chore: use lowercase for namespaces

feat(pgadmin): add new module for pgAdmin (#228 )
Co-authored-by: DevCats <christofer@coder.com> Co-authored-by: Atif Ali <atif@coder.com>
2026-06-03 04:58:15 +00:00 · 2025-08-28 22:09:58 +05:00 · 2025-08-28 22:32:27 +05:30 · 2025-08-28 20:42:05 +05:00 · 2025-08-28 11:14:57 +00:00 · 2025-08-28 10:33:29 +00:00
92 changed files with 2497 additions and 662 deletions
@@ -0,0 +1 @@
+../AGENTS.md
@@ -192,8 +192,8 @@ main() {

  # Always run formatter to ensure consistent formatting
  echo "🔧 Running formatter to ensure consistent formatting..."
-  if command -v bun >/dev/null 2>&1; then
-    bun fmt >/dev/null 2>&1 || echo "⚠️  Warning: bun fmt failed, but continuing..."
+  if command -v bun > /dev/null 2>&1; then
+    bun fmt > /dev/null 2>&1 || echo "⚠️  Warning: bun fmt failed, but continuing..."
  else
    echo "⚠️  Warning: bun not found, skipping formatting"
  fi
@@ -2,6 +2,8 @@
 muc = "muc" # For Munich location code
 Hashi = "Hashi"
 HashiCorp = "HashiCorp"
+mavrickrishi = "mavrickrishi" # Username
+mavrick = "mavrick" # Username

 [files]
 extend-exclude = ["registry/coder/templates/aws-devcontainer/architecture.svg"] #False positive
@@ -21,4 +21,4 @@ jobs:
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v8
        with:
-          version: v2.1
+          version: v2.1
@@ -11,33 +11,33 @@ jobs:
    permissions:
      contents: write
      pull-requests: read
-    
+
    steps:
      - name: Checkout code
        uses: actions/checkout@v5
        with:
          fetch-depth: 0
          persist-credentials: false
-      
+
      - name: Extract tag information
        id: tag_info
        run: |
          TAG=${GITHUB_REF#refs/tags/}
          echo "tag=$TAG" >> $GITHUB_OUTPUT
-          
+
          IFS='/' read -ra PARTS <<< "$TAG"
          NAMESPACE="${PARTS[1]}"
          MODULE="${PARTS[2]}"
          VERSION="${PARTS[3]}"
-          
+
          echo "namespace=$NAMESPACE" >> $GITHUB_OUTPUT
          echo "module=$MODULE" >> $GITHUB_OUTPUT
          echo "version=$VERSION" >> $GITHUB_OUTPUT
          echo "module_path=registry/$NAMESPACE/modules/$MODULE" >> $GITHUB_OUTPUT
-          
+
          RELEASE_TITLE="$NAMESPACE/$MODULE $VERSION"
          echo "release_title=$RELEASE_TITLE" >> $GITHUB_OUTPUT
-      
+
      - name: Find previous tag
        id: prev_tag
        env:
@@ -46,15 +46,15 @@ jobs:
          CURRENT_TAG: ${{ steps.tag_info.outputs.tag }}
        run: |
          PREV_TAG=$(git tag -l "release/$NAMESPACE/$MODULE/v*" | sort -V | grep -B1 "$CURRENT_TAG" | head -1)
-          
+
          if [ -z "$PREV_TAG" ] || [ "$PREV_TAG" = "$CURRENT_TAG" ]; then
            echo "No previous tag found, using initial commit"
            PREV_TAG=$(git rev-list --max-parents=0 HEAD)
          fi
-          
+
          echo "prev_tag=$PREV_TAG" >> $GITHUB_OUTPUT
          echo "Previous tag: $PREV_TAG"
-      
+
      - name: Generate changelog
        id: changelog
        env:
@@ -64,24 +64,29 @@ jobs:
          CURRENT_TAG: ${{ steps.tag_info.outputs.tag }}
        run: |
          echo "Generating changelog for $MODULE_PATH between $PREV_TAG and $CURRENT_TAG"
-          
+
          COMMITS=$(git log --oneline --no-merges "$PREV_TAG..$CURRENT_TAG" -- "$MODULE_PATH")
-          
+
          if [ -z "$COMMITS" ]; then
            echo "No commits found for this module"
            echo "changelog=No changes found for this module." >> $GITHUB_OUTPUT
            exit 0
          fi
-          
-          FULL_CHANGELOG=$(gh api repos/:owner/:repo/releases/generate-notes \
-            --field tag_name="$CURRENT_TAG" \
-            --field previous_tag_name="$PREV_TAG" \
-            --jq '.body')
-          
+
+          if [[ "$PREV_TAG" == release/* ]]; then
+            FULL_CHANGELOG=$(gh api repos/:owner/:repo/releases/generate-notes \
+              --field tag_name="$CURRENT_TAG" \
+              --field previous_tag_name="$PREV_TAG" \
+              --jq '.body')
+          else
+            echo "New module detected, skipping GitHub API"
+            FULL_CHANGELOG=""
+          fi
+
          MODULE_COMMIT_SHAS=$(git log --format="%H" --no-merges "$PREV_TAG..$CURRENT_TAG" -- "$MODULE_PATH")
-          
+
          FILTERED_CHANGELOG="## What's Changed\n\n"
-          
+
          for sha in $MODULE_COMMIT_SHAS; do
            SHORT_SHA=${sha:0:7}
            
@@ -95,11 +100,11 @@ jobs:
              FILTERED_CHANGELOG="${FILTERED_CHANGELOG}* $COMMIT_MSG by @$AUTHOR\n"
            fi
          done
-          
+
          echo "changelog<<EOF" >> $GITHUB_OUTPUT
          echo -e "$FILTERED_CHANGELOG" >> $GITHUB_OUTPUT
          echo "EOF" >> $GITHUB_OUTPUT
-      
+
      - name: Create Release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -109,4 +114,4 @@ jobs:
        run: |
          gh release create "$TAG_NAME" \
            --title "$RELEASE_TITLE" \
-            --notes "$CHANGELOG"
+            --notes "$CHANGELOG"
@@ -163,8 +163,8 @@ linters:
    staticcheck:
      checks:
        - all
-        - SA4006  # Detects redundant assignments
-        - SA4009  # Detects redundant variable declarations
+        - SA4006 # Detects redundant assignments
+        - SA4009 # Detects redundant variable declarations
        - SA1019
  exclusions:
    generated: lax
@@ -0,0 +1 @@
+<svg width="128" height="128" xmlns="http://www.w3.org/2000/svg"><text x="50%" y="50%" font-size="96px" text-anchor="middle" dominant-baseline="middle" font-family="Apple Color Emoji, Segoe UI Emoji, Noto Color Emoji, sans-serif">🔌</text></svg>
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" height="64" viewBox="0 0 25.6 25.6" width="64"><style><![CDATA[.B{stroke-linecap:round}.C{stroke-linejoin:round}.D{stroke-linejoin:miter}.E{stroke-width:.716}]]></style><g fill="none" stroke="#fff"><path d="M18.983 18.636c.163-1.357.114-1.555 1.124-1.336l.257.023c.777.035 1.793-.125 2.4-.402 1.285-.596 2.047-1.592.78-1.33-2.89.596-3.1-.383-3.1-.383 3.053-4.53 4.33-10.28 3.227-11.687-3.004-3.84-8.205-2.024-8.292-1.976l-.028.005c-.57-.12-1.2-.19-1.93-.2-1.308-.02-2.3.343-3.054.914 0 0-9.277-3.822-8.846 4.807.092 1.836 2.63 13.9 5.66 10.25C8.29 15.987 9.36 14.86 9.36 14.86c.53.353 1.167.533 1.834.468l.052-.044a2.01 2.01 0 0 0 .021.518c-.78.872-.55 1.025-2.11 1.346-1.578.325-.65.904-.046 1.056.734.184 2.432.444 3.58-1.162l-.046.183c.306.245.285 1.76.33 2.842s.116 2.093.337 2.688.48 2.13 2.53 1.7c1.713-.367 3.023-.896 3.143-5.81" fill="#000" stroke="#000" stroke-linecap="butt" stroke-width="2.149" class="D"/><path d="M23.535 15.6c-2.89.596-3.1-.383-3.1-.383 3.053-4.53 4.33-10.28 3.228-11.687-3.004-3.84-8.205-2.023-8.292-1.976l-.028.005a10.31 10.31 0 0 0-1.929-.201c-1.308-.02-2.3.343-3.054.914 0 0-9.278-3.822-8.846 4.807.092 1.836 2.63 13.9 5.66 10.25C8.29 15.987 9.36 14.86 9.36 14.86c.53.353 1.167.533 1.834.468l.052-.044a2.02 2.02 0 0 0 .021.518c-.78.872-.55 1.025-2.11 1.346-1.578.325-.65.904-.046 1.056.734.184 2.432.444 3.58-1.162l-.046.183c.306.245.52 1.593.484 2.815s-.06 2.06.18 2.716.48 2.13 2.53 1.7c1.713-.367 2.6-1.32 2.725-2.906.088-1.128.286-.962.3-1.97l.16-.478c.183-1.53.03-2.023 1.085-1.793l.257.023c.777.035 1.794-.125 2.39-.402 1.285-.596 2.047-1.592.78-1.33z" fill="#336791" stroke="none"/><g class="E"><g class="B"><path d="M12.814 16.467c-.08 2.846.02 5.712.298 6.4s.875 2.05 2.926 1.612c1.713-.367 2.337-1.078 2.607-2.647l.633-5.017M10.356 2.2S1.072-1.596 1.504 7.033c.092 1.836 2.63 13.9 5.66 10.25C8.27 15.95 9.27 14.907 9.27 14.907m6.1-13.4c-.32.1 5.164-2.005 8.282 1.978 1.1 1.407-.175 7.157-3.228 11.687" class="C"/><path d="M20.425 15.17s.2.98 3.1.382c1.267-.262.504.734-.78 1.33-1.054.49-3.418.615-3.457-.06-.1-1.745 1.244-1.215 1.147-1.652-.088-.394-.69-.78-1.086-1.744-.347-.84-4.76-7.29 1.224-6.333.22-.045-1.56-5.7-7.16-5.782S7.99 8.196 7.99 8.196" stroke-linejoin="bevel"/></g><g class="C"><path d="M11.247 15.768c-.78.872-.55 1.025-2.11 1.346-1.578.325-.65.904-.046 1.056.734.184 2.432.444 3.58-1.163.35-.49-.002-1.27-.482-1.468-.232-.096-.542-.216-.94.23z"/><path d="M11.196 15.753c-.08-.513.168-1.122.433-1.836.398-1.07 1.316-2.14.582-5.537-.547-2.53-4.22-.527-4.22-.184s.166 1.74-.06 3.365c-.297 2.122 1.35 3.916 3.246 3.733" class="B"/></g></g><g fill="#fff" class="D"><path d="M10.322 8.145c-.017.117.215.43.516.472s.558-.202.575-.32-.215-.246-.516-.288-.56.02-.575.136z" stroke-width=".239"/><path d="M19.486 7.906c.016.117-.215.43-.516.472s-.56-.202-.575-.32.215-.246.516-.288.56.02.575.136z" stroke-width=".119"/></g><path d="M20.562 7.095c.05.92-.198 1.545-.23 2.524-.046 1.422.678 3.05-.413 4.68" class="B C E"/></g></svg>
@@ -0,0 +1,22 @@
+# Ignore symlinks to avoid Prettier errors
+CLAUDE.md
+.github/copilot-instructions.md
+
+# Ignore node_modules and dependencies
+node_modules/
+
+# Ignore Terraform files (formatted by terraform fmt)
+*.tf
+*.hcl
+*.tfvars
+
+# Ignore generated and temporary files
+.terraform/
+*.tfstate
+*.tfstate.backup
+*.tfstate.lock.info
+
+# Ignore other files that shouldn't be formatted
+bun.lock
+go.sum
+go.mod
@@ -0,0 +1,168 @@
+# AGENTS.md
+
+This file provides guidance to AI coding assistants when working with code in this repository.
+
+## Project Overview
+
+The Coder Registry is a community-driven repository for Terraform modules and templates that extend Coder workspaces. It's organized with:
+
+- **Modules**: Individual components and tools (IDEs, auth integrations, dev tools)
+- **Templates**: Complete workspace configurations for different platforms
+- **Namespaces**: Each contributor has their own namespace under `/registry/[namespace]/`
+
+## Common Development Commands
+
+### Formatting
+
+```bash
+bun run fmt    # Format all code (Prettier + Terraform)
+bun run fmt:ci # Check formatting (CI mode)
+```
+
+### Testing
+
+```bash
+# Test all modules with .tftest.hcl files
+bun run test
+
+# Test specific module (from module directory)
+terraform init -upgrade
+terraform test -verbose
+
+# Validate Terraform syntax
+./scripts/terraform_validate.sh
+```
+
+### Module Creation
+
+```bash
+# Generate new module scaffold
+./scripts/new_module.sh namespace/module-name
+```
+
+### TypeScript Testing & Setup
+
+The repository uses Bun for TypeScript testing with utilities:
+
+- `test/test.ts` - Testing utilities for container management and Terraform operations
+- `setup.ts` - Test cleanup (removes .tfstate files and test containers)
+- Container-based testing with Docker for module validation
+
+## Architecture & Organization
+
+### Directory Structure
+
+```
+registry/[namespace]/
+├── README.md          # Contributor info with frontmatter
+├── .images/           # Namespace avatar (avatar.png/svg)
+├── modules/           # Individual components
+│   └── [module]/      # Each module has main.tf, README.md, tests
+└── templates/         # Complete workspace configs
+    └── [template]/    # Each template has main.tf, README.md
+```
+
+### Key Components
+
+**Module Structure**: Each module contains:
+
+- `main.tf` - Terraform implementation
+- `README.md` - Documentation with YAML frontmatter
+- `.tftest.hcl` - Terraform test files (required)
+- `run.sh` - Optional startup script
+
+**Template Structure**: Each template contains:
+
+- `main.tf` - Complete Coder template configuration
+- `README.md` - Documentation with YAML frontmatter
+- Additional configs, scripts as needed
+
+### README Frontmatter Requirements
+
+All modules/templates require YAML frontmatter:
+
+```yaml
+---
+display_name: "Module Name"
+description: "Brief description"
+icon: "../../../../.icons/tool.svg"
+verified: false
+tags: ["tag1", "tag2"]
+---
+```
+
+## Testing Requirements
+
+### Module Testing
+
+- Every module MUST have `.tftest.hcl` test files
+- Optional `main.test.ts` files for container-based testing or complex business logic validation
+- Tests use Docker containers with `--network=host` flag
+- Linux required for testing (Docker Desktop on macOS/Windows won't work)
+- Use Colima or OrbStack on macOS instead of Docker Desktop
+
+### Test Utilities
+
+The `test/test.ts` file provides:
+
+- `runTerraformApply()` - Execute Terraform with variables
+- `executeScriptInContainer()` - Run coder_script resources in containers
+- `testRequiredVariables()` - Validate required variables
+- Container management functions
+
+## Validation & Quality
+
+### Automated Validation
+
+The Go validation tool (`cmd/readmevalidation/`) checks:
+
+- Repository structure integrity
+- Contributor README files
+- Module and template documentation
+- Frontmatter format compliance
+
+### Versioning
+
+Use semantic versioning for modules:
+
+- **Patch** (1.2.3 → 1.2.4): Bug fixes
+- **Minor** (1.2.3 → 1.3.0): New features, adding inputs
+- **Major** (1.2.3 → 2.0.0): Breaking changes
+
+## Dependencies & Tools
+
+### Required Tools
+
+- **Terraform** - Module development and testing
+- **Docker** - Container-based testing
+- **Bun** - JavaScript runtime for formatting/scripts
+- **Go 1.23+** - Validation tooling
+
+### Development Dependencies
+
+- Prettier with Terraform and shell plugins
+- TypeScript for test utilities
+- Various npm packages for documentation processing
+
+## Workflow Notes
+
+### Contributing Process
+
+1. Create namespace (first-time contributors)
+2. Generate module/template files using scripts
+3. Implement functionality and tests
+4. Run formatting and validation
+5. Submit PR with appropriate template
+
+### Testing Workflow
+
+- All modules must pass `terraform test`
+- Use `bun run test` for comprehensive testing
+- Format code with `bun run fmt` before submission
+- Manual testing recommended for templates
+
+### Namespace Management
+
+- Each contributor gets unique namespace
+- Namespace avatar required (avatar.png/svg in .images/)
+- Namespace README with contributor info and frontmatter
@@ -0,0 +1 @@
+AGENTS.md
@@ -4,11 +4,11 @@
    "": {
      "name": "registry",
      "devDependencies": {
-        "@types/bun": "^1.2.18",
-        "bun-types": "^1.2.18",
+        "@types/bun": "^1.2.21",
+        "bun-types": "^1.2.21",
        "dedent": "^1.6.0",
        "gray-matter": "^4.0.3",
-        "marked": "^16.0.0",
+        "marked": "^16.2.0",
        "prettier": "^3.6.2",
        "prettier-plugin-sh": "^0.18.0",
        "prettier-plugin-terraform-formatter": "^1.2.1",
@@ -21,7 +21,7 @@
  "packages": {
    "@reteps/dockerfmt": ["@reteps/dockerfmt@0.3.6", "", {}, "sha512-Tb5wIMvBf/nLejTQ61krK644/CEMB/cpiaIFXqGApfGqO3GwcR3qnI0DbmkFVCl2OyEp8LnLX3EkucoL0+tbFg=="],

-    "@types/bun": ["@types/bun@1.2.18", "", { "dependencies": { "bun-types": "1.2.18" } }, "sha512-Xf6RaWVheyemaThV0kUfaAUvCNokFr+bH8Jxp+tTZfx7dAPA8z9ePnP9S9+Vspzuxxx9JRAXhnyccRj3GyCMdQ=="],
+    "@types/bun": ["@types/bun@1.2.21", "", { "dependencies": { "bun-types": "1.2.21" } }, "sha512-NiDnvEqmbfQ6dmZ3EeUO577s4P5bf4HCTXtI6trMc6f6RzirY5IrF3aIookuSpyslFzrnvv2lmEWv5HyC1X79A=="],

    "@types/node": ["@types/node@24.0.14", "", { "dependencies": { "undici-types": "~7.8.0" } }, "sha512-4zXMWD91vBLGRtHK3YbIoFMia+1nqEz72coM42C5ETjnNCa/heoj7NT1G67iAfOqMmcfhuCZ4uNpyz8EjlAejw=="],

@@ -29,7 +29,7 @@

    "argparse": ["argparse@1.0.10", "", { "dependencies": { "sprintf-js": "~1.0.2" } }, "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg=="],

-    "bun-types": ["bun-types@1.2.18", "", { "dependencies": { "@types/node": "*" }, "peerDependencies": { "@types/react": "^19" } }, "sha512-04+Eha5NP7Z0A9YgDAzMk5PHR16ZuLVa83b26kH5+cp1qZW4F6FmAURngE7INf4tKOvCE69vYvDEwoNl1tGiWw=="],
+    "bun-types": ["bun-types@1.2.21", "", { "dependencies": { "@types/node": "*" }, "peerDependencies": { "@types/react": "^19" } }, "sha512-sa2Tj77Ijc/NTLS0/Odjq/qngmEPZfbfnOERi0KRUYhT9R8M4VBioWVmMWE5GrYbKMc+5lVybXygLdibHaqVqw=="],

    "csstype": ["csstype@3.1.3", "", {}, "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw=="],

@@ -47,7 +47,7 @@

    "kind-of": ["kind-of@6.0.3", "", {}, "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw=="],

-    "marked": ["marked@16.0.0", "", { "bin": { "marked": "bin/marked.js" } }, "sha512-MUKMXDjsD/eptB7GPzxo4xcnLS6oo7/RHimUMHEDRhUooPwmN9BEpMl7AEOJv3bmso169wHI2wUF9VQgL7zfmA=="],
+    "marked": ["marked@16.2.0", "", { "bin": { "marked": "bin/marked.js" } }, "sha512-LbbTuye+0dWRz2TS9KJ7wsnD4KAtpj0MVkWc90XvBa6AslXsT0hTBVH5k32pcSyHH1fst9XEFJunXHktVy0zlg=="],

    "prettier": ["prettier@3.6.2", "", { "bin": { "prettier": "bin/prettier.cjs" } }, "sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ=="],

@@ -94,6 +94,9 @@ func validateCoderModuleReadme(rm coderResourceReadme) []error {
 	for _, err := range validateCoderModuleReadmeBody(rm.body) {
 		errs = append(errs, addFilePathToError(rm.filePath, err))
 	}
+	for _, err := range validateResourceGfmAlerts(rm.body) {
+		errs = append(errs, addFilePathToError(rm.filePath, err))
+	}
 	if fmErrs := validateCoderResourceFrontmatter("modules", rm.filePath, rm.frontmatter); len(fmErrs) != 0 {
 		errs = append(errs, fmErrs...)
 	}
@@ -1,6 +1,7 @@
 package main

 import (
+	"bufio"
 	"errors"
 	"net/url"
 	"os"
@@ -16,11 +17,16 @@ import (
 var (
 	supportedResourceTypes = []string{"modules", "templates"}
 	operatingSystems       = []string{"windows", "macos", "linux"}
+	gfmAlertTypes          = []string{"NOTE", "IMPORTANT", "CAUTION", "WARNING", "TIP"}

