mirror of
https://github.com/coder/coder.git
synced 2026-06-02 20:48:20 +00:00
fix/25822-workspace-update-blocked-immutable
14582 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 Kyle Carberry
|
acd5be4a15 |
fix(site): don't block workspace updates on unchanged immutable params
When a workspace was created on an older template version and the current version adds stricter validations, option changes, or new conditional logic that the already-stored immutable value no longer satisfies, the Settings > Parameters page surfaced diagnostics on the immutable parameter and showed a 'Workspace update blocked' alert, preventing the user from editing unrelated mutable parameters. handleSubmit only sends mutable values, and ResolveParameters in coderd/dynamicparameters/resolver.go reuses the previous build value when an immutable parameter is unchanged, so these diagnostics should not block the form when the rendered value still matches the autofill value from the latest build. Filter the blocking alert and the submit button's diagnostic check to ignore immutable parameters whose rendered value equals the previous build value. New immutable parameters added by a template version (no autofill entry) and immutable parameters whose value differs from the previous build still block, matching backend behavior. Adds Storybook coverage for both the unchanged-immutable and changed-immutable cases. Fixes #25822 |
||
|
Spike Curtis
|
3a727a9087 |
test: batch 01 of refactoring CLI tests not to use PTY (#25871)
Part of https://github.com/coder/internal/issues/1400 Batch of refactored CLI tests to avoid creating PTYs. |
||
|
Spike Curtis
|
8a47b7fa14 |
test: batch 00 of refactoring CLI tests not to use PTY (#25868)
Part of https://github.com/coder/internal/issues/1400 Batch of refactored CLI tests to avoid creating PTYs. |
||
|
dylanhuff-at-coder
|
0401ed3af5 |
fix(coderd/notifications): serialize pending updates gauge writes (#25495)
Fixes a race where concurrent notification dispatch goroutines could overwrite `coderd_notifications_pending_updates` with an older buffer-length snapshot. Pending update snapshots now serialize count evaluation with the gauge write, and inhibited dispatch results refresh the metric when buffered. |
||
|
Jon Ayers
|
5cdc9e28a9 | feat: add nats cluster peer support (#25632) | ||
|
TJ
|
22cbf85e96 |
fix(site): adjust agents sidebar spacing (#25857)
Fixes minor spacing issues in the agents sidebar. ## Changes - Reduce gap between New Agent / Search nav items from `gap-1` (0.25rem) to `gap-[0.15rem]` - Change Chats header top spacing from `mt-4` (margin-top 1rem) to `pt-6` (padding-top 1.5rem) - Remove `pt-5` padding-top from the scroll content groups container (Today, Yesterday, etc.) - Add `pr-1` (0.25rem padding-right) to the unread indicator circle > Generated by Coder Agents on behalf of @tracyjohnsonux |
||
|
dependabot[bot]
|
011914bb14 |
chore: bump axios from 1.15.2 to 1.16.0 in /site (#25861)
Bumps [axios](https://github.com/axios/axios) from 1.15.2 to 1.16.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>v1.16.0 — May 2, 2026</h2> <p>This release adds support for the QUERY HTTP method and a new <code>ECONNREFUSED</code> error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.</p> <h2>⚠️ Notable Changes</h2> <p>A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:</p> <ul> <li><strong>Fetch adapter now enforces <code>maxBodyLength</code> and <code>maxContentLength</code>.</strong> These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (<strong><a href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>)</li> <li><strong>Proxy requests now preserve user-supplied <code>Host</code> headers.</strong> Previously, the proxy path could overwrite a custom <code>Host</code>. Virtual-host-style routing through a proxy will now behave correctly. (<strong><a href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>)</li> <li><strong>Basic auth credentials embedded in URLs are now URL-decoded.</strong> If you have percent-encoded credentials in a URL (e.g. <code>https://user:p%40ss@host</code>), the decoded value is what now goes on the wire. (<strong><a href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li> <li><strong><code>parseProtocol</code> now strictly requires a colon in the protocol separator.</strong> Strings that loosely parsed as protocols before may no longer match. (<strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> <li><strong>Deprecated <code>unescape()</code> replaced with modern UTF-8 encoding.</strong> Non-ASCII URL handling is now spec-correct; consumers depending on legacy <code>unescape()</code> quirks may see different output bytes. (<strong><a href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li> <li><strong><code>transformRequest</code> input typing change was reverted.</strong> The typing change introduced in <a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a> was reverted in <a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a> after follow-up review — net behavior is unchanged from 1.15.2. (<strong><a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong>QUERY HTTP Method:</strong> Added support for the QUERY HTTP method across adapters and type definitions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10802">#10802</a></strong>)</li> <li><strong>ECONNREFUSED Error Constant:</strong> Exposed <code>ECONNREFUSED</code> as a constant on <code>AxiosError</code> so callers can match connection-refused failures without comparing string literals (closes <a href="https://redirect.github.com/axios/axios/issues/6485">#6485</a>). (<strong><a href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li> <li><strong>Encode Helper Export:</strong> Exported the internal <code>encode</code> helper from <code>buildURL</code> so userland param serializers can reuse the same encoding logic that axios uses internally. (<strong><a href="https://redirect.github.com/axios/axios/issues/6897">#6897</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>HTTP Adapter — Redirects & Headers:</strong> Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing <code>requestDetails</code> argument on <code>beforeRedirect</code>, preserved user-supplied <code>Host</code> headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (<strong><a href="https://redirect.github.com/axios/axios/issues/10794">#10794</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10800">#10800</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6241">#6241</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li> <li><strong>HTTP Adapter — Streams & Timeouts:</strong> Preserved the partial response object on <code>AxiosError</code> when a stream is aborted after headers arrive, honoured the <code>timeout</code> option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and <code>maxRedirects: 0</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/10708">#10708</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10819">#10819</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7149">#7149</a></strong>)</li> <li><strong>Fetch Adapter:</strong> Enforced <code>maxBodyLength</code> / <code>maxContentLength</code> in the fetch adapter, set the <code>User-Agent</code> header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a <code>TypeError</code> in restricted environments. (<strong><a href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10772">#10772</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10806">#10806</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7260">#7260</a></strong>)</li> <li><strong>XHR Adapter:</strong> Unsubscribed the <code>cancelToken</code> and <code>AbortSignal</code> listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li> <li><strong>Error Handling:</strong> Attached the parsed response to <code>AxiosError</code> when <code>JSON.parse</code> fails inside <code>dispatchRequest</code>, prevented <code>settle</code> from emitting <code>undefined</code> error codes, and tightened the <code>parseProtocol</code> regex to require a colon in the protocol separator. (<strong><a href="https://redirect.github.com/axios/axios/issues/10724">#10724</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7276">#7276</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> <li><strong>Types & Exports:</strong> Aligned the CommonJS <code>CancelToken</code> typings with the ESM build, fixed a compiler error caused by <code>RawAxiosHeaders</code>, and re-exported <code>create</code> from the package index. (<strong><a href="https://redirect.github.com/axios/axios/issues/7414">#7414</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6389">#6389</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6460">#6460</a></strong>)</li> <li><strong>UTF-8 Encoding:</strong> Replaced the deprecated <code>unescape()</code> call with a modern UTF-8 encoding implementation. (<strong><a href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li> <li><strong>Misc Cleanup:</strong> Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (<strong><a href="https://redirect.github.com/axios/axios/issues/10833">#10833</a></strong>)</li> </ul> <h2>🔧 Maintenance & Chores</h2> <ul> <li><strong>Refactor — ES6 Modernisation:</strong> Modernised the <code>utils</code> module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (<strong><a