feat: remove agent metadata for incus-nixos

## Description

Adds two new templates under `registry/bpmct` for running workspaces on
[Incus](https://linuxcontainers.org/incus/) (the open-source LXD fork).

### `incus-vm`

Provisions a full KVM virtual machine on a remote Incus host using
cloud-init. This is a VM variant of the existing `coder/incus` system
container template.

Key differences from `coder/incus`:
- Launches a **virtual machine** (`type = "virtual-machine"`) rather
than a system container
- Supports **remote Incus hosts** via `incus remote add` — the Coder
provisioner does not need to be co-located with the Incus host
- `arch` parameter (`amd64` / `arm64`) threads through the agent, image
fetch, and Incus architecture hint — so the same template works on both
x86-64 and aarch64 hosts
- Token rotation handled on every workspace start via a `null_resource`
provisioner (necessary since cloud-init only runs once on first boot)

### `incus-nixos`

Provisions a NixOS virtual machine on a remote Incus host. NixOS
requires a different provisioning approach from the cloud-init-based
`incus-vm` template.

Key design points:
- Uses Incus's official NixOS images (`nixos/<channel>`)
- Provisions entirely via `nixos-rebuild switch` — no cloud-init
- Writes `/etc/nixos/coder.nix` and `/etc/nixos/configuration.nix` via
`incus exec` on first boot
- Idempotent: subsequent starts skip the rebuild and just refresh the
agent token
- `nixos_channel` is a Terraform `variable` (admin sets at push time);
no user-facing image picker since the whole point of the template is
NixOS

## Type of Change

- [ ] New module
- [x] New template
- [ ] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other

## Template Information

**Paths:**
- `registry/bpmct/templates/incus-vm`
- `registry/bpmct/templates/incus-nixos`

## Testing & Validation

- [x] Tests pass (`bun test`)
- [x] Code formatted (`bun fmt`)
- [x] Changes tested locally (both templates deployed and workspaces
verified healthy on aarch64 Raspberry Pi provisioners)

## Related Issues

None

## Video

https://www.loom.com/share/f009972a51af452dbbe9eda9f9760d3e

.github/workflows/ci.yaml

@@ -37,7 +37,7 @@ jobs:
             all:
               - '**'
       - name: Set up Terraform
-        uses: coder/coder/.github/actions/setup-tf@34584e909bbe6f501fb2cbdc994325b4d3f9e2ef # v2.32.0
+        uses: coder/coder/.github/actions/setup-tf@b98577cb911ff8a748dd6a57f5d49e4797a3c789 # v2.33.6
       - name: Set up Bun
         uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2
         with:
@@ -87,13 +87,13 @@ jobs:
           bun-version: latest
       # Need Terraform for its formatter
       - name: Install Terraform
-        uses: coder/coder/.github/actions/setup-tf@34584e909bbe6f501fb2cbdc994325b4d3f9e2ef # v2.32.0
+        uses: coder/coder/.github/actions/setup-tf@b98577cb911ff8a748dd6a57f5d49e4797a3c789 # v2.33.6
       - name: Install dependencies
         run: bun install
       - name: Validate formatting
         run: bun fmt:ci
       - name: Check for typos
-        uses: crate-ci/typos@cf5f1c29a8ac336af8568821ec41919923b05a83 # v1.45.1
+        uses: crate-ci/typos@f8a58b6b53f2279f71eb605f03a4ae4d10608f45 # v1.47.0
         with:
           config: .github/typos.toml
   validate-readme-files:

.github/workflows/deploy-registry.yaml

@@ -9,11 +9,12 @@ on:
       # Matches release/<namespace>/<resource_name>/<semantic_version>
       # (e.g., "release/whizus/exoscale-zone/v1.0.13")
       - "release/*/*/v*.*.*"
-    branches: # Templates get released when merged to main
+    branches: # Templates and skills get released when merged to main
       - main
     paths:
       - ".github/workflows/deploy-registry.yaml"
       - "registry/**/templates/**"
+      - "registry/**/skills/**"
       - "registry/**/README.md"
       - ".icons/**"
 

.github/workflows/golangci-lint.yml

@@ -19,6 +19,6 @@ jobs:
         with:
           go-version: stable
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9
+        uses: golangci/golangci-lint-action@82606bf257cbaff209d206a39f5134f0cfbfd2ee # v9
         with:
           version: v2.1

.github/workflows/release.yml

@@ -33,6 +33,7 @@ jobs:
           echo "namespace=$NAMESPACE" >> $GITHUB_OUTPUT
           echo "module=$MODULE" >> $GITHUB_OUTPUT
           echo "version=$VERSION" >> $GITHUB_OUTPUT
+
           echo "module_path=registry/$NAMESPACE/modules/$MODULE" >> $GITHUB_OUTPUT
 
           RELEASE_TITLE="$NAMESPACE/$MODULE $VERSION"

.github/workflows/version-bump.yaml

@@ -31,7 +31,7 @@ jobs:
           bun-version: latest
 
       - name: Set up Terraform
-        uses: coder/coder/.github/actions/setup-tf@34584e909bbe6f501fb2cbdc994325b4d3f9e2ef # v2.32.0
+        uses: coder/coder/.github/actions/setup-tf@b98577cb911ff8a748dd6a57f5d49e4797a3c789 # v2.33.6
 
       - name: Install dependencies
         run: bun install

.github/workflows/zizmor.yaml

@@ -27,7 +27,7 @@ jobs:
           persist-credentials: false
 
       - name: Run zizmor (blocking, HIGH only)
-        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
+        uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
         with:
           advanced-security: false
           annotations: true
@@ -49,7 +49,7 @@ jobs:
           persist-credentials: false
 
       - name: Run zizmor (SARIF)
-        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
+        uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
         with:
           inputs: |
             .github/workflows

.icons/coder-modules.svg

@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="white" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+  <rect width="7" height="7" x="14" y="3" rx="1"/>
+  <path d="M10 21V8a1 1 0 0 0-1-1H4a1 1 0 0 0-1 1v12a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1v-5a1 1 0 0 0-1-1H3"/>
+</svg>

.icons/coder-templates.svg

@@ -0,0 +1,5 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="white" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+  <rect width="18" height="7" x="3" y="3" rx="1"/>
+  <rect width="9" height="7" x="3" y="14" rx="1"/>
+  <rect width="5" height="7" x="16" y="14" rx="1"/>
+</svg>

cmd/readmevalidation/coderskills.go

@@ -0,0 +1,339 @@
+package main
+
+import (
+	"bufio"
+	"context"
+	"errors"
+	"os"
+	"path"
+	"regexp"
+	"slices"
+	"strings"
+
+	"golang.org/x/xerrors"
+	"gopkg.in/yaml.v3"
+)
+
+// skillsRepoSpecRe matches the "owner/repo" or "owner/repo@ref" format used
+// in the skills README sources frontmatter. Owners and repo names allow
+// alphanumerics, hyphens, underscores, and dots. Refs allow the same plus
+// forward slashes for paths like refs/heads/main.
+var skillsRepoSpecRe = regexp.MustCompile(`^[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+(@[a-zA-Z0-9_./-]+)?$`)
+
+// skillsIconPrefix is the relative path prefix from a skills README to the
+// repo-level .icons directory. The skills README lives at depth 3
+// (registry/<namespace>/skills/README.md), so the prefix is three levels up.
+// This is distinct from modules and templates, which live at depth 4 and use
+// "../../../../.icons/".
+const skillsIconPrefix = "../../../.icons/"
+
+// skillOverride holds per-skill presentation metadata defined in the
+// registry README. All fields are optional.
+type skillOverride struct {
+	DisplayName string   `yaml:"display_name"`
+	Description string   `yaml:"description"`
+	Icon        string   `yaml:"icon"`
+	Tags        []string `yaml:"tags"`
+}
+
+// skillSource is one entry in the sources list, describing a single source
+// repo and optional per-skill overrides.
+type skillSource struct {
+	Repo   string                   `yaml:"repo"`
+	Skills map[string]skillOverride `yaml:"skills"`
+}
+
+// coderSkillsFrontmatter is the YAML frontmatter schema for
+// registry/<namespace>/skills/README.md.
+type coderSkillsFrontmatter struct {
+	Icon    string        `yaml:"icon"`
+	Sources []skillSource `yaml:"sources"`
+}
+
+// supportedSkillsTopLevelKeys lists the keys allowed at the root of the
+// skills README frontmatter. Nested keys under sources are validated
+// separately because the typed unmarshal handles them.
+var supportedSkillsTopLevelKeys = []string{"icon", "sources"}
+
+// coderSkillsReadme represents a parsed skills README file.
+type coderSkillsReadme struct {
+	filePath    string
+	body        string
+	frontmatter coderSkillsFrontmatter
+}
+
+// separateSkillsFrontmatter is like separateFrontmatter but preserves
+// indentation in the frontmatter block. The skills README uses nested YAML
+// (per-skill metadata under each source), which the indentation-trimming
+// behavior of the shared separateFrontmatter helper destroys.
+func separateSkillsFrontmatter(readmeText string) (frontmatter string, body string, err error) {
+	if readmeText == "" {
+		return "", "", xerrors.New("README is empty")
+	}
+
+	const fence = "---"
+	var fmBuilder strings.Builder
+	var bodyBuilder strings.Builder
+	fenceCount := 0
+
+	lineScanner := bufio.NewScanner(strings.NewReader(strings.TrimSpace(readmeText)))
+	for lineScanner.Scan() {
+		nextLine := lineScanner.Text()
+		if fenceCount < 2 && strings.TrimSpace(nextLine) == fence {
+			fenceCount++
+			continue
+		}
+		if fenceCount == 0 {
+			break
+		}
+		if fenceCount >= 2 {
+			bodyBuilder.WriteString(nextLine)
+			bodyBuilder.WriteString("\n")
+		} else {
+			fmBuilder.WriteString(nextLine)
+			fmBuilder.WriteString("\n")
+		}
+	}
+	if fenceCount < 2 {
+		return "", "", xerrors.New("README does not have two sets of frontmatter fences")
+	}
+	if strings.TrimSpace(fmBuilder.String()) == "" {
+		return "", "", xerrors.New("readme has frontmatter fences but no frontmatter content")
+	}
+
+	return fmBuilder.String(), strings.TrimSpace(bodyBuilder.String()), nil
+}
+
+// isPermittedSkillsIconURL validates that an icon URL references the
+// repo-level .icons directory using the 3-deep prefix appropriate for
+// skills READMEs, and that the file exists on disk.
+func isPermittedSkillsIconURL(checkURL string, readmeFilePath string) error {
+	if !strings.HasPrefix(checkURL, skillsIconPrefix) {
+		return xerrors.Errorf("icon URL %q must reference the top-level .icons directory using %q", checkURL, skillsIconPrefix)
+	}
+
+	readmeDir := path.Dir(readmeFilePath)
+	resolvedPath := path.Join(readmeDir, checkURL)
+
+	if _, err := os.Stat(resolvedPath); err != nil {
+		if os.IsNotExist(err) {
+			return xerrors.Errorf("icon file does not exist at resolved path %q (referenced as %q)", resolvedPath, checkURL)
+		}
+		return xerrors.Errorf("error checking icon file at %q: %v", resolvedPath, err)
+	}
+
+	return nil
+}
+
+func validateSkillsIconURL(iconURL string, filePath string) []error {
+	if iconURL == "" {
+		return nil
+	}
+
+	var errs []error
+	if strings.HasPrefix(iconURL, "http://") || strings.HasPrefix(iconURL, "https://") {
+		errs = append(errs, xerrors.Errorf("icon URL must reference the top-level .icons directory, not an absolute URL %q", iconURL))
+		return errs
+	}
+
+	if err := isPermittedSkillsIconURL(iconURL, filePath); err != nil {
+		errs = append(errs, err)
+	}
+	return errs
+}
+
+// validateSkillsTopLevelKeys parses the (indentation-preserved) frontmatter
+// as a YAML map and verifies that every top-level key is in the supported
+// set. This catches typos like "source:" vs "sources:".
+func validateSkillsTopLevelKeys(fm string) []error {
+	var rawKeys map[string]any
+	if err := yaml.Unmarshal([]byte(fm), &rawKeys); err != nil {
+		return []error{xerrors.Errorf("failed to parse frontmatter as YAML map: %v", err)}
+	}
+
+	var errs []error
+	for key := range rawKeys {
+		if !slices.Contains(supportedSkillsTopLevelKeys, key) {
+			errs = append(errs, xerrors.Errorf("detected unknown top-level key %q (allowed: %s)", key, strings.Join(supportedSkillsTopLevelKeys, ", ")))
+		}
+	}
+	return errs
+}
+
+func validateSkillsSources(sources []skillSource, filePath string) []error {
+	if len(sources) == 0 {
+		return []error{xerrors.New("at least one source repo is required under 'sources'")}
+	}
+
+	var errs []error
+	for i, src := range sources {
+		if src.Repo == "" {
+			errs = append(errs, xerrors.Errorf("sources[%d]: missing required 'repo' field", i))
+			continue
+		}
+		if !skillsRepoSpecRe.MatchString(src.Repo) {
+			errs = append(errs, xerrors.Errorf("sources[%d]: repo %q is not a valid owner/repo or owner/repo@ref spec", i, src.Repo))
+		}
+
+		for slug, override := range src.Skills {
+			if !validNameRe.MatchString(slug) {
+				errs = append(errs, xerrors.Errorf("sources[%d]: skill slug %q contains invalid characters (only alphanumeric and hyphens allowed)", i, slug))
+			}
+
+			for _, iconErr := range validateSkillsIconURL(override.Icon, filePath) {
+				errs = append(errs, xerrors.Errorf("sources[%d].skills[%q]: %v", i, slug, iconErr))
+			}
+
+			// validateCoderResourceTags returns an error for nil tags, which is
+			// fine for modules/templates that require tags but not for skills
+			// where tags are an optional override.
+			if override.Tags != nil {
+				if err := validateCoderResourceTags(override.Tags); err != nil {
+					errs = append(errs, xerrors.Errorf("sources[%d].skills[%q]: %v", i, slug, err))
+				}
+			}
+		}
+	}
+	return errs
+}
+
+func validateCoderSkillsFrontmatter(filePath string, fm coderSkillsFrontmatter) []error {
+	var errs []error
+
+	for _, err := range validateSkillsIconURL(fm.Icon, filePath) {
+		errs = append(errs, addFilePathToError(filePath, err))
+	}
+
+	for _, err := range validateSkillsSources(fm.Sources, filePath) {
+		errs = append(errs, addFilePathToError(filePath, err))
+	}
+
+	return errs
+}
+
+func parseCoderSkillsReadme(rm readme) (coderSkillsReadme, []error) {
+	fm, body, err := separateSkillsFrontmatter(rm.rawText)
+	if err != nil {
+		return coderSkillsReadme{}, []error{xerrors.Errorf("%q: failed to parse frontmatter: %v", rm.filePath, err)}
+	}
+
+	keyErrs := validateSkillsTopLevelKeys(fm)
+	if len(keyErrs) != 0 {
+		var remapped []error
+		for _, e := range keyErrs {
+			remapped = append(remapped, addFilePathToError(rm.filePath, e))
+		}
+		return coderSkillsReadme{}, remapped
+	}
+
+	yml := coderSkillsFrontmatter{}
+	if err := yaml.Unmarshal([]byte(fm), &yml); err != nil {
+		return coderSkillsReadme{}, []error{xerrors.Errorf("%q: failed to parse: %v", rm.filePath, err)}
+	}
+
+	return coderSkillsReadme{
+		filePath:    rm.filePath,
+		body:        body,
+		frontmatter: yml,
+	}, nil
+}
+
+func parseCoderSkillsReadmeFiles(rms []readme) ([]coderSkillsReadme, error) {
+	var parsed []coderSkillsReadme
+	var parsingErrs []error
+	for _, rm := range rms {
+		p, errs := parseCoderSkillsReadme(rm)
+		if len(errs) != 0 {
+			parsingErrs = append(parsingErrs, errs...)
+			continue
+		}
+		parsed = append(parsed, p)
+	}
+	if len(parsingErrs) != 0 {
+		return nil, validationPhaseError{
+			phase:  validationPhaseReadme,
+			errors: parsingErrs,
+		}
+	}
+	return parsed, nil
+}
+
+func validateAllCoderSkillsReadmes(readmes []coderSkillsReadme) error {
+	var validationErrs []error
+	for _, rm := range readmes {
+		errs := validateCoderSkillsFrontmatter(rm.filePath, rm.frontmatter)
+		if len(errs) > 0 {
+			validationErrs = append(validationErrs, errs...)
+		}
+	}
+	if len(validationErrs) != 0 {
+		return validationPhaseError{
+			phase:  validationPhaseReadme,
+			errors: validationErrs,
+		}
+	}
+	return nil
+}
+
+// aggregateSkillsReadmeFiles walks registry/<namespace>/skills/README.md
+// entries, skipping namespaces that do not have a skills directory.
+func aggregateSkillsReadmeFiles() ([]readme, error) {
+	namespaceDirs, err := os.ReadDir(rootRegistryPath)
+	if err != nil {
+		return nil, err
+	}
+
+	var allReadmeFiles []readme
+	var errs []error
+	for _, nDir := range namespaceDirs {
+		if !nDir.IsDir() {
+			continue
+		}
+
+		skillsReadmePath := path.Join(rootRegistryPath, nDir.Name(), "skills", "README.md")
+		rmBytes, err := os.ReadFile(skillsReadmePath)
+		if err != nil {
+			if errors.Is(err, os.ErrNotExist) {
+				continue
+			}
+			errs = append(errs, err)
+			continue
+		}
+		allReadmeFiles = append(allReadmeFiles, readme{
+			filePath: skillsReadmePath,
+			rawText:  string(rmBytes),
+		})
+	}
+
+	if len(errs) != 0 {
+		return nil, validationPhaseError{
+			phase:  validationPhaseFile,
+			errors: errs,
+		}
+	}
+	return allReadmeFiles, nil
+}
+
+func validateAllCoderSkills() error {
+	allReadmeFiles, err := aggregateSkillsReadmeFiles()
+	if err != nil {
+		return err
+	}
+
+	logger.Info(context.Background(), "processing skills README files", "num_files", len(allReadmeFiles))
+	if len(allReadmeFiles) == 0 {
+		return nil
+	}
+
+	readmes, err := parseCoderSkillsReadmeFiles(allReadmeFiles)
+	if err != nil {
+		return err
+	}
+
+	if err := validateAllCoderSkillsReadmes(readmes); err != nil {
+		return err
+	}
+
+	logger.Info(context.Background(), "processed all skills README files", "num_files", len(readmes))
+	return nil
+}

cmd/readmevalidation/main.go

@@ -39,6 +39,10 @@ func main() {
 	if err != nil {
 		errs = append(errs, err)
 	}
+	err = validateAllCoderSkills()
+	if err != nil {
+		errs = append(errs, err)
+	}
 
 	if len(errs) == 0 {
 		logger.Info(context.Background(), "processed all READMEs in directory", "dir", rootRegistryPath)

cmd/readmevalidation/repostructure.go

@@ -11,7 +11,7 @@ import (
 	"golang.org/x/xerrors"
 )
 
