fix: retry rename on Windows EPERM/EACCES/EBUSY during SSH config save

On Windows, antivirus, Search Indexer, cloud sync, or concurrent
processes can briefly lock files, causing fs.rename() to fail with
EPERM, EACCES, or EBUSY when atomically replacing ~/.ssh/config or
credential files.

Add renameWithRetry() utility matching the strategy used by VS Code
(pfs.ts) and graceful-fs: 60s wall-clock timeout with linear backoff
(10ms increments, capped at 100ms). Only applies on Windows; other
platforms call rename directly.

Author: EhabY

src/core/cliCredentialManager.ts

@@ -7,7 +7,7 @@ import * as semver from "semver";
 import { isKeyringEnabled } from "../cliConfig";
 import { featureSetForVersion } from "../featureSet";
 import { getHeaderArgs } from "../headers";
-import { tempFilePath, toSafeHost } from "../util";
+import { renameWithRetry, tempFilePath, toSafeHost } from "../util";
 
 import * as cliUtils from "./cliUtils";
 
@@ -256,7 +256,7 @@ export class CliCredentialManager {
 		const tempPath = tempFilePath(filePath, "temp");
 		try {
 			await fs.writeFile(tempPath, content, { mode: 0o600 });
-			await fs.rename(tempPath, filePath);
+			await renameWithRetry(fs.rename, tempPath, filePath);
 		} catch (err) {
 			await fs.rm(tempPath, { force: true }).catch((rmErr) => {
 				this.logger.warn("Failed to delete temp file", tempPath, rmErr);

src/remote/sshConfig.ts

@@ -1,7 +1,14 @@
-import { mkdir, readFile, rename, stat, writeFile } from "node:fs/promises";
+import {
+	mkdir,
+	readFile,
+	rename,
+	stat,
+	unlink,
+	writeFile,
+} from "node:fs/promises";
 import path from "node:path";
 
-import { countSubstring, tempFilePath } from "../util";
+import { countSubstring, renameWithRetry, tempFilePath } from "../util";
 
 class SSHConfigBadFormat extends Error {}
 
@@ -25,6 +32,7 @@ export interface FileSystem {
 	readFile: typeof readFile;
 	rename: typeof rename;
 	stat: typeof stat;
+	unlink: typeof unlink;
 	writeFile: typeof writeFile;
 }
 
@@ -33,6 +41,7 @@ const defaultFileSystem: FileSystem = {
 	readFile,
 	rename,
 	stat,
+	unlink,
 	writeFile,
 };
 
@@ -357,8 +366,13 @@ export class SSHConfig {
 		}
 
 		try {
-			await this.fileSystem.rename(tempPath, this.filePath);
+			await renameWithRetry(
+				(src, dest) => this.fileSystem.rename(src, dest),
+				tempPath,
+				this.filePath,
+			);
 		} catch (err) {
+			await this.fileSystem.unlink(tempPath).catch(() => undefined);
 			throw new Error(
 				`Failed to rename temporary SSH config file at ${tempPath} to ${this.filePath}: ${
 					err instanceof Error ? err.message : String(err)

src/util.ts

@@ -150,6 +150,51 @@ export function countSubstring(needle: string, haystack: string): number {
 	return count;
 }
 
