## Summary
Adds a `CODEOWNERS` file to enforce code review requirements for GitHub
Actions workflow changes.
- Creates `CODEOWNERS` file designating `@jdomeracki-coder` as owner of
`.github/` directory
- All changes to GitHub Actions workflows (`.github/` directory) now
require approval from the designated code owner
- Improves security posture by preventing unauthorized modifications to
CI/CD pipelines
## Why this change?
GitHub Actions workflows have elevated privileges and can access
repository secrets. Requiring explicit approval for workflow changes
helps prevent:
- Accidental or malicious modifications to CI/CD pipelines
- Unauthorized access to secrets
- Supply chain security vulnerabilities
## Test plan
- [x] Verify CODEOWNERS file is properly formatted
- [ ] Test that PRs modifying `.github/` directory require approval from
`@jdomeracki-coder`
- [ ] Confirm existing PRs not touching `.github/` continue to work
normally
## Description
- Minor maintenance and update codex to use coder_ai_task.
## Type of Change
- [ ] New module
- [ ] New template
- [ ] Bug fix
- [x] Feature/enhancement
- [ ] Documentation
- [ ] Other
## Module Information
<!-- Delete this section if not applicable -->
**Path:** `registry/coder-labs/modules/codex`
**New version:** `v4.0.0`
**Breaking change:** [x] Yes [ ] No
## Testing & Validation
- [x] Tests pass (`bun test`)
- [x] Code formatted (`bun fmt`)
- [x] Changes tested locally
## Related Issues
<!-- Link related issues or write "None" if not applicable -->
---------
Co-authored-by: Atif Ali <atif@coder.com>
This pull request updates the `claude-code` module to version 4.3.0 and
significantly simplifies the configuration and startup logic for the
Boundary integration. The changes remove several Boundary-related
configuration variables and options, streamlining both Terraform and
shell script code. The documentation is updated to reflect these changes
and the new version.
**Boundary integration simplification:**
* Removed multiple Boundary-related variables from `main.tf`, including
log directory, log level, additional allowed URLs, proxy port, and pprof
options, as well as their usage in the module and test files.
(`registry/coder/modules/claude-code/main.tf`
[[1]](diffhunk://#diff-e7adc2da34facfd5d16deb23876fca7ae4cb11c8a68a0cfbe37a044bb69932f0L213-L248)
[[2]](diffhunk://#diff-e7adc2da34facfd5d16deb23876fca7ae4cb11c8a68a0cfbe37a044bb69932f0L377-L382);
`registry/coder/modules/claude-code/main.tftest.hcl`
[[3]](diffhunk://#diff-46ca9cfb5cdd077a9c42f7f62ab3f45583196a05edc29838eda0c6bd0ea63edcL198-L210)
* Updated the Boundary startup logic in `start.sh` to remove handling
and passing of the eliminated variables, resulting in a simpler and more
maintainable script.
(`registry/coder/modules/claude-code/scripts/start.sh`
[[1]](diffhunk://#diff-decfa0cea699ba8bf5e89b60ee677c361d2e9cc8b4792ed54ac1da66b4bd9315L19-L23)
[[2]](diffhunk://#diff-decfa0cea699ba8bf5e89b60ee677c361d2e9cc8b4792ed54ac1da66b4bd9315L39-L41)
[[3]](diffhunk://#diff-decfa0cea699ba8bf5e89b60ee677c361d2e9cc8b4792ed54ac1da66b4bd9315L232-L260)
**Documentation updates:**
* Updated all usage examples in `README.md` to reference version 4.3.0
and reflect the new, simplified Boundary configuration.
(`registry/coder/modules/claude-code/README.md`
[[1]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL16-R16)
[[2]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL48-R52)
[[3]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL75-R71)
[[4]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL111-R107)
[[5]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL133-R129)
[[6]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL206-R202)
[[7]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL263-R259)
**Version bump:**
* Bumped the module version from 4.2.9 to 4.3.0 throughout all
documentation and configuration examples.
