VSCode Live Share - Technical Architecture
==========================================

https://learn.microsoft.com/en-us/visualstudio/liveshare/


ARCHITECTURE MODEL
------------------

Host-Guest model, NOT peer-to-peer CRDT:
  - One host owns the workspace
  - Guests connect to host's machine
  - All content stays on host, never synced to cloud or guest machines
  - Sessions expire after 24 hours

Connection flow:
  1. Host starts session, gets unique URL
  2. Guests join via URL
  3. Live Share attempts P2P connection first
  4. Falls back to Microsoft cloud relay if P2P fails (firewalls/NATs)
  5. Some guests can be P2P while others relay in same session


SYNCHRONIZATION
---------------

NOT using CRDTs - this is a remote workspace model:
  - File system level sync, not document-level CRDT
  - Host's LSP, terminals, debuggers are shared
  - Guests get proxied access to host's environment
  - More like "remote desktop for code" than true collaborative editing

Why this matters:
  - Simpler to implement (no conflict resolution needed)
  - But requires constant connection to host
  - If host disconnects, session ends
  - Latency depends on connection to host


PROTOCOL & SECURITY
-------------------

Transport:
  - SSH protocol for all data
  - P2P: direct SSH connection (ports 5990-5999)
  - Relay: SSH over TLS-encrypted WebSockets

Encryption:
  - Diffie-Hellman key exchange for shared secret
  - AES symmetric encryption derived from shared secret
  - Keys rotated periodically during session
  - Keys only in memory, never persisted

Authentication:
  - JWT tokens signed by Live Share service
  - Claims include user identity (MSA/AAD/GitHub)
  - Session-specific RSA keypair generated by host
  - Private key never leaves host memory


RELAY SERVICE
-------------

Microsoft's cloud relay:
  - Only used when P2P fails
  - Does NOT store or inspect content
  - Just routes encrypted SSH packets
  - End-to-end encryption means relay can't read traffic

Enterprise option:
  - Private relay servers possible
  - Requires additional infrastructure


WHAT GETS SHARED
----------------

  - File system (read/write based on permissions)
  - Language services (IntelliSense, go-to-definition)
  - Debugging sessions
  - Terminal instances (optional, read-only or read-write)
  - Localhost servers (port forwarding)
  - Cursor positions and selections


IMPLICATIONS FOR CLI COLLAB
---------------------------

Live Share's approach could work for terminal editors:
  1. One person hosts their tmux/vim session
  2. Others connect via relay or P2P
  3. All editing happens on host machine
  4. No conflict resolution needed

But:
  - Not truly decentralized
  - Dependent on host's connection
  - Less elegant than CRDT approach


LINKS
-----

Docs:      https://learn.microsoft.com/en-us/visualstudio/liveshare/
Security:  https://learn.microsoft.com/en-us/visualstudio/liveshare/reference/security
Connect:   https://learn.microsoft.com/en-us/visualstudio/liveshare/reference/connectivity