feat: refactor claude code to use agentapi module (#402 )

Closes #302 ## Description  ## Type of Change - [ ] New module - [ ] Bug fix - [x] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information  **Path:** `registry/[namespace]/modules/[module-name]` **New version:** `v3.0.0` **Breaking change:** [ ] Yes [ ] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun run fmt`) - [x] Changes tested locally ## Related Issues  --------- Co-authored-by: DevCats <christofer@coder.com> Co-authored-by: Atif Ali <me@matifali.dev>
add: nextflow module (#416 )
2026-06-03 04:58:15 +00:00 · 2025-09-18 10:04:52 -05:00 · 2025-09-18 09:30:48 +00:00 · 2025-09-15 13:09:12 +01:00 · 2025-09-15 09:00:07 +01:00 · 2025-09-11 21:53:22 +00:00
44 changed files with 3095 additions and 1117 deletions
@@ -48,7 +48,7 @@ jobs:
      - name: Validate formatting
        run: bun fmt:ci
      - name: Check for typos
-        uses: crate-ci/typos@v1.35.5
+        uses: crate-ci/typos@v1.36.2
        with:
          config: .github/typos.toml
  validate-readme-files:
@@ -61,7 +61,7 @@ jobs:
      - name: Check out code
        uses: actions/checkout@v5
      - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
        with:
          go-version: "1.23.2"
      - name: Validate contributors
@@ -30,12 +30,12 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@v5
      - name: Authenticate with Google Cloud
-        uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5
+        uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093
        with:
          workload_identity_provider: projects/309789351055/locations/global/workloadIdentityPools/github-actions/providers/github
          service_account: registry-v2-github@coder-registry-1.iam.gserviceaccount.com
      - name: Set up Google Cloud SDK
-        uses: google-github-actions/setup-gcloud@26f734c2779b00b7dda794207734c511110a4368
+        uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db
      - name: Deploy to dev.registry.coder.com
        run: gcloud builds triggers run 29818181-126d-4f8a-a937-f228b27d3d34 --branch main
      - name: Deploy to registry.coder.com
@@ -15,7 +15,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v5
-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@v6
        with:
          go-version: stable
      - name: golangci-lint
@@ -95,7 +95,7 @@ jobs:

      - name: Comment on PR - Failure
        if: failure() && steps.version-check.outputs.versions_up_to_date == 'false'
-        uses: actions/github-script@v7
+        uses: actions/github-script@v8
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
@@ -0,0 +1,6 @@
+<svg width="251" height="251" viewBox="0 0 251 251" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M0 47.0195C39.45 49.6394 71.06 81.3272 73.54 120.815H119.61C117.05 55.8589 64.93 3.64245 0 0.942627V47.0195Z" fill="#0DC09D"/>
+<path d="M73.8 131.324C71.18 170.771 39.49 202.379 0 204.859V250.926C64.96 248.366 117.18 196.249 119.88 131.324H73.8Z" fill="#0DC09D"/>
+<path d="M176.201 120.545C178.821 81.0972 210.511 49.4894 250.001 47.0095V0.942627C185.041 3.50245 132.821 55.619 130.121 120.545H176.201Z" fill="#0DC09D"/>
+<path d="M250.001 204.849C210.551 202.229 178.941 170.542 176.461 131.054H130.391C132.951 196.01 185.071 248.226 250.001 250.926V204.849Z" fill="#0DC09D"/>
+</svg>
@@ -0,0 +1,22 @@
+---
+display_name: Nextflow
+description: A module that adds Nextflow to your Coder template.
+icon: ../../../../.icons/nextflow.svg
+verified: true
+tags: [nextflow, workflow, hpc, bioinformatics]
+---
+
+# Nextflow
+
+A module that adds Nextflow to your Coder template.
+
+![Nextflow](../../.images/nextflow.png)
+
+```tf
+module "nextflow" {
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/coder-labs/nextflow/coder"
+  version  = "0.9.0"
+  agent_id = coder_agent.example.id
+}
+```
@@ -0,0 +1,106 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+      version = ">= 2.5"
+    }
+  }
+}
+
+# Add required variables for your modules and remove any unneeded variables
+variable "agent_id" {
+  type        = string
+  description = "The ID of a Coder agent."
+}
+
+variable "nextflow_version" {
+  type        = string
+  description = "Nextflow version"
+  default     = "25.04.7"
+}
+
+variable "project_path" {
+  type        = string
+  description = "The path to Nextflow project, it will be mounted in the container."
+}
+
+variable "http_server_port" {
+  type        = number
+  description = "The port to run HTTP server on."
+  default     = 9876
+}
+
+variable "http_server_reports_dir" {
+  type        = string
+  description = "Subdirectory for HTTP server reports, relative to the project path."
+  default     = "reports"
+}
+
+variable "http_server_log_path" {
+  type        = string
+  description = "HTTP server logs"
+  default     = "/tmp/nextflow_reports.log"
+}
+
+variable "stub_run" {
+  type        = bool
+  description = "Execute a stub run?"
+  default     = false
+}
+
+variable "stub_run_command" {
+  type        = string
+  description = "Nextflow command to be executed in the stub run."
+  default     = "run rnaseq-nf -with-report reports/report.html -with-trace reports/trace.txt -with-timeline reports/timeline.html -with-dag reports/flowchart.png"
+}
+
+variable "order" {
+  type        = number
+  description = "The order determines the position of app in the UI presentation. The lowest order is shown first and apps with equal order are sorted by name (ascending order)."
+  default     = null
+}
+
+variable "share" {
+  type    = string
+  default = "owner"
+  validation {
+    condition     = var.share == "owner" || var.share == "authenticated" || var.share == "public"
+    error_message = "Incorrect value. Please set either 'owner', 'authenticated', or 'public'."
+  }
+}
+
+variable "group" {
+  type        = string
+  description = "The name of a group that this app belongs to."
+  default     = null
+}
+
+resource "coder_script" "nextflow" {
+  agent_id     = var.agent_id
+  display_name = "nextflow"
+  icon         = "/icon/nextflow.svg"
+  script = templatefile("${path.module}/run.sh", {
+    NEXTFLOW_VERSION : var.nextflow_version,
+    PROJECT_PATH : var.project_path,
+    HTTP_SERVER_PORT : var.http_server_port,
+    HTTP_SERVER_REPORTS_DIR : var.http_server_reports_dir,
+    HTTP_SERVER_LOG_PATH : var.http_server_log_path,
+    STUB_RUN : var.stub_run,
+    STUB_RUN_COMMAND : var.stub_run_command,
+  })
+  run_on_start = true
+}
+
+resource "coder_app" "nextflow" {
+  agent_id     = var.agent_id
+  slug         = "nextflow-reports"
+  display_name = "Nextflow Reports"
+  url          = "http://localhost:${var.http_server_port}"
+  icon         = "/icon/nextflow.svg"
+  subdomain    = true
+  share        = var.share
+  order        = var.order
+  group        = var.group
+}
@@ -0,0 +1,49 @@
+#!/usr/bin/env sh
+
+set -eu
+
+BOLD='\033[0;1m'
+RESET='\033[0m'
+
+printf "$${BOLD}Starting Nextflow...$${RESET}\n"
+
+if ! command -v nextflow > /dev/null 2>&1; then
+  # Update system dependencies
+  sudo apt update
+  sudo apt install openjdk-21-jdk graphviz salmon fastqc multiqc -y
+
+  # Install nextflow
+  export NXF_VER=${NEXTFLOW_VERSION}
+  curl -s https://get.nextflow.io | bash
+  sudo mv nextflow /usr/local/bin/
+  sudo chmod +x /usr/local/bin/nextflow
+
+  # Verify installation
+  tmp_verify=$(mktemp -d coder-nextflow-XXXXXX)
+  nextflow run hello \
+    -with-report "$${tmp_verify}/report.html" \
+    -with-trace "$${tmp_verify}/trace.txt" \
+    -with-timeline "$${tmp_verify}/timeline.html" \
+    -with-dag "$${tmp_verify}/flowchart.png"
+  rm -r "$${tmp_verify}"
+else
+  echo "Nextflow is already installed\n\n"
+fi
+
+if [ ! -z ${PROJECT_PATH} ]; then
+  # Project is located at PROJECT_PATH
+  echo "Change directory: ${PROJECT_PATH}"
+  cd ${PROJECT_PATH}
+fi
+
+# Start a web server to preview reports
+mkdir -p ${HTTP_SERVER_REPORTS_DIR}
+echo "Starting HTTP server in background, check logs: ${HTTP_SERVER_LOG_PATH}"
+python3 -m http.server --directory ${HTTP_SERVER_REPORTS_DIR} ${HTTP_SERVER_PORT} > "${HTTP_SERVER_LOG_PATH}" 2>&1 &
+
+# Stub run?
+if [ "${STUB_RUN}" = "true" ]; then
+  nextflow ${STUB_RUN_COMMAND} -stub-run
+fi
+
+printf "\n$${BOLD}Nextflow ${NEXTFLOW_VERSION} is ready. HTTP server is listening on port ${HTTP_SERVER_PORT}$${RESET}\n"
@@ -24,7 +24,6 @@ module "claude-code" {
  source              = "registry.coder.com/coder/claude-code/coder"
  version             = "2.0.0"
  agent_id            = coder_agent.main.id
-  agent_name          = "main"
  folder              = "/home/coder/projects"
  install_claude_code = true
  claude_code_version = "latest"
@@ -45,10 +44,9 @@ variable "anthropic_api_key" {
  sensitive   = true
 }
 resource "coder_env" "anthropic_api_key" {
-  agent_id   = coder_agent.main.id
-  agent_name = "main"
-  name       = "CODER_MCP_CLAUDE_API_KEY"
-  value      = var.anthropic_api_key
+  agent_id = coder_agent.main.id
+  name     = "CODER_MCP_CLAUDE_API_KEY"
+  value    = var.anthropic_api_key
 }