 	// TODO: This is a holdover from the validation logic used by the Coder Modules repo. It gives us some assurance, but
 	// realistically, we probably want to parse any Terraform code snippets, and make some deeper guarantees about how it's
 	// structured. Just validating whether it *can* be parsed as Terraform would be a big improvement.
 	terraformVersionRe = regexp.MustCompile(`^\s*\bversion\s+=`)
+
+	// Matches the format "> [!INFO]". Deliberately using a broad pattern to catch formatting issues that can mess up
+	// the renderer for the Registry website
+	gfmAlertRegex = regexp.MustCompile(`^>(\s*)\[!(\w+)\](\s*)(.*)`)
 )

 type coderResourceFrontmatter struct {
@@ -277,3 +283,73 @@ func aggregateCoderResourceReadmeFiles(resourceType string) ([]readme, error) {
 	}
 	return allReadmeFiles, nil
 }
+
+func validateResourceGfmAlerts(readmeBody string) []error {
+	trimmed := strings.TrimSpace(readmeBody)
+	if trimmed == "" {
+		return nil
+	}
+
+	var errs []error
+	var sourceLine string
+	isInsideGfmQuotes := false
+	isInsideCodeBlock := false
+
+	lineScanner := bufio.NewScanner(strings.NewReader(trimmed))
+	for lineScanner.Scan() {
+		sourceLine = lineScanner.Text()
+
+		if strings.HasPrefix(sourceLine, "```") {
+			isInsideCodeBlock = !isInsideCodeBlock
+			continue
+		}
+		if isInsideCodeBlock {
+			continue
+		}
+
+		isInsideGfmQuotes = isInsideGfmQuotes && strings.HasPrefix(sourceLine, "> ")
+
+		currentMatch := gfmAlertRegex.FindStringSubmatch(sourceLine)
+		if currentMatch == nil {
+			continue
+		}
+
+		// Nested GFM alerts is such a weird mistake that it's probably not really safe to keep trying to process the
+		// rest of the content, so this will prevent any other validations from happening for the given line
+		if isInsideGfmQuotes {
+			errs = append(errs, errors.New("registry does not support nested GFM alerts"))
+			continue
+		}
+
+		leadingWhitespace := currentMatch[1]
+		if len(leadingWhitespace) != 1 {
+			errs = append(errs, errors.New("GFM alerts must have one space between the '>' and the start of the GFM brackets"))
+		}
+		isInsideGfmQuotes = true
+
+		alertHeader := currentMatch[2]
+		upperHeader := strings.ToUpper(alertHeader)
+		if !slices.Contains(gfmAlertTypes, upperHeader) {
+			errs = append(errs, xerrors.Errorf("GFM alert type %q is not supported", alertHeader))
+		}
+		if alertHeader != upperHeader {
+			errs = append(errs, xerrors.Errorf("GFM alerts must be in all caps"))
+		}
+
+		trailingWhitespace := currentMatch[3]
+		if trailingWhitespace != "" {
+			errs = append(errs, xerrors.Errorf("GFM alerts must not have any trailing whitespace after the closing bracket"))
+		}
+
+		extraContent := currentMatch[4]
+		if extraContent != "" {
+			errs = append(errs, xerrors.Errorf("GFM alerts must not have any extra content on the same line"))
+		}
+	}
+
+	if gfmAlertRegex.Match([]byte(sourceLine)) {
+		errs = append(errs, xerrors.Errorf("README has an incomplete GFM alert at the end of the file"))
+	}
+
+	return errs
+}
@@ -70,6 +70,9 @@ func validateCoderTemplateReadme(rm coderResourceReadme) []error {
 	for _, err := range validateCoderTemplateReadmeBody(rm.body) {
 		errs = append(errs, addFilePathToError(rm.filePath, err))
 	}
+	for _, err := range validateResourceGfmAlerts(rm.body) {
+		errs = append(errs, addFilePathToError(rm.filePath, err))
+	}
 	if fmErrs := validateCoderResourceFrontmatter("templates", rm.filePath, rm.frontmatter); len(fmErrs) != 0 {
 		errs = append(errs, fmErrs...)
 	}
@@ -0,0 +1,33 @@
+---
+display_name: NAMESPACE_NAME
+bio: Brief description of what this namespace provides
+github: your-github-username
+avatar: ./.images/avatar.svg
+linkedin: https://www.linkedin.com/in/your-profile
+website: https://your-website.com
+status: community
+---
+
+# NAMESPACE_NAME
+
+Brief description of what this namespace provides. Include information about:
+
+- What types of templates/modules you offer
+- Your focus areas (e.g., specific cloud providers, technologies)
+- Any special features or configurations
+
+## Templates
+
+List your available templates here:
+
+- **template-name**: Brief description
+
+## Modules
+
+List your available modules here:
+
+- **module-name**: Brief description
+
+## Contributing
+
+If you'd like to contribute to this namespace, please [open an issue](https://github.com/coder/registry/issues) or submit a pull request.
@@ -0,0 +1,58 @@
+---
+name: TEMPLATE_NAME
+description: A brief description of what this template does
+tags: [tag1, tag2, tag3]
+icon: /icon/TEMPLATE_NAME.svg
+---
+
+# TEMPLATE_NAME
+
+A brief description of what this template provides and its use case.
+
+## Features
+
+- Feature 1
+- Feature 2
+- Feature 3
+
+## Requirements
+
+- List any prerequisites or requirements
+- Provider-specific requirements (e.g., Docker, AWS credentials)
+- Minimum Coder version if applicable
+
+## Usage
+
+1. Step-by-step instructions on how to use this template
+2. Any configuration that needs to be done
+3. How to customize the template
+
+## Variables
+
+| Name        | Description                 | Type     | Default           | Required |
+| ----------- | --------------------------- | -------- | ----------------- | -------- |
+| example_var | Description of the variable | `string` | `"default_value"` | no       |
+
+## Resources Created
+
+- List of resources that will be created
+- Brief description of each resource
+
+## Customization
+
+Explain how users can customize this template for their needs:
+
+- How to modify the startup script
+- How to add additional software
+- How to configure different providers
+
+## Troubleshooting
+
+### Common Issues
+
+- Issue 1 and its solution
+- Issue 2 and its solution
+
+## Contributing
+
+Contributions are welcome! Please see the [contributing guidelines](../../CONTRIBUTING.md) for more information.
@@ -0,0 +1,172 @@
+terraform {
+  required_providers {
+    coder = {
+      source = "coder/coder"
+    }
+    # Add your provider here (e.g., docker, aws, gcp, azure)
+    # docker = {
+    #   source = "kreuzwerker/docker"
+    # }
+  }
+}
+
+locals {
+  username = data.coder_workspace_owner.me.name
+}
+
+# Add your variables here
+# variable "example_var" {
+#   default     = "default_value"
+#   description = "Description of the variable"
+#   type        = string
+# }
+
+# Configure your provider here
+# provider "docker" {
+#   host = var.docker_socket != "" ? var.docker_socket : null
+# }
+
+data "coder_provisioner" "me" {}
+data "coder_workspace" "me" {}
+data "coder_workspace_owner" "me" {}
+
+resource "coder_agent" "main" {
+  arch           = data.coder_provisioner.me.arch
+  os             = "linux"
+  startup_script = <<-EOT
+    set -e
+
+    # Prepare user home with default files on first start.
+    if [ ! -f ~/.init_done ]; then
+      cp -rT /etc/skel ~
+      touch ~/.init_done
+    fi
+
+    # Add any commands that should be executed at workspace startup here
+  EOT
+
+  # These environment variables allow you to make Git commits right away after creating a
+  # workspace. Note that they take precedence over configuration defined in ~/.gitconfig!
+  # You can remove this block if you'd prefer to configure Git manually or using
+  # dotfiles. (see docs/dotfiles.md)
+  env = {
+    GIT_AUTHOR_NAME     = coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name)
+    GIT_AUTHOR_EMAIL    = "${data.coder_workspace_owner.me.email}"
+    GIT_COMMITTER_NAME  = coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name)
+    GIT_COMMITTER_EMAIL = "${data.coder_workspace_owner.me.email}"
+  }
+
+  # The following metadata blocks are optional. They are used to display
+  # information about your workspace in the dashboard. You can remove them
+  # if you don't want to display any information.
+  # For basic templates, you can remove the "display_apps" block.
+  metadata {
+    display_name = "CPU Usage"
+    key          = "0_cpu_usage"
+    script       = "coder stat cpu"
+    interval     = 10
+    timeout      = 1
+  }
+
+  metadata {
+    display_name = "RAM Usage"
+    key          = "1_ram_usage"
+    script       = "coder stat mem"
+    interval     = 10
+    timeout      = 1
+  }
+
+  metadata {
+    display_name = "Home Disk"
+    key          = "3_home_disk"
+    script       = "coder stat disk --path $${HOME}"
+    interval     = 60
+    timeout      = 1
+  }
+
+  display_apps {
+    vscode                 = true
+    vscode_insiders        = false
+    ssh_helper             = false
+    port_forwarding_helper = true
+    web_terminal           = true
+  }
+}
+
+# Add your resources here (e.g., docker container, VM, etc.)
+# resource "docker_image" "main" {
+#   name = "codercom/enterprise-base:ubuntu"
+# }
+
+# resource "docker_container" "workspace" {
+#   count = data.coder_workspace.me.start_count
+#   image = docker_image.main.image_id
+#   # Uses lower() to avoid Docker restriction on container names.
+#   name = "coder-${data.coder_workspace_owner.me.name}-${lower(data.coder_workspace.me.name)}"
+#   # Hostname makes the shell more user friendly: coder@my-workspace:~$
+#   hostname = data.coder_workspace.me.name
+#   # Use the docker gateway if the access URL is 127.0.0.1
+#   entrypoint = ["sh", "-c", replace(coder_agent.main.init_script, "/localhost|127\.0\.0\.1/", "host.docker.internal")]
+#   env        = ["CODER_AGENT_TOKEN=${coder_agent.main.token}"]
+#   host {
+#     host = "host.docker.internal"
+#     ip   = "host-gateway"
+#   }
+#   volumes {
+#     container_path = "/home/${local.username}"
+#     volume_name    = docker_volume.home_volume[0].name
+#     read_only      = false
+#   }
+#   # Add labels in Docker to keep track of orphan resources.
+#   labels {
+#     label = "coder.owner"
+#     value = data.coder_workspace_owner.me.name
+#   }
+#   labels {
+#     label = "coder.owner_id"
+#     value = data.coder_workspace_owner.me.id
+#   }
+#   labels {
+#     label = "coder.workspace_id"
+#     value = data.coder_workspace.me.id
+#   }
+#   labels {
+#     label = "coder.workspace_name"
+#     value = data.coder_workspace.me.name
+#   }
+# }
+
+# resource "docker_volume" "home_volume" {
+#   count = data.coder_workspace.me.start_count
+#   name  = "coder-${data.coder_workspace_owner.me.name}-${data.coder_workspace.me.name}-home"
+#   # Protect the volume from being deleted due to changes in attributes.
+#   lifecycle {
+#     ignore_changes = all
+#   }
+#   # Add labels in Docker to keep track of orphan resources.
+#   labels {
+#     label = "coder.owner"
+#     value = data.coder_workspace_owner.me.name
+#   }
+#   labels {
+#     label = "coder.owner_id"
+#     value = data.coder_workspace_owner.me.id
+#   }
+#   labels {
+#     label = "coder.workspace_id"
+#     value = data.coder_workspace.me.id
+#   }
+#   labels {
+#     label = "coder.workspace_name"
+#     value = data.coder_workspace.me.name
+#   }
+# }
+
+resource "coder_metadata" "workspace_info" {
+  resource_id = coder_agent.main.id
+
+  item {
+    key   = "TEMPLATE_NAME"
+    value = "TEMPLATE_NAME"
+  }
+}
@@ -1,18 +1,18 @@
 {
  "name": "registry",
  "scripts": {
-    "fmt": "bun x prettier --write **/*.sh **/*.ts **/*.md *.md && terraform fmt -recursive -diff",
-    "fmt:ci": "bun x prettier --check **/*.sh **/*.ts **/*.md *.md && terraform fmt -check -recursive -diff",
+    "fmt": "bun x prettier --write . && terraform fmt -recursive -diff",
+    "fmt:ci": "bun x prettier --check . && terraform fmt -check -recursive -diff",
    "terraform-validate": "./scripts/terraform_validate.sh",
    "test": "./scripts/terraform_test_all.sh",
    "update-version": "./update-version.sh"
  },
  "devDependencies": {
-    "@types/bun": "^1.2.18",
-    "bun-types": "^1.2.18",
+    "@types/bun": "^1.2.21",
+    "bun-types": "^1.2.21",
    "dedent": "^1.6.0",
    "gray-matter": "^4.0.3",
-    "marked": "^16.0.0",
+    "marked": "^16.2.0",
    "prettier": "^3.6.2",
    "prettier-plugin-sh": "^0.18.0",
    "prettier-plugin-terraform-formatter": "^1.2.1"
@@ -0,0 +1,7 @@
+---
+display_name: Jash
+bio: Coder user and contributor.
+github: AJ0070
+avatar: ./.images/avatar.png
+status: community
+---
@@ -0,0 +1,23 @@
+---
+display_name: "pgAdmin"
+description: "A web-based interface for managing PostgreSQL databases in your Coder workspace."
+icon: "../../../../.icons/pgadmin.svg"
+maintainer_github: "AJ0070"
+verified: false
+tags: ["database", "postgres", "pgadmin", "web-ide"]
+---
+
+# pgAdmin
+
+This module adds a pgAdmin app to your Coder workspace, providing a powerful web-based interface for managing PostgreSQL databases.
+
+It can be served on a Coder subdomain for easy access, or on `localhost` if you prefer to use port-forwarding.
+
+```tf
+module "pgadmin" {
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/aj0070/pgadmin/coder"
+  version  = "1.0.0"
+  agent_id = coder_agent.example.id
+}
+```
@@ -0,0 +1,10 @@
+import { describe } from "bun:test";
+import { runTerraformInit, testRequiredVariables } from "~test";
+
+describe("pgadmin", async () => {
+  await runTerraformInit(import.meta.dir);
+
+  testRequiredVariables(import.meta.dir, {
+    agent_id: "foo",
+  });
+});
@@ -0,0 +1,108 @@
+terraform {
+  required_providers {
+    coder = {
+      source = "coder/coder"
+    }
+  }
+}
+
+variable "agent_id" {
+  type        = string
+  description = "The agent to install pgAdmin on."
+}
+
+variable "port" {
+  type        = number
+  description = "The port to run pgAdmin on."
+  default     = 5050
+}
+
+variable "subdomain" {
+  type        = bool
+  description = "If true, the app will be served on a subdomain."
+  default     = true
+}
+
+variable "config" {
+  type        = any
+  description = "A map of pgAdmin configuration settings."
+  default = {
+    DEFAULT_EMAIL            = "admin@coder.com"
+    DEFAULT_PASSWORD         = "coderPASSWORD"
+    SERVER_MODE              = false
+    MASTER_PASSWORD_REQUIRED = false
+    LISTEN_ADDRESS           = "127.0.0.1"
+  }
+}
+
+data "coder_workspace" "me" {}
+data "coder_workspace_owner" "me" {}
+
+resource "coder_app" "pgadmin" {
+  count        = data.coder_workspace.me.start_count
+  agent_id     = var.agent_id
+  display_name = "pgAdmin"
+  slug         = "pgadmin"
+  icon         = "/icon/pgadmin.svg"
+  url          = local.url
+  subdomain    = var.subdomain
+  share        = "owner"
+
+  healthcheck {
+    url       = local.healthcheck_url
+    interval  = 5
+    threshold = 6
+  }
+}
+
+resource "coder_script" "pgadmin" {
+  agent_id     = var.agent_id
+  display_name = "Install and run pgAdmin"
+  icon         = "/icon/pgadmin.svg"
+  run_on_start = true
+  script = templatefile("${path.module}/run.sh", {
+    PORT             = var.port,
+    LOG_PATH         = "/tmp/pgadmin.log",
+    SERVER_BASE_PATH = local.server_base_path,
+    CONFIG           = local.config_content,
+    PGADMIN_DATA_DIR = local.pgadmin_data_dir,
+    PGADMIN_LOG_DIR  = local.pgadmin_log_dir,
+    PGADMIN_VENV_DIR = local.pgadmin_venv_dir
+  })
+}
+
+locals {
+  server_base_path = var.subdomain ? "" : format("/@%s/%s/apps/%s", data.coder_workspace_owner.me.name, data.coder_workspace.me.name, "pgadmin")
+  url              = "http://localhost:${var.port}${local.server_base_path}"
+  healthcheck_url  = "http://localhost:${var.port}${local.server_base_path}/"
+
+  # pgAdmin data directories (user-local paths)
+  pgadmin_data_dir = "$HOME/.pgadmin"
+  pgadmin_log_dir  = "$HOME/.pgadmin/logs"
+  pgadmin_venv_dir = "$HOME/.pgadmin/venv"
+
+  base_config = merge(var.config, {
+    LISTEN_PORT = var.port
+    # Override paths for user installation
+    DATA_DIR        = local.pgadmin_data_dir
+    LOG_FILE        = "${local.pgadmin_log_dir}/pgadmin4.log"
+    SQLITE_PATH     = "${local.pgadmin_data_dir}/pgadmin4.db"
+    SESSION_DB_PATH = "${local.pgadmin_data_dir}/sessions"
+    STORAGE_DIR     = "${local.pgadmin_data_dir}/storage"
+    # Disable initial setup prompts for automated deployment
+    SETUP_AUTH = false
+  })
+
+  config_with_path = var.subdomain ? local.base_config : merge(local.base_config, {
+    APPLICATION_ROOT = local.server_base_path
+  })
+
+  config_content = join("\n", [
+    for key, value in local.config_with_path :
+    format("%s = %s", key,
+      can(regex("^(true|false)$", tostring(value))) ? (value ? "True" : "False") :
+      can(tonumber(value)) ? tostring(value) :
+      format("'%s'", tostring(value))
+    )
+  ])
+}
@@ -0,0 +1,76 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+PORT=${PORT}
+LOG_PATH=${LOG_PATH}
+SERVER_BASE_PATH=${SERVER_BASE_PATH}
+
+BOLD='\033[0;1m'
+
+printf "$${BOLD}Installing pgAdmin!\n"
+
+# Check if Python 3 is available
+if ! command -v python3 > /dev/null 2>&1; then
+  echo "⚠️  Warning: Python 3 is not installed. Please install Python 3 before using this module."
+  exit 0
+fi
+
+# Setup pgAdmin directories (from Terraform configuration)
+PGADMIN_DATA_DIR="${PGADMIN_DATA_DIR}"
+PGADMIN_LOG_DIR="${PGADMIN_LOG_DIR}"
+PGADMIN_VENV_DIR="${PGADMIN_VENV_DIR}"
+
+printf "Setting up pgAdmin directories...\n"
+mkdir -p "$PGADMIN_DATA_DIR"
+mkdir -p "$PGADMIN_LOG_DIR"
+
+# Check if pgAdmin virtual environment already exists and is working
+if [ -f "$PGADMIN_VENV_DIR/bin/pgadmin4" ] && [ -f "$PGADMIN_VENV_DIR/bin/activate" ]; then
+  printf "🥳 pgAdmin virtual environment already exists\n\n"
+else
+  printf "Creating Python virtual environment for pgAdmin...\n"
+  if ! python3 -m venv "$PGADMIN_VENV_DIR"; then
+    echo "⚠️  Warning: Failed to create virtual environment"
+    exit 0
+  fi
+
+  printf "Installing pgAdmin 4 in virtual environment...\n"
+  if ! "$PGADMIN_VENV_DIR/bin/pip" install pgadmin4; then
+    echo "⚠️  Warning: Failed to install pgAdmin4"
+    exit 0
+  fi
+
+  printf "🥳 pgAdmin has been installed successfully\n\n"
+fi
+
+printf "$${BOLD}Configuring pgAdmin...\n"
+
+if [ -f "$PGADMIN_VENV_DIR/bin/pgadmin4" ]; then
+  # pgAdmin installs to a predictable location in the virtual environment
+  PYTHON_VERSION=$("$PGADMIN_VENV_DIR/bin/python" -c "import sys; print(f'{sys.version_info.major}.{sys.version_info.minor}')")
+  PGADMIN_INSTALL_DIR="$PGADMIN_VENV_DIR/lib/python$PYTHON_VERSION/site-packages/pgadmin4"
+
+  # Create pgAdmin config file in the correct location (next to config.py)
+  cat > "$PGADMIN_INSTALL_DIR/config_local.py" << EOF
+# pgAdmin configuration for Coder workspace
+${CONFIG}
+EOF
+
+  printf "📄 Config written to $PGADMIN_INSTALL_DIR/config_local.py\n"
+
+  printf "$${BOLD}Starting pgAdmin in background...\n"
+  printf "📝 Check logs at $${LOG_PATH}\n"
+  printf "🌐 Serving at http://localhost:${PORT}${SERVER_BASE_PATH}\n"
+
+  # Create required directories
+  mkdir -p "$PGADMIN_DATA_DIR/sessions"
+  mkdir -p "$PGADMIN_DATA_DIR/storage"
+
+  # Start pgadmin4 from the virtual environment with proper environment
+  cd "$PGADMIN_DATA_DIR"
+  PYTHONPATH="$PGADMIN_INSTALL_DIR:$${PYTHONPATH:-}" "$PGADMIN_VENV_DIR/bin/pgadmin4" > "$${LOG_PATH}" 2>&1 &
+else
+  printf "⚠️  Warning: pgAdmin4 virtual environment not found\n"
+  printf "📝 Installation may have failed - check logs above\n"
+fi
@@ -28,7 +28,9 @@ describe("tmux module", async () => {

    // check that the script contains expected lines
    expect(scriptResource.script).toContain("Installing tmux");
-    expect(scriptResource.script).toContain("Installing Tmux Plugin Manager (TPM)");
+    expect(scriptResource.script).toContain(
+      "Installing Tmux Plugin Manager (TPM)",
+    );
    expect(scriptResource.script).toContain("tmux configuration created at");
    expect(scriptResource.script).toContain("✅ tmux setup complete!");
  });
@@ -8,75 +8,75 @@ TMUX_CONFIG="${TMUX_CONFIG}"

 # Function to install tmux
 install_tmux() {
-    printf "Checking for tmux installation\n"
+  printf "Checking for tmux installation\n"

-    if command -v tmux &> /dev/null; then
-        printf "tmux is already installed \n\n"
-        return 0
-    fi
+  if command -v tmux &> /dev/null; then
+    printf "tmux is already installed \n\n"
+    return 0
+  fi

-    printf "Installing tmux \n\n"
+  printf "Installing tmux \n\n"

-    # Detect package manager and install tmux
-    if command -v apt-get &> /dev/null; then
-        sudo apt-get update
-        sudo apt-get install -y tmux
-    elif command -v yum &> /dev/null; then
-        sudo yum install -y tmux
-    elif command -v dnf &> /dev/null; then
-        sudo dnf install -y tmux
-    elif command -v zypper &> /dev/null; then
-        sudo zypper install -y tmux
-    elif command -v apk &> /dev/null; then
-        sudo apk add tmux
-    elif command -v brew &> /dev/null; then
-        brew install tmux
-    else
-        printf "No supported package manager found. Please install tmux manually. \n"
-        exit 1
-    fi
+  # Detect package manager and install tmux
+  if command -v apt-get &> /dev/null; then
+    sudo apt-get update
+    sudo apt-get install -y tmux
+  elif command -v yum &> /dev/null; then
+    sudo yum install -y tmux
+  elif command -v dnf &> /dev/null; then
+    sudo dnf install -y tmux
+  elif command -v zypper &> /dev/null; then
+    sudo zypper install -y tmux
+  elif command -v apk &> /dev/null; then
+    sudo apk add tmux
+  elif command -v brew &> /dev/null; then
+    brew install tmux
+  else
+    printf "No supported package manager found. Please install tmux manually. \n"
+    exit 1
+  fi

