TLS Sync VS Code Extensions (#5260)

TLS Sync VSCode Extensions orchestrate `@rushstack/debug-certificate-manager` to create, trust, and sync certificates when using VSCode remotes (devcontainer, WSL, codespaces, tunnels, etc.).

Author: bmiddha

.gitignore

@@ -123,3 +123,6 @@ dist-storybook/
 # Heft temporary files
 .cache/
 .heft/
+
+# VS Code test runner files
+.vscode-test/

README.md

@@ -75,6 +75,7 @@ These GitHub repositories provide supplementary resources for Rush Stack:
 | [/heft-plugins/heft-serverless-stack-plugin](./heft-plugins/heft-serverless-stack-plugin/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Fheft-serverless-stack-plugin.svg)](https://badge.fury.io/js/%40rushstack%2Fheft-serverless-stack-plugin) | [changelog](./heft-plugins/heft-serverless-stack-plugin/CHANGELOG.md) | [@rushstack/heft-serverless-stack-plugin](https://www.npmjs.com/package/@rushstack/heft-serverless-stack-plugin) |
 | [/heft-plugins/heft-storybook-plugin](./heft-plugins/heft-storybook-plugin/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Fheft-storybook-plugin.svg)](https://badge.fury.io/js/%40rushstack%2Fheft-storybook-plugin) | [changelog](./heft-plugins/heft-storybook-plugin/CHANGELOG.md) | [@rushstack/heft-storybook-plugin](https://www.npmjs.com/package/@rushstack/heft-storybook-plugin) |
 | [/heft-plugins/heft-typescript-plugin](./heft-plugins/heft-typescript-plugin/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Fheft-typescript-plugin.svg)](https://badge.fury.io/js/%40rushstack%2Fheft-typescript-plugin) | [changelog](./heft-plugins/heft-typescript-plugin/CHANGELOG.md) | [@rushstack/heft-typescript-plugin](https://www.npmjs.com/package/@rushstack/heft-typescript-plugin) |
+| [/heft-plugins/heft-vscode-extension-plugin](./heft-plugins/heft-vscode-extension-plugin/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Fheft-vscode-extension-plugin.svg)](https://badge.fury.io/js/%40rushstack%2Fheft-vscode-extension-plugin) | [changelog](./heft-plugins/heft-vscode-extension-plugin/CHANGELOG.md) | [@rushstack/heft-vscode-extension-plugin](https://www.npmjs.com/package/@rushstack/heft-vscode-extension-plugin) |
 | [/heft-plugins/heft-webpack4-plugin](./heft-plugins/heft-webpack4-plugin/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Fheft-webpack4-plugin.svg)](https://badge.fury.io/js/%40rushstack%2Fheft-webpack4-plugin) | [changelog](./heft-plugins/heft-webpack4-plugin/CHANGELOG.md) | [@rushstack/heft-webpack4-plugin](https://www.npmjs.com/package/@rushstack/heft-webpack4-plugin) |
 | [/heft-plugins/heft-webpack5-plugin](./heft-plugins/heft-webpack5-plugin/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Fheft-webpack5-plugin.svg)](https://badge.fury.io/js/%40rushstack%2Fheft-webpack5-plugin) | [changelog](./heft-plugins/heft-webpack5-plugin/CHANGELOG.md) | [@rushstack/heft-webpack5-plugin](https://www.npmjs.com/package/@rushstack/heft-webpack5-plugin) |
 | [/libraries/api-extractor-model](./libraries/api-extractor-model/) | [![npm version](https://badge.fury.io/js/%40microsoft%2Fapi-extractor-model.svg)](https://badge.fury.io/js/%40microsoft%2Fapi-extractor-model) | [changelog](./libraries/api-extractor-model/CHANGELOG.md) | [@microsoft/api-extractor-model](https://www.npmjs.com/package/@microsoft/api-extractor-model) |
@@ -98,6 +99,7 @@ These GitHub repositories provide supplementary resources for Rush Stack:
 | [/libraries/typings-generator](./libraries/typings-generator/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Ftypings-generator.svg)](https://badge.fury.io/js/%40rushstack%2Ftypings-generator) | [changelog](./libraries/typings-generator/CHANGELOG.md) | [@rushstack/typings-generator](https://www.npmjs.com/package/@rushstack/typings-generator) |
 | [/libraries/worker-pool](./libraries/worker-pool/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Fworker-pool.svg)](https://badge.fury.io/js/%40rushstack%2Fworker-pool) | [changelog](./libraries/worker-pool/CHANGELOG.md) | [@rushstack/worker-pool](https://www.npmjs.com/package/@rushstack/worker-pool) |
 | [/rigs/heft-node-rig](./rigs/heft-node-rig/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Fheft-node-rig.svg)](https://badge.fury.io/js/%40rushstack%2Fheft-node-rig) | [changelog](./rigs/heft-node-rig/CHANGELOG.md) | [@rushstack/heft-node-rig](https://www.npmjs.com/package/@rushstack/heft-node-rig) |
+| [/rigs/heft-vscode-extension-rig](./rigs/heft-vscode-extension-rig/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Fheft-vscode-extension-rig.svg)](https://badge.fury.io/js/%40rushstack%2Fheft-vscode-extension-rig) | [changelog](./rigs/heft-vscode-extension-rig/CHANGELOG.md) | [@rushstack/heft-vscode-extension-rig](https://www.npmjs.com/package/@rushstack/heft-vscode-extension-rig) |
 | [/rigs/heft-web-rig](./rigs/heft-web-rig/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Fheft-web-rig.svg)](https://badge.fury.io/js/%40rushstack%2Fheft-web-rig) | [changelog](./rigs/heft-web-rig/CHANGELOG.md) | [@rushstack/heft-web-rig](https://www.npmjs.com/package/@rushstack/heft-web-rig) |
 | [/rush-plugins/rush-amazon-s3-build-cache-plugin](./rush-plugins/rush-amazon-s3-build-cache-plugin/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Frush-amazon-s3-build-cache-plugin.svg)](https://badge.fury.io/js/%40rushstack%2Frush-amazon-s3-build-cache-plugin) | | [@rushstack/rush-amazon-s3-build-cache-plugin](https://www.npmjs.com/package/@rushstack/rush-amazon-s3-build-cache-plugin) |
 | [/rush-plugins/rush-azure-storage-build-cache-plugin](./rush-plugins/rush-azure-storage-build-cache-plugin/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Frush-azure-storage-build-cache-plugin.svg)](https://badge.fury.io/js/%40rushstack%2Frush-azure-storage-build-cache-plugin) | | [@rushstack/rush-azure-storage-build-cache-plugin](https://www.npmjs.com/package/@rushstack/rush-azure-storage-build-cache-plugin) |
@@ -108,6 +110,9 @@ These GitHub repositories provide supplementary resources for Rush Stack:
 | [/rush-plugins/rush-redis-cobuild-plugin](./rush-plugins/rush-redis-cobuild-plugin/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Frush-redis-cobuild-plugin.svg)](https://badge.fury.io/js/%40rushstack%2Frush-redis-cobuild-plugin) | | [@rushstack/rush-redis-cobuild-plugin](https://www.npmjs.com/package/@rushstack/rush-redis-cobuild-plugin) |
 | [/rush-plugins/rush-resolver-cache-plugin](./rush-plugins/rush-resolver-cache-plugin/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Frush-resolver-cache-plugin.svg)](https://badge.fury.io/js/%40rushstack%2Frush-resolver-cache-plugin) | | [@rushstack/rush-resolver-cache-plugin](https://www.npmjs.com/package/@rushstack/rush-resolver-cache-plugin) |
 | [/rush-plugins/rush-serve-plugin](./rush-plugins/rush-serve-plugin/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Frush-serve-plugin.svg)](https://badge.fury.io/js/%40rushstack%2Frush-serve-plugin) | | [@rushstack/rush-serve-plugin](https://www.npmjs.com/package/@rushstack/rush-serve-plugin) |