+const transientRenameCodes: ReadonlySet<string> = new Set([
+	"EPERM",
+	"EACCES",
+	"EBUSY",
+]);
+
+/**
+ * Rename with retry for transient Windows filesystem errors (EPERM, EACCES,
+ * EBUSY). On Windows, antivirus, Search Indexer, cloud sync, or concurrent
+ * processes can briefly lock files causing renames to fail.
+ *
+ * On non-Windows platforms, calls renameFn directly with no retry.
+ *
+ * Matches the strategy used by VS Code (pfs.ts) and graceful-fs: 60s
+ * wall-clock timeout with linear backoff (10ms increments) capped at 100ms.
+ */
+export async function renameWithRetry(
+	renameFn: (src: string, dest: string) => Promise<void>,
+	source: string,
+	destination: string,
+	timeoutMs = 60_000,
+	delayCapMs = 100,
+): Promise<void> {
+	if (process.platform !== "win32") {
+		return renameFn(source, destination);
+	}
+	const startTime = Date.now();
+	for (let attempt = 1; ; attempt++) {
+		try {
+			return await renameFn(source, destination);
+		} catch (err) {
+			const code = (err as NodeJS.ErrnoException).code;
+			if (
+				!code ||
+				!transientRenameCodes.has(code) ||
+				Date.now() - startTime >= timeoutMs
+			) {
+				throw err;
+			}
+			const delay = Math.min(delayCapMs, attempt * 10);
+			await new Promise((resolve) => setTimeout(resolve, delay));
+		}
+	}
+}
+
 export function escapeCommandArg(arg: string): string {
 	const escapedString = arg.replaceAll('"', String.raw`\"`);
 	return `"${escapedString}"`;

test/unit/remote/sshConfig.test.ts

@@ -21,6 +21,7 @@ const mockFileSystem = {
 	readFile: vi.fn(),
 	rename: vi.fn(),
 	stat: vi.fn(),
+	unlink: vi.fn().mockResolvedValue(undefined),
 	writeFile: vi.fn(),
 };
 
@@ -53,19 +54,19 @@ Host coder-vscode--*
   UserKnownHostsFile /dev/null
 # --- END CODER VSCODE ---`;
 
-	expect(mockFileSystem.readFile).toBeCalledWith(
+	expect(mockFileSystem.readFile).toHaveBeenCalledWith(
 		sshFilePath,
 		expect.anything(),
 	);
-	expect(mockFileSystem.writeFile).toBeCalledWith(
+	expect(mockFileSystem.writeFile).toHaveBeenCalledWith(
 		expect.stringContaining(sshTempFilePrefix),
 		expectedOutput,
 		expect.objectContaining({
 			encoding: "utf-8",
 			mode: 0o600, // Default mode for new files.
 		}),
 	);
-	expect(mockFileSystem.rename).toBeCalledWith(
+	expect(mockFileSystem.rename).toHaveBeenCalledWith(
 		expect.stringContaining(sshTempFilePrefix),
 		sshFilePath,
 	);
@@ -96,19 +97,19 @@ Host coder-vscode.dev.coder.com--*
   UserKnownHostsFile /dev/null
 # --- END CODER VSCODE dev.coder.com ---`;
 
-	expect(mockFileSystem.readFile).toBeCalledWith(
+	expect(mockFileSystem.readFile).toHaveBeenCalledWith(
 		sshFilePath,
 		expect.anything(),
 	);
-	expect(mockFileSystem.writeFile).toBeCalledWith(
+	expect(mockFileSystem.writeFile).toHaveBeenCalledWith(
 		expect.stringContaining(sshTempFilePrefix),
 		expectedOutput,
 		expect.objectContaining({
 			encoding: "utf-8",
 			mode: 0o600, // Default mode for new files.
 		}),
 	);
-	expect(mockFileSystem.rename).toBeCalledWith(
+	expect(mockFileSystem.rename).toHaveBeenCalledWith(
 		expect.stringContaining(sshTempFilePrefix),
 		sshFilePath,
 	);
@@ -148,15 +149,15 @@ Host coder-vscode.dev.coder.com--*
   UserKnownHostsFile /dev/null
 # --- END CODER VSCODE dev.coder.com ---`;
 
-	expect(mockFileSystem.writeFile).toBeCalledWith(
+	expect(mockFileSystem.writeFile).toHaveBeenCalledWith(
 		expect.stringContaining(sshTempFilePrefix),
 		expectedOutput,
 		{
 			encoding: "utf-8",
 			mode: 0o644,
 		},
 	);
-	expect(mockFileSystem.rename).toBeCalledWith(
+	expect(mockFileSystem.rename).toHaveBeenCalledWith(
 		expect.stringContaining(sshTempFilePrefix),
 		sshFilePath,
 	);
@@ -222,15 +223,15 @@ Host coder-vscode.dev-updated.coder.com--*
 Host *
   SetEnv TEST=1`;
 