-    printf "tmux installed successfully \n"
+  printf "tmux installed successfully \n"
 }

 # Function to install Tmux Plugin Manager (TPM)
 install_tpm() {
-    local tpm_dir="$HOME/.tmux/plugins/tpm"
+  local tpm_dir="$HOME/.tmux/plugins/tpm"

-    if [ -d "$tpm_dir" ]; then
-        printf "TPM is already installed"
-        return 0
-    fi
+  if [ -d "$tpm_dir" ]; then
+    printf "TPM is already installed"
+    return 0
+  fi

-    printf "Installing Tmux Plugin Manager (TPM) \n"
+  printf "Installing Tmux Plugin Manager (TPM) \n"

-    # Create plugins directory
-    mkdir -p "$HOME/.tmux/plugins"
+  # Create plugins directory
+  mkdir -p "$HOME/.tmux/plugins"

-    # Clone TPM repository
-    if command -v git &> /dev/null; then
-        git clone https://github.com/tmux-plugins/tpm "$tpm_dir"
-        printf "TPM installed successfully"
-    else
-        printf "Git is not installed. Please install git to use tmux plugins. \n"
-        exit 1
-    fi
+  # Clone TPM repository
+  if command -v git &> /dev/null; then
+    git clone https://github.com/tmux-plugins/tpm "$tpm_dir"
+    printf "TPM installed successfully"
+  else
+    printf "Git is not installed. Please install git to use tmux plugins. \n"
+    exit 1
+  fi
 }

 # Function to create tmux configuration
 setup_tmux_config() {
-    printf "Setting up tmux configuration \n"
+  printf "Setting up tmux configuration \n"

-    local config_dir="$HOME/.tmux"
-    local config_file="$HOME/.tmux.conf"
+  local config_dir="$HOME/.tmux"
+  local config_file="$HOME/.tmux.conf"

-    mkdir -p "$config_dir"
+  mkdir -p "$config_dir"

-    if [ -n "$TMUX_CONFIG" ]; then
-        printf "$TMUX_CONFIG" > "$config_file"
-        printf "$${BOLD}Custom tmux configuration applied at {$config_file} \n\n"
-    else
-        cat > "$config_file" << EOF
+  if [ -n "$TMUX_CONFIG" ]; then
+    printf "$TMUX_CONFIG" > "$config_file"
+    printf "$${BOLD}Custom tmux configuration applied at {$config_file} \n\n"
+  else
+    cat > "$config_file" << EOF
 # Tmux Configuration File

 # =============================================================================
@@ -106,48 +106,48 @@ bind C-r run-shell "~/.tmux/plugins/tmux-resurrect/scripts/restore.sh"
 # Initialize TMUX plugin manager (keep this line at the very bottom of tmux.conf)
 run '~/.tmux/plugins/tpm/tpm'
 EOF
-        printf "tmux configuration created at {$config_file} \n\n"
-    fi
+    printf "tmux configuration created at {$config_file} \n\n"
+  fi
 }

 # Function to install tmux plugins
 install_plugins() {
-    printf "Installing tmux plugins"
+  printf "Installing tmux plugins"

-    # Check if TPM is installed
-    if [ ! -d "$HOME/.tmux/plugins/tpm" ]; then
-        printf "TPM is not installed. Cannot install plugins. \n"
-        return 1
-    fi
+  # Check if TPM is installed
+  if [ ! -d "$HOME/.tmux/plugins/tpm" ]; then
+    printf "TPM is not installed. Cannot install plugins. \n"
+    return 1
+  fi

-    # Install plugins using TPM
-    "$HOME/.tmux/plugins/tpm/bin/install_plugins"
+  # Install plugins using TPM
+  "$HOME/.tmux/plugins/tpm/bin/install_plugins"

-    printf "tmux plugins installed successfully \n"
+  printf "tmux plugins installed successfully \n"
 }

 # Main execution
 main() {
-    printf "$${BOLD} 🛠️Setting up tmux with session persistence! \n\n"
-    printf ""
+  printf "$${BOLD} 🛠️Setting up tmux with session persistence! \n\n"
+  printf ""

-    # Install dependencies
-    install_tmux
-    install_tpm
+  # Install dependencies
+  install_tmux
+  install_tpm

-    # Setup tmux configuration
-    setup_tmux_config
+  # Setup tmux configuration
+  setup_tmux_config

-    # Install plugins
-    install_plugins
+  # Install plugins
+  install_plugins

-    printf "$${BOLD}✅ tmux setup complete! \n\n"
+  printf "$${BOLD}✅ tmux setup complete! \n\n"

-    printf "$${BOLD} Attempting to restore sessions\n"
-    tmux new-session -d \; source-file ~/.tmux.conf \; run-shell '~/.tmux/plugins/tmux-resurrect/scripts/restore.sh'
-    printf "$${BOLD} Sessions restored: -> %s\n" "$(tmux ls)"
+  printf "$${BOLD} Attempting to restore sessions\n"
+  tmux new-session -d \; source-file ~/.tmux.conf \; run-shell '~/.tmux/plugins/tmux-resurrect/scripts/restore.sh'
+  printf "$${BOLD} Sessions restored: -> %s\n" "$(tmux ls)"

 }

 # Run main function
-main
+main
@@ -16,7 +16,7 @@ handle_session() {
  local session_name="$1"

  # Check if the session exists
-  if tmux has-session -t "$session_name" 2>/dev/null; then
+  if tmux has-session -t "$session_name" 2> /dev/null; then
    echo "Session '$session_name' exists, attaching to it..."
    tmux attach-session -t "$session_name"
  else
@@ -165,9 +165,9 @@ describe("auggie", async () => {
      mcpServers: {
        test: {
          command: "test-cmd",
-          type: "stdio"
-        }
-      }
+          type: "stdio",
+        },
+      },
    });
    const { id } = await setup({
      moduleVariables: {
@@ -187,13 +187,16 @@ describe("auggie", async () => {
    const rules = "Always use TypeScript for new files";
    const { id } = await setup({
      moduleVariables: {
-        install_auggie: "false",  // Don't need to install auggie to test rules file creation
+        install_auggie: "false", // Don't need to install auggie to test rules file creation
        rules: rules,
      },
    });
    await execModuleScript(id);

-    const rulesFile = await readFileContainer(id, "/home/coder/.augment/rules.md");
+    const rulesFile = await readFileContainer(
+      id,
+      "/home/coder/.augment/rules.md",
+    );
    expect(rulesFile).toContain(rules);
  });

@@ -309,12 +312,15 @@ describe("auggie", async () => {
  test("coder-mcp-config-created", async () => {
    const { id } = await setup({
      moduleVariables: {
-        install_auggie: "false",  // Don't need to install auggie to test MCP config creation
+        install_auggie: "false", // Don't need to install auggie to test MCP config creation
      },
    });
    await execModuleScript(id);

-    const mcpConfig = await readFileContainer(id, "/home/coder/.augment/coder_mcp.json");
+    const mcpConfig = await readFileContainer(
+      id,
+      "/home/coder/.augment/coder_mcp.json",
+    );
    expect(mcpConfig).toContain("mcpServers");
    expect(mcpConfig).toContain("coder");
    expect(mcpConfig).toContain("CODER_MCP_APP_STATUS_SLUG");
@@ -25,7 +25,6 @@ printf "rules: %s\n" "$ARG_AUGGIE_RULES"

 echo "--------------------------------"

-
 function check_dependencies() {
  if ! command_exists node; then
    printf "Error: Node.js is not installed. Please install Node.js manually or use the pre_install_script to install it.\n"
@@ -51,28 +50,27 @@ function install_auggie() {
    if [ ! -d "$NPM_GLOBAL_PREFIX" ]; then
      mkdir -p "$NPM_GLOBAL_PREFIX"
    fi
-    
+
    npm config set prefix "$NPM_GLOBAL_PREFIX"
-    
+
    export PATH="$NPM_GLOBAL_PREFIX/bin:$PATH"
-    
+
    if [ -n "$ARG_AUGGIE_VERSION" ]; then
      npm install -g "@augmentcode/auggie@$ARG_AUGGIE_VERSION"
    else
      npm install -g "@augmentcode/auggie"
    fi
-    
+
    if ! grep -q "export PATH=\"\$HOME/.npm-global/bin:\$PATH\"" "$HOME/.bashrc"; then
      echo 'export PATH="$HOME/.npm-global/bin:$PATH"' >> "$HOME/.bashrc"
    fi
-    
+
    printf "%s Successfully installed Auggie CLI. Version: %s\n" "${BOLD}" "$(auggie --version)"
  else
    printf "Skipping Auggie CLI installation (install_auggie=false)\n"
  fi
 }

-
 function create_coder_mcp() {
  AUGGIE_CODER_MCP_FILE="$HOME/.augment/coder_mcp.json"
  CODER_MCP=$(
@@ -39,7 +39,6 @@ printf "report_tasks: %s\n" "$ARG_REPORT_TASKS"

 echo "--------------------------------"

-
 function validate_auggie_installation() {
  if command_exists auggie; then
    printf "Auggie is installed\n"
@@ -124,8 +124,8 @@ describe("codex", async () => {
    });
    await execModuleScript(id);
    const resp = await readFileContainer(id, "/home/coder/.codex/config.toml");
-    expect(resp).toContain("sandbox_mode = \"danger-full-access\"");
-    expect(resp).toContain("preferred_auth_method = \"apikey\"");
+    expect(resp).toContain('sandbox_mode = "danger-full-access"');
+    expect(resp).toContain('preferred_auth_method = "apikey"');
    expect(resp).toContain("[custom_section]");
    expect(resp).toContain("[mcp_servers.Coder]");
  });
@@ -221,7 +221,7 @@ describe("codex", async () => {
      debug = true
      logging_level = "verbose"
    `.trim();
-    
+
    const additionalMCP = dedent`
      [mcp_servers.CustomTool]
      command = "/usr/local/bin/custom-tool"
@@ -235,7 +235,7 @@ describe("codex", async () => {
      type = "stdio"
      description = "Database query interface"
    `.trim();
-    
+
    const { id } = await setup({
      moduleVariables: {
        base_config_toml: baseConfig,
@@ -244,14 +244,14 @@ describe("codex", async () => {
    });
    await execModuleScript(id);
    const resp = await readFileContainer(id, "/home/coder/.codex/config.toml");
-    
+
    // Check base config
-    expect(resp).toContain("sandbox_mode = \"read-only\"");
-    expect(resp).toContain("preferred_auth_method = \"chatgpt\"");
-    expect(resp).toContain("custom_setting = \"test-value\"");
+    expect(resp).toContain('sandbox_mode = "read-only"');
+    expect(resp).toContain('preferred_auth_method = "chatgpt"');
+    expect(resp).toContain('custom_setting = "test-value"');
    expect(resp).toContain("[advanced_settings]");
-    expect(resp).toContain("logging_level = \"verbose\"");
-    
+    expect(resp).toContain('logging_level = "verbose"');
+
    // Check MCP servers
    expect(resp).toContain("[mcp_servers.Coder]");
    expect(resp).toContain("[mcp_servers.CustomTool]");
@@ -268,17 +268,17 @@ describe("codex", async () => {
    });
    await execModuleScript(id);
    const resp = await readFileContainer(id, "/home/coder/.codex/config.toml");
-    
+
    // Check default base config
-    expect(resp).toContain("sandbox_mode = \"workspace-write\"");
-    expect(resp).toContain("approval_policy = \"never\"");
+    expect(resp).toContain('sandbox_mode = "workspace-write"');
+    expect(resp).toContain('approval_policy = "never"');
    expect(resp).toContain("[sandbox_workspace_write]");
    expect(resp).toContain("network_access = true");
-    
+
    // Check only Coder MCP server is present
    expect(resp).toContain("[mcp_servers.Coder]");
    expect(resp).toContain("Report ALL tasks and statuses");
-    
+
    // Ensure no additional MCP servers
    const mcpServerCount = (resp.match(/\[mcp_servers\./g) || []).length;
    expect(mcpServerCount).toBe(1);
@@ -328,7 +328,10 @@ describe("codex", async () => {
      },
    });
    await execModuleScript(id_2);
-    const resp_2 = await readFileContainer(id_2, "/home/coder/.codex/AGENTS.md");
+    const resp_2 = await readFileContainer(
+      id_2,
+      "/home/coder/.codex/AGENTS.md",
+    );
    expect(resp_2).toContain(prompt_1);
    const count = (resp_2.match(new RegExp(prompt_1, "g")) || []).length;
    expect(count).toBe(1);
@@ -84,8 +84,8 @@ function install_codex() {
 }

 write_minimal_default_config() {
-    local config_path="$1"
-    cat << EOF > "$config_path"
+  local config_path="$1"
+  cat << EOF > "$config_path"
 # Minimal Default Codex Configuration
 sandbox_mode = "workspace-write"
 approval_policy = "never"
@@ -98,9 +98,9 @@ EOF
 }

 append_mcp_servers_section() {
-    local config_path="$1"
-    
-    cat << EOF >> "$config_path"
+  local config_path="$1"
+
+  cat << EOF >> "$config_path"

 # MCP Servers Configuration
 [mcp_servers.Coder]
@@ -112,32 +112,32 @@ type = "stdio"

 EOF

-    if [ -n "$ARG_ADDITIONAL_MCP_SERVERS" ]; then
-        printf "Adding additional MCP servers\n"
-        echo "$ARG_ADDITIONAL_MCP_SERVERS" >> "$config_path"
-    fi
+  if [ -n "$ARG_ADDITIONAL_MCP_SERVERS" ]; then
+    printf "Adding additional MCP servers\n"
+    echo "$ARG_ADDITIONAL_MCP_SERVERS" >> "$config_path"
+  fi
 }

 function populate_config_toml() {
-    CONFIG_PATH="$HOME/.codex/config.toml"
-    mkdir -p "$(dirname "$CONFIG_PATH")"
-    
-    if [ -n "$ARG_BASE_CONFIG_TOML" ]; then
-        printf "Using provided base configuration\n"
-        echo "$ARG_BASE_CONFIG_TOML" > "$CONFIG_PATH"
-    else
-        printf "Using minimal default configuration\n"
-        write_minimal_default_config "$CONFIG_PATH"
-    fi
-    
-    append_mcp_servers_section "$CONFIG_PATH"
+  CONFIG_PATH="$HOME/.codex/config.toml"
+  mkdir -p "$(dirname "$CONFIG_PATH")"
+
+  if [ -n "$ARG_BASE_CONFIG_TOML" ]; then
+    printf "Using provided base configuration\n"
+    echo "$ARG_BASE_CONFIG_TOML" > "$CONFIG_PATH"
+  else
+    printf "Using minimal default configuration\n"
+    write_minimal_default_config "$CONFIG_PATH"
+  fi
+
+  append_mcp_servers_section "$CONFIG_PATH"
 }

 function add_instruction_prompt_if_exists() {
  if [ -n "${ARG_CODEX_INSTRUCTION_PROMPT:-}" ]; then
    AGENTS_PATH="$HOME/.codex/AGENTS.md"
    printf "Creating AGENTS.md in .codex directory: %s\\n" "${AGENTS_PATH}"
-    
+
    mkdir -p "$HOME/.codex"

    if [ -f "${AGENTS_PATH}" ] && grep -Fq "${ARG_CODEX_INSTRUCTION_PROMPT}" "${AGENTS_PATH}"; then
@@ -146,7 +146,7 @@ function add_instruction_prompt_if_exists() {
      printf "Appending instruction prompt to AGENTS.md in .codex directory\n"
      echo -e "\n${ARG_CODEX_INSTRUCTION_PROMPT}" >> "${AGENTS_PATH}"
    fi
-    
+
    if [ ! -d "${ARG_CODEX_START_DIRECTORY}" ]; then
      printf "Creating start directory '%s'\\n" "${ARG_CODEX_START_DIRECTORY}"
      mkdir -p "${ARG_CODEX_START_DIRECTORY}" || {
@@ -55,8 +55,6 @@ if [ -n "$ARG_CODEX_MODEL" ]; then
  CODEX_ARGS+=("--model" "$ARG_CODEX_MODEL")
 fi

-
-
 if [ -n "$ARG_CODEX_TASK_PROMPT" ]; then
  printf "Running the task prompt %s\n" "$ARG_CODEX_TASK_PROMPT"
  PROMPT="Complete the task at hand in one go. Every step of the way, report your progress using coder_report_task tool with proper summary and statuses. Your task at hand: $ARG_CODEX_TASK_PROMPT"
@@ -65,7 +63,6 @@ else
  printf "No task prompt given.\n"
 fi

-
 # Terminal dimensions optimized for Coder Tasks UI sidebar:
 # - Width 67: fits comfortably in sidebar
 # - Height 1190: adjusted due to Codex terminal height bug
@@ -1,12 +1,22 @@
-import { afterEach, beforeAll, describe, expect, setDefaultTimeout, test } from "bun:test";
+import {
+  afterEach,
+  beforeAll,
+  describe,
+  expect,
+  setDefaultTimeout,
+  test,
+} from "bun:test";
 import { execContainer, runTerraformInit, writeFileContainer } from "~test";
 import {
  execModuleScript,
  expectAgentAPIStarted,
  loadTestFile,
-  setup as setupUtil
+  setup as setupUtil,
+} from "../../../coder/modules/agentapi/test-util";
+import {
+  setupContainer,
+  writeExecutable,
 } from "../../../coder/modules/agentapi/test-util";
-import { setupContainer, writeExecutable } from "../../../coder/modules/agentapi/test-util";

 let cleanupFns: (() => Promise<void>)[] = [];
 const registerCleanup = (fn: () => Promise<void>) => cleanupFns.push(fn);
@@ -72,11 +82,12 @@ describe("cursor-cli", async () => {
  });

  test("agentapi-mcp-json", async () => {
-    const mcpJson = '{"mcpServers": {"test": {"command": "test-cmd", "type": "stdio"}}}';
+    const mcpJson =
+      '{"mcpServers": {"test": {"command": "test-cmd", "type": "stdio"}}}';
    const { id } = await setup({
      moduleVariables: {
        mcp: mcpJson,
-      }
+      },
    });
    const resp = await execModuleScript(id);
    expect(resp.exitCode).toBe(0);
@@ -99,7 +110,7 @@ describe("cursor-cli", async () => {
    const { id } = await setup({
      moduleVariables: {
        rules_files: JSON.stringify({ "typescript.md": rulesContent }),
-      }
+      },
    });
    const resp = await execModuleScript(id);
    expect(resp.exitCode).toBe(0);
@@ -118,7 +129,7 @@ describe("cursor-cli", async () => {
    const { id } = await setup({
      moduleVariables: {
        api_key: apiKey,
-      }
+      },
    });
    const resp = await execModuleScript(id);
    expect(resp.exitCode).toBe(0);
@@ -138,7 +149,7 @@ describe("cursor-cli", async () => {
        model: model,
        force: "true",
        ai_prompt: "test prompt",
-      }
+      },
    });
    const resp = await execModuleScript(id);
    expect(resp.exitCode).toBe(0);
@@ -158,7 +169,7 @@ describe("cursor-cli", async () => {
      moduleVariables: {
        pre_install_script: "#!/bin/bash\necho 'cursor-pre-install-script'",
        post_install_script: "#!/bin/bash\necho 'cursor-post-install-script'",
-      }
+      },
    });
    const resp = await execModuleScript(id);
    expect(resp.exitCode).toBe(0);
@@ -183,7 +194,7 @@ describe("cursor-cli", async () => {
    const { id } = await setup({
      moduleVariables: {
        folder: folder,
-      }
+      },
    });
    const resp = await execModuleScript(id);
    expect(resp.exitCode).toBe(0);
@@ -205,8 +216,5 @@ describe("cursor-cli", async () => {
    expect(resp.exitCode).toBe(0);

    await expectAgentAPIStarted(id);
-  })
-
+  });
 });
-
-
@@ -58,7 +58,7 @@ fi

 if [ -n "$ARG_AI_PROMPT" ]; then
  printf "AI prompt provided\n"
-   ARGS+=("Complete the task at hand in one go. Every step of the way, report your progress using coder_report_task tool with proper summary and statuses. Your task at hand: $ARG_AI_PROMPT")
+  ARGS+=("Complete the task at hand in one go. Every step of the way, report your progress using coder_report_task tool with proper summary and statuses. Your task at hand: $ARG_AI_PROMPT")
 fi

 # Log and run in background, redirecting all output to the log file
@@ -9,6 +9,6 @@ fi
 set -e

 while true; do
-    echo "$(date) - cursor-agent-mock"
-    sleep 15
-done
+  echo "$(date) - cursor-agent-mock"
+  sleep 15
+done
@@ -13,7 +13,7 @@ Run [Gemini CLI](https://github.com/google-gemini/gemini-cli) in your workspace
 ```tf
 module "gemini" {
  source   = "registry.coder.com/coder-labs/gemini/coder"
-  version  = "1.1.0"
+  version  = "2.0.0"
  agent_id = coder_agent.example.id
  folder   = "/home/coder/project"
 }
@@ -30,7 +30,7 @@ module "gemini" {

 ## Prerequisites

- Node.js and npm will be installed automatically if not present
+- **Node.js and npm must be sourced/available before the gemini module installs** - ensure they are installed in your workspace image or via earlier provisioning steps
 - The [Coder Login](https://registry.coder.com/modules/coder/coder-login) module is required

 ## Examples
@@ -46,7 +46,7 @@ variable "gemini_api_key" {

 module "gemini" {
  source         = "registry.coder.com/coder-labs/gemini/coder"
-  version        = "1.1.0"
+  version        = "2.0.0"
  agent_id       = coder_agent.example.id
  gemini_api_key = var.gemini_api_key
  folder         = "/home/coder/project"
@@ -94,7 +94,7 @@ data "coder_parameter" "ai_prompt" {
 module "gemini" {
  count                = data.coder_workspace.me.start_count
  source               = "registry.coder.com/coder-labs/gemini/coder"
-  version              = "1.1.0"
+  version              = "2.0.0"
  agent_id             = coder_agent.example.id
  gemini_api_key       = var.gemini_api_key
  gemini_model         = "gemini-2.5-flash"
@@ -118,7 +118,7 @@ For enterprise users who prefer Google's Vertex AI platform:
 ```tf
 module "gemini" {
  source         = "registry.coder.com/coder-labs/gemini/coder"
-  version        = "1.1.0"
+  version        = "2.0.0"
  agent_id       = coder_agent.example.id
  gemini_api_key = var.gemini_api_key
  folder         = "/home/coder/project"
@@ -127,7 +127,10 @@ describe("gemini", async () => {
      },
    });
    await execModuleScript(id);
-    const resp = await readFileContainer(id, "/home/coder/.gemini/settings.json");
+    const resp = await readFileContainer(
+      id,
+      "/home/coder/.gemini/settings.json",
+    );
    expect(resp).toContain("foo");
    expect(resp).toContain("bar");
  });
@@ -141,7 +144,10 @@ describe("gemini", async () => {
    });
    await execModuleScript(id);

