Foundation for account-aware features (cloud tower registration, remote tunnel surfacing, first-run sign-up). The Codev Cloud service is adding an OAuth-style device-authorization flow (device code → user confirms in browser → client polls for credentials); this issue is the extension-side consumer.
Scope
- Register a VS Code
AuthenticationProvider (id codev) so "Sign in with Codev" appears in the native Accounts menu and other extension features use standard getSession().
- Sign-in flow: initiate device authorization against the cloud service →
openExternal the confirm URL (sign-up happens there too — no account forms in webviews) → poll → store the session via SecretStorage. Sessions must survive reload; sign-out revokes.
- Callback/redirect handling where applicable:
UriHandler for vscode://cluesmith.codev-vscode/... in guest hosts; forks with a custom urlProtocol route their scheme to the same handler. Device-code polling is the primary mechanism — URI callback is progressive enhancement.
- Config: cloud base URL setting (default
https://cloud.codevos.ai), overridable for staging.
Contracts to pin (single-source constants, tested)
- Device-auth endpoint paths + poll interval/backoff semantics (shared with the CLI's device flow — keep one client implementation if feasible).
- Credential type held by the extension (short-lived session token vs PAT) — decide with the cloud service's account-API spec before implementation; record in this issue.
Acceptance
- Sign in/out from the Accounts menu works against staging; session survives window reload; secrets only in SecretStorage (never settings/globalState).
- Zero behavior change for signed-out users; no startup prompts (inertness discipline as per the IDE-mode foundation work).
Foundation for account-aware features (cloud tower registration, remote tunnel surfacing, first-run sign-up). The Codev Cloud service is adding an OAuth-style device-authorization flow (device code → user confirms in browser → client polls for credentials); this issue is the extension-side consumer.
Scope
AuthenticationProvider(idcodev) so "Sign in with Codev" appears in the native Accounts menu and other extension features use standardgetSession().openExternalthe confirm URL (sign-up happens there too — no account forms in webviews) → poll → store the session viaSecretStorage. Sessions must survive reload; sign-out revokes.UriHandlerforvscode://cluesmith.codev-vscode/...in guest hosts; forks with a customurlProtocolroute their scheme to the same handler. Device-code polling is the primary mechanism — URI callback is progressive enhancement.https://cloud.codevos.ai), overridable for staging.Contracts to pin (single-source constants, tested)
Acceptance