f21cec7cb1
Closes https://github.com/zed-industries/zed/issues/12589 Forces Zed to require user permissions before running any basic potentially dangerous actions: parsing and synchronizing `.zed/settings.json`, downloading and spawning any language and MCP servers (includes `prettier` and `copilot` instances) and all `NodeRuntime` interactions. There are more we can add later, among the ideas: DAP downloads on debugger start, Python virtual environment, etc. By default, Zed starts in restricted mode and shows a `! Restricted Mode` in the title bar, no aforementioned actions are executed. Clicking it or calling `workspace::ToggleWorktreeSecurity` command will bring a modal to trust worktrees or dismiss the modal: <img width="1341" height="475" alt="1" src="https://github.com/user-attachments/assets/4fabe63a-6494-42c7-b0ea-606abb1c0c20" /> Agent Panel shows a message too: <img width="644" height="106" alt="2" src="https://github.com/user-attachments/assets/0a4554bc-1f1e-455b-b97d-244d7d6a3259" /> This works on local, SSH and WSL remote projects, trusted worktrees are persisted between Zed restarts. There's a way to clear all persisted trust with `workspace::ClearTrustedWorktrees`, this will restart Zed. This mechanism can be turned off with settings: ```jsonc "session": { "trust_all_worktrees": true } ``` in this mode, all worktrees will be trusted by default, allowing all actions, but no auto trust will be persisted: hence, when the setting is changed back, auto trusted worktrees will require another trust confirmation. This settings switch was added to the onboarding view also. Release Notes: - Introduced worktree trust mechanism, can be turned off with `"session": { "trust_all_worktrees": true }` --------- Co-authored-by: Matt Miller <mattrx@gmail.com> Co-authored-by: Danilo Leal <daniloleal09@gmail.com> Co-authored-by: John D. Swanson <swanson.john.d@gmail.com>
Zed Server
This crate is what we run at https://collab.zed.dev.
It contains our back-end logic for collaboration, to which we connect from the Zed client via a websocket after authenticating via https://zed.dev, which is a separate repo running on Vercel.
Local Development
Database setup
Before you can run the collab server locally, you'll need to set up a zed Postgres database. Follow the steps sequentially:
- Ensure you have postgres installed. If not, install with
brew install postgresql@15. - Follow the steps on Brew's formula and verify your
$PATHcontains/opt/homebrew/opt/postgresql@15/bin. - If you hadn't done it before, create the
postgresuser withcreateuser -s postgres. - You are now ready to run the
bootstrapscript:
script/bootstrap
This script will set up the zed Postgres database, and populate it with some users. It requires internet access, because it fetches some users from the GitHub API.
The script will create several admin users, who you'll sign in as by default when developing locally. The GitHub logins for the default users are specified in the seed.default.json file.
To use a different set of admin users, create crates/collab/seed.json.
{
"admins": ["yourgithubhere"],
"channels": ["zed"]
}
Testing collaborative features locally
In one terminal, run Zed's collaboration server and the livekit dev server:
foreman start
In a second terminal, run two or more instances of Zed.
script/zed-local -2
This script starts one to four instances of Zed, depending on the -2, -3 or -4 flags. Each instance will be connected to the local collab server, signed in as a different user from seed.json or seed.default.json.
Deployment
We run two instances of collab:
- Staging (https://staging-collab.zed.dev)
- Production (https://collab.zed.dev)
Both of these run on the Kubernetes cluster hosted in Digital Ocean.
Deployment is triggered by pushing to the collab-staging (or collab-production) tag in GitHub. The best way to do this is:
./script/deploy-collab staging./script/deploy-collab production
You can tell what is currently deployed with ./script/what-is-deployed.