-    const resp = await readFileContainer(id, "/home/coder/.gemini-module/agentapi-start.log");
+    const resp = await readFileContainer(
+      id,
+      "/home/coder/.gemini-module/agentapi-start.log",
+    );
    expect(resp).toContain("Using direct Gemini API with API key");
  });

@@ -153,8 +159,11 @@ describe("gemini", async () => {
      },
    });
    await execModuleScript(id);
-    const resp = await readFileContainer(id, "/home/coder/.gemini-module/install.log");
-    expect(resp).toContain('GOOGLE_GENAI_USE_VERTEXAI=\'true\'');
+    const resp = await readFileContainer(
+      id,
+      "/home/coder/.gemini-module/agentapi-start.log",
+    );
+    expect(resp).toContain("GOOGLE_GENAI_USE_VERTEXAI='true'");
  });

  test("gemini-model", async () => {
@@ -166,7 +175,10 @@ describe("gemini", async () => {
      },
    });
    await execModuleScript(id);
-    const resp = await readFileContainer(id, "/home/coder/.gemini-module/install.log");
+    const resp = await readFileContainer(
+      id,
+      "/home/coder/.gemini-module/agentapi-start.log",
+    );
    expect(resp).toContain(model);
  });

@@ -178,9 +190,15 @@ describe("gemini", async () => {
      },
    });
    await execModuleScript(id);
-    const preInstallLog = await readFileContainer(id, "/home/coder/.gemini-module/pre_install.log");
+    const preInstallLog = await readFileContainer(
+      id,
+      "/home/coder/.gemini-module/pre_install.log",
+    );
    expect(preInstallLog).toContain("pre-install-script");
-    const postInstallLog = await readFileContainer(id, "/home/coder/.gemini-module/post_install.log");
+    const postInstallLog = await readFileContainer(
+      id,
+      "/home/coder/.gemini-module/post_install.log",
+    );
    expect(postInstallLog).toContain("post-install-script");
  });

@@ -193,7 +211,10 @@ describe("gemini", async () => {
      },
    });
    await execModuleScript(id);
-    const resp = await readFileContainer(id, "/home/coder/.gemini-module/install.log");
+    const resp = await readFileContainer(
+      id,
+      "/home/coder/.gemini-module/agentapi-start.log",
+    );
    expect(resp).toContain(folder);
  });

@@ -205,7 +226,10 @@ describe("gemini", async () => {
      },
    });
    await execModuleScript(id);
-    const resp = await readFileContainer(id, "/home/coder/.gemini/settings.json");
+    const resp = await readFileContainer(
+      id,
+      "/home/coder/.gemini/settings.json",
+    );
    expect(resp).toContain("custom");
    expect(resp).toContain("enabled");
  });
@@ -232,14 +256,21 @@ describe("gemini", async () => {
    await execModuleScript(id, {
      GEMINI_TASK_PROMPT: taskPrompt,
    });
-    const resp = await readFileContainer(id, "/home/coder/.gemini-module/agentapi-start.log");
+    const resp = await readFileContainer(
+      id,
+      "/home/coder/.gemini-module/agentapi-start.log",
+    );
    expect(resp).toContain("Running automated task:");
  });

  test("start-without-prompt", async () => {
    const { id } = await setup();
    await execModuleScript(id);
-    const prompt = await execContainer(id, ["ls", "-l", "/home/coder/GEMINI.md"]);
+    const prompt = await execContainer(id, [
+      "ls",
+      "-l",
+      "/home/coder/GEMINI.md",
+    ]);
    expect(prompt.exitCode).not.toBe(0);
    expect(prompt.stderr).toContain("No such file or directory");
  });
@@ -1,9 +1,9 @@
 #!/bin/bash

 BOLD='\033[0;1m'
-
+source "$HOME"/.bashrc
 command_exists() {
-    command -v "$1" >/dev/null 2>&1
+  command -v "$1" > /dev/null 2>&1
 }

 set -o nounset
@@ -21,144 +21,132 @@ echo "--------------------------------"

 set +o nounset

-function install_node() {
-    if ! command_exists npm; then
-      printf "npm not found, checking for Node.js installation...\n"
-      if ! command_exists node; then
-        printf "Node.js not found, installing Node.js via NVM...\n"
-        export NVM_DIR="$HOME/.nvm"
-        if [ ! -d "$NVM_DIR" ]; then
-          mkdir -p "$NVM_DIR"
-          curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
-          [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
-        else
-          [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
-        fi
+function check_dependencies() {
+  if ! command_exists node; then
+    printf "Error: Node.js is not installed. Please install Node.js manually or use the pre_install_script to install it.\n"
+    exit 1
+  fi

-        nvm install --lts
-        nvm use --lts
-        nvm alias default node
+  if ! command_exists npm; then
+    printf "Error: npm is not installed. Please install npm manually or use the pre_install_script to install it.\n"
+    exit 1
+  fi

-        printf "Node.js installed: %s\n" "$(node --version)"
-        printf "npm installed: %s\n" "$(npm --version)"
-      else
-        printf "Node.js is installed but npm is not available. Please install npm manually.\n"
-        exit 1
-      fi
-    fi
+  printf "Node.js version: %s\n" "$(node --version)"
+  printf "npm version: %s\n" "$(npm --version)"
 }

 function install_gemini() {
  if [ "${ARG_INSTALL}" = "true" ]; then
-    install_node
-
-  if ! command_exists nvm; then
-      printf "which node: %s\n" "$(which node)"
-      printf "which npm: %s\n" "$(which npm)"
-
-      mkdir -p "$HOME"/.npm-global
-      npm config set prefix "$HOME/.npm-global"
-      export PATH="$HOME/.npm-global/bin:$PATH"
-      if ! grep -q "export PATH=$HOME/.npm-global/bin:\$PATH" ~/.bashrc; then
-          echo "export PATH=$HOME/.npm-global/bin:\$PATH" >> ~/.bashrc
-      fi
-    fi
+    check_dependencies

    printf "%s Installing Gemini CLI\n" "${BOLD}"

+    NPM_GLOBAL_PREFIX="${HOME}/.npm-global"
+    if [ ! -d "$NPM_GLOBAL_PREFIX" ]; then
+      mkdir -p "$NPM_GLOBAL_PREFIX"
+    fi
+
+    npm config set prefix "$NPM_GLOBAL_PREFIX"
+
+    export PATH="$NPM_GLOBAL_PREFIX/bin:$PATH"
+
    if [ -n "$ARG_GEMINI_VERSION" ]; then
      npm install -g "@google/gemini-cli@$ARG_GEMINI_VERSION"
    else
      npm install -g "@google/gemini-cli"
    fi
+
+    if ! grep -q "export PATH=\"\$HOME/.npm-global/bin:\$PATH\"" "$HOME/.bashrc"; then
+      echo 'export PATH="$HOME/.npm-global/bin:$PATH"' >> "$HOME/.bashrc"
+    fi
+
    printf "%s Successfully installed Gemini CLI. Version: %s\n" "${BOLD}" "$(gemini --version)"
  fi
 }

 function populate_settings_json() {
-    if [ "${ARG_GEMINI_CONFIG}" != "" ]; then
-      SETTINGS_PATH="$HOME/.gemini/settings.json"
-      mkdir -p "$(dirname "$SETTINGS_PATH")"
-      printf "Custom gemini_config is provided !\n"
-      echo "${ARG_GEMINI_CONFIG}" > "$HOME/.gemini/settings.json"
-    else
-      printf "No custom gemini_config provided, using default settings.json.\n"
-      append_extensions_to_settings_json
-    fi
+  if [ "${ARG_GEMINI_CONFIG}" != "" ]; then
+    SETTINGS_PATH="$HOME/.gemini/settings.json"
+    mkdir -p "$(dirname "$SETTINGS_PATH")"
+    printf "Custom gemini_config is provided !\n"
+    echo "${ARG_GEMINI_CONFIG}" > "$HOME/.gemini/settings.json"
+  else
+    printf "No custom gemini_config provided, using default settings.json.\n"
+    append_extensions_to_settings_json
+  fi
 }

 function append_extensions_to_settings_json() {
-    SETTINGS_PATH="$HOME/.gemini/settings.json"
-    mkdir -p "$(dirname "$SETTINGS_PATH")"
-    printf "[append_extensions_to_settings_json] Starting extension merge process...\n"
-    if [ -z "${BASE_EXTENSIONS:-}" ]; then
-      printf "[append_extensions_to_settings_json] BASE_EXTENSIONS is empty, skipping merge.\n"
-      return
-    fi
-    if [ ! -f "$SETTINGS_PATH" ]; then
-      printf "%s does not exist. Creating with merged mcpServers structure.\n" "$SETTINGS_PATH"
-      ADD_EXT_JSON='{}'
-      if [ -n "${ADDITIONAL_EXTENSIONS:-}" ]; then
-        ADD_EXT_JSON="$ADDITIONAL_EXTENSIONS"
-      fi
-      printf '{"mcpServers":%s}\n' "$(jq -s 'add' <(echo "$BASE_EXTENSIONS") <(echo "$ADD_EXT_JSON"))" > "$SETTINGS_PATH"
-    fi
-
-    TMP_SETTINGS=$(mktemp)
+  SETTINGS_PATH="$HOME/.gemini/settings.json"
+  mkdir -p "$(dirname "$SETTINGS_PATH")"
+  printf "[append_extensions_to_settings_json] Starting extension merge process...\n"
+  if [ -z "${BASE_EXTENSIONS:-}" ]; then
+    printf "[append_extensions_to_settings_json] BASE_EXTENSIONS is empty, skipping merge.\n"
+    return
+  fi
+  if [ ! -f "$SETTINGS_PATH" ]; then
+    printf "%s does not exist. Creating with merged mcpServers structure.\n" "$SETTINGS_PATH"
    ADD_EXT_JSON='{}'
    if [ -n "${ADDITIONAL_EXTENSIONS:-}" ]; then
-      printf "[append_extensions_to_settings_json] ADDITIONAL_EXTENSIONS is set.\n"
      ADD_EXT_JSON="$ADDITIONAL_EXTENSIONS"
-    else
-      printf "[append_extensions_to_settings_json] ADDITIONAL_EXTENSIONS is empty or not set.\n"
    fi
+    printf '{"mcpServers":%s}\n' "$(jq -s 'add' <(echo "$BASE_EXTENSIONS") <(echo "$ADD_EXT_JSON"))" > "$SETTINGS_PATH"
+  fi

-    printf "[append_extensions_to_settings_json] Merging BASE_EXTENSIONS and ADDITIONAL_EXTENSIONS into mcpServers...\n"
-    jq --argjson base "$BASE_EXTENSIONS" --argjson add "$ADD_EXT_JSON" \
-      '.mcpServers = (.mcpServers // {} + $base + $add)' \
-      "$SETTINGS_PATH" > "$TMP_SETTINGS" && mv "$TMP_SETTINGS" "$SETTINGS_PATH"
+  TMP_SETTINGS=$(mktemp)
+  ADD_EXT_JSON='{}'
+  if [ -n "${ADDITIONAL_EXTENSIONS:-}" ]; then
+    printf "[append_extensions_to_settings_json] ADDITIONAL_EXTENSIONS is set.\n"
+    ADD_EXT_JSON="$ADDITIONAL_EXTENSIONS"
+  else
+    printf "[append_extensions_to_settings_json] ADDITIONAL_EXTENSIONS is empty or not set.\n"
+  fi

-    jq '.theme = "Default" | .selectedAuthType = "gemini-api-key"' "$SETTINGS_PATH" > "$TMP_SETTINGS" && mv "$TMP_SETTINGS" "$SETTINGS_PATH"
+  printf "[append_extensions_to_settings_json] Merging BASE_EXTENSIONS and ADDITIONAL_EXTENSIONS into mcpServers...\n"
+  jq --argjson base "$BASE_EXTENSIONS" --argjson add "$ADD_EXT_JSON" \
+    '.mcpServers = (.mcpServers // {} + $base + $add)' \
+    "$SETTINGS_PATH" > "$TMP_SETTINGS" && mv "$TMP_SETTINGS" "$SETTINGS_PATH"

-    printf "[append_extensions_to_settings_json] Merge complete.\n"
+  jq '.theme = "Default" | .selectedAuthType = "gemini-api-key"' "$SETTINGS_PATH" > "$TMP_SETTINGS" && mv "$TMP_SETTINGS" "$SETTINGS_PATH"
+
+  printf "[append_extensions_to_settings_json] Merge complete.\n"
 }

 function add_system_prompt_if_exists() {
-    if [ -n "${GEMINI_SYSTEM_PROMPT:-}" ]; then
-        if [ -d "${GEMINI_START_DIRECTORY}" ]; then
-            printf "Directory '%s' exists. Changing to it.\\n" "${GEMINI_START_DIRECTORY}"
-            cd "${GEMINI_START_DIRECTORY}" || {
-                printf "Error: Could not change to directory '%s'.\\n" "${GEMINI_START_DIRECTORY}"
-                exit 1
-            }
-        else
-            printf "Directory '%s' does not exist. Creating and changing to it.\\n" "${GEMINI_START_DIRECTORY}"
-            mkdir -p "${GEMINI_START_DIRECTORY}" || {
-                printf "Error: Could not create directory '%s'.\\n" "${GEMINI_START_DIRECTORY}"
-                exit 1
-            }
-            cd "${GEMINI_START_DIRECTORY}" || {
-                printf "Error: Could not change to directory '%s'.\\n" "${GEMINI_START_DIRECTORY}"
-                exit 1
-            }
-        fi
-        touch GEMINI.md
-        printf "Setting GEMINI.md\n"
-        echo "${GEMINI_SYSTEM_PROMPT}" > GEMINI.md
+  if [ -n "${GEMINI_SYSTEM_PROMPT:-}" ]; then
+    if [ -d "${GEMINI_START_DIRECTORY}" ]; then
+      printf "Directory '%s' exists. Changing to it.\\n" "${GEMINI_START_DIRECTORY}"
+      cd "${GEMINI_START_DIRECTORY}" || {
+        printf "Error: Could not change to directory '%s'.\\n" "${GEMINI_START_DIRECTORY}"
+        exit 1
+      }
    else
-        printf "GEMINI.md is not set.\n"
+      printf "Directory '%s' does not exist. Creating and changing to it.\\n" "${GEMINI_START_DIRECTORY}"
+      mkdir -p "${GEMINI_START_DIRECTORY}" || {
+        printf "Error: Could not create directory '%s'.\\n" "${GEMINI_START_DIRECTORY}"
+        exit 1
+      }
+      cd "${GEMINI_START_DIRECTORY}" || {
+        printf "Error: Could not change to directory '%s'.\\n" "${GEMINI_START_DIRECTORY}"
+        exit 1
+      }
    fi
+    touch GEMINI.md
+    printf "Setting GEMINI.md\n"
+    echo "${GEMINI_SYSTEM_PROMPT}" > GEMINI.md
+  else
+    printf "GEMINI.md is not set.\n"
+  fi
 }

 function configure_mcp() {
-    export CODER_MCP_APP_STATUS_SLUG="gemini"
-    export CODER_MCP_AI_AGENTAPI_URL="http://localhost:3284"
-    coder exp mcp configure gemini "${GEMINI_START_DIRECTORY}"
+  export CODER_MCP_APP_STATUS_SLUG="gemini"
+  export CODER_MCP_AI_AGENTAPI_URL="http://localhost:3284"
+  coder exp mcp configure gemini "${GEMINI_START_DIRECTORY}"
 }

 install_gemini
-gemini --version
 populate_settings_json
 add_system_prompt_if_exists
 configure_mcp
-
@@ -5,7 +5,7 @@ set -o pipefail
 source "$HOME"/.bashrc

 command_exists() {
-    command -v "$1" >/dev/null 2>&1
+  command -v "$1" > /dev/null 2>&1
 }

 if [ -f "$HOME/.nvm/nvm.sh" ]; then
@@ -20,55 +20,55 @@ MODULE_DIR="$HOME/.gemini-module"
 mkdir -p "$MODULE_DIR"

 if command_exists gemini; then
-    printf "Gemini is installed\n"
+  printf "Gemini is installed\n"
 else
-    printf "Error: Gemini is not installed. Please enable install_gemini or install it manually :)\n"
-    exit 1
+  printf "Error: Gemini is not installed. Please enable install_gemini or install it manually :)\n"
+  exit 1
 fi

 if [ -d "${GEMINI_START_DIRECTORY}" ]; then
-    printf "Directory '%s' exists. Changing to it.\\n" "${GEMINI_START_DIRECTORY}"
-    cd "${GEMINI_START_DIRECTORY}" || {
-        printf "Error: Could not change to directory '%s'.\\n" "${GEMINI_START_DIRECTORY}"
-        exit 1
-    }
+  printf "Directory '%s' exists. Changing to it.\\n" "${GEMINI_START_DIRECTORY}"
+  cd "${GEMINI_START_DIRECTORY}" || {
+    printf "Error: Could not change to directory '%s'.\\n" "${GEMINI_START_DIRECTORY}"
+    exit 1
+  }
 else
-    printf "Directory '%s' does not exist. Creating and changing to it.\\n" "${GEMINI_START_DIRECTORY}"
-    mkdir -p "${GEMINI_START_DIRECTORY}" || {
-        printf "Error: Could not create directory '%s'.\\n" "${GEMINI_START_DIRECTORY}"
-        exit 1
-    }
-    cd "${GEMINI_START_DIRECTORY}" || {
-        printf "Error: Could not change to directory '%s'.\\n" "${GEMINI_START_DIRECTORY}"
-        exit 1
-    }
+  printf "Directory '%s' does not exist. Creating and changing to it.\\n" "${GEMINI_START_DIRECTORY}"
+  mkdir -p "${GEMINI_START_DIRECTORY}" || {
+    printf "Error: Could not create directory '%s'.\\n" "${GEMINI_START_DIRECTORY}"
+    exit 1
+  }
+  cd "${GEMINI_START_DIRECTORY}" || {
+    printf "Error: Could not change to directory '%s'.\\n" "${GEMINI_START_DIRECTORY}"
+    exit 1
+  }
 fi

 if [ -n "$GEMINI_TASK_PROMPT" ]; then
-    printf "Running automated task: %s\n" "$GEMINI_TASK_PROMPT"
-    PROMPT="Every step of the way, report tasks to Coder with proper descriptions and statuses. Your task at hand: $GEMINI_TASK_PROMPT"
-    PROMPT_FILE="$MODULE_DIR/prompt.txt"
-    echo -n "$PROMPT" >"$PROMPT_FILE"
-    GEMINI_ARGS=(--prompt-interactive "$PROMPT")
+  printf "Running automated task: %s\n" "$GEMINI_TASK_PROMPT"
+  PROMPT="Every step of the way, report tasks to Coder with proper descriptions and statuses. Your task at hand: $GEMINI_TASK_PROMPT"
+  PROMPT_FILE="$MODULE_DIR/prompt.txt"
+  echo -n "$PROMPT" > "$PROMPT_FILE"
+  GEMINI_ARGS=(--prompt-interactive "$PROMPT")
 else
-    printf "Starting Gemini CLI in interactive mode.\n"
-    GEMINI_ARGS=()
+  printf "Starting Gemini CLI in interactive mode.\n"
+  GEMINI_ARGS=()
 fi

 if [ -n "$GEMINI_YOLO_MODE" ] && [ "$GEMINI_YOLO_MODE" = "true" ]; then
-    printf "YOLO mode enabled - will auto-approve all tool calls\n"
-    GEMINI_ARGS+=(--yolo)
+  printf "YOLO mode enabled - will auto-approve all tool calls\n"
+  GEMINI_ARGS+=(--yolo)
 fi

 if [ -n "$GEMINI_API_KEY" ] || [ -n "$GOOGLE_API_KEY" ]; then
-    if [ -n "$GOOGLE_GENAI_USE_VERTEXAI" ] && [ "$GOOGLE_GENAI_USE_VERTEXAI" = "true" ]; then
-        printf "Using Vertex AI with API key\n"
-    else
-        printf "Using direct Gemini API with API key\n"
-    fi
+  if [ -n "$GOOGLE_GENAI_USE_VERTEXAI" ] && [ "$GOOGLE_GENAI_USE_VERTEXAI" = "true" ]; then
+    printf "Using Vertex AI with API key\n"
+  else
+    printf "Using direct Gemini API with API key\n"
+  fi
 else
-    printf "No API key provided (neither GEMINI_API_KEY nor GOOGLE_API_KEY)\n"
+  printf "No API key provided (neither GEMINI_API_KEY nor GOOGLE_API_KEY)\n"
 fi

 agentapi server --term-width 67 --term-height 1190 -- \
-    bash -c "$(printf '%q ' gemini "${GEMINI_ARGS[@]}")"
+  bash -c "$(printf '%q ' gemini "${GEMINI_ARGS[@]}")"
@@ -1,18 +1,18 @@
 FROM ubuntu

 RUN apt-get update \
-	&& apt-get install -y \
-	curl \
-	git \
-	golang \
-	sudo \
-	vim \
-	wget \
-	&& rm -rf /var/lib/apt/lists/*
+ && apt-get install -y \
+  curl \
+  git \
+  golang \
+  sudo \
+  vim \
+  wget \
+ && rm -rf /var/lib/apt/lists/*