(`registry/coder/modules/claude-code/README.md`
[[1]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL16-R16)
[[2]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL48-R52)
[[3]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL75-R71)
[[4]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL111-R107)
[[5]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL133-R129)
[[6]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL206-R202)
[[7]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL263-R259)
---------
Co-authored-by: DevCats <christofer@coder.com>
## Description
Remove test from `cloud-dev` template since templates generally have no
tests.
<!-- Briefly describe what this PR does and why -->
## Type of Change
- [ ] New module
- [ ] New template
- [X] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
## Template Information
<!-- Delete this section if not applicable -->
**Path:** `registry/nboyers/templates/cloud-dev`
## Testing & Validation
- [X] Tests pass (`bun test`)
- [X] Code formatted (`bun fmt`)
- [X] Changes tested locally
## Related Issues
<!-- Link related issues or write "None" if not applicable -->
## Description
Better test cleanup, and resolve flakiness.
<!-- Briefly describe what this PR does and why -->
## Type of Change
- [ ] New module
- [ ] New template
- [X] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
## Module Information
<!-- Delete this section if not applicable -->
**Path:** `registry/coder/modules/github-upload-public-key`
**New version:** `v1.0.32`
**Breaking change:** [ ] Yes [ ] No
## Testing & Validation
- [X] Tests pass (`bun test`)
- [X] Code formatted (`bun fmt`)
- [X] Changes tested locally
## Related Issues
<!-- Link related issues or write "None" if not applicable -->
## Description
bump agentapi version to 0.11.6.
This version of agentapi introduces tool_call logging and improved
tool_call parsing
## Type of Change
- [ ] New module
- [ ] New template
- [ ] Bug fix
- [x] Feature/enhancement
- [ ] Documentation
- [ ] Other
## Module Information
<!-- Delete this section if not applicable -->
**Path:** `registry/coder/modules/claude-code`
**New version:** `v4.2.8`
**Breaking change:** [ ] Yes [x] No
## Testing & Validation
- [x] Tests pass (`bun test`)
- [x] Code formatted (`bun fmt`)
- [x] Changes tested locally
## Related Issues
<!-- Link related issues or write "None" if not applicable -->
## Description
As part of
https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/guides/v3-upgrade-guide
various resources change from non versioned to versioned. This PR
changes the Coder authored templates to versioned resources.
- Updated kubernetes_persistent_volume_claim to
kubernetes_persistent_volume_claim_v1
- Updated kubernetes_deployment to kubernetes_deployment_v1
- Updated kubernetes_pod to kubernetes_pod_v1
- Updated kubernetes_secret to kubernetes_secret_v1
- Updated all resource references and dependencies
I also had to fix up a couple of templates, i.e. remove `agent_name` as
it wasn't valid usage, `agent_id` remains. The `source` parameter for
jetbrains module in
[registry/coder/templates/kubernetes-envbox/main.tf](https://github.com/coder/registry/pull/616/changes#diff-83996ad9def3fae3b69981faee7d682964acc8716a4d04edfd7c4374f0a1d15c)
also had to be fixed.
## Type of Change
- [ ] New module
- [ ] New template
- [ ] Bug fix
- [x] Feature/enhancement
- [ ] Documentation
- [ ] Other
## Template Information
**Path:**
- registry/coder/templates/kubernetes
- registry/coder/templates/kubernetes-devcontainer
- registry/coder/templates/kubernetes-envbox
## Testing & Validation
- [ ] Tests pass (`bun test`)
- [ ] Code formatted (`bun fmt`)
- [x] Changes tested locally
## Related Issues
## Problem
The Zed module's settings parsing was broken. The previous
implementation used quote escaping:
```hcl
SETTINGS_JSON='${replace(var.settings, "\"", "\\\"")}'
```
This produced invalid JSON like `{\"theme\":\"dark\"}` which **jq could
not parse** because the backslash-escaped quotes are not valid JSON
syntax.
