Script fixes:
- Rename write_minimal_default_config to build_minimal_default_config
(no longer writes to disk, emits JSON to stdout).
- Guard corrupted existing config: if dasel cannot parse the
existing TOML, error out and exit instead of silently proceeding.
- Atomic config write: write to a temp file and mv, preventing
data loss if the process is interrupted mid-write.
- Add jq availability check before populate_config_toml, consistent
with how other registry modules handle hard dependencies.
- Normalize blank lines between function definitions.
Test fixes:
- idempotent-mcp-deep-merge: use sed address range to only replace
the github server command, assert filesystem command is still npx.
- workdir-trusted-project: tighten regex to require bracket syntax
instead of matching any line containing the path.
- Rename idempotent-run-twice-no-change to
idempotent-stable-after-roundtrip (test runs 3 times, not 2).
- Remove unnecessary regex escaping of forward slashes.
- Strengthen combination test assertions to check values, not just
key presence.
Replace TOML string concatenation with jq-native JSON building:
- Extract write_minimal_default_config() back as its own function,
now returning JSON on stdout via jq.
- populate_config_toml() assembles all config sources as JSON,
deep-merges with jq, and does a single dasel JSON-to-TOML
conversion at the end.
- Remove merge_toml_config() and all TOML string building.
- Update test assertions to accept either quote style since all
output now goes through dasel.
The idempotent-run-twice-no-change test was calling dasel in a
separate execContainer shell where the PATH export from the install
script is not available. Instead, compare the raw config output
after runs 2 and 3 (both post-roundtrip, so serialization is
stable and byte-comparison is valid).
After a dasel roundtrip, TOML values use single quotes instead of
double quotes. Update the codex-with-ai-gateway and
ai-gateway-with-custom-base-config tests to use regex matching that
accepts either quote style.
Also fix idempotent-run-twice-no-change to read the config file
directly from the container instead of piping TOML strings through
shell echo (which breaks on single quotes).
## Summary
Adds skills as a catalogue resource type in the registry. Each namespace
declares its skill source repos and per-skill presentation metadata in
`registry/<namespace>/skills/README.md`. The registry-server build
pipeline clones source repos, auto-discovers skills, and serves them
with the metadata defined here.
## Catalogue format
The skills README uses structured YAML frontmatter with nested per-skill
metadata:
```yaml
---
icon: ../../../.icons/coder.svg
sources:
- repo: coder/skills@main
skills:
setup:
display_name: Setup & Configuration
icon: ../../../.icons/coder.svg
tags: [coder, deployment, configuration]
---
```
- `icon` (top-level): default icon for skills without a per-skill
override
- `sources[].repo`: GitHub repo to clone (`owner/repo@ref`)
- `sources[].skills`: per-skill overrides for `display_name`,
`description`, `icon`, and `tags`
- Multiple repos per namespace are supported
- Skills not listed in the `skills` map are still discovered with
default metadata
- `name` and `description` always come from the source repo's SKILL.md
unless overridden
## Changes
- `registry/coder/skills/README.md`: Coder namespace pointing to
`coder/skills@main` with per-skill metadata
- `registry/DevelopmentCats/skills/README.md`: Test namespace pointing
to `DevelopmentCats/skills@main` (remove before merge)
- `registry/DevelopmentCats/README.md` + `.images/avatar.svg`: Test
namespace profile (remove before merge)
- `.github/workflows/deploy-registry.yaml`: Added
`registry/**/skills/**` path trigger
- `.github/workflows/release.yml`: Skill/module path detection in tag
extraction
- `.github/workflows/version-bump.yaml`: Added `registry/**/skills/**`
path trigger
- `cmd/readmevalidation/repostructure.go`: Added `skills` to supported
namespace directories
## Related
-
[registry-server#442](https://github.com/coder/registry-server/pull/442):
Build pipeline, API, MCP, frontend, and well-known discovery for skills
- [coder/skills](https://github.com/coder/skills): Coder's official
skills source repo
- [Problem
Document](https://www.notion.so/35dd579be59281a4b657d02174667e4f):
Skills as First-Class Registry Catalogue Items
> 🤖 This PR was updated with the help of Coder Agents.
