# Use workspace.OwnerUsername instead of fetching the owner
This PR optimizes the agent API by using the `workspace.OwnerUsername` field directly instead of making an additional database query to fetch the owner's username. The change removes the need to call `GetUserByID` in the manifest API and workspace agent RPC endpoints.
An issue arose when the agent token was scoped without access to user data (`api_key_scope = "no_user_data"`), causing the agent to fail to fetch the manifest due to an RBAC issue.
Change-Id: I3b6e7581134e2374b364ee059e3b18ece3d98b41
Signed-off-by: Thomas Kosiewski <tk@coder.com>
Part of #17649
---
# Allow MCP server to run without authentication
This PR enhances the MCP server to operate without requiring authentication, making it more flexible for environments where authentication isn't available or necessary. Key changes:
- Replaced `InitClient` with `TryInitClient` to allow the MCP server to start without credentials
- Added graceful handling when URL or authentication is missing
- Made authentication status visible in server logs
- Added logic to skip user-dependent tools when no authenticated user is present
- Made the `coder_report_task` tool available with just an agent token (no user token required)
- Added comprehensive tests to verify operation without authentication
These changes allow the MCP server to function in more environments while still using authentication when available, improving flexibility for CI/CD and other automated environments.
this updates `go` to the latest stable patch version `1.24.2` in:
- `go.mod`
- `dogfood/coder/Dockerfile`
- `.github/actions/setup-go/action.yaml`
- `flake.nix`
written with the assistance of ClaudeCode.
---------
Co-authored-by: Thomas Kosiewski <tk@coder.com>
Followup PR to #16781, update the terraform version in our Nix devshell.
Additionally:
1. Switches from DeterminateSystems/nix-installer-action to nixbuild/nix-quick-install-action -- quicker installer, reduces actions time from ~60 seconds to ~1 seconds.
2. Adds nix-community/cache-nix-action for better caching with garbage collection -- avoids unnecessary rebuilding on subsequent runs, reduces nix image build time from ~6 minutes to <4 minutes.
3. Adds nixpkgs-unstable input to use Terraform 1.11.1
Change-Id: I05d6dfd3f3cf1af48cf8a2d9e61b396bcd2b7191
Signed-off-by: Thomas Kosiewski <tk@coder.com>
Ensure that the version of Playwright installed with the Nix flake is
equal to the one specified in `site/package.json.` -- This assertion
ensures that `pnpm playwright:install` will not attempt to download
newer browser versions not present in the Nix image, fixing the startup
script and reducing the startup time, as `pnpm playwright:install` will
not download or install anything.
We also pre-install the required Playwright web browsers in the dogfood
Dockerfile. This change prevents us from redownloading system
dependencies and Google Chrome each time a workspace starts.
Change-Id: I8cc78e842f7d0b1d2a90a4517a186a03636c5559
Signed-off-by: Thomas Kosiewski <tk@coder.com>
Signed-off-by: Thomas Kosiewski <tk@coder.com>
Add procps to flake.nix and release name to Docker image
Adds the `procps` package to flake.nix to enable the `free` command, and includes a release name file in the Docker image at `/etc/coderniximage-release`.
Change-Id: I85432acc06a204229fa3675e0020bd3acacf775a
Signed-off-by: Thomas Kosiewski <tk@coder.com>
This updates actions/cache to v4.2.0 and adds missing development
dependencies (gawk, gnutar, which, zip, gzip) to the Nix flake.
Change-Id: I1156810c9e02f0cef8e1345a1cbf2b6ba484974a
Signed-off-by: Thomas Kosiewski <tk@coder.com>
Added `gnugrep` to the development shell dependencies, as its a dependency of the bootstrap script for an agent.
Change-Id: Ia56e16a831bb94af2324e33ae5274833d0123d47
Signed-off-by: Thomas Kosiewski <tk@coder.com>
Replace Depot build action with Nix for Nix dogfood image builds
The dogfood Nix image is now built using Nix's native container tooling instead of Depot. This change:
- Adds Nix setup steps to the GitHub Actions workflow
- Removes the Dockerfile.nix in favor of a Nix-native container build
- Updates the flake.nix to support building Docker images
- Introduces a hash file to track Nix-related changes
- Updates the vendorHash for Go dependencies
Change-Id: I4e011fe3a19d9a1375fbfd5223c910e59d66a5d9
Signed-off-by: Thomas Kosiewski <tk@coder.com>
- update `flake.nix`:
- use `devShells.default` instead of `devShell`
- include macOS-specific build inputs
- use the same nodejs version in the default devShell and pnpm frontend build
- update `site/.npmrc` to include tarball URLs for a reproducible Nix build.
Change-Id: I28f0e301298806f251121cc93224740bcc02bcba
Signed-off-by: Thomas Kosiewski <tk@coder.com>
Change-Id: I22dba63d317b41749c807a55e15278006cdcecad
Signed-off-by: Thomas Kosiewski <tk@coder.com>
- Adds neovim and fzf to development tools, removes sapling, and fixes locale issues on Linux systems.
- Updates Dockerfile.nix syntax to use uppercase `AS` to remove warnings.
- Refactored conditional logic for strace inclusion using `lib.optional`.
* chore: bump the x group with 4 updates
Bumps the x group with 4 updates: [golang.org/x/mod](https://github.com/golang/mod), [golang.org/x/oauth2](https://github.com/golang/oauth2), [golang.org/x/sync](https://github.com/golang/sync) and [golang.org/x/sys](https://github.com/golang/sys).
Updates `golang.org/x/mod` from 0.19.0 to 0.20.0
- [Commits](https://github.com/golang/mod/compare/v0.19.0...v0.20.0)
Updates `golang.org/x/oauth2` from 0.21.0 to 0.22.0
- [Commits](https://github.com/golang/oauth2/compare/v0.21.0...v0.22.0)
Updates `golang.org/x/sync` from 0.7.0 to 0.8.0
- [Commits](https://github.com/golang/sync/compare/v0.7.0...v0.8.0)
Updates `golang.org/x/sys` from 0.22.0 to 0.23.0
- [Commits](https://github.com/golang/sys/compare/v0.22.0...v0.23.0)
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: x
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: x
- dependency-name: golang.org/x/sync
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: x
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: x
...
Signed-off-by: dependabot[bot] <support@github.com>
* [dependabot skip] Update Nix Flake SRI Hash
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Thomas Kosiewski