-var supportedUserNameSpaceDirectories = append(supportedResourceTypes, ".images")
+var supportedUserNameSpaceDirectories = append(supportedResourceTypes, ".images", "skills")
 
 // validNameRe validates that names contain only alphanumeric characters and hyphens
 var validNameRe = regexp.MustCompile(`^[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?$`)

registry/bpmct/README.md

@@ -8,4 +8,4 @@ status: community
 
 # Ben Potter
 
-Tinkerer and Product Manager at Coder. Building modules to make dev environments better.
+Tinkerer and Product Manager at Coder.

registry/bpmct/templates/incus-nixos/README.md

@@ -0,0 +1,75 @@
+---
+display_name: Incus NixOS VM
+description: Run a NixOS virtual machine on a local Incus host
+icon: ../../../../.icons/lxc.svg
+verified: false
+tags: [local, incus, vm, nixos]
+---
+
+# Incus NixOS VM
+
+Provision a NixOS KVM virtual machine on an [Incus](https://linuxcontainers.org/incus/) host. The image is pulled from [images.linuxcontainers.org](https://images.linuxcontainers.org) and cached on the host.
+
+NixOS does not support cloud-init. This template uses `nixos-rebuild switch` via `incus exec` to configure the workspace user and start the Coder agent. The rebuild only runs on first boot; subsequent starts rotate the agent token and restart the service directly.
+
+## Prerequisites
+
+### 1. Install Incus on the VM host
+
+Follow the [Incus installation guide](https://linuxcontainers.org/incus/docs/main/installing/) for your distro. On Debian/Ubuntu:
+
+```sh
+sudo apt-get install incus
+sudo incus admin init
+```
+
+### 2. Run the Coder provisioner on the same machine
+
+This template uses the local Incus socket, so the Coder provisioner must run on the same machine as Incus. See [provisioner daemons](https://coder.com/docs/admin/provisioners).
+
+### 3. Ensure the host has KVM
+
+```sh
+ls /dev/kvm
+```
+
+If the device is missing, enable virtualisation in your BIOS/UEFI or, in a nested setup, pass through the `kvm` module.
+
+### 4. Create a storage pool (if needed)
+
+```sh
+incus storage create default btrfs
+incus storage list
+```
+
+### 5. Push the template
+
+```sh
+# amd64 host:
+coder templates push incus-nixos --directory . --variable arch=amd64
+
+# arm64 host:
+coder templates push incus-nixos --directory . --variable arch=arm64
+```
+
+The `storage_pool` variable defaults to `default`. Override if needed:
+
+```sh
+coder templates push incus-nixos --directory . \
+  --variable arch=arm64 \
+  --variable storage_pool=fast-nvme
+```
+
+The `nixos_channel` variable controls which NixOS channel is used for `nixos-rebuild`. It must match the image version (default: `nixos-25.11`).
+
+## Usage
+
+1. Create a workspace from this template and choose CPU, memory, and disk.
+2. Connect via `coder ssh <workspace>` or use VS Code in the browser via the [VS Code extension](https://coder.com/docs/user-guides/workspace-access/vscode).
+3. Install packages declaratively by editing `/etc/nixos/coder.nix` and running `sudo nixos-rebuild switch`.
+
+## Notes
+
+- `code-server` is not installed by this template. The Coder agent is started as a plain systemd service. Install editors via nix packages in `coder.nix`.
+- The first workspace start takes several minutes while `nixos-rebuild switch` runs. Subsequent starts are fast.
+- Advanced Incus remotes (targeting a separate host over the network) are not supported by this template. See the `incus-vm` template for guidance on adding remote support.

registry/bpmct/templates/incus-nixos/main.tf

@@ -0,0 +1,287 @@
+terraform {
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+      version = ">= 2.4.0"
+    }
+    incus = {
+      source  = "lxc/incus"
+      version = "~> 1.0"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "incus" {}
+
+variable "arch" {
+  description = "CPU architecture of the VM host. Set this when pushing the template to match your Incus host. Valid values: amd64, arm64."
+  type        = string
+  default     = "amd64"
+  validation {
+    condition     = contains(["amd64", "arm64"], var.arch)
+    error_message = "arch must be amd64 or arm64."
+  }
+}
+
+variable "storage_pool" {
+  description = "Incus storage pool for the root disk. Run `incus storage list` on the host to see available pools."
+  type        = string
+  default     = "default"
+}
+
+variable "nixos_channel" {
+  description = "NixOS channel to use for nixos-rebuild. Must match the image version (e.g. nixos-25.11)."
+  type        = string
+  default     = "nixos-25.11"
+}
+
+data "coder_workspace" "me" {}
+data "coder_workspace_owner" "me" {}
+
+data "coder_parameter" "cpu" {
+  name         = "cpu"
+  display_name = "CPU"
+  description  = "Number of vCPUs."
+  type         = "number"
+  default      = 2
+  icon         = "https://raw.githubusercontent.com/matifali/logos/main/cpu-3.svg"
+  mutable      = true
+  order        = 1
+  validation {
+    min = 1
+    max = 16
+  }
+}
+
+data "coder_parameter" "memory" {
+  name         = "memory"
+  display_name = "Memory (GB)"
+  type         = "number"
+  default      = 4
+  icon         = "/icon/memory.svg"
+  mutable      = true
+  order        = 2
+  validation {
+    min = 1
+    max = 64
+  }
+}
+
+data "coder_parameter" "disk" {
+  name         = "disk"
+  display_name = "Disk (GB)"
+  type         = "number"
+  default      = 30
+  icon         = "/icon/database.svg"
+  mutable      = true
+  order        = 3
+  validation {
+    min = 10
+    max = 500
+  }
+}
+
+locals {
+  workspace_user    = lower(data.coder_workspace_owner.me.name)
+  agent_token       = data.coder_workspace.me.start_count == 1 ? coder_agent.main[0].token : ""
+  agent_init_script = data.coder_workspace.me.start_count == 1 ? coder_agent.main[0].init_script : ""
+
+  # NixOS images on images.linuxcontainers.org use "nixos/<ver>" with no arch suffix.
+  # The channel version (e.g. "25.11") is extracted from var.nixos_channel.
+  nixos_version = replace(var.nixos_channel, "nixos-", "")
+  image_alias   = "nixos/${local.nixos_version}"
+
+  # PATH required for incus exec commands on NixOS VMs. The Nix store is not
+  # on the default system PATH until after the first nixos-rebuild switch.
+  nix_path = "/nix/var/nix/profiles/system/sw/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/run/wrappers/bin"
+}
+
+resource "coder_agent" "main" {
+  count = data.coder_workspace.me.start_count
+  arch  = var.arch
+  os    = "linux"
+}
+
+resource "incus_image" "nixos" {
+  source_image = {
+    remote       = "images"
+    name         = local.image_alias
+    type         = "virtual-machine"
+    architecture = var.arch == "amd64" ? "x86_64" : "aarch64"
+  }
+}
+
+resource "incus_instance" "dev" {
+  running = data.coder_workspace.me.start_count == 1
+  name    = "coder-${lower(data.coder_workspace_owner.me.name)}-${lower(data.coder_workspace.me.name)}"
+  image   = incus_image.nixos.fingerprint
+  type    = "virtual-machine"
+
+  config = {
+    "limits.cpu"             = tostring(data.coder_parameter.cpu.value)
+    "limits.memory"          = "${data.coder_parameter.memory.value}GiB"
+    "security.secureboot"    = false
+    "boot.autostart"         = data.coder_workspace.me.start_count == 1
+    "user.coder-agent-token" = local.agent_token
+  }
+
+  device {
+    name = "root"
+    type = "disk"
+    properties = {
+      path = "/"
+      pool = var.storage_pool
+      size = "${data.coder_parameter.disk.value}GiB"
+    }
+  }
+
+  lifecycle {
+    ignore_changes = [
+      config["user.coder-agent-token"],
+      image,
+    ]
+  }
+}
+
+# NixOS does not support cloud-init. Provisioning steps:
+#   1. Wait for the incus-agent to be ready (virtio serial channel).
+#   2. Push the Coder agent binary (/opt/coder/init) and token env file.
+#   3. On first boot: write coder.nix and an updated configuration.nix
+#      that imports the Incus VM module, then run nixos-rebuild switch.
+#      Leave a marker so subsequent starts skip the rebuild.
+#   4. On subsequent starts: overwrite init.env + restart coder-agent.
+
+resource "null_resource" "provision" {
+  count = data.coder_workspace.me.start_count
+
+  triggers = {
+    agent_token = local.agent_token
+    instance    = incus_instance.dev.name
+  }
+
+  depends_on = [incus_instance.dev]
+
+  provisioner "local-exec" {
+    command = <<-EOT
+      set -e
+      INSTANCE="${incus_instance.dev.name}"
+      WUSER="${local.workspace_user}"
+      NIX_PATH="${local.nix_path}"
+      CHANNEL="${var.nixos_channel}"
+
+      echo "Waiting for incus-agent..."
+      for i in $(seq 1 60); do
+        incus exec "$INSTANCE" -- true 2>/dev/null && break
+        echo "  attempt $i/60..."
+        sleep 5
+      done
+
+      echo "Pushing Coder agent binary..."
+      TMPDIR=$(mktemp -d)
+      echo "${base64encode(local.agent_init_script)}" | base64 -d > "$TMPDIR/init"
+      chmod 755 "$TMPDIR/init"
+      incus exec "$INSTANCE" -- env PATH="$NIX_PATH" mkdir -p /opt/coder
+      incus file push "$TMPDIR/init" "$INSTANCE/opt/coder/init"
+      incus exec "$INSTANCE" -- env PATH="$NIX_PATH" chmod 755 /opt/coder/init
+      rm -rf "$TMPDIR"
+
+      printf 'CODER_AGENT_TOKEN=${local.agent_token}\nCODER_AGENT_URL=${data.coder_workspace.me.access_url}\n' \
+        | incus file push - "$INSTANCE/opt/coder/init.env" --mode 0600
+
+      # Fast path: already provisioned -- just rotate token and restart.
+      if incus exec "$INSTANCE" -- test -f /etc/nixos/.coder-provisioned 2>/dev/null; then
+        echo "Already provisioned; restarting coder-agent..."
+        incus exec "$INSTANCE" -- env PATH="$NIX_PATH" systemctl restart coder-agent.service
+        echo "Done."
+        exit 0
+      fi
+
+      # First boot: write NixOS config and rebuild.
+      echo "Writing /etc/nixos/coder.nix..."
+      cat <<'NIXEOF' | incus exec "$INSTANCE" -- env PATH="$NIX_PATH" bash -c 'cat > /etc/nixos/coder.nix'
+{ config, pkgs, lib, ... }:
+{
+  users.users."${local.workspace_user}" = {
+    isNormalUser = true;
+    uid          = 1000;
+    home         = "/home/${local.workspace_user}";
+    shell        = pkgs.bash;
+    extraGroups  = [ "wheel" ];
+  };
+  security.sudo.wheelNeedsPassword = false;
+  nix.settings.trusted-users = [ "root" "${local.workspace_user}" ];
+
+  systemd.services.coder-agent = {
+    description = "Coder Agent";
+    after       = [ "network-online.target" ];
+    wants       = [ "network-online.target" ];
+    wantedBy    = [ "multi-user.target" ];
+    serviceConfig = {
+      User             = "${local.workspace_user}";
+      EnvironmentFile  = "/opt/coder/init.env";
+      ExecStart        = "/opt/coder/init";
+      Environment      = "PATH=/run/current-system/sw/bin:/run/wrappers/bin:/usr/local/bin:/usr/bin:/bin";
+      Restart          = "always";
+      RestartSec       = 10;
+      TimeoutStopSec   = 90;
+      KillMode         = "process";
+      OOMScoreAdjust   = -900;
+      SyslogIdentifier = "coder-agent";
+    };
+  };
+}
+NIXEOF
+
+      echo "Writing /etc/nixos/configuration.nix..."
+      cat <<'NIXEOF' | incus exec "$INSTANCE" -- env PATH="$NIX_PATH" bash -c 'cat > /etc/nixos/configuration.nix'
+{ modulesPath, ... }:
+{
+  imports = [
+    "$${modulesPath}/virtualisation/incus-virtual-machine.nix"
+    ./incus.nix
+    ./coder.nix
+  ];
+
+  systemd.network = {
+    enable = true;
+    networks."50-enp5s0" = {
+      matchConfig.Name = "enp5s0";
+      networkConfig = {
+        DHCP = "ipv4";
+        IPv6AcceptRA = true;
+      };
+      linkConfig.RequiredForOnline = "routable";
+    };
+  };
+
+  system.stateVersion = "${local.nixos_version}";
+}
+NIXEOF
+
+      echo "Restoring nixos channel if needed..."
+      incus exec "$INSTANCE" -- env PATH="$NIX_PATH" HOME=/root bash -c "
+        if [ ! -e /nix/var/nix/profiles/per-user/root/channels/nixos ]; then
+          nix-channel --add https://channels.nixos.org/$CHANNEL nixos
+          nix-channel --update nixos
+        fi
+      "
+
+      echo "Running nixos-rebuild switch..."
+      incus exec "$INSTANCE" -- env PATH="$NIX_PATH" HOME=/root bash -c "
+        NIXOS_CH=\$(ls -d /nix/var/nix/profiles/per-user/root/channels/nixos 2>/dev/null || echo '')
+        nixos-rebuild switch -I nixpkgs=\"\$NIXOS_CH\" -I nixos-config=/etc/nixos/configuration.nix \
+          || { EC=\$?; [ \$EC -eq 4 ] || exit \$EC; }
+      "
+
+      incus exec "$INSTANCE" -- env PATH="$NIX_PATH" touch /etc/nixos/.coder-provisioned
+      incus exec "$INSTANCE" -- env PATH="$NIX_PATH" bash -c \
+        "mkdir -p /home/$WUSER && chown 1000:1000 /home/$WUSER"
+
+      echo "NixOS provisioning complete."
+    EOT
+  }
+}

registry/bpmct/templates/incus-vm/README.md

@@ -0,0 +1,96 @@
+---
+display_name: Incus VM
+description: Run a full virtual machine on a local Incus host
+icon: ../../../../.icons/lxc.svg
+verified: false
+tags: [local, incus, vm, virtual-machine]
+---
+
+# Incus VM
+
+Provision a full KVM virtual machine on an [Incus](https://linuxcontainers.org/incus/) host. Unlike the system container template, this creates an isolated VM with its own kernel. Images are pulled from [images.linuxcontainers.org](https://images.linuxcontainers.org) and cached on the host.
+
+## Prerequisites
+
+### 1. Install Incus on the VM host
+
+Follow the [Incus installation guide](https://linuxcontainers.org/incus/docs/main/installing/) for your distro. On Debian/Ubuntu:
+
+```sh
+sudo apt-get install incus
+sudo incus admin init
+```
+
+Verify it's working:
+
+```sh
+incus list
+```
+
+### 2. Run the Coder provisioner on the same machine
+
+This template uses Incus via the local Unix socket, so the Coder provisioner (or `coderd` itself) must run on the same machine as Incus. The simplest setup is a [provisioner daemon](https://coder.com/docs/admin/provisioners) running directly on the Incus host.
+
+### 3. Set the architecture when pushing the template
+
+The `arch` variable must match your Incus host's CPU architecture. Pass it when pushing:
+
+```sh
+# For amd64 (x86-64) hosts:
+coder templates push incus-vm --directory . --variable arch=amd64
+
+# For arm64 (aarch64) hosts:
+coder templates push incus-vm --directory . --variable arch=arm64
+```
+
+### 4. Ensure the VM host has KVM
+
+VMs require hardware virtualisation. Check on the host:
+
+```sh
+ls /dev/kvm
+```
+
+If the device is missing, enable virtualisation in your BIOS/UEFI or, in a nested setup, pass through the `kvm` module.
+
+### 5. Create a storage pool (if needed)
+
+The template uses an Incus storage pool to back the VM root disk. If you don't already have one:
+
+```sh
+incus storage create default btrfs
+```
+
+List existing pools:
+
+```sh
+incus storage list
+```
+
+The pool name defaults to `default` and can be overridden when pushing the template with `--variable storage_pool=<name>`.
+
+## Usage
+
+1. Push this template to your Coder deployment:
+
+   ```sh
+   coder templates push incus-vm --directory . --variable arch=amd64
+   ```
+
+2. Create a workspace and select an image and resource sizes.
+
+3. Connect via `coder ssh <workspace>` or open VS Code in the browser.
+
+## Advanced: using a remote Incus host
+
+By default this template connects to the local Incus socket. If you want the provisioner to target a separate Incus host over the network, add a `remote` parameter and use `incus remote add` to register the host on the provisioner machine:
+
+```sh
+# On the Incus host — generate a trust token:
+incus config trust add coder-provisioner
+
+# On the provisioner — add the remote:
+incus remote add my-server https://<host-ip>:8443 --token <paste-token>
+```
+
+Then update `main.tf` to accept a `remote` parameter and pass it to the `incus_image` and `incus_instance` resources. See the [Incus remote docs](https://linuxcontainers.org/incus/docs/main/remotes/) for details.