## Description
Fix git-clone module to fail fast when `pre_clone_script` or
`post_clone_script` returns a non-zero exit code. Previously, both
scripts were executed but their exit codes were never checked — a
failing pre-clone hook (e.g., a prerequisite check that calls `exit 1`)
was silently ignored and cloning continued. This broke the advertised
"validate prerequisites before cloning" behavior and could leave
workspaces starting with unmet preconditions.
## Type of Change
- [ ] New module
- [ ] New template
- [x] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
## Module Information
**Path:** `registry/coder/modules/git-clone`
**New version:** `v1.3.1`
**Breaking change:** [ ] Yes [x] No
## Testing & Validation
- [x] Tests pass (`bun test`)
- [x] Code formatted (`bun fmt`)
- [x] Changes tested locally
## Related Issues
- https://github.com/coder/registry/pull/887#issuecomment-4413765491
- https://github.com/coder/registry/issues/60
- https://github.com/coder/registry/issues/86
## Problem
The module configures Claude Code's permission posture by reaching
around the permission system rather than through it:
- `scripts/install.sh` writes `bypassPermissionsModeAccepted`,
`autoModeAccepted`, and `primaryApiKey` directly into the user-writable
`~/.claude.json`. Any process in the workspace can read the API key or
flip the acceptance flags back.
- `scripts/start.sh` adds `--dangerously-skip-permissions` to every task
launch, even when the template author set an explicit `permission_mode`.
The README has to carry a security warning telling people the module
bypasses permission checks.
- `permission_mode`, `allowed_tools`, and `disallowed_tools` each plumb
through a different ad-hoc path (CLI flag, `coder` subcommand) instead
of a single policy surface.
## Change
Add a `managed_settings` input that renders to
`/etc/claude-code/managed-settings.d/10-coder.json`. Claude Code reads
that drop-in directory at startup with the highest configuration
precedence (above `~/.claude/settings.json` and project settings), so
template authors get an admin-controlled policy file that users inside
the workspace cannot override. The mechanism is a local file read with
no API call, so it works identically for the Anthropic API, AWS Bedrock,
Google Vertex AI, and AI Bridge / AI Gateway.
```hcl
managed_settings = {
permissions = {
defaultMode = "acceptEdits"
disableBypassPermissionsMode = "disable"
deny = ["Bash(curl:*)", "WebFetch"]
}
}
```
Supporting changes:
- `install.sh` writes the policy file (root-owned, 0644) and stops
writing `bypassPermissionsModeAccepted`, `autoModeAccepted`, and
`primaryApiKey` into `~/.claude.json`. The API key is already exported
via `coder_env` as `CLAUDE_API_KEY`; duplicating it on disk is
unnecessary. `hasCompletedOnboarding` stays because there is no env-var
alternative for it.
- `start.sh` only adds `--dangerously-skip-permissions` for tasks when
no explicit `permission_mode` is set (same fix as #846; included here so
this PR is self-contained, happy to drop if #846 lands first).
- `permission_mode`, `allowed_tools`, and `disallowed_tools` are marked
deprecated and shimmed into `managed_settings.permissions` for one
release when `managed_settings` is not provided.
- README security warning rewritten to point at the policy mechanism
instead of telling people the module is unsafe by design.
## Relationship to #861#861 strips this module to install-and-configure and removes
`permission_mode` / `allowed_tools` / `disallowed_tools` outright.
`managed_settings` is the natural replacement for those: it is
install-time (survives the `start.sh` removal), it covers everything the
dropped variables did plus `hooks`, `env`, `model`, `apiKeyHelper`, and
the rest of the settings schema, and it does not require the module to
know anything about how Claude is launched. If #861 lands first I will
rebase this on top and drop the deprecation shim and the `start.sh`
hunk.
## Validation
- `terraform fmt` / `terraform validate` clean
- New tests: `claude-managed-settings-written`,
`claude-managed-settings-legacy-shim`,
`claude-no-policy-keys-in-claudejson`, plus an assertion in
`claude-auto-permission-mode` that `--dangerously-skip-permissions` is
absent when a mode is set
- Manually verified `/etc/claude-code/managed-settings.d/*.json`
precedence in the Claude Code CLI source
Closes#818. Relates to #284, #846, #861.
