WarpGate
SSH server management for VS Code
Workspace-scoped server lists · SSH config import · One-click terminal connections
Features
Server Management
- Add / Edit / Delete servers with full SSH field support (host, port, user, identity file, ProxyJump, extra args)
- Rename & Duplicate servers for quick variations
- Bulk Delete — multi-select servers and groups for removal in one action
- Groups — organize servers into collapsible folders
SSH Config Import
- Import hosts directly from
~/.ssh/config
- Full support for
Include directives, ProxyJump, IdentityFile, and more
- Selective import — choose which hosts to bring in
Connections
- One-click connect — click a server to open an SSH terminal
- Quick Connect (Cmd+Shift+W / Ctrl+Shift+W) — fuzzy-search all servers from the command palette
- Port Forwarding — create Local (
-L), Remote (-R), and Dynamic SOCKS (-D) tunnels through a guided wizard
- Connection Health Monitor — automatic keepalive detection with one-click reconnect on session drop
- Copy SSH Command — copy a properly escaped SSH command to clipboard
Workspace Isolation
Each VS Code workspace gets its own server list. Open different projects → see different servers. No cross-workspace leakage.
Utilities
- SSH Key Generation — generate Ed25519 or RSA-4096 keys directly from VS Code
- Export / Import Config — share workspace server lists as JSON files with teammates
Installation
From the VS Code Marketplace
- Open VS Code
- Press Cmd+Shift+X (macOS) or Ctrl+Shift+X (Windows/Linux)
- Search for "WarpGate"
- Click Install
From a .vsix File
code --install-extension warpgate-0.1.0.vsix
Quick Start
- Click the WarpGate icon in the Activity Bar (left sidebar)
- Click the + button to add a server, or click the import button to pull from
~/.ssh/config
- Click any server to connect via SSH in the integrated terminal
- Use Cmd+Shift+W for instant fuzzy-search connection
Commands
All commands are prefixed with WarpGate: in the Command Palette (Cmd+Shift+P).
| Command |
Description |
| Add Server |
Add a new SSH server configuration |
| Edit Server |
Modify an existing server |
| Delete Server |
Remove a server |
| Bulk Delete |
Multi-select servers and groups to delete |
| Connect |
Open an SSH terminal to the server |
| Quick Connect |
Fuzzy-search and connect (Cmd+Shift+W) |
| Rename Server |
Change the display name |
| Duplicate Server |
Clone a server configuration |
| Move to Group |
Organize a server into a group |
| Create Group |
Create a new server group |
| Delete Group |
Remove a group (servers become ungrouped) |
| Port Forward |
Create an SSH tunnel (Local/Remote/Dynamic) |
| Generate SSH Key |
Create a new Ed25519 or RSA key pair |
| Import from SSH Config |
Import hosts from ~/.ssh/config |
| Export Server Config |
Export workspace servers to JSON |
| Import Server Config |
Import servers from a JSON file |
| Copy SSH Command |
Copy the SSH command to clipboard |
| Refresh |
Refresh the server tree |
Settings
| Setting |
Default |
Description |
warpgate.sshBinaryPath |
Auto-detect |
Path to SSH binary (machine-scoped) |
warpgate.defaultPort |
22 |
Default SSH port for new servers |
warpgate.defaultUsername |
System user |
Default username for new servers |
warpgate.confirmBeforeDelete |
true |
Confirm before deleting (machine-scoped) |
warpgate.showConnectionNotifications |
true |
Show notification on connect |
Security
WarpGate is designed with security as a first-class concern:
- No password storage — uses SSH key-based auth only; identity files referenced by path
- No shell injection — terminal connections use VS Code's
shellPath/shellArgs API exclusively; never sendText() or string interpolation
- Allowlist input validation — all user inputs validated against strict regex allowlists; shell metacharacters rejected globally
- SSH binary confinement — only binaries in trusted system directories (
/usr/bin, /usr/local/bin, /opt/homebrew/bin) are permitted; workspace settings cannot override
- 5-layer key protection — the SSH config parser uses path confinement, filename rejection, extension rejection, content sniffing, and memory scrubbing to prevent private key material from entering extension memory
- Connect-time re-validation — all server fields are re-validated at execution time, blocking crafted objects injected via
executeCommand()
- Machine-scoped settings — security-critical settings (
sshBinaryPath, confirmBeforeDelete) cannot be overridden by workspace-level settings
- Markdown injection prevention — tooltips use
isTrusted = false and appendText() for user-supplied values
- Zero telemetry — no data collection, no analytics, no phone-home
Development
Prerequisites
Setup
git clone https://github.com/jiga/warpgate.git
cd warpgate
npm install
Build & Run
# Compile (type-check only)
npm run compile
# Build for production (esbuild bundle)
npm run build
# Watch mode for development
npm run watch
# Run tests
npm test
# Run tests in watch mode
npm run test:watch
# Run tests with coverage
npm run test:coverage
# Package as .vsix
npm run package
Debugging
Press F5 in VS Code to launch the Extension Development Host with WarpGate loaded.
Project Structure
warpgate/
├── src/
│ ├── extension.ts # Entry point
│ ├── types.ts # TypeScript interfaces
│ ├── constants.ts # Patterns & defaults
│ ├── providers/
│ │ └── ServerTreeProvider.ts # Tree view data provider
│ ├── services/
│ │ ├── ConfigParserService.ts # ~/.ssh/config parser
│ │ ├── StorageService.ts # Workspace-scoped persistence
│ │ ├── TerminalService.ts # SSH terminal creation
│ │ ├── ValidationService.ts # Input sanitization
│ │ └── HealthMonitorService.ts # Connection health monitoring
│ ├── commands/
│ │ ├── serverCommands.ts # CRUD + bulk delete
│ │ ├── importCommands.ts # SSH config import
│ │ ├── tunnelCommands.ts # Port forwarding wizard
│ │ ├── keygenCommands.ts # SSH key generation
│ │ ├── configExportCommands.ts # Export/import JSON config
│ │ └── quickConnectCommands.ts # Fuzzy quick connect
│ └── test/
│ ├── ValidationService.test.ts # 44 validation tests
│ └── ConfigParserService.test.ts # 28 parser tests
├── resources/ # Icons
├── package.json # Extension manifest
├── tsconfig.json
├── esbuild.js # Production bundler
├── vitest.config.ts # Test configuration
├── CHANGELOG.md
└── LICENSE # MIT
Contributing
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature)
- Make your changes
- Run
npm run compile && npm test to verify
- Commit your changes (
git commit -m 'Add amazing feature')
- Push to the branch (
git push origin feature/amazing-feature)
- Open a Pull Request
Please ensure:
- TypeScript compiles with zero errors
- All tests pass
- New features include tests where applicable
- Code follows the existing style (ESLint enforced)
Publishing
Manual (Recommended for first-time)
- Package the extension:
npm run package
- Go to the VS Code Marketplace Publisher Portal
- Sign in with your Microsoft/Azure account
- Click + New Extension → VS Code → Upload the
.vsix file
Automated (GitHub Actions)
Releases are automatically published to the marketplace when you push a version tag:
git tag v0.1.0
git push origin v0.1.0
This requires a VSCE_PAT secret configured in your GitHub repository settings. See Publishing Extensions for details on creating a Personal Access Token.
License
MIT — built by jiga