## Solution
Changed to use base64 encoding internally:
```hcl
locals {
settings_b64 = var.settings != "" ? base64encode(var.settings) : ""
}
# In the script:
SETTINGS_B64='${local.settings_b64}'
SETTINGS_JSON="$(echo -n "${SETTINGS_B64}" | base64 -d)"
```
**User interface remains the same** - users still provide plain JSON via
`jsonencode()` or heredoc:
```hcl
module "zed" {
source = "..."
agent_id = coder_agent.main.id
settings = jsonencode({
theme = "dark"
fontSize = 14
})
}
```
## Testing
Added comprehensive tests:
**Terraform tests (5):**
- URL generation (default, folder, agent_name)
- Settings base64 encoding verification
- Empty settings edge case
**Container e2e tests (3):**
- Creates settings file with correct JSON (including special chars:
quotes, backslashes, URLs)
- Merges with existing settings via jq
- Exits early with empty settings
Also fixed existing tests to use `override_data` for proper workspace
mocking.
---------
Signed-off-by: Muhammad Atif Ali <me@matifali.dev>
Co-authored-by: DevCats <christofer@coder.com>
link vscode-web and code-server comparison docs in README. Also fixes a
drive-by version to match expected versioning.
Co-authored-by: DevCats <christofer@coder.com>
## Description
Add CI mode to version bump script to output Pass or Fail with a less
verbose comment when it fails
<!-- Briefly describe what this PR does and why -->
## Type of Change
- [ ] New module
- [ ] New template
- [ ] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [X] Other
## Testing & Validation
- [X] Tests pass (`bun test`)
- [X] Code formatted (`bun fmt`)
- [X] Changes tested locally
## Related Issues
<!-- Link related issues or write "None" if not applicable -->
## Description
This PR adds a template example for the Hetzner Cloud Sever.
This video shows the provisioning of multiple hetzner instances in coder
with dynamic param enabled, running simultaneously and shown in the
Hetzner console, checking labels on both the OS Filesystem and on the
hetzner console and then shutting down through coder demonstrating clean
up on hetzner and deleting workspaces without errors
DEMO VIDEO:
https://drive.google.com/file/d/1JkhjszCRM9K27XDlMi_2nXtJosoflns_/view?usp=sharing
## Type of Change
- [ ] New module
- [x] New template
- [ ] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
## Template Information
**Path:** `registry/Excellencedev/templates/hetzner-linux`
## Testing & Validation
- [x] Tests pass (`bun test`)
- [x] Code formatted (`bun fmt`)
- [x] Changes tested locally
## Related Issues
/closes #209
/claim #209
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: DevCats <christofer@coder.com>
## Description
This PR makes the following changes to `coder/modules/kasmvnc`:
- Update desktop environment list for the KasmVNC module
Currently upstream supports a number of [additional Desktop
Environments](https://github.com/kasmtech/KasmVNC/blob/v1.4.0/unix/vncserver.man#L56-L67).
The change updates the list so that DEs like Mate are supported. Do note
that `manual` is also supported if `$HOME/.vnc/xstartup` is supplied, so
this has been added as another option, too.
## Type of Change
- [ ] New module
- [ ] New template
- [X] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
## Module Information
<!-- Delete this section if not applicable -->
**Path:** `registry/coder/modules/kasmvnc`
**New version:** `v1.2.7`
**Breaking change:** [ ] Yes [X] No
## Testing & Validation
- [X] Tests pass (`bun test`)
- [X] Code formatted (`bun fmt`)
- [X] Changes tested locally
## Related Issues
None
Co-authored-by: DevCats <christofer@coder.com>
## Summary
Fixes a race condition when multiple `git-clone` modules with
`post_clone_script` run concurrently.