href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li> <li><strong>Tests:</strong> Hardened the HTTP test server lifecycle to fix flaky <code>FormData</code> EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (<strong><a href="https://redirect.github.com/axios/axios/issues/10820">#10820</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10791">#10791</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10796">#10796</a></strong>)</li> <li><strong>Docs:</strong> Documented <code>paramsSerializer.encode</code> for strict RFC 3986 query encoding, updated the <code>parseReviver</code> TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (<strong><a href="https://redirect.github.com/axios/axios/issues/10821">#10821</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10782">#10782</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10759">#10759</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10804">#10804</a></strong>)</li> <li><strong>Reverted:</strong> Reverted the <code>transformRequest</code> input typing change from <a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a> after follow-up review. (<strong><a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li> <li><strong>Dependencies:</strong> Bumped <code>actions/setup-node</code>, the <code>github-actions</code> group, and <code>postcss</code> (in <code>/docs</code>) to their latest versions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10785">#10785</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10813">#10813</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10814">#10814</a></strong>)</li> <li><strong>Release:</strong> Updated changelog and packages, and prepared the 1.16.0 release. (<strong><a href="https://redirect.github.com/axios/axios/issues/10790">#10790</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10834">#10834</a></strong>)</li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve axios:</p> <ul> <li><strong><a href="https://github.com/singhankit001"><code>@singhankit001</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>)</li> <li><strong><a href="https://github.com/cuiweixie"><code>@cuiweixie</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li> <li><strong><a href="https://github.com/iruizsalinas"><code>@iruizsalinas</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li> <li><strong><a href="https://github.com/MarcosNocetti"><code>@MarcosNocetti</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li> <li><strong><a href="https://github.com/deepview-autofix"><code>@deepview-autofix</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's changelog</a>.</em></p> <blockquote> <h2>v1.16.0 — May 2, 2026</h2> <p>This release adds support for the QUERY HTTP method and a new <code>ECONNREFUSED</code> error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.</p> <h2>⚠️ Notable Changes</h2> <p>A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:</p> <ul> <li><strong>Fetch adapter now enforces <code>maxBodyLength</code> and <code>maxContentLength</code>.</strong> These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (<strong><a href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>)</li> <li><strong>Proxy requests now preserve user-supplied <code>Host</code> headers.</strong> Previously, the proxy path could overwrite a custom <code>Host</code>. Virtual-host-style routing through a proxy will now behave correctly. (<strong><a href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>)</li> <li><strong>Basic auth credentials embedded in URLs are now URL-decoded.</strong> If you have percent-encoded credentials in a URL (e.g. <code>https://user:p%40ss@host</code>), the decoded value is what now goes on the wire. (<strong><a href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li> <li><strong><code>parseProtocol</code> now strictly requires a colon in the protocol separator.</strong> Strings that loosely parsed as protocols before may no longer match. (<strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> <li><strong>Deprecated <code>unescape()</code> replaced with modern UTF-8 encoding.</strong> Non-ASCII URL handling is now spec-correct; consumers depending on legacy <code>unescape()</code> quirks may see different output bytes. (<strong><a href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li> <li><strong><code>transformRequest</code> input typing change was reverted.</strong> The typing change introduced in <a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a> was reverted in <a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a> after follow-up review — net behavior is unchanged from 1.15.2. (<strong><a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong>QUERY HTTP Method:</strong> Added support for the QUERY HTTP method across adapters and type definitions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10802">#10802</a></strong>)</li> <li><strong>ECONNREFUSED Error Constant:</strong> Exposed <code>ECONNREFUSED</code> as a constant on <code>AxiosError</code> so callers can match connection-refused failures without comparing string literals (closes <a href="https://redirect.github.com/axios/axios/issues/6485">#6485</a>). (<strong><a href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li> <li><strong>Encode Helper Export:</strong> Exported the internal <code>encode</code> helper from <code>buildURL</code> so userland param serializers can reuse the same encoding logic that axios uses internally. (<strong><a href="https://redirect.github.com/axios/axios/issues/6897">#6897</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>HTTP Adapter — Redirects & Headers:</strong> Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing <code>requestDetails</code> argument on <code>beforeRedirect</code>, preserved user-supplied <code>Host</code> headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (<strong><a href="https://redirect.github.com/axios/axios/issues/10794">#10794</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10800">#10800</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6241">#6241</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li> <li><strong>HTTP Adapter — Streams & Timeouts:</strong> Preserved the partial response object on <code>AxiosError</code> when a stream is aborted after headers arrive, honoured the <code>timeout</code> option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and <code>maxRedirects: 0</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/10708">#10708</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10819">#10819</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7149">#7149</a></strong>)</li> <li><strong>Fetch Adapter:</strong> Enforced <code>maxBodyLength</code> / <code>maxContentLength</code> in the fetch adapter, set the <code>User-Agent</code> header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a <code>TypeError</code> in restricted environments. (<strong><a href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10772">#10772</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10806">#10806</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7260">#7260</a></strong>)</li> <li><strong>XHR Adapter:</strong> Unsubscribed the <code>cancelToken</code> and <code>AbortSignal</code> listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li> <li><strong>Error Handling:</strong> Attached the parsed response to <code>AxiosError</code> when <code>JSON.parse</code> fails inside <code>dispatchRequest</code>, prevented <code>settle</code> from emitting <code>undefined</code> error codes, and tightened the <code>parseProtocol</code> regex to require a colon in the protocol separator. (<strong><a href="https://redirect.github.com/axios/axios/issues/10724">#10724</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7276">#7276</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> <li><strong>Types & Exports:</strong> Aligned the CommonJS <code>CancelToken</code> typings with the ESM build, fixed a compiler error caused by <code>RawAxiosHeaders</code>, and re-exported <code>create</code> from the package index. (<strong><a href="https://redirect.github.com/axios/axios/issues/7414">#7414</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6389">#6389</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6460">#6460</a></strong>)</li> <li><strong>UTF-8 Encoding:</strong> Replaced the deprecated <code>unescape()</code> call with a modern UTF-8 encoding implementation. (<strong><a href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li> <li><strong>Misc Cleanup:</strong> Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (<strong><a href="https://redirect.github.com/axios/axios/issues/10833">#10833</a></strong>)</li> </ul> <h2>🔧 Maintenance & Chores</h2> <ul> <li><strong>Refactor — ES6 Modernisation:</strong> Modernised the <code>utils</code> module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (<strong><a href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li> <li><strong>Tests:</strong> Hardened the HTTP test server lifecycle to fix flaky <code>FormData</code> EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (<strong><a href="https://redirect.github.com/axios/axios/issues/10820">#10820</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10791">#10791</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10796">#10796</a></strong>)</li> <li><strong>Docs:</strong> Documented <code>paramsSerializer.encode</code> for strict RFC 3986 query encoding, updated the <code>parseReviver</code> TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (<strong><a href="https://redirect.github.com/axios/axios/issues/10821">#10821</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10782">#10782</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10759">#10759</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10804">#10804</a></strong>)</li> <li><strong>Reverted:</strong> Reverted the <code>transformRequest</code> input typing change from <a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a> after follow-up review. (<strong><a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li> <li><strong>Dependencies:</strong> Bumped <code>actions/setup-node</code>, the <code>github-actions</code> group, and <code>postcss</code> (in <code>/docs</code>) to their latest versions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10785">#10785</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10813">#10813</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10814">#10814</a></strong>)</li> <li><strong>Release:</strong> Updated changelog and packages, and prepared the 1.16.0 release. (<strong><a href="https://redirect.github.com/axios/axios/issues/10790">#10790</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10834">#10834</a></strong>)</li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve axios:</p> <ul> <li><strong><a href="https://github.com/singhankit001"><code>@singhankit001</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>)</li> <li><strong><a href="https://github.com/cuiweixie"><code>@cuiweixie</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li> <li><strong><a href="https://github.com/iruizsalinas"><code>@iruizsalinas</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li> <li><strong><a href="https://github.com/MarcosNocetti"><code>@MarcosNocetti</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li> <li><strong><a href="https://github.com/deepview-autofix"><code>@deepview-autofix</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/axios/axios/commit/df53d7dd99b202fb194217abd127ae6a630e70dc"><code>df53d7d</code></a> chore(release): prepare release 1.16.0 (<a href="https://redirect.github.com/axios/axios/issues/10834">#10834</a>)</li> <li><a href="https://github.com/axios/axios/commit/9d92bcd32639d1eea5b89f03ae45f248d3bb058e"><code>9d92bcd</code></a> fix: gadgets and smaller issues (<a href="https://redirect.github.com/axios/axios/issues/10833">#10833</a>)</li> <li><a href="https://github.com/axios/axios/commit/5107ee69aee527b19eabaf80000ca65752135435"><code>5107ee6</code></a> fix: prevent undefined error codes in settle (<a href="https://redirect.github.com/axios/axios/issues/7276">#7276</a>)</li> <li><a href="https://github.com/axios/axios/commit/e57349992f230b6b13e80613eb84302560aa5ba8"><code>e573499</code></a> fix(fetch): defer global access in fetch adapter (<a href="https://redirect.github.com/axios/axios/issues/7260">#7260</a>)</li> <li><a href="https://github.com/axios/axios/commit/ad68e1a484b50086af427f767bbd7d6e3aab7ac3"><code>ad68e1a</code></a> fix(http): honor timeout during connect without redirects (<a href="https://redirect.github.com/axios/axios/issues/10819">#10819</a>)</li> <li><a href="https://github.com/axios/axios/commit/2a51828213128691d2e37502b5eb2cf4965a737d"><code>2a51828</code></a> fix(http): decode URL basic auth credentials (<a href="https://redirect.github.com/axios/axios/issues/10825">#10825</a>)</li> <li><a href="https://github.com/axios/axios/commit/0e8b6bbb542131bae9940618d84d5286255d4db1"><code>0e8b6bb</code></a> fix(http): preserve user-supplied Host header when forwarding through a proxy...</li> <li><a href="https://github.com/axios/axios/commit/79f39e1d041dca87173226d0255f90eaf252564b"><code>79f39e1</code></a> docs: document paramsSerializer.encode for strict RFC 3986 query encoding (<a href="https://redirect.github.com/axios/axios/issues/1">#1</a>...</li> <li><a href="https://github.com/axios/axios/commit/0fe3a5fc14829535e1d517c662d448e86c33438e"><code>0fe3a5f</code></a> [Docs/Types] Update <code>parseReviver</code> TypeScript definitions for ES2023 and add ...</li> <li><a href="https://github.com/axios/axios/commit/cd6737fd84bdb7caf2a319d3579573a49f9d238d"><code>cd6737f</code></a> chore: matches the sibling responseStream.on(aborted) handler and added tests...</li> <li>Additional commits viewable in <a href="https://github.com/axios/axios/compare/v1.15.2...v1.16.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/coder/coder/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Mathias Fredriksson
|
98d5e7948d |
fix(coderd/autobuild): handle concurrent build number race in lifecycle executor (#25824)
The lifecycle executor did not handle unique-violation errors from InsertWorkspaceBuild. When a concurrent actor (API handler, another lifecycle executor, or prebuilds reconciler) inserts a workspace build with the same build number, PostgreSQL returns a unique constraint violation on workspace_builds_workspace_id_build_number_key. The lifecycle executor treated this as a hard error, logging it and storing it in stats.Errors. The per-workspace advisory lock (pg_try_advisory_xact_lock) prevents two lifecycle executors from racing, but does not protect against races with the CreateWorkspaceBuild API handler or the prebuilds reconciler, which use different (or no) locking. Catch the specific unique-violation error after InTx returns (where the transaction is already rolled back) and clear it. The concurrent actor's build takes effect; the lifecycle executor treats the workspace as a no-op for this tick. Closes coder/internal#455 Closes PLAT-290 |
||
|
Yevhenii Shcherbina
|
1a91d31793 |
feat: add user AI budget override endpoints (#25439)
Implements https://linear.app/codercom/issue/AIGOV-285 Follow the structure established in https://github.com/coder/coder/pull/25203 ## Summary Adds the `user_ai_budget_overrides` table and CRUD API at `/api/v2/users/{user}/ai/budget`. An override sets a custom per-user spend cap that supersedes group-budget resolution, attributing spend to a specific group. ## Schema ```sql CREATE TABLE user_ai_budget_overrides ( user_id UUID PRIMARY KEY REFERENCES users(id) ON DELETE CASCADE, group_id UUID NOT NULL REFERENCES groups(id) ON DELETE CASCADE, spend_limit_micros BIGINT NOT NULL CHECK (spend_limit_micros >= 0), created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW() ); ``` ## Membership lifecycle The membership invariant — a user must be a member of the attributed group, including when that group is "Everyone" — would naturally be expressed as a composite FK on `(user_id, group_id) → group_members_expanded(user_id, group_id)`. PostgreSQL doesn't allow foreign keys to reference views, so enforcement is split across two mechanisms: - **Write-time check.** A CHECK constraint on the table (`user_ai_budget_overrides_must_be_group_member`) calls a `STABLE` function `is_group_member(user_id, group_id)` that queries `group_members_expanded`. The view surfaces both regular group memberships and the implicit "Everyone" group memberships from `organization_members`. Any INSERT or UPDATE that violates the predicate is rejected with a Postgres `check_violation`, which the handler maps to a 400. `is_group_member` is defined as a general predicate, reusable by any future table that needs the same check. - **Cascade on removal.** Two `BEFORE DELETE` triggers handle membership loss: - `trigger_delete_user_ai_budget_overrides_on_group_member_delete` on `group_members` — covers regular group removals (admin action, OIDC sync). - `trigger_delete_user_ai_budget_overrides_on_org_member_delete` on `organization_members` — covers the "Everyone" group, whose membership lives in `organization_members`. The single-column FKs on `users(id)` and `groups(id)` remain to cascade on user or group deletion (those paths don't pass through `group_members`). ## Authorization The dbauthz layer gates each operation against the `User` and (for writes) `Group` resources: | Operation | User resource | Group resource | |-----------|----------------|----------------| | `GET` | `ActionRead` | — | | `PUT` | `ActionUpdate` | `ActionUpdate` | | `DELETE` | `ActionUpdate` | `ActionUpdate` | For `DELETE`, the dbauthz layer fetches the existing override first to learn the attributed `group_id`, then runs both checks. ### Role matrix | Role | GET | PUT | DELETE | |--------------|-----|-----|--------| | Owner | ✅ | ✅ | ✅ | | UserAdmin | ✅ | ✅ | ✅ | | OrgAdmin | ✅ | ❌ | ❌ | | OrgUserAdmin | ✅ | ❌ | ❌ | Internal discussion: https://codercom.slack.com/archives/C096PFVBZKN/p1779392747885359 ## Audit logs Audit logs will be addressed in a follow-up PR. |
||
|
Thomas Kosiewski
|
9448624d2d | feat(site): add Opus 4.8 known model (#25839) | ||
|
Danny Kopping
|
110210d7c9 |
fix(coderd): block ai provider env key drift (#25849)
Previously, `SeedAIProvidersFromEnv` only hashed provider-level fields,
so env var key changes were silently ignored once a provider already
existed in the database.
Include bearer keys and Bedrock credentials in the canonical drift hash,
and cover multi-key, multi-provider cases so restarts now fail loudly
when the configured credentials no longer match what is stored.