Disclosure: I work at Anthropic on the Claude Code team. Happy to adjust
scope or split this further if that is easier to review.
---------
Co-authored-by: DevCats <chris@dualriver.com>
Co-authored-by: DevCats <christofer@coder.com>
## Description
Extracts boundary installation and wrapper logic into a standalone
`coder/agent-firewall` module, decoupling it from `agentapi`.
### Why
Boundary is currently embedded inside `agentapi` (`scripts/boundary.sh`)
and duplicated in `claude-code`. This couples network isolation to the
AI/Tasks stack, but boundary is a general-purpose primitive — users
running a plain agent with no agentapi or tasks should be able to use it
too.
### What this adds
`registry/coder/modules/agent-firewall/` — a new first-class module
that:
* Installs boundary via one of three strategies:
1. `coder boundary` subcommand (default, zero-install)
2. Direct binary from release (`use_agent_firewall_directly = true`)
3. Compiled from source (`compile_agent_firewall_from_source = true`)
* Ships a comprehensive [default allowlist
config](registry/coder/modules/agent-firewall/config.yaml.tftpl)
(Anthropic, OpenAI, VCS, package managers, cloud platforms, etc.)
* Auto-fills the Coder deployment domain via
`data.coder_workspace.me.access_url`
* Supports inline config (`agent_firewall_config`) or external file
(`agent_firewall_config_path`), mutually exclusive with cross-variable
validation
* Creates a wrapper script at
`$HOME/.coder-modules/coder/agent-firewall/scripts/agent-firewall-wrapper.sh`
* Strips `CAP_NET_ADMIN` from the coder binary (copies to
`coder-no-caps`) to allow execution inside network namespaces without
`sys_admin`
* Supports `pre_install_script` / `post_install_script` hooks
* Exposes `agent_firewall_wrapper_path`, `agent_firewall_config_path`,
and `scripts` outputs for script coordination
* No env vars exported — everything is output-only
### Usage
```tf
module "agent-firewall" {
source = "registry.coder.com/coder/agent-firewall/coder"
version = "0.0.1"
agent_id = coder_agent.main.id
}
```
Works standalone with any agent — no agentapi dependency required.
### Testing
* 8 Terraform plan tests (`agent-firewall.tftest.hcl`): default outputs,
compile from source, use directly, custom hooks, custom module
directory, inline config, external config path, mutual exclusion
validation
* TypeScript integration tests (`main.test.ts`): state verification,
coder subcommand happy path, inline config, config path skip, custom
hooks, env var absence, wrapper execution, idempotent installation
## Type of Change
- [X] New module
## Module Information
**Path:** `registry/coder/modules/agent-firewall` <br>**New version:**
`v0.0.1` <br>**Breaking change:** No
## Related Issues
Closescoder/registry#844🤖 Generated by Coder Agents
---------
Co-authored-by: Jay Kumar <jay.kumar@coder.com>
Aligns codex module variable names with the claude-code v5 conventions
established in #861 and #879.
- Rename `additional_mcp_servers` to `mcp` to match claude-code's
variable name.
- Change `codex_version` default from `""` to `"latest"` to match
`claude_code_version`.
## Type of Change
- [ ] New module
- [ ] New template
- [x] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
## Module Information
**Path:** `registry/coder-labs/modules/codex`
**Breaking change:** [x] Yes [ ] No
> [!WARNING]
> Breaking change for anyone referencing `additional_mcp_servers` by
name. Since v5.0.0 was released and deleted on the same day (#879), this
should have zero downstream impact.
