Remote Dev Plugin Part 4 - bug fix and feature improvement

[sfc-gh-zzhu]

Pre-review checklist

• I've confirmed that instructions included in README.md are still correct after my changes in the codebase.
• I've added or updated automated unit tests to verify correctness of my new code.
• I've added or updated integration tests to verify correctness of my new code.
• I've confirmed that my changes are working by executing CLI's commands manually on MacOS.
• I've confirmed that my changes are working by executing CLI's commands manually on Windows.
• I've confirmed that my changes are up-to-date with the target branch.
• I've described my changes in the release notes.
• I've described my changes in the section below.
• I've described my changes in the documentation.

Changes description

This PR enhances the snow remote command with several new features and improvements:

1. IDE Integration:

   • Added --code flag to launch VS Code connected to the remote service
   • Added --cursor flag to launch Cursor connected to the remote service

2. Improved Stage Mounting:

   • Updated mount paths to ensure VS Code extensions got excluded from persistence storage.
   • Improved help text to better explain stage mounting behavior

3. Error Handling:

   • Replaced generic ValueError with more specific CliError for better error messages
   • Added validation for service names to prevent CREATE SERVICE failures
   • Improved error messages for common failure scenarios

4. User Experience:

   • Added warnings when configuration changes are provided for existing services
   • Improved help text with more detailed examples
   • Enhanced command output for better user feedback

The changes maintain backward compatibility while adding new functionality for IDE integration and persistent storage.

[sfc-gh-zzhu]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• Add default block volume for persistent storage #2660
• Address feedbacks #2636
• Remote Dev Plugin Part 4 - bug fix and feature improvement #2569 👈 (View in Graphite)
• Remote Dev Plugin Part 3 - Enable remote ssh connection #2547
• Remote Dev Plugin Part 2 - Add basic remote commands #2546
• Remote Dev Plugin Part 1 - Register the remote dev plugin and add utils #2545
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[graphite-app]

The subprocess.run() call uses check=False, which means IDE launch failures won't raise exceptions. This could create a misleading user experience where the CLI appears to succeed even when the IDE fails to start. Consider either:

1. Using check=True to automatically raise exceptions on non-zero exit codes, or
2. Capturing the return value and checking it manually:

   result = subprocess.run([binary_name, "--folder-uri", folder_uri], check=False)
   if result.returncode != 0:
       raise CliError(f"Failed to launch {binary_name}, exit code: {result.returncode}")

This would provide clearer feedback to users when their IDE fails to launch.

Suggested change

	subprocess.run([binary_name, "--folder-uri", folder_uri], check=False)
	result = subprocess.run([binary_name, "--folder-uri", folder_uri], check=False)
	if result.returncode != 0:
	raise CliError(f"Failed to launch {binary_name}, exit code: {result.returncode}")

Spotted by Diamond



Is this helpful? React 👍 or 👎 to let us know.

[sfc-gh-dhung]

@sfc-gh-zzhu

[sfc-gh-dhung]

Just curious what are the considerations for using block storage instead? Is there a reason we're not going with that currently?

[sfc-gh-dhung]

WDYT of making these full subcommands rather than options? i.e. snow remote start cursor instead of snow remote start --cursor

[sfc-gh-dhung]

or alternatively flatten it a bit: snow remote cursor. Basically the commands would be:
snow remote start - start the service in the background, display the URL needed to connect by web interface
snow remote ssh - blocking command*, opens SSH tunnel
snow remote code - blocking command, open SSH tunnel + VSCode. As a bonus would be neat if this automatically exits if the user closes VSCode
snow remote cursor - same idea

*could consider making this non-blocking and spin up a bg process in the future, tbd

[sfc-gh-dhung]

nit: doesn't it make sense to just ssh = ssh or launching_ide since IDEs presumably will require ssh?

[sfc-gh-dhung]

consider making this an error instead

[sfc-gh-dhung]

nit: consider refactoring so we're not calling this in three places

[sfc-gh-dhung]

@sfc-gh-zzhu

[graphite-app]

There's an inconsistency between error handling approaches. The _get_fresh_token() method now raises exceptions rather than returning None, but this code still checks for None values. Consider updating this exception handling to align with the new behavior:

try:
    token = self._get_fresh_token()
except Exception as e:
    cc.step(f"❌ Unable to get token: {e}. Retrying in 30 seconds...")
    self._interruptible_sleep(SSH_RETRY_INTERVAL)
    continue

This would properly catch and handle exceptions from the updated _get_fresh_token() implementation.

Suggested change

	if not token:
	cc.step("❌ Unable to get token. Retrying in 30 seconds...")
	self._wait_with_shutdown_check(SSH_RETRY_INTERVAL)
	self._interruptible_sleep(SSH_RETRY_INTERVAL)
	try:
	token = self._get_fresh_token()
	except Exception as e:
	cc.step(f"❌ Unable to get token: {e}. Retrying in 30 seconds...")
	self._interruptible_sleep(SSH_RETRY_INTERVAL)
	continue

Spotted by Diamond



Is this helpful? React 👍 or 👎 to let us know.

[graphite-app]

Security Concern: URL Construction

The current URL construction in validate_endpoint_ready() may be vulnerable to protocol downgrade attacks. When prepending https:// to endpoint_url without validating its content, there's a risk of creating malformed URLs if endpoint_url already contains a protocol scheme.

For example, if endpoint_url contains http://example.com, the resulting URL would be https://http://example.com, which could lead to unexpected behavior or security issues.

Consider either:

1. Validating that endpoint_url doesn't already contain a protocol scheme
2. Using a URL parsing library to properly construct the URL with HTTPS

# Example fix using validation
if "://" in endpoint_url:
    raise CliError(f"Endpoint URL should not contain protocol: {endpoint_url}")
response = requests.get(f"https://{endpoint_url}", ...)

# Or using URL parsing
from urllib.parse import urlparse, urlunparse
parsed = urlparse(endpoint_url)
if parsed.scheme:
    # Strip existing scheme and ensure HTTPS
    parts = list(parsed)
    parts[0] = "https"
    url = urlunparse(parts)
else:
    url = f"https://{endpoint_url}"
response = requests.get(url, ...)

Suggested change

	response = requests.get(
	f"https://{endpoint_url}",
	headers=headers,
	timeout=ENDPOINT_REQUEST_TIMEOUT_SECONDS,
	)
	if "://" in endpoint_url:
	raise CliError(f"Endpoint URL should not contain protocol: {endpoint_url}")
	response = requests.get(
	f"https://{endpoint_url}",
	headers=headers,
	timeout=ENDPOINT_REQUEST_TIMEOUT_SECONDS,
	)

Spotted by Diamond



Is this helpful? React 👍 or 👎 to let us know.

[graphite-app]

Inconsistent logging level for service creation message

There's an inconsistency in how service creation is logged. When a service doesn't exist:

cc.step(f"Service {service_name} does not exist, creating...")

This uses cc.step() which displays to users, while the similar check above uses:

log.debug("Service %s is pending, waiting for it to be ready...", service_name)

For consistency, either:

1. Use log.debug() for both messages to keep implementation details hidden from users
2. Use cc.step() for both to provide consistent user-facing progress updates

This would make the logging behavior more predictable and maintain a consistent level of verbosity in the user interface.

Spotted by Diamond



Is this helpful? React 👍 or 👎 to let us know.