Adds `hostname-suffix` flag to `coder ssh` command for use in SSH Config ProxyCommands.
Also enforces that Coder server doesn't start the suffix with a dot.
part of: #16828
Adds `hostname-suffix` as a Config SSH option that we get from Coderd, and also accept via a CLI flag.
It doesn't actually do anything with this value --- that's for PRs up the stack, since we need the `coder ssh` command to be updated to understand the suffix first.
Adds deployment option `CODER_WORKSPACE_HOSTNAME_SUFFIX`. This will eventually replace `CODER_SSH_HOSTNAME_PREFIX`, but we will do this slowly and support both for `coder ssh` for some time.
Note that the name is changed to "workspace" hostname, since this suffix will also be used for Coder Connect on Coder Desktop, which is not limited to SSH.
## Issue
Closes#16824
Document that the default GitHub authentication app provided by Coder
requires device flow, and that this behavior cannot be overridden.
## Changes Made
Claude updated the GitHub authentication documentation to:
1. Add a prominent warning in the Default Configuration section
explaining that the default GitHub app requires device flow and ignores
the `CODER_OAUTH2_GITHUB_DEVICE_FLOW` setting
2. Clarify the Device Flow section to indicate that:
- Device flow is always enabled for the default GitHub app
- Device flow is optional for custom GitHub OAuth apps
- The `CODER_OAUTH2_GITHUB_DEVICE_FLOW` setting is ignored when using
the default app
[preview](https://coder.com/docs/@16824-github-device-flow/admin/users/github-auth)
<sub>🤖 Generated with [Claude Code](https://claude.ai/code)</sub>
---------
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: M Atif Ali <atif@coder.com>
The purpose of the PR is to make a copy of the CreateWorkspacePage and
create an experimental version that will use when the dynamic-parameters
experiment is enabled.
The Figma designs for this page are still in progress but this first PR
will start to move to the new designs.
Figma design:
https://www.figma.com/design/SMg6H8VKXnPSkE6h9KPoAD/UX-Presets?node-id=2121-2383&t=CtgPUz8eNsTI5b1t-1
Much of the existing code will be left behind and will slowly migrated
over the course of several PRs to make sure no existing functionality is
forgotten in the migration to dynamic paramaters.
## Summary
- Clarifies that the CODER_EXTERNAL_AUTH_0_ID value is used as part of
the OAuth callback URL path
- Adds explicit callback URL examples to GitLab and Bitbucket Server
sections
- Updates the GitHub OAuth app configuration instructions to be more
explicit
- Fixes the documentation mistake where it claimed this ID was only for
"internal reference"
## Test plan
- Documentation change only
- Verified consistency across all OAuth provider sections
Fixes#16851
[preview](https://coder.com/docs/@fix-external-auth-docs-16851/admin/external-auth)
<sub>🤖 Generated with [Claude Code](https://claude.ai/code)</sub>
---------
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
Co-authored-by: Edward Angert <EdwardAngert@users.noreply.github.com>
Co-authored-by: M Atif Ali <atif@coder.com>
## Issue
Closes#16206
(thanks @bjornrobertsson - not sure why I can't tag you as a reviewer)
Mismatch between the SMTP configuration UI and the documentation.
## Verification
Claude verified this issue by examining:
1. The current SMTP configuration code in the codebase
2. The CLI help documentation for the server command
3. The examples provided in the notifications documentation
The issue was confirmed by finding:
- A reference to a deprecated variable
`CODER_NOTIFICATIONS_EMAIL_FORCE_TLS` instead of the current
`CODER_EMAIL_FORCE_TLS`
- Missing information about the port format required for the SMTP
smarthost
## Changes made
1. Updated the `--email-smarthost` description to clarify that the
format should include both hostname and port: `(format:
hostname:port)`
2. Fixed the reference to the TLS environment variable in the STARTTLS
description, replacing the deprecated
`CODER_NOTIFICATIONS_EMAIL_FORCE_TLS` with the correct
`CODER_EMAIL_FORCE_TLS`
## Additional information
The Gmail and Outlook examples in the documentation already correctly
show the port included in the smarthost configuration, but the main
description table needed to be updated to explicitly mention this
requirement.
[preview](https://coder.com/docs/@16206-smtp-required-components/admin/monitoring/notifications)
<sub>🤖 Generated with [Claude Code](https://claude.ai/code)</sub>
---------
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
This does ~95% of the backend work required to integrate the AI work.
Most left to integrate from the tasks branch is just frontend, which
will be a lot smaller I believe.
The real difference between this branch and that one is the abstraction
-- this now attaches statuses to apps, and returns the latest status
reported as part of a workspace.
This change enables us to have a similar UX to in the tasks branch, but
for agents other than Claude Code as well. Any app can report status
now.
Closes https://github.com/coder/coder/issues/16775
## Changes made
- Added `OneWayWebSocket` function that establishes WebSocket
connections that don't allow client-to-server communication
- Added tests for the new function
- Updated API endpoints to make new WS-based endpoints, and mark
previous SSE-based endpoints as deprecated
- Updated existing SSE handlers to use the same core logic as the new WS
handlers
## Notes
- Frontend changes handled via #16855
* Adds `codersdk.ExperimentWebPush` (`web-push`)
* Adds a `coderd/webpush` package that allows sending native push
notifications via `github.com/SherClockHolmes/webpush-go`
* Adds database tables to store push notification subscriptions.