 # We are using presets to set the prompts, image, and set up instructions
@@ -176,22 +174,19 @@ data "coder_parameter" "preview_port" {

 # Other variables for Claude Code
 resource "coder_env" "claude_task_prompt" {
-  agent_id   = coder_agent.main.id
-  agent_name = "main"
-  name       = "CODER_MCP_CLAUDE_TASK_PROMPT"
-  value      = data.coder_parameter.ai_prompt.value
+  agent_id = coder_agent.main.id
+  name     = "CODER_MCP_CLAUDE_TASK_PROMPT"
+  value    = data.coder_parameter.ai_prompt.value
 }
 resource "coder_env" "app_status_slug" {
-  agent_id   = coder_agent.main.id
-  agent_name = "main"
-  name       = "CODER_MCP_APP_STATUS_SLUG"
-  value      = "ccw"
+  agent_id = coder_agent.main.id
+  name     = "CODER_MCP_APP_STATUS_SLUG"
+  value    = "ccw"
 }
 resource "coder_env" "claude_system_prompt" {
-  agent_id   = coder_agent.main.id
-  agent_name = "main"
-  name       = "CODER_MCP_CLAUDE_SYSTEM_PROMPT"
-  value      = data.coder_parameter.system_prompt.value
+  agent_id = coder_agent.main.id
+  name     = "CODER_MCP_CLAUDE_SYSTEM_PROMPT"
+  value    = data.coder_parameter.system_prompt.value
 }

 data "coder_provisioner" "me" {}
@@ -301,38 +296,27 @@ module "code-server" {
  # This ensures that the latest non-breaking version of the module gets downloaded, you can also pin the module version to prevent breaking changes in production.
  version = "~> 1.0"