When changing a key, you'll now see this in the server startup logs:
```
2026-05-29 12:29:02.674 [info] api: Encountered an error running "coder server", see "coder server --help" for more information
2026-05-29 12:29:02.674 [info] api: error: create coder API:
2026-05-29 12:29:02.674 [info] api: github.com/coder/coder/v2/cli.(*RootCmd).Server.func2
2026-05-29 12:29:02.674 [info] api: /home/coder/coder/cli/server.go:1015
2026-05-29 12:29:02.674 [info] api: - seed ai providers from env:
2026-05-29 12:29:02.674 [info] api: github.com/coder/coder/v2/enterprise/cli.(*RootCmd).Server.func1
2026-05-29 12:29:02.674 [info] api: /home/coder/coder/enterprise/cli/server.go:187
2026-05-29 12:29:02.674 [info] api: - execute transaction:
2026-05-29 12:29:02.674 [info] api: github.com/coder/coder/v2/coderd/database.(*sqlQuerier).runTx
2026-05-29 12:29:02.674 [info] api: /home/coder/coder/coderd/database/db.go:212
---> 2026-05-29 12:29:02.674 [info] api: - AI provider "vercel" already exists in the database and differs from the current environment configuration; update the provider through the API or remove the CODER_AIBRIDGE_* env vars to stop seeding it:
2026-05-29 12:29:02.674 [info] api: github.com/coder/coder/v2/coderd.SeedAIProvidersFromEnv.func1
2026-05-29 12:29:02.674 [info] api: /home/coder/coder/coderd/ai_providers_migrate.go:139
2026-05-29 12:29:02.674 [info] api: slogjson: failed to write entry: io: read/write on closed pipe
2026-05-29 12:29:02.700 [info] dlv: Stop reason: exited
2026-05-29 12:29:02.825 [info] site: ELIFECYCLE Command failed.
error: running command "develop": server did not become ready in 1m0s:
main.waitForHealthy
/home/coder/coder/scripts/develop/main.go:877
- context canceled
```
_This PR was generated with Coder Agents._
|
||
|
Cian Johnston
|
d0a51da0a9 |
feat: classify provider_disabled 503 as non-retryable (#25800)
Builds on top of https://github.com/coder/coder/pull/25794 Adds a new `provider_disabled` error classification in `chatd` with the corresponding plumbing to classify it as non-retryable. Also adds a story for how this particular error kind is displayed in the UI. |
||
|
Danielle Maywood
|
4144eb3c4f | fix(site/src/pages/AgentsPage): avoid stale live tail spacing (#25846) | ||
|
Mathias Fredriksson
|
60f0bfe94c |
fix: update tailscale fork to fix goroutine leak in TestRun (#25838)
Update the coder/tailscale fork to include the fix for goroutine leaks in measureHTTPLatency. The function creates an http.Transport per DERP probe for a single HTTP request but did not disable keep-alives, causing readLoop/writeLoop goroutines to persist after the function returns. These were detected by goleak in support/TestRun. The fork fix sets DisableKeepAlives: true on the transport. Closes PLAT-289 |
||
|
Susana Ferreira
|
7b903cad73 |
fix: track credential hint across key failover attempts in aibridge (#25735)
## Problem Centralized requests recorded *the first available key from the pool at `CreateInterceptor` time* as `credential_hint`, so the interception could be persisted in the database with a hint that didn't match the key that actually served the request. The fix consists in storing, at end-of-interception, the hint of the key that succeeded, or the last attempted key if all keys are unavailable. ## Changes - Add `Key.Hint()` and update `credential_hint` on every failover attempt so it reflects the actually-used key. - Stop pre-populating `credential_hint` at `CreateInterceptor`. Centralized starts empty and is updated by the key failover loop. - Persist the final hint via `RecordInterceptionEnded`; SQL updates `credential_hint` only when `credential_kind = 'centralized'` so BYOK keeps its start-time value. - Log the actually-used hint on interception end/failure; start log uses a `<keypool-pending>` placeholder for centralized. > [!NOTE] > Initially generated by Claude Opus 4.7, modified and reviewed by @ssncferreira |
||
|
Sas Swart
|
a586b7e5e0 |
feat: add boundary_log rbac resource (#24810)
RFC: [Bridge ↔ Boundaries Correlation RFC](https://www.notion.so/coderhq/Gateway-and-Firewall-Correlation-RFC-31ad579be592803aa8b3d48348ccdde9) Register a dedicated `boundary_log` RBAC resource type with `create`, `read`, and `delete` actions, replacing the placeholder `rbac.ResourceAuditLog` and `rbac.ResourceSystem` references previously used in the dbauthz layer. Create is granted at user-level so workspace agents can only write logs owned by their workspace owner, preventing cross-workspace log fabrication. Delete is restricted to `DBPurge` only; no human role (including owner) can delete boundary logs. | Subject | Create (own) | Create (other) | Read (all) | Delete | |---|---|---|---|---| | Workspace agent | yes | no | no | no | | Owner (site admin) | yes (via member) | no | yes | no | | Auditor | no | no | yes | no | | DBPurge | no | no | no | yes | ### Changes - **RBAC policy & resource definition**: add `boundary_log` to `policy.go` and generate `ResourceBoundaryLog` object, scope constants, and codersdk/TypeScript types. - **dbauthz authorization**: replace all `ResourceAuditLog`/`ResourceSystem` placeholders with `ResourceBoundaryLog`. `InsertBoundaryLog` and `InsertBoundarySession` derive the workspace owner from the agent and authorize with `.WithOwner()` for user-scoped create. - **Role assignments:** - **Owner (site):** read only. Excluded from `allPermsExcept` wildcard; create is inherited from member at user-level. - **Member (user-level):** create. User-scoped so agents can only write logs they own. - **Auditor (site):** read. - `boundary_log` is excluded from org-admin, org-member, and org-service-account `allPermsExcept` calls for consistency with `ResourceBoundaryUsage`. - **System subjects:** - **DB Purge** (`SubjectTypeDBPurge`): delete. The only subject that can remove boundary logs. - **Workspace agent scope**: `ResourceBoundaryLog` with wildcard ID in the agent scope allow-list (necessary for creation since no pre-existing ID exists). User-level role scoping prevents deployment-wide access. - **DB migration** (`000510_boundary_log_scopes`): add `boundary_log:*`, `boundary_log:create`, `boundary_log:delete`, `boundary_log:read` enum values to `api_key_scope`. - **Test coverage**: `BoundaryLogCreate` (user-scoped, only matching owner succeeds), `BoundaryLogDelete` (all human roles denied), `BoundaryLogRead` (owner + auditor). dbauthz mock tests set up workspace agent lookups for owner derivation. - **Generated docs**: update OpenAPI specs, API reference docs, and frontend type definitions. --------- Co-authored-by: Muhammad Danish <mdanishkhdev@gmail.com> Co-authored-by: Coder Agents <coder-agents-review[bot]@users.noreply.github.com> |
||
|
Danielle Maywood
|
88060b846e | style(site): use lightbulb icon for thinking (#25844) | ||
|
Cian Johnston
|
78d556fffc |
feat(site/src/pages/AgentsPage): show error details for generic errors (#25803)
Error messages in agent chat now expose the actual error detail instead of hiding it entirely. Also captures API response detail for generic errors that previously dropped it. |
||
|
Mathias Fredriksson
|
2af037ce02 |
fix(cli): use quartz mock clock in PausedDuringWaitForReady test (#25811)
PausedDuringWaitForReady used the real clock, so the 5s poll in waitForTaskIdle could race with an in-flight stop build. The SQL view (tasks_with_status) returns "unknown" for stop builds with job_status != "succeeded" because the build_status CASE has no branch for (stop, pending) or (stop, running). On macOS CI, where the provisioner is slower, the poll fires during this transient window and hits the TaskStatusUnknown case instead of TaskStatusPaused, failing with "task entered unknown state" rather than the expected "was paused". Convert to the same quartz mock clock pattern that PR #25648 applied to WaitsForWorkingAppState: inject a mock clock via NewWithClock, trap ticker creation and reset, then advance time deterministically so the poll fires after the stop build completes. Closes CODAGT-482 |
||
|
Danny Kopping