## Problem
All instances of the git-clone module use the same hardcoded
`/tmp/post_clone.sh` path. When multiple modules run concurrently (or
overlap), they collide on the same temp file, causing:
```
rm: cannot remove '/tmp/post_clone.sh': No such file or directory
```
This results in a non-zero exit code, causing the workspace to appear
unhealthy.
## Solution
Use `mktemp` to generate a unique temporary filename for each module
instance:
```bash
POST_CLONE_TMP=$(mktemp /tmp/post_clone_XXXXXX.sh)
```
This ensures each concurrent execution uses its own temp file,
eliminating the race condition.
Fixes#600
---------
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: Matyas Danter <mdanter@gmail.com>
## Description
`setup` now returns `coderEnvVariables` that can be used in
`execModuleScript`.
## Type of Change
- [ ] New module
- [ ] New template
- [ ] Bug fix
- [x] Feature/enhancement
- [ ] Documentation
- [ ] Other
## Testing & Validation
- [x] Tests pass (`bun test`)
- [x] Code formatted (`bun fmt`)
- [x] Changes tested locally
## Related Issues
<!-- Link related issues or write "None" if not applicable -->
---------
Signed-off-by: 35C4n0r <work.jaykumar@gmail.com>
## Description
Update source references in README to
`registry.coder.com/harleylrn/kiro-cli/coder` from
`registry.coder.com/coder/kiro-cli/coder`
Remove verbose tf docs from README since it is visualized in the
registry.
<!-- Briefly describe what this PR does and why -->
## Type of Change
- [ ] New module
- [ ] New template
- [ ] Bug fix
- [ ] Feature/enhancement
- [X] Documentation
- [ ] Other
## Module Information
<!-- Delete this section if not applicable -->
**Path:** `registry/harleylrn/modules/kiro-cli`
**New version:** `v1.0.1`
**Breaking change:** [ ] Yes [X] No
## Testing & Validation
- [X] Tests pass (`bun test`)
- [X] Code formatted (`bun fmt`)
- [X] Changes tested locally
## Summary
Remove stale `~/.mux/server.lock` file before starting the mux server to
prevent startup failures when a previous server didn't clean up
properly.
## Changes
- Added `rm -f "${HOME}/.mux/server.lock"` at the start of the `run_mux`
function
- Bumped version to 1.0.5
## Testing
- All Terraform tests pass
- Shellcheck passes with only style warnings (unrelated to this change)
---------
Co-authored-by: Atif Ali <atif@coder.com>
## Description
Brings session resumption up to speed with current claude-code
capabilities, and should make session resumption less prone to errors
across the board.
I am still testing this further to ensure that all logic path's are
verified.
<!-- Briefly describe what this PR does and why -->
## Type of Change
- [ ] New module
- [ ] New template
- [X] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
## Module Information
<!-- Delete this section if not applicable -->
**Path:** `registry/coder/modules/claude-code`
**New version:** `v4.2.5`
**Breaking change:** [ ] Yes [ ] No
## Testing & Validation
- [X] Tests pass (`bun test`)
- [X] Code formatted (`bun fmt`)
- [X] Changes tested locally
## Related Issues
<!-- Link related issues or write "None" if not applicable -->
---------
Co-authored-by: 35C4n0r <70096901+35C4n0r@users.noreply.github.com>
Co-authored-by: Atif Ali <atif@coder.com>
## Description
<!-- Briefly describe what this PR does and why -->
## Type of Change
- [ ] New module
- [ ] New template
- [x] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
## Module Information
<!-- Delete this section if not applicable -->
**Path:** `registry/[namespace]/modules/[module-name]`
**New version:** `v1.0.0`
**Breaking change:** [ ] Yes [ ] No
## Template Information
<!-- Delete this section if not applicable -->
**Path:** `registry/[namespace]/templates/[template-name]`
## Testing & Validation
- [x] Tests pass (`bun test`)
- [ ] Code formatted (`bun fmt`)
- [x] Changes tested locally
## Related Issues
<!-- Link related issues or write "None" if not applicable -->
Jakub Domeracki