-  agent_id   = coder_agent.main.id
-  agent_name = "main"
-  order      = 1
-}
-
-module "vscode" {
-  count      = data.coder_workspace.me.start_count
-  source     = "registry.coder.com/coder/vscode-desktop/coder"
-  version    = "1.1.0"
-  agent_id   = coder_agent.main.id
-  agent_name = "main"
+  agent_id = coder_agent.main.id
+  order    = 1
 }

 module "windsurf" {
-  count      = data.coder_workspace.me.start_count
-  source     = "registry.coder.com/coder/windsurf/coder"
-  version    = "1.1.0"
-  agent_id   = coder_agent.main.id
-  agent_name = "main"
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/coder/windsurf/coder"
+  version  = "1.1.0"
+  agent_id = coder_agent.main.id
 }

 module "cursor" {
-  count      = data.coder_workspace.me.start_count
-  source     = "registry.coder.com/coder/cursor/coder"
-  version    = "1.2.0"
-  agent_id   = coder_agent.main.id
-  agent_name = "main"
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/coder/cursor/coder"
+  version  = "1.2.0"
+  agent_id = coder_agent.main.id
 }

 module "jetbrains" {
  count      = data.coder_workspace.me.start_count
-  source     = "registry.coder.com/modules/coder/jetbrains/coder"
+  source     = "registry.coder.com/coder/jetbrains/coder"
  version    = "~> 1.0"
  agent_id   = coder_agent.main.id
  agent_name = "main"
@@ -368,7 +352,6 @@ resource "docker_volume" "home_volume" {

 resource "coder_app" "preview" {
  agent_id     = coder_agent.main.id
-  agent_name   = "main"
  slug         = "preview"
  display_name = "Preview your app"
  icon         = "${data.coder_workspace.me.access_url}/emojis/1f50e.png"
@@ -1,23 +1,26 @@
 ---
 display_name: Amazon Q
-description: Run Amazon Q in your workspace to access Amazon's AI coding assistant.
+description: Run Amazon Q in your workspace to access Amazon's AI coding assistant with MCP integration and task reporting.
 icon: ../../../../.icons/amazon-q.svg
 verified: true
-tags: [agent, ai, aws, amazon-q]
+tags: [agent, ai, aws, amazon-q, tasks]
 ---

 # Amazon Q

-Run [Amazon Q](https://aws.amazon.com/q/) in your workspace to access Amazon's AI coding assistant. This module installs and launches Amazon Q, with support for background operation, task reporting, and custom pre/post install scripts.
+Run [Amazon Q](https://aws.amazon.com/q/) in your workspace to access Amazon's AI coding assistant. This module provides a complete integration with Coder workspaces, including automatic installation, MCP (Model Context Protocol) integration for task reporting, and support for custom pre/post install scripts.

 ```tf
 module "amazon-q" {
  source   = "registry.coder.com/coder/amazon-q/coder"
-  version  = "1.1.2"
+  version  = "2.0.0"
  agent_id = coder_agent.example.id
+  workdir  = "/home/coder"

-  # Required: see below for how to generate
-  experiment_auth_tarball = var.amazon_q_auth_tarball
+  # Required: Authentication tarball (see below for generation)
+  auth_tarball = <<-EOF
+base64encoded-tarball
+EOF
 }
 ```

@@ -25,97 +28,370 @@ module "amazon-q" {

 ## Prerequisites

- You must generate an authenticated Amazon Q tarball on another machine:
-  ```sh
-  cd ~/.local/share/amazon-q && tar -c . | zstd | base64 -w 0
-  ```
-  Paste the result into the `experiment_auth_tarball` variable.
- To run in the background, your workspace must have `screen` or `tmux` installed.
+- **zstd** - Required for compressing the authentication tarball
+  - **Ubuntu/Debian**: `sudo apt-get install zstd`
+  - **RHEL/CentOS/Fedora**: `sudo yum install zstd` or `sudo dnf install zstd`
+- **auth_tarball** - Required for installation and authentication

-<details>
-<summary><strong>How to generate the Amazon Q auth tarball (step-by-step)</strong></summary>
+### Authentication Tarball

-**1. Install and authenticate Amazon Q on your local machine:**
+You must generate an authenticated Amazon Q tarball on another machine where you have successfully logged in:

- Download and install Amazon Q from the [official site](https://aws.amazon.com/q/developer/).
- Run `q login` and complete the authentication process in your terminal.
+```bash
+# 1. Install Amazon Q and login on your local machine
+q login

-**2. Locate your Amazon Q config directory:**
+# 2. Generate the authentication tarball
+cd ~/.local/share/amazon-q
+tar -c . | zstd | base64 -w 0
+```

- The config is typically stored at `~/.local/share/amazon-q`.
+Copy the output and use it as the `auth_tarball` variable.

-**3. Generate the tarball:**
+## Detailed Authentication Setup

- Run the following command in your terminal:
-  ```sh
-  cd ~/.local/share/amazon-q
-  tar -c . | zstd | base64 -w 0
-  ```
+**Step 1: Install Amazon Q locally**

-**4. Copy the output:**
+- Download from [AWS Amazon Q Developer](https://aws.amazon.com/q/developer/)
+- Follow the installation instructions for your platform

- The command will output a long string. Copy this entire string.
+**Step 2: Authenticate**

-**5. Paste into your Terraform variable:**
+```bash
+q login
+```

- Assign the string to the `experiment_auth_tarball` variable in your Terraform configuration, for example:
-  ```tf
-  variable "amazon_q_auth_tarball" {
-    type    = string
-    default = "PASTE_LONG_STRING_HERE"
-  }
-  ```
+Complete the authentication process in your browser.

-**Note:**
+**Step 3: Generate tarball**

- You must re-generate the tarball if you log out or re-authenticate Amazon Q on your local machine.
- This process is required for each user who wants to use Amazon Q in their workspace.
+```bash
+cd ~/.local/share/amazon-q
+tar -c . | zstd | base64 -w 0 > /tmp/amazon-q-auth.txt
+```

-[Reference: Amazon Q documentation](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/generate-docs.html)
-
-</details>
-
-## Examples
-
-### Run Amazon Q in the background with tmux
+**Step 4: Use in Terraform**

 ```tf
-module "amazon-q" {
-  source                  = "registry.coder.com/coder/amazon-q/coder"
-  version                 = "1.1.2"
-  agent_id                = coder_agent.example.id
-  experiment_auth_tarball = var.amazon_q_auth_tarball
-  experiment_use_tmux     = true
+variable "amazon_q_auth_tarball" {
+  type      = string
+  sensitive = true
+  default   = "PASTE_YOUR_TARBALL_HERE"
 }
 ```