|
5b10268827 |
feat: serve 503 sentinel for disabled providers (#25794)
_Disclosure: created with Coder Agents._ When providers are disabled, we should serve a sentinel error so the requesting client (Claude Code, Coder Agents, etc) is informed. Coder Agents can also conditionalize its display to show a helpful error message. --------- Signed-off-by: Danny Kopping <danny@coder.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|
Jakub Domeracki
|
3fb4eefaf7 |
docs(docs/admin/security): point security advisories to GitHub Security Advisories (#25813)
Removes the inline security advisory table and the standalone advisory file (`0001_user_apikeys_invalidation.md`). The advisories section now directs readers to [GitHub Security Advisories](https://github.com/coder/coder/security/advisories). > Generated by Coder Agents on behalf of @jdomeracki-coder |
||
|
Ethan
|
eb2c2799ca |
fix: strip deleted MCP IDs from chats on delete (#25763)
Adds a database migration that reconciles existing stale chat MCP server IDs, then installs a `BEFORE DELETE` trigger on `mcp_server_configs` to remove the deleted ID from `chats.mcp_server_ids`. This keeps chat continuation from failing with `400 One or more MCP server IDs are invalid` after an MCP server config is deleted. This matches the existing repo precedent in `coderd/database/migrations/000241_delete_user_roles.up.sql`, where deleting a custom role cleans `organization_members.roles`, a similarly structured array of references that cannot be protected by a normal foreign key. Closes CODAGT-505 |
||
|
TJ
|
a801d996e7 |
fix(site): update models settings page description text (#25830)
Updates the description text on the Agent Settings > Models page (`/agents/settings/models`). **Before:** "Choose which models from your configured providers are available for users to select. You can set a default and adjust context limits." **After:** "Choose which models from your configured providers are available for Coder Agents. Set a default and adjust context limits." > Generated by Coder Agents on behalf of @tracyjohnsonux |
||
|
TJ
|
650069f949 |
feat: update search dialog with filter pills and default view (#25753)
Update the ChatSearchDialog with four interaction states: 1. **Default (empty)**: quick actions (New chat, Settings, Personal Skills, View usage) + recent chats list 2. **Focused**: filter-by dropdown overlay with clickable chips (Unread, Archived, PR status, Diff URL) 3. **Active search**: filter pills and/or freeform text with debounced live results showing "N results" count 4. **Parameterized filter**: incomplete pill (dashed border) for filters needing a value (e.g. `pr_status:`); Space or Enter commits the value into a solid pill Filter pills and freeform text are combinable. Backspace on empty text removes the last pill. The filter dropdown overlays content below and dismisses on blur or Escape. Changes: - `ChatSearchDialog.tsx`: manages structured filter state with separate `incompleteFilterKey` tracking, renders filter dropdown, passes recent chats and quick action callbacks - `ChatSearchInput.tsx`: renders completed filter pills (solid border, x dismiss) and incomplete pills (dashed border) inline with the text input - `ChatSearchResults.tsx`: default view shows quick actions + recent chats instead of the old help text; "No matching chats" is centered in the modal - `ChatsSidebar.tsx`: passes `recentChats`, `onNewChat`, `onOpenSettings` to the dialog <details> <summary>Implementation notes</summary> - No backend changes; reuses existing `chatSearch()` API and `normalizeChatSearchInput()` normalizer - Filter state uses a clean model: `filters` array for committed filters + `incompleteFilterKey` string for the parameterized filter being typed; `freeText` serves dual purpose (filter value when incomplete key is set, otherwise freeform search) - The filter dropdown is absolutely positioned (`top-full`) below the search input, dismisses via container `onBlur` with `contains(relatedTarget)` check - Quick action links (Personal Skills, View usage) use `Link` components that close the dialog on click > Generated with [Coder Agents](https://coder.com/agents) </details> |
||
|
TJ
|
d3bedb4a93 |
refactor(site): promote search to full-width sidebar nav item (#25595)
Move the chat search button from a subtle icon next to the filter in the
Chats header to a prominent full-width nav item below New Agent. The
search bar shows a magnifying glass icon and "Search" label by default,
with the keyboard shortcut badge (`⌘ K` / `Ctrl K`) and background
appearing on hover/focus.
Also pull the Chats header and filter row out of the scroll area so the
scrollbar only covers the chat list content, and align the logo row with
the nav item content inset.
> 🤖 Generated by Coder Agents on behalf of @tracyjohnsonux
|
||
|
Spike Curtis
|
ee4126e913 |
test: refactor CLI create tests not to use PTY (#25807)
<!-- If you have used AI to produce some or all of this PR, please ensure you have read our [AI Contribution guidelines](https://coder.com/docs/about/contributing/AI_CONTRIBUTING) before submitting. -->Part of https://github.com/coder/internal/issues/1400 Refactors CLI tests of the `create` command as the first batch of tests refactored to take a PTY out of the loop. One interesting difference I noticed between PTY and a direct pipe to standard in is that on the PTY we write `\r` to enter some input, but the kernel actually sends `\n` (or maybe `\r\n`) to the process, at least on Unix. (On windows we sent `\r\n` into the PTY). This is reflected in the implementation of the `Writer` , otherwise mostly inspired by the PTYTest equivalents. |
||
|
Spike Curtis
|
a16de96611 |
chore: extract Expecter into its own package (#25806)
Relates to https://github.com/coder/internal/issues/1400 Extracts the code that matches command output from the code that sets up a PTY, so it can be used independently. Subsequent PRs will actually refactor the tests to use this directly over an inmemory pipe.<!-- If you have used AI to produce some or all of this PR, please ensure you have read our [AI Contribution guidelines](https://coder.com/docs/about/contributing/AI_CONTRIBUTING) before submitting. --> |
||
|
Nick Vigilante
|
dcb107684e |
docs: fix stale redirect links in four docs pages (#25738)
Four pages contained absolute `coder.com/docs` links that issued 308 redirects, creating unnecessary extra hops for readers. These were identified via a SiteOne Crawler redirect-chain audit (DOCS-216). | File | Old link | Final destination | | -- | -- | -- | | `admin/security/0001_user_apikeys_invalidation.md` | `/docs/admin/audit-logs` | `/docs/admin/security/audit-logs` | | `admin/templates/extending-templates/web-ides.md` | `/docs/code-server/` (trailing slash) | `/docs/code-server` | | `user-guides/workspace-access/index.md` | `/docs/code-server/latest` | `/docs/code-server` | | `install/cloud/azure-vm.md` | `/docs/coder-oss/latest/install` | `/docs/install` | Also quotes the `[install.sh]` bash associative array key in `scripts/release/check_commit_metadata.sh` to fix a pre-existing shfmt parse warning (shfmt misreads `.sh` inside unquoted `[...]` as a floating-point expression). --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|
George K
|
9d90b32d92 |
fix(flake.nix): stop forcing musl biome binary in dev shell (#25815)
The nix dev shell was forcing BIOME_BINARY to the musl package, but pnpm install on glibc hosts only installs the glibc biome package by default. That caused pnpm exec biome to fail in nix-shell even though the default biome binary worked when BIOME_BINARY was unset. |
||
|
Jon Ayers
|
bb11946bd4 |
fix: require update permission to recreate devcontainers (#25812)
- The httpmw upstream from this endpoint only checks for read perms to the workspace agent. Recreating a dev container should require `update` perms since it mutates state. This also matches the behavior of the `DELETE` endpoint |
||
|
Jon Ayers
|
c248dfb437 | fix: escape agent log HTML (#25808) | ||
