mirror of
https://github.com/coder/registry.git
synced 2026-06-02 20:48:14 +00:00
main
537 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 dependabot[bot]
|
358ca6804b |
chore(deps): bump crate-ci/typos from 1.46.3 to 1.47.0 in the github-actions group (#906)
Signed-off-by: dependabot[bot] <support@github.com> |
||
|
35C4n0r
|
94203b2c8b |
fix(coder/modules/dotfiles): allow tilde in DOTFILES_URI shell validation (#904)
Fixes https://github.com/coder/registry/issues/762 ## Problem The shell-side URI validation regex in `run.sh` did not include `~` in the allowed character set. URLs containing tilde paths (common in Bitbucket Server personal repositories, e.g. `ssh://git@bitbucket.example.org:7999/~user/repo.git`) were rejected at runtime with `ERROR: DOTFILES_URI contains invalid characters`. The Terraform-side validations in `main.tf` already allowed `~`, so the inconsistency only surfaced when the script actually ran in a workspace. ## Changes - **`run.sh`**: Added `~` to the character class in the shell validation regex, making it consistent with the three Terraform regex patterns in `main.tf`. - **`main.test.ts`**: The "accepts valid git URL formats" test now also executes the rendered shell script and asserts that the shell-side validation does not reject any of the valid URLs. This closes the coverage gap that let the Terraform/shell inconsistency go undetected. > 🤖 Generated by Coder Agents --------- Authored-by: Jay Kumar <jay.kumar@coder.com>release/coder/dotfiles/v1.4.2 |
||
|
35C4n0r
|
f5d7895275 |
docs(coder/modules/git-clone): fix placeholder in troubleshooting path (#902)
## Description
Fix the troubleshooting section placeholder from `<instance>` to
`<folder_name>` to match the actual path component used in `module_dir`
(`${local.folder_name}`).
## Type of Change
- [x] Documentation
## Module Information
**Path:** `registry/coder/modules/git-clone`
Follow-up to #893.
> 🤖 Generated with [Coder Agents](https://coder.com)
Co-authored-by: Jay Kumar <jay.kumar@coder.com>
release/coder/git-clone/v2.0.1
|
||
|
35C4n0r
|
76c7371ed9 |
feat(coder/modules/git-clone): add support for extra_args and drop depth (#893)
## Description - add support for extra_args and drop depth ## Type of Change - [ ] New module - [ ] New template - [ ] Bug fix - [x] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information <!-- Delete this section if not applicable --> **Path:** `registry/coder/modules/git-clone` **New version:** `v2.0.0` **Breaking change:** [x] Yes [ ] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues Closes #74 --------- Co-authored-by: Atif Ali <atif@coder.com> Co-authored-by: Jay Kumar <jay.kumar@coder.com>release/coder/git-clone/v2.0.0 |
||
|
DevCats
|
139fadb975 |
feat(registry/coder/skills): register modules and templates skills (#901)
## Summary Adds two new catalogue entries to `registry/coder/skills/README.md`: - `coder/modules` with `coder-modules.svg` - `coder/templates` with `coder-templates.svg` Both pull from `coder/skills@main` alongside the existing `setup` skill. Tag sets are scoped so the registry-server filter facets pick them up (`[coder, terraform, modules]` and `[coder, terraform, templates]`). ## Verified locally ``` go run ./cmd/readmevalidation processing skills README files num_files=1 processed all skills README files num_files=1 ``` No other validator output changed (23 contributor profiles, 79 modules, 33 templates still parse cleanly). ## Source repo content The skill content (SKILL.md plus per-skill metadata) lives in coder/skills#2. Until that PR merges, this catalogue change is effectively a no-op: the registry-server build pipeline iterates over skills it discovers in the source repo, and looks up catalogue overrides per skill. Catalogue entries for skills that do not yet exist in the source repo are silently ignored. That means these two PRs can land in either order without breaking anything. Both have to be merged before the new skills appear on registry.coder.com. ## Related - coder/skills#2 (source repo content for `modules` and `templates`) - coder/registry-server#442 (build pipeline, API, MCP, frontend) - coder/registry#884 (catalogue format) This PR was created with help from Coder Agents. |
||
|
dependabot[bot]
|
e873e43d6b |
chore(deps): bump the github-actions group with 3 updates (#900)
Signed-off-by: dependabot[bot] <support@github.com> |
||
|
DevCats
|
20051c7089 |
feat: add skills as namespace-level catalogue entries with external source repos (#884)
## Summary
Adds skills as a catalogue resource type in the registry. Each namespace
declares its skill source repos and per-skill presentation metadata in
`registry/<namespace>/skills/README.md`. The registry-server build
pipeline clones source repos, auto-discovers skills, and serves them
with the metadata defined here.
## Catalogue format
The skills README uses structured YAML frontmatter with nested per-skill
metadata:
```yaml
---
icon: ../../../.icons/coder.svg
sources:
- repo: coder/skills@main
skills:
setup:
display_name: Setup & Configuration
icon: ../../../.icons/coder.svg
tags: [coder, deployment, configuration]
---
```
- `icon` (top-level): default icon for skills without a per-skill
override
- `sources[].repo`: GitHub repo to clone (`owner/repo@ref`)
- `sources[].skills`: per-skill overrides for `display_name`,
`description`, `icon`, and `tags`
- Multiple repos per namespace are supported
- Skills not listed in the `skills` map are still discovered with
default metadata
- `name` and `description` always come from the source repo's SKILL.md
unless overridden
## Changes
- `registry/coder/skills/README.md`: Coder namespace pointing to
`coder/skills@main` with per-skill metadata
- `registry/DevelopmentCats/skills/README.md`: Test namespace pointing
to `DevelopmentCats/skills@main` (remove before merge)
- `registry/DevelopmentCats/README.md` + `.images/avatar.svg`: Test
namespace profile (remove before merge)
- `.github/workflows/deploy-registry.yaml`: Added
`registry/**/skills/**` path trigger
- `.github/workflows/release.yml`: Skill/module path detection in tag
extraction
- `.github/workflows/version-bump.yaml`: Added `registry/**/skills/**`
path trigger
- `cmd/readmevalidation/repostructure.go`: Added `skills` to supported
namespace directories
## Related
-
[registry-server#442](https://github.com/coder/registry-server/pull/442):
Build pipeline, API, MCP, frontend, and well-known discovery for skills
- [coder/skills](https://github.com/coder/skills): Coder's official
skills source repo
- [Problem
Document](https://www.notion.so/35dd579be59281a4b657d02174667e4f):
Skills as First-Class Registry Catalogue Items
> 🤖 This PR was updated with the help of Coder Agents.
|
||
|
Ben Potter
|
1601ab3e8b | feat(.icons): add Lucide SVG icons for skill cards (#880) | ||
|
dependabot[bot]
|
f9802456ce |
chore(deps): bump the github-actions group across 1 directory with 3 updates (#892)
Bumps the github-actions group with 3 updates in the / directory: [coder/coder](https://github.com/coder/coder), [crate-ci/typos](https://github.com/crate-ci/typos) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action). Updates `coder/coder` from 2.32.0 to 2.33.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/coder/coder/releases">coder/coder's releases</a>.</em></p> <blockquote> <h2>v2.33.3</h2> <h2>Changelog</h2> <blockquote> <p>[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our <a href="https://github.com/coder/coder/releases/latest">latest stable release</a> while we refine this version. Learn more about our <a href="https://coder.com/docs/install/releases">Release Schedule</a>.</p> </blockquote> <h3>Bug fixes</h3> <ul> <li>Upgrade Go toolchain from 1.25.9 to 1.25.10 (<a href="https://redirect.github.com/coder/coder/issues/25230">#25230</a>, e5a96f3608)</li> <li>Cherry-pick go-git v5.19.0 (CVE-2026-45022) (<a href="https://redirect.github.com/coder/coder/issues/25229">#25229</a>, 4e4e23539e)</li> <li>Dashboard: Show Organizations in admin dropdown for single-org OSS deployments (<a href="https://redirect.github.com/coder/coder/issues/25175">#25175</a>, bbca430b4c)</li> <li>fix(scripts/ironbank): update base image to UBI9 and remove urllib3 (CVE-2026-44431) (<a href="https://redirect.github.com/coder/coder/issues/25247">#25247</a>, 818fc72802)</li> <li>Server: Harden Azure identity certificate fetch (cherry-pick v2.33) (<a href="https://redirect.github.com/coder/coder/issues/25276">#25276</a>, 844c1e0467)</li> <li>Verify PKCS7 signature on Azure instance identity tokens (2.33 cherry-pick) (<a href="https://redirect.github.com/coder/coder/issues/25302">#25302</a>, 2b778f292c)</li> </ul> <p>Compare: <a href="https://github.com/coder/coder/compare/v2.33.2...v2.33.3"><code>v2.33.2...v2.33.3</code></a></p> <h2>Container image</h2> <ul> <li><code>docker pull ghcr.io/coder/coder:2.33.3</code></li> </ul> <h2>Install/upgrade</h2> <p>Refer to our docs to <a href="https://coder.com/docs/install">install</a> or <a href="https://coder.com/docs/install/upgrade">upgrade</a> Coder, or use a release asset below.</p> <h2>v2.33.2</h2> <h2>Changelog</h2> <blockquote> <p>[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our <a href="https://github.com/coder/coder/releases/latest">latest stable release</a> while we refine this version. Learn more about our <a href="https://coder.com/docs/install/releases">Release Schedule</a>.</p> </blockquote> <h3>Bug fixes</h3> <ul> <li>Backport 11 Coder Agents docs PRs to release/2.33 (<a href="https://redirect.github.com/coder/coder/issues/25047">#25047</a>, d622e86fa0)</li> </ul> <p>Compare: <a href="https://github.com/coder/coder/compare/v2.33.1...v2.33.2"><code>v2.33.1...v2.33.2</code></a></p> <h2>Container image</h2> <ul> <li><code>docker pull ghcr.io/coder/coder:2.33.2</code></li> </ul> <h2>Install/upgrade</h2> <p>Refer to our docs to <a href="https://coder.com/docs/install">install</a> or <a href="https://coder.com/docs/install/upgrade">upgrade</a> Coder, or use a release asset below.</p> <h2>v2.33.1</h2> <h2>Changelog</h2> <blockquote> <p>[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our <a href="https://github.com/coder/coder/releases/latest">latest stable release</a> while we refine this version. Learn more about our <a href="https://coder.com/docs/install/releases">Release Schedule</a>.</p> </blockquote> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/coder/coder/commit/2b778f292c2ddf8ac261683d0d5d8a18da1512f6"><code>2b778f2</code></a> fix: verify PKCS7 signature on Azure instance identity tokens (2.33 cherry-pi...