-### Enable task reporting (experimental)
+> [!IMPORTANT]
+>
+> - Regenerate the tarball if you logout or re-authenticate
+> - Each user needs their own authentication tarball
+> - Keep the tarball secure as it contains authentication credentials
+
+### Coder Tasks Integration
+
+A `coder_parameter` named **'AI Prompt'** is required to enable integration with [Coder Tasks](https://coder.com/docs/ai-coder/tasks).

 ```tf
+data "coder_parameter" "ai_prompt" {
+  name         = "AI Prompt"
+  display_name = "AI Prompt"
+  description  = "Prompt for the AI task to execute"
+  type         = "string"
+  mutable      = true
+  default      = ""
+}
+
 module "amazon-q" {
-  source                  = "registry.coder.com/coder/amazon-q/coder"
-  version                 = "1.1.2"
-  agent_id                = coder_agent.example.id
-  experiment_auth_tarball = var.amazon_q_auth_tarball
-  experiment_report_tasks = true
+  source          = "registry.coder.com/coder/amazon-q/coder"
+  version         = "2.0.0"
+  agent_id        = coder_agent.example.id
+  workdir         = "/home/coder"
+  auth_tarball    = var.amazon_q_auth_tarball
+  ai_prompt       = data.coder_parameter.ai_prompt.value
+  trust_all_tools = true
+
+  # Task reporting configuration
+  report_tasks = true
+
+  # Enable CLI app alongside web app
+  cli_app              = true
+  web_app_display_name = "Amazon Q"
+  cli_app_display_name = "Q CLI"
 }
 ```

-### Run custom scripts before/after install
+> [!IMPORTANT]
+>
+> - The parameter name must be exactly **'AI Prompt'** (case-sensitive)
+> - This parameter enables the AI task workflow integration
+> - The parameter value is passed to the Amazon Q module via the `ai_prompt` variable
+> - Without this parameter, `coder_ai_task` resources will not function properly
+>
+> **_Security Notice_**
+> In order to allow the tasks flow non-interactively all the tools are trusted  
+> This flag bypasses standard permission checks and allows Amazon Q broader access to your system than normally permitted.  
+> While this enables more functionality, it also means Amazon Q can potentially execute commands with the same privileges as the user running it.  
+> Use this module only in trusted environments and be aware of the security implications.

