRoom(token);
+      },
       onClose: () => setConnected(false),
-      onPeers: (peers) => setServers(peers.filter((p) => p.role === "server")),
+      onPeers: (peers) => {
+        const list = peers.filter((p) => p.role === "server");
+        setServers(list);
+        void tryAutoConnect(list);
+      },
       onSignal: (from, data) => {
         if (from === activePeerRef.current) void rtcRef.current?.handleSignal(data);
       },
@@ -85,7 +161,7 @@ export function Discovery() {
     setToken(t);
   }
 
-  async function connectTo(server: PeerInfo) {
+  async function connectTo(server: PeerInfo, folder?: string) {
     const client = clientRef.current;
     if (!client) return;
 
@@ -128,12 +204,55 @@ export function Discovery() {
     try {
       await connBroker.connect(server.peerId, establish);
       setConnState("connected");
-      setIframeSrc(`/vs/${server.peerId}/`);
+      // The daemon no longer sets a default folder (current VS Code serve-web
+      // dropped that flag), so open the served workspace from here: an explicit
+      // deep-link folder if we have one, else the server's reported cwd.
+      const openFolder = folder ?? server.meta?.cwd;
+      activeFolderRef.current = openFolder;
+      setIframeSrc(`/vs/${server.peerId}/${folderQuery(openFolder)}`);
+      setResolving(null);
+      recordConnect(server, openFolder);
     } catch {
       setConnState("failed");
     }
   }
 
+  // Deep-link auto-connect: when servers arrive, pick the best match (exact repo
+  // daemon, else a root daemon's subfolder) and open it once.
+  async function tryAutoConnect(list: PeerInfo[]) {
+    if (resolvedRef.current) return;
+    const dl = deepLinkRef.current;
+    if (dl) {
+      const res = dl.type === "repo" ? resolveRepoTarget(list, dl.target) : resolveDevTarget(list, dl.target);
+      if (!res) return;
+      const server = list.find((s) => s.peerId === res.peerId);
+      if (!server) return;
+      resolvedRef.current = true;
+      await connectTo(server, res.folder);
+      return;
+    }
+    // No deep link, but a token arrived via the URL: open the room's server
+    // straight away when there's exactly one; with several, leave the picker.
+    if (autoConnectRef.current && list.length === 1) {
+      resolvedRef.current = true;
+      await connectTo(list[0]);
+    }
+  }
+
+  function recordConnect(server: PeerInfo, folder?: string) {
+    const base = {
+      token,
+      peerId: server.peerId,
+      kind: server.meta?.kind,
+      name: server.meta?.name,
+      host: server.meta?.host,
+      lastConnected: Date.now(),
+    };
+    if (server.meta?.repo) recordConnection(server.meta.repo, { ...base, folder });
+    const dl = deepLinkRef.current;
+    if (dl?.type === "repo") recordConnection(repoKey(dl.target), { ...base, folder });
+  }
+
   function disconnect() {
     rtcRef.current?.close();
     rtcRef.current = null;
@@ -178,6 +297,12 @@ export function Discovery() {
       </header>
 
       <main style={styles.main}>
+        {resolving && (
+          <p style={{ color: "#dcb67a", marginBottom: 12 }}>
+            Looking for <code style={styles.code}>{resolving}</code> in your rooms…{" "}
+            {token ? "waiting for a live server" : "enter the room's token below"}.
+          </p>
+        )}
         <form onSubmit={applyToken} style={styles.tokenForm}>
           <label style={styles.label}>Token</label>
           <input