registry/bpmct/templates/incus-vm/main.tf

@@ -0,0 +1,304 @@
+terraform {
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+      version = ">= 2.4.0"
+    }
+    incus = {
+      source  = "lxc/incus"
+      version = "~> 1.0"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "incus" {}
+
+variable "arch" {
+  description = "CPU architecture of the VM host. Set this when pushing the template to match your Incus host. Valid values: amd64, arm64."
+  type        = string
+  default     = "amd64"
+  validation {
+    condition     = contains(["amd64", "arm64"], var.arch)
+    error_message = "arch must be amd64 or arm64."
+  }
+}
+
+variable "storage_pool" {
+  description = "Incus storage pool for the root disk. Run `incus storage list` on the host to see available pools."
+  type        = string
+  default     = "default"
+}
+
+data "coder_workspace" "me" {}
+data "coder_workspace_owner" "me" {}
+
+data "coder_parameter" "image" {
+  name         = "image"
+  display_name = "Image"
+  description  = "Base image name from images.linuxcontainers.org (e.g. `ubuntu/noble/cloud`). The template architecture is appended automatically."
+  type         = "string"
+  default      = "ubuntu/noble/cloud"
+  icon         = "/icon/image.svg"
+  mutable      = true
+  order        = 1
+
+  option {
+    name  = "Ubuntu 24.04 LTS (Noble)"
+    value = "ubuntu/noble/cloud"
+    icon  = "/icon/ubuntu.svg"
+  }
+
+  option {
+    name  = "Ubuntu 22.04 LTS (Jammy)"
+    value = "ubuntu/jammy/cloud"
+    icon  = "/icon/ubuntu.svg"
+  }
+
+  option {
+    name  = "Debian 12 (Bookworm)"
+    value = "debian/12/cloud"
+    icon  = "/icon/debian.svg"
+  }
+}
+
+data "coder_parameter" "cpu" {
+  name         = "cpu"
+  display_name = "CPU"
+  description  = "Number of vCPUs."
+  type         = "number"
+  default      = 2
+  icon         = "https://raw.githubusercontent.com/matifali/logos/main/cpu-3.svg"
+  mutable      = true
+  order        = 2
+  validation {
+    min = 1
+    max = 16
+  }
+}
+
+data "coder_parameter" "memory" {
+  name         = "memory"
+  display_name = "Memory (GB)"
+  type         = "number"
+  default      = 4
+  icon         = "/icon/memory.svg"
+  mutable      = true
+  order        = 3
+  validation {
+    min = 1
+    max = 64
+  }
+}
+
+data "coder_parameter" "disk" {
+  name         = "disk"
+  display_name = "Disk (GB)"
+  type         = "number"
+  default      = 30
+  icon         = "/icon/database.svg"
+  mutable      = true
+  order        = 4
+  validation {
+    min = 10
+    max = 500
+  }
+}
+
+resource "coder_agent" "main" {
+  count = data.coder_workspace.me.start_count
+  arch  = var.arch
+  os    = "linux"
+
+  metadata {
+    display_name = "CPU Usage"
+    key          = "0_cpu_usage"
+    script       = "coder stat cpu"
+    interval     = 10
+    timeout      = 1
+  }
+
+  metadata {
+    display_name = "RAM Usage"
+    key          = "1_ram_usage"
+    script       = "coder stat mem"
+    interval     = 10
+    timeout      = 1
+  }
+
+  metadata {
+    display_name = "Disk"
+    key          = "2_disk"
+    script       = "coder stat disk --path /"
+    interval     = 60
+    timeout      = 1
+  }
+}
+
+module "code-server" {
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/coder/code-server/coder"
+  version  = "~> 1.0"
+  agent_id = coder_agent.main[0].id
+}
+
+resource "incus_image" "image" {
+  source_image = {
+    remote       = "images"
+    name         = "${data.coder_parameter.image.value}/${var.arch}"
+    type         = "virtual-machine"
+    architecture = var.arch == "amd64" ? "x86_64" : "aarch64"
+  }
+}
+
+resource "incus_instance" "dev" {
+  running = data.coder_workspace.me.start_count == 1
+  name    = "coder-${lower(data.coder_workspace_owner.me.name)}-${lower(data.coder_workspace.me.name)}"
+  image   = incus_image.image.fingerprint
+  type    = "virtual-machine"
+
+  config = {
+    "limits.cpu"             = tostring(data.coder_parameter.cpu.value)
+    "limits.memory"          = "${data.coder_parameter.memory.value}GiB"
+    "security.secureboot"    = false
+    "boot.autostart"         = data.coder_workspace.me.start_count == 1
+    "user.coder-agent-token" = local.agent_token
+
+    "cloud-init.user-data" = <<-EOF
+      #cloud-config
+      hostname: ${lower(data.coder_workspace.me.name)}
+      users:
+        - name: ${local.workspace_user}
+          uid: 1000
+          groups: sudo
+          shell: /bin/bash
+          sudo: ALL=(ALL) NOPASSWD:ALL
+      write_files:
+        - path: /opt/coder/init
+          permissions: "0755"
+          encoding: b64
+          content: ${base64encode(local.agent_init_script)}
+        - path: /opt/coder/init.env
+          permissions: "0600"
+          content: |
+            CODER_AGENT_TOKEN=${local.agent_token}
+            CODER_AGENT_URL=${data.coder_workspace.me.access_url}
+        - path: /etc/systemd/system/coder-agent.service
+          permissions: "0644"
+          content: |
+            [Unit]
+            Description=Coder Agent
+            After=network-online.target
+            Wants=network-online.target
+            [Service]
+            User=${local.workspace_user}
+            EnvironmentFile=/opt/coder/init.env
+            ExecStart=/opt/coder/init
+            Restart=always
+            RestartSec=10
+            TimeoutStopSec=90
+            KillMode=process
+            OOMScoreAdjust=-900
+            SyslogIdentifier=coder-agent
+            [Install]
+            WantedBy=multi-user.target
+      runcmd:
+        - systemctl enable --now coder-agent.service
+    EOF
+  }
+
+  device {
+    name = "root"
+    type = "disk"
+    properties = {
+      path = "/"
+      pool = var.storage_pool
+      size = "${data.coder_parameter.disk.value}GiB"
+    }
+  }
+
+  lifecycle {
+    ignore_changes = [
+      config["cloud-init.user-data"],
+      config["user.coder-agent-token"],
+      image,
+    ]
+  }
+}
+
+resource "null_resource" "token_refresh" {
+  count = data.coder_workspace.me.start_count
+
+  triggers = {
+    agent_token = local.agent_token
+    instance    = incus_instance.dev.name
+  }
+
+  depends_on = [incus_instance.dev]
+
+  provisioner "local-exec" {
+    command = <<-EOT
+      INSTANCE="${incus_instance.dev.name}"
+      echo "Waiting for VM agent..."
+      for i in $(seq 1 40); do
+        incus exec "$INSTANCE" -- true 2>/dev/null && break
+        echo "Attempt $i: not ready, waiting..."
+        sleep 5
+      done
+      echo "Waiting for cloud-init..."
+      incus exec "$INSTANCE" -- bash -c '
+        for i in $(seq 1 60); do
+          [ -f /var/lib/cloud/instance/boot-finished ] && break
+          sleep 5
+        done
+      '
+      echo "Refreshing agent token..."
+      printf 'CODER_AGENT_TOKEN=${local.agent_token}\nCODER_AGENT_URL=${data.coder_workspace.me.access_url}\n' \
+        | incus exec "$INSTANCE" -- bash -c 'cat > /opt/coder/init.env && chmod 600 /opt/coder/init.env'
+      incus exec "$INSTANCE" -- systemctl restart coder-agent.service
+    EOT
+  }
+}
+
+resource "coder_metadata" "info" {
+  count       = data.coder_workspace.me.start_count
+  resource_id = incus_instance.dev.name
+
+  item {
+    key   = "instance"
+    value = incus_instance.dev.name
+  }
+  item {
+    key   = "image"
+    value = "images:${data.coder_parameter.image.value}/${var.arch}"
+  }
+  item {
+    key   = "storage_pool"
+    value = var.storage_pool
+  }
+  item {
+    key   = "arch"
+    value = var.arch
+  }
+  item {
+    key   = "cpu"
+    value = tostring(data.coder_parameter.cpu.value)
+  }
+  item {
+    key   = "memory"
+    value = "${data.coder_parameter.memory.value} GiB"
+  }
+  item {
+    key   = "disk"
+    value = "${data.coder_parameter.disk.value} GiB"
+  }
+}
+
+locals {
+  workspace_user    = lower(data.coder_workspace_owner.me.name)
+  agent_token       = data.coder_workspace.me.start_count == 1 ? coder_agent.main[0].token : ""
+  agent_init_script = data.coder_workspace.me.start_count == 1 ? coder_agent.main[0].init_script : ""
+}

registry/coder-labs/modules/gemini/README.md

@@ -13,7 +13,7 @@ Run [Gemini CLI](https://github.com/google-gemini/gemini-cli) in your workspace
 ```tf
 module "gemini" {
   source   = "registry.coder.com/coder-labs/gemini/coder"
-  version  = "3.0.0"
+  version  = "3.0.1"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
 }
@@ -46,7 +46,7 @@ variable "gemini_api_key" {
 
 module "gemini" {
   source         = "registry.coder.com/coder-labs/gemini/coder"
-  version        = "3.0.0"
+  version        = "3.0.1"
   agent_id       = coder_agent.main.id
   gemini_api_key = var.gemini_api_key
   folder         = "/home/coder/project"
@@ -94,7 +94,7 @@ data "coder_parameter" "ai_prompt" {
 module "gemini" {
   count                = data.coder_workspace.me.start_count
   source               = "registry.coder.com/coder-labs/gemini/coder"
-  version              = "3.0.0"
+  version              = "3.0.1"
   agent_id             = coder_agent.main.id
   gemini_api_key       = var.gemini_api_key
   gemini_model         = "gemini-2.5-flash"
@@ -105,6 +105,22 @@ module "gemini" {
     You are a helpful coding assistant. Always explain your code changes clearly.
     YOU MUST REPORT ALL TASKS TO CODER.
   EOT
+  pre_install_script   = <<-EOT
+    #!/bin/bash
+    set -e
+
+    echo "Installing Node.js via NodeSource..."
+
+    sudo apt-get update -qq && sudo apt-get install -y curl ca-certificates
+
+    curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo bash -
+
+    sudo apt-get install -y nodejs
+
+    echo "Node version: $(node -v)"
+    echo "npm version: $(npm -v)"
+    echo "Node install complete."
+  EOT
 }
 ```
 