|
Cian Johnston
|
7ea0eff94e |
fix: improve chat audit log descriptions and diff rendering (#25728)
Chat ACL audit diffs rendered as `[object Object]` because the diff viewer called `.toString()` on object values. Common chat operations (archive, share) showed generic "updated chat" descriptions instead of semantic ones. Add `chatAuditLogDescription` to derive semantic descriptions from the audit diff for successful chat writes: "archived/unarchived chat" for archive toggles, "updated sharing for chat" for ACL-only changes. Extract diff value formatting into `formatAuditDiffValue`, which renders object values as deterministic compact JSON with sorted keys, fixing the `[object Object]` rendering for chat ACLs and any other object-valued fields. The previous `determineIdPSyncMappingDiff` workaround for IdP sync mappings was removed because the generic formatting handles it. Closes CODAGT-513 > Generated by Coder Agents on behalf of @johnstcn |
||
|
TJ
|
ebf56ebd12 |
feat(site): desktop panel toolbar, zoom modes, and pop-out window (#25585)
Redesigns the agent desktop panel with a persistent toolbar, zoom modes, and a detachable pop-out window. ## Changes **Toolbar** (`DesktopToolbar`) - Persistent top bar with right-aligned controls: Take/Release control, Zoom toggle, Detach - All buttons use consistent `subtle` variant with icon + label - `h-8` height, `bg-surface-primary` background with bottom border **Zoom modes** - Defaults to fit-to-window (`scaleViewport = true`) so the full 1920x1080 desktop is visible - Toggle to native 100% resolution via toolbar button or keyboard shortcuts (`Ctrl+0` fit, `Ctrl+1` native) - noVNC background color overridden from hardcoded `rgb(40,40,40)` to `--surface-secondary` so letterbox margins match the app theme in light and dark mode **Pop-out window** - New route at `/agents/:agentId/desktop` for a dedicated desktop window - Opens via toolbar "Detach" button at 50% of screen size, centered - BroadcastChannel coordination: sidebar shows placeholder with "Bring back" button - Closing the pop-out window automatically restores the sidebar panel **Other** - `useDesktopConnection` hook accepts `scaleViewport` option, synced to the RFB instance via a secondary effect - `DesktopPanelContext` extended with `agent` and `workspace` fields - Replaces the previous hover-overlay take/release control UX with toolbar buttons > Generated by Coder Agents on behalf of @tracyjohnsonux |
||
|
DevCats
|
094fe971ad |
chore(aibridge): add AWS PRM user-agent attribution for Bedrock calls (#25221)
Adds middleware in `withAWSBedrockOptions` that appends the AWS Partner Revenue Measurement (PRM) attribution string to the User-Agent header on every Bedrock API call made through AI Bridge. This is the AI Bridge counterpart to the Terraform provisioner change merged in #23138. Together, they ensure all AWS API calls made by Coder (both workspace infrastructure via Terraform and LLM inference via Bedrock) include PRM attribution. ## How it works - A middleware is added before `bedrock.WithConfig(awsCfg)` that reads the existing `User-Agent` header and appends `sdk-ua-app-id/APN_1.1%2Fpc_cdfmjwn8i6u8l9fwz8h82e4w3%24` - Only affects Bedrock calls; OpenAI and direct Anthropic API calls are unaffected - Uses `option.WithMiddleware` rather than `option.WithHeader` because the existing User-Agent (set by the Anthropic SDK) must be preserved and appended to, not replaced ## Tests - **Positive**: `TestAWSBedrockIntegration` verifies PRM attribution is present in the User-Agent on Bedrock requests - **Negative**: `TestAnthropicMessages` verifies PRM attribution is absent on non-Bedrock requests ## References - Companion Terraform provisioner PR: #23138 (merged) - Backport: #24052 (merged) - Preserve existing `AWS_SDK_UA_APP_ID`: #24606 (open) - Original `coder/aibridge` PR: https://github.com/coder/aibridge/pull/224 (superseded by this PR since aibridge was moved into coder/coder via #24190) - [AWS SDK Application ID docs](https://docs.aws.amazon.com/sdkref/latest/guide/feature-appid.html) - [AWS PRM Automated User Agent](https://prm.partner.aws.dev/automated-user-agent.html) (partner login required) > Generated with [Coder Agents](https://coder.com/agents) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> |
||
|
Danielle Maywood
|
0d1340a430 | fix: collapse agent command output by default (#25748) | ||
|
dependabot[bot]
|
df929467f6 |
chore: bump github.com/open-policy-agent/opa from 1.11.0 to 1.17.0 (#25200)
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.11.0 to 1.17.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/open-policy-agent/opa/releases">github.com/open-policy-agent/opa's releases</a>.</em></p> <blockquote> <h2>v1.16.2</h2> <p>This release updates the version of Go used to build the OPA binaries and images to 1.26.3; addressing <a href="https://groups.google.com/g/golang-announce/c/qcCIEXso47M">a number of vulnerabilities</a>.</p> <h2>v1.16.1</h2> <p>This is a patch release addressing a regression in the plugin manager that may cause the service to hang on shutdown (<a href="https://redirect.github.com/open-policy-agent/opa/pull/8590">#8590</a>).</p> <h2>v1.16.0</h2> <blockquote> <p>[!WARNING]</p> <p>A regression has been found in the plugin manager, which may cause the service to hang on shutdown. Users are advised to go directly to v1.16.1.</p> </blockquote> <p>This release contains a mix of new features, performance improvements, and bugfixes. Notably:</p> <ul> <li>New <code>uri.parse</code> and <code>uri.is_valid</code> built-in functions</li> <li>Data API Request/Response Metadata</li> <li>Prometheus metrics exported via OTLP</li> <li>Formatter improvements</li> </ul> <blockquote> <p><strong><em>NOTE:</em></strong></p> <p>In v1.15.x, OPA was dropping logs for bundle downloads, <code>print()</code> calls and other plugin-originated logs. Users are advised to update, v1.16.0 fixes this bug in (<a href="https://redirect.github.com/open-policy-agent/opa/pull/8544">#8544</a>).</p> </blockquote> <h3>New <code>uri.parse</code> and <code>uri.is_valid</code> built-in functions (<a href="https://redirect.github.com/open-policy-agent/opa/issues/8263">#8263</a>)</h3> <p>Two new <a href="https://www.openpolicyagent.org/docs/policy-reference/builtins">built-in functions</a> have been added: <code>uri.parse</code> for parsing a given URI, and <code>uri.is_valid</code> for verifying the structure of a given URI.</p> <h4>uri.parse</h4> <p>Parses a URI and returns an object containing its components according to <a href="https://www.rfc-editor.org/rfc/rfc3986.html">RFC 3986</a>. Empty components are omitted.</p> <pre lang="rego"><code>package example <p>test_uri if { uri.parse("<a href="https://example.com:8080/api?q=1#top">https://example.com:8080/api?q=1#top</a>") == { "scheme": "https", "hostname": "example.com", "port": "8080", "path": "/api", "raw_path": "/api", "raw_query": "q=1", "fragment": "top", } } </code></pre></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md">github.com/open-policy-agent/opa's changelog</a>.</em></p> <blockquote> <h2>1.17.0</h2> <p>This release contains a mix of new features, performance improvements, and bugfixes. Notably:</p> <ul> <li>A new <code>future.keywords.not</code> import that adds improved semantics to the <code>not</code> keyword.</li> <li>Rule Labels in Decision Logs</li> <li>Published json schema for IR and bundle manifest</li> <li>Dropped automaxprocs and x/net dependencies</li> </ul> <h3>Improved Negation Semantics (<a href="https://redirect.github.com/open-policy-agent/opa/issues/8387">#8387</a>)</h3> <p>This OPA release introduces a new <a href="https://www.openpolicyagent.org/docs/policy-reference/keywords/not#improved-negation-semantics"><code>future.keywords.not</code> import</a> that fixes a long-standing semantic issue with negation in Rego.