## Testing & Validation
- [x] Tests pass (`bun test`)
- [x] Code formatted (`bun fmt`)
- [x] Changes tested locally
## Related Issues
- Follow-up to #879
- Filed #886 to track adding `mcp_config_remote_path` support to codex
---
*This PR was authored by Coder Agents.*
## Description
Fixes
[REG-4](https://linear.app/codercom/issue/REG-4/filebrowser-appends-workspace-path-twice-in-url):
the `filebrowser` module opens to a non-existent URL with the workspace
path appended a second time when `subdomain = false` and `agent_name` is
not provided, e.g.:
```
https://<coder-host>/@<owner>/<workspace>/apps/filebrowser/files/@<owner>/<workspace>.<agent>/apps/filebrowser/
```
### Root cause
Coder's frontend always builds path-based app URLs as
`/@<owner>/<workspace>.<agent>/apps/<slug>/` (it always includes
`.<agent_name>`, even for single-agent templates):
https://github.com/coder/coder/blob/main/site/src/modules/apps/apps.ts
```ts
return `${path}/@${workspace.owner_name}/${workspace.name}.${agent.name}/apps/${app.slug}/`;
```
The filebrowser module, however, only includes the agent segment in
`local.server_base_path` (which becomes filebrowser's `--baseURL`) when
the user explicitly passes `agent_name`. The variable description and
the README both said `agent_name` was "only required if the template
uses multiple agents", which is incorrect.
When the URLs disagree, filebrowser's reverse-proxy `stripPrefix` cannot
strip the prefix, the path falls through filebrowser's `/:catchAll(.*)*`
Vue route, and the router redirects to `/files/${catchAll}` — producing
the duplicated path the user reported.
### Fix
- Add a `lifecycle.precondition` on `coder_script.filebrowser` that
fails `terraform apply` with a clear, actionable error when `subdomain =
false` and `agent_name == null`.
- Update the `agent_name` variable description to state it is required
whenever `subdomain` is `false`.
- Update the `README.md` example for the path-based config to call out
the requirement explicitly.
- Bump the module version from `1.1.4` → `1.1.5`.
- Add a TS test covering the new precondition.
This avoids the silent misconfiguration that produces the duplicated
URL, without breaking anyone whose existing template already sets
`agent_name` (or uses `subdomain = true`).
## Type of Change
- [ ] New module
- [ ] New template
- [x] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
## Module Information
**Path:** `registry/coder/modules/filebrowser`
**New version:** `v1.1.5`
**Breaking change:** [ ] Yes [x] No
## Testing & Validation
- [x] `bun test main.test.ts` — 8 pass, 0 fail (includes new
precondition test)
- [x] `terraform fmt -recursive`
- [x] `terraform validate`
- [x] `bun x prettier --check`
- [x] Manually verified the precondition fires with a minimal repro and
passes when `agent_name` is supplied or `subdomain = true`.
## Related Issues
- Linear:
[REG-4](https://linear.app/codercom/issue/REG-4/filebrowser-appends-workspace-path-twice-in-url)
---
Created on behalf of @matifali.
Generated with Blink.
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: DevCats <christofer@coder.com>
## Problem
Claude Code ships an OpenTelemetry exporter for token usage, tool calls,
session lifecycle and errors
(https://docs.anthropic.com/en/docs/claude-code/monitoring-usage), but
the module exposes no first-class wiring for it. Template authors who
want telemetry have to know the env var names
(`CLAUDE_CODE_ENABLE_TELEMETRY`, the `OTEL_EXPORTER_OTLP_*` family) and
write their own `coder_env` blocks. More importantly there is no
convention for how to correlate Claude Code telemetry with Coder's own
audit logs and `exectrace` records, so even when both are exported they
end up as two unjoined datasets.
## Change
Adds a `telemetry` input that turns on `CLAUDE_CODE_ENABLE_TELEMETRY`
and the standard OTLP exporter env vars in one place:
```tf
telemetry = {
enabled = true
otlp_endpoint = "http://otel-collector.observability:4317"
otlp_protocol = "grpc"
otlp_headers = { authorization = "Bearer ..." }
resource_attributes = { "service.name" = "claude-code" }
}
```
When enabled, the module automatically appends `coder.workspace_id`,
`coder.workspace_name`, `coder.workspace_owner` and
`coder.template_name` to `OTEL_RESOURCE_ATTRIBUTES`. This gives a stable
join key between Claude Code spans/metrics and Coder's audit log and
exectrace events on `workspace_id`, so a platform team can answer "show
me every shell command Claude executed in workspace X alongside the
token spend for that session" without custom plumbing.