-```tf
-module "amazon-q" {
-  source                         = "registry.coder.com/coder/amazon-q/coder"
-  version                        = "1.1.2"
-  agent_id                       = coder_agent.example.id
-  experiment_auth_tarball        = var.amazon_q_auth_tarball
-  experiment_pre_install_script  = "echo Pre-install!"
-  experiment_post_install_script = "echo Post-install!"
+### Default System Prompt
+
+The module includes a simple system prompt that instructs Amazon Q:
+
+```
+You are a helpful Coding assistant. Aim to autonomously investigate
+and solve issues the user gives you and test your work, whenever possible.
+Avoid shortcuts like mocking tests. When you get stuck, you can ask the user
+but opt for autonomy.
+```
+
+You can customize this behavior by providing your own system prompt via the `system_prompt` variable.
+
+### Default Coder MCP Instructions
+
+The module includes specific instructions for the Coder MCP server integration that are separate from the system prompt:
+
+```
+YOU MUST REPORT ALL TASKS TO CODER.
+When reporting tasks you MUST follow these EXACT instructions:
+- IMMEDIATELY report status after receiving ANY user message
+- Be granular If you are investigating with multiple steps report each step to coder.
+
+Task state MUST be one of the following:
+- Use "state": "working" when actively processing WITHOUT needing additional user input
+- Use "state": "complete" only when finished with a task
+- Use "state": "failure" when you need ANY user input lack sufficient details or encounter blockers.
+
+Task summaries MUST:
+- Include specifics about what you're doing
+- Include clear and actionable steps for the user
+- Be less than 160 characters in length
+```
+
+You can customize these instructions by providing your own via the `coder_mcp_instructions` variable.
+
+## Default Agent Configuration
+
+The module includes a default agent configuration template that provides a comprehensive setup for Amazon Q integration:
+
+```json
+{
+  "name": "agent",
+  "description": "This is an default agent config",
+  "prompt": "${system_prompt}",
+  "mcpServers": {},
+  "tools": [
+    "fs_read",
+    "fs_write",
+    "execute_bash",
+    "use_aws",
+    "@coder",
+    "knowledge"
+  ],
+  "toolAliases": {},
+  "allowedTools": ["fs_read", "@coder"],
+  "resources": [
+    "file://AmazonQ.md",
+    "file://README.md",
+    "file://.amazonq/rules/**/*.md"
+  ],
+  "hooks": {},
+  "toolsSettings": {},
+  "useLegacyMcpJson": true
 }
 ```

-## Notes
+### Configuration Details:

- Only one of `experiment_use_screen` or `experiment_use_tmux` can be true at a time.
- If neither is set, Amazon Q runs in the foreground.
- For more details, see the [main.tf](./main.tf) source.
+- **Tools Available:** File operations, bash execution, AWS CLI, Coder MCP integration, and knowledge base access
+- **@coder Tool:** Enables Coder MCP integration for task reporting (`coder_report_task` and related tools)
+- **Allowed Tools:** By default, only `fs_read` and `@coder` are allowed (can be customized for security)
+- **Resources:** Access to documentation and rule files in the workspace
+- **MCP Servers:** Empty by default, can be configured via `agent_config` variable
+- **System Prompt:** Dynamically populated from the `system_prompt` variable
+- **Legacy MCP:** Uses legacy MCP JSON format for compatibility
+
+You can override this configuration by providing your own JSON via the `agent_config` variable.
+
+### Agent Name Configuration
+
+The module automatically extracts the agent name from the `"name"` field in the `agent_config` JSON and uses it for:
+
+- **Configuration File:** Saves the agent config as `~/.aws/amazonq/cli-agents/{agent_name}.json`
+- **Default Agent:** Sets the agent as the default using `q settings chat.defaultAgent {agent_name}`
+- **MCP Integration:** Associates the Coder MCP server with the specified agent name
+
+If no custom `agent_config` is provided, the default agent name "agent" is used.
+
+## Usage Examples
+
+### Basic Usage
+
+```tf
+module "amazon-q" {
+  source       = "registry.coder.com/coder/amazon-q/coder"
+  version      = "2.0.0"
+  agent_id     = coder_agent.example.id
+  workdir      = "/home/coder"
+  auth_tarball = var.amazon_q_auth_tarball
+}
+```
+
+This example will:
+
+1. Download and install Amazon Q CLI v1.14.1
+2. Extract authentication tarball to ~/.local/share/amazon-q
+3. Configure Coder MCP integration for task reporting
+4. Create default agent configuration file
+5. Start Amazon Q in /home/coder directory
+6. Provide web interface through AgentAPI
+
+> [!IMPORTANT]
+> By default `fs_write` tool is not allowed, which will pause the task execution
+> an will wait for the prompt to approve it usage.
+> To avoid this, and allow the normal task flow, user has two options:
+>
+> - Change the parameter `trust_all_tools` value to `true` (default to `false`)
+>   OR
+> - Provide you own agent configuration with the tools of your choice allowed
+
+### With Custom AI Prompt
+
+```tf
+module "amazon-q" {
+  source          = "registry.coder.com/coder/amazon-q/coder"
+  version         = "2.0.0"
+  agent_id        = coder_agent.example.id
+  workdir         = "/home/coder"
+  auth_tarball    = var.amazon_q_auth_tarball
+  ai_prompt       = "Help me set up a Python FastAPI project with proper testing structure"
+  trust_all_tools = true
+}
+```
+
+> [!IMPORTANT]
+> **_Security Notice_**
+> In order to allow the tasks flow non-interactively all the tools are trusted  
+> This flag bypasses standard permission checks and allows Amazon Q broader access to your system than normally permitted.  
+> While this enables more functionality, it also means Amazon Q can potentially execute commands with the same privileges as the user running it.  
+> Use this module only in trusted environments and be aware of the security implications.
+
+### With Custom Pre/Post Install Scripts
+
+```tf
+module "amazon-q" {
+  source       = "registry.coder.com/coder/amazon-q/coder"
+  version      = "2.0.0"
+  agent_id     = coder_agent.example.id
+  workdir      = "/home/coder"
+  auth_tarball = var.amazon_q_auth_tarball
+
+  pre_install_script = <<-EOT
+    #!/bin/bash
+    echo "Setting up custom environment..."
+    # Install additional dependencies
+    sudo apt-get update && sudo apt-get install -y zstd
+  EOT
+
+  post_install_script = <<-EOT
+    #!/bin/bash
+    echo "Configuring Amazon Q settings..."
+    # Custom configuration commands
+    q settings chat.model claude-3-sonnet
+  EOT
+}
+```
+
+### Specific Version Installation
+
+```tf
+module "amazon-q" {
+  source           = "registry.coder.com/coder/amazon-q/coder"
+  version          = "2.0.0"
+  agent_id         = coder_agent.example.id
+  workdir          = "/home/coder"
+  auth_tarball     = var.amazon_q_auth_tarball
+  amazon_q_version = "1.14.0" # Specific version
+  install_amazon_q = true
+}