</li> <li><a href="https://github.com/coder/coder/commit/844c1e0467f3124691523dbc0717c88539ea2fb4"><code>844c1e0</code></a> fix(coderd): harden Azure identity certificate fetch (cherry-pick v2.33) (<a href="https://redirect.github.com/coder/coder/issues/25">#25</a>...</li> <li><a href="https://github.com/coder/coder/commit/818fc72802e72e30230ec8b13bd8e47d01454764"><code>818fc72</code></a> fix(scripts/ironbank): update base image to UBI9 and remove urllib3 (CVE-2026...</li> <li><a href="https://github.com/coder/coder/commit/bbca430b4cbfd8434113c595c62ea1b613c1b38c"><code>bbca430</code></a> fix(site): show Organizations in admin dropdown for single-org OSS deployment...</li> <li><a href="https://github.com/coder/coder/commit/4e4e23539e78c95b13e50ab66e4ccaeb5241a5fd"><code>4e4e235</code></a> fix: cherry-pick go-git v5.19.0 (CVE-2026-45022) (<a href="https://redirect.github.com/coder/coder/issues/25229">#25229</a>)</li> <li><a href="https://github.com/coder/coder/commit/e5a96f3608ee45dfdaba3e6205fe6cd15e3c32d1"><code>e5a96f3</code></a> fix: upgrade Go toolchain from 1.25.9 to 1.25.10 (<a href="https://redirect.github.com/coder/coder/issues/25230">#25230</a>)</li> <li><a href="https://github.com/coder/coder/commit/d622e86fa0b3a9c5d3014480e926217ebed20a43"><code>d622e86</code></a> fix: backport 11 Coder Agents docs PRs to release/2.33 (<a href="https://redirect.github.com/coder/coder/issues/25047">#25047</a>)</li> <li><a href="https://github.com/coder/coder/commit/3e34ba7bf029394b642bced1428af2d94a99f55a"><code>3e34ba7</code></a> chore: remove agents experiment flag and mark feature as beta (<a href="https://redirect.github.com/coder/coder/issues/24432">#24432</a>) (<a href="https://redirect.github.com/coder/coder/issues/25003">#25003</a>)</li> <li><a href="https://github.com/coder/coder/commit/f009c17217e6bad9a61ba511d23735bc1ce94da0"><code>f009c17</code></a> fix(coderd): cut DB fan-out on agent instance-identity auth (backport <a href="https://redirect.github.com/coder/coder/issues/24973">#24973</a>)...</li> <li><a href="https://github.com/coder/coder/commit/17635dde5c99612b4aaf80970d49a116ed3fa29c"><code>17635dd</code></a> chore: include pgcoordinator schema changes in 2.33 (<a href="https://redirect.github.com/coder/coder/issues/24931">#24931</a>)</li> <li>Additional commits viewable in <a href="https://github.com/coder/coder/compare/34584e909bbe6f501fb2cbdc994325b4d3f9e2ef...2b778f292c2ddf8ac261683d0d5d8a18da1512f6">compare view</a></li> </ul> </details> <br /> Updates `crate-ci/typos` from 1.45.1 to 1.46.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/crate-ci/typos/releases">crate-ci/typos's releases</a>.</em></p> <blockquote> <h2>v1.46.2</h2> <h2>[1.46.2] - 2026-05-16</h2> <h3>Fixes</h3> <ul> <li>Don't correct to <code>criterias</code></li> <li>Don't correct to <code>replaceables</code></li> </ul> <h2>v1.46.1</h2> <h2>[1.46.1] - 2026-05-08</h2> <h3>Fixes</h3> <ul> <li>Don't correct to <code>confidentials</code></li> </ul> <h2>v1.46.0</h2> <h2>[1.46.0] - 2026-04-30</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1531">April 2026</a> changes</li> </ul> <h2>v1.45.2</h2> <h2>[1.45.2] - 2026-04-27</h2> <h3>Fixes</h3> <ul> <li>Ignore ssh ed25519 public keys</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's changelog</a>.</em></p> <blockquote> <h1>Change Log</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="https://keepachangelog.com/">Keep a Changelog</a> and this project adheres to <a href="https://semver.org/">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <h2>[Unreleased] - ReleaseDate</h2> <h2>[1.46.2] - 2026-05-16</h2> <h3>Fixes</h3> <ul> <li>Don't correct to <code>criterias</code></li> <li>Don't correct to <code>replaceables</code></li> </ul> <h2>[1.46.1] - 2026-05-08</h2> <h3>Fixes</h3> <ul> <li>Don't correct to <code>confidentials</code></li> </ul> <h2>[1.46.0] - 2026-04-30</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1531">April 2026</a> changes</li> </ul> <h2>[1.45.2] - 2026-04-27</h2> <h3>Fixes</h3> <ul> <li>Ignore ssh ed25519 public keys</li> </ul> <h2>[1.45.1] - 2026-04-13</h2> <h3>Fixes</h3> <ul> <li><em>(action)</em> Use a temp dir for caching</li> </ul> <h2>[1.45.0] - 2026-04-01</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1509">March 2026</a> changes</li> </ul> <h2>[1.44.0] - 2026-02-27</h2> <h3>Features</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/crate-ci/typos/commit/aca895bf05aec0cb7dffa6f94495e923224d9f17"><code>aca895b</code></a> chore: Release</li> <li><a href="https://github.com/crate-ci/typos/commit/4dbdd7509d345c6a2abf73bb722a2ae0126eec72"><code>4dbdd75</code></a> docs: Update changelog</li> <li><a href="https://github.com/crate-ci/typos/commit/3da287673172dece00f174b38faa763e7cb294dc"><code>3da2876</code></a> Merge pull request <a href="https://redirect.github.com/crate-ci/typos/issues/1556">#1556</a> from epage/replaceable</li> <li><a href="https://github.com/crate-ci/typos/commit/8918680477461d6cb133f4565eaa70f8237e27ae"><code>8918680</code></a> fix(dict): Don't correct to replaceables</li> <li><a href="https://github.com/crate-ci/typos/commit/57d5422e87c3d28c9b9a61785ac5e8e0fcaae205"><code>57d5422</code></a> Merge pull request <a href="https://redirect.github.com/crate-ci/typos/issues/1555">#1555</a> from epage/criteria</li> <li><a href="https://github.com/crate-ci/typos/commit/f54668abd732ae8ade4a7cd837c9d3c798361ca6"><code>f54668a</code></a> fix(dict): Don't correct to criterias</li> <li><a href="https://github.com/crate-ci/typos/commit/5374cbf686e897b15713110e233094e2874de7ef"><code>5374cbf</code></a> chore: Release</li> <li><a href="https://github.com/crate-ci/typos/commit/52448f5ecf85209e284e8db1c77dd4885885068a"><code>52448f5</code></a> docs: Update changelog</li> <li><a href="https://github.com/crate-ci/typos/commit/030c719ff1afe2ff0f85b84d4f99b7a9a57c3b29"><code>030c719</code></a> Merge pull request <a href="https://redirect.github.com/crate-ci/typos/issues/1552">#1552</a> from epage/fixes</li> <li><a href="https://github.com/crate-ci/typos/commit/7a688c7c08aaa1aa67686848eac4cdd7cb3bb1d2"><code>7a688c7</code></a> fix(dict): Confidentials isn't valid</li> <li>Additional commits viewable in <a href="https://github.com/crate-ci/typos/compare/cf5f1c29a8ac336af8568821ec41919923b05a83...aca895bf05aec0cb7dffa6f94495e923224d9f17">compare view</a></li> </ul> </details> <br /> Updates `zizmorcore/zizmor-action` from 0.5.3 to 0.5.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/zizmorcore/zizmor-action/releases">zizmorcore/zizmor-action's releases</a>.</em></p> <blockquote> <h2>v0.5.6</h2> <ul> <li>1.25.2 is now available via the action</li> <li>1.25.2 is now the default version of zizmor used by the action</li> </ul> <h2>v0.5.5</h2> <p>This is a no-op release.</p> <h2>v0.5.4</h2> <ul> <li>1.25.0 is now available via the action</li> <li>1.25.0 is now the default version of zizmor used by the action</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/5f14fd08f7cf1cb1609c1e344975f152c7ee938d"><code>5f14fd0</code></a> Sync zizmor versions (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/114">#114</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/a16621b09c6db4281f81a93cb393b05dcd7b7165"><code>a16621b</code></a> Bump pins in README (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/112">#112</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/1c03e047a3633631b1e5648c48243045b1de0d25"><code>1c03e04</code></a> chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 in the github-ac...</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/b572f7b1a1c2d41efaab43d504f68d215c3cd727"><code>b572f7b</code></a> Sync zizmor versions (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/111">#111</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/06928c5dcba418c7d6108a4bd6e2d34cbf3c9377"><code>06928c5</code></a> chore(deps): bump github/codeql-action in the github-actions group (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/109">#109</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/5ea8b96e1078453e04a1b81443890d9e7da5ddf3"><code>5ea8b96</code></a> docs: Update link to GitHub docs (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/108">#108</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/849ac260951adeb7c02481da6c7e749b39f4ea6d"><code>849ac26</code></a> chore(deps): bump the github-actions group with 2 updates (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/106">#106</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/814f9778aceea8641503a8cd8f0cffebc55d790c"><code>814f977</code></a> Bump pins in README (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/103">#103</a>)</li> <li>See full diff in <a href="https://github.com/zizmorcore/zizmor-action/compare/b1d7e1fb5de872772f31590499237e7cce841e8e...5f14fd08f7cf1cb1609c1e344975f152c7ee938d">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
ikkz
|
ee219a8b17 |
fix(git-clone): propagate pre/post-clone script failures (#891)
## Description Fix git-clone module to fail fast when `pre_clone_script` or `post_clone_script` returns a non-zero exit code. Previously, both scripts were executed but their exit codes were never checked — a failing pre-clone hook (e.g., a prerequisite check that calls `exit 1`) was silently ignored and cloning continued. This broke the advertised "validate prerequisites before cloning" behavior and could leave workspaces starting with unmet preconditions. ## Type of Change - [ ] New module - [ ] New template - [x] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information **Path:** `registry/coder/modules/git-clone` **New version:** `v1.3.1` **Breaking change:** [ ] Yes [x] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues - https://github.com/coder/registry/pull/887#issuecomment-4413765491 - https://github.com/coder/registry/issues/60 - https://github.com/coder/registry/issues/86 |
||
|
Morgan Lunt
|
4ca251f448 |
feat(claude-code): add managed_settings input for policy delivery via /etc/claude-code (#863)
## Problem
The module configures Claude Code's permission posture by reaching
around the permission system rather than through it:
- `scripts/install.sh` writes `bypassPermissionsModeAccepted`,
`autoModeAccepted`, and `primaryApiKey` directly into the user-writable
`~/.claude.json`. Any process in the workspace can read the API key or
flip the acceptance flags back.
