feat(sandbox): VS Code Remote-SSH support with platform detection fix and network policy (!42)

Closes NVIDIA#34

## Summary

- Add `nav ssh-proxy` name mode (`--cluster`/`--name`) and `nav sandbox ssh-config` for VS Code Remote-SSH integration
- Fix VS Code Remote-SSH platform misdetection (was defaulting to Windows/PowerShell)
- Fix sandbox network policy for VS Code server connectivity
- Fix sandbox user shell configuration

## Problem

VS Code Remote-SSH was failing to connect to Navigator sandboxes due to three issues:

1. **Platform misdetection**: VS Code sends `uname -rsv` after a `ready:` marker and expects a response within ~1ms. Forced PTY allocation in `shell_request`, interactive bash (`-i`), and leaked supervisor env vars added enough latency that VS Code timed out and defaulted to "Platform: windows", then tried `powershell`.
2. **Broken network policy**: The `vscode` entry in `dev-sandbox-policy.yaml` was at the YAML top-level instead of nested under `network_policies:` (indentation bug). The VS Code server binary also needed a glob entry.
3. **No login shell**: The sandbox user had `/usr/sbin/nologin` as its shell.

## Changes

| File | Change |
|------|--------|
| `crates/navigator-sandbox/src/ssh.rs` | Remove forced PTY in `shell_request`, remove `-i` flag from pipe exec, add `env_clear()` + explicit `SHELL`/`PATH` to both shell spawn paths |
| `deploy/docker/sandbox/Dockerfile.base` | Change sandbox user shell to `/bin/bash`, set home to `/sandbox`, add `.bashrc`/`.profile` |
| `dev-sandbox-policy.yaml` | Fix `vscode:` indentation under `network_policies:`, add `/sandbox/.vscode-server/*` binary glob |
| `crates/navigator-cli/src/main.rs` | Add `--cluster`/`--name` to `SshProxy`, add `SshConfig`/`Policy`/`Logs` subcommands (rebase merge) |
| `crates/navigator-cli/src/ssh.rs` | Update `print_ssh_config` to use `--cluster` flag |
| `examples/vscode-remote-sandbox.md` | User-facing example and docs |

## How to use

```bash
# Create a persistent sandbox
nav sandbox create --keep my-sandbox

# Generate SSH config
nav sandbox ssh-config my-sandbox >> ~/.ssh/config

# Open VS Code
code --remote ssh-remote+nav-my-sandbox /sandbox
```

## Testing

- All 307 tests pass
- Clippy clean on modified crates

Author: drew

crates/navigator-cli/src/main.rs

@@ -128,18 +128,39 @@ enum Commands {
     },
 
     /// SSH proxy (used by `ProxyCommand`).
+    ///
+    /// Two mutually exclusive modes:
+    ///
+    /// **Token mode** (used internally by `sandbox connect`):
+    ///   `nav ssh-proxy --gateway <url> --sandbox-id <id> --token <token>`
+    ///
+    /// **Name mode** (for use in `~/.ssh/config`):
+    ///   `nav ssh-proxy --cluster <name> --name <sandbox-name>`
     SshProxy {
         /// Gateway URL (e.g., <https://gw.example.com:443/proxy/connect>).
+        /// Required in token mode.
         #[arg(long)]
-        gateway: String,
+        gateway: Option<String>,
 
-        /// Sandbox id.
+        /// Sandbox id. Required in token mode.
         #[arg(long)]
-        sandbox_id: String,
+        sandbox_id: Option<String>,
 
-        /// SSH session token.
+        /// SSH session token. Required in token mode.
         #[arg(long)]
-        token: String,
+        token: Option<String>,
+
+        /// Cluster endpoint URL. Used in name mode. Deprecated: prefer --cluster.
+        #[arg(long)]
+        server: Option<String>,
+
+        /// Cluster name (resolves endpoint from stored metadata). Used in name mode.
+        #[arg(long, short)]
+        cluster: Option<String>,
+
+        /// Sandbox name. Used in name mode.
+        #[arg(long)]
+        name: Option<String>,
     },
 }
 
@@ -510,6 +531,15 @@ enum SandboxCommands {
         #[arg(long, default_value = "")]
         level: String,
     },
+
+    /// Print an SSH config entry for a sandbox.
+    ///
+    /// Outputs a Host block suitable for appending to ~/.ssh/config,
+    /// enabling tools like `VSCode` Remote-SSH to connect to the sandbox.
+    SshConfig {
+        /// Sandbox name.
+        name: String,
+    },
 }
 