+```
+
+### Custom Agent Configuration
+
+```tf
+module "amazon-q" {
+  source       = "registry.coder.com/coder/amazon-q/coder"
+  version      = "2.0.0"
+  agent_id     = coder_agent.example.id
+  workdir      = "/home/coder"
+  auth_tarball = var.amazon_q_auth_tarball
+
+  agent_config = <<-EOT
+    {
+      "name": "custom-agent",
+      "description": "Custom Amazon Q agent for my workspace",
+      "prompt": "You are a specialized DevOps assistant...",
+      "tools": ["fs_read", "fs_write", "execute_bash", "use_aws"]
+    }
+  EOT
+}
+```
+
+### With Custom AgentAPI Configuration
+
+```tf
+module "amazon-q" {
+  source       = "registry.coder.com/coder/amazon-q/coder"
+  version      = "2.0.0"
+  agent_id     = coder_agent.example.id
+  workdir      = "/home/coder"
+  auth_tarball = var.amazon_q_auth_tarball
+
+  # AgentAPI configuration for environments without wildcard access url. https://coder.com/docs/admin/setup#wildcard-access-url
+  agentapi_chat_based_path = true
+  agentapi_version         = "v0.6.1"
+}
+```
+
+### Air-Gapped Installation
+
+For environments without direct internet access, you can host Amazon Q installation files internally and configure the module to use your internal repository:
+
+```tf
+module "amazon-q" {
+  source       = "registry.coder.com/coder/amazon-q/coder"
+  version      = "2.0.0"
+  agent_id     = coder_agent.example.id
+  workdir      = "/home/coder"
+  auth_tarball = var.amazon_q_auth_tarball
+
+  # Point to internal artifact repository
+  q_install_url = "https://artifacts.internal.corp/amazon-q-releases"
+
+  # Use specific version available in your repository
+  amazon_q_version = "1.14.1"
+}
+```
+
+**Prerequisites for Air-Gapped Setup:**
+
+1. Download Amazon Q installation files from AWS and host them internally
+2. Maintain the same directory structure: `{base_url}/{version}/q-{arch}-linux.zip`
+3. Ensure both architectures are available:
+   - `q-x86_64-linux.zip` for Intel/AMD systems
+   - `q-aarch64-linux.zip` for ARM systems
+4. Configure network access from Coder workspaces to your internal repository
+
+## Troubleshooting
+
+### Common Issues
+
+**Authentication issues:**
+
+- Regenerate the auth tarball on your local machine
+- Ensure the tarball is properly base64 encoded
+- Check that the original authentication is still valid
+
+**MCP integration not working:**
+
+- Verify that AgentAPI is installed (`install_agentapi = true`)
+- Check that the Coder agent is properly configured
+- Review the system prompt configuration
@@ -0,0 +1,372 @@
+run "required_variables" {
+  command = plan
+
+  variables {
+    agent_id = "test-agent-id"
+    workdir  = "/tmp/test-workdir"
+  }
+}
+
+run "minimal_config" {
+  command = plan
+
+  variables {
+    agent_id     = "test-agent-id"
+    workdir      = "/tmp/test-workdir"
+    auth_tarball = "dGVzdA==" # base64 "test"
+  }
+
+  assert {
+    condition     = resource.coder_env.status_slug.name == "CODER_MCP_APP_STATUS_SLUG"
+    error_message = "Status slug environment variable not configured correctly"
+  }
+
+  assert {
+    condition     = resource.coder_env.status_slug.value == "amazonq"
+    error_message = "Status slug value should be 'amazonq'"
+  }
+}
+
+# Test Case 1: Basic Usage – No Autonomous Use of Q
+# Using vanilla Kubernetes Deployment Template configuration
+run "test_case_1_basic_usage" {
+  command = plan
+
+  variables {
+    agent_id     = "test-agent-id"
+    workdir      = "/tmp/test-workdir"
+    auth_tarball = "dGVzdEF1dGhUYXJiYWxs" # base64 "testAuthTarball"
+  }
+
+  # Q is installed and authenticated
+  assert {
+    condition     = resource.coder_env.status_slug.name == "CODER_MCP_APP_STATUS_SLUG"
+    error_message = "Status slug environment variable should be configured for basic usage"
+  }
+
+  assert {
+    condition     = resource.coder_env.status_slug.value == "amazonq"
+    error_message = "Status slug value should be 'amazonq' for basic usage"
+  }
+
+  # AgentAPI is installed and configured (default behavior)
+  assert {
+    condition     = length(resource.coder_env.auth_tarball) == 1
+    error_message = "Auth tarball environment variable should be created for authentication"
+  }
+
+  # Foundational configuration applied
+  assert {
+    condition     = length(local.agent_config) > 0
+    error_message = "Agent config should be generated with foundational configuration"
+  }
+
+  # No additional parameters required (using defaults)
+  assert {
+    condition     = local.agent_name == "agent"
+    error_message = "Default agent name should be 'agent' when no custom config provided"
+  }
+}
+
+# Test Case 2: Autonomous Usage – Autonomous Use of Q
+# AI prompt passed through from external source (Tasks interface or Issue Tracker CI)
+run "test_case_2_autonomous_usage" {
+  command = plan
+
+  variables {
+    agent_id     = "test-agent-id"
+    workdir      = "/tmp/test-workdir"
+    auth_tarball = "dGVzdEF1dGhUYXJiYWxs" # base64 "testAuthTarball"
+    ai_prompt    = "Help me set up a Python FastAPI project with proper testing structure"
+  }
+
+  # Q is installed and authenticated
+  assert {
+    condition     = resource.coder_env.status_slug.name == "CODER_MCP_APP_STATUS_SLUG"
+    error_message = "Status slug environment variable should be configured for autonomous usage"
+  }
+
+  assert {
+    condition     = resource.coder_env.status_slug.value == "amazonq"
+    error_message = "Status slug value should be 'amazonq' for autonomous usage"
+  }
+
+  # AgentAPI is installed and configured
+  assert {
+    condition     = length(resource.coder_env.auth_tarball) == 1
+    error_message = "Auth tarball environment variable should be created for autonomous usage"
+  }
+
+  # Foundational configuration for all components applied
+  assert {
+    condition     = length(local.agent_config) > 0
+    error_message = "Agent config should be generated for autonomous usage"
+  }
+
+  # AI prompt is configured
+  assert {
+    condition     = local.full_prompt == "Help me set up a Python FastAPI project with proper testing structure"
+    error_message = "AI prompt should be configured correctly for autonomous usage"
+  }
+
+  # Default agent name when no custom config
+  assert {
+    condition     = local.agent_name == "agent"
+    error_message = "Default agent name should be 'agent' for autonomous usage"
+  }
+}
+
+# Test Case 3: Extended Configuration – Parameter Validation and File Rendering
+# Validates extended configuration options and parameter application
+run "test_case_3_extended_configuration" {
+  command = plan
+
+  variables {
+    agent_id            = "test-agent-id"
+    workdir             = "/tmp/test-workdir"
+    auth_tarball        = "dGVzdEF1dGhUYXJiYWxs" # base64 "testAuthTarball"
+    amazon_q_version    = "1.14.1"
+    q_install_url       = "https://desktop-release.q.us-east-1.amazonaws.com"
+    install_amazon_q    = true