@@ -118,7 +134,7 @@ For enterprise users who prefer Google's Vertex AI platform:
 ```tf
 module "gemini" {
   source         = "registry.coder.com/coder-labs/gemini/coder"
-  version        = "3.0.0"
+  version        = "3.0.1"
   agent_id       = coder_agent.main.id
   gemini_api_key = var.gemini_api_key
   folder         = "/home/coder/project"

registry/coder-labs/modules/gemini/main.tf

@@ -148,22 +148,16 @@ locals {
   base_extensions = <<-EOT
 {
   "coder": {
+    "command": "coder",
     "args": [
       "exp",
       "mcp",
       "server"
     ],
-    "command": "coder",
-    "description": "Report ALL tasks and statuses (in progress, done, failed) you are working on.",
-    "enabled": true,
     "env": {
       "CODER_MCP_APP_STATUS_SLUG": "${local.app_slug}",
       "CODER_MCP_AI_AGENTAPI_URL": "http://localhost:3284"
-    },
-    "name": "Coder",
-    "timeout": 3000,
-    "type": "stdio",
-    "trust": true
+    }
   }
 }
 EOT

registry/coder-labs/modules/gemini/scripts/install.sh

@@ -17,6 +17,7 @@ echo "--------------------------------"
 printf "gemini_config: %s\n" "$ARG_GEMINI_CONFIG"
 printf "install: %s\n" "$ARG_INSTALL"
 printf "gemini_version: %s\n" "$ARG_GEMINI_VERSION"
+printf "BASE_EXTENSIONS: %s\n" "$BASE_EXTENSIONS"
 echo "--------------------------------"
 
 set +o nounset
@@ -140,6 +141,25 @@ function add_system_prompt_if_exists() {
   fi
 }
 
+function patch_coder_mcp_command() {
+  CODER_BIN=$(which coder)
+  SETTINGS_PATH="$HOME/.gemini/settings.json"
+
+  if [ -z "$CODER_BIN" ]; then
+    printf "Warning: could not find coder binary, MCP command path not patched.\n"
+    return
+  fi
+
+  printf "Patching coder MCP command path to: %s\n" "$CODER_BIN"
+
+  TMP_SETTINGS=$(mktemp)
+  jq --arg bin "$CODER_BIN" \
+    '.mcpServers.coder.command = $bin' \
+    "$SETTINGS_PATH" > "$TMP_SETTINGS" && mv "$TMP_SETTINGS" "$SETTINGS_PATH"
+
+  printf "Patch complete.\n"
+}
+
 function configure_mcp() {
   export CODER_MCP_APP_STATUS_SLUG="gemini"
   export CODER_MCP_AI_AGENTAPI_URL="http://localhost:3284"
@@ -149,4 +169,5 @@ function configure_mcp() {
 install_gemini
 populate_settings_json
 add_system_prompt_if_exists
+patch_coder_mcp_command
 configure_mcp

registry/coder/modules/agent-firewall/README.md

@@ -0,0 +1,146 @@
+---
+display_name: Agent Firewall
+description: Configures agent-firewall for network isolation in Coder workspaces
+icon: ../../../../.icons/coder.svg
+verified: true
+tags: [agent-firewall, ai, agents, firewall, boundary]
+---
+
+# Agent Firewall
+
+Installs [agent-firewall](https://coder.com/docs/ai-coder/agent-firewall) for network isolation in Coder workspaces.
+
+This module:
+
+- Installs agent-firewall (via coder subcommand, direct installation, or compilation from source)
+- Creates a wrapper script at `$HOME/.coder-modules/coder/agent-firewall/scripts/agent-firewall-wrapper.sh`
+- Writes a [default agent-firewall config](https://github.com/coder/registry/blob/main/registry/coder/modules/agent-firewall/config.yaml.tftpl) to `$HOME/.coder-modules/coder/agent-firewall/config/config.yaml` (customizable)
+- Provides the wrapper path, config path, and script names via outputs
+- Uses coder-utils and output `scripts` for synchronization. https://registry.coder.com/modules/coder/coder-utils?tab=outputs
+
+```tf
+module "agent-firewall" {
+  source   = "registry.coder.com/coder/agent-firewall/coder"
+  version  = "0.0.1"
+  agent_id = coder_agent.main.id
+}
+```
+
+## Examples
+
+Use the `agent_firewall_wrapper_path` output to access the wrapper path and `agent_firewall_config_path` to access config path in Terraform and pass it to scripts that should run commands in network isolation.
+
+### With Claude Code
+
+Use agent-firewall alongside the `claude-code` module to run Claude in a
+network-isolated environment.
+
+#### As an automated task
+
+```tf
+module "agent-firewall" {
+  source   = "registry.coder.com/coder/agent-firewall/coder"
+  version  = "0.0.1"
+  agent_id = coder_agent.main.id
+}
+
+resource "coder_script" "claude_with_agent_firewall" {
+  agent_id     = coder_agent.main.id
+  display_name = "Claude (Agent Firewall)"
+  run_on_start = true
+  script       = <<-EOT
+    #!/bin/bash
+    set -e
+    coder exp sync want claude-agent-firewall \
+      ${join(" ", module.agent-firewall.scripts)} \
+      ${join(" ", module.claude-code.scripts)}
+    coder exp sync start claude-agent-firewall
+  "${module.agent-firewall.agent_firewall_wrapper_path}" --config="${module.agent-firewall.agent_firewall_config_path}" -- claude -p "Fix issue #840 from coder/coder"
+  EOT
+}
+```
+
+#### As a Coder app
+
+```tf
+module "agent-firewall" {
+  source   = "registry.coder.com/coder/agent-firewall/coder"
+  version  = "0.0.1"
+  agent_id = coder_agent.main.id
+}
+
+resource "coder_app" "claude_with_agent_firewall" {
+  agent_id     = coder_agent.main.id
+  display_name = "Claude Code"
+  slug         = "claude-code"
+  command      = <<-EOT
+    #!/bin/bash
+    set -e
+    exec tmux new-session -A -s claude-code \
+      '"${module.agent-firewall.agent_firewall_wrapper_path}" --config="${module.agent-firewall.agent_firewall_config_path}" -- claude'
+  EOT
+}
+```
+
+## Configuration
+
+The module ships with a comprehensive default config based on the
+[Coder dogfood allowlist](https://github.com/coder/coder/blob/main/dogfood/coder/boundary-config.yaml). It covers Anthropic services,
+OpenAI services, version control, package managers, container registries,
+cloud platforms, and common development tools.
+
+The Coder deployment domain is automatically added to the allowlist using
+`data.coder_workspace.me.access_url`.
+
+By default the config is written to
+`$HOME/.coder-modules/coder/agent-firewall/config/config.yaml`. You can
+access the resolved path via the `agent_firewall_config_path` output. Override
+it in two ways:
+
+### Inline config
+
+Pass the full YAML content directly:
+
+```tf
+module "agent-firewall" {
+  source   = "registry.coder.com/coder/agent-firewall/coder"
+  version  = "0.0.1"
+  agent_id = coder_agent.main.id
+
+  agent_firewall_config = <<-YAML
+    allowlist:
+      - domain=your-deployment.coder.com
+      - domain=api.anthropic.com
+      - domain=api.openai.com
+    log_dir: /tmp/agent_firewall_logs
+    proxy_port: 8087
+    log_level: warn
+  YAML
+}
+```
+
+### External config file
+
+Point to an existing config file in the workspace. The module will not
+write any config and the `agent_firewall_config_path` output will point to
+your path. The file must exist on disk before agent-firewall starts.
+
+```tf
+module "agent-firewall" {
+  source   = "registry.coder.com/coder/agent-firewall/coder"
+  version  = "0.0.1"
+  agent_id = coder_agent.main.id
+
+  agent_firewall_config_path = "/workspace/my-agent-firewall-config.yaml"
+}
+```
+
+> **Note:** `agent_firewall_config` and `agent_firewall_config_path` are mutually
+> exclusive, setting both produces a validation error.
+
+See the [Agent Firewall docs](https://coder.com/docs/ai-coder/agent-firewall)
+for the full config reference.
+
+## References
+
+- [Agent Firewall Documentation](https://coder.com/docs/ai-coder/agent-firewall)

registry/coder/modules/agent-firewall/agent-firewall.tftest.hcl

@@ -0,0 +1,157 @@
+# Test for agent-firewall module
+
+run "plan_with_required_vars" {
+  command = plan
+
+  variables {
+    agent_id = "test-agent-id"
+  }
+
+  # Verify the agent_firewall_wrapper_path output
+  assert {
+    condition     = output.agent_firewall_wrapper_path == "$HOME/.coder-modules/coder/agent-firewall/scripts/agent-firewall-wrapper.sh"
+    error_message = "agent_firewall_wrapper_path output should be correct"
+  }
+
+  # Verify agent_firewall_config_path output defaults to the managed path
+  assert {
+    condition     = output.agent_firewall_config_path == "$HOME/.coder-modules/coder/agent-firewall/config/config.yaml"
+    error_message = "agent_firewall_config_path output should default to managed config path"
+  }
+
+  # Verify the scripts output contains the install script name
+  assert {
+    condition     = contains(output.scripts, "coder-agent-firewall-install_script")
+    error_message = "scripts should contain the install script name"
+  }
+}
+
+run "plan_with_compile_from_source" {
+  command = plan
+
+  variables {
+    agent_id                           = "test-agent-id"
+    compile_agent_firewall_from_source = true
+    agent_firewall_version             = "main"
+  }
+
+  assert {
+    condition     = output.agent_firewall_wrapper_path == "$HOME/.coder-modules/coder/agent-firewall/scripts/agent-firewall-wrapper.sh"
+    error_message = "agent_firewall_wrapper_path output should be correct"
+  }
+
+  assert {
+    condition     = contains(output.scripts, "coder-agent-firewall-install_script")
+    error_message = "scripts should contain the install script name"
+  }
+}
+
+run "plan_with_use_directly" {
+  command = plan
+
+  variables {
+    agent_id                    = "test-agent-id"
+    use_agent_firewall_directly = true
+    agent_firewall_version      = "latest"
+  }
+
+  assert {
+    condition     = output.agent_firewall_wrapper_path == "$HOME/.coder-modules/coder/agent-firewall/scripts/agent-firewall-wrapper.sh"
+    error_message = "agent_firewall_wrapper_path output should be correct"
+  }
+
+  assert {
+    condition     = contains(output.scripts, "coder-agent-firewall-install_script")
+    error_message = "scripts should contain the install script name"
+  }
+}
+
+run "plan_with_custom_hooks" {
+  command = plan
+
+  variables {
+    agent_id            = "test-agent-id"
+    pre_install_script  = "echo 'Before install'"
+    post_install_script = "echo 'After install'"
+  }
+
+  assert {
+    condition     = contains(output.scripts, "coder-agent-firewall-install_script")
+    error_message = "scripts should contain the install script name"
+  }
+
+  # Verify pre and post install script names are set
+  assert {
+    condition     = contains(output.scripts, "coder-agent-firewall-pre_install_script")
+    error_message = "scripts should contain the pre_install script name"
+  }
+
+  assert {
+    condition     = contains(output.scripts, "coder-agent-firewall-post_install_script")
+    error_message = "scripts should contain the post_install script name"
+  }
+}
+
+run "plan_with_custom_module_directory" {
+  command = plan
+
+  variables {
+    agent_id         = "test-agent-id"
+    module_directory = "$HOME/.coder-modules/custom/agent-firewall"
+  }
+
+  assert {
+    condition     = output.agent_firewall_wrapper_path == "$HOME/.coder-modules/custom/agent-firewall/scripts/agent-firewall-wrapper.sh"
+    error_message = "agent_firewall_wrapper_path output should use custom module directory"
+  }
+
+  # Config path should also follow the module directory
+  assert {
+    condition     = output.agent_firewall_config_path == "$HOME/.coder-modules/custom/agent-firewall/config/config.yaml"
+    error_message = "agent_firewall_config_path output should use custom module directory"
+  }
+}
+
+run "plan_with_inline_config" {
+  command = plan
+
+  variables {
+    agent_id              = "test-agent-id"
+    agent_firewall_config = "allowlist:\n  - domain=example.com\nlog_level: debug\n"
+  }
+
+  # Inline config should still point to the managed path.
+  assert {
+    condition     = output.agent_firewall_config_path == "$HOME/.coder-modules/coder/agent-firewall/config/config.yaml"
+    error_message = "agent_firewall_config_path output should point to managed config path"
+  }
+}
+
+run "plan_with_config_path" {
+  command = plan
+
+  variables {
+    agent_id                   = "test-agent-id"
+    agent_firewall_config_path = "/workspace/my-boundary-config.yaml"
+  }
+
+  # agent_firewall_config_path output should point to the user-provided path.
+  assert {
+    condition     = output.agent_firewall_config_path == "/workspace/my-boundary-config.yaml"
+    error_message = "agent_firewall_config_path output should point to user-provided path"
+  }
+}
+
+run "plan_with_both_configs_should_fail" {
+  command = plan
+
+  variables {
+    agent_id                   = "test-agent-id"
+    agent_firewall_config      = "allowlist: []"
+    agent_firewall_config_path = "/workspace/config.yaml"
+  }
+
+  expect_failures = [
+    var.agent_firewall_config,
+  ]
+}

registry/coder/modules/agent-firewall/config.yaml.tftpl

@@ -0,0 +1,218 @@
+allowlist:
+  - domain=${CODER_DOMAIN}
+
+  # Anthropic Services
+  - domain=api.anthropic.com
+  - domain=statsig.anthropic.com
+  - domain=claude.ai
+
+  # OpenAI Services
+  - domain=api.openai.com
+  - domain=platform.openai.com
+  - domain=openai.com
+  - domain=chatgpt.com
+  - domain=*.oaiusercontent.com
+  - domain=*.oaistatic.com
+
+  # Version Control
+  - domain=github.com
+  - domain=www.github.com
+  - domain=api.github.com
+  - domain=raw.githubusercontent.com
+  - domain=objects.githubusercontent.com
+  - domain=codeload.github.com
+  - domain=avatars.githubusercontent.com
+  - domain=camo.githubusercontent.com
+  - domain=gist.github.com
+  - domain=gitlab.com
+  - domain=www.gitlab.com
+  - domain=registry.gitlab.com
+  - domain=bitbucket.org
+  - domain=www.bitbucket.org
+  - domain=api.bitbucket.org
+
+  # Container Registries
+  - domain=registry-1.docker.io
+  - domain=auth.docker.io
+  - domain=index.docker.io
+  - domain=hub.docker.com
+  - domain=www.docker.com
+  - domain=production.cloudflare.docker.com
+  - domain=download.docker.com
+  - domain=*.gcr.io
+  - domain=ghcr.io
+  - domain=mcr.microsoft.com
+  - domain=*.data.mcr.microsoft.com
+
+  # Cloud Platforms
+  - domain=cloud.google.com
+  - domain=accounts.google.com
+  - domain=gcloud.google.com
+  - domain=*.googleapis.com
+  - domain=storage.googleapis.com
+  - domain=compute.googleapis.com
+  - domain=container.googleapis.com
+  - domain=azure.com
+  - domain=portal.azure.com
+  - domain=microsoft.com
+  - domain=www.microsoft.com
+  - domain=*.microsoftonline.com
+  - domain=packages.microsoft.com
+  - domain=dotnet.microsoft.com
+  - domain=dot.net
+  - domain=visualstudio.com
+  - domain=dev.azure.com
+  - domain=oracle.com
+  - domain=www.oracle.com
+  - domain=java.com
+  - domain=www.java.com
+  - domain=java.net
+  - domain=www.java.net
+  - domain=download.oracle.com
+  - domain=yum.oracle.com
+
+  # Package Managers - JavaScript/Node
+  - domain=registry.npmjs.org
+  - domain=www.npmjs.com
+  - domain=www.npmjs.org
+  - domain=npmjs.com
+  - domain=npmjs.org
+  - domain=yarnpkg.com
+  - domain=registry.yarnpkg.com
+
+  # Package Managers - Python
+  - domain=pypi.org
+  - domain=www.pypi.org
+  - domain=files.pythonhosted.org
+  - domain=pythonhosted.org
+  - domain=test.pypi.org
+  - domain=pypi.python.org
+  - domain=pypa.io
+  - domain=www.pypa.io
+
+  # Package Managers - Ruby
+  - domain=rubygems.org
+  - domain=www.rubygems.org
+  - domain=api.rubygems.org
+  - domain=index.rubygems.org
+  - domain=ruby-lang.org
+  - domain=www.ruby-lang.org
+  - domain=rubyforge.org
+  - domain=www.rubyforge.org
+  - domain=rubyonrails.org
+  - domain=www.rubyonrails.org
+  - domain=rvm.io
+  - domain=get.rvm.io
+
+  # Package Managers - Rust
+  - domain=crates.io
+  - domain=www.crates.io
+  - domain=static.crates.io
+  - domain=rustup.rs
+  - domain=static.rust-lang.org
+  - domain=www.rust-lang.org
+
+  # Package Managers - Go
+  - domain=proxy.golang.org
+  - domain=sum.golang.org
+  - domain=index.golang.org
+  - domain=golang.org
+  - domain=www.golang.org
+  - domain=go.dev
+  - domain=dl.google.com
+  - domain=goproxy.io
+  - domain=pkg.go.dev
+
+  # Package Managers - JVM
+  - domain=maven.org
+  - domain=repo.maven.org
+  - domain=central.maven.org
+  - domain=repo1.maven.org
+  - domain=jcenter.bintray.com
+  - domain=gradle.org
+  - domain=www.gradle.org
+  - domain=services.gradle.org
+  - domain=spring.io
+  - domain=repo.spring.io
+
+  # Package Managers - Other Languages
+  - domain=packagist.org
+  - domain=www.packagist.org
+  - domain=repo.packagist.org
+  - domain=nuget.org
+  - domain=www.nuget.org
+  - domain=api.nuget.org
+  - domain=pub.dev
+  - domain=api.pub.dev
+  - domain=hex.pm
+  - domain=www.hex.pm
+  - domain=cpan.org
+  - domain=www.cpan.org
+  - domain=metacpan.org
+  - domain=www.metacpan.org
+  - domain=api.metacpan.org
+  - domain=cocoapods.org
+  - domain=www.cocoapods.org
+  - domain=cdn.cocoapods.org
+  - domain=haskell.org
+  - domain=www.haskell.org
+  - domain=hackage.haskell.org
+  - domain=swift.org
+  - domain=www.swift.org
+
+  # Linux Distributions
+  - domain=archive.ubuntu.com
+  - domain=security.ubuntu.com
+  - domain=ubuntu.com
+  - domain=www.ubuntu.com
+  - domain=*.ubuntu.com
+  - domain=ppa.launchpad.net
+  - domain=launchpad.net
+  - domain=www.launchpad.net
+
+  # Development Tools & Platforms
+  - domain=dl.k8s.io
+  - domain=pkgs.k8s.io
+  - domain=k8s.io
+  - domain=www.k8s.io
+  - domain=releases.hashicorp.com
+  - domain=apt.releases.hashicorp.com
+  - domain=rpm.releases.hashicorp.com
+  - domain=archive.releases.hashicorp.com
+  - domain=hashicorp.com
+  - domain=www.hashicorp.com
+  - domain=repo.anaconda.com
+  - domain=conda.anaconda.org
+  - domain=anaconda.org
+  - domain=www.anaconda.com
+  - domain=anaconda.com
+  - domain=continuum.io
+  - domain=apache.org
+  - domain=www.apache.org
+  - domain=archive.apache.org
+  - domain=downloads.apache.org
+  - domain=eclipse.org
+  - domain=www.eclipse.org
+  - domain=download.eclipse.org
+  - domain=nodejs.org
+  - domain=www.nodejs.org
+
+  # Cloud Services & Monitoring
+  - domain=statsig.com
+  - domain=www.statsig.com
+  - domain=api.statsig.com
+  - domain=*.sentry.io
+
+  # Content Delivery & Mirrors
+  - domain=*.sourceforge.net
+  - domain=packagecloud.io
+  - domain=*.packagecloud.io
+
+  # Schema & Configuration
+  - domain=json-schema.org
+  - domain=www.json-schema.org
+  - domain=json.schemastore.org
+  - domain=www.schemastore.org
+log_dir: ${BOUNDARY_LOG_DIR}
+log_level: warn
+proxy_port: 8087

registry/coder/modules/agent-firewall/main.test.ts

@@ -0,0 +1,376 @@
+import {
+  test,
+  afterEach,
+  describe,
+  setDefaultTimeout,
+  beforeAll,
+  expect,
+} from "bun:test";
+import {
+  execContainer,
+  readFileContainer,
+  runTerraformInit,
+  runTerraformApply,
+  testRequiredVariables,
+  runContainer,
+  removeContainer,
+} from "~test";
+import {
+  loadTestFile,
+  writeExecutable,
+  execModuleScript,
+  extractCoderEnvVars,
+} from "../agentapi/test-util";
+
+let cleanupFunctions: (() => Promise<void>)[] = [];
+const registerCleanup = (cleanup: () => Promise<void>) => {
+  cleanupFunctions.push(cleanup);
+};
+afterEach(async () => {
+  const cleanupFnsCopy = cleanupFunctions.slice().reverse();
+  cleanupFunctions = [];
+  for (const cleanup of cleanupFnsCopy) {
+    try {
+      await cleanup();
+    } catch (error) {
+      console.error("Error during cleanup:", error);
+    }
+  }
+});
+
+interface SetupProps {
+  moduleVariables?: Record<string, string>;
+  skipCoderMock?: boolean;
+}
+
+const MODULE_DIR = "/home/coder/.coder-modules/coder/agent-firewall";
+const CONFIG_PATH = `${MODULE_DIR}/config/config.yaml`;
+const WRAPPER_PATH = `${MODULE_DIR}/scripts/agent-firewall-wrapper.sh`;
+
+const setup = async (
+  props?: SetupProps,
+): Promise<{ id: string; coderEnvVars: Record<string, string> }> => {
+  const state = await runTerraformApply(import.meta.dir, {
+    agent_id: "foo",
+    ...props?.moduleVariables,
+  });
+
+  const coderEnvVars = extractCoderEnvVars(state);
+  const id = await runContainer("codercom/enterprise-node:latest");
+  registerCleanup(async () => {
+    await removeContainer(id);
+  });
+
+  await execContainer(id, ["bash", "-c", "mkdir -p /home/coder/project"]);
+
+  // Create a mock coder binary with boundary subcommand and exp sync support
+  if (!props?.skipCoderMock) {
+    await writeExecutable({
+      containerId: id,
+      filePath: "/usr/bin/coder",
+      content: await loadTestFile(import.meta.dir, "coder-mock.sh"),
+    });
+  }
+
+  // Extract ALL coder_scripts from the state (coder-utils creates multiple)
+  const allScripts = state.resources
+    .filter((r) => r.type === "coder_script")
+    .map((r) => ({
+      name: r.name,
+      script: r.instances[0].attributes.script as string,
+    }));
+
+  // Run scripts in lifecycle order
+  const executionOrder = [
+    "pre_install_script",
+    "install_script",
+    "post_install_script",
+  ];
+  const orderedScripts = executionOrder
+    .map((name) => allScripts.find((s) => s.name === name))
+    .filter((s): s is NonNullable<typeof s> => s != null);
+
+  // Write each script individually and create a combined runner
+  const scriptPaths: string[] = [];
+  for (const s of orderedScripts) {
+    const scriptPath = `/home/coder/${s.name}.sh`;
+    await writeExecutable({
+      containerId: id,
+      filePath: scriptPath,
+      content: s.script,
+    });
+    scriptPaths.push(scriptPath);
+  }
+
+  const combinedScript = [
+    "#!/bin/bash",
+    "set -o errexit",
+    "set -o pipefail",
+    ...scriptPaths.map((p) => `bash "${p}"`),
+  ].join("\n");
+
+  await writeExecutable({
+    containerId: id,
+    filePath: "/home/coder/script.sh",
+    content: combinedScript,
+  });
+
+  return { id, coderEnvVars };
+};
+
+setDefaultTimeout(60 * 1000);
+
+describe("agent-firewall", async () => {
+  beforeAll(async () => {
+    await runTerraformInit(import.meta.dir);
+  });
+
+  testRequiredVariables(import.meta.dir, {
+    agent_id: "test-agent-id",
+  });
+
+  test("terraform-state-basic", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "test-agent-id",
+    });
+
+    const resources = state.resources;
+
+    // No coder_env resources should exist
+    const envResources = resources.filter((r) => r.type === "coder_env");
+    expect(envResources).toHaveLength(0);
+
+    // Verify no env vars are exported
+    const coderEnvVars = extractCoderEnvVars(state);
+    expect(coderEnvVars["BOUNDARY_WRAPPER_PATH"]).toBeUndefined();
+    expect(coderEnvVars["BOUNDARY_CONFIG"]).toBeUndefined();
+
+    // Verify agent_firewall_config_path output
+    expect(state.outputs["agent_firewall_config_path"]?.value).toBe(
+      "$HOME/.coder-modules/coder/agent-firewall/config/config.yaml",
+    );
+
+    // Verify agent_firewall_wrapper_path output
+    expect(state.outputs["agent_firewall_wrapper_path"]?.value).toBe(
+      "$HOME/.coder-modules/coder/agent-firewall/scripts/agent-firewall-wrapper.sh",
+    );
+
+    // Verify scripts output contains install script
+    const scripts = state.outputs["scripts"]?.value as string[];
+    expect(scripts).toContain("coder-agent-firewall-install_script");
+  });
+
+  test("terraform-state-custom-module-directory", async () => {
+    const customDir = "$HOME/.coder-modules/custom/agent-firewall";
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "test-agent-id",
+      module_directory: customDir,
+    });
+
+    // Verify output uses custom dir
+    const outputs = state.outputs;
+    expect(outputs["agent_firewall_wrapper_path"]?.value).toBe(
+      `${customDir}/scripts/agent-firewall-wrapper.sh`,
+    );
+    // Config path follows module directory
+    expect(outputs["agent_firewall_config_path"]?.value).toBe(
+      `${customDir}/config/config.yaml`,
+    );
+  });
+
+  test("terraform-state-inline-config", async () => {
+    const inlineConfig =
+      "allowlist:\n  - domain=example.com\nlog_level: debug\n";
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "test-agent-id",
+      agent_firewall_config: inlineConfig,
+    });
+
+    // Inline config still writes to the managed path.
+    expect(state.outputs["agent_firewall_config_path"]?.value).toBe(
+      "$HOME/.coder-modules/coder/agent-firewall/config/config.yaml",
+    );
+  });
+
+  test("terraform-state-config-path", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "test-agent-id",
+      agent_firewall_config_path: "/workspace/my-config.yaml",
+    });
+
+    // agent_firewall_config_path output should point to the user-provided path.
+    expect(state.outputs["agent_firewall_config_path"]?.value).toBe(
+      "/workspace/my-config.yaml",
+    );
+  });
+
+  test("happy-path-coder-subcommand", async () => {
+    const { id } = await setup();
+    await execModuleScript(id);
+
+    // Verify the wrapper script was created
+    const wrapperContent = await readFileContainer(id, WRAPPER_PATH);
+    expect(wrapperContent).toContain("#!/usr/bin/env bash");
+    expect(wrapperContent).toContain("coder-no-caps");
+    expect(wrapperContent).toContain("boundary");
+
+    // Verify the wrapper script is executable
+    const statResult = await execContainer(id, [
+      "stat",
+      "-c",
+      "%a",
+      WRAPPER_PATH,
+    ]);
+    expect(statResult.stdout.trim()).toMatch(/7[0-9][0-9]/);
+
+    // Verify coder-no-caps binary was created
+    const coderNoCapsResult = await execContainer(id, [
+      "test",
+      "-f",
+      `${MODULE_DIR}/scripts/coder-no-caps`,
+    ]);
+    expect(coderNoCapsResult.exitCode).toBe(0);
+
+    // Verify default boundary config was written inside module directory
+    const configContent = await readFileContainer(id, CONFIG_PATH);
+    expect(configContent).toContain("allowlist:");
+    expect(configContent).toContain("domain=api.anthropic.com");
+    expect(configContent).toContain("domain=api.openai.com");
+    expect(configContent).toContain("proxy_port: 8087");
+
+    // Verify Coder domain was auto-filled from data.coder_workspace.me
+    // (the placeholder should be replaced with the actual deployment domain).
+    expect(configContent).not.toContain("domain=your-deployment.coder.com");
+
+    // Verify $HOME was expanded in log_dir (should be absolute, not literal $HOME).
+    expect(configContent).toContain("log_dir: /home/coder/");
+    expect(configContent).not.toContain("$HOME");
+
+    // Check install log
+    const installLog = await readFileContainer(
+      id,
+      `${MODULE_DIR}/logs/install.log`,
+    );
+    expect(installLog).toContain("Using coder boundary subcommand");
+    expect(installLog).toContain("Boundary config written to");
+    expect(installLog).toContain("boundary wrapper configured");
+  });
+
+  test("inline-config-written", async () => {
+    const customConfig =
+      "allowlist:\n  - domain=custom.example.com\nlog_level: info\n";
+    const { id } = await setup({
+      moduleVariables: {
+        agent_firewall_config: customConfig,
+      },
+    });
+    await execModuleScript(id);
+
+    // Verify the inline config was written
+    const configContent = await readFileContainer(id, CONFIG_PATH);
+    expect(configContent).toContain("domain=custom.example.com");
+    expect(configContent).toContain("log_level: info");
+  });
+
+  test("config-path-skips-write", async () => {
+    const { id } = await setup({
+      moduleVariables: {
+        agent_firewall_config_path: "/workspace/external-config.yaml",
+      },
+    });
+    await execModuleScript(id);
+
+    // Verify NO config was written to the default path
+    const checkResult = await execContainer(id, ["test", "-f", CONFIG_PATH]);
+    expect(checkResult.exitCode).not.toBe(0);
+
+    // Check install log confirms skip
+    const installLog = await readFileContainer(
+      id,
+      `${MODULE_DIR}/logs/install.log`,
+    );
+    expect(installLog).toContain(
+      "Using external boundary config, skipping config write",
+    );
+  });
+
+  // Note: Tests for use_agent_firewall_directly and
+  // compile_agent_firewall_from_source are skipped because they require
+  // network access (downloading boundary) or compilation which are too
+  // slow for unit tests. These modes are tested manually.
+
+  test("custom-hooks", async () => {
+    const preInstallMarker = "pre-install-executed";
+    const postInstallMarker = "post-install-executed";
+
+    const { id } = await setup({
+      moduleVariables: {
+        pre_install_script: `#!/bin/bash\necho '${preInstallMarker}'`,
+        post_install_script: `#!/bin/bash\necho '${postInstallMarker}'`,
+      },
+    });
+    await execModuleScript(id);
+
+    // Verify pre-install script ran
+    const preInstallLog = await readFileContainer(
+      id,
+      `${MODULE_DIR}/logs/pre_install.log`,
+    );
+    expect(preInstallLog).toContain(preInstallMarker);
+
+    // Verify post-install script ran
+    const postInstallLog = await readFileContainer(
+      id,
+      `${MODULE_DIR}/logs/post_install.log`,
+    );
+    expect(postInstallLog).toContain(postInstallMarker);
+
+    // Verify main install still ran
+    const installLog = await readFileContainer(
+      id,
+      `${MODULE_DIR}/logs/install.log`,
+    );
+    expect(installLog).toContain("boundary wrapper configured");
+  });
+
+  test("no-env-vars", async () => {
+    const { coderEnvVars } = await setup();
+
+    // No env vars should be exported by this module.
+    expect(coderEnvVars["BOUNDARY_WRAPPER_PATH"]).toBeUndefined();
+    expect(coderEnvVars["BOUNDARY_CONFIG"]).toBeUndefined();
+  });
+
+  test("wrapper-script-execution", async () => {
+    const { id } = await setup();
+    await execModuleScript(id);
+
+    // Try executing the wrapper script with a command
+    const wrapperResult = await execContainer(id, [
+      "bash",
+      "-c",
+      `${WRAPPER_PATH} echo boundary-test`,
+    ]);
+
+    // The wrapper passes the command directly to the boundary command
+    expect(wrapperResult.stdout).toContain("boundary-test");
+  });
+
+  test("installation-idempotency", async () => {
+    const { id } = await setup();
+
+    // Run the installation twice
+    await execModuleScript(id);
+    const firstInstallLog = await readFileContainer(
+      id,
+      `${MODULE_DIR}/logs/install.log`,
+    );
+
+    // Run again
+    const secondRun = await execModuleScript(id);
+    expect(secondRun.exitCode).toBe(0);
+
+    // Both runs should succeed
+    expect(firstInstallLog).toContain("boundary wrapper configured");
+  });
+});

registry/coder/modules/agent-firewall/main.tf

@@ -0,0 +1,128 @@
+terraform {
+  required_version = ">= 1.9"
+
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+      version = ">= 2.5"
+    }
+  }
+}
+
+data "coder_workspace" "me" {}
+
+variable "agent_id" {
+  type        = string
+  description = "The ID of a Coder agent."
+}
+
+variable "agent_firewall_version" {
+  type        = string
+  description = "Agent firewall version. When use_agent_firewall_directly is true, a release version should be provided or 'latest' for the latest release. When compile_agent_firewall_from_source is true, a valid git reference should be provided (tag, commit, branch)."
+  default     = "latest"
+}
+
+variable "compile_agent_firewall_from_source" {
+  type        = bool
+  description = "Whether to compile agent-firewall from source instead of using the official install script."
+  default     = false
+}
+
+variable "use_agent_firewall_directly" {
+  type        = bool
+  description = "Whether to use agent-firewall binary directly instead of `coder boundary` subcommand. When false (default), uses `coder boundary` subcommand. When true, installs and uses agent-firewall binary from release."
+  default     = false
+}
+
+variable "agent_firewall_config" {
+  type        = string
+  description = "Inline agent-firewall configuration content (YAML). Overrides the module's default config. Mutually exclusive with agent_firewall_config_path."
+  default     = null
+
+  validation {
+    condition     = !(var.agent_firewall_config != null && var.agent_firewall_config_path != null)
+    error_message = "Only one of agent_firewall_config or agent_firewall_config_path may be set."
+  }
+}
+
+variable "agent_firewall_config_path" {
+  type        = string
+  description = "Path to an existing agent-firewall config file in the workspace. When set, no config is written and the agent_firewall_config_path output points to this path. Mutually exclusive with agent_firewall_config."
+  default     = null
+}
+
+variable "pre_install_script" {
+  type        = string
+  description = "Custom script to run before installing agent-firewall."
+  default     = null
+}
+
+variable "post_install_script" {
+  type        = string
+  description = "Custom script to run after installing agent-firewall."
+  default     = null
+}
+
+variable "module_directory" {
+  type        = string
+  description = "Directory where the agent-firewall module scripts will be located. Default is $HOME/.coder-modules/coder/agent-firewall."
+  default     = "$HOME/.coder-modules/coder/agent-firewall"
+}
+
+locals {
+  boundary_wrapper_path = "${var.module_directory}/scripts/agent-firewall-wrapper.sh"
+
+  # Extract domain from the Coder access URL for the default config
+  # allowlist (e.g., "https://dev.coder.com/" -> "dev.coder.com").
+  coder_domain = try(regex("^https?://([^/:]+)", data.coder_workspace.me.access_url)[0], "")
+
+  # Config handling: resolve which config content to write and where
+  # agent_firewall_config_path output points to.
+  default_boundary_config = templatefile("${path.module}/config.yaml.tftpl", {
+    CODER_DOMAIN     = local.coder_domain
+    BOUNDARY_LOG_DIR = "${var.module_directory}/logs/agent_firewall_logs"
+  })
+  boundary_config_content        = var.agent_firewall_config != null ? var.agent_firewall_config : local.default_boundary_config
+  boundary_config_dir            = "${var.module_directory}/config"
+  boundary_config_file_path      = "${local.boundary_config_dir}/config.yaml"
+  effective_boundary_config_path = var.agent_firewall_config_path != null ? var.agent_firewall_config_path : local.boundary_config_file_path
+  write_boundary_config          = var.agent_firewall_config_path == null
+
+  install_script = templatefile("${path.module}/scripts/install.sh.tftpl", {
+    BOUNDARY_VERSION             = var.agent_firewall_version
+    COMPILE_BOUNDARY_FROM_SOURCE = tostring(var.compile_agent_firewall_from_source)
+    USE_BOUNDARY_DIRECTLY        = tostring(var.use_agent_firewall_directly)
+    MODULE_DIR                   = var.module_directory
+    BOUNDARY_WRAPPER_PATH        = local.boundary_wrapper_path
+    WRITE_BOUNDARY_CONFIG        = tostring(local.write_boundary_config)
+    BOUNDARY_CONFIG_CONTENT_B64  = local.write_boundary_config ? base64encode(local.boundary_config_content) : ""
+    BOUNDARY_CONFIG_DIR          = local.boundary_config_dir
+    BOUNDARY_CONFIG_FILE         = local.boundary_config_file_path
+  })
+}
+
+module "coder_utils" {
+  source              = "registry.coder.com/coder/coder-utils/coder"
+  version             = "0.0.1"
+  agent_id            = var.agent_id
+  display_name_prefix = "Agent Firewall"
+  module_directory    = var.module_directory
+  pre_install_script  = var.pre_install_script
+  post_install_script = var.post_install_script
+  install_script      = local.install_script
+}
+
+output "agent_firewall_wrapper_path" {
+  description = "Path to the agent-firewall wrapper script."
+  value       = local.boundary_wrapper_path
+}
+
+output "agent_firewall_config_path" {
+  description = "Effective path to the agent-firewall config file."
+  value       = local.effective_boundary_config_path
+}
+
+output "scripts" {
+  description = "List of script names for coder exp sync coordination."
+  value       = module.coder_utils.scripts
+}

registry/coder/modules/agent-firewall/scripts/install.sh.tftpl

@@ -0,0 +1,131 @@
+#!/bin/bash
+# Sets up boundary for network isolation in Coder workspaces.
+
+set -euo pipefail
+
+BOUNDARY_VERSION='${BOUNDARY_VERSION}'
+COMPILE_BOUNDARY_FROM_SOURCE='${COMPILE_BOUNDARY_FROM_SOURCE}'
+USE_BOUNDARY_DIRECTLY='${USE_BOUNDARY_DIRECTLY}'
+MODULE_DIR="${MODULE_DIR}"
+BOUNDARY_WRAPPER_PATH="${BOUNDARY_WRAPPER_PATH}"
+WRITE_BOUNDARY_CONFIG='${WRITE_BOUNDARY_CONFIG}'
+BOUNDARY_CONFIG_CONTENT=$(echo -n '${BOUNDARY_CONFIG_CONTENT_B64}' | base64 -d | sed "s|\$HOME|$HOME|g")
+BOUNDARY_CONFIG_DIR="${BOUNDARY_CONFIG_DIR}"
+BOUNDARY_CONFIG_FILE="${BOUNDARY_CONFIG_FILE}"
+
+printf "BOUNDARY_VERSION: %s\n" "$${BOUNDARY_VERSION}"
+printf "COMPILE_BOUNDARY_FROM_SOURCE: %s\n" "$${COMPILE_BOUNDARY_FROM_SOURCE}"
+printf "USE_BOUNDARY_DIRECTLY: %s\n" "$${USE_BOUNDARY_DIRECTLY}"
+printf "MODULE_DIR: %s\n" "$${MODULE_DIR}"
+printf "BOUNDARY_WRAPPER_PATH: %s\n" "$${BOUNDARY_WRAPPER_PATH}"
+printf "WRITE_BOUNDARY_CONFIG: %s\n" "$${WRITE_BOUNDARY_CONFIG}"
+printf "BOUNDARY_CONFIG_DIR: %s\n" "$${BOUNDARY_CONFIG_DIR}"
+printf "BOUNDARY_CONFIG_FILE: %s\n" "$${BOUNDARY_CONFIG_FILE}"
+
+validate_boundary_subcommand() {
+  if ! command -v coder > /dev/null 2>&1; then
+    echo "Error: 'coder' command not found. boundary cannot be enabled." >&2
+    exit 1
+  fi
+
+  local output
+  echo "Checking for license"
+  if ! output=$(coder boundary 2>&1); then
+    if echo "$${output}" | grep -qi "license is not entitled"; then
+      echo "Error: your Coder deployment is not licensed for the boundary feature." >&2
+      echo "$${output}" >&2
+      echo "" >&2
+      exit 1
+    fi
+  fi
+}
+
+# Install boundary binary if needed.
+# Uses one of three strategies:
+#   1. Compile from source (compile_boundary_from_source=true)
+#   2. Install from release (use_boundary_directly=true)
+#   3. Use coder boundary subcommand (default, no installation needed)
+install_boundary() {
+  if [[ "$${COMPILE_BOUNDARY_FROM_SOURCE}" = "true" ]]; then
+    echo "Compiling boundary from source (version: $${BOUNDARY_VERSION})"
+
+    # Remove existing boundary directory to allow re-running safely
+    if [[ -d boundary ]]; then
+      rm -rf boundary
+    fi
+
+    echo "Cloning boundary repository"
+    git clone https://github.com/coder/boundary.git
+    cd boundary || exit 1
+    git checkout "$${BOUNDARY_VERSION}"
+
+    make build
+
+    sudo cp boundary /usr/local/bin/
+    sudo chmod +x /usr/local/bin/boundary
+    cd - || exit 1
+  elif [[ "$${USE_BOUNDARY_DIRECTLY}" = "true" ]]; then
+    echo "Installing boundary using official install script (version: $${BOUNDARY_VERSION})"
+    curl -fsSL https://raw.githubusercontent.com/coder/boundary/main/install.sh | bash -s -- --version "$${BOUNDARY_VERSION}"
+  else
+    validate_boundary_subcommand
+    echo "Using coder boundary subcommand (provided by Coder)"
+  fi
+}
+
+# Write boundary config file if the module is responsible for it.
+write_boundary_config() {
+  if [[ "$${WRITE_BOUNDARY_CONFIG}" != "true" ]]; then
+    echo "Using external boundary config, skipping config write."
+    return 0
+  fi
+
+  mkdir -p "$${BOUNDARY_CONFIG_DIR}"
+  echo "$${BOUNDARY_CONFIG_CONTENT}" > "$${BOUNDARY_CONFIG_FILE}"
+  echo "Boundary config written to $${BOUNDARY_CONFIG_FILE}"
+}
+
+# Set up boundary: install, write config, create wrapper script.
+setup_boundary() {
+  echo "Setting up coder boundary..."
+
+  # Install boundary binary if needed
+  install_boundary
+
+  # Write boundary config
+  write_boundary_config
+
+  # Ensure the wrapper script directory exists.
+  mkdir -p "$(dirname "$${BOUNDARY_WRAPPER_PATH}")"
+
+  if [[ "$${COMPILE_BOUNDARY_FROM_SOURCE}" = "true" ]] || [[ "$${USE_BOUNDARY_DIRECTLY}" = "true" ]]; then
+    # Use boundary binary directly (from compilation or release installation)
+    cat > "$${BOUNDARY_WRAPPER_PATH}" << 'WRAPPER_EOF'
+#!/usr/bin/env bash
+set -euo pipefail
+exec boundary "$@"
+WRAPPER_EOF
+  else
+    # Use coder boundary subcommand (default)
+    # Copy coder binary to strip CAP_NET_ADMIN capabilities.
+    # This is necessary because boundary doesn't work with privileged binaries
+    # (you can't launch privileged binaries inside network namespaces unless
+    # you have sys_admin).
+    CODER_NO_CAPS="$${MODULE_DIR}/scripts/coder-no-caps"
+    if ! cp "$(command -v coder)" "$${CODER_NO_CAPS}"; then
+      echo "Error: Failed to copy coder binary to $${CODER_NO_CAPS}. boundary cannot be enabled." >&2
+      exit 1
+    fi
+    cat > "$${BOUNDARY_WRAPPER_PATH}" << 'WRAPPER_EOF'
+#!/usr/bin/env bash
+set -euo pipefail
+SCRIPT_DIR="$(cd "$(dirname "$${BASH_SOURCE[0]}")" && pwd)"
+exec "$${SCRIPT_DIR}/coder-no-caps" boundary "$@"
+WRAPPER_EOF
+  fi
+
+  chmod +x "$${BOUNDARY_WRAPPER_PATH}"
+  echo "boundary wrapper configured: $${BOUNDARY_WRAPPER_PATH}"
+}
+
+setup_boundary

registry/coder/modules/agent-firewall/testdata/coder-mock.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Mock coder command for testing boundary module
+# Handles: coder boundary [--help | <command>]
+# Handles: coder exp sync [want|start|complete] (no-op for testing)
+
+# Handle exp sync commands (no-op for testing)
+if [[ "$1" == "exp" ]] && [[ "$2" == "sync" ]]; then
+  exit 0
+fi
+
+if [[ "$1" == "boundary" ]]; then
+  shift
+
+  # Handle --help flag
+  if [[ "$1" == "--help" ]]; then
+    cat << 'EOF'
+boundary - Run commands in network isolation
+
+Usage:
+  coder boundary [flags] -- <command> [args...]
+
+Examples:
+  coder boundary -- curl https://example.com
+  coder boundary -- npm install
+
+Flags:
+  -h, --help   help for boundary
+EOF
+    exit 0
+  fi
+
+  # Execute the remaining arguments as a command
+  exec "$@"
+fi
+
+echo "Mock coder: Unknown command: $*"
+exit 1

registry/coder/modules/claude-code/README.md

@@ -13,7 +13,7 @@ Install and configure the [Claude Code](https://docs.anthropic.com/en/docs/agent
 ```tf
 module "claude-code" {
   source            = "registry.coder.com/coder/claude-code/coder"
-  version           = "5.1.0"
+  version           = "5.2.0"
   agent_id          = coder_agent.main.id
   anthropic_api_key = "xxxx-xxxxx-xxxx"
 }
@@ -47,7 +47,7 @@ locals {
 