 #[derive(Subcommand, Debug)]
@@ -1006,6 +1036,9 @@ async fn main() -> Result<()> {
                             )
                             .await?;
                         }
+                        SandboxCommands::SshConfig { name } => {
+                            run::print_ssh_config(&ctx.name, &name);
+                        }
                     }
                 }
             }
@@ -1129,8 +1162,42 @@ async fn main() -> Result<()> {
             gateway,
             sandbox_id,
             token,
+            server,
+            cluster,
+            name,
         }) => {
-            run::sandbox_ssh_proxy(&gateway, &sandbox_id, &token, &tls).await?;
+            match (gateway, sandbox_id, token, server, cluster, name) {
+                // Token mode (existing behavior): pre-created session credentials.
+                (Some(gw), Some(sid), Some(tok), _, _, _) => {
+                    run::sandbox_ssh_proxy(&gw, &sid, &tok, &tls).await?;
+                }
+                // Name mode with --cluster: resolve endpoint from metadata.
+                (_, _, _, server_override, Some(c), Some(n)) => {
+                    let endpoint = if let Some(srv) = server_override {
+                        srv
+                    } else {
+                        let meta = load_cluster_metadata(&c).map_err(|_| {
+                            miette::miette!(
+                                "Unknown cluster '{c}'.\n\
+                                 Deploy it first: nav cluster admin deploy --name {c}\n\
+                                 Or list available clusters: nav cluster list"
+                            )
+                        })?;
+                        meta.gateway_endpoint
+                    };
+                    let tls = tls.with_cluster_name(&c);
+                    run::sandbox_ssh_proxy_by_name(&endpoint, &n, &tls).await?;
+                }
+                // Legacy name mode with --server only (no --cluster).
+                (_, _, _, Some(srv), None, Some(n)) => {
+                    run::sandbox_ssh_proxy_by_name(&srv, &n, &tls).await?;
+                }
+                _ => {
+                    return Err(miette::miette!(
+                        "provide either --gateway/--sandbox-id/--token or --cluster/--name (or --server/--name)"
+                    ));
+                }
+            }
         }
         None => {
             Cli::command().print_help().expect("Failed to print help");

crates/navigator-cli/src/run.rs

@@ -42,10 +42,11 @@ use std::time::{Duration, Instant};
 use tonic::{Code, transport::Channel};
 
 // Re-export SSH functions for backward compatibility
+pub use crate::ssh::print_ssh_config;
 pub use crate::ssh::{list_forwards, stop_forward, stop_forwards_for_sandbox};
 pub use crate::ssh::{
-    sandbox_connect, sandbox_exec, sandbox_forward, sandbox_ssh_proxy, sandbox_sync_down,
-    sandbox_sync_up, sandbox_sync_up_files,
+    sandbox_connect, sandbox_exec, sandbox_forward, sandbox_ssh_proxy, sandbox_ssh_proxy_by_name,
+    sandbox_sync_down, sandbox_sync_up, sandbox_sync_up_files,
 };
 
 /// Convert a sandbox phase integer to a human-readable string.

crates/navigator-cli/src/ssh.rs

@@ -18,6 +18,8 @@ use tokio_rustls::TlsConnector;
 struct SshSessionConfig {
     proxy_command: String,
     sandbox_id: String,
+    gateway_url: String,
+    token: String,
 }
 
 async fn ssh_session_config(
@@ -70,7 +72,9 @@ async fn ssh_session_config(
 
     Ok(SshSessionConfig {
         proxy_command,
-        sandbox_id: session.sandbox_id,
+        sandbox_id: session.sandbox_id.clone(),
+        gateway_url,
+        token: session.token,
     })
 }
 
@@ -768,6 +772,46 @@ pub async fn sandbox_ssh_proxy(
     Ok(())
 }
 
+/// Run the SSH proxy in "name mode": create a session on the fly, then proxy.
+///
+/// This is equivalent to [`sandbox_ssh_proxy`] but accepts a cluster endpoint
+/// and sandbox name instead of pre-created gateway/token credentials.  It is
+/// suitable for use as an SSH `ProxyCommand` in `~/.ssh/config` because it
+/// creates a fresh session on every invocation.
+pub async fn sandbox_ssh_proxy_by_name(server: &str, name: &str, tls: &TlsOptions) -> Result<()> {
+    let session = ssh_session_config(server, name, tls).await?;
+    sandbox_ssh_proxy(
+        &session.gateway_url,
+        &session.sandbox_id,
+        &session.token,
+        tls,
+    )
+    .await
+}
+
+/// Print an SSH config `Host` block for a sandbox to stdout.
+///
+/// The output is suitable for appending to `~/.ssh/config` so that tools like
+/// `VSCode` Remote-SSH can connect to the sandbox by host alias.
+///
+/// The `ProxyCommand` uses `--cluster` so that `ssh-proxy` resolves the
+/// gateway endpoint and TLS certificates from the cluster metadata directory
+/// (`~/.config/navigator/clusters/<name>/mtls/`).
+pub fn print_ssh_config(cluster: &str, name: &str) {
+    let exe = std::env::current_exe().expect("failed to resolve navigator executable");
+    let exe = shell_escape(&exe.to_string_lossy());
+
+    let proxy_cmd = format!("{exe} ssh-proxy --cluster {cluster} --name {name}");
+
+    println!("Host nav-{name}");
+    println!("    User sandbox");
+    println!("    StrictHostKeyChecking no");
+    println!("    UserKnownHostsFile /dev/null");
+    println!("    GlobalKnownHostsFile /dev/null");
+    println!("    LogLevel ERROR");
+    println!("    ProxyCommand {proxy_cmd}");
+}
+
 /// Copy all bytes from `reader` to `writer`, flushing on completion.
 /// Errors are intentionally discarded – connection teardown errors are
 /// expected during normal SSH session shutdown.