-	expect(mockFileSystem.writeFile).toBeCalledWith(
+	expect(mockFileSystem.writeFile).toHaveBeenCalledWith(
 		expect.stringContaining(sshTempFilePrefix),
 		expectedOutput,
 		{
 			encoding: "utf-8",
 			mode: 0o644,
 		},
 	);
-	expect(mockFileSystem.rename).toBeCalledWith(
+	expect(mockFileSystem.rename).toHaveBeenCalledWith(
 		expect.stringContaining(sshTempFilePrefix),
 		sshFilePath,
 	);
@@ -277,15 +278,15 @@ Host coder-vscode.dev.coder.com--*
   UserKnownHostsFile /dev/null
 # --- END CODER VSCODE dev.coder.com ---`;
 
-	expect(mockFileSystem.writeFile).toBeCalledWith(
+	expect(mockFileSystem.writeFile).toHaveBeenCalledWith(
 		expect.stringContaining(sshTempFilePrefix),
 		expectedOutput,
 		{
 			encoding: "utf-8",
 			mode: 0o644,
 		},
 	);
-	expect(mockFileSystem.rename).toBeCalledWith(
+	expect(mockFileSystem.rename).toHaveBeenCalledWith(
 		expect.stringContaining(sshTempFilePrefix),
 		sshFilePath,
 	);
@@ -321,15 +322,15 @@ Host coder-vscode.dev.coder.com--*
   UserKnownHostsFile /dev/null
 # --- END CODER VSCODE dev.coder.com ---`;
 
-	expect(mockFileSystem.writeFile).toBeCalledWith(
+	expect(mockFileSystem.writeFile).toHaveBeenCalledWith(
 		expect.stringContaining(sshTempFilePrefix),
 		expectedOutput,
 		{
 			encoding: "utf-8",
 			mode: 0o644,
 		},
 	);
-	expect(mockFileSystem.rename).toBeCalledWith(
+	expect(mockFileSystem.rename).toHaveBeenCalledWith(
 		expect.stringContaining(sshTempFilePrefix),
 		sshFilePath,
 	);
@@ -605,15 +606,15 @@ Host afterconfig
 		LogLevel: "ERROR",
 	});
 
-	expect(mockFileSystem.writeFile).toBeCalledWith(
+	expect(mockFileSystem.writeFile).toHaveBeenCalledWith(
 		expect.stringContaining(sshTempFilePrefix),
 		expectedOutput,
 		{
 			encoding: "utf-8",
 			mode: 0o644,
 		},
 	);
-	expect(mockFileSystem.rename).toBeCalledWith(
+	expect(mockFileSystem.rename).toHaveBeenCalledWith(
 		expect.stringContaining(sshTempFilePrefix),
 		sshFilePath,
 	);
@@ -659,19 +660,19 @@ Host coder-vscode.dev.coder.com--*
   loglevel DEBUG
 # --- END CODER VSCODE dev.coder.com ---`;
 
-	expect(mockFileSystem.readFile).toBeCalledWith(
+	expect(mockFileSystem.readFile).toHaveBeenCalledWith(
 		sshFilePath,
 		expect.anything(),
 	);
-	expect(mockFileSystem.writeFile).toBeCalledWith(
+	expect(mockFileSystem.writeFile).toHaveBeenCalledWith(
 		expect.stringContaining(sshTempFilePrefix),
 		expectedOutput,
 		expect.objectContaining({
 			encoding: "utf-8",
 			mode: 0o600, // Default mode for new files.
 		}),
 	);
-	expect(mockFileSystem.rename).toBeCalledWith(
+	expect(mockFileSystem.rename).toHaveBeenCalledWith(
 		expect.stringContaining(sshTempFilePrefix),
 		sshFilePath,
 	);
@@ -689,7 +690,7 @@ it("fails if we are unable to write the temporary file", async () => {
 
 	await sshConfig.load();
 