 module "claude-code" {
   source            = "registry.coder.com/coder/claude-code/coder"
-  version           = "5.1.0"
+  version           = "5.2.0"
   agent_id          = coder_agent.main.id
   workdir           = local.claude_workdir
   anthropic_api_key = "xxxx-xxxxx-xxxx"
@@ -78,7 +78,7 @@ resource "coder_app" "claude" {
 ```tf
 module "claude-code" {
   source            = "registry.coder.com/coder/claude-code/coder"
-  version           = "5.1.0"
+  version           = "5.2.0"
   agent_id          = coder_agent.main.id
   workdir           = "/home/coder/project"
   enable_ai_gateway = true
@@ -95,6 +95,33 @@ Claude Code then routes API requests through Coder's AI Gateway instead of direc
 > [!CAUTION]
 > `enable_ai_gateway = true` is mutually exclusive with `anthropic_api_key` and `claude_code_oauth_token`. Setting any of them together fails at plan time.
 
+### Enterprise policy via managed settings
+
+The `managed_settings` input writes a policy file to `/etc/claude-code/managed-settings.d/10-coder.json` inside the workspace. Claude Code reads this directory at startup with the highest configuration precedence, so users cannot override these values in their own `~/.claude/settings.json`. This is a local file mechanism and works with any inference backend (Anthropic API, AWS Bedrock, Google Vertex AI, or AI Gateway).
+
+```tf
+module "claude-code" {
+  source            = "registry.coder.com/coder/claude-code/coder"
+  version           = "5.2.0"
+  agent_id          = coder_agent.main.id
+  workdir           = "/home/coder/project"
+  anthropic_api_key = "xxxx-xxxxx-xxxx"
+
+  managed_settings = {
+    permissions = {
+      defaultMode                  = "acceptEdits"
+      disableBypassPermissionsMode = "disable"
+      deny                         = ["Bash(curl:*)", "Bash(wget:*)", "WebFetch"]
+    }
+    env = {
+      DISABLE_TELEMETRY = "0"
+    }
+  }
+}
+```
+
+See the [Claude Code settings reference](https://docs.anthropic.com/en/docs/claude-code/settings) for the full schema. Common keys: `permissions` (`defaultMode`, `allow`, `deny`, `disableBypassPermissionsMode`, `additionalDirectories`), `env`, `model`, `apiKeyHelper`, `hooks`, `cleanupPeriodDays`.
+
 ### Advanced Configuration
 
 This example shows version pinning, a pre-installed binary path, a custom model, and MCP servers.
@@ -102,7 +129,7 @@ This example shows version pinning, a pre-installed binary path, a custom model,
 ```tf
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "5.1.0"
+  version  = "5.2.0"
   agent_id = coder_agent.main.id
   workdir  = "/home/coder/project"
 
