106 lines
2.9 KiB
Text
106 lines
2.9 KiB
Text
VSCode Live Share - Technical Architecture
|
|
==========================================
|
|
|
|
https://learn.microsoft.com/en-us/visualstudio/liveshare/
|
|
|
|
|
|
ARCHITECTURE MODEL
|
|
------------------
|
|
|
|
Host-Guest model, NOT peer-to-peer CRDT:
|
|
- One host owns the workspace
|
|
- Guests connect to host's machine
|
|
- All content stays on host, never synced to cloud or guest machines
|
|
- Sessions expire after 24 hours
|
|
|
|
Connection flow:
|
|
1. Host starts session, gets unique URL
|
|
2. Guests join via URL
|
|
3. Live Share attempts P2P connection first
|
|
4. Falls back to Microsoft cloud relay if P2P fails (firewalls/NATs)
|
|
5. Some guests can be P2P while others relay in same session
|
|
|
|
|
|
SYNCHRONIZATION
|
|
---------------
|
|
|
|
NOT using CRDTs - this is a remote workspace model:
|
|
- File system level sync, not document-level CRDT
|
|
- Host's LSP, terminals, debuggers are shared
|
|
- Guests get proxied access to host's environment
|
|
- More like "remote desktop for code" than true collaborative editing
|
|
|
|
Why this matters:
|
|
- Simpler to implement (no conflict resolution needed)
|
|
- But requires constant connection to host
|
|
- If host disconnects, session ends
|
|
- Latency depends on connection to host
|
|
|
|
|
|
PROTOCOL & SECURITY
|
|
-------------------
|
|
|
|
Transport:
|
|
- SSH protocol for all data
|
|
- P2P: direct SSH connection (ports 5990-5999)
|
|
- Relay: SSH over TLS-encrypted WebSockets
|
|
|
|
Encryption:
|
|
- Diffie-Hellman key exchange for shared secret
|
|
- AES symmetric encryption derived from shared secret
|
|
- Keys rotated periodically during session
|
|
- Keys only in memory, never persisted
|
|
|
|
Authentication:
|
|
- JWT tokens signed by Live Share service
|
|
- Claims include user identity (MSA/AAD/GitHub)
|
|
- Session-specific RSA keypair generated by host
|
|
- Private key never leaves host memory
|
|
|
|
|
|
RELAY SERVICE
|
|
-------------
|
|
|
|
Microsoft's cloud relay:
|
|
- Only used when P2P fails
|
|
- Does NOT store or inspect content
|
|
- Just routes encrypted SSH packets
|
|
- End-to-end encryption means relay can't read traffic
|
|
|
|
Enterprise option:
|
|
- Private relay servers possible
|
|
- Requires additional infrastructure
|
|
|
|
|
|
WHAT GETS SHARED
|
|
----------------
|
|
|
|
- File system (read/write based on permissions)
|
|
- Language services (IntelliSense, go-to-definition)
|
|
- Debugging sessions
|
|
- Terminal instances (optional, read-only or read-write)
|
|
- Localhost servers (port forwarding)
|
|
- Cursor positions and selections
|
|
|
|
|
|
IMPLICATIONS FOR CLI COLLAB
|
|
---------------------------
|
|
|
|
Live Share's approach could work for terminal editors:
|
|
1. One person hosts their tmux/vim session
|
|
2. Others connect via relay or P2P
|
|
3. All editing happens on host machine
|
|
4. No conflict resolution needed
|
|
|
|
But:
|
|
- Not truly decentralized
|
|
- Dependent on host's connection
|
|
- Less elegant than CRDT approach
|
|
|
|
|
|
LINKS
|
|
-----
|
|
|
|
Docs: https://learn.microsoft.com/en-us/visualstudio/liveshare/
|
|
Security: https://learn.microsoft.com/en-us/visualstudio/liveshare/reference/security
|
|
Connect: https://learn.microsoft.com/en-us/visualstudio/liveshare/reference/connectivity
|