+| [/vscode-extensions/tls-sync-vscode-extension-pack](./vscode-extensions/tls-sync-vscode-extension-pack/) | [![npm version](https://badge.fury.io/js/tls-sync-vscode-extension-pack.svg)](https://badge.fury.io/js/tls-sync-vscode-extension-pack) | [changelog](./vscode-extensions/tls-sync-vscode-extension-pack/CHANGELOG.md) | [tls-sync-vscode-extension-pack](https://www.npmjs.com/package/tls-sync-vscode-extension-pack) |
+| [/vscode-extensions/tls-sync-vscode-ui-extension](./vscode-extensions/tls-sync-vscode-ui-extension/) | [![npm version](https://badge.fury.io/js/tls-sync-vscode-ui-extension.svg)](https://badge.fury.io/js/tls-sync-vscode-ui-extension) | | [tls-sync-vscode-ui-extension](https://www.npmjs.com/package/tls-sync-vscode-ui-extension) |
+| [/vscode-extensions/tls-sync-vscode-workspace-extension](./vscode-extensions/tls-sync-vscode-workspace-extension/) | [![npm version](https://badge.fury.io/js/tls-sync-vscode-workspace-extension.svg)](https://badge.fury.io/js/tls-sync-vscode-workspace-extension) | | [tls-sync-vscode-workspace-extension](https://www.npmjs.com/package/tls-sync-vscode-workspace-extension) |
 | [/webpack/hashed-folder-copy-plugin](./webpack/hashed-folder-copy-plugin/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Fhashed-folder-copy-plugin.svg)](https://badge.fury.io/js/%40rushstack%2Fhashed-folder-copy-plugin) | [changelog](./webpack/hashed-folder-copy-plugin/CHANGELOG.md) | [@rushstack/hashed-folder-copy-plugin](https://www.npmjs.com/package/@rushstack/hashed-folder-copy-plugin) |
 | [/webpack/loader-load-themed-styles](./webpack/loader-load-themed-styles/) | [![npm version](https://badge.fury.io/js/%40microsoft%2Floader-load-themed-styles.svg)](https://badge.fury.io/js/%40microsoft%2Floader-load-themed-styles) | [changelog](./webpack/loader-load-themed-styles/CHANGELOG.md) | [@microsoft/loader-load-themed-styles](https://www.npmjs.com/package/@microsoft/loader-load-themed-styles) |
 | [/webpack/loader-raw-script](./webpack/loader-raw-script/) | [![npm version](https://badge.fury.io/js/%40rushstack%2Floader-raw-script.svg)](https://badge.fury.io/js/%40rushstack%2Floader-raw-script) | [changelog](./webpack/loader-raw-script/CHANGELOG.md) | [@rushstack/loader-raw-script](https://www.npmjs.com/package/@rushstack/loader-raw-script) |
@@ -218,6 +223,8 @@ These GitHub repositories provide supplementary resources for Rush Stack:
 | [/rush-plugins/rush-litewatch-plugin](./rush-plugins/rush-litewatch-plugin/) | An experimental alternative approach for multi-project watch mode |
 | [/vscode-extensions/rush-vscode-command-webview](./vscode-extensions/rush-vscode-command-webview/) | Part of the Rush Stack VSCode extension, provides a UI for invoking Rush commands |
 | [/vscode-extensions/rush-vscode-extension](./vscode-extensions/rush-vscode-extension/) | Enhanced experience for monorepos that use the Rush Stack toolchain |
+| [/vscode-extensions/tls-sync-vscode-shared](./vscode-extensions/tls-sync-vscode-shared/) |  |
+| [/vscode-extensions/vscode-shared](./vscode-extensions/vscode-shared/) |  |
 | [/webpack/webpack-deep-imports-plugin](./webpack/webpack-deep-imports-plugin/) | This plugin creates a bundle and commonJS files in a 'lib' folder mirroring modules in another 'lib' folder. |
 <!-- GENERATED PROJECT SUMMARY END -->
 