</p> <p>Without the import, the compiler expands a negated composite expression like <code>not f(g(input.x))</code> into a series of sub-expressions evaluated <em>before</em> the <code>not</code>:</p> <pre><code>__local0__ = input.x g(__local0__, __local1__) not f(__local1__) </code></pre> <p>If any sub-expression fails — for example, <code>input.x</code> is undefined or <code>g</code> produces an undefined result — the entire rule fails rather than the <code>not</code> succeeding. This is unintuitive: the user's intent is "the condition does not hold," but an undefined intermediate value causes a silent failure instead of the expected <code>not</code> result.</p> <p>With <code>import future.keywords.not</code>, composite-expression negation wraps the full compiler expansion in an implicit body:</p> <pre><code>not { __local0__ = input.x; g(__local0__, __local1__); f(__local1__) } </code></pre> <p>Now, if <em>any</em> sub-expression is undefined or fails, the body is unsatisfiable and the <code>not</code> expression succeeds; matching the intuition that "the condition does not hold."</p> <blockquote> <p><strong><em>NOTE:</em></strong></p> <p>Users are recommended to import <code>future.keywords.not</code> whenever the <code>not</code> keyword is used in a policy.</p> </blockquote> <p>Authored by <a href="https://github.com/johanfylling"><code>@johanfylling</code></a></p> <h3>Rule Labels in Decision Logs (<a href="https://redirect.github.com/open-policy-agent/opa/issues/2089">#2089</a>)</h3> <p>Rule annotations now support a <code>labels</code> field. Labels from all successfully evaluated rules are collected and included in each decision log entry as a top-level <code>rule_labels</code></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/open-policy-agent/opa/commit/64a3625d33bc6ad8e7c40df03b76ce2fb3ab4d21"><code>64a3625</code></a> Release v1.17.0 (<a href="https://redirect.github.com/open-policy-agent/opa/issues/8710">#8710</a>)</li> <li><a href="https://github.com/open-policy-agent/opa/commit/68c9de5da00ea9d631c50327c709d5d7e8844bba"><code>68c9de5</code></a> benchmarks: tweak per-PR benchmark regression check based on pr-check</li> <li><a href="https://github.com/open-policy-agent/opa/commit/7fe3066154b7780eac16c290475f8506573a427f"><code>7fe3066</code></a> server: remove dead code (s.partials) (<a href="https://redirect.github.com/open-policy-agent/opa/issues/8708">#8708</a>)</li> <li><a href="https://github.com/open-policy-agent/opa/commit/37830be801a9ce4ec6d23df33f645bb6095f3043"><code>37830be</code></a> ast,storage/inmem: Add <code>inmem.NewFromASTObject</code> and add missing string case t...</li> <li><a href="https://github.com/open-policy-agent/opa/commit/1661f22ba399e94d08d8fb85218580a61779bdc4"><code>1661f22</code></a> ast: add some schema $ref tests</li> <li><a href="https://github.com/open-policy-agent/opa/commit/3e22f562f1e370973c1b6750eff11d06fe554c70"><code>3e22f56</code></a> benchmarks: only run for go changes</li> <li><a href="https://github.com/open-policy-agent/opa/commit/13aaeabce2221217cb6c175b269475803740fad2"><code>13aaeab</code></a> benchmarks: move env vars, remove zizmor-ignore comment</li> <li><a href="https://github.com/open-policy-agent/opa/commit/93e170868ac37f87696adfc2d7f672a0f1814936"><code>93e1708</code></a> benchmarks: fix PR message, skip tests</li> <li><a href="https://github.com/open-policy-agent/opa/commit/4ce3991901eed5b622a21f2f629029727e192ba7"><code>4ce3991</code></a> benchmarks: use go tool machinery, add benchstat</li> <li><a href="https://github.com/open-policy-agent/opa/commit/41df8df4a26d8de7a81bf4c5d78cb94f10a108d5"><code>41df8df</code></a> benchmarks: use benchlab for per-PR feedback</li> <li>Additional commits viewable in <a href="https://github.com/open-policy-agent/opa/compare/v1.11.0...v1.17.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Steven Masley
|
4591212482 |
feat: implement SCIM handler for SCIM 2.0 compliance (#25572)
Rewrites the SCIM 2.0 user provisioning handler to be RFC 7644 compliant. Verified against an external IdP Okta. Behavior is OPT IN |
||
|
Cian Johnston
|
6df1536256 |
fix: add missing_key error kind for missing chat api_key_id (#25783)
Refs CODAGT-486 - `codersdk/chats.go`: New `ChatErrorKindMissingKey` constant and `AllChatErrorKinds` entry - `coderd/x/chatd/chaterror/message.go`: `terminalMessage` and `retryMessage` cases - `coderd/x/chatd/model_routing_aibridge.go`: Pre-classify error with `WithClassification` - `coderd/x/chatd/model_routing_internal_test.go`: Classification assertion on production path (CRF-2) - `chatStatusHelpers.ts`: Frontend title "Chat interrupted" - `LiveStreamTail.stories.tsx`: Storybook story with `detail` assertion - `docs/ai-coder/ai-gateway/clients/coder-agents.md`: Troubleshooting entry - Tests: classification round-trip, terminal message, metrics kind enumeration > Generated with [Coder Agents](https://coder.com/agents) on behalf of @johnstcn |
||
|
Nick Vigilante
|
ea280c5a90 |
docs(docs/install): strengthen Linux-only requirement on Docker install page (#25742)
Closes DOCS-68. Promotes the existing "Linux only" guidance on `docs/install/docker.md` from an easy-to-miss bullet point to a prominent `[!IMPORTANT]` callout, and briefly states *why* the page is Linux-only so macOS readers do not waste time on the `getent` / `--group-add` snippets. ## Why this re-scope vs. the original ticket The original DOCS-68 scope was "add a macOS `getent` alternative". On inspection, that framing has three problems: 1. The Requirements section already says "A Linux machine. For macOS devices, start Coder using the standalone binary," so macOS users are already redirected. The signal just lives in a bullet that is easy to overlook. 2. The `--group-add $DOCKER_GROUP` mechanism that drives the `getent` call is Linux-specific. macOS Docker runtimes (Docker Desktop, Colima, Rancher Desktop, Podman) use a VM and forward the socket differently; the flag does not translate cleanly to any of them. 3. Defining a canonical macOS Docker path is the scope of [DEVREL-22](https://linear.app/codercom/issue/DEVREL-22) (recommend Colima / Rancher / Podman alternatives in the Quick Start guide). DOCS-68 should not pre-empt that work. This PR narrows the fix to making the existing macOS guidance unmissable. A real macOS Docker install path can come as a separate follow-up once DEVREL-22 lands and the recommended runtime is settled. <details> <summary>Decision log</summary> * **(A) Close DOCS-68 as absorbed by DEVREL-22.** Rejected — the install page still has a discoverability problem that DEVREL-22 (Quick Start) will not fix. * **(B) Re-scope DOCS-68 to a narrow today-fix (this PR).** Selected. * **(C) Defer DOCS-68 until DEVREL-22 lands.** Rejected — the install page is shipping the weaker guidance every day until then. </details> > [!NOTE] > This is a docs-only change. No product code was modified. --- *Generated by Coder Agents on behalf of @nickvigilante.* |
||
|
Nick Vigilante
|
e32fdc813b |
ci: rerun docs preview job on subsequent pushes (#25456)