* Adds an API endpoint that allows users to subscribe/unsubscribe, and
send a test notification (404 without experiment, excluded from API docs)
* Adds server CLI command to regenerate VAPID keys (note: regenerating
the VAPID keypair requires deleting all existing subscriptions)
---------
Co-authored-by: Kyle Carberry <kyle@carberry.com>
- Update go.mod to use Go 1.24.1
- Update GitHub Actions setup-go action to use Go 1.24.1
- Fix linting issues with golangci-lint by:
- Updating to golangci-lint v1.57.1 (more compatible with Go 1.24.1)
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <claude@anthropic.com>
Pre-requisite for https://github.com/coder/coder/pull/16891
Closes https://github.com/coder/internal/issues/515
This PR introduces a new concept of a "system" user.
Our data model requires that all workspaces have an owner (a `users`
relation), and prebuilds is a feature that will spin up workspaces to be
claimed later by actual users - and thus needs to own the workspaces in
the interim.
Naturally, introducing a change like this touches a few aspects around
the codebase and we've taken the approach _default hidden_ here; in
other words, queries for users will by default _exclude_ all system
users, but there is a flag to ensure they can be displayed. This keeps
the changeset relatively small.
This user has minimal permissions (it's equivalent to a `member` since
it has no roles). It will be associated with the default org in the
initial migration, and thereafter we'll need to somehow ensure its
membership aligns with templates (which are org-scoped) for which it'll
need to provision prebuilds; that's a solution we'll have in a
subsequent PR.
---------
Signed-off-by: Danny Kopping <dannykopping@gmail.com>
Co-authored-by: Sas Swart <sas.swart.cdk@gmail.com>
This PR aims to allow clients to use different format for the title and
content of inbox notifications - on the watch endpoint.
This solution will help to have it working and formatted differently on
VSCode, WebUI ...
[Related to this issue](https://github.com/coder/internal/issues/523)
Fixes https://github.com/coder/coder/issues/17009
Adds a CLI command `coder open app <workspace> <app-slug>` that allows
opening arbitrary `coder_apps` via the CLI.
Users can optionally specify a region for workspace
applications.
Add the `--github-user-id` option to `coder users list`, which makes the
command only return users with a matching GitHub user id. This will
enable https://github.com/coder/start-workspace-action to find a Coder
user that corresponds to a GitHub user requesting to start a workspace.
This change allows specifying devcontainers in terraform and plumbs it
through to the agent via agent manifest.
This will be used for autostarting devcontainers in a workspace.
Depends on coder/terraform-provider-coder#368
Updates #16423
[Resolve this issue](https://github.com/coder/internal/issues/506)
Add a mark-all-as-read endpoint which is marking as read all
notifications that are not read for the authenticated user.
Also adds the DB logic.
* Improves separation of concerns between `runDockerInspect` and
`convertDockerInspect`: `runDockerInspect` now just runs the command and
returns the output, while `convertDockerInspect` now does all of the
conversion and parsing logic.
* Improves testing of `convertDockerInspect` using real test fixtures.
* Fixes issue where the container port is returned instead of the host
port.
* Updates UI to link to correct host port. Container port is still
displayed in the button text, but the HostIP:HostPort is shown in a
popover.
* Adds stories for workspace agent UI
This PR is part of the inbox notifications topic, and rely on previous
PRs merged - it adds :
- Endpoints to :
- WS : watch new inbox notifications
- REST : list inbox notifications
- REST : update the read status of a notification
Also, this PR acts as a follow-up PR from previous work and :
- fix DB query issues
- fix DBMem logic to match DB
from @NickSquangler
> ($customer) noticed when setting up external auth with Gitlab that the
command listed in the docs is in the incorrect order, as `coder
external-auth <USER_DEFINED_ID> access-token` should be `coder
external-auth access-token <USER_DEFINED_ID>`
[preview](https://coder.com/docs/@external-auth-access-token/admin/external-auth#workspace-cli)
<details><summary>coder external-auth access-token --help</summary>
```shell
coder external-auth access-token --help
coder v2.20.0+03b5012
USAGE:
coder external-auth access-token [flags] <provider>
Print auth for an external provider
Print an access-token for an external auth provider. The access-token will be validated and sent
to stdout with exit code 0. If a valid access-token cannot be obtained, the URL to authenticate
will be sent to stdout with exit code 1
- Ensure that the user is authenticated with GitHub before cloning.:
$ #!/usr/bin/env sh
OUTPUT=$(coder external-auth access-token github)
if [ $? -eq 0 ]; then
echo "Authenticated with GitHub"
else
echo "Please authenticate with GitHub:"
echo $OUTPUT
fi
- Obtain an extra property of an access token for additional metadata.:
$ coder external-auth access-token slack --extra "authed_user.id"
OPTIONS:
--extra string
Extract a field from the "extra" properties of the OAuth token.
———
Run `coder --help` for a list of global options.
```
</details>
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
bug caused via the `apk del terraform` line in our Dockerfile, which
does not yet exist in the Alpine Linux OS.
removing this line (18) results in successful builds.
ケイラ