common/changes/@rushstack/debug-certificate-manager/bmiddha-tls-sync_2025-06-27-01-35.json

@@ -0,0 +1,25 @@
+{
+  "changes": [
+    {
+      "packageName": "@rushstack/debug-certificate-manager",
+      "comment": "CertificateStore - Add params to support custom paths and filenames",
+      "type": "minor"
+    },
+    {
+      "packageName": "@rushstack/debug-certificate-manager",
+      "comment": "CertificateManager - Update `untrustCertificateAsync` to clear `caCertificateData`",
+      "type": "minor"
+    },
+    {
+      "packageName": "@rushstack/debug-certificate-manager",
+      "comment": "CertificateManager - Use osascript (applescript) to run elevated command on macOS instead of sudo package.",
+      "type": "minor"
+    },
+    {
+      "packageName": "@rushstack/debug-certificate-manager",
+      "comment": "CertificateManager - Expose `getCertificateExpirationAsync` method to retrieve certificate expiration date",
+      "type": "minor"
+    }
+  ],
+  "packageName": "@rushstack/debug-certificate-manager"
+}

common/changes/@rushstack/heft-vscode-extension-plugin/bmiddha-tls-sync_2025-06-27-01-35.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@rushstack/heft-vscode-extension-plugin",
+      "comment": "Add new Heft plugin to package files into a VSIX file",
+      "type": "minor"
+    }
+  ],
+  "packageName": "@rushstack/heft-vscode-extension-plugin"
+}

common/changes/@rushstack/heft-vscode-extension-rig/bmiddha-tls-sync_2025-07-01-20-54.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@rushstack/heft-vscode-extension-rig",
+      "comment": "Add new rig to build VS Code extensions",
+      "type": "minor"
+    }
+  ],
+  "packageName": "@rushstack/heft-vscode-extension-rig"
+}

common/changes/@rushstack/node-core-library/bmiddha-tls-sync_2025-07-01-20-54.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@rushstack/node-core-library",
+      "comment": "Add a `Async.runWithTimeoutAsync` function that executes an async function, resolving if the specified timeout elapses first.",
+      "type": "minor"
+    }
+  ],
+  "packageName": "@rushstack/node-core-library"
+}

common/changes/@rushstack/tls-sync-vscode-shared/bmiddha-tls-sync_2025-06-27-01-35.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@rushstack/tls-sync-vscode-shared",
+      "comment": "Add shared utilities for the Workspace and UI TLS Sync VS Code extensions",
+      "type": "minor"
+    }
+  ],
+  "packageName": "@rushstack/tls-sync-vscode-shared"
+}

common/changes/tls-sync-vscode-extension-pack/bmiddha-tls-sync_2025-07-01-00-21.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "tls-sync-vscode-extension-pack",
+      "comment": "Add VSCode Extension to sync TLS certificates when using VS Code remoting.",
+      "type": "minor"
+    }
+  ],
+  "packageName": "tls-sync-vscode-extension-pack"
+}

common/config/azure-pipelines/vscode-extension-publish.yaml

@@ -2,6 +2,26 @@ variables:
   - name: FORCE_COLOR
     value: 1
 
+parameters:
+  - name: shouldPublish
+    type: boolean
+    default: true
+  - name: ExtensionPublishConfig
+    type: object
+    default:
+      - key: 'tls-sync-vscode-ui-extension'
+        vsixPath: 'dist/vsix/packaged.vsix'
+        projectPath: '$(Build.SourcesDirectory)/vscode-extensions/tls-sync-vscode-ui-extension'
+      - key: 'tls-sync-vscode-workspace-extension'
+        vsixPath: 'dist/vsix/packaged.vsix'
+        projectPath: '$(Build.SourcesDirectory)/vscode-extensions/tls-sync-vscode-workspace-extension'
+      - key: 'tls-sync-vscode-extension-pack'
+        vsixPath: 'dist/vsix/packaged.vsix'
+        projectPath: '$(Build.SourcesDirectory)/vscode-extensions/tls-sync-vscode-extension-pack'
+      - key: 'rush-vscode-extension'
+        vsixPath: 'dist/vsix/packaged.vsix'
+        projectPath: '$(Build.SourcesDirectory)/vscode-extensions/rush-vscode-extension'
+
 resources:
   repositories:
     - repository: 1esPipelines
@@ -22,6 +42,14 @@ extends:
             pool:
               name: publish-rushstack
               os: linux
+            templateContext:
+              outputs:
+                - ${{ each extension in parameters.ExtensionPublishConfig }}:
+                    - output: pipelineArtifact
+                      artifactName: ${{ extension.key }}
+                      targetPath: ${{ extension.projectPath }}/${{ extension.vsixPath }}
+                      displayName: 'Publish Artifact: ${{ extension.key }}'
+
             steps:
               - checkout: self
                 persistCredentials: true
@@ -31,14 +59,16 @@ extends:
               - template: /common/config/azure-pipelines/templates/build.yaml@self
                 parameters:
                   BuildParameters: >
-                    --to rushstack
-
-              - script: node $(Build.SourcesDirectory)/common/scripts/install-run-rushx.js package
-                workingDirectory: $(Build.SourcesDirectory)/vscode-extensions/rush-vscode-extension
-                displayName: 'Package vscode extension'
+                    --to tag:vsix
 