@@ -166,7 +193,7 @@ Downstream `coder_script` resources can wait for this module's install pipeline
 ```tf
 module "claude-code" {
   source            = "registry.coder.com/coder/claude-code/coder"
-  version           = "5.1.0"
+  version           = "5.2.0"
   agent_id          = coder_agent.main.id
   workdir           = "/home/coder/project"
   anthropic_api_key = "xxxx-xxxxx-xxxx"
@@ -252,7 +279,7 @@ resource "coder_env" "bedrock_api_key" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "5.1.0"
+  version  = "5.2.0"
   agent_id = coder_agent.main.id
   workdir  = "/home/coder/project"
   model    = "global.anthropic.claude-sonnet-4-5-20250929-v1:0"
@@ -309,7 +336,7 @@ resource "coder_env" "google_application_credentials" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "5.1.0"
+  version  = "5.2.0"
   agent_id = coder_agent.main.id
   workdir  = "/home/coder/project"
   model    = "claude-sonnet-4@20250514"
@@ -350,7 +377,7 @@ The module automatically tags every span and metric with `coder.workspace_id`, `
 ```tf
 module "claude-code" {
   source            = "registry.coder.com/coder/claude-code/coder"
-  version           = "5.1.0"
+  version           = "5.2.0"
   agent_id          = coder_agent.main.id
   workdir           = "/home/coder/project"
   anthropic_api_key = "xxxx-xxxxx-xxxx"

registry/coder/modules/claude-code/main.test.ts

@@ -382,10 +382,13 @@ describe("claude-code", async () => {
     const parsed = JSON.parse(claudeConfig);
     expect(parsed.autoUpdaterStatus).toBe("disabled");
     expect(parsed.hasCompletedOnboarding).toBe(true);
-    expect(parsed.bypassPermissionsModeAccepted).toBe(true);
     expect(parsed.hasAcknowledgedCostThreshold).toBe(true);
     expect(parsed.projects[workdir].hasCompletedProjectOnboarding).toBe(true);
     expect(parsed.projects[workdir].hasTrustDialogAccepted).toBe(true);
+    // Permission posture is delivered via /etc/claude-code/managed-settings.d/,
+    // not user-writable ~/.claude.json acceptance flags.
+    expect(parsed.bypassPermissionsModeAccepted).toBeUndefined();
+    expect(parsed.autoModeAccepted).toBeUndefined();
   });
 
   test("standalone-mode-with-oauth-token", async () => {
@@ -413,7 +416,7 @@ describe("claude-code", async () => {
     );
     const parsed = JSON.parse(claudeConfig);
     expect(parsed.hasCompletedOnboarding).toBe(true);
-    expect(parsed.bypassPermissionsModeAccepted).toBe(true);
+    expect(parsed.bypassPermissionsModeAccepted).toBeUndefined();
   });
 
   test("standalone-mode-no-auth", async () => {
@@ -436,6 +439,49 @@ describe("claude-code", async () => {
     expect(resp.stdout.trim()).toBe("ABSENT");
   });
 
+  test("claude-managed-settings-written", async () => {
+    const { id, scripts } = await setup({
+      moduleVariables: {
+        managed_settings: JSON.stringify({
+          permissions: {
+            defaultMode: "acceptEdits",
+            disableBypassPermissionsMode: "disable",
+            deny: ["Bash(rm -rf*)"],
+          },
+        }),
+      },
+    });
+    await runScripts(id, scripts);
+
+    const policy = await execContainer(id, [
+      "bash",
+      "-c",
+      "cat /etc/claude-code/managed-settings.d/10-coder.json",
+    ]);
+    expect(policy.exitCode).toBe(0);
+    expect(policy.stdout).toContain('"defaultMode":"acceptEdits"');
+    expect(policy.stdout).toContain('"disableBypassPermissionsMode":"disable"');
+    expect(policy.stdout).toContain('"deny":["Bash(rm -rf*)"]');
+
+    const installLog = await readFileContainer(
+      id,
+      "/home/coder/.coder-modules/coder/claude-code/logs/install.log",
+    );
+    expect(installLog).toContain("Wrote Claude Code managed settings");
+  });
+
+  test("claude-managed-settings-not-set", async () => {
+    const { id, scripts } = await setup();
+    await runScripts(id, scripts);
+
+    const resp = await execContainer(id, [
+      "bash",
+      "-c",
+      "test -e /etc/claude-code/managed-settings.d/10-coder.json && echo EXISTS || echo ABSENT",
+    ]);
+    expect(resp.stdout.trim()).toBe("ABSENT");
+  });
+
   test("telemetry-otel", async () => {
     const { coderEnvVars } = await setup({
       moduleVariables: {

registry/coder/modules/claude-code/main.tf

@@ -102,6 +102,12 @@ variable "claude_binary_path" {
   }
 }
 
+variable "managed_settings" {
+  type        = any
+  description = "Policy settings written to /etc/claude-code/managed-settings.d/10-coder.json. Highest-precedence client config; works with any inference backend (Anthropic API, Bedrock, Vertex, AI Gateway). See https://docs.anthropic.com/en/docs/claude-code/settings for the schema."
+  default     = null
+}
+
 variable "enable_ai_gateway" {
   type        = bool
   description = "Use AI Gateway for Claude Code. https://coder.com/docs/ai-coder/ai-gateway"
@@ -237,6 +243,7 @@ locals {
     ARG_MCP                    = var.mcp != "" ? base64encode(var.mcp) : ""
     ARG_MCP_CONFIG_REMOTE_PATH = base64encode(jsonencode(var.mcp_config_remote_path))
     ARG_ENABLE_AI_GATEWAY      = tostring(var.enable_ai_gateway)
+    ARG_MANAGED_SETTINGS_JSON  = var.managed_settings != null ? base64encode(jsonencode(var.managed_settings)) : ""
   })
   module_dir_name = ".coder-modules/coder/claude-code"
 }

registry/coder/modules/claude-code/main.tftest.hcl

@@ -283,3 +283,47 @@ run "test_workdir_optional" {
     error_message = "workdir should default to null when omitted"
   }
 }
+
+run "test_managed_settings" {
+  command = plan
+
+  variables {
+    agent_id = "test-agent-managed-settings"
+    workdir  = "/home/coder/project"
+    managed_settings = {
+      permissions = {
+        defaultMode                  = "acceptEdits"
+        disableBypassPermissionsMode = "disable"
+        deny                         = ["Bash(rm -rf*)"]
+      }
+    }
+  }
+
+  assert {
+    condition     = var.managed_settings.permissions.defaultMode == "acceptEdits"
+    error_message = "managed_settings should accept the permissions object"
+  }
+
+  assert {
+    condition     = strcontains(local.install_script, "/etc/claude-code/managed-settings.d")
+    error_message = "install script should reference the managed-settings.d drop-in directory"
+  }
+
+  assert {
+    condition     = strcontains(local.install_script, base64encode(jsonencode(var.managed_settings)))
+    error_message = "install script should embed the base64-encoded managed_settings JSON"
+  }
+}
+
+run "test_managed_settings_default_null" {
+  command = plan
+
+  variables {
+    agent_id = "test-agent-managed-settings-default"
+  }
+
+  assert {
+    condition     = var.managed_settings == null
+    error_message = "managed_settings should default to null when omitted"
+  }
+}

registry/coder/modules/claude-code/scripts/install.sh.tftpl

@@ -17,6 +17,7 @@ ARG_CLAUDE_BINARY_PATH="$${ARG_CLAUDE_BINARY_PATH//\$HOME/$HOME}"
 ARG_MCP=$(echo -n '${ARG_MCP}' | base64 -d)
 ARG_MCP_CONFIG_REMOTE_PATH=$(echo -n '${ARG_MCP_CONFIG_REMOTE_PATH}' | base64 -d)
 ARG_ENABLE_AI_GATEWAY='${ARG_ENABLE_AI_GATEWAY}'
+ARG_MANAGED_SETTINGS_JSON=$(echo -n '${ARG_MANAGED_SETTINGS_JSON}' | base64 -d)
 
 export PATH="$${ARG_CLAUDE_BINARY_PATH}:$PATH"
 