 ARG USER=coder
 RUN useradd --groups sudo --no-create-home --shell /bin/bash ${USER} \
-	&& echo "${USER} ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/${USER} \
-	&& chmod 0440 /etc/sudoers.d/${USER}
+ && echo "${USER} ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/${USER} \
+ && chmod 0440 /etc/sudoers.d/${USER}
 USER ${USER}
 WORKDIR /home/${USER}
@@ -0,0 +1,16 @@
+---
+display_name: Externally Managed Workspace
+description: A template to provision externally managed resources as Coder workspaces
+icon: ../../../../.icons/electric-plug-emoji.svg
+verified: true
+tags: [external]
+---
+
+# Externally Managed Workspace Template
+
+> [!IMPORTANT]
+> External agents require a [Premium](https://coder.com/pricing) Coder license.
+
+This template provides a minimal scaffolding for creating Coder workspaces that connect to externally provisioned compute resources.
+
+Use this template as a starting point to build your own custom templates for scenarios where you need to connect to existing infrastructure.
@@ -0,0 +1,74 @@
+terraform {
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+      version = ">= 2.10"
+    }
+  }
+}
+
+data "coder_parameter" "agent_config" {
+  name         = "agent_config"
+  display_name = "Agent Configuration"
+  description  = "Select the operating system and architecture combination for the agent"
+  type         = "string"
+  default      = "linux-amd64"
+
+  option {
+    name  = "Linux AMD64"
+    value = "linux-amd64"
+  }
+  option {
+    name  = "Linux ARM64"
+    value = "linux-arm64"
+  }
+  option {
+    name  = "Linux ARMv7"
+    value = "linux-armv7"
+  }
+  option {
+    name  = "Windows AMD64"
+    value = "windows-amd64"
+  }
+  option {
+    name  = "Windows ARM64"
+    value = "windows-arm64"
+  }
+  option {
+    name  = "macOS AMD64"
+    value = "darwin-amd64"
+  }
+  option {
+    name  = "macOS ARM64 (Apple Silicon)"
+    value = "darwin-arm64"
+  }
+}
+
+data "coder_workspace" "me" {}
+
+locals {
+  agent_config = split("-", data.coder_parameter.agent_config.value)
+  agent_os     = local.agent_config[0]
+  agent_arch   = local.agent_config[1]
+}
+
+resource "coder_agent" "main" {
+  arch = local.agent_arch
+  os   = local.agent_os
+}
+
+resource "coder_external_agent" "main" {
+  agent_id = coder_agent.main.id
+}
+
+# Adds code-server
+# See all available modules at https://registry.coder.com/modules
+module "code-server" {
+  count  = data.coder_workspace.me.start_count
+  source = "registry.coder.com/coder/code-server/coder"
+
+  # This ensures that the latest non-breaking version of the module gets downloaded, you can also pin the module version to prevent breaking changes in production.
+  version = "~> 1.0"
+
+  agent_id = coder_agent.main.id
+}
@@ -164,7 +164,9 @@ describe("agentapi", async () => {
      id,
      "/home/coder/test-agentapi-start.log",
    );
-    expect(agentApiStartLog).toContain("Using AGENTAPI_CHAT_BASE_PATH: /@default/default.foo/apps/agentapi-web/chat");
+    expect(agentApiStartLog).toContain(
+      "Using AGENTAPI_CHAT_BASE_PATH: /@default/default.foo/apps/agentapi-web/chat",
+    );
  });

  test("validate-agentapi-version", async () => {
@@ -186,14 +188,16 @@ describe("agentapi", async () => {
          agentapi_version: "v0.0.1",
          agentapi_subdomain: "false",
        },
-        shouldThrow: "Running with subdomain = false is only supported by agentapi >= v0.3.3.",
+        shouldThrow:
+          "Running with subdomain = false is only supported by agentapi >= v0.3.3.",
      },
      {
        moduleVariables: {
          agentapi_version: "v0.3.2",
          agentapi_subdomain: "false",
        },
-        shouldThrow: "Running with subdomain = false is only supported by agentapi >= v0.3.3.",
+        shouldThrow:
+          "Running with subdomain = false is only supported by agentapi >= v0.3.3.",
      },
      {
        moduleVariables: {
@@ -226,13 +230,17 @@ describe("agentapi", async () => {
          agentapi_version: "arbitrary-string-bypasses-validation",
        },
        shouldThrow: "",
-      }
+      },
    ];
    for (const { moduleVariables, shouldThrow } of cases) {
      if (shouldThrow) {
-        expect(setup({ moduleVariables: moduleVariables as Record<string, string> })).rejects.toThrow(shouldThrow);
+        expect(
+          setup({ moduleVariables: moduleVariables as Record<string, string> }),
+        ).rejects.toThrow(shouldThrow);
      } else {
-        expect(setup({ moduleVariables: moduleVariables as Record<string, string> })).resolves.toBeDefined();
+        expect(
+          setup({ moduleVariables: moduleVariables as Record<string, string> }),
+        ).resolves.toBeDefined();
      }
    }
  });
@@ -11,22 +11,22 @@ agentapi_started=false

 echo "Waiting for agentapi server to start on port $port..."
 for i in $(seq 1 150); do
-    for j in $(seq 1 3); do
-        sleep 0.1
-        if curl -fs -o /dev/null "http://localhost:$port/status"; then
-            echo "agentapi response received ($j/3)"
-        else
-            echo "agentapi server not responding ($i/15)"
-            continue 2
-        fi
-    done
-    agentapi_started=true
-    break
+  for j in $(seq 1 3); do
+    sleep 0.1
+    if curl -fs -o /dev/null "http://localhost:$port/status"; then
+      echo "agentapi response received ($j/3)"
+    else
+      echo "agentapi server not responding ($i/15)"
+      continue 2
+    fi
+  done
+  agentapi_started=true
+  break
 done

 if [ "$agentapi_started" != "true" ]; then
-    echo "Error: agentapi server did not start on port $port after 15 seconds."
-    exit 1
+  echo "Error: agentapi server did not start on port $port after 15 seconds."
+  exit 1
 fi

 echo "agentapi server started on port $port."
@@ -17,76 +17,76 @@ AGENTAPI_CHAT_BASE_PATH="${ARG_AGENTAPI_CHAT_BASE_PATH:-}"
 set +o nounset

 command_exists() {
-    command -v "$1" >/dev/null 2>&1
+  command -v "$1" > /dev/null 2>&1
 }

 module_path="$HOME/${MODULE_DIR_NAME}"
 mkdir -p "$module_path/scripts"

 if [ ! -d "${WORKDIR}" ]; then
-    echo "Warning: The specified folder '${WORKDIR}' does not exist."
-    echo "Creating the folder..."
-    mkdir -p "${WORKDIR}"
-    echo "Folder created successfully."
+  echo "Warning: The specified folder '${WORKDIR}' does not exist."
+  echo "Creating the folder..."
+  mkdir -p "${WORKDIR}"
+  echo "Folder created successfully."
 fi
 if [ -n "${PRE_INSTALL_SCRIPT}" ]; then
-    echo "Running pre-install script..."
-    echo -n "${PRE_INSTALL_SCRIPT}" >"$module_path/pre_install.sh"
-    chmod +x "$module_path/pre_install.sh"
-    "$module_path/pre_install.sh" 2>&1 | tee "$module_path/pre_install.log"
+  echo "Running pre-install script..."
+  echo -n "${PRE_INSTALL_SCRIPT}" > "$module_path/pre_install.sh"
+  chmod +x "$module_path/pre_install.sh"
+  "$module_path/pre_install.sh" 2>&1 | tee "$module_path/pre_install.log"
 fi

 echo "Running install script..."
-echo -n "${INSTALL_SCRIPT}" >"$module_path/install.sh"
+echo -n "${INSTALL_SCRIPT}" > "$module_path/install.sh"
 chmod +x "$module_path/install.sh"
 "$module_path/install.sh" 2>&1 | tee "$module_path/install.log"

 # Install AgentAPI if enabled
 if [ "${INSTALL_AGENTAPI}" = "true" ]; then
-    echo "Installing AgentAPI..."
-    arch=$(uname -m)
-    if [ "$arch" = "x86_64" ]; then
-        binary_name="agentapi-linux-amd64"
-    elif [ "$arch" = "aarch64" ]; then
-        binary_name="agentapi-linux-arm64"
-    else
-        echo "Error: Unsupported architecture: $arch"
-        exit 1
-    fi
-    if [ "${AGENTAPI_VERSION}" = "latest" ]; then
-        # for the latest release the download URL pattern is different than for tagged releases
-        # https://docs.github.com/en/repositories/releasing-projects-on-github/linking-to-releases
-        download_url="https://github.com/coder/agentapi/releases/latest/download/$binary_name"
-    else
-        download_url="https://github.com/coder/agentapi/releases/download/${AGENTAPI_VERSION}/$binary_name"
-    fi
-    curl \
-        --retry 5 \
-        --retry-delay 5 \
-        --fail \
-        --retry-all-errors \
-        -L \
-        -C - \
-        -o agentapi \
-        "$download_url"
-    chmod +x agentapi
-    sudo mv agentapi /usr/local/bin/agentapi
+  echo "Installing AgentAPI..."
+  arch=$(uname -m)
+  if [ "$arch" = "x86_64" ]; then
+    binary_name="agentapi-linux-amd64"
+  elif [ "$arch" = "aarch64" ]; then
+    binary_name="agentapi-linux-arm64"
+  else
+    echo "Error: Unsupported architecture: $arch"
+    exit 1
+  fi
+  if [ "${AGENTAPI_VERSION}" = "latest" ]; then
+    # for the latest release the download URL pattern is different than for tagged releases
+    # https://docs.github.com/en/repositories/releasing-projects-on-github/linking-to-releases
+    download_url="https://github.com/coder/agentapi/releases/latest/download/$binary_name"
+  else
+    download_url="https://github.com/coder/agentapi/releases/download/${AGENTAPI_VERSION}/$binary_name"
+  fi
+  curl \
+    --retry 5 \
+    --retry-delay 5 \
+    --fail \
+    --retry-all-errors \
+    -L \
+    -C - \
+    -o agentapi \
+    "$download_url"
+  chmod +x agentapi
+  sudo mv agentapi /usr/local/bin/agentapi
 fi
 if ! command_exists agentapi; then
-    echo "Error: AgentAPI is not installed. Please enable install_agentapi or install it manually."
-    exit 1
+  echo "Error: AgentAPI is not installed. Please enable install_agentapi or install it manually."
+  exit 1
 fi

-echo -n "${START_SCRIPT}" >"$module_path/scripts/agentapi-start.sh"
-echo -n "${WAIT_FOR_START_SCRIPT}" >"$module_path/scripts/agentapi-wait-for-start.sh"
+echo -n "${START_SCRIPT}" > "$module_path/scripts/agentapi-start.sh"
+echo -n "${WAIT_FOR_START_SCRIPT}" > "$module_path/scripts/agentapi-wait-for-start.sh"
 chmod +x "$module_path/scripts/agentapi-start.sh"
 chmod +x "$module_path/scripts/agentapi-wait-for-start.sh"

 if [ -n "${POST_INSTALL_SCRIPT}" ]; then
-    echo "Running post-install script..."
-    echo -n "${POST_INSTALL_SCRIPT}" >"$module_path/post_install.sh"
-    chmod +x "$module_path/post_install.sh"
-    "$module_path/post_install.sh" 2>&1 | tee "$module_path/post_install.log"
+  echo "Running post-install script..."
+  echo -n "${POST_INSTALL_SCRIPT}" > "$module_path/post_install.sh"
+  chmod +x "$module_path/post_install.sh"
+  "$module_path/post_install.sh" 2>&1 | tee "$module_path/post_install.log"
 fi

 export LANG=en_US.UTF-8
@@ -97,5 +97,5 @@ cd "${WORKDIR}"
 export AGENTAPI_CHAT_BASE_PATH="${AGENTAPI_CHAT_BASE_PATH:-}"
 # Disable host header check since AgentAPI is proxied by Coder (which does its own validation)
 export AGENTAPI_ALLOWED_HOSTS="*"
-nohup "$module_path/scripts/agentapi-start.sh" true "${AGENTAPI_PORT}" &>"$module_path/agentapi-start.log" &
+nohup "$module_path/scripts/agentapi-start.sh" true "${AGENTAPI_PORT}" &> "$module_path/agentapi-start.log" &
 "$module_path/scripts/agentapi-wait-for-start.sh" "${AGENTAPI_PORT}"
@@ -25,14 +25,20 @@ export const setupContainer = async ({
  const coderScript = findResourceInstance(state, "coder_script");
  const id = await runContainer(image ?? "codercom/enterprise-node:latest");
  return {
-    id, coderScript, cleanup: async () => {
-      if (process.env["DEBUG"] === "true" || process.env["DEBUG"] === "1" || process.env["DEBUG"] === "yes") {
+    id,
+    coderScript,
+    cleanup: async () => {
+      if (
+        process.env["DEBUG"] === "true" ||
+        process.env["DEBUG"] === "1" ||
+        process.env["DEBUG"] === "yes"
+      ) {
        console.log(`Not removing container ${id} in debug mode`);
        console.log(`Run "docker rm -f ${id}" to remove it manually.`);
      } else {
        await removeContainer(id);
      }
-    }
+    },
  };
 };

@@ -7,7 +7,10 @@ const portIdx = args.findIndex((arg) => arg === "--port") + 1;
 const port = portIdx ? args[portIdx] : 3284;

 console.log(`starting server on port ${port}`);
-fs.writeFileSync("/home/coder/agentapi-mock.log", `AGENTAPI_ALLOWED_HOSTS: ${process.env.AGENTAPI_ALLOWED_HOSTS}`);
+fs.writeFileSync(
+  "/home/coder/agentapi-mock.log",
+  `AGENTAPI_ALLOWED_HOSTS: ${process.env.AGENTAPI_ALLOWED_HOSTS}`,
+);

 http
  .createServer(function (_request, response) {
@@ -8,15 +8,15 @@ port=${2:-3284}
 module_path="$HOME/.agentapi-module"
 log_file_path="$module_path/agentapi.log"

-echo "using prompt: $use_prompt" >>/home/coder/test-agentapi-start.log
-echo "using port: $port" >>/home/coder/test-agentapi-start.log
+echo "using prompt: $use_prompt" >> /home/coder/test-agentapi-start.log
+echo "using port: $port" >> /home/coder/test-agentapi-start.log

 AGENTAPI_CHAT_BASE_PATH="${AGENTAPI_CHAT_BASE_PATH:-}"
 if [ -n "$AGENTAPI_CHAT_BASE_PATH" ]; then
-    echo "Using AGENTAPI_CHAT_BASE_PATH: $AGENTAPI_CHAT_BASE_PATH" >>/home/coder/test-agentapi-start.log
-    export AGENTAPI_CHAT_BASE_PATH
+  echo "Using AGENTAPI_CHAT_BASE_PATH: $AGENTAPI_CHAT_BASE_PATH" >> /home/coder/test-agentapi-start.log
+  export AGENTAPI_CHAT_BASE_PATH
 fi

 agentapi server --port "$port" --term-width 67 --term-height 1190 -- \
-    bash -c aiagent \
-    >"$log_file_path" 2>&1
+  bash -c aiagent \
+  > "$log_file_path" 2>&1
@@ -13,7 +13,7 @@ Run the [Claude Code](https://docs.anthropic.com/en/docs/agents-and-tools/claude
 ```tf
 module "claude-code" {
  source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "2.1.0"
+  version             = "2.2.0"
  agent_id            = coder_agent.example.id
  folder              = "/home/coder"
  install_claude_code = true
@@ -83,7 +83,7 @@ resource "coder_agent" "main" {
 module "claude-code" {
  count               = data.coder_workspace.me.start_count
  source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "2.1.0"
+  version             = "2.2.0"
  agent_id            = coder_agent.example.id
  folder              = "/home/coder"
  install_claude_code = true
@@ -101,7 +101,7 @@ Run Claude Code as a standalone app in your workspace. This will install Claude
 ```tf
 module "claude-code" {
  source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "2.1.0"
+  version             = "2.2.0"
  agent_id            = coder_agent.example.id
  folder              = "/home/coder"
  install_claude_code = true
@@ -100,7 +100,13 @@ variable "install_agentapi" {
 variable "agentapi_version" {
  type        = string
  description = "The version of AgentAPI to install."
-  default     = "v0.3.0"
+  default     = "v0.3.3"
+}
+
+variable "subdomain" {
+  type        = bool
+  description = "Whether to use a subdomain for the Claude Code app."
+  default     = true
 }

 locals {
@@ -113,6 +119,15 @@ locals {
  agentapi_wait_for_start_script_b64 = base64encode(file("${path.module}/scripts/agentapi-wait-for-start.sh"))
  remove_last_session_id_script_b64  = base64encode(file("${path.module}/scripts/remove-last-session-id.sh"))
  claude_code_app_slug               = "ccw"
+  // Chat base path is only set if not using a subdomain.
+  // NOTE:
+  //   - Initial support for --chat-base-path was added in v0.3.1 but configuration
+  //     via environment variable AGENTAPI_CHAT_BASE_PATH was added in v0.3.3.
+  //   - As CODER_WORKSPACE_AGENT_NAME is a recent addition we use agent ID
+  //     for backward compatibility.
+  agentapi_chat_base_path = var.subdomain ? "" : "/@${data.coder_workspace_owner.me.name}/${data.coder_workspace.me.name}.${var.agent_id}/apps/${local.claude_code_app_slug}/chat"
+  server_base_path        = var.subdomain ? "" : "/@${data.coder_workspace_owner.me.name}/${data.coder_workspace.me.name}.${var.agent_id}/apps/${local.claude_code_app_slug}"
+  healthcheck_url         = "http://localhost:3284${local.server_base_path}/status"
 }

 # Install and Initialize Claude Code
@@ -229,6 +244,9 @@ resource "coder_script" "claude_code" {

    # Disable host header check since AgentAPI is proxied by Coder (which does its own validation)
    export AGENTAPI_ALLOWED_HOSTS="*"
+    
+    # Set chat base path for non-subdomain routing (only set if not using subdomain)
+    export AGENTAPI_CHAT_BASE_PATH="${local.agentapi_chat_base_path}"

    nohup "$module_path/scripts/agentapi-start.sh" use_prompt &> "$module_path/agentapi-start.log" &
    "$module_path/scripts/agentapi-wait-for-start.sh"
@@ -245,9 +263,9 @@ resource "coder_app" "claude_code_web" {
  icon         = var.icon
  order        = var.order
  group        = var.group
-  subdomain    = true
+  subdomain    = var.subdomain
  healthcheck {
-    url       = "http://localhost:3284/status"
+    url       = local.healthcheck_url
    interval  = 3
    threshold = 20
  }
@@ -9,33 +9,33 @@ log_file_path="$module_path/agentapi.log"

 # if the first argument is not empty, start claude with the prompt
 if [ -n "$1" ]; then
-    cp "$module_path/prompt.txt" /tmp/claude-code-prompt
+  cp "$module_path/prompt.txt" /tmp/claude-code-prompt
 else
-    rm -f /tmp/claude-code-prompt
+  rm -f /tmp/claude-code-prompt
 fi

 # if the log file already exists, archive it
 if [ -f "$log_file_path" ]; then
-    mv "$log_file_path" "$log_file_path"".$(date +%s)"
+  mv "$log_file_path" "$log_file_path"".$(date +%s)"
 fi

 # see the remove-last-session-id.sh script for details
 # about why we need it
 # avoid exiting if the script fails
-bash "$scripts_dir/remove-last-session-id.sh" "$(pwd)" 2>/dev/null || true
+bash "$scripts_dir/remove-last-session-id.sh" "$(pwd)" 2> /dev/null || true

 # we'll be manually handling errors from this point on
 set +o errexit

 function start_agentapi() {
-    local continue_flag="$1"
-    local prompt_subshell='"$(cat /tmp/claude-code-prompt)"'
-    
-    # use low width to fit in the tasks UI sidebar. height is adjusted so that width x height ~= 80x1000 characters
-    # visible in the terminal screen by default.
-    agentapi server --term-width 67 --term-height 1190 -- \
-        bash -c "claude $continue_flag --dangerously-skip-permissions $prompt_subshell" \
-        > "$log_file_path" 2>&1
+  local continue_flag="$1"
+  local prompt_subshell='"$(cat /tmp/claude-code-prompt)"'
+
+  # use low width to fit in the tasks UI sidebar. height is adjusted so that width x height ~= 80x1000 characters
+  # visible in the terminal screen by default.
+  agentapi server --term-width 67 --term-height 1190 -- \
+    bash -c "claude $continue_flag --dangerously-skip-permissions $prompt_subshell" \
+    > "$log_file_path" 2>&1
 }

 echo "Starting AgentAPI..."
@@ -47,15 +47,15 @@ exit_code=$?
 echo "First AgentAPI exit code: $exit_code"

 if [ $exit_code -eq 0 ]; then
-    exit 0
+  exit 0
 fi

 # if there was no conversation to continue, claude exited with an error.
 # start claude without the --continue flag.
 if grep -q "No conversation found to continue" "$log_file_path"; then
-    echo "AgentAPI with --continue flag failed, starting claude without it."
-    start_agentapi
-    exit_code=$?
+  echo "AgentAPI with --continue flag failed, starting claude without it."
+  start_agentapi
+  exit_code=$?
 fi

 echo "Second AgentAPI exit code: $exit_code"
@@ -9,22 +9,22 @@ agentapi_started=false

 echo "Waiting for agentapi server to start on port 3284..."
 for i in $(seq 1 150); do
-    for j in $(seq 1 3); do
-        sleep 0.1
-        if curl -fs -o /dev/null "http://localhost:3284/status"; then
-            echo "agentapi response received ($j/3)"
-        else
-            echo "agentapi server not responding ($i/15)"
-            continue 2
-        fi
-    done
-    agentapi_started=true
-    break
+  for j in $(seq 1 3); do
+    sleep 0.1
+    if curl -fs -o /dev/null "http://localhost:3284/status"; then
+      echo "agentapi response received ($j/3)"
+    else
+      echo "agentapi server not responding ($i/15)"
+      continue 2
+    fi
+  done
+  agentapi_started=true
+  break
 done

 if [ "$agentapi_started" != "true" ]; then
-    echo "Error: agentapi server did not start on port 3284 after 15 seconds."
-    exit 1
+  echo "Error: agentapi server did not start on port 3284 after 15 seconds."
+  exit 1
 fi

 echo "agentapi server started on port 3284."
@@ -20,7 +20,10 @@ if (
  process.exit(1);
 }

-fs.writeFileSync("/home/coder/agentapi-mock.log", `AGENTAPI_ALLOWED_HOSTS: ${process.env.AGENTAPI_ALLOWED_HOSTS}`);
+fs.writeFileSync(
+  "/home/coder/agentapi-mock.log",
+  `AGENTAPI_ALLOWED_HOSTS: ${process.env.AGENTAPI_ALLOWED_HOSTS}`,
+);

 console.log(`starting server on port ${port}`);

@@ -14,7 +14,7 @@ Automatically logs the user into Coder when creating their workspace.
 module "coder-login" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/coder-login/coder"
-  version  = "1.0.31"
+  version  = "1.1.0"
  agent_id = coder_agent.example.id
 }
 ```
@@ -17,15 +17,14 @@ variable "agent_id" {
 data "coder_workspace" "me" {}
 data "coder_workspace_owner" "me" {}

-resource "coder_script" "coder-login" {
+resource "coder_env" "coder_session_token" {
  agent_id = var.agent_id
-  script = templatefile("${path.module}/run.sh", {
-    CODER_USER_TOKEN : data.coder_workspace_owner.me.session_token,
-    CODER_DEPLOYMENT_URL : data.coder_workspace.me.access_url
-  })
-  display_name       = "Coder Login"
-  icon               = "/icon/coder.svg"
-  run_on_start       = true
-  start_blocks_login = true
+  name     = "CODER_SESSION_TOKEN"
+  value    = data.coder_workspace_owner.me.session_token
 }

+resource "coder_env" "coder_url" {
+  agent_id = var.agent_id
+  name     = "CODER_URL"
+  value    = data.coder_workspace.me.access_url
+}
@@ -0,0 +1,65 @@
+# Test for coder-login module
+
+run "test_coder_login_module" {
+  command = plan
+
+  variables {
+    agent_id = "test-agent-id"
+  }
+
+  # Test that the coder_env resources are created with correct configuration
+  assert {
+    condition     = coder_env.coder_session_token.agent_id == "test-agent-id"
+    error_message = "CODER_SESSION_TOKEN agent ID should match the input variable"
+  }
+
+  assert {
+    condition     = coder_env.coder_session_token.name == "CODER_SESSION_TOKEN"
+    error_message = "Environment variable name should be 'CODER_SESSION_TOKEN'"
+  }
+
+  assert {
+    condition     = coder_env.coder_url.agent_id == "test-agent-id"
+    error_message = "CODER_URL agent ID should match the input variable"
+  }
+
+  assert {
+    condition     = coder_env.coder_url.name == "CODER_URL"
+    error_message = "Environment variable name should be 'CODER_URL'"
+  }
+}
+
+# Test with mock data sources
+run "test_with_mock_data" {
+  command = plan
+
+  variables {
+    agent_id = "mock-agent"
+  }
+
+  # Mock the data sources for testing
+  override_data {
+    target = data.coder_workspace.me
+    values = {
+      access_url = "https://coder.example.com"
+    }
+  }
+
+  override_data {
+    target = data.coder_workspace_owner.me
+    values = {
+      session_token = "mock-session-token"
+    }
+  }
+
+  # Verify environment variables get the mocked values
+  assert {
+    condition     = coder_env.coder_url.value == "https://coder.example.com"
+    error_message = "CODER_URL should match workspace access_url"
+  }
+
+  assert {
+    condition     = coder_env.coder_session_token.value == "mock-session-token"
+    error_message = "CODER_SESSION_TOKEN should match workspace owner session_token"
+  }
+}
@@ -1,15 +0,0 @@
-#!/usr/bin/env sh
-
-# Automatically authenticate the user if they are not
-# logged in to another deployment
-
-BOLD='\033[0;1m'
-
-printf "$${BOLD}Logging into Coder...\n\n$${RESET}"
-
-if ! coder list > /dev/null 2>&1; then
-  set +x
-  coder login --token="${CODER_USER_TOKEN}" --url="${CODER_DEPLOYMENT_URL}"
-else
-  echo "You are already authenticated with coder."
-fi
@@ -16,7 +16,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/vscode-coder)
 module "cursor" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/cursor/coder"
-  version  = "1.3.1"
+  version  = "1.3.2"
  agent_id = coder_agent.example.id
 }
 ```
@@ -29,7 +29,7 @@ module "cursor" {
 module "cursor" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/cursor/coder"
-  version  = "1.3.1"
+  version  = "1.3.2"
  agent_id = coder_agent.example.id
  folder   = "/home/coder/project"
 }
@@ -45,7 +45,7 @@ The following example configures Cursor to use the GitHub MCP server with authen
 module "cursor" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/cursor/coder"
-  version  = "1.3.1"
+  version  = "1.3.2"
  agent_id = coder_agent.example.id
  folder   = "/home/coder/project"
  mcp = jsonencode({
@@ -94,12 +94,18 @@ describe("cursor", async () => {
  it("writes ~/.cursor/mcp.json when mcp provided", async () => {
    const id = await runContainer("alpine");
    try {
-      const mcp = JSON.stringify({ servers: { demo: { url: "http://localhost:1234" } } });
+      const mcp = JSON.stringify({
+        servers: { demo: { url: "http://localhost:1234" } },
+      });
      const state = await runTerraformApply(import.meta.dir, {
        agent_id: "foo",
        mcp,
      });
-      const script = findResourceInstance(state, "coder_script", "cursor_mcp").script;
+      const script = findResourceInstance(
+        state,
+        "coder_script",
+        "cursor_mcp",
+      ).script;
      const resp = await execContainer(id, ["sh", "-c", script]);
      if (resp.exitCode !== 0) {
        console.log(resp.stdout);
@@ -98,6 +98,7 @@ resource "coder_script" "cursor_mcp" {
    set -eu
    mkdir -p "$HOME/.cursor"
    echo -n "${local.mcp_b64}" | base64 -d > "$HOME/.cursor/mcp.json"
+    chmod 600 "$HOME/.cursor/mcp.json"
  EOT
 }

@@ -7,55 +7,55 @@
 cd "$CODER_SCRIPT_DATA_DIR"

 # If @devcontainers/cli is already installed, we can skip
-if command -v devcontainer >/dev/null 2>&1; then
-    echo "🥳 @devcontainers/cli is already installed into $(which devcontainer)!"
-    exit 0
+if command -v devcontainer > /dev/null 2>&1; then
+  echo "🥳 @devcontainers/cli is already installed into $(which devcontainer)!"
+  exit 0
 fi

 # Check if docker is installed
-if ! command -v docker >/dev/null 2>&1; then
-    echo "WARNING: Docker was not found but is required to use @devcontainers/cli, please make sure it is available."
+if ! command -v docker > /dev/null 2>&1; then
+  echo "WARNING: Docker was not found but is required to use @devcontainers/cli, please make sure it is available."
 fi

 # Determine the package manager to use: npm, pnpm, or yarn
-if command -v yarn >/dev/null 2>&1; then
-    PACKAGE_MANAGER="yarn"
-elif command -v npm >/dev/null 2>&1; then
-    PACKAGE_MANAGER="npm"
-elif command -v pnpm >/dev/null 2>&1; then
-    PACKAGE_MANAGER="pnpm"
+if command -v yarn > /dev/null 2>&1; then
+  PACKAGE_MANAGER="yarn"
+elif command -v npm > /dev/null 2>&1; then
+  PACKAGE_MANAGER="npm"
+elif command -v pnpm > /dev/null 2>&1; then
+  PACKAGE_MANAGER="pnpm"
 else
-    echo "ERROR: No supported package manager (npm, pnpm, yarn) is installed. Please install one first." 1>&2
-    exit 1
+  echo "ERROR: No supported package manager (npm, pnpm, yarn) is installed. Please install one first." 1>&2
+  exit 1
 fi

 install() {
-    echo "Installing @devcontainers/cli using $PACKAGE_MANAGER..."
-    if [ "$PACKAGE_MANAGER" = "npm" ]; then
-        npm install -g @devcontainers/cli
-    elif [ "$PACKAGE_MANAGER" = "pnpm" ]; then
-        # Check if PNPM_HOME is set, if not, set it to the script's bin directory
-        # pnpm needs this to be set to install binaries
-        # coder agent ensures this part is part of the PATH
-        # so that the devcontainer command is available
-        if [ -z "$PNPM_HOME" ]; then
-            PNPM_HOME="$CODER_SCRIPT_BIN_DIR"
-            export PNPM_HOME
-        fi
-        pnpm add -g @devcontainers/cli
-    elif [ "$PACKAGE_MANAGER" = "yarn" ]; then
-        yarn global add @devcontainers/cli --prefix "$(dirname "$CODER_SCRIPT_BIN_DIR")"
+  echo "Installing @devcontainers/cli using $PACKAGE_MANAGER..."
+  if [ "$PACKAGE_MANAGER" = "npm" ]; then
+    npm install -g @devcontainers/cli
+  elif [ "$PACKAGE_MANAGER" = "pnpm" ]; then
+    # Check if PNPM_HOME is set, if not, set it to the script's bin directory
+    # pnpm needs this to be set to install binaries
+    # coder agent ensures this part is part of the PATH
+    # so that the devcontainer command is available
+    if [ -z "$PNPM_HOME" ]; then
+      PNPM_HOME="$CODER_SCRIPT_BIN_DIR"
+      export PNPM_HOME
    fi
+    pnpm add -g @devcontainers/cli
+  elif [ "$PACKAGE_MANAGER" = "yarn" ]; then
+    yarn global add @devcontainers/cli --prefix "$(dirname "$CODER_SCRIPT_BIN_DIR")"
+  fi
 }

 if ! install; then
-    echo "Failed to install @devcontainers/cli" >&2
-    exit 1
+  echo "Failed to install @devcontainers/cli" >&2
+  exit 1
 fi

-if ! command -v devcontainer >/dev/null 2>&1; then
-    echo "Installation completed but 'devcontainer' command not found in PATH" >&2
-    exit 1
+if ! command -v devcontainer > /dev/null 2>&1; then
+  echo "Installation completed but 'devcontainer' command not found in PATH" >&2
+  exit 1
 fi

 echo "🥳 @devcontainers/cli has been installed into $(which devcontainer)!"
@@ -7,7 +7,7 @@ BOLD='\033[[0;1m'
 printf "$${BOLD}Installing filebrowser \n\n"

 # Check if filebrowser is installed
-if ! command -v filebrowser &>/dev/null; then
+if ! command -v filebrowser &> /dev/null; then
  curl -fsSL https://raw.githubusercontent.com/filebrowser/get/master/get.sh | bash
 fi

@@ -34,6 +34,6 @@ printf "👷 Starting filebrowser in background... \n\n"

 printf "📂 Serving $${ROOT_DIR} at http://localhost:${PORT} \n\n"

-filebrowser >>${LOG_PATH} 2>&1 &
+filebrowser >> ${LOG_PATH} 2>&1 &

 printf "📝 Logs at ${LOG_PATH} \n\n"
@@ -267,6 +267,8 @@ describe("goose", async () => {
    await execModuleScript(id);

    const agentapiMockOutput = await readFileContainer(id, agentapiStartLog);
-    expect(agentapiMockOutput).toContain("AGENTAPI_CHAT_BASE_PATH=/@default/default.foo/apps/goose/chat");
+    expect(agentapiMockOutput).toContain(
+      "AGENTAPI_CHAT_BASE_PATH=/@default/default.foo/apps/goose/chat",
+    );
  });
 });
@@ -2,7 +2,7 @@

 # Function to check if a command exists
 command_exists() {
-    command -v "$1" >/dev/null 2>&1
+  command -v "$1" > /dev/null 2>&1
 }

 set -o nounset
@@ -18,40 +18,40 @@ echo "--------------------------------"
 set +o nounset

 if [ "${ARG_INSTALL}" = "true" ]; then
-    echo "Installing Goose..."
-    parsed_version="${ARG_GOOSE_VERSION}"
-    if [ "${ARG_GOOSE_VERSION}" = "stable" ]; then
-        parsed_version=""
-    fi
-    curl -fsSL https://github.com/block/goose/releases/download/stable/download_cli.sh | GOOSE_VERSION="${parsed_version}" CONFIGURE=false bash
-    echo "Goose installed"
+  echo "Installing Goose..."
+  parsed_version="${ARG_GOOSE_VERSION}"
+  if [ "${ARG_GOOSE_VERSION}" = "stable" ]; then
+    parsed_version=""
+  fi
+  curl -fsSL https://github.com/block/goose/releases/download/stable/download_cli.sh | GOOSE_VERSION="${parsed_version}" CONFIGURE=false bash
+  echo "Goose installed"
 else
-    echo "Skipping Goose installation"
+  echo "Skipping Goose installation"
 fi

 if [ "${ARG_GOOSE_CONFIG}" != "" ]; then
-    echo "Configuring Goose..."
-    mkdir -p "$HOME/.config/goose"
-    echo "GOOSE_PROVIDER: $ARG_PROVIDER" >"$HOME/.config/goose/config.yaml"
-    echo "GOOSE_MODEL: $ARG_MODEL" >>"$HOME/.config/goose/config.yaml"
-    echo "$ARG_GOOSE_CONFIG" >>"$HOME/.config/goose/config.yaml"
+  echo "Configuring Goose..."
+  mkdir -p "$HOME/.config/goose"
+  echo "GOOSE_PROVIDER: $ARG_PROVIDER" > "$HOME/.config/goose/config.yaml"
+  echo "GOOSE_MODEL: $ARG_MODEL" >> "$HOME/.config/goose/config.yaml"
+  echo "$ARG_GOOSE_CONFIG" >> "$HOME/.config/goose/config.yaml"
 else
-    echo "Skipping Goose configuration"
+  echo "Skipping Goose configuration"
 fi

 if [ "${GOOSE_SYSTEM_PROMPT}" != "" ]; then
-    echo "Setting Goose system prompt..."
-    mkdir -p "$HOME/.config/goose"
-    echo "$GOOSE_SYSTEM_PROMPT" >"$HOME/.config/goose/.goosehints"
+  echo "Setting Goose system prompt..."
+  mkdir -p "$HOME/.config/goose"
+  echo "$GOOSE_SYSTEM_PROMPT" > "$HOME/.config/goose/.goosehints"
 else
-    echo "Goose system prompt not set. use the GOOSE_SYSTEM_PROMPT environment variable to set it."
+  echo "Goose system prompt not set. use the GOOSE_SYSTEM_PROMPT environment variable to set it."
 fi

 if command_exists goose; then
-    GOOSE_CMD=goose
+  GOOSE_CMD=goose
 elif [ -f "$HOME/.local/bin/goose" ]; then
-    GOOSE_CMD="$HOME/.local/bin/goose"
+  GOOSE_CMD="$HOME/.local/bin/goose"
 else
-    echo "Error: Goose is not installed. Please enable install_goose or install it manually."
-    exit 1
+  echo "Error: Goose is not installed. Please enable install_goose or install it manually."
+  exit 1
 fi
@@ -4,16 +4,16 @@ set -o errexit
 set -o pipefail

 command_exists() {
-    command -v "$1" >/dev/null 2>&1
+  command -v "$1" > /dev/null 2>&1
 }

 if command_exists goose; then
-    GOOSE_CMD=goose
+  GOOSE_CMD=goose
 elif [ -f "$HOME/.local/bin/goose" ]; then
-    GOOSE_CMD="$HOME/.local/bin/goose"
+  GOOSE_CMD="$HOME/.local/bin/goose"
 else
-    echo "Error: Goose is not installed. Please enable install_goose or install it manually."
-    exit 1
+  echo "Error: Goose is not installed. Please enable install_goose or install it manually."
+  exit 1
 fi

 # this must be kept up to date with main.tf
@@ -21,15 +21,15 @@ MODULE_DIR="$HOME/.goose-module"
 mkdir -p "$MODULE_DIR"

 if [ ! -z "$GOOSE_TASK_PROMPT" ]; then
-    echo "Starting with a prompt"
-    PROMPT="Review your goosehints. Every step of the way, report tasks to Coder with proper descriptions and statuses. Your task at hand: $GOOSE_TASK_PROMPT"
-    PROMPT_FILE="$MODULE_DIR/prompt.txt"
-    echo -n "$PROMPT" >"$PROMPT_FILE"
-    GOOSE_ARGS=(run --interactive --instructions "$PROMPT_FILE")
+  echo "Starting with a prompt"
+  PROMPT="Review your goosehints. Every step of the way, report tasks to Coder with proper descriptions and statuses. Your task at hand: $GOOSE_TASK_PROMPT"
+  PROMPT_FILE="$MODULE_DIR/prompt.txt"
+  echo -n "$PROMPT" > "$PROMPT_FILE"
+  GOOSE_ARGS=(run --interactive --instructions "$PROMPT_FILE")
 else
-    echo "Starting without a prompt"
-    GOOSE_ARGS=()
+  echo "Starting without a prompt"
+  GOOSE_ARGS=()
 fi

 agentapi server --term-width 67 --term-height 1190 -- \
-    bash -c "$(printf '%q ' "$GOOSE_CMD" "${GOOSE_ARGS[@]}")"
+  bash -c "$(printf '%q ' "$GOOSE_CMD" "${GOOSE_ARGS[@]}")"
@@ -3,7 +3,9 @@
 const http = require("http");
 const args = process.argv.slice(2);
 console.log(args);
-console.log(`AGENTAPI_CHAT_BASE_PATH=${process.env["AGENTAPI_CHAT_BASE_PATH"]}`);
+console.log(
+  `AGENTAPI_CHAT_BASE_PATH=${process.env["AGENTAPI_CHAT_BASE_PATH"]}`,
+);
 const port = 3284;

 console.log(`starting server on port ${port}`);
@@ -3,6 +3,6 @@
 set -e

 while true; do
-    echo "$(date) - goose-mock"
-    sleep 15
+  echo "$(date) - goose-mock"
+  sleep 15
 done
@@ -97,4 +97,4 @@ describe("jetbrains-fleet", async () => {
    expect(coder_app?.instances.length).toBe(1);
    expect(coder_app?.instances[0].attributes.group).toBe("JetBrains IDEs");
  });
-}); 
+});
@@ -115,22 +115,29 @@ describe("jupyterlab", async () => {
          port: 8888,
          token: "test-token",
          password: "",
-          allow_origin: "*"
-        }
+          allow_origin: "*",
+        },
      };
      const configJson = JSON.stringify(config);
      const state = await runTerraformApply(import.meta.dir, {
        agent_id: "foo",
        config: configJson,
      });
-      const script = findResourceInstance(state, "coder_script", "jupyterlab_config").script;
+      const script = findResourceInstance(
+        state,
+        "coder_script",
+        "jupyterlab_config",
+      ).script;
      const resp = await execContainer(id, ["sh", "-c", script]);
      if (resp.exitCode !== 0) {
        console.log(resp.stdout);
        console.log(resp.stderr);
      }
      expect(resp.exitCode).toBe(0);
-      const content = await readFileContainer(id, "/root/.jupyter/jupyter_server_config.json");
+      const content = await readFileContainer(
+        id,
+        "/root/.jupyter/jupyter_server_config.json",
+      );
      // Parse both JSON strings and compare objects to avoid key ordering issues
      const actualConfig = JSON.parse(content);
      expect(actualConfig).toEqual(config);
@@ -145,7 +152,7 @@ describe("jupyterlab", async () => {
      config: "{}",
    });
    const configScripts = state.resources.filter(
-      (res) => res.type === "coder_script" && res.name === "jupyterlab_config"
+      (res) => res.type === "coder_script" && res.name === "jupyterlab_config",
    );
    expect(configScripts.length).toBe(1);
  });
@@ -155,7 +162,7 @@ describe("jupyterlab", async () => {
      agent_id: "foo",
    });
    const configScripts = state.resources.filter(
-      (res) => res.type === "coder_script" && res.name === "jupyterlab_config"
+      (res) => res.type === "coder_script" && res.name === "jupyterlab_config",
    );
    expect(configScripts.length).toBe(1);
  });
@@ -3,13 +3,13 @@ INSTALLER=""
 check_available_installer() {
  # check if pipx is installed
  echo "Checking for a supported installer"
-  if command -v pipx >/dev/null 2>&1; then
+  if command -v pipx > /dev/null 2>&1; then
    echo "pipx is installed"
    INSTALLER="pipx"
    return
  fi
  # check if uv is installed
-  if command -v uv >/dev/null 2>&1; then
+  if command -v uv > /dev/null 2>&1; then
    echo "uv is installed"
    INSTALLER="uv"
    return
@@ -26,21 +26,21 @@ fi
 BOLD='\033[0;1m'

 # check if jupyterlab is installed
-if ! command -v jupyter-lab >/dev/null 2>&1; then
+if ! command -v jupyter-lab > /dev/null 2>&1; then
  # install jupyterlab
  check_available_installer
  printf "$${BOLD}Installing jupyterlab!\n"
  case $INSTALLER in
-  uv)
-    uv pip install -q jupyterlab &&
-      printf "%s\n" "🥳 jupyterlab has been installed"
-    JUPYTER="$HOME/.venv/bin/jupyter-lab"
-    ;;
-  pipx)
-    pipx install jupyterlab &&
-      printf "%s\n" "🥳 jupyterlab has been installed"
-    JUPYTER="$HOME/.local/bin/jupyter-lab"
-    ;;
+    uv)
+      uv pip install -q jupyterlab \
+        && printf "%s\n" "🥳 jupyterlab has been installed"
+      JUPYTER="$HOME/.venv/bin/jupyter-lab"
+      ;;
+    pipx)
+      pipx install jupyterlab \
+        && printf "%s\n" "🥳 jupyterlab has been installed"
+      JUPYTER="$HOME/.local/bin/jupyter-lab"
+      ;;
  esac
 else
  printf "%s\n\n" "🥳 jupyterlab is already installed"
@@ -55,4 +55,4 @@ $JUPYTER --no-browser \
  --ServerApp.port="${PORT}" \
  --ServerApp.token='' \
  --ServerApp.password='' \
-  >"${LOG_PATH}" 2>&1 &
+  > "${LOG_PATH}" 2>&1 &
@@ -1,4 +1,4 @@
-<!DOCTYPE html>
+<!doctype html>
 <html>
  <head>
    <title>Path-Sharing Bounce Page</title>
@@ -6,40 +6,64 @@
      :root {
        color-scheme: light dark;
        --dark: #121212;
-        --header-bg: rgba(127,127,127,0.2);
+        --header-bg: rgba(127, 127, 127, 0.2);
        --light: white;
-        --rule-color: light-dark(rgba(0,0,0,0.8), rgba(255,255,255,0.8));
+        --rule-color: light-dark(rgba(0, 0, 0, 0.8), rgba(255, 255, 255, 0.8));
        background-color: light-dark(var(--light), var(--dark));
        color: light-dark(var(--dark), var(--light));
      }
-      body, h1, p {
+      body,
+      h1,
+      p {
        box-sizing: border-box;
-        margin:0; padding:0;
+        margin: 0;
+        padding: 0;
      }
-      body{
-        font-family:Inter, system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;
+      body {
+        font-family:
+          Inter,
+          system-ui,
+          -apple-system,
+          BlinkMacSystemFont,
+          "Segoe UI",
+          Roboto,
+          Oxygen,
+          Ubuntu,
+          Cantarell,
+          "Open Sans",
+          "Helvetica Neue",
+          sans-serif;
      }
-      h1{
+      h1 {
        width: 100%;
        padding: 1rem;
        letter-spacing: -1.5pt;
-        padding-bottom:10px;
+        padding-bottom: 10px;
        border-bottom: 1px solid var(--rule-color);
        background-color: var(--header-bg);
      }
      p {
-        padding: 1rem; letter-spacing: -0.5pt;}
-      a.indent { display:inline-block; padding-top:0.5rem; padding-left: 2rem; font-size:0.8rem }
-      </style>
+        padding: 1rem;
+        letter-spacing: -0.5pt;
+      }
+      a.indent {
+        display: inline-block;
+        padding-top: 0.5rem;
+        padding-left: 2rem;
+        font-size: 0.8rem;
+      }
+    </style>
    <meta charset="UTF-8" />
  </head>
  <body>
    <h1>Path-Sharing Bounce Page</h1>
    <p>
-      This application is being served via path sharing.
-      If you are not redirected, <span id="help">check the
-      Javascript console in your browser's developer tools
-      for more information.</span>
+      This application is being served via path sharing. If you are not
+      redirected,
+      <span id="help"
+        >check the Javascript console in your browser's developer tools for more
+        information.</span
+      >
    </p>
  </body>
  <script language="javascript">
@@ -58,24 +82,30 @@
    //      This apparently doesn't tolerate a leading `/` so we use a
    //      function to tidy that up.
    function trimFirstCharIf(str, char) {
-       return str.charAt(0) === char ? str.slice(1) : str;
+      return str.charAt(0) === char ? str.slice(1) : str;
    }
    function trimLastCharIf(str, char) {
-       return str.endsWith("/") ? str.slice(0,str.length-1) : str;
+      return str.endsWith("/") ? str.slice(0, str.length - 1) : str;
    }
    const newloc = new URL(window.location);
-    const h = document.getElementById("help")
+    const h = document.getElementById("help");

    // Building the websockify path must happen before we append the filename to newloc.pathname
-    newloc.searchParams.append("path",
-      trimLastCharIf(trimFirstCharIf(newloc.pathname,"/"),"/")+"/websockify");
-    newloc.searchParams.append("encrypted", newloc.protocol==="https:"? true : false);
+    newloc.searchParams.append(
+      "path",
+      trimLastCharIf(trimFirstCharIf(newloc.pathname, "/"), "/") +
+        "/websockify",
+    );
+    newloc.searchParams.append(
+      "encrypted",
+      newloc.protocol === "https:" ? true : false,
+    );

-    newloc.pathname += "vnc.html"
+    newloc.pathname += "vnc.html";
    console.log(newloc);

    h.innerHTML = `click <a id="link" href="${newloc.toString()}">here</a> to go to the application.
-    <br/><br/>The rewritten URL is:<br/><a id="link" class="indent" href="${newloc.toString()}">${newloc.toString()}</a>`
+    <br/><br/>The rewritten URL is:<br/><a id="link" class="indent" href="${newloc.toString()}">${newloc.toString()}</a>`;
    window.location = newloc.href;
  </script>
 </html>
@@ -3,7 +3,10 @@
 # Exit on error, undefined variables, and pipe failures
 set -euo pipefail

-error() { printf "💀 ERROR: %s\n" "$@"; exit 1; }
+error() {
+  printf "💀 ERROR: %s\n" "$@"
+  exit 1
+}

 # Function to check if vncserver is already installed
 check_installed() {
@@ -248,30 +251,30 @@ get_http_dir() {
  echo $httpd_directory
 }

-fix_server_index_file(){
-    local fname=$${FUNCNAME[0]}  # gets current function name
-    if [[ $# -ne 1 ]]; then
-        error "$fname requires exactly 1 parameter:\n\tpath to KasmVNC httpd_directory"
-    fi
-    local httpdir="$1"
-    if [[ ! -d "$httpdir" ]]; then
-      error "$fname: $httpdir is not a directory"
-    fi
-    pushd "$httpdir" > /dev/null
+fix_server_index_file() {
+  local fname=$${FUNCNAME[0]} # gets current function name
+  if [[ $# -ne 1 ]]; then
+    error "$fname requires exactly 1 parameter:\n\tpath to KasmVNC httpd_directory"
+  fi
+  local httpdir="$1"
+  if [[ ! -d "$httpdir" ]]; then
+    error "$fname: $httpdir is not a directory"
+  fi
+  pushd "$httpdir" > /dev/null

-    cat <<'EOH' > /tmp/path_vnc.html
+  cat << 'EOH' > /tmp/path_vnc.html
 ${PATH_VNC_HTML}
 EOH
-    $SUDO mv /tmp/path_vnc.html .
-    # check for the switcheroo
-    if [[ -f "index.html" && -L "vnc.html" ]]; then
-      $SUDO mv $httpdir/index.html $httpdir/vnc.html
-    fi
-    $SUDO ln -s -f path_vnc.html index.html
-    popd > /dev/null
+  $SUDO mv /tmp/path_vnc.html .
+  # check for the switcheroo
+  if [[ -f "index.html" && -L "vnc.html" ]]; then
+    $SUDO mv $httpdir/index.html $httpdir/vnc.html
+  fi
+  $SUDO ln -s -f path_vnc.html index.html
+  popd > /dev/null
 }

-patch_kasm_http_files(){
+patch_kasm_http_files() {
  homedir=$(get_http_dir)
  fix_server_index_file "$homedir"
 }
@@ -292,7 +295,7 @@ set -e

 if [[ $RETVAL -ne 0 ]]; then
  echo "ERROR: Failed to start KasmVNC server. Return code: $RETVAL"
-    if [[ -f "$VNC_LOG" ]]; then
+  if [[ -f "$VNC_LOG" ]]; then
    echo "Full logs:"
    cat "$VNC_LOG"
  else
@@ -18,7 +18,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/vscode-coder)
 module "kiro" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/kiro/coder"
-  version  = "1.0.0"
+  version  = "1.1.0"
  agent_id = coder_agent.example.id
 }
 ```
@@ -31,21 +31,39 @@ module "kiro" {
 module "kiro" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/kiro/coder"
-  version  = "1.0.0"
+  version  = "1.1.0"
  agent_id = coder_agent.example.id
  folder   = "/home/coder/project"
 }
 ```

-### Open with custom display name and order
+### Configure MCP servers for Kiro
+
+Provide a JSON-encoded string via the `mcp` input. When set, the module writes the value to `~/.kiro/settings/mcp.json` using a `coder_script` on workspace start.
+
+The following example configures Kiro to use the GitHub MCP server with authentication facilitated by the [`coder_external_auth`](https://coder.com/docs/admin/external-auth#configure-a-github-oauth-app) resource.

 ```tf
 module "kiro" {
-  count        = data.coder_workspace.me.start_count
-  source       = "registry.coder.com/coder/kiro/coder"
-  version      = "1.0.0"
-  agent_id     = coder_agent.example.id
-  display_name = "Kiro AI IDE"
-  order        = 1
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/coder/kiro/coder"
+  version  = "1.1.0"
+  agent_id = coder_agent.example.id
+  folder   = "/home/coder/project"
+  mcp = jsonencode({
+    mcpServers = {
+      "github" : {
+        "url" : "https://api.githubcopilot.com/mcp/",
+        "headers" : {
+          "Authorization" : "Bearer ${data.coder_external_auth.github.access_token}",
+        },
+        "type" : "http"
+      }
+    }
+  })
+}
+
+data "coder_external_auth" "github" {
+  id = "github"
 }
 ```
@@ -3,6 +3,11 @@ import {
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
+  runContainer,
+  execContainer,
+  removeContainer,
+  findResourceInstance,
+  readFileContainer,
 } from "~test";

 describe("kiro", async () => {
@@ -56,7 +61,7 @@ describe("kiro", async () => {
      slug: "kiro-ai",
      display_name: "Kiro AI IDE",
    });
-    
+
    const coder_app = state.resources.find(
      (res) => res.type === "coder_app" && res.name === "kiro",
    );
@@ -70,7 +75,7 @@ describe("kiro", async () => {
      agent_id: "foo",
      order: "5",
    });
-    
+
    const coder_app = state.resources.find(
      (res) => res.type === "coder_app" && res.name === "kiro",
    );
@@ -83,11 +88,42 @@ describe("kiro", async () => {
      agent_id: "foo",
      group: "AI IDEs",
    });
-    
+
    const coder_app = state.resources.find(
      (res) => res.type === "coder_app" && res.name === "kiro",
    );

    expect(coder_app?.instances[0].attributes.group).toBe("AI IDEs");
  });
+
+  it("writes ~/.kiro/settings/mcp.json when mcp provided", async () => {
+    const id = await runContainer("alpine");
+    try {
+      const mcp = JSON.stringify({
+        servers: { demo: { url: "http://localhost:1234" } },
+      });
+      const state = await runTerraformApply(import.meta.dir, {
+        agent_id: "foo",
+        mcp,
+      });
+      const script = findResourceInstance(
+        state,
+        "coder_script",
+        "kiro_mcp",
+      ).script;
+      const resp = await execContainer(id, ["sh", "-c", script]);
+      if (resp.exitCode !== 0) {
+        console.log(resp.stdout);
+        console.log(resp.stderr);
+      }
+      expect(resp.exitCode).toBe(0);
+      const content = await readFileContainer(
+        id,
+        "/root/.kiro/settings/mcp.json",
+      );
+      expect(content).toBe(mcp);
+    } finally {
+      await removeContainer(id);
+    }
+  });
 });
@@ -50,9 +50,19 @@ variable "display_name" {
  default     = "Kiro IDE"
 }

+variable "mcp" {
+  type        = string
+  description = "JSON-encoded string to configure MCP servers for Kiro. When set, writes ~/.kiro/settings/mcp.json."
+  default     = ""
+}
+
 data "coder_workspace" "me" {}
 data "coder_workspace_owner" "me" {}

+locals {
+  mcp_b64 = var.mcp != "" ? base64encode(var.mcp) : ""
+}
+
 resource "coder_app" "kiro" {
  agent_id     = var.agent_id
  external     = true
@@ -75,6 +85,22 @@ resource "coder_app" "kiro" {
  ])
 }

+resource "coder_script" "kiro_mcp" {
+  count              = var.mcp != "" ? 1 : 0
+  agent_id           = var.agent_id
+  display_name       = "Kiro MCP"
+  icon               = "/icon/kiro.svg"
+  run_on_start       = true
+  start_blocks_login = false
+  script             = <<-EOT
+    #!/bin/sh
+    set -eu
+    mkdir -p "$HOME/.kiro/settings"
+    echo -n "${local.mcp_b64}" | base64 -d > "$HOME/.kiro/settings/mcp.json"
+    chmod 600 "$HOME/.kiro/settings/mcp.json"
+  EOT
+}
+
 output "kiro_url" {
  value       = coder_app.kiro.url
  description = "Kiro IDE URL."
@@ -9,11 +9,11 @@ CODER_OIDC_ACCESS_TOKEN=${CODER_OIDC_ACCESS_TOKEN}
 fetch() {
  dest="$1"
  url="$2"
-  if command -v curl >/dev/null 2>&1; then
+  if command -v curl > /dev/null 2>&1; then
    curl -sSL --fail "$${url}" -o "$${dest}"
-  elif command -v wget >/dev/null 2>&1; then
+  elif command -v wget > /dev/null 2>&1; then
    wget -O "$${dest}" "$${url}"
-  elif command -v busybox >/dev/null 2>&1; then
+  elif command -v busybox > /dev/null 2>&1; then
    busybox wget -O "$${dest}" "$${url}"
  else
    printf "curl, wget, or busybox is not installed. Please install curl or wget in your image.\n"
@@ -22,9 +22,9 @@ fetch() {
 }

 unzip_safe() {
-  if command -v unzip >/dev/null 2>&1; then
+  if command -v unzip > /dev/null 2>&1; then
    command unzip "$@"
-  elif command -v busybox >/dev/null 2>&1; then
+  elif command -v busybox > /dev/null 2>&1; then
    busybox unzip "$@"
  else
    printf "unzip or busybox is not installed. Please install unzip in your image.\n"
@@ -56,7 +56,7 @@ install() {

  # Check if the vault CLI is installed and has the correct version
  installation_needed=1
-  if command -v vault >/dev/null 2>&1; then
+  if command -v vault > /dev/null 2>&1; then
    CURRENT_VERSION=$(vault version | grep -oE '[0-9]+\.[0-9]+\.[0-9]+')
    if [ "$${CURRENT_VERSION}" = "$${VAULT_CLI_VERSION}" ]; then
      printf "Vault version %s is already installed and up-to-date.\n\n" "$${CURRENT_VERSION}"
@@ -81,7 +81,7 @@ install() {
      return 1
    fi
    rm vault.zip
-    if sudo mv vault /usr/local/bin/vault 2>/dev/null; then
+    if sudo mv vault /usr/local/bin/vault 2> /dev/null; then
      printf "Vault installed successfully!\n\n"
    else
      mkdir -p ~/.local/bin
@@ -14,7 +14,7 @@ const defaultVariables = {
  coder_app_slug: "vscode",
  coder_app_display_name: "VS Code Desktop",
  protocol: "vscode",
-}
+};

 describe("vscode-desktop-core", async () => {
  await runTerraformInit(import.meta.dir);
@@ -40,7 +40,7 @@ describe("vscode-desktop-core", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      folder: "/foo/bar",

-      ...defaultVariables
+      ...defaultVariables,
    });

    expect(state.outputs.ide_uri.value).toBe(
@@ -86,7 +86,7 @@ describe("vscode-desktop-core", async () => {
  it("expect order to be set", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      coder_app_order: "22",
-      ...defaultVariables
+      ...defaultVariables,
    });

    const coder_app = state.resources.find(
@@ -68,7 +68,7 @@ esac
 # Detect the platform
 if [ -n "${PLATFORM}" ]; then
  DETECTED_PLATFORM="${PLATFORM}"
-elif [ -f /etc/alpine-release ] || grep -qi 'ID=alpine' /etc/os-release 2>/dev/null || command -v apk > /dev/null 2>&1; then
+elif [ -f /etc/alpine-release ] || grep -qi 'ID=alpine' /etc/os-release 2> /dev/null || command -v apk > /dev/null 2>&1; then
  DETECTED_PLATFORM="alpine"
 elif [ "$(uname -s)" = "Darwin" ]; then
  DETECTED_PLATFORM="darwin"
@@ -16,7 +16,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/vscode-coder)
 module "windsurf" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/windsurf/coder"
-  version  = "1.1.1"
+  version  = "1.2.0"
  agent_id = coder_agent.example.id
 }
 ```
@@ -29,8 +29,39 @@ module "windsurf" {
 module "windsurf" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/windsurf/coder"
-  version  = "1.1.1"
+  version  = "1.2.0"
  agent_id = coder_agent.example.id
  folder   = "/home/coder/project"
 }
 ```
+
+### Configure MCP servers for Windsurf
+
+Provide a JSON-encoded string via the `mcp` input. When set, the module writes the value to `~/.codeium/windsurf/mcp_config.json` using a `coder_script` on workspace start.
+
+The following example configures Windsurf to use the GitHub MCP server with authentication facilitated by the [`coder_external_auth`](https://coder.com/docs/admin/external-auth#configure-a-github-oauth-app) resource.
+
+```tf
+module "windsurf" {
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/coder/windsurf/coder"
+  version  = "1.2.0"
+  agent_id = coder_agent.example.id
+  folder   = "/home/coder/project"
+  mcp = jsonencode({
+    mcpServers = {
+      "github" : {
+        "url" : "https://api.githubcopilot.com/mcp/",
+        "headers" : {
+          "Authorization" : "Bearer ${data.coder_external_auth.github.access_token}",
+        },
+        "type" : "http"
+      }
+    }
+  })
+}
+
+data "coder_external_auth" "github" {
+  id = "github"
+}
+```
@@ -3,6 +3,11 @@ import {
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
+  runContainer,
+  execContainer,
+  removeContainer,
+  findResourceInstance,
+  readFileContainer,
 } from "~test";

 describe("windsurf", async () => {
@@ -85,4 +90,35 @@ describe("windsurf", async () => {
    expect(coder_app?.instances.length).toBe(1);
    expect(coder_app?.instances[0].attributes.order).toBe(22);
  });
+
+  it("writes ~/.codeium/windsurf/mcp_config.json when mcp provided", async () => {
+    const id = await runContainer("alpine");
+    try {
+      const mcp = JSON.stringify({
+        servers: { demo: { url: "http://localhost:1234" } },
+      });
+      const state = await runTerraformApply(import.meta.dir, {
+        agent_id: "foo",
+        mcp,
+      });
+      const script = findResourceInstance(
+        state,
+        "coder_script",
+        "windsurf_mcp",
+      ).script;
+      const resp = await execContainer(id, ["sh", "-c", script]);
+      if (resp.exitCode !== 0) {
+        console.log(resp.stdout);
+        console.log(resp.stderr);
+      }
+      expect(resp.exitCode).toBe(0);
+      const content = await readFileContainer(
+        id,
+        "/root/.codeium/windsurf/mcp_config.json",
+      );
+      expect(content).toBe(mcp);
+    } finally {
+      await removeContainer(id);
+    }
+  });
 });
@@ -38,15 +38,37 @@ variable "group" {
  default     = null
 }

+variable "slug" {
+  type        = string
+  description = "The slug of the app."
+  default     = "windsurf"
+}
+
+variable "display_name" {
+  type        = string
+  description = "The display name of the app."
+  default     = "Windsurf Editor"
+}
+
+variable "mcp" {
+  type        = string
+  description = "JSON-encoded string to configure MCP servers for Windsurf. When set, writes ~/.codeium/windsurf/mcp_config.json."
+  default     = ""
+}
+
 data "coder_workspace" "me" {}
 data "coder_workspace_owner" "me" {}

+locals {
+  mcp_b64 = var.mcp != "" ? base64encode(var.mcp) : ""
+}
+
 resource "coder_app" "windsurf" {
  agent_id     = var.agent_id
  external     = true
  icon         = "/icon/windsurf.svg"
-  slug         = "windsurf"
-  display_name = "Windsurf Editor"
+  slug         = var.slug
+  display_name = var.display_name
  order        = var.order
  group        = var.group
  url = join("", [
@@ -63,6 +85,22 @@ resource "coder_app" "windsurf" {
  ])
 }

+resource "coder_script" "windsurf_mcp" {
+  count              = var.mcp != "" ? 1 : 0
+  agent_id           = var.agent_id
+  display_name       = "Windsurf MCP"
+  icon               = "/icon/windsurf.svg"
+  run_on_start       = true
+  start_blocks_login = false
+  script             = <<-EOT
+    #!/bin/sh
+    set -eu
+    mkdir -p "$HOME/.codeium/windsurf"
+    echo -n "${local.mcp_b64}" | base64 -d > "$HOME/.codeium/windsurf/mcp_config.json"
+    chmod 600 "$HOME/.codeium/windsurf/mcp_config.json"
+  EOT
+}
+
 output "windsurf_url" {
  value       = coder_app.windsurf.url
  description = "Windsurf Editor URL."
@@ -35,7 +35,7 @@ This means, when the workspace restarts, any tools or files outside of the home

 ### Persistent VM

-> [!IMPORTANT]  
+> [!IMPORTANT]
 > This approach requires the [`az` CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli#install) to be present in the PATH of your Coder Provisioner.
 > You will have to do this installation manually as it is not included in our official images.

@@ -35,7 +35,7 @@ This means, when the workspace restarts, any tools or files outside of the data

 ### Persistent VM

-> [!IMPORTANT]  
+> [!IMPORTANT]
 > This approach requires the [`az` CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli#install) to be present in the PATH of your Coder Provisioner.
 > You will have to do this installation manually as it is not included in our official images.