-	expect(mockFileSystem.readFile).toBeCalledWith(
+	expect(mockFileSystem.readFile).toHaveBeenCalledWith(
 		sshFilePath,
 		expect.anything(),
 	);
@@ -705,28 +706,72 @@ it("fails if we are unable to write the temporary file", async () => {
 	).rejects.toThrow(/Failed to write temporary SSH config file.*EACCES/);
 });
 
-it("fails if we are unable to rename the temporary file", async () => {
-	const existentSSHConfig = `Host beforeconfig
-  HostName before.config.tld
-  User before`;
-
-	const sshConfig = new SSHConfig(sshFilePath, mockFileSystem);
-	mockFileSystem.readFile.mockResolvedValueOnce(existentSSHConfig);
+it("cleans up temp file when rename fails", async () => {
+	mockFileSystem.readFile.mockResolvedValueOnce("Host existing\n  HostName x");
 	mockFileSystem.stat.mockResolvedValueOnce({ mode: 0o600 });
 	mockFileSystem.writeFile.mockResolvedValueOnce("");
-	mockFileSystem.rename.mockRejectedValueOnce(new Error("EACCES"));
+	const err = new Error("EXDEV");
+	(err as NodeJS.ErrnoException).code = "EXDEV";
+	mockFileSystem.rename.mockRejectedValueOnce(err);
 
+	const sshConfig = new SSHConfig(sshFilePath, mockFileSystem);
 	await sshConfig.load();
 	await expect(
 		sshConfig.update("dev.coder.com", {
 			Host: "coder-vscode.dev.coder.com--*",
-			ProxyCommand: "some-command-here",
+			ProxyCommand: "cmd",
 			ConnectTimeout: "0",
 			StrictHostKeyChecking: "no",
 			UserKnownHostsFile: "/dev/null",
 			LogLevel: "ERROR",
 		}),
-	).rejects.toThrow(/Failed to rename temporary SSH config file.*EACCES/);
+	).rejects.toThrow(/Failed to rename temporary SSH config file/);
+	expect(mockFileSystem.unlink).toHaveBeenCalledWith(
+		expect.stringContaining(sshTempFilePrefix),
+	);
+});
+
+describe("rename retry on Windows", () => {
+	const realPlatform = process.platform;
+
+	beforeEach(() => {
+		Object.defineProperty(process, "platform", { value: "win32" });
+		vi.useFakeTimers();
+	});
+	afterEach(() => {
+		vi.useRealTimers();
+		Object.defineProperty(process, "platform", { value: realPlatform });
+	});
+
+	it("retries on transient EPERM and succeeds", async () => {
+		mockFileSystem.readFile.mockResolvedValueOnce(
+			"Host existing\n  HostName x",
+		);
+		mockFileSystem.stat.mockResolvedValueOnce({ mode: 0o600 });
+		mockFileSystem.writeFile.mockResolvedValueOnce("");
+		const err = new Error("EPERM");
+		(err as NodeJS.ErrnoException).code = "EPERM";
+		mockFileSystem.rename
+			.mockRejectedValueOnce(err)
+			.mockResolvedValueOnce(undefined);
+
+		const sshConfig = new SSHConfig(sshFilePath, mockFileSystem);
+		await sshConfig.load();
+		const promise = sshConfig.update("dev.coder.com", {
+			Host: "coder-vscode.dev.coder.com--*",
+			ProxyCommand: "cmd",
+			ConnectTimeout: "0",
+			StrictHostKeyChecking: "no",
+			UserKnownHostsFile: "/dev/null",
+			LogLevel: "ERROR",
+		});
+
+		await vi.advanceTimersByTimeAsync(100);
+		await promise;
+
+		expect(mockFileSystem.rename).toHaveBeenCalledTimes(2);
+		expect(mockFileSystem.unlink).not.toHaveBeenCalled();
+	});
 });
 
 describe("parseSshConfig", () => {