@@ -29,6 +30,7 @@ printf "ARG_CLAUDE_BINARY_PATH: %s\n" "$${ARG_CLAUDE_BINARY_PATH}"
 printf "ARG_MCP: %s\n" "$${ARG_MCP}"
 printf "ARG_MCP_CONFIG_REMOTE_PATH: %s\n" "$${ARG_MCP_CONFIG_REMOTE_PATH}"
 printf "ARG_ENABLE_AI_GATEWAY: %s\n" "$${ARG_ENABLE_AI_GATEWAY}"
+printf "ARG_MANAGED_SETTINGS_JSON: %s\n" "$${ARG_MANAGED_SETTINGS_JSON}"
 
 echo "--------------------------------"
 
@@ -144,6 +146,32 @@ function setup_claude_configurations() {
 
 }
 
+function write_managed_settings() {
+  if [ -z "$${ARG_MANAGED_SETTINGS_JSON}" ]; then
+    return
+  fi
+
+  local dropin_dir="/etc/claude-code/managed-settings.d"
+  local target="$${dropin_dir}/10-coder.json"
+
+  if ! echo "$${ARG_MANAGED_SETTINGS_JSON}" | jq empty 2> /dev/null; then
+    echo "Warning: managed_settings is not valid JSON, skipping policy write"
+    return
+  fi
+
+  if command_exists sudo; then
+    sudo mkdir -p "$${dropin_dir}"
+    echo "$${ARG_MANAGED_SETTINGS_JSON}" | sudo tee "$${target}" > /dev/null
+    sudo chmod 0644 "$${target}"
+  else
+    mkdir -p "$${dropin_dir}"
+    echo "$${ARG_MANAGED_SETTINGS_JSON}" > "$${target}"
+    chmod 0644 "$${target}"
+  fi
+
+  echo "Wrote Claude Code managed settings to $${target}"
+}
+
 function configure_standalone_mode() {
   echo "Configuring Claude Code for standalone mode..."
 
@@ -158,8 +186,6 @@ function configure_standalone_mode() {
     echo "Updating existing Claude configuration at $${claude_config}"
 
     jq '.autoUpdaterStatus = "disabled" |
-        .autoModeAccepted = true |
-        .bypassPermissionsModeAccepted = true |
         .hasAcknowledgedCostThreshold = true |
         .hasCompletedOnboarding = true' \
       "$${claude_config}" > "$${claude_config}.tmp" && mv "$${claude_config}.tmp" "$${claude_config}"
@@ -168,8 +194,6 @@ function configure_standalone_mode() {
     cat > "$${claude_config}" << EOF
 {
   "autoUpdaterStatus": "disabled",
-  "autoModeAccepted": true,
-  "bypassPermissionsModeAccepted": true,
   "hasAcknowledgedCostThreshold": true,
   "hasCompletedOnboarding": true
 }
@@ -189,4 +213,5 @@ EOF
 
 install_claude_code_cli
 setup_claude_configurations
+write_managed_settings
 configure_standalone_mode

registry/coder/modules/dotfiles/README.md

@@ -18,7 +18,7 @@ Under the hood, this module uses the [coder dotfiles](https://coder.com/docs/v2/
 module "dotfiles" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/dotfiles/coder"
-  version  = "1.4.1"
+  version  = "1.4.2"
   agent_id = coder_agent.example.id
 }
 ```
@@ -31,7 +31,7 @@ module "dotfiles" {
 module "dotfiles" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/dotfiles/coder"
-  version  = "1.4.1"
+  version  = "1.4.2"
   agent_id = coder_agent.example.id
 }
 ```
@@ -42,7 +42,7 @@ module "dotfiles" {
 module "dotfiles" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/dotfiles/coder"
-  version  = "1.4.1"
+  version  = "1.4.2"
   agent_id = coder_agent.example.id
   user     = "root"
 }
@@ -54,14 +54,14 @@ module "dotfiles" {
 module "dotfiles" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/dotfiles/coder"
-  version  = "1.4.1"
+  version  = "1.4.2"
   agent_id = coder_agent.example.id
 }
 
 module "dotfiles-root" {
   count        = data.coder_workspace.me.start_count
   source       = "registry.coder.com/coder/dotfiles/coder"
-  version      = "1.4.1"
+  version      = "1.4.2"
   agent_id     = coder_agent.example.id
   user         = "root"
   dotfiles_uri = module.dotfiles.dotfiles_uri
@@ -90,7 +90,7 @@ You can set a default dotfiles repository for all users by setting the `default_
 module "dotfiles" {
   count                = data.coder_workspace.me.start_count
   source               = "registry.coder.com/coder/dotfiles/coder"
-  version              = "1.4.1"
+  version              = "1.4.2"
   agent_id             = coder_agent.example.id
   default_dotfiles_uri = "https://github.com/coder/dotfiles"
 }

registry/coder/modules/dotfiles/main.test.ts

@@ -1,9 +1,11 @@
 import { describe, expect, it } from "bun:test";
 import {
+  findResourceInstance,
   runTerraformApply,
   runTerraformInit,
   testRequiredVariables,
 } from "~test";
+import { readableStreamToText, spawn } from "bun";
 
 describe("dotfiles", async () => {
   await runTerraformInit(import.meta.dir);
@@ -34,6 +36,24 @@ describe("dotfiles", async () => {
         dotfiles_uri: url,
       });
       expect(state.outputs.dotfiles_uri.value).toBe(url);
+
+      // Run the rendered shell script to verify the shell-side URI
+      // validation also accepts the URL. The script will fail later
+      // (no coder binary available), but it must not fail at the
+      // URI validation step.
+      const instance = findResourceInstance(state, "coder_script");
+      const proc = spawn(["bash", "-c", instance.script], {
+        stdout: "pipe",
+        stderr: "pipe",
+      });
+      const stderr = await readableStreamToText(proc.stderr);
+      await proc.exited;
+      expect(stderr).not.toContain(
+        "ERROR: DOTFILES_URI contains invalid characters",
+      );
+      expect(stderr).not.toContain(
+        "ERROR: DOTFILES_URI must be a valid repository URL",
+      );
     }
   });
 

registry/coder/modules/dotfiles/run.sh

@@ -9,7 +9,7 @@ DOTFILES_BRANCH="${DOTFILES_BRANCH}"
 # Validate DOTFILES_URI to prevent command injection (defense in depth)
 if [ -n "$DOTFILES_URI" ]; then
   # shellcheck disable=SC2250
-  if [[ "$DOTFILES_URI" =~ [^a-zA-Z0-9._/:@-] ]]; then
+  if [[ "$DOTFILES_URI" =~ [^a-zA-Z0-9._/:@~-] ]]; then
     echo "ERROR: DOTFILES_URI contains invalid characters" >&2
     exit 1
   fi

registry/coder/modules/git-clone/README.md

@@ -14,7 +14,7 @@ This module allows you to automatically clone a repository by URL and skip if it
 module "git-clone" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/git-clone/coder"
-  version  = "1.2.3"
+  version  = "2.0.1"
   agent_id = coder_agent.example.id
   url      = "https://github.com/coder/coder"
 }
@@ -28,7 +28,7 @@ module "git-clone" {
 module "git-clone" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/git-clone/coder"
-  version  = "1.2.3"
+  version  = "2.0.1"
   agent_id = coder_agent.example.id
   url      = "https://github.com/coder/coder"
   base_dir = "~/projects/coder"
@@ -43,7 +43,7 @@ To use with [Git Authentication](https://coder.com/docs/v2/latest/admin/git-prov
 module "git-clone" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/git-clone/coder"
-  version  = "1.2.3"
+  version  = "2.0.1"
   agent_id = coder_agent.example.id
   url      = "https://github.com/coder/coder"
 }
@@ -70,7 +70,7 @@ data "coder_parameter" "git_repo" {
 module "git_clone" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/git-clone/coder"
-  version  = "1.2.3"
+  version  = "2.0.1"
   agent_id = coder_agent.example.id
   url      = data.coder_parameter.git_repo.value
 }
@@ -105,7 +105,7 @@ Configuring `git-clone` for a self-hosted GitHub Enterprise Server running at `g
 module "git-clone" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/git-clone/coder"
-  version  = "1.2.3"
+  version  = "2.0.1"
   agent_id = coder_agent.example.id
   url      = "https://github.example.com/coder/coder/tree/feat/example"
   git_providers = {
@@ -125,7 +125,7 @@ To GitLab clone with a specific branch like `feat/example`
 module "git-clone" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/git-clone/coder"
-  version  = "1.2.3"
+  version  = "2.0.1"
   agent_id = coder_agent.example.id
   url      = "https://gitlab.com/coder/coder/-/tree/feat/example"
 }
@@ -137,7 +137,7 @@ Configuring `git-clone` for a self-hosted GitLab running at `gitlab.example.com`
 module "git-clone" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/git-clone/coder"
-  version  = "1.2.3"
+  version  = "2.0.1"
   agent_id = coder_agent.example.id
   url      = "https://gitlab.example.com/coder/coder/-/tree/feat/example"
   git_providers = {
@@ -159,7 +159,7 @@ For example, to clone the `feat/example` branch:
 module "git-clone" {
   count       = data.coder_workspace.me.start_count
   source      = "registry.coder.com/coder/git-clone/coder"
-  version     = "1.2.3"
+  version     = "2.0.1"
   agent_id    = coder_agent.example.id
   url         = "https://github.com/coder/coder"
   branch_name = "feat/example"
@@ -177,7 +177,7 @@ For example, this will clone into the `~/projects/coder/coder-dev` folder:
 module "git-clone" {
   count       = data.coder_workspace.me.start_count
   source      = "registry.coder.com/coder/git-clone/coder"
-  version     = "1.2.3"
+  version     = "2.0.1"
   agent_id    = coder_agent.example.id
   url         = "https://github.com/coder/coder"
   folder_name = "coder-dev"
@@ -185,21 +185,55 @@ module "git-clone" {
 }
 ```
 
-## Git shallow clone
+## Extra `git clone` arguments
 
-Limit the clone history to speed-up workspace startup by setting `depth`.
+> [!NOTE]
+> **Upgrading from v1.x?** The `depth` variable was removed in v2.0.0. Use `extra_args = ["--depth=1"]` instead.
+> Do not pass `-b` or `--branch` in `extra_args` when `branch_name` is
+> already set (or extracted from the URL). Git silently accepts the last
+> `-b` flag, so the two values would conflict.
 
-When `depth` is greater than `0` the module runs `git clone --depth <depth>`.
-If not defined, the default, `0`, performs a full clone.
+Pass any additional flags through `extra_args` (one element per argument).
+This lets you enable anything `git clone` supports without the module having
+to expose it explicitly, for example a shallow clone, submodules, parallel
+fetches, or partial clones.
 
 ```tf
 module "git-clone" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/git-clone/coder"
-  version  = "1.2.3"
+  version  = "2.0.1"
   agent_id = coder_agent.example.id
   url      = "https://github.com/coder/coder"
-  depth    = 1
+  extra_args = [
+    "--depth=1",
+    "--recurse-submodules",
+    "--jobs=8",
+    "--filter=blob:none",
+  ]
+}
+```
+
+## Pre-clone script
+
+Run a custom script before cloning the repository by setting the `pre_clone_script` variable.
+This is useful for preparing the environment or validating prerequisites before cloning.
+
+```tf
+module "git-clone" {
+  count            = data.coder_workspace.me.start_count
+  source           = "registry.coder.com/coder/git-clone/coder"
+  version          = "2.0.1"
+  agent_id         = coder_agent.example.id
+  url              = "https://github.com/coder/coder"
+  pre_clone_script = <<-EOT
+    #!/bin/bash
+    echo "Preparing to clone repository..."
+    # Check prerequisites
+    command -v npm >/dev/null 2>&1 || { echo "npm is required but not installed."; exit 1; }
+    # Set up environment
+    export NODE_ENV=development
+  EOT
 }
 ```
 
@@ -212,7 +246,7 @@ This is useful for running initialization tasks like installing dependencies or
 module "git-clone" {
   count             = data.coder_workspace.me.start_count
   source            = "registry.coder.com/coder/git-clone/coder"
-  version           = "1.2.3"
+  version           = "2.0.1"
   agent_id          = coder_agent.example.id
   url               = "https://github.com/coder/coder"
   post_clone_script = <<-EOT
@@ -225,3 +259,7 @@ module "git-clone" {
   EOT
 }
 ```
+
+## Troubleshooting
+
+Logs and scripts for `clone`, `pre_clone`, and `post_clone` are written to `~/.coder-modules/coder/git-clone/<folder_name>/logs/` and `~/.coder-modules/coder/git-clone/<folder_name>/scripts/` respectively.

registry/coder/modules/git-clone/main.test.ts

@@ -1,11 +1,48 @@
 import { describe, expect, it } from "bun:test";
 import {
-  executeScriptInContainer,
+  execContainer,
+  findResourceInstance,
+  runContainer,
   runTerraformApply,
   runTerraformInit,
   testRequiredVariables,
+  type scriptOutput,
+  type TerraformState,
 } from "~test";
 
+const executeScriptInContainer = async (
+  state: TerraformState,
+  image: string,
+  before?: string,
+): Promise<scriptOutput> => {
+  const instance = findResourceInstance(state, "coder_script");
+  const id = await runContainer(image);
+  await execContainer(id, ["sh", "-c", "apk add --no-cache bash >/dev/null"]);
+  if (before) {
+    await execContainer(id, ["sh", "-c", before]);
+  }
+  const resp = await execContainer(id, ["bash", "-c", instance.script]);
+  return {
+    exitCode: resp.exitCode,
+    stdout: resp.stdout.trim().split("\n"),
+    stderr: resp.stderr.trim().split("\n"),
+  };
+};
+
+// Drops a fake `git` onto PATH that prints each argv entry on its own line.
+// Lets tests prove that arguments (including ones with embedded spaces) reach
+// `git clone` as single argv tokens, which the echo line cannot show because
+// it joins with spaces.
+const installFakeGit = [
+  "cat > /usr/local/bin/git <<'SHIM'",
+  "#!/bin/sh",
+  'for arg in "$@"; do',
+  '  printf "argv:%s\\n" "$arg"',
+  "done",
+  "SHIM",
+  "chmod +x /usr/local/bin/git",
+].join("\n");
+
 describe("git-clone", async () => {
   await runTerraformInit(import.meta.dir);
 