This is purely additive (`coder_env` resources behind `count`), defaults
to disabled, and is independent of how Claude is launched, so it
composes cleanly with the install-only direction in #861.
## Validation
- `terraform fmt`, `terraform validate`, `terraform test` (19/19) pass
- `bun test -t telemetry` (2/2) pass: env vars are set with the expected
values when enabled, and absent when the input is omitted
Disclosure: I work at Anthropic on the Claude Code team.
---------
Co-authored-by: DevCats <chris@dualriver.com>
Co-authored-by: Atif Ali <me@matifali.dev>
## Summary
Derives `coder-utils` script names from `module_directory` instead of a
separate `agent_name` input. The `module_directory` already encodes both
the namespace and the module name, so carrying both is redundant and
error-prone. Callers like `claude-code` no longer need to pass
`agent_name`.
Scripts this module materializes lose the `${agent_name}-utils-` prefix
because `module_directory` already namespaces them per-caller.
We will address multiple instances of coder-utils per caller in a future
iteration if needed.
## Versioning Note
Previous tags (`v1.0.0` through `v1.3.0`) have been deleted because no
published module ever consumed them — the module was effectively
unreleased. This PR ships the first real public version as **`v0.0.1`**,
treating it as a fresh start rather than a breaking bump from a version
that was never in production use.
## Changes
- Remove `agent_name` variable.
- Derive `caller_name = "${namespace}-${module_name}"` from
`module_directory`.
- Validate `module_directory` matches
`$HOME/.coder-modules/<namespace>/<module-name>`.
- Rename script files on disk from `${agent_name}-utils-<phase>.sh` to
plain `<phase>.sh`.
- Add a TS test for the `module_directory` validation.
- Ship as `v0.0.1` (first published version; all prior tags removed).
## Breaking Changes
| Before | After |
|---|---|
| `agent_name = "myagent"` | removed (derived from `module_directory`) |
| `module_directory = ".my-module"` | `module_directory =
"$HOME/.coder-modules/<ns>/<name>"` (validated) |
| Script files `${agent_name}-utils-install.sh` | `install.sh` |
| Script sync names `${agent_name}-install_script` |
`${namespace}-${module_name}-install_script` |
No callers were depending on the old format (prior tags were
unpublished).
## Validation
- `terraform fmt -recursive` clean
- `terraform validate` clean
- `terraform test` → 17/17 pass
- `bun test registry/coder/modules/coder-utils` → 5/5 pass
- `prettier --check` clean
## Consumer
coder/registry#861 (`claude-code`) consumes this and is currently pinned
to the commit SHA until this merges and ships as `v0.0.1`.
> 🤖 This PR was created with the help of Coder Agents, and needs a human
review. 🧑💻
## Summary
Move script files from the flat `${module_directory}` to a `scripts/`
subdirectory, and prefix each script's filename with
`${agent_name}-utils-` so multiple `coder-utils` instances can safely
share a `module_directory`. Mirrors the layout #870 established for
`logs/` and aligns with the Module Data Layout standard in `AGENTS.md`
(#869).
## Changes
- Compute `local.scripts_directory = "${var.module_directory}/scripts"`
and use it for every `*.sh` path.
- Script filenames are now
`${agent_name}-utils-{pre_install,install,post_install,start}.sh` so two
`coder-utils` instances don't collide on disk.
- Pre-install and install `coder_script`s `mkdir -p` the `scripts/`
sub-path before writing their `.sh`; post-install and start sync-depend
on install, so the directory already exists by the time they run.
- Update the `module_directory` description to call out the nested
`scripts/` and `logs/` paths.
- Add `test_scripts_nested_under_module_directory` asserting the new
paths (including the `${agent_name}-utils-` prefix) and the `mkdir -p`
in each script.
- README: add a "Script file locations" section documenting the new
layout.
- Bump module version to `v1.3.0`.