- `scripts/start.sh` adds `--dangerously-skip-permissions` to every task
launch, even when the template author set an explicit `permission_mode`.
The README has to carry a security warning telling people the module
bypasses permission checks.
- `permission_mode`, `allowed_tools`, and `disallowed_tools` each plumb
through a different ad-hoc path (CLI flag, `coder` subcommand) instead
of a single policy surface.
## Change
Add a `managed_settings` input that renders to
`/etc/claude-code/managed-settings.d/10-coder.json`. Claude Code reads
that drop-in directory at startup with the highest configuration
precedence (above `~/.claude/settings.json` and project settings), so
template authors get an admin-controlled policy file that users inside
the workspace cannot override. The mechanism is a local file read with
no API call, so it works identically for the Anthropic API, AWS Bedrock,
Google Vertex AI, and AI Bridge / AI Gateway.
```hcl
managed_settings = {
permissions = {
defaultMode = "acceptEdits"
disableBypassPermissionsMode = "disable"
deny = ["Bash(curl:*)", "WebFetch"]
}
}
```
Supporting changes:
- `install.sh` writes the policy file (root-owned, 0644) and stops
writing `bypassPermissionsModeAccepted`, `autoModeAccepted`, and
`primaryApiKey` into `~/.claude.json`. The API key is already exported
via `coder_env` as `CLAUDE_API_KEY`; duplicating it on disk is
unnecessary. `hasCompletedOnboarding` stays because there is no env-var
alternative for it.
- `start.sh` only adds `--dangerously-skip-permissions` for tasks when
no explicit `permission_mode` is set (same fix as #846; included here so
this PR is self-contained, happy to drop if #846 lands first).
- `permission_mode`, `allowed_tools`, and `disallowed_tools` are marked
deprecated and shimmed into `managed_settings.permissions` for one
release when `managed_settings` is not provided.
- README security warning rewritten to point at the policy mechanism
instead of telling people the module is unsafe by design.
## Relationship to #861
#861 strips this module to install-and-configure and removes
`permission_mode` / `allowed_tools` / `disallowed_tools` outright.
`managed_settings` is the natural replacement for those: it is
install-time (survives the `start.sh` removal), it covers everything the
dropped variables did plus `hooks`, `env`, `model`, `apiKeyHelper`, and
the rest of the settings schema, and it does not require the module to
know anything about how Claude is launched. If #861 lands first I will
rebase this on top and drop the deprecation shim and the `start.sh`
hunk.
## Validation
- `terraform fmt` / `terraform validate` clean
- New tests: `claude-managed-settings-written`,
`claude-managed-settings-legacy-shim`,
`claude-no-policy-keys-in-claudejson`, plus an assertion in
`claude-auto-permission-mode` that `--dangerously-skip-permissions` is
absent when a mode is set
- Manually verified `/etc/claude-code/managed-settings.d/*.json`
precedence in the Claude Code CLI source
Closes #818. Relates to #284, #846, #861.
Disclosure: I work at Anthropic on the Claude Code team. Happy to adjust
scope or split this further if that is easier to review.
---------
Co-authored-by: DevCats <chris@dualriver.com>
Co-authored-by: DevCats <christofer@coder.com>
release/coder/claude-code/v5.2.0
|
||
|
35C4n0r
|
99510a1f75 |
feat(coder/modules/boundary): add agent-firewall module (#840)
## Description
Extracts boundary installation and wrapper logic into a standalone
`coder/agent-firewall` module, decoupling it from `agentapi`.
### Why
Boundary is currently embedded inside `agentapi` (`scripts/boundary.sh`)
and duplicated in `claude-code`. This couples network isolation to the
AI/Tasks stack, but boundary is a general-purpose primitive — users
running a plain agent with no agentapi or tasks should be able to use it
too.
### What this adds
`registry/coder/modules/agent-firewall/` — a new first-class module
that:
* Installs boundary via one of three strategies:
1. `coder boundary` subcommand (default, zero-install)
2. Direct binary from release (`use_agent_firewall_directly = true`)
3. Compiled from source (`compile_agent_firewall_from_source = true`)
* Ships a comprehensive [default allowlist
config](registry/coder/modules/agent-firewall/config.yaml.tftpl)
(Anthropic, OpenAI, VCS, package managers, cloud platforms, etc.)
* Auto-fills the Coder deployment domain via
`data.coder_workspace.me.access_url`
* Supports inline config (`agent_firewall_config`) or external file
(`agent_firewall_config_path`), mutually exclusive with cross-variable
validation
* Creates a wrapper script at
`$HOME/.coder-modules/coder/agent-firewall/scripts/agent-firewall-wrapper.sh`
* Strips `CAP_NET_ADMIN` from the coder binary (copies to
`coder-no-caps`) to allow execution inside network namespaces without
`sys_admin`
* Supports `pre_install_script` / `post_install_script` hooks
* Exposes `agent_firewall_wrapper_path`, `agent_firewall_config_path`,
and `scripts` outputs for script coordination
* No env vars exported — everything is output-only
### Usage
```tf
module "agent-firewall" {
source = "registry.coder.com/coder/agent-firewall/coder"
version = "0.0.1"
agent_id = coder_agent.main.id
}
```
Works standalone with any agent — no agentapi dependency required.
### Testing
* 8 Terraform plan tests (`agent-firewall.tftest.hcl`): default outputs,
compile from source, use directly, custom hooks, custom module
directory, inline config, external config path, mutual exclusion
validation
* TypeScript integration tests (`main.test.ts`): state verification,
coder subcommand happy path, inline config, config path skip, custom
hooks, env var absence, wrapper execution, idempotent installation
## Type of Change
- [X] New module
## Module Information
**Path:** `registry/coder/modules/agent-firewall` <br>**New version:**
`v0.0.1` <br>**Breaking change:** No
## Related Issues
Closes coder/registry#844
🤖 Generated by Coder Agents
---------
Co-authored-by: Jay Kumar <jay.kumar@coder.com>
release/coder/agent-firewall/v0.0.1
|
||
|
ikkz
|
297b07190f |
feat(git-clone): add pre_clone_script parameter (#887)
## Summary
Add `pre_clone_script` parameter to the git-clone module, allowing users
to run custom scripts before cloning a repository.
## Use Case
This solves SSH host key verification issues (e.g., "Host key
verification failed") by enabling users to configure SSH settings before
the clone operation, such as adding known hosts or setting
`StrictHostKeyChecking no`.