@@ -30,12 +67,11 @@ describe("git-clone", async () => {
       url: "fake-url",
     });
     const output = await executeScriptInContainer(state, "alpine/git");
-    expect(output.stdout).toEqual([
-      "Creating directory ~/fake-url...",
-      "Cloning fake-url to ~/fake-url...",
-    ]);
-    expect(output.stderr.join(" ")).toContain("fatal");
-    expect(output.stderr.join(" ")).toContain("fake-url");
+    expect(output.stdout).toContain("Creating directory /root/fake-url...");
+    expect(output.stdout).toContain("Cloning fake-url to /root/fake-url...");
+    expect(output.exitCode).not.toBe(0);
+    expect(output.stdout.join(" ")).toContain("fatal");
+    expect(output.stdout.join(" ")).toContain("fake-url");
   });
 
   it("repo_dir should match repo name for https", async () => {
@@ -206,10 +242,12 @@ describe("git-clone", async () => {
     });
     const output = await executeScriptInContainer(state, "alpine/git");
     expect(output.exitCode).toBe(0);
-    expect(output.stdout).toEqual([
-      "Creating directory ~/repo-tests.log...",
-      "Cloning https://github.com/michaelbrewer/repo-tests.log to ~/repo-tests.log on branch feat/branch...",
-    ]);
+    expect(output.stdout).toContain(
+      "Creating directory /root/repo-tests.log...",
+    );
+    expect(output.stdout).toContain(
+      "Cloning https://github.com/michaelbrewer/repo-tests.log to /root/repo-tests.log on branch feat/branch...",
+    );
   });
 
   it("runs with gitlab clone with switch to feat/branch", async () => {
@@ -219,10 +257,12 @@ describe("git-clone", async () => {
     });
     const output = await executeScriptInContainer(state, "alpine/git");
     expect(output.exitCode).toBe(0);
-    expect(output.stdout).toEqual([
-      "Creating directory ~/repo-tests.log...",
-      "Cloning https://gitlab.com/mike.brew/repo-tests.log to ~/repo-tests.log on branch feat/branch...",
-    ]);
+    expect(output.stdout).toContain(
+      "Creating directory /root/repo-tests.log...",
+    );
+    expect(output.stdout).toContain(
+      "Cloning https://gitlab.com/mike.brew/repo-tests.log to /root/repo-tests.log on branch feat/branch...",
+    );
   });
 
   it("runs with github clone with branch_name set to feat/branch", async () => {
@@ -240,25 +280,166 @@ describe("git-clone", async () => {
 
     const output = await executeScriptInContainer(state, "alpine/git");
     expect(output.exitCode).toBe(0);
-    expect(output.stdout).toEqual([
-      "Creating directory ~/repo-tests.log...",
-      "Cloning https://github.com/michaelbrewer/repo-tests.log to ~/repo-tests.log on branch feat/branch...",
-    ]);
+    expect(output.stdout).toContain(
+      "Creating directory /root/repo-tests.log...",
+    );
+    expect(output.stdout).toContain(
+      "Cloning https://github.com/michaelbrewer/repo-tests.log to /root/repo-tests.log on branch feat/branch...",
+    );
   });
 
   it("runs post-clone script", async () => {
     const state = await runTerraformApply(import.meta.dir, {
       agent_id: "foo",
       url: "fake-url",
+      base_dir: "/tmp",
       post_clone_script: "echo 'Post-clone script executed'",
     });
     const output = await executeScriptInContainer(
       state,
       "alpine/git",
-      "sh",
-      "mkdir -p ~/fake-url && echo 'existing' > ~/fake-url/file.txt",
+      "mkdir -p /tmp/fake-url && echo 'existing' > /tmp/fake-url/file.txt",
     );
     expect(output.stdout).toContain("Running post-clone script...");
     expect(output.stdout).toContain("Post-clone script executed");
   });
+
+  it("runs pre-clone script", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      url: "fake-url",
+      pre_clone_script: "echo 'Pre-clone script executed'",
+    });
+    const output = await executeScriptInContainer(state, "alpine/git");
+    expect(output.stdout).toContain("Running pre-clone script...");
+    expect(output.stdout).toContain("Pre-clone script executed");
+    expect(output.stdout).toContain("Cloning fake-url to /root/fake-url...");
+  });
+
+  it("fails when pre-clone script fails", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      url: "fake-url",
+      pre_clone_script: "echo 'Pre-clone script failed'; exit 42",
+    });
+    const output = await executeScriptInContainer(state, "alpine/git");
+    expect(output.exitCode).toBe(42);
+    expect(output.stdout).toContain("Running pre-clone script...");
+    expect(output.stdout).toContain("Pre-clone script failed");
+    expect(output.stdout).not.toContain(
+      "Cloning fake-url to /root/fake-url...",
+    );
+  });
+
+  it("defaults extra_args to empty", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      url: "fake-url",
+    });
+    const output = await executeScriptInContainer(
+      state,
+      "alpine/git",
+      installFakeGit,
+    );
+    // With no extra_args the only argv tokens should be clone, url, path.
+    expect(output.stdout.join("\n")).toContain(
+      ["argv:clone", "argv:fake-url", "argv:/root/fake-url"].join("\n"),
+    );
+  });
+
+  it("passes extra_args to git clone", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      url: "fake-url",
+      extra_args: JSON.stringify([
+        "--recurse-submodules",
+        "--jobs=8",
+        "--config=user.name=Coder User",
+        "-c",
+        "core.sshCommand=ssh -i /tmp/key",
+      ]),
+    });
+    const output = await executeScriptInContainer(
+      state,
+      "alpine/git",
+      installFakeGit,
+    );
+    expect(output.exitCode).toBe(0);
+    expect(output.stdout.join("\n")).toContain(
+      [
+        "argv:clone",
+        "argv:--recurse-submodules",
+        "argv:--jobs=8",
+        "argv:--config=user.name=Coder User",
+        "argv:-c",
+        "argv:core.sshCommand=ssh -i /tmp/key",
+        "argv:fake-url",
+        "argv:/root/fake-url",
+      ].join("\n"),
+    );
+  });
+
+  it("passes extra_args alongside branch_name in the correct order", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      url: "fake-url",
+      branch_name: "feat/branch",
+      extra_args: JSON.stringify([
+        "--recurse-submodules",
+        "--config=user.name=Coder User",
+      ]),
+    });
+    const output = await executeScriptInContainer(
+      state,
+      "alpine/git",
+      installFakeGit,
+    );
+    expect(output.exitCode).toBe(0);
+    expect(output.stdout.join("\n")).toContain(
+      [
+        "argv:clone",
+        "argv:--recurse-submodules",
+        "argv:--config=user.name=Coder User",
+        "argv:-b",
+        "argv:feat/branch",
+        "argv:fake-url",
+        "argv:/root/fake-url",
+      ].join("\n"),
+    );
+  });
+
+  it("writes output to logs/clone.log under module directory", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      url: "fake-url",
+    });
+    const instance = findResourceInstance(state, "coder_script");
+    const id = await runContainer("alpine/git");
+    await execContainer(id, ["sh", "-c", "apk add --no-cache bash >/dev/null"]);
+    await execContainer(id, ["bash", "-c", instance.script]);
+    const log = await execContainer(id, [
+      "bash",
+      "-c",
+      "cat /root/.coder-modules/coder/git-clone/*/logs/clone.log",
+    ]);
+    expect(log.exitCode).toBe(0);
+    expect(log.stdout).toContain("Cloning fake-url to /root/fake-url...");
+  });
+
+  it("fails when post-clone script fails", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      url: "fake-url",
+      base_dir: "/tmp",
+      post_clone_script: "echo 'Post-clone script failed'; exit 43",
+    });
+    const output = await executeScriptInContainer(
+      state,
+      "alpine/git",
+      "mkdir -p /tmp/fake-url && echo 'existing' > /tmp/fake-url/file.txt",
+    );
+    expect(output.exitCode).toBe(43);
+    expect(output.stdout).toContain("Running post-clone script...");
+    expect(output.stdout).toContain("Post-clone script failed");
+  });
 });

registry/coder/modules/git-clone/main.tf

@@ -56,10 +56,10 @@ variable "folder_name" {
   default     = ""
 }
 
-variable "depth" {
-  description = "If > 0, perform a shallow clone using this depth."
-  type        = number
-  default     = 0
+variable "extra_args" {
+  description = "Extra arguments to pass to `git clone`, one element per argument (e.g. `[\"--recurse-submodules\", \"--jobs=8\", \"--filter=blob:none\"]`)."
+  type        = list(string)
+  default     = []
 }
 
 variable "post_clone_script" {
@@ -68,6 +68,12 @@ variable "post_clone_script" {
   default     = null
 }
 
+variable "pre_clone_script" {
+  description = "Custom script to run before cloning the repository. Runs before git clone, even if the repository already exists."
+  type        = string
+  default     = null
+}
+
 locals {
   # Remove query parameters and fragments from the URL
   url = replace(replace(var.url, "/\\?.*/", ""), "/#.*/", "")
@@ -89,6 +95,32 @@ locals {
   web_url = startswith(local.clone_url, "git@") ? replace(replace(local.clone_url, ":", "/"), "git@", "https://") : local.clone_url
   # Encode the post_clone_script for passing to the shell script
   encoded_post_clone_script = var.post_clone_script != null ? base64encode(var.post_clone_script) : ""
+  # Encode the pre_clone_script for passing to the shell script
+  encoded_pre_clone_script = var.pre_clone_script != null ? base64encode(var.pre_clone_script) : ""
+  encoded_extra_args       = base64encode(join("\n", var.extra_args))
+
+  # Module directory paths (matches coder-utils convention)
+  # Use folder_name so two git-clone instances in the same template get
+  # separate script and log directories.
+  module_dir          = "$HOME/.coder-modules/coder/git-clone/${local.folder_name}"
+  scripts_directory   = "${local.module_dir}/scripts"
+  log_directory       = "${local.module_dir}/logs"
+  clone_script_path   = "${local.scripts_directory}/clone.sh"
+  clone_log_path      = "${local.log_directory}/clone.log"
+  pre_clone_log_path  = "${local.log_directory}/pre_clone.log"
+  post_clone_log_path = "${local.log_directory}/post_clone.log"
+
+  encoded_clone_script = base64encode(templatefile("${path.module}/run.sh", {
+    CLONE_PATH          = local.clone_path,
+    REPO_URL            = local.clone_url,
+    BRANCH_NAME         = local.branch_name,
+    EXTRA_ARGS          = local.encoded_extra_args,
+    POST_CLONE_SCRIPT   = local.encoded_post_clone_script,
+    PRE_CLONE_SCRIPT    = local.encoded_pre_clone_script,
+    SCRIPTS_DIR         = local.scripts_directory,
+    PRE_CLONE_LOG_PATH  = local.pre_clone_log_path,
+    POST_CLONE_LOG_PATH = local.post_clone_log_path,
+  }))
 }
 
 output "repo_dir" {
@@ -122,14 +154,21 @@ output "branch_name" {
 }
 
 resource "coder_script" "git_clone" {
-  agent_id = var.agent_id
-  script = templatefile("${path.module}/run.sh", {
-    CLONE_PATH = local.clone_path,
-    REPO_URL : local.clone_url,
-    BRANCH_NAME : local.branch_name,
-    DEPTH = var.depth,
-    POST_CLONE_SCRIPT : local.encoded_post_clone_script,
-  })
+  agent_id           = var.agent_id
+  script             = <<-EOT
+    #!/bin/bash
+    set -o errexit
+    set -o pipefail
+
+    mkdir -p "${local.module_dir}"
+    mkdir -p "${local.scripts_directory}"
+    mkdir -p "${local.log_directory}"
+
+    echo -n '${local.encoded_clone_script}' | base64 -d > "${local.clone_script_path}"
+    chmod +x "${local.clone_script_path}"
+
+    "${local.clone_script_path}" 2>&1 | tee "${local.clone_log_path}"
+  EOT
   display_name       = "Git Clone"
   icon               = "/icon/git.svg"
   run_on_start       = true

registry/coder/modules/git-clone/run.sh

@@ -1,12 +1,18 @@
 #!/usr/bin/env bash
 
+set -euo pipefail
+
 REPO_URL="${REPO_URL}"
 CLONE_PATH="${CLONE_PATH}"
 BRANCH_NAME="${BRANCH_NAME}"
 # Expand home if it's specified!
 CLONE_PATH="$${CLONE_PATH/#\~/$${HOME}}"
-DEPTH="${DEPTH}"
+EXTRA_ARGS="${EXTRA_ARGS}"
 POST_CLONE_SCRIPT="${POST_CLONE_SCRIPT}"
+PRE_CLONE_SCRIPT="${PRE_CLONE_SCRIPT}"
+SCRIPTS_DIR="${SCRIPTS_DIR}"
+PRE_CLONE_LOG_PATH="${PRE_CLONE_LOG_PATH}"
+POST_CLONE_LOG_PATH="${POST_CLONE_LOG_PATH}"
 
 # Check if the variable is empty...
 if [ -z "$REPO_URL" ]; then
@@ -33,23 +39,32 @@ if [ ! -d "$CLONE_PATH" ]; then
   mkdir -p "$CLONE_PATH"
 fi
 
+# Run pre-clone script if provided
+if [ -n "$PRE_CLONE_SCRIPT" ]; then
+  echo "Running pre-clone script..."
+  PRE_CLONE_PATH="$SCRIPTS_DIR/pre_clone.sh"
+  echo "$PRE_CLONE_SCRIPT" | base64 -d > "$PRE_CLONE_PATH"
+  chmod +x "$PRE_CLONE_PATH"
+  "$PRE_CLONE_PATH" 2>&1 | tee "$PRE_CLONE_LOG_PATH"
+fi
+
+# Build optional git clone flags
+extra_args=()
+if [ -n "$EXTRA_ARGS" ]; then
+  while IFS= read -r arg || [ -n "$arg" ]; do
+    [ -n "$arg" ] && extra_args+=("$arg")
+  done < <(echo "$EXTRA_ARGS" | base64 -d)
+fi
+
 # Check if the directory is empty
 # and if it is, clone the repo, otherwise skip cloning
 if [ -z "$(ls -A "$CLONE_PATH")" ]; then
   if [ -z "$BRANCH_NAME" ]; then
     echo "Cloning $REPO_URL to $CLONE_PATH..."
-    if [ "$DEPTH" -gt 0 ]; then
-      git clone --depth "$DEPTH" "$REPO_URL" "$CLONE_PATH"
-    else
-      git clone "$REPO_URL" "$CLONE_PATH"
-    fi
+    git clone $${extra_args[@]+"$${extra_args[@]}"} "$REPO_URL" "$CLONE_PATH"
   else
     echo "Cloning $REPO_URL to $CLONE_PATH on branch $BRANCH_NAME..."
-    if [ "$DEPTH" -gt 0 ]; then
-      git clone --depth "$DEPTH" -b "$BRANCH_NAME" "$REPO_URL" "$CLONE_PATH"
-    else
-      git clone "$REPO_URL" -b "$BRANCH_NAME" "$CLONE_PATH"
-    fi
+    git clone $${extra_args[@]+"$${extra_args[@]}"} -b "$BRANCH_NAME" "$REPO_URL" "$CLONE_PATH"
   fi
 else
   echo "$CLONE_PATH already exists and isn't empty, skipping clone!"
@@ -58,10 +73,9 @@ fi
 # Run post-clone script if provided
 if [ -n "$POST_CLONE_SCRIPT" ]; then
   echo "Running post-clone script..."
-  POST_CLONE_TMP=$(mktemp)
-  echo "$POST_CLONE_SCRIPT" | base64 -d > "$POST_CLONE_TMP"
-  chmod +x "$POST_CLONE_TMP"
+  POST_CLONE_PATH="$SCRIPTS_DIR/post_clone.sh"
+  echo "$POST_CLONE_SCRIPT" | base64 -d > "$POST_CLONE_PATH"
+  chmod +x "$POST_CLONE_PATH"
   cd "$CLONE_PATH" || exit
-  $POST_CLONE_TMP
-  rm "$POST_CLONE_TMP"
+  "$POST_CLONE_PATH" 2>&1 | tee "$POST_CLONE_LOG_PATH"
 fi

registry/coder/skills/README.md

@@ -0,0 +1,35 @@
+---
+icon: ../../../.icons/coder.svg
+sources:
+  - repo: coder/skills@main
+    skills:
+      setup:
+        display_name: Coder Setup
+        icon: ../../../.icons/coder.svg
+        tags: [coder, deployment, configuration]
+      modules:
+        display_name: Coder Modules
+        icon: ../../../.icons/coder-modules.svg
+        tags: [coder, terraform, modules]
+      templates:
+        display_name: Coder Templates
+        icon: ../../../.icons/coder-templates.svg
+        tags: [coder, terraform, templates]
+---
+
+# Coder Skills
+
+Agent skills maintained by [Coder](https://coder.com) for installing,
+configuring, and developing with the Coder platform.
+
+Skills are sourced from [coder/skills](https://github.com/coder/skills)
+and served through the registry's API, MCP tools, and
+[well-known discovery endpoint](https://agentskills.io/specification).
+
+## Available Skills
+
+| Skill                                                                | Description                                                                                                                                                                                   |
+| -------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [Coder Setup](https://registry.coder.com/skills/coder/setup)         | Install, deploy, or bootstrap a new Coder deployment end-to-end. Covers Docker, Kubernetes/Helm, VM, cloud, HTTPS/domain setup, first admin creation, starter templates, and first workspace. |
+| [Coder Modules](https://registry.coder.com/skills/coder/modules)     | Add or update Coder modules (from registry.coder.com/modules) inside an existing Coder template. Covers IDEs, AI agents, secrets, dev environment tools, and cloud regions.                   |
+| [Coder Templates](https://registry.coder.com/skills/coder/templates) | Author, edit, push, or version a Coder template. Covers starter selection, template anatomy, parameters, validation, push, and first-workspace verification.                                  |