@@ -0,0 +1,21 @@
+---
+display_name: "Rishi Mondal"
+bio: "Breaking code, fixing bugs, and occasionally making it work! Always caffeinated, always committing"
+avatar: "./.images/avatar.jpeg"
+github: "MAVRICK-1"
+linkedin: "https://www.linkedin.com/in/rishi-mondal-5238b2282/" # Optional
+website: "https://mavrick-portfolio.vercel.app/" # Optional
+support_email: "mavrickrishi@gmail.com" # Optional
+status: "community"
+---
+
+# Rishi Mondal
+
+I'm Rishi Mondal, a passionate developer from Chinsurah Hooghly, West Bengal, India.
+I'm a maintainer at CNCF KubeStellar, GSoC contributor at UCSC OSPO, and a Docker Captain.
+When I'm not breaking code and fixing bugs, you'll find me contributing to open-source projects,
+participating in LFX CNCF programs, and helping the developer community grow.
+
+## Modules
+
+- **aws-ami-snapshot**: Create and manage AMI snapshots for Coder workspaces with restore capabilities
@@ -0,0 +1,173 @@
+---
+display_name: AWS AMI Snapshot
+description: Create and manage AMI snapshots for Coder workspaces with restore capabilities
+icon: ../../../../.icons/aws.svg
+verified: false
+tags: [aws, snapshot, ami, backup, persistence]
+---
+
+# AWS AMI Snapshot Module
+
+This module provides AMI-based snapshot functionality for Coder workspaces running on AWS EC2 instances. It enables users to create snapshots when workspaces are stopped and restore from previous snapshots when starting workspaces.
+
+```tf
+module "ami_snapshot" {
+  source  = "registry.coder.com/mavrickrishi/aws-ami-snapshot/coder"
+  version = "1.0.0"
+
+  instance_id    = aws_instance.workspace.id
+  default_ami_id = data.aws_ami.ubuntu.id
+  template_name  = "aws-linux"
+}
+```
+
+## Features
+
+- **Automatic Snapshots**: Create AMI snapshots when workspaces are stopped
+- **User Control**: Enable/disable snapshot functionality per workspace
+- **Custom Labels**: Add custom labels to snapshots for easy identification
+- **Snapshot Selection**: Choose from available snapshots when starting workspaces
+- **Automatic Cleanup**: Optional Data Lifecycle Manager integration for automated cleanup
+- **Workspace Isolation**: Snapshots are tagged and filtered by workspace and owner
+
+## Parameters
+
+The module exposes the following parameters to workspace users:
+
+- `enable_snapshots`: Enable/disable AMI snapshot creation (default: true)
+- `snapshot_label`: Custom label for the snapshot (optional)
+- `use_previous_snapshot`: Select a previous snapshot to restore from (default: none)
+
+## Usage
+
+### Basic Usage
+
+```hcl
+module "ami_snapshot" {
+  source = "registry.coder.com/modules/aws-ami-snapshot"
+
+  instance_id     = aws_instance.workspace.id
+  default_ami_id  = data.aws_ami.ubuntu.id
+  template_name   = "aws-linux"
+}
+
+resource "aws_instance" "workspace" {
+  ami           = module.ami_snapshot.ami_id
+  instance_type = "t3.micro"
+
+  # Prevent Terraform from recreating instance when AMI changes
+  lifecycle {
+    ignore_changes = [ami]
+  }
+}
+```
+
+### With Optional Cleanup
+
+```hcl
+module "ami_snapshot" {
+  source = "registry.coder.com/modules/aws-ami-snapshot"
+
+  instance_id               = aws_instance.workspace.id
+  default_ami_id           = data.aws_ami.ubuntu.id
+  template_name            = "aws-linux"
+  enable_dlm_cleanup       = true
+  dlm_role_arn            = aws_iam_role.dlm_lifecycle_role.arn
+  snapshot_retention_count = 5
+
+  tags = {
+    Environment = "development"
+    Project     = "my-project"
+  }
+}
+```
+
+### IAM Role for DLM (Optional)
+
+If using automatic cleanup, create an IAM role for Data Lifecycle Manager:
+
+```hcl
+resource "aws_iam_role" "dlm_lifecycle_role" {
+  name = "dlm-lifecycle-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "dlm.amazonaws.com"
+        }
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "dlm_lifecycle" {
+  role       = aws_iam_role.dlm_lifecycle_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRole"
+}
+```
+
+## Required IAM Permissions
+
+Users need the following IAM permissions for full functionality:
+
+```json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "ec2:CreateImage",
+        "ec2:DescribeImages",
+        "ec2:DescribeInstances",
+        "ec2:CreateTags",
+        "ec2:DescribeTags"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "dlm:CreateLifecyclePolicy",
+        "dlm:GetLifecyclePolicy",
+        "dlm:UpdateLifecyclePolicy",
+        "dlm:DeleteLifecyclePolicy"
+      ],
+      "Resource": "*",
+      "Condition": {
+        "StringEquals": {
+          "dlm:Target": "INSTANCE"
+        }
+      }
+    }
+  ]
+}
+```
+
+## How It Works
+
+1. **Snapshot Creation**: When a workspace transitions to "stop", an AMI snapshot is automatically created (if enabled)
+2. **Tagging**: Snapshots are tagged with workspace name, owner, template, and custom labels
+3. **Snapshot Retrieval**: Available snapshots are retrieved and presented as options for workspace start
+4. **AMI Selection**: The module outputs the appropriate AMI ID (default or selected snapshot)
+5. **Cleanup**: Optional DLM policies can automatically clean up old snapshots
+
+## Considerations
+
+- **Cost**: AMI snapshots incur storage costs. Use cleanup policies to manage costs
+- **Time**: AMI creation takes time; workspace stop operations may take longer
+- **Permissions**: Ensure proper IAM permissions for AMI creation and management
+- **Region**: Snapshots are region-specific and cannot be used across regions
+- **Lifecycle**: Use `ignore_changes = [ami]` on EC2 instances to prevent conflicts
+
+## Examples
+
+See the updated AWS templates that use this module:
+
+- [`coder/templates/aws-linux`](https://registry.coder.com/templates/aws-linux)
+- [`coder/templates/aws-windows`](https://registry.coder.com/templates/aws-windows)
+- [`coder/templates/aws-devcontainer`](https://registry.coder.com/templates/aws-devcontainer)
@@ -0,0 +1,65 @@
+import { describe, expect, it } from "bun:test";
+import {
+  runTerraformApply,
+  runTerraformInit,
+  testRequiredVariables,
+} from "~test";
+
+describe("aws-ami-snapshot", async () => {
+  await runTerraformInit(import.meta.dir);
+
+  it("required variables with test mode", async () => {
+    await runTerraformApply(import.meta.dir, {
+      instance_id: "i-1234567890abcdef0",
+      default_ami_id: "ami-12345678",
+      template_name: "test-template",
+      test_mode: true,
+    });
+  });
+
+  it("missing variable: instance_id", async () => {
+    await expect(
+      runTerraformApply(import.meta.dir, {
+        default_ami_id: "ami-12345678",
+        template_name: "test-template",
+        test_mode: true,
+      }),
+    ).rejects.toThrow();
+  });
+
+  it("missing variable: default_ami_id", async () => {
+    await expect(
+      runTerraformApply(import.meta.dir, {
+        instance_id: "i-1234567890abcdef0",
+        template_name: "test-template",
+        test_mode: true,
+      }),
+    ).rejects.toThrow();
+  });
+
+  it("missing variable: template_name", async () => {
+    await expect(
+      runTerraformApply(import.meta.dir, {
+        instance_id: "i-1234567890abcdef0",
+        default_ami_id: "ami-12345678",
+        test_mode: true,
+      }),
+    ).rejects.toThrow();
+  });
+
+  it("supports optional variables", async () => {
+    await runTerraformApply(import.meta.dir, {
+      instance_id: "i-1234567890abcdef0",
+      default_ami_id: "ami-12345678",
+      template_name: "test-template",
+      test_mode: true,
+      enable_dlm_cleanup: true,
+      dlm_role_arn: "arn:aws:iam::123456789012:role/dlm-lifecycle-role",
+      snapshot_retention_count: 5,
+      tags: JSON.stringify({
+        Environment: "test",
+        Project: "coder",
+      }),
+    });
+  });
+});
@@ -0,0 +1,260 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+    coder = {
+      source  = "coder/coder"
+      version = ">= 0.17"
+    }
+  }
+}
+
+# Provider configuration for testing only
+# In production, the provider will be inherited from the calling module
+provider "aws" {
+  region                      = "us-east-1"
+  skip_credentials_validation = true
+  skip_requesting_account_id  = true
+  skip_region_validation      = true
+
+  # Mock credentials for testing
+  access_key = "test"
+  secret_key = "test"
+}
+
+# Variables
+variable "test_mode" {
+  description = "Set to true when running tests to skip AWS API calls"
+  type        = bool
+  default     = false
+}
+
+variable "instance_id" {
+  description = "The EC2 instance ID to create snapshots from"
+  type        = string
+}
+
+variable "default_ami_id" {
+  description = "The default AMI ID to use when not restoring from a snapshot"
+  type        = string
+}
+
+variable "template_name" {
+  description = "The name of the Coder template using this module"
+  type        = string
+}
+
+variable "tags" {
+  description = "Additional tags to apply to snapshots"
+  type        = map(string)
+  default     = {}
+}
+
+variable "enable_dlm_cleanup" {
+  description = "Enable Data Lifecycle Manager for automated snapshot cleanup"
+  type        = bool
+  default     = false
+}
+
+variable "dlm_role_arn" {
+  description = "ARN of the IAM role for DLM (required if enable_dlm_cleanup is true)"
+  type        = string
+  default     = ""
+}
+
+variable "snapshot_retention_count" {
+  description = "Number of snapshots to retain when using DLM cleanup"
+  type        = number
+  default     = 7
+}
+
+# Parameters for snapshot control
+data "coder_parameter" "enable_snapshots" {
+  name         = "enable_snapshots"
+  display_name = "Enable AMI Snapshots"
+  description  = "Create AMI snapshots when workspace is stopped"
+  type         = "bool"
+  default      = "true"
+  mutable      = true
+}
+
+data "coder_parameter" "snapshot_label" {
+  name         = "snapshot_label"
+  display_name = "Snapshot Label"
+  description  = "Custom label for this snapshot (optional)"
+  type         = "string"
+  default      = ""
+  mutable      = true
+}
+
+data "coder_parameter" "use_previous_snapshot" {
+  name         = "use_previous_snapshot"
+  display_name = "Start from Snapshot"
+  description  = "Select a previous snapshot to restore from"
+  type         = "string"
+  default      = "none"
+  mutable      = true
+  option {
+    name        = "Use default AMI"
+    value       = "none"
+    description = "Start with a fresh instance"
+  }
+  dynamic "option" {
+    for_each = local.workspace_snapshot_ids
+    content {
+      name        = var.test_mode ? "Test Snapshot" : "${local.snapshot_info[option.value].name} (${formatdate("YYYY-MM-DD hh:mm", timeadd(local.snapshot_info[option.value].creation_date, "0s"))})"
+      value       = option.value
+      description = var.test_mode ? "Test Description" : local.snapshot_info[option.value].description
+    }
+  }
+}
+
+# Get workspace information
+data "coder_workspace" "me" {}
+data "coder_workspace_owner" "me" {}
+
+# Local values to handle test mode
+locals {
+  workspace_snapshot_ids = var.test_mode ? [] : data.aws_ami_ids.workspace_snapshots[0].ids
+  snapshot_info = var.test_mode ? {} : {
+    for ami_id in local.workspace_snapshot_ids : ami_id => data.aws_ami.snapshot_info[ami_id]
+  }
+}
+
+# Retrieve existing snapshots for this workspace
+data "aws_ami_ids" "workspace_snapshots" {
+  count  = var.test_mode ? 0 : 1
+  owners = ["self"]
+
+  filter {
+    name   = "tag:CoderWorkspace"
+    values = [data.coder_workspace.me.name]
+  }
+
+  filter {
+    name   = "tag:CoderOwner"
+    values = [data.coder_workspace_owner.me.name]
+  }
+
+  filter {
+    name   = "tag:CoderTemplate"
+    values = [var.template_name]
+  }
+
+  filter {
+    name   = "state"
+    values = ["available"]
+  }
+}
+
+# Get detailed information about each snapshot
+data "aws_ami" "snapshot_info" {
+  for_each = toset(local.workspace_snapshot_ids)
+  owners   = ["self"]
+
+  filter {
+    name   = "image-id"
+    values = [each.value]
+  }
+}
+
+# Determine which AMI to use
+locals {
+  use_snapshot = data.coder_parameter.use_previous_snapshot.value != "none"
+  ami_id       = local.use_snapshot ? data.coder_parameter.use_previous_snapshot.value : var.default_ami_id
+}
+
+# Create AMI snapshot when workspace is stopped
+resource "aws_ami_from_instance" "workspace_snapshot" {
+  count                   = data.coder_parameter.enable_snapshots.value && data.coder_workspace.me.transition == "stop" ? 1 : 0
+  name                    = "${data.coder_workspace_owner.me.name}-${data.coder_workspace.me.name}-${formatdate("YYYY-MM-DD-hhmm", timestamp())}"
+  source_instance_id      = var.instance_id
+  snapshot_without_reboot = true
+  deprecation_time        = timeadd(timestamp(), "168h") # 7 days
+
+  tags = merge(var.tags, {
+    Name           = "${data.coder_workspace_owner.me.name}-${data.coder_workspace.me.name}-snapshot"
+    CoderWorkspace = data.coder_workspace.me.name
+    CoderOwner     = data.coder_workspace_owner.me.name
+    CoderTemplate  = var.template_name
+    SnapshotLabel  = data.coder_parameter.snapshot_label.value
+    CreatedAt      = timestamp()
+    SnapshotType   = "workspace"
+    WorkspaceId    = data.coder_workspace.me.id
+  })
+
+  lifecycle {
+    ignore_changes = [
+      deprecation_time
+    ]
+  }
+}
+
+# Optional: Data Lifecycle Manager policy for automated cleanup
+resource "aws_dlm_lifecycle_policy" "workspace_snapshots" {
+  count              = var.enable_dlm_cleanup && !var.test_mode ? 1 : 0
+  description        = "Lifecycle policy for Coder workspace AMI snapshots"
+  execution_role_arn = var.dlm_role_arn
+  state              = "ENABLED"
+
+  policy_details {
+    resource_types = ["INSTANCE"]
+    target_tags = {
+      CoderTemplate = var.template_name
+      SnapshotType  = "workspace"
+    }
+
+    schedule {
+      name = "Coder workspace snapshot cleanup"
+
+      create_rule {
+        interval      = 24
+        interval_unit = "HOURS"
+        times         = ["03:00"]
+      }
+
+      retain_rule {
+        count = var.snapshot_retention_count
+      }
+
+      copy_tags = true
+    }
+  }
+}
+
+# Outputs
+output "ami_id" {
+  description = "The AMI ID to use for the workspace instance (either default or selected snapshot)"
+  value       = local.ami_id
+}
+
+output "is_using_snapshot" {
+  description = "Whether the workspace is using a snapshot AMI"
+  value       = local.use_snapshot
+}
+
+output "snapshot_ami_id" {
+  description = "The AMI ID of the created snapshot (if any)"
+  value       = data.coder_parameter.enable_snapshots.value && data.coder_workspace.me.transition == "stop" ? aws_ami_from_instance.workspace_snapshot[0].id : null
+}
+
+output "available_snapshots" {
+  description = "List of available snapshot AMI IDs for this workspace"
+  value       = local.workspace_snapshot_ids
+}
+
+output "snapshot_info" {
+  description = "Detailed information about available snapshots"
+  value = var.test_mode ? {} : {
+    for ami_id in local.workspace_snapshot_ids : ami_id => {
+      name         = local.snapshot_info[ami_id].name
+      description  = local.snapshot_info[ami_id].description
+      created_date = local.snapshot_info[ami_id].creation_date
+      tags         = local.snapshot_info[ami_id].tags
+    }
+  }
+}
@@ -29,6 +29,28 @@ if [ -d "registry/$NAMESPACE/modules/$MODULE_NAME" ]; then
  echo "Please choose a different name"
  exit 1
 fi
+
+# Create namespace directory if it doesn't exist
+if [ ! -d "registry/$NAMESPACE" ]; then
+  echo "Creating namespace directory: registry/$NAMESPACE"
+  mkdir -p "registry/$NAMESPACE"
+
+  # Create namespace README if it doesn't exist
+  if [ ! -f "registry/$NAMESPACE/README.md" ]; then
+    echo "Creating namespace README: registry/$NAMESPACE/README.md"
+    cp "examples/namespace/README.md" "registry/$NAMESPACE/README.md"
+
+    # Replace NAMESPACE_NAME placeholder in the README
+    if [[ "$OSTYPE" == "darwin"* ]]; then
+      # macOS
+      sed -i '' "s/NAMESPACE_NAME/${NAMESPACE}/g" "registry/$NAMESPACE/README.md"
+    else
+      # Linux
+      sed -i "s/NAMESPACE_NAME/${NAMESPACE}/g" "registry/$NAMESPACE/README.md"
+    fi
+  fi
+fi
+
 mkdir -p "registry/${NAMESPACE}/modules/${MODULE_NAME}"

 # Copy required files from the example module
@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+
+# This script creates a new sample template directory with required files
+# Run it like: ./scripts/new_template.sh my-namespace/my-template
+
+TEMPLATE_ARG=$1
+
+# Check if they are in the root directory
+if [ ! -d "registry" ]; then
+  echo "Please run this script from the root directory of the repository"
+  echo "Usage: ./scripts/new_template.sh <namespace>/<template_name>"
+  exit 1
+fi
+
+# check if template name is in the format <namespace>/<template_name>
+if ! [[ "$TEMPLATE_ARG" =~ ^[a-z0-9_-]+/[a-z0-9_-]+$ ]]; then
+  echo "Template name must be in the format <namespace>/<template_name>"
+  echo "Usage: ./scripts/new_template.sh <namespace>/<template_name>"
+  exit 1
+fi
+
+# Extract the namespace and template name
+NAMESPACE=$(echo "$TEMPLATE_ARG" | cut -d'/' -f1)
+TEMPLATE_NAME=$(echo "$TEMPLATE_ARG" | cut -d'/' -f2)
+
+# Check if the template already exists
+if [ -d "registry/$NAMESPACE/templates/$TEMPLATE_NAME" ]; then
+  echo "Template at registry/$NAMESPACE/templates/$TEMPLATE_NAME already exists"
+  echo "Please choose a different name"
+  exit 1
+fi
+
+# Create namespace directory if it doesn't exist
+if [ ! -d "registry/$NAMESPACE" ]; then
+  echo "Creating namespace directory: registry/$NAMESPACE"
+  mkdir -p "registry/$NAMESPACE"
+
+  # Create namespace README if it doesn't exist
+  if [ ! -f "registry/$NAMESPACE/README.md" ]; then
+    echo "Creating namespace README: registry/$NAMESPACE/README.md"
+    cp "examples/namespace/README.md" "registry/$NAMESPACE/README.md"
+
+    # Replace NAMESPACE_NAME placeholder in the README
+    if [[ "$OSTYPE" == "darwin"* ]]; then
+      # macOS
+      sed -i '' "s/NAMESPACE_NAME/${NAMESPACE}/g" "registry/$NAMESPACE/README.md"
+    else
+      # Linux
+      sed -i "s/NAMESPACE_NAME/${NAMESPACE}/g" "registry/$NAMESPACE/README.md"
+    fi
+  fi
+fi
+
+# Create the template directory structure
+mkdir -p "registry/${NAMESPACE}/templates/${TEMPLATE_NAME}"
+
+# Copy required files from the example template
+cp -r examples/templates/* "registry/${NAMESPACE}/templates/${TEMPLATE_NAME}/"
+
+# Change to template directory
+cd "registry/${NAMESPACE}/templates/${TEMPLATE_NAME}"
+
+# Detect OS and replace placeholders
+if [[ "$OSTYPE" == "darwin"* ]]; then
+  # macOS
+  sed -i '' "s/TEMPLATE_NAME/${TEMPLATE_NAME}/g" main.tf
+  sed -i '' "s/TEMPLATE_NAME/${TEMPLATE_NAME}/g" README.md
+else
+  # Linux
+  sed -i "s/TEMPLATE_NAME/${TEMPLATE_NAME}/g" main.tf
+  sed -i "s/TEMPLATE_NAME/${TEMPLATE_NAME}/g" README.md
+fi
+
+echo "Template scaffolded successfully at registry/${NAMESPACE}/templates/${TEMPLATE_NAME}"
+echo "Next steps:"
+echo "1. Edit main.tf to add your infrastructure resources"
+echo "2. Update README.md with template-specific information"
+echo "3. Test your template with 'coder templates push'"
+echo "4. Consider adding an icon at .icons/${TEMPLATE_NAME}.svg"
				`@@ -0,0 +1 @@`
				`<svg width="128" height="128" xmlns="http://www.w3.org/2000/svg"><text x="50%" y="50%" font-size="96px" text-anchor="middle" dominant-baseline="middle" font-family="Apple Color Emoji, Segoe UI Emoji, Noto Color Emoji, sans-serif">🔌</text></svg>`
				`@@ -0,0 +1 @@`
				<svg xmlns="http://www.w3.org/2000/svg" height="64" viewBox="0 0 25.6 25.6" width="64"><style><![CDATA[.B{stroke-linecap:round}.C{stroke-linejoin:round}.D{stroke-linejoin:miter}.E{stroke-width:.716}]]></style><g fill="none" stroke="#fff"><path d="M18.983 18.636c.163-1.357.114-1.555 1.124-1.336l.257.023c.777.035 1.793-.125 2.4-.402 1.285-.596 2.047-1.592.78-1.33-2.89.596-3.1-.383-3.1-.383 3.053-4.53 4.33-10.28 3.227-11.687-3.004-3.84-8.205-2.024-8.292-1.976l-.028.005c-.57-.12-1.2-.19-1.93-.2-1.308-.02-2.3.343-3.054.914 0 0-9.277-3.822-8.846 4.807.092 1.836 2.63 13.9 5.66 10.25C8.29 15.987 9.36 14.86 9.36 14.86c.53.353 1.167.533 1.834.468l.052-.044a2.01 2.01 0 0 0 .021.518c-.78.872-.55 1.025-2.11 1.346-1.578.325-.65.904-.046 1.056.734.184 2.432.444 3.58-1.162l-.046.183c.306.245.285 1.76.33 2.842s.116 2.093.337 2.688.48 2.13 2.53 1.7c1.713-.367 3.023-.896 3.143-5.81" fill="#000" stroke="#000" stroke-linecap="butt" stroke-width="2.149" class="D"/><path d="M23.535 15.6c-2.89.596-3.1-.383-3.1-.383 3.053-4.53 4.33-10.28 3.228-11.687-3.004-3.84-8.205-2.023-8.292-1.976l-.028.005a10.31 10.31 0 0 0-1.929-.201c-1.308-.02-2.3.343-3.054.914 0 0-9.278-3.822-8.846 4.807.092 1.836 2.63 13.9 5.66 10.25C8.29 15.987 9.36 14.86 9.36 14.86c.53.353 1.167.533 1.834.468l.052-.044a2.02 2.02 0 0 0 .021.518c-.78.872-.55 1.025-2.11 1.346-1.578.325-.65.904-.046 1.056.734.184 2.432.444 3.58-1.162l-.046.183c.306.245.52 1.593.484 2.815s-.06 2.06.18 2.716.48 2.13 2.53 1.7c1.713-.367 2.6-1.32 2.725-2.906.088-1.128.286-.962.3-1.97l.16-.478c.183-1.53.03-2.023 1.085-1.793l.257.023c.777.035 1.794-.125 2.39-.402 1.285-.596 2.047-1.592.78-1.33z" fill="#336791" stroke="none"/><g class="E"><g class="B"><path d="M12.814 16.467c-.08 2.846.02 5.712.298 6.4s.875 2.05 2.926 1.612c1.713-.367 2.337-1.078 2.607-2.647l.633-5.017M10.356 2.2S1.072-1.596 1.504 7.033c.092 1.836 2.63 13.9 5.66 10.25C8.27 15.95 9.27 14.907 9.27 14.907m6.1-13.4c-.32.1 5.164-2.005 8.282 1.978 1.1 1.407-.175 7.157-3.228 11.687" class="C"/><path d="M20.425 15.17s.2.98 3.1.382c1.267-.262.504.734-.78 1.33-1.054.49-3.418.615-3.457-.06-.1-1.745 1.244-1.215 1.147-1.652-.088-.394-.69-.78-1.086-1.744-.347-.84-4.76-7.29 1.224-6.333.22-.045-1.56-5.7-7.16-5.782S7.99 8.196 7.99 8.196" stroke-linejoin="bevel"/></g><g class="C"><path d="M11.247 15.768c-.78.872-.55 1.025-2.11 1.346-1.578.325-.65.904-.046 1.056.734.184 2.432.444 3.58-1.163.35-.49-.002-1.27-.482-1.468-.232-.096-.542-.216-.94.23z"/><path d="M11.196 15.753c-.08-.513.168-1.122.433-1.836.398-1.07 1.316-2.14.582-5.537-.547-2.53-4.22-.527-4.22-.184s.166 1.74-.06 3.365c-.297 2.122 1.35 3.916 3.246 3.733" class="B"/></g></g><g fill="#fff" class="D"><path d="M10.322 8.145c-.017.117.215.43.516.472s.558-.202.575-.32-.215-.246-.516-.288-.56.02-.575.136z" stroke-width=".239"/><path d="M19.486 7.906c.016.117-.215.43-.516.472s-.56-.202-.575-.32.215-.246.516-.288.56.02.575.136z" stroke-width=".119"/></g><path d="M20.562 7.095c.05.92-.198 1.545-.23 2.524-.046 1.422.678 3.05-.413 4.68" class="B C E"/></g></svg>