```tf
module "git-clone" {
count = data.coder_workspace.me.start_count
source = "registry.coder.com/coder/git-clone/coder"
version = "1.3.0"
agent_id = coder_agent.example.id
url = "git@github.com:org/repo.git"
pre_clone_script = <<-EOT
#!/bin/bash
mkdir -p ~/.ssh
echo -e "Host github.com\n StrictHostKeyChecking no\n" > ~/.ssh/config
chmod 600 ~/.ssh/config
EOT
}
```
Ref:
https://discord.com/channels/747933592273027093/1447777180695396452/1447777180695396452
## Type of Change
- [ ] New module
- [ ] New template
- [ ] Bug fix
- [x] Feature/enhancement
- [ ] Documentation
- [ ] Other
## Module Information
**Path:** `registry/coder/modules/git-clone`
**New version:** `v1.3.0`
**Breaking change:** [ ] Yes [x] No
## Testing & Validation
- [x] Tests pass (`bun test`)
- [x] Code formatted (`bun fmt`)
- [x] Changes tested locally
Co-authored-by: DevCats <christofer@coder.com>
release/coder/git-clone/v1.3.0
|
||
|
Harsh Singh Panwar
|
bce0897099 |
Fix(gemini): the Coder MCP server configuration (#882)
## Description Fixed the Coder MCP server configuration * Added the full path to the coder binary for Gemini * Removed unnecessary configuration fields <img width="1365" height="715" alt="Screenshot 2026-05-04 120727" src="https://github.com/user-attachments/assets/35cdb18f-c4a5-437d-8ad6-38134104e5e6" /> <img width="1365" height="717" alt="Screenshot 2026-05-04 120836" src="https://github.com/user-attachments/assets/bdce543e-dd7f-4122-b356-896d08e1fd3f" /> ## Type of Change - [ ] New module - [ ] New template - [x] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information <!-- Delete this section if not applicable --> **Path:** `registry/coder-labs/modules/gemini` **New version:** `v1.0.0` **Breaking change:** [ ] Yes [ ] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues fix: #881release/coder-labs/gemini/v3.0.1 |
||
|
DevCats
|
6b8d89daba |
fix(registry/coder-labs/modules/codex): align variable names with claude-code v5 (#885)
Aligns codex module variable names with the claude-code v5 conventions established in #861 and #879. - Rename `additional_mcp_servers` to `mcp` to match claude-code's variable name. - Change `codex_version` default from `""` to `"latest"` to match `claude_code_version`. ## Type of Change - [ ] New module - [ ] New template - [x] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information **Path:** `registry/coder-labs/modules/codex` **Breaking change:** [x] Yes [ ] No > [!WARNING] > Breaking change for anyone referencing `additional_mcp_servers` by name. Since v5.0.0 was released and deleted on the same day (#879), this should have zero downstream impact. ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues - Follow-up to #879 - Filed #886 to track adding `mcp_config_remote_path` support to codex --- *This PR was authored by Coder Agents.*release/coder-labs/codex/v5.0.0 |
||
|
35C4n0r
|
c4661ae365 |
refactor(registry/coder-labs/modules/codex)!: remove agentapi, tasks and start logic (#879)
Closes #878 ## What Major refactor of the `coder-labs/codex` module to mirror the `coder/claude-code` v5 changes from #861. ## Changes ### Structural - Replace `module "agentapi"` with `module "coder_utils"` (`registry.coder.com/coder/coder-utils/coder v0.0.1`) - Replace `scripts/install.sh` with `scripts/install.sh.tftpl` (Terraform templatefile) - Delete `scripts/start.sh` - Module dir changed from `.codex-module` to `.coder-modules/coder-labs/codex` - Output changed from `task_app_id` to `scripts` (ordered list of coder exp sync names) - Extracted shared test helpers (`collectScripts`, `runScripts`) into `agentapi/coder-utils-test-helpers.ts` ### Removed variables All AgentAPI pass-throughs, boundary, and start-script-only variables: `order`, `group`, `report_tasks`, `subdomain`, `cli_app`, `web_app_display_name`, `cli_app_display_name`, `install_agentapi`, `agentapi_version`, `ai_prompt`, `continue`, `enable_state_persistence`, `codex_system_prompt`, `enable_boundary`, `boundary_config_path`, `boundary_version`, `compile_boundary_from_source`, `use_boundary_directly`, `codex_model` ### Retained `install_codex` (toggle for skipping npm install when CLI is pre-installed) ### Renamed - `enable_aibridge` -> `enable_ai_gateway` ### Changed - `workdir`: now optional (`default = null`) - `openai_api_key`: conditional env var with `count`, marked `sensitive = true` - `base_config_toml`: heredoc description documenting generated defaults; notes that `model_reasoning_effort` and workdir trust are only applied in default config - Default `config.toml`: stripped `sandbox_mode`, `approval_policy`, `sandbox_workspace_write`, `notice.model_migrations` - Install script: removed Node.js/NVM bootstrap (assumes npm pre-installed), sources NVM if present, fails with actionable error if npm missing - `ARG_CODEX_VERSION` and `ARG_WORKDIR` base64-encoded to prevent shell/TOML injection - Duplicate `[model_providers.aibridge]` guarded with grep before appending - Debug header uses user-facing variable names ### Tests - Terraform: 11 pass - Bun: 15 pass (rewritten to shared `collectScripts`/`runScripts` pattern) - Added: `model-reasoning-effort-standalone`, `ai-gateway-with-custom-base-config`, `ai-gateway-custom-config-no-duplicate-provider`, `install-codex-latest`, `workdir-trusted-project`, `no-workdir-no-project-section` - Negative assertions on `minimal-default-config` ### Docs - Migration guide (v4 to v5) in README - Quoted path in coder_app example - AI Gateway note about custom `base_config_toml` requiring manual `model_provider` > [!WARNING] > Breaking change. Drops support for Coder Tasks and Boundary. Keep using v4.x.x if you depend on them. --- *This PR was authored by Coder Agents.* --------- Co-authored-by: Jay Kumar <jay.kumar@coder.com> Co-authored-by: DevCats <christofer@coder.com> |
||
|
blinkagent[bot]
|
4688e4c1a7 |
fix(filebrowser): require agent_name when subdomain is false (#877)
## Description Fixes [REG-4](https://linear.app/codercom/issue/REG-4/filebrowser-appends-workspace-path-twice-in-url): the `filebrowser` module opens to a non-existent URL with the workspace path appended a second time when `subdomain = false` and `agent_name` is not provided, e.g.: ``` https://<coder-host>/@<owner>/<workspace>/apps/filebrowser/files/@<owner>/<workspace>.<agent>/apps/filebrowser/ ``` ### Root cause Coder's frontend always builds path-based app URLs as `/@<owner>/<workspace>.<agent>/apps/<slug>/` (it always includes `.<agent_name>`, even for single-agent templates): https://github.com/coder/coder/blob/main/site/src/modules/apps/apps.ts ```ts return `${path}/@${workspace.owner_name}/${workspace.name}.${agent.name}/apps/${app.slug}/`; ``` The filebrowser module, however, only includes the agent segment in `local.server_base_path` (which becomes filebrowser's `--baseURL`) when the user explicitly passes `agent_name`. The variable description and the README both said `agent_name` was "only required if the template uses multiple agents", which is incorrect. When the URLs disagree, filebrowser's reverse-proxy `stripPrefix` cannot strip the prefix, the path falls through filebrowser's `/:catchAll(.*)*` Vue route, and the router redirects to `/files/${catchAll}` — producing the duplicated path the user reported. ### Fix - Add a `lifecycle.precondition` on `coder_script.filebrowser` that fails `terraform apply` with a clear, actionable error when `subdomain = false` and `agent_name == null`. - Update the `agent_name` variable description to state it is required whenever `subdomain` is `false`. - Update the `README.md` example for the path-based config to call out the requirement explicitly. - Bump the module version from `1.1.4` → `1.1.5`. - Add a TS test covering the new precondition. This avoids the silent misconfiguration that produces the duplicated URL, without breaking anyone whose existing template already sets `agent_name` (or uses `subdomain = true`). ## Type of Change - [ ] New module - [ ] New template - [x] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information **Path:** `registry/coder/modules/filebrowser` **New version:** `v1.1.5` **Breaking change:** [ ] Yes [x] No ## Testing & Validation - [x] `bun test main.test.ts` — 8 pass, 0 fail (includes new precondition test) - [x] `terraform fmt -recursive` - [x] `terraform validate` - [x] `bun x prettier --check` - [x] Manually verified the precondition fires with a minimal repro and passes when `agent_name` is supplied or `subdomain = true`. ## Related Issues - Linear: [REG-4](https://linear.app/codercom/issue/REG-4/filebrowser-appends-workspace-path-twice-in-url) --- Created on behalf of @matifali. Generated with Blink. Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com> Co-authored-by: DevCats <christofer@coder.com>release/coder/filebrowser/v1.1.5 |
||
|
Morgan Lunt
|
4d96be0de7 |
feat(claude-code): add telemetry input for OTEL export with workspace attribution (#862)
## Problem Claude Code ships an OpenTelemetry exporter for token usage, tool calls, session lifecycle and errors (https://docs.anthropic.com/en/docs/claude-code/monitoring-usage), but the module exposes no first-class wiring for it. Template authors who want telemetry have to know the env var names (`CLAUDE_CODE_ENABLE_TELEMETRY`, the `OTEL_EXPORTER_OTLP_*` family) and write their own `coder_env` blocks. More importantly there is no convention for how to correlate Claude Code telemetry with Coder's own audit logs and `exectrace` records, so even when both are exported they end up as two unjoined datasets. ## Change Adds a `telemetry` input that turns on `CLAUDE_CODE_ENABLE_TELEMETRY` and the standard OTLP exporter env vars in one place: ```tf telemetry = { enabled = true otlp_endpoint = "http://otel-collector.observability:4317" otlp_protocol = "grpc" otlp_headers = { authorization = "Bearer ..." } resource_attributes = { "service.name" = "claude-code" } } ``` When enabled, the module automatically appends `coder.workspace_id`, `coder.workspace_name`, `coder.workspace_owner` and `coder.template_name` to `OTEL_RESOURCE_ATTRIBUTES`. This gives a stable join key between Claude Code spans/metrics and Coder's audit log and exectrace events on `workspace_id`, so a platform team can answer "show me every shell command Claude executed in workspace X alongside the token spend for that session" without custom plumbing. This is purely additive (`coder_env` resources behind `count`), defaults to disabled, and is independent of how Claude is launched, so it composes cleanly with the install-only direction in #861. ## Validation - `terraform fmt`, `terraform validate`, `terraform test` (19/19) pass - `bun test -t telemetry` (2/2) pass: env vars are set with the expected values when enabled, and absent when the input is omitted Disclosure: I work at Anthropic on the Claude Code team. --------- Co-authored-by: DevCats <chris@dualriver.com> Co-authored-by: Atif Ali <me@matifali.dev>release/coder/claude-code/v5.1.0 |
||
|
Atif Ali
|
3494da4924 | docs: standardize module data layout under ~/.coder-modules (#869) | ||
|
Muhammad Atif Ali
|
b78b65e001 | fix(claude-code): correct PR URL in migration guide release/coder/claude-code/v5.0.0 | ||
|
Atif Ali
|
124d05fee9 | chore(claude-code)!: strip boundary, agentapi, tasks, tools (#861) | ||
|
Atif Ali
|
3b64d99fb1 |
refactor(registry/coder/modules/coder-utils)!: derive names from module_directory (#874)
## Summary
Derives `coder-utils` script names from `module_directory` instead of a
separate `agent_name` input. The `module_directory` already encodes both
the namespace and the module name, so carrying both is redundant and
error-prone. Callers like `claude-code` no longer need to pass
`agent_name`.
Scripts this module materializes lose the `${agent_name}-utils-` prefix
because `module_directory` already namespaces them per-caller.
We will address multiple instances of coder-utils per caller in a future
iteration if needed.
## Versioning Note
Previous tags (`v1.0.0` through `v1.3.0`) have been deleted because no
published module ever consumed them — the module was effectively
unreleased. This PR ships the first real public version as **`v0.0.1`**,
treating it as a fresh start rather than a breaking bump from a version
that was never in production use.
## Changes
- Remove `agent_name` variable.
- Derive `caller_name = "${namespace}-${module_name}"` from
`module_directory`.
- Validate `module_directory` matches
`$HOME/.coder-modules/<namespace>/<module-name>`.
- Rename script files on disk from `${agent_name}-utils-<phase>.sh` to
plain `<phase>.sh`.
- Add a TS test for the `module_directory` validation.
- Ship as `v0.0.1` (first published version; all prior tags removed).