Fixes DOCS-174: the docs-preview workflow only fired on `pull_request: opened`. Subsequent pushes left the preview comment stale. ## Changes - Add `synchronize` and `reopened` to trigger types so subsequent pushes retrigger the workflow. - Add a workflow-level `concurrency` group keyed by PR number with `cancel-in-progress: true` so rapid successive pushes don't race the comment-upsert lookup. - Replace always-create comment logic with an upsert: find the existing comment containing `<!-- docs-preview -->` and PATCH it; fall through to create only when none exists or the PATCH itself fails (comment was deleted between find and update). - Filter the upsert lookup to comments authored by `github-actions[bot]` so a human comment containing the marker is never silently overwritten. - Decouple the `gh api` lookup from the `head -n 1` pipe so API failures (network, auth, rate-limit) propagate immediately instead of being swallowed by `|| true`. - Delete the stale preview comment when a `synchronize` push drops all Markdown changes (e.g. a follow-up push that removes the file an earlier push had previewed but still touches `docs/`). The previous preview comment would otherwise point at a deleted page. - Extract the marker and the comment-selector jq into a single `DOCS_PREVIEW_MARKER` variable and a `list_docs_preview_comments` shell function so the stale-cleanup and upsert branches share one source of truth. ## Out of scope Vercel ISR cache invalidation for feature branch previews requires a coder.com change (the `algolia-docs-sync` endpoint only accepts `main` and `release/*` refs). Tracked separately in DOCS-174 out-of-scope notes. Pulls that fully revert their `docs/` changes in a follow-up push won't fire this workflow at all (GitHub's `paths` filter requires a path match in the diff), so a stale preview comment can survive on that specific edge. Removing the `paths` filter to handle it would run the workflow on every PR push, which is disproportionate. Acknowledged in [CRF-12](https://github.com/coder/coder/pull/25456#discussion_r3313738550). <details> <summary>Implementation notes</summary> **Marker and selector deduplication**: The marker string and jq selector previously appeared at three sites (comment body, stale-cleanup API call, upsert API call). They're now consolidated into `DOCS_PREVIEW_MARKER` plus a `list_docs_preview_comments` shell function so a future marker change updates one place. **Comment body construction**: The double-quoted multi-line string form with escaped backticks (`` \` ``) for the inline-code spans is shellcheck-clean. An earlier draft used `printf -v comment_body` with a single-quoted format string containing backticks, which triggered SC2016; the printf-three-pieces workaround that replaced it has since been simplified to the direct double-quoted form. **Upsert logic**: `gh api --paginate` fetches all PR comments, jq filters to `github-actions[bot]`-authored comments containing the marker, and the workflow PATCHes the first match. If the PATCH fails (404 because the comment was deleted between find and update), the script falls through to `gh pr comment` to create a new one. Self-heals on the next push if both paths somehow fail. **Stale-cleanup logic**: Same selector as upsert, but in the early-exit branch when no Markdown files exist in this push. `DELETE` failures are logged and execution continues (the next push will re-attempt or post a fresh comment), so a transient API failure won't fail the CI job. </details> > Generated by Coder Agents on behalf of @nickvigilante |
||
|
Danielle Maywood
|
8600b59aae | fix(site): normalize thinking transcript row (#25749) | ||
|
Danny Kopping
|
12520ee964 |
feat: add ai provider status and reload freshness metrics (#25770)
Add metrics for `aibridged` and `aibridgeproxyd`'s provider statuses. AI providers can be modified, and possibly misconfigured, at runtime. These metrics help operators understand the state of these provider definitions in case unexpected behaviour is observed. |
||
|
Nick Vigilante
|
637855e276 |
docs(docs/ai-coder): clarify Add-On is separate from Premium, add v2.32 requirement callout (#25463)
Closes DOCS-54. Updates `docs/ai-coder/ai-governance.md` to address two known points of confusion: 1. **Add-On is not included in Premium.** The intro previously said the Add-On "can be added to Premium seats", which readers interpreted as bundled. Rewritten to say it is a separate per-user license that must be purchased in addition to Premium. 2. **v2.32 requirement is now prominent.** This was buried in a `## GA status and availability` section at the bottom. A `[!NOTE]` callout is added directly after the feature list so it is visible immediately. The duplicate paragraph in the GA section is removed. Also fixes "extend that platform" → "extend the Coder platform" (the original phrase had no clear antecedent). > [!NOTE] > This is a docs-only change. No product code was modified. --- *Generated by Coder Agents on behalf of @nickvigilante.* Co-authored-by: Mathias Fredriksson <mafredri@gmail.com> |
||
|
Nick Vigilante
|
ea71242f34 |
docs(docs/admin/monitoring): document log-human disable workaround (#25741)
Closes DOCS-66. Adds a `[!NOTE]` callout to `docs/admin/monitoring/logs.md` documenting that `--log-human=""` (empty string) does not disable human-readable logging; the working value is `--log-human=/dev/null`. ## Context Reported by Bjorn Robertsson in `#docs` on 2026-04-29. Operators trying to silence the human-readable log stream had been setting `--log-human` (or `CODER_LOGGING_HUMAN`) to an empty string and getting unchanged log output. The empty-string path hits a 2023-vintage code path that falls back to the default `/dev/stderr` instead of disabling output. This PR documents the workaround on the admin-facing logs page. The CLI flag reference under `docs/reference/cli/server.md` is auto-generated and intentionally left unchanged. A separate engineering issue may be worth filing to fix the root cause (empty string should either disable or surface a warning). > [!NOTE] > This is a docs-only change. No product code was modified. --- *Generated by Coder Agents on behalf of @nickvigilante.* |
||
|
Mathias Fredriksson
|
7a9125b953 |
fix(agent/agentfiles): merge duplicate file paths instead of rejecting (#25767)
When a caller sends multiple entries for the same literal path, merge their edits into a single entry rather than returning 400. Symlink aliases (different paths, same real file) are still rejected. |
||
|
Mathias Fredriksson
|
daf73b7b89 |
chore: mark database codegen files as linguist-generated (#25787)
These files all have 'Code generated' / 'DO NOT EDIT' headers but were not in .gitattributes. This causes GitHub to show them expanded in PR diffs and count them toward diff stats. Files added: - coderd/database/queries.sql.go (sqlc) - coderd/database/models.go, querier.go (sqlc) - coderd/database/dbmock/dbmock.go (gomock) - coderd/database/dbmetrics/querymetrics.go (dbgen) - coderd/database/unique_constraint.go (dbgen) - coderd/database/foreign_key_constraint.go (dbgen) - coderd/database/check_constraint.go (dbgen) |
||
|
Danny Kopping
|
f91390b2c8 |
ci: don't fail job if commenting on locked PR (#25765)
The final step of `.github/workflows/cherry-pick.yaml` comments on the original PR with a link to the cherry-pick PR. If the original PR is locked, `gh pr comment` fails and the whole job exits with status 1, even though the backport branch and PR were created successfully. See https://github.com/coder/coder/actions/runs/26559681779/job/78239379200 for an example. Make the comment non-fatal: log a warning and continue. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|
Danny Kopping
|
a9f5ed7644 |
fix: re-validate provider per request and classify reloads (#25766)
Refactors the `aibridgeproxyd` provider reload mechanism which was unnecessarily complex. Also ensures that providers are evaluated on each CONNECT request to prevent interception of requests to (newly) disabled providers; in this case the requests will passthrough unencrypted, by design. |
||
|
Mathias Fredriksson
|
673709bd34 | ci(.github/workflows/doc-check): update agents-chat-action to v0.3.0 (#25784) | ||
|
Ethan
|
7e2f7198dd |
fix(coderd/x/chatd/chatloop): use stream silence timeout (#25782)
Replaces the 60 second first-token timeout in the chat loop with a 10 minute stream-silence timeout. Previously, the guard bounded only the gap before the first stream part. Once any part arrived the attempt could hang indefinitely if the provider stopped streaming without closing the connection, and even normal long-running responses could be killed after 60 seconds if the provider was slow to emit the first token. The guard now arms when a model attempt opens its stream, resets on every received stream part, and fires after 10 minutes of complete silence. The existing retry path still handles the timeout, and the public `startup_timeout` error kind is preserved to avoid API and frontend churn. 10 minutes matches the default request timeout used by the Anthropic and OpenAI Python SDKs. Closes CODAGT-493 |