-              - script: node $(Build.SourcesDirectory)/common/scripts/install-run-rushx.js deploy
-                workingDirectory: $(Build.SourcesDirectory)/vscode-extensions/rush-vscode-extension
-                displayName: 'Publish vscode extension'
-                env:
-                  VSCE_PAT: $(vscePat)
+              - ${{ if parameters.shouldPublish }}:
+                  - ${{ each extension in parameters.ExtensionPublishConfig }}:
+                      - task: AzureCLI@2
+                        displayName: 'Publish VSIX: ${{ extension.key }}'
+                        inputs:
+                          azureSubscription: rushstack-vscode-publish
+                          scriptType: 'bash'
+                          scriptLocation: 'inlineScript'
+                          inlineScript: |
+                            node node_modules/@rushstack/heft-vscode-extension-rig/node_modules/@rushstack/heft-vscode-extension-plugin/node_modules/@vscode/vsce/vsce publish --no-dependencies --azure-credential --packagePath ${{ extension.vsixPath }}
+                          workingDirectory: ${{ extension.projectPath }}

common/config/rush/nonbrowser-approved-packages.json

@@ -120,7 +120,7 @@
     },
     {
       "name": "@rushstack/debug-certificate-manager",
-      "allowedCategories": [ "libraries" ]
+      "allowedCategories": [ "libraries", "vscode-extensions" ]
     },
     {
       "name": "@rushstack/eslint-bulk",
@@ -210,6 +210,14 @@
       "name": "@rushstack/heft-typescript-plugin",
       "allowedCategories": [ "libraries", "tests", "vscode-extensions" ]
     },
+    {
+      "name": "@rushstack/heft-vscode-extension-plugin",
+      "allowedCategories": [ "libraries", "vscode-extensions" ]
+    },
+    {
+      "name": "@rushstack/heft-vscode-extension-rig",
+      "allowedCategories": [ "vscode-extensions" ]
+    },
     {
       "name": "@rushstack/heft-web-rig",
       "allowedCategories": [ "libraries", "tests", "vscode-extensions" ]
@@ -306,6 +314,10 @@
       "name": "@rushstack/terminal",
       "allowedCategories": [ "libraries", "tests", "vscode-extensions" ]
     },
+    {
+      "name": "@rushstack/tls-sync-vscode-shared",
+      "allowedCategories": [ "vscode-extensions" ]
+    },
     {
       "name": "@rushstack/tree-pattern",
       "allowedCategories": [ "libraries" ]
@@ -318,6 +330,10 @@
       "name": "@rushstack/typings-generator",
       "allowedCategories": [ "libraries" ]
     },
+    {
+      "name": "@rushstack/vscode-shared",
+      "allowedCategories": [ "vscode-extensions" ]
+    },
     {
       "name": "@rushstack/webpack-deep-imports-plugin",
       "allowedCategories": [ "libraries" ]
@@ -430,6 +446,10 @@
       "name": "@vscode/test-electron",
       "allowedCategories": [ "vscode-extensions" ]
     },
+    {
+      "name": "@vscode/vsce",
+      "allowedCategories": [ "libraries", "vscode-extensions" ]
+    },
     {
       "name": "@yarnpkg/lockfile",
       "allowedCategories": [ "libraries" ]
@@ -942,6 +962,14 @@
       "name": "timsort",
       "allowedCategories": [ "libraries" ]
     },
+    {
+      "name": "tls-sync-vscode-ui-extension",
+      "allowedCategories": [ "vscode-extensions" ]
+    },
+    {
+      "name": "tls-sync-vscode-workspace-extension",
+      "allowedCategories": [ "vscode-extensions" ]
+    },
     {
       "name": "true-case-path",
       "allowedCategories": [ "libraries" ]
@@ -970,10 +998,6 @@
       "name": "uuid",
       "allowedCategories": [ "libraries" ]
     },
-    {
-      "name": "vsce",
-      "allowedCategories": [ "vscode-extensions" ]
-    },
     {
       "name": "watchpack",
       "allowedCategories": [ "libraries" ]