## Breaking Changes
| Before | After |
|---|---|
| `agent_name = "myagent"` | removed (derived from `module_directory`) |
| `module_directory = ".my-module"` | `module_directory =
"$HOME/.coder-modules/<ns>/<name>"` (validated) |
| Script files `${agent_name}-utils-install.sh` | `install.sh` |
| Script sync names `${agent_name}-install_script` |
`${namespace}-${module_name}-install_script` |
No callers were depending on the old format (prior tags were
unpublished).
## Validation
- `terraform fmt -recursive` clean
- `terraform validate` clean
- `terraform test` → 17/17 pass
- `bun test registry/coder/modules/coder-utils` → 5/5 pass
- `prettier --check` clean
## Consumer
coder/registry#861 (`claude-code`) consumes this and is currently pinned
to the commit SHA until this merges and ships as `v0.0.1`.
> 🤖 This PR was created with the help of Coder Agents, and needs a human
review. 🧑💻
release/coder/coder-utils/v0.0.1
|
||
|
Atif Ali
|
22e574926e |
feat(coder-utils): nest scripts under module_directory/scripts (#871)
## Summary
Move script files from the flat `${module_directory}` to a `scripts/`
subdirectory, and prefix each script's filename with
`${agent_name}-utils-` so multiple `coder-utils` instances can safely
share a `module_directory`. Mirrors the layout #870 established for
`logs/` and aligns with the Module Data Layout standard in `AGENTS.md`
(#869).
## Changes
- Compute `local.scripts_directory = "${var.module_directory}/scripts"`
and use it for every `*.sh` path.
- Script filenames are now
`${agent_name}-utils-{pre_install,install,post_install,start}.sh` so two
`coder-utils` instances don't collide on disk.
- Pre-install and install `coder_script`s `mkdir -p` the `scripts/`
sub-path before writing their `.sh`; post-install and start sync-depend
on install, so the directory already exists by the time they run.
- Update the `module_directory` description to call out the nested
`scripts/` and `logs/` paths.
- Add `test_scripts_nested_under_module_directory` asserting the new
paths (including the `${agent_name}-utils-` prefix) and the `mkdir -p`
in each script.
- README: add a "Script file locations" section documenting the new
layout.
- Bump module version to `v1.3.0`.
## Breaking Changes
Consumers reading `${module_directory}/install.sh` (and friends)
directly must look under
`${module_directory}/scripts/${agent_name}-utils-install.sh` instead. No
in-repo consumers exist today.
## Validation
- `terraform fmt -recursive` clean
- `terraform validate` clean
- `terraform test` → 16/16 pass (includes the new
`test_scripts_nested_under_module_directory`)
- `bun test main.test.ts` → 5/5 pass
- `prettier --check` clean
> 🤖 This PR was created with the help of Coder Agents, and needs a human
review. 🧑💻
|
||
|
Atif Ali
|
f3475c061e | feat(coder-utils): nest logs under module_directory/logs (#870) | ||
|
35C4n0r
|
39f332fcaf |
feat(registry/coder/modules/coder-utils): make install_script and start_script optional (#842)
Co-authored-by: Jay Kumar <jay.kumar@coder.com> Co-authored-by: Atif Ali <atif@coder.com> |
||
|
Harsh Singh Panwar
|
b108185c14 |
feature (jetbrains-plugins): add module for installing jetbrains plugin (#772)
Co-authored-by: DevCats <christofer@coder.com> Co-authored-by: DevCats <chris@dualriver.com>release/harsh9485/jetbrains-plugins/v0.1.0 |
||
|
joergklein
|
b72577707c |
feat(templates): add docker-texlive template with code-server (#828)
## Description <!-- Briefly describe what this PR does and why --> ## Type of Change - [ ] New module - [x] New template - [ ] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other ## Template Information **Path:** `registry/joergklein/templates/docker-texlive` ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues <!-- Link related issues or write "None" if not applicable --> --------- Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com> Co-authored-by: DevCats <chris@dualriver.com> Co-authored-by: Atif Ali <atif@coder.com> Co-authored-by: DevelopmentCats <christofer@coder.com> |
||
|
dependabot[bot]
|
9c01790131 |
chore(deps): bump the github-actions group with 3 updates (#854)
Bumps the github-actions group with 3 updates: [coder/coder](https://github.com/coder/coder), [crate-ci/typos](https://github.com/crate-ci/typos) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action). Updates `coder/coder` from 2.31.9 to 2.32.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/coder/coder/releases">coder/coder's releases</a>.</em></p> <blockquote> <h2>v2.32.0</h2> <h2>Changelog</h2> <blockquote> <p>[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our <a href="https://github.com/coder/coder/releases/latest">latest stable release</a> while we refine this version. Learn more about our <a href="https://coder.com/docs/install/releases">Release Schedule</a>.</p> </blockquote> <h3>BREAKING CHANGES</h3> <ul> <li> <p>chore!: remove members' ability to read their own AI Bridge interceptions (<a href="https://redirect.github.com/coder/coder/pull/23320">#23320</a>)</p> <blockquote> <p>Regular users (non-owners, non-auditors) can no longer read AI Bridge interception data, including their own. Only owners and auditors retain read access. This tightens the RBAC surface to prevent insiders from observing what data is tracked.</p> </blockquote> </li> <li> <p>fix(cli)!: <code>coder groups list -o json</code> output structure changed (<a href="https://redirect.github.com/coder/coder/pull/22923">#22923</a>)</p> <blockquote> <p>The JSON output is now a flat structure matching other <code>coder list -o json</code> commands. Previously this command returned empty zero-value structs due to a bug, so no working consumer of the old format could exist.</p> </blockquote> </li> </ul> <h3>DEPRECATIONS</h3> <ul> <li>AI Gateway (previously known as AI Bridge): injected MCP tools are now deprecated (<a href="https://redirect.github.com/coder/coder/pull/23031">#23031</a>); this feature will remain functional but will be replaced with an MCP Gateway in a future release.</li> </ul> <h3>Features</h3> <h4>Coder Agents</h4> <p><a href="https://coder.com/docs/ai-coder/agents">Coder Agents</a> is newly introduced in Early Access. See our <a href="https://coder.com/docs/ai-coder/agents/getting-started">getting started guide</a> to enable and start using it.</p> <ul> <li>Voice-to-text input in agent chat (<a href="https://redirect.github.com/coder/coder/pull/23022">#23022</a>)</li> <li>Pinned chats with drag-to-reorder in the sidebar (<a href="https://redirect.github.com/coder/coder/pull/23615">#23615</a>)</li> <li>Chat cost analytics dashboard for admins — tracks spend, model usage, and trends (<a href="https://redirect.github.com/coder/coder/pull/23037">#23037</a>, <a href="https://redirect.github.com/coder/coder/pull/23215">#23215</a>)</li> <li>PR Insights analytics dashboard — shows PRs created/merged by AI agents, merge rates, lines shipped, cost per merged PR (<a href="https://redirect.github.com/coder/coder/pull/23215">#23215</a>)</li> <li>Agent desktop recordings — record and replay agent desktop sessions (<a href="https://redirect.github.com/coder/coder/pull/23894">#23894</a>, <a href="https://redirect.github.com/coder/coder/pull/23895">#23895</a>)</li> <li>Per-chat system prompt override per conversation (<a href="https://redirect.github.com/coder/coder/pull/24053">#24053</a>)</li> <li>Chat spend limits with inline usage indicator (<a href="https://redirect.github.com/coder/coder/pull/23071">#23071</a>, <a href="https://redirect.github.com/coder/coder/pull/23072">#23072</a>) — configurable via <a href="https://coder.com/docs/ai-coder/agents/platform-controls">platform controls</a></li> <li>Per-user per-model compaction threshold overrides (<a href="https://redirect.github.com/coder/coder/pull/23412">#23412</a>)</li> <li>Skills — agents read context files and discover skills locally; skills persist as message parts (<a href="https://redirect.github.com/coder/coder/pull/23935">#23935</a>, <a href="https://redirect.github.com/coder/coder/pull/23748">#23748</a>) — see <a href="https://coder.com/docs/ai-coder/agents/extending-agents">extending agents</a></li> <li>Suffix-based agent selection — select an agent model by name suffix (<a href="https://redirect.github.com/coder/coder/pull/23741">#23741</a>)</li> <li>Provider key policies and per-user provider settings (<a href="https://redirect.github.com/coder/coder/pull/23751">#23751</a>) — see <a href="https://coder.com/docs/ai-coder/agents/models">models & providers</a></li> <li>Manual chat title regeneration (<a href="https://redirect.github.com/coder/coder/pull/23633">#23633</a>)</li> <li>Chat read/unread indicator in sidebar (<a href="https://redirect.github.com/coder/coder/pull/23129">#23129</a>)</li> <li>Chat labels (<a href="https://redirect.github.com/coder/coder/pull/23594">#23594</a>)</li> <li>Workspace and agent badges in chat top bar and workspace list (<a href="https://redirect.github.com/coder/coder/pull/23964">#23964</a>, <a href="https://redirect.github.com/coder/coder/pull/23453">#23453</a>)</li> <li>File/image attachments in chat input; large pasted text auto-converts to file attachments (<a href="https://redirect.github.com/coder/coder/pull/22604">#22604</a>, <a