## Breaking Changes
Consumers reading `${module_directory}/install.sh` (and friends)
directly must look under
`${module_directory}/scripts/${agent_name}-utils-install.sh` instead. No
in-repo consumers exist today.
## Validation
- `terraform fmt -recursive` clean
- `terraform validate` clean
- `terraform test` → 16/16 pass (includes the new
`test_scripts_nested_under_module_directory`)
- `bun test main.test.ts` → 5/5 pass
- `prettier --check` clean
> 🤖 This PR was created with the help of Coder Agents, and needs a human
review. 🧑💻
Fixes#835
## Problem
The `data "http"` resource always fires for every selected IDE, even
when the user has pinned versions via `ide_config`. In air-gapped or
caching scenarios, this causes:
- **30-second hangs** when `releases_base_link` is set to a dummy URL
like `https://localhost`
- **Fatal errors** with `https://localhost:1` (connection refused)
- The documented "air-gapped fallback" via `try()` never actually worked
— the `http` data source fails before `try()` can catch anything
## Fix
When `ide_config` is provided, the module now skips all HTTP calls and
uses the pinned build numbers directly.
| Scenario | `ide_config` | HTTP calls | Build source | On API failure |
|---|---|---|---|---|
| User wants latest | `null` (default) | Yes | JetBrains API | Terraform
error (fail loudly) |
| User pins versions | Set | **None** | `ide_config.build` | N/A |
### Changes
- `ide_config` default changed from a full map to `null`
- `name` and `icon` are now `optional(string)` in `ide_config` — falls
back to built-in metadata
- `data.http.jetbrains_ide_versions` `for_each` is empty when
`ide_config` is set
- Static `ide_metadata` local provides name/icon when `ide_config` is
null
- Removed `try()` fallback from `parsed_responses` — API errors are now
explicit instead of silently using stale builds
- Cross-variable validation rejects `major_version`, `channel`, and
`releases_base_link` when `ide_config` is set
- Validation for `ide_config ⊇ default` added (previously only
`ide_config ⊇ options` was checked)
- Version bumped `1.3.1` → `1.4.0`
### Usage
```tf
module "jetbrains" {
source = "registry.coder.com/coder/jetbrains/coder"
version = "1.4.0"
agent_id = coder_agent.main.id
folder = "/home/coder/project"
# Zero HTTP calls — only build is required.
ide_config = {
"GO" = { build = "261.22158.291" }
"PY" = { build = "261.22158.340" }
}
options = ["GO", "PY"]
}
```
> 🤖 This PR was created with the help of Coder Agents, and needs a human
review. 🧑💻
## Summary
- Add `auto` as a valid `permission_mode` for the claude-code module,
passing `--enable-auto-mode` to the CLI when selected
- Fix bypass permissions TOS prompt appearing interactively by
pre-seeding `bypassPermissionsModeAccepted` in `~/.claude.json` during
install (workaround for
https://github.com/anthropics/claude-code/issues/25503)
- Bump version `4.8.2` → `4.9.0`
## Test plan
- [x] All 19 terraform tests pass (`terraform test -verbose`)
- [x] Added `test_claude_code_auto_permission_mode` tftest
- [x] Added `claude-auto-permission-mode` TypeScript test verifying both
`--permission-mode auto` and `--enable-auto-mode` are passed
- [ ] Container test with auto mode (requires Linux/Colima)
- [ ] Verify bypass permissions TOS prompt no longer appears on task
startup
🤖 Generated with Claude Code using Claude Opus 4.6
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: DevCats <christofer@coder.com>
The `copilot_model` variable was restricted to a hardcoded enum of three
models (`claude-sonnet-4`, `claude-sonnet-4.5`, `gpt-5`). Models change
fast and this validation was blocking users from using newer models.
## Changes
- Remove `validation` block from `copilot_model` variable in `main.tf`
- Update variable description to indicate any Copilot-supported model
can be used
- Replace enum validation test with a test that verifies arbitrary model
strings are accepted
- Bump module version to `0.4.1` in README examples
Closes#832
> 🤖 This PR was created with the help of Coder Agents, and needs a human
review. 🧑💻
35C4n0r