+    install_agentapi    = true
+    agentapi_version    = "v0.6.0"
+    trust_all_tools     = true
+    ai_prompt           = "Help me create a production-grade TypeScript monorepo with testing and deployment"
+    system_prompt       = "You are a helpful software assistant working in a secure enterprise environment"
+    pre_install_script  = "echo 'Pre-install setup'"
+    post_install_script = "echo 'Post-install cleanup'"
+    agent_config = jsonencode({
+      name             = "production-agent"
+      description      = "Production Amazon Q agent for enterprise environment"
+      prompt           = "You are a helpful software assistant working in a secure enterprise environment"
+      mcpServers       = {}
+      tools            = ["fs_read", "fs_write", "execute_bash", "use_aws", "knowledge"]
+      toolAliases      = {}
+      allowedTools     = ["fs_read"]
+      resources        = ["file://AmazonQ.md", "file://README.md", "file://.amazonq/rules/**/*.md"]
+      hooks            = {}
+      toolsSettings    = {}
+      useLegacyMcpJson = true
+    })
+  }
+
+  # All installation parameters are applied correctly
+  assert {
+    condition     = resource.coder_env.status_slug.value == "amazonq"
+    error_message = "Status slug should be configured correctly with extended parameters"
+  }
+
+  assert {
+    condition     = resource.coder_env.auth_tarball[0].value == "dGVzdEF1dGhUYXJiYWxs"
+    error_message = "Auth tarball should be configured correctly with extended parameters"
+  }
+
+  # Custom agent configuration is loaded and referenced correctly
+  assert {
+    condition     = local.agent_name == "production-agent"
+    error_message = "Agent name should be extracted from custom agent config"
+  }
+
+  assert {
+    condition     = length(local.agent_config) > 0
+    error_message = "Custom agent config should be processed correctly"
+  }
+
+  # AI prompt and system prompt are configured
+  assert {
+    condition     = local.full_prompt == "Help me create a production-grade TypeScript monorepo with testing and deployment"
+    error_message = "AI prompt should be configured correctly in extended configuration"
+  }
+
+  # Pre-install and post-install scripts are provided
+  assert {
+    condition     = length(local.agent_config) > 0
+    error_message = "Agent config should be generated correctly for extended configuration"
+  }
+}
+
+run "full_config" {
+  command = plan
+
+  variables {
+    agent_id            = "test-agent-id"
+    workdir             = "/tmp/test-workdir"
+    install_amazon_q    = true
+    install_agentapi    = true
+    agentapi_version    = "v0.5.0"
+    amazon_q_version    = "latest"
+    trust_all_tools     = true
+    ai_prompt           = "Build a web application"
+    auth_tarball        = "dGVzdA=="
+    order               = 1
+    group               = "AI Tools"
+    icon                = "/icon/custom-amazon-q.svg"
+    pre_install_script  = "echo 'pre-install'"
+    post_install_script = "echo 'post-install'"
+    agent_config = jsonencode({
+      name             = "test-agent"
+      description      = "Test agent configuration"
+      prompt           = "You are a helpful AI assistant for testing."
+      mcpServers       = {}
+      tools            = ["fs_read", "fs_write", "execute_bash", "use_aws", "knowledge"]
+      toolAliases      = {}
+      allowedTools     = ["fs_read"]
+      resources        = ["file://AmazonQ.md", "file://README.md", "file://.amazonq/rules/**/*.md"]
+      hooks            = {}
+      toolsSettings    = {}
+      useLegacyMcpJson = true
+    })
+  }
+
+  assert {
+    condition     = resource.coder_env.status_slug.name == "CODER_MCP_APP_STATUS_SLUG"
+    error_message = "Status slug environment variable not configured correctly"
+  }
+
+  assert {
+    condition     = resource.coder_env.status_slug.value == "amazonq"
+    error_message = "Status slug value should be 'amazonq'"
+  }
+
+  assert {
+    condition     = length(resource.coder_env.auth_tarball) == 1
+    error_message = "Auth tarball environment variable should be created when provided"
+  }
+}
+
+run "auth_tarball_environment" {
+  command = plan
+
+  variables {
+    agent_id     = "test-agent-id"
+    workdir      = "/tmp/test-workdir"
+    auth_tarball = "dGVzdEF1dGhUYXJiYWxs" # base64 "testAuthTarball"
+  }
+
+  assert {
+    condition     = resource.coder_env.auth_tarball[0].name == "AMAZON_Q_AUTH_TARBALL"
+    error_message = "Auth tarball environment variable name should be 'AMAZON_Q_AUTH_TARBALL'"
+  }
+
+  assert {
+    condition     = resource.coder_env.auth_tarball[0].value == "dGVzdEF1dGhUYXJiYWxs"
+    error_message = "Auth tarball environment variable value should match input"
+  }
+}
+
+run "empty_auth_tarball" {
+  command = plan
+
+  variables {
+    agent_id     = "test-agent-id"
+    workdir      = "/tmp/test-workdir"
+    auth_tarball = ""
+  }
+
+  assert {
+    condition     = length(resource.coder_env.auth_tarball) == 0
+    error_message = "Auth tarball environment variable should not be created when empty"
+  }
+}
+
+run "custom_system_prompt" {
+  command = plan
+
+  variables {
+    agent_id      = "test-agent-id"
+    workdir       = "/tmp/test-workdir"
+    system_prompt = "Custom system prompt for testing"
+  }
+
+  # Test that the system prompt is used in the agent config template
+  assert {
+    condition     = length(local.agent_config) > 0
+    error_message = "Agent config should be generated with custom system prompt"
+  }
+}
+
+run "install_options" {
+  command = plan
+
+  variables {
+    agent_id         = "test-agent-id"
+    workdir          = "/tmp/test-workdir"
+    install_amazon_q = false
+    install_agentapi = false
+  }
+
+  assert {
+    condition     = resource.coder_env.status_slug.name == "CODER_MCP_APP_STATUS_SLUG"
+    error_message = "Status slug should still be configured even when install options are disabled"
+  }
+}
+
+run "version_configuration" {
+  command = plan
+
+  variables {
+    agent_id         = "test-agent-id"
+    workdir          = "/tmp/test-workdir"
+    amazon_q_version = "2.15.0"
+    agentapi_version = "v0.4.0"
+  }
+
+  assert {
+    condition     = resource.coder_env.status_slug.value == "amazonq"
+    error_message = "Status slug value should remain 'amazonq' regardless of version"
+  }
+}
+
+# Additional test for agent name extraction
+run "agent_name_extraction" {
+  command = plan
+
+  variables {
+    agent_id = "test-agent-id"
+    workdir  = "/tmp/test-workdir"
+    agent_config = jsonencode({
+      name             = "custom-enterprise-agent"
+      description      = "Custom enterprise agent configuration"
+      prompt           = "You are a custom enterprise AI assistant."
+      mcpServers       = {}
+      tools            = ["fs_read", "fs_write", "execute_bash", "use_aws", "knowledge"]
+      toolAliases      = {}
+      allowedTools     = ["fs_read", "fs_write"]