href="https://redirect.github.com/coder/coder/pull/23379">#23379</a>)</li> <li>Inline file reference rendering in user messages (<a href="https://redirect.github.com/coder/coder/pull/23131">#23131</a>)</li> <li><code>propose_plan</code> tool for markdown plan proposals (<a href="https://redirect.github.com/coder/coder/pull/23452">#23452</a>)</li> <li>Provider-native web search tools in agent chats (<a href="https://redirect.github.com/coder/coder/pull/22909">#22909</a>)</li> <li>Workspace awareness system message automatically included on chat creation (<a href="https://redirect.github.com/coder/coder/pull/23213">#23213</a>)</li> <li>Workspace TTL automatically extended on chat heartbeat (<a href="https://redirect.github.com/coder/coder/pull/23314">#23314</a>)</li> <li>Global chat workspace TTL deployment-wide setting (<a href="https://redirect.github.com/coder/coder/pull/23265">#23265</a>)</li> <li>Template allowlist for chats — restrict which templates agents can create workspaces from (<a href="https://redirect.github.com/coder/coder/pull/23262">#23262</a>)</li> <li>Chat-access site-wide role to gate chat creation (<a href="https://redirect.github.com/coder/coder/pull/23724">#23724</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/coder/coder/commit/34584e909bbe6f501fb2cbdc994325b4d3f9e2ef"><code>34584e9</code></a> fix: update to our fork of charm.land/fantasy with appendCompact perf improve...</li> <li><a href="https://github.com/coder/coder/commit/2625056e7108bc66557b67188422b9b924db3b74"><code>2625056</code></a> fix: backport Go 1.25.9 and dependency fixes (<a href="https://redirect.github.com/coder/coder/issues/24330">#24330</a>)</li> <li><a href="https://github.com/coder/coder/commit/bd1568b0b7ab9164fbe46699403e69c5260c71e5"><code>bd1568b</code></a> fix: bump coder/tailscale to pick up RTM_MISS fix (cherry-pick <a href="https://redirect.github.com/coder/coder/issues/24187">#24187</a>) (<a href="https://redirect.github.com/coder/coder/issues/24214">#24214</a>)</li> <li><a href="https://github.com/coder/coder/commit/eb2b1d3a8ba38d9b531e4db405b4c3effe79d136"><code>eb2b1d3</code></a> fix: update directory for terraform-managed subagents (<a href="https://redirect.github.com/coder/coder/issues/24220">#24220</a>) (<a href="https://redirect.github.com/coder/coder/issues/24242">#24242</a>)</li> <li><a href="https://github.com/coder/coder/commit/9626fdacad9e12107d173bb19a1d71b666ca0de1"><code>9626fda</code></a> fix(cli): retry dial timeouts in SSH connection setup (<a href="https://redirect.github.com/coder/coder/issues/24199">#24199</a>) (<a href="https://redirect.github.com/coder/coder/issues/24229">#24229</a>)</li> <li><a href="https://github.com/coder/coder/commit/52190f032d6f002f5efa2a063c7d99399cabfec8"><code>52190f0</code></a> fix: revert auto-assign agents-access role enabled (<a href="https://redirect.github.com/coder/coder/issues/24170">#24170</a>) (<a href="https://redirect.github.com/coder/coder/issues/24186">#24186</a>)</li> <li><a href="https://github.com/coder/coder/commit/8d4148b1986008ed3b9b1cdbc13c35473a7c648b"><code>8d4148b</code></a> chore: remove kyleosophy easter egg (<a href="https://redirect.github.com/coder/coder/issues/24174">#24174</a>)</li> <li><a href="https://github.com/coder/coder/commit/d3bdd5d1535db5f713634cf781500cae0bddb2ae"><code>d3bdd5d</code></a> feat: add httproute (<a href="https://redirect.github.com/coder/coder/issues/23501">#23501</a>) (<a href="https://redirect.github.com/coder/coder/issues/24172">#24172</a>)</li> <li><a href="https://github.com/coder/coder/commit/727ec00f7f693a4edb513013f356340a8acf7564"><code>727ec00</code></a> chore: revert force deploying main (<a href="https://redirect.github.com/coder/coder/issues/23290">#23290</a>) (<a href="https://redirect.github.com/coder/coder/issues/24072">#24072</a>) (<a href="https://redirect.github.com/coder/coder/issues/24166">#24166</a>)</li> <li><a href="https://github.com/coder/coder/commit/89a0ee3d1d2f61970b2f0856622ca6693eeb62dc"><code>89a0ee3</code></a> feat: support disabling reverse/local port forwarding in agent SSH server (<a href="https://redirect.github.com/coder/coder/issues/2">#2</a>...</li> <li>Additional commits viewable in <a href="https://github.com/coder/coder/compare/2f5d21d1be7864b3e21d9c0b8e87d3ba229a1140...34584e909bbe6f501fb2cbdc994325b4d3f9e2ef">compare view</a></li> </ul> </details> <br /> Updates `crate-ci/typos` from 1.45.0 to 1.45.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/crate-ci/typos/releases">crate-ci/typos's releases</a>.</em></p> <blockquote> <h2>v1.45.1</h2> <h2>[1.45.1] - 2026-04-13</h2> <h3>Fixes</h3> <ul> <li><em>(action)</em> Use a temp dir for caching</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's changelog</a>.</em></p> <blockquote> <h1>Change Log</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="https://keepachangelog.com/">Keep a Changelog</a> and this project adheres to <a href="https://semver.org/">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <h2>[Unreleased] - ReleaseDate</h2> <h2>[1.45.1] - 2026-04-13</h2> <h3>Fixes</h3> <ul> <li><em>(action)</em> Use a temp dir for caching</li> </ul> <h2>[1.45.0] - 2026-04-01</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1509">March 2026</a> changes</li> </ul> <h2>[1.44.0] - 2026-02-27</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1488">February 2026</a> changes</li> </ul> <h2>[1.43.5] - 2026-02-16</h2> <h3>Fixes</h3> <ul> <li><em>(pypi)</em> Hopefully fix the sdist build</li> </ul> <h2>[1.43.4] - 2026-02-09</h2> <h3>Fixes</h3> <ul> <li>Don't correct <code>pincher</code></li> </ul> <h2>[1.43.3] - 2026-02-06</h2> <h3>Fixes</h3> <ul> <li><em>(action)</em> Adjust how typos are reported to github</li> </ul> <h2>[1.43.2] - 2026-02-05</h2> <h3>Fixes</h3> <ul> <li>Don't correct <code>certifi</code> in Python</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/crate-ci/typos/commit/cf5f1c29a8ac336af8568821ec41919923b05a83"><code>cf5f1c2</code></a> chore: Release</li> <li><a href="https://github.com/crate-ci/typos/commit/485d42553ebf5bd9c810c24c6521bf608d663e70"><code>485d425</code></a> docs: Update changelog</li> <li><a href="https://github.com/crate-ci/typos/commit/2fe77ce0ce53ef0ba47e9b371fef1a949baaff3a"><code>2fe77ce</code></a> Merge pull request <a href="https://redirect.github.com/crate-ci/typos/issues/1539">#1539</a> from epage/action</li> <li><a href="https://github.com/crate-ci/typos/commit/a9595eaf0cc3266bd7fa5c3b2ec7e2a5f3685d18"><code>a9595ea</code></a> fix(action): Leave binary in temp dir</li> <li>See full diff in <a href="https://github.com/crate-ci/typos/compare/02ea592e44b3a53c302f697cddca7641cd051c3d...cf5f1c29a8ac336af8568821ec41919923b05a83">compare view</a></li> </ul> </details> <br /> Updates `zizmorcore/zizmor-action` from 0.5.2 to 0.5.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/zizmorcore/zizmor-action/releases">zizmorcore/zizmor-action's releases</a>.</em></p> <blockquote> <h2>v0.5.3</h2> <h2>What's Changed</h2> <ul> <li><code>1.24.0</code> and <code>1.24.1</code> are now available via the action</li> <li><code>1.24.1</code> is now the default version of zizmor used by the action</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/zizmorcore/zizmor-action/compare/v0.5.2...v0.5.3">https://github.com/zizmorcore/zizmor-action/compare/v0.5.2...v0.5.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/b1d7e1fb5de872772f31590499237e7cce841e8e"><code>b1d7e1f</code></a> Sync zizmor versions (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/102">#102</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/a195b57475917ddcb70845e5ffe1c3a15dbbdedc"><code>a195b57</code></a> Sync zizmor versions (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/100">#100</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/629d5d01fe5939a6aeae25c1bd1acd2cfa28e9b2"><code>629d5d0</code></a> chore(deps): bump github/codeql-action in the github-actions group (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/99">#99</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/453d591467e8199b1d5c6883b6ec5c22a12aac72"><code>453d591</code></a> chore(deps): bump the github-actions group with 2 updates (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/98">#98</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/ea2c18b942410df0b22bed3b94c361c407518d45"><code>ea2c18b</code></a> Bump pins (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/97">#97</a>)</li> <li>See full diff in <a href="https://github.com/zizmorcore/zizmor-action/compare/71321a20a9ded102f6e9ce5718a2fcec2c4f70d8...b1d7e1fb5de872772f31590499237e7cce841e8e">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Atif Ali
|
b9f9fac9ee |
chore: update devcontainers icon (#850)
Updates the devcontainers icon to use the [Microsoft Fluent UI `ic_fluent_cube_32_filled`](https://github.com/microsoft/fluentui-system-icons/blob/78c9587b995299d5bfc007a0077773556ecb0994/assets/Cube/SVG/ic_fluent_cube_32_filled.svg), consistent with [coder/coder#24478](https://github.com/coder/coder/pull/24478). > 🤖 This PR was created with the help of Coder Agents, and needs a human review. 🧑💻 |
||
|
dependabot[bot]
|
c724684589 |
chore(deps): bump the github-actions group with 2 updates (#841)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Atif Ali
|
b76b544e78 |
feat(jetbrains): skip HTTP calls when ide_config is set (#836)
Fixes #835 ## Problem The `data "http"` resource always fires for every selected IDE, even when the user has pinned versions via `ide_config`. In air-gapped or caching scenarios, this causes: - **30-second hangs** when `releases_base_link` is set to a dummy URL like `https://localhost` - **Fatal errors** with `https://localhost:1` (connection refused) - The documented "air-gapped fallback" via `try()` never actually worked — the `http` data source fails before `try()` can catch anything ## Fix When `ide_config` is provided, the module now skips all HTTP calls and uses the pinned build numbers directly. | Scenario | `ide_config` | HTTP calls | Build source | On API failure | |---|---|---|---|---| | User wants latest | `null` (default) | Yes | JetBrains API | Terraform error (fail loudly) | | User pins versions | Set | **None** | `ide_config.build` | N/A | ### Changes - `ide_config` default changed from a full map to `null` - `name` and `icon` are now `optional(string)` in `ide_config` — falls back to built-in metadata - `data.http.jetbrains_ide_versions` `for_each` is empty when `ide_config` is set - Static `ide_metadata` local provides name/icon when `ide_config` is null - Removed `try()` fallback from `parsed_responses` — API errors are now explicit instead of silently using stale builds - Cross-variable validation rejects `major_version`, `channel`, and `releases_base_link` when `ide_config` is set - Validation for `ide_config ⊇ default` added (previously only `ide_config ⊇ options` was checked) - Version bumped `1.3.1` → `1.4.0` ### Usage ```tf module "jetbrains" { source = "registry.coder.com/coder/jetbrains/coder" version = "1.4.0" agent_id = coder_agent.main.id folder = "/home/coder/project" # Zero HTTP calls — only build is required. ide_config = { "GO" = { build = "261.22158.291" } "PY" = { build = "261.22158.340" } } options = ["GO", "PY"] } ``` > 🤖 This PR was created with the help of Coder Agents, and needs a human review. 🧑💻release/coder/jetbrains/v1.4.0 |
||
|
Max Schwenk
|
d3885a5047 |
feat: add auto permission mode to claude-code module (#830)
## Summary - Add `auto` as a valid `permission_mode` for the claude-code module, passing `--enable-auto-mode` to the CLI when selected - Fix bypass permissions TOS prompt appearing interactively by pre-seeding `bypassPermissionsModeAccepted` in `~/.claude.json` during install (workaround for https://github.com/anthropics/claude-code/issues/25503) - Bump version `4.8.2` → `4.9.0` ## Test plan - [x] All 19 terraform tests pass (`terraform test -verbose`) - [x] Added `test_claude_code_auto_permission_mode` tftest - [x] Added `claude-auto-permission-mode` TypeScript test verifying both `--permission-mode auto` and `--enable-auto-mode` are passed - [ ] Container test with auto mode (requires Linux/Colima) - [ ] Verify bypass permissions TOS prompt no longer appears on task startup 🤖 Generated with Claude Code using Claude Opus 4.6 --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: DevCats <christofer@coder.com>release/coder/claude-code/v4.9.2 |
||
|
dependabot[bot]
|
de7bd01021 |
chore(deps): bump the github-actions group with 2 updates (#834)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Atif Ali
|
494ad9bd48 |
fix(copilot): remove hardcoded model enum to allow any Copilot model (#833)
The `copilot_model` variable was restricted to a hardcoded enum of three models (`claude-sonnet-4`, `claude-sonnet-4.5`, `gpt-5`). Models change fast and this validation was blocking users from using newer models. ## Changes - Remove `validation` block from `copilot_model` variable in `main.tf` - Update variable description to indicate any Copilot-supported model can be used - Replace enum validation test with a test that verifies arbitrary model strings are accepted - Bump module version to `0.4.1` in README examples Closes #832 > 🤖 This PR was created with the help of Coder Agents, and needs a human review. 🧑💻release/coder-labs/copilot/v0.4.1 |
||
|
Phorcys
|
5ee68d04d1 |
feat: add mcp_config input variable to vscode-desktop-core module (#753)
## Description Standardizes handling of `mcp` variables in VSCode Desktop-based modules. Made modular enough to pave the way for setting other config files than `mcp_server.json` and `mcp.json`. ## Type of Change - [ ] New module - [ ] New template - [ ] Bug fix - [x] Feature/enhancement - [ ] Documentation - [ ] Other ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally --------- Co-authored-by: DevCats <christofer@coder.com> Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>release/coder/vscode-desktop-core/v1.1.0 |
||
|
blinkagent[bot]
|
516a934694 |
feat(claude-code): wire web_app variable through to agentapi module (#831)
Follow-up to #764. Now that the `agentapi` module `v2.4.0` is published with `web_app` support, this PR completes the wiring: ## Changes ### `claude-code/main.tf` - Bump agentapi dependency from `v2.3.0` → `v2.4.0` - Replace `# TODO: pass web_app = var.web_app once agentapi module is published with web_app support` with `web_app = var.web_app` ### `claude-code/README.md` - Bump version references from `4.9.0` → `4.9.1` ## Result Setting `web_app = false` on the `claude-code` module now correctly passes through to the `agentapi` module, hiding the web UI app icon from the Coder dashboard while still running AgentAPI. The task-safe behavior (auto-enabling for `coder_ai_task`) is handled by the `agentapi` module. --------- Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>release/coder/claude-code/v4.9.1 |
||
|
blinkagent[bot]
|
344b02e4ab |
feat(agentapi,claude-code): add web_app variable to disable the web app (#764)
Adds a `web_app` variable (default: `true`) to both the `claude-code`
and `agentapi` modules. When set to `false`, AgentAPI still runs but the
web UI app icon is not shown in the Coder dashboard.
This mirrors the existing `cli_app` toggle pattern.
## Changes
### `agentapi` module
- New `web_app` variable (bool, default `true`)
- `coder_app.agentapi_web` now has `count = local.web_app ? 1 : 0`
- **Task-safe:** `local.web_app` is computed as `var.web_app ||
local.is_task`, where `is_task = try(data.coder_task.me.enabled,
false)`. This means the web app is always created when the workspace is
a Task, regardless of the `web_app` variable.
- `task_app_id` output returns `""` when `local.web_app` is `false`
### `claude-code` module
- New `web_app` variable (bool, default `true`)
- `TODO` comment to wire `web_app` through to agentapi once published
## Usage (once fully wired)
```hcl
module "claude-code" {
source = "registry.coder.com/coder/claude-code/coder"
...
web_app = false # hides the Claude Code web UI from the dashboard
}
```
Setting `web_app = false` is safe even in templates that use
`coder_ai_task` — the module detects Tasks via
`data.coder_task.me.enabled` and automatically enables the web app.
## Merge strategy
This needs to land in two steps:
1. **Merge this PR** — publishes the agentapi module with `web_app`
support, and adds the `web_app` variable to claude-code (not yet wired
through)
2. **Follow-up PR** — bump the agentapi version in claude-code and
replace the `TODO` with `web_app = var.web_app`
---------
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: DevCats <christofer@coder.com>
release/coder/agentapi/v2.4.0
release/coder/claude-code/v4.9.0
|
||
|
Seth Shelnutt
|
31a07ac823 |
feat(templates): add docker-rstudio template with code-server and RMarkdown (#819)
## New Template: docker-rstudio
Adds a Docker-based template for R development workspaces.
### What it provides
| Tool | Source | Access |
|------|--------|--------|
| **RStudio Server** | Pre-installed in `rocker/rstudio` image | Browser
via Coder proxy (subdomain) |
| **code-server** | `registry.coder.com/coder/code-server/coder` module
| Browser via Coder proxy |
| **RMarkdown** | Installed on first start, persisted in home-dir R
library | Available in both RStudio and code-server |
### Design decisions
<details>
<summary>Click to expand</summary>
- **`rocker/rstudio` as the base image** instead of
`codercom/enterprise-base:ubuntu` + the `rstudio-server` module. The
module runs RStudio inside a nested Docker container which requires
Docker-in-Docker or socket mounting in the workspace. Using the rocker
image directly avoids that complexity and starts faster since R and
RStudio are already installed.
- **Direct `coder_app` for RStudio** rather than the registry
`rstudio-server` module, because the module is designed for Docker-based
provisioning (it pulls and runs a rocker container). Since the workspace
itself _is_ the rocker container, RStudio Server is started natively via
`rserver`.
- **RMarkdown installed idempotently** — the startup script checks
`require('rmarkdown')` before installing. Since R libraries default to a
subdirectory under `/home/rstudio` (the persistent volume), packages
survive workspace restarts.
- **Persistent volume mounted at `/home/rstudio`** to match the default
user in the rocker image.
- **`--auth-none=1`** disables RStudio authentication since the Coder
proxy handles access control.
</details>
### Files added
- `registry/coder/templates/docker-rstudio/main.tf`
- `registry/coder/templates/docker-rstudio/README.md`
### Validation
- `go run ./cmd/readmevalidation/` — passes (32 templates detected)
- `terraform fmt` — clean
- `bun run fmt` — all files unchanged
---------
Co-authored-by: DevCats <christofer@coder.com>
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
|
||
|
DevCats
|
5973739f41 |
feat: add coder-modules and coder-templates skills for creating and updating modules and templates (#813)
## Description Add two Claude Code skills for the Coder Registry: `coder-modules` and `coder-templates`. These skills guide AI agents through creating and updating registry modules and workspace templates, covering scaffolding, Terraform patterns, testing, README standards, icon management, version bumps, and newer features like presets, prebuilds, and task-oriented templates. |
||
|
DevCats
|
ad61bddfb2 |
chore: fix module reference in coder-utils (#826)
## Description fix module reference in coder-utils <!-- Briefly describe what this PR does and why --> ## Type of Change - [ ] New module - [ ] New template - [x] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information **Path:** `registry/coder/modules/coder-utils` **New version:** `v1.0.1` **Breaking change:** [ ] Yes [x] No ## Testing & Validation - [X] Tests pass (`bun test`) - [X] Code formatted (`bun fmt`) - [X] Changes tested locally ## Related Issues <!-- Link related issues or write "None" if not applicable --> |
||
|
Ben Potter
|
eea5b24e3d |
fix: onepassword module resource naming and add demo screenshot (#827)
Fixes `coder_script "1password"` → `coder_script "onepassword"` since Terraform resource names cannot start with a digit. Adds a demo screenshot showing the template variables page and `op whoami` working in a workspace. Bumps version to 1.0.2.release/bpmct/onepassword/v1.0.2 |
||
|
Ben Potter
|
ee035ee9b9 |
fix: use 1Password brand blue icon for dark background visibility (#825)
The 1Password icon was black on transparent, making it invisible on the registry's dark cards. Replaced with 1Password brand blue (`#0572EC`) circle + white keyhole.release/bpmct/onepassword/v1.0.1 |
||
|
Ben Potter
|
5bc668aa4d |
feat: add 1password module under bpmct namespace (#824)
Adds a 1Password module under the `bpmct` namespace. ## What it does Installs the [1Password CLI](https://developer.1password.com/docs/cli/) (`op`) into Coder workspaces at startup. Two auth paths: - **Service account token** — set `service_account_token` and `OP_SERVICE_ACCOUNT_TOKEN` is injected automatically. Fully headless. - **Personal account** — set `account_address`, `account_email`, `account_secret_key` to pre-register the account. User runs `op signin` in their terminal. Optionally installs the [1Password VS Code extension](https://marketplace.visualstudio.com/items?itemName=1Password.op-vscode) (`1Password.op-vscode`) for code-server and VS Code with `install_vscode_extension = true`. Supports `pre_install_script` and `post_install_script` for custom orchestration. ## What's included - `registry/bpmct/` — new namespace (Ben Potter, community) - `registry/bpmct/modules/1password/` — the module (`main.tf`, `run.sh`, `README.md`) - `.icons/1password.svg` — 1Password logo from Simple Icons ## Tested Spun up a dev Coder instance, pushed the template with a real 1Password service account token, created a workspace, and confirmed: - `op` CLI installs and authenticates - `op vault list` returns vaults - `1Password.op-vscode` extension installs in code-server --------- Co-authored-by: DevCats <christofer@coder.com>release/bpmct/onepassword/v1.0.0 |
||
|
DevCats
|
caaff0c1e9 |
chore: rename agent-helper to coder-helper (#816)
## Description Change `agent-helper` to `coder-utils` The current tag for agent-helper needs to be deleted before this PR is merged. ## Type of Change - [x] New module - kinda.. - [ ] New template - [ ] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [x] Other ## Module Information <!-- Delete this section if not applicable --> **Path:** `registry/coder/modules/coder-utils` **New version:** `v1.0.0` **Breaking change:** [X] Yes [ ] No ( Module name is changing, but this is not nested in any modules yet ) ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related https://github.com/coder/registry/pull/802 |
||
|
blinkagent[bot]
|
057d7396ea |
fix(jetbrains): correct version bump to patch (1.3.1) instead of minor (1.4.0) (#823)
PR #822 bumped the jetbrains module version from `1.3.0` to `1.4.0` (minor), but the change was a bugfix and should have been a patch bump. This corrects all 7 version references in the README from `1.4.0` to `1.3.1`. Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>release/coder/jetbrains/v1.3.1 |
||
|
Atif Ali
|
fc66478b94 |
fix(jetbrains): scope HTTP version fetch to selected IDEs only (#822)
## Problem The `data "http" "jetbrains_ide_versions"` resource fetches release info from `data.services.jetbrains.com` for **all configured IDE options** at plan time, regardless of what the user actually selected. When the API is unreachable (air-gapped environments, DNS failures, transient outages), this causes a fatal Terraform error that blocks the workspace build — even when no JetBrains IDEs were selected. ## Fix Changed the `for_each` on the HTTP data source (and all dependent locals) from iterating over `var.options`/`var.default` to `local.selected_ides` — the user's actual selection. | Scenario | Before | After | |---|---|---| | No IDEs selected (`[]`) | 9 HTTP requests | 0 HTTP requests | | 1 IDE selected (`["GO"]`) | 9 HTTP requests | 1 HTTP request | | All IDEs selected | 9 HTTP requests | 9 HTTP requests | ## Validation - All 17 existing `terraform test` cases pass - Tested end-to-end on [dev.coder.com](https://dev.coder.com) with Docker template: - `jetbrains_ides=[]` — zero HTTP requests, build succeeds - `jetbrains_ides=["GO"]` — single HTTP request for GoLand only, `coder_app.jetbrains["GO"]` created Closes #821 > 🤖 This PR was created with the help of Coder Agents, and needs a human review. 🧑💻 |
||
|
Charlie Voiselle
|
19f6dc947f |
fix: correct description for 'Install multiple extensions' example in code-server module documentation (#817)
## Description Update incorrect documentation element for **Install multiple extensions** ## Type of Change - [ ] New module - [ ] New template - [ ] Bug fix - [ ] Feature/enhancement - [x] Documentation - [ ] Other ## Related Issues Nonerelease/coder/code-server/v1.4.4 |
||
|
dependabot[bot]
|
962cd16efd |
chore(deps): bump the github-actions group with 2 updates (#820)
Bumps the github-actions group with 2 updates: [coder/coder](https://github.com/coder/coder) and [actions/setup-go](https://github.com/actions/setup-go). Updates `coder/coder` from 2.31.5 to 2.31.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/coder/coder/releases">coder/coder's releases</a>.</em></p> <blockquote> <h2>v2.31.6</h2> <h2>Changelog</h2> <blockquote> <p>[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our <a href="https://github.com/coder/coder/releases/latest">latest stable release</a> while we refine this version. Learn more about our <a href="https://coder.com/docs/install/releases">Release Schedule</a>.</p> </blockquote> <h3>Bug fixes</h3> <ul> <li>Open coder_app links in new tab when open_in is tab (<a href="https://redirect.github.com/coder/coder/issues/23000">#23000</a>, e419eb310)</li> </ul> <h3>Chores</h3> <ul> <li>Switch agent gone response from 502 to 404 (backport <a href="https://redirect.github.com/coder/coder/issues/23090">#23090</a>) (<a href="https://redirect.github.com/coder/coder/issues/23635">#23635</a>, f7650296c)</li> </ul> <p>Compare: <a href="https://github.com/coder/coder/compare/v2.31.5...v2.31.6"><code>v2.31.5...v2.31.6</code></a></p> <h2>Container image</h2> <ul> <li><code>docker pull ghcr.io/coder/coder:2.31.6</code></li> </ul> <h2>Install/upgrade</h2> <p>Refer to our docs to <a href="https://coder.com/docs/install">install</a> or <a href="https://coder.com/docs/install/upgrade">upgrade</a> Coder, or use a release asset below.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/coder/coder/commit/f7650296ceb9b020c79cd525ac7bd3c7f252ae1d"><code>f765029</code></a> chore: switch agent gone response from 502 to 404 (backport <a href="https://redirect.github.com/coder/coder/issues/23090">#23090</a>) (<a href="https://redirect.github.com/coder/coder/issues/23635">#23635</a>)</li> <li><a href="https://github.com/coder/coder/commit/e419eb31019520018de8b643344faaf6b3af4be8"><code>e419eb3</code></a> fix: open coder_app links in new tab when open_in is tab (cherry-pick <a href="https://redirect.github.com/coder/coder/issues/23000">#23000</a>)...</li> <li>See full diff in <a href="https://github.com/coder/coder/compare/1a774ab7ce99063a2e01beb94de3fcbccaf84dbe...f7650296ceb9b020c79cd525ac7bd3c7f252ae1d">compare view</a></li> </ul> </details> <br /> Updates `actions/setup-go` from 6.3.0 to 6.4.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v6.4.0</h2> <h2>What's Changed</h2> <h3>Enhancement</h3> <ul> <li>Add go-download-base-url input for custom Go distributions by <a href="https://github.com/gdams"><code>@gdams</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/721">actions/setup-go#721</a></li> </ul> <h3>Dependency update</h3> <ul> <li>Upgrade minimatch from 3.1.2 to 3.1.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/727">actions/setup-go#727</a></li> </ul> <h3>Documentation update</h3> <ul> <li>Rearrange README.md, add advanced-usage.md by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/724">actions/setup-go#724</a></li> <li>Fix Microsoft build of Go link by <a href="https://github.com/gdams"><code>@gdams</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/734">actions/setup-go#734</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/gdams"><code>@gdams</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/721">actions/setup-go#721</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v6...v6.4.0">https://github.com/actions/setup-go/compare/v6...v6.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-go/commit/4a3601121dd01d1626a1e23e37211e3254c1c06c"><code>4a36011</code></a> docs: fix Microsoft build of Go link (<a href="https://redirect.github.com/actions/setup-go/issues/734">#734</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/8f19afcc704763637be6b1718da0af52ca05785d"><code>8f19afc</code></a> feat: add go-download-base-url input for custom Go distributions (<a href="https://redirect.github.com/actions/setup-go/issues/721">#721</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/27fdb267c15a8835f1ead03dfa07f89be2bb741a"><code>27fdb26</code></a> Bump minimatch from 3.1.2 to 3.1.5 (<a href="https://redirect.github.com/actions/setup-go/issues/727">#727</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/def8c394e3ad351a79bc93815e4a585520fe993b"><code>def8c39</code></a> Rearrange README.md, add advanced-usage.md (<a href="https://redirect.github.com/actions/setup-go/issues/724">#724</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-go/compare/4b73464bb391d4059bd26b0524d20df3927bd417...4a3601121dd01d1626a1e23e37211e3254c1c06c">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Meghea Iulian
|
8c130bcb5a |
fix(opencode): pass VERSION to bash instead of curl in install pipe (#815)
## Summary - Fix version pinning bug in the OpenCode install script (`registry/coder-labs/modules/opencode/scripts/install.sh`, line 42) **Bug:** The install command was: ```bash VERSION=$ARG_OPENCODE_VERSION curl -fsSL https://opencode.ai/install | bash ``` `VERSION` was set as an environment variable prefix to `curl` (the left side of the pipe), so the `bash` process on the right side of the pipe never received it. In a shell pipeline, each command runs in its own subprocess, so env var prefixes only apply to the immediately following command. This caused the installer script to always install the latest version instead of the pinned version specified by the user. **Fix:** Move `VERSION` to prefix `bash` instead of `curl`: ```bash curl -fsSL https://opencode.ai/install | VERSION=$ARG_OPENCODE_VERSION bash ``` Now the `VERSION` variable is correctly available to the install script executed by `bash`. ## Test plan - [x] Set `opencode_version` to a specific version (e.g., `0.1.0`) and verify that version is installed instead of latest - [x] Set `opencode_version` to `latest` and verify the latest version is still installed (this code path is unchanged) - [x] Verify `opencode --version` output matches the requested version after install --------- Co-authored-by: 35C4n0r <70096901+35C4n0r@users.noreply.github.com>release/coder-labs/opencode/v0.1.2 |
||
|
35C4n0r
|
516b9ce4ae |
fix(coder/modules/claude-code): update resource count logic for claude_api_key (#814)
## Description - update resource count logic for claude_api_key <!-- Briefly describe what this PR does and why --> ## Type of Change - [ ] New module - [ ] New template - [x] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information <!-- Delete this section if not applicable --> **Path:** `registry/coder/modules/claude-code` **New version:** `v4.8.2` **Breaking change:** [ ] Yes [ ] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues Closes: #812release/coder/claude-code/v4.8.2 |