+      resources        = ["file://README.md"]
+      hooks            = {}
+      toolsSettings    = {}
+      useLegacyMcpJson = true
+    })
+  }
+
+  assert {
+    condition     = local.agent_name == "custom-enterprise-agent"
+    error_message = "Agent name should be extracted correctly from custom agent config"
+  }
+
+  assert {
+    condition     = length(local.agent_config) > 0
+    error_message = "Agent config should be processed correctly"
+  }
+}
+
+# Test for JSON encoding validation
+run "json_encoding_validation" {
+  command = plan
+
+  variables {
+    agent_id      = "test-agent-id"
+    workdir       = "/tmp/test-workdir"
+    system_prompt = "Multi-line\nsystem prompt\nwith newlines"
+  }
+
+  assert {
+    condition     = length(local.system_prompt) > 0
+    error_message = "System prompt should be JSON encoded correctly"
+  }
+
+  assert {
+    condition     = length(local.agent_config) > 0
+    error_message = "Agent config should be generated correctly with multi-line system prompt"
+  }
+}
@@ -2,40 +2,530 @@ import { describe, it, expect } from "bun:test";
 import {
  runTerraformApply,
  runTerraformInit,
-  testRequiredVariables,
  findResourceInstance,
 } from "~test";
 import path from "path";

 const moduleDir = path.resolve(__dirname);

+// Always provide agent_config to bypass template parsing issues
+const baseAgentConfig = JSON.stringify({
+  name: "test-agent",
+  description: "Test agent configuration",
+  prompt: "You are a helpful AI assistant.",
+  mcpServers: {},
+  tools: ["fs_read", "fs_write", "execute_bash", "use_aws", "knowledge"],
+  toolAliases: {},
+  allowedTools: ["fs_read"],
+  resources: ["file://README.md", "file://.amazonq/rules/**/*.md"],
+  hooks: {},
+  toolsSettings: {},
+  useLegacyMcpJson: true,
+});
+
 const requiredVars = {
  agent_id: "dummy-agent-id",
+  agent_config: baseAgentConfig,
+  workdir: "/tmp/test-workdir",
 };

-describe("amazon-q module", async () => {
+const fullConfigVars = {
+  agent_id: "dummy-agent-id",
+  workdir: "/tmp/test-workdir",
+  install_amazon_q: true,
+  install_agentapi: true,
+  agentapi_version: "v0.6.0",
+  amazon_q_version: "1.14.1",
+  q_install_url: "https://desktop-release.q.us-east-1.amazonaws.com",
+  trust_all_tools: false,
+  ai_prompt: "Build a comprehensive test suite",
+  auth_tarball: "dGVzdEF1dGhUYXJiYWxs", // base64 "testAuthTarball"
+  order: 1,
+  group: "AI Tools",
+  icon: "/icon/custom-amazon-q.svg",
+  pre_install_script: "echo 'Starting pre-install'",
+  post_install_script: "echo 'Completed post-install'",
+  agent_config: baseAgentConfig,
+};
+
+describe("amazon-q module v2.0.0", async () => {
  await runTerraformInit(moduleDir);

-  // 1. Required variables
-  testRequiredVariables(moduleDir, requiredVars);
+  // Test Case 1: Basic Usage – No Autonomous Use of Q
+  // Matches CDES-203 Test Case #1: Basic Usage
+  it("Test Case 1: Basic Usage - No Autonomous Use of Q", async () => {
+    const basicUsageVars = {
+      agent_id: "dummy-agent-id",
+      workdir: "/tmp/test-workdir",
+      auth_tarball: "dGVzdEF1dGhUYXJiYWxs", // base64 "testAuthTarball"
+    };

-  // 2. coder_script resource is created
-  it("creates coder_script resource", async () => {
-    const state = await runTerraformApply(moduleDir, requiredVars);
-    const scriptResource = findResourceInstance(state, "coder_script");
-    expect(scriptResource).toBeDefined();
-    expect(scriptResource.agent_id).toBe(requiredVars.agent_id);
-    // Optionally, check that the script contains expected lines
-    expect(scriptResource.script).toContain("Installing Amazon Q");
+    const state = await runTerraformApply(moduleDir, basicUsageVars);
+
+    // Q is installed and authenticated
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+    expect(statusSlugEnv.name).toBe("CODER_MCP_APP_STATUS_SLUG");
+    expect(statusSlugEnv.value).toBe("amazonq");
+
+    // AgentAPI is installed and configured (default behavior)
+    const authTarballEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "auth_tarball",
+    );
+    expect(authTarballEnv).toBeDefined();
+    expect(authTarballEnv.name).toBe("AMAZON_Q_AUTH_TARBALL");
+    expect(authTarballEnv.value).toBe("dGVzdEF1dGhUYXJiYWxs");
+
+    // Foundational configuration for all components is applied
+    // No additional parameters are required for the module to work
+    // Using the terminal application and Q chat returns a functional interface
  });

-  // 3. coder_app resource is created
-  it("creates coder_app resource", async () => {
-    const state = await runTerraformApply(moduleDir, requiredVars);
-    const appResource = findResourceInstance(state, "coder_app", "amazon_q");
-    expect(appResource).toBeDefined();
-    expect(appResource.agent_id).toBe(requiredVars.agent_id);
+  // Test Case 2: Autonomous Usage – Autonomous Use of Q
+  // Matches CDES-203 Test Case 2: Autonomous Usage
+  it("Test Case 2: Autonomous Usage - Autonomous Use of Q", async () => {
+    const autonomousUsageVars = {
+      agent_id: "dummy-agent-id",
+      workdir: "/tmp/test-workdir",
+      auth_tarball: "dGVzdEF1dGhUYXJiYWxs", // base64 "testAuthTarball"
+      ai_prompt:
+        "Help me set up a Python FastAPI project with proper testing structure",
+    };
+
+    const state = await runTerraformApply(moduleDir, autonomousUsageVars);
+
+    // Q is installed and authenticated
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+    expect(statusSlugEnv.name).toBe("CODER_MCP_APP_STATUS_SLUG");
+    expect(statusSlugEnv.value).toBe("amazonq");
+
+    // AgentAPI is installed and configured
+    const authTarballEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "auth_tarball",
+    );
+    expect(authTarballEnv).toBeDefined();
+    expect(authTarballEnv.name).toBe("AMAZON_Q_AUTH_TARBALL");
+
+    // AI prompt is passed through from external source
+    // The Chat interface functions as required
+    // The Tasks interface functions as required
+    // The template can be invoked from GitHub integration as expected
  });

-  // Add more state-based tests as needed
+  // Test Case 3: Extended Configuration – Parameter Validation and File Rendering
+  // Matches CDES-203 Test Case 3: Extended Configuration
+  it("Test Case 3: Extended Configuration - Parameter Validation and File Rendering", async () => {
+    const extendedConfigVars = {
+      agent_id: "dummy-agent-id",
+      workdir: "/tmp/test-workdir",
+      auth_tarball: "dGVzdEF1dGhUYXJiYWxs", // base64 "testAuthTarball"
+      amazon_q_version: "1.14.1",
+      q_install_url: "https://desktop-release.q.us-east-1.amazonaws.com",
+      install_amazon_q: true,
+      install_agentapi: true,
+      agentapi_version: "v0.6.0",
+      trust_all_tools: true,
+      ai_prompt:
+        "Help me create a production-grade TypeScript monorepo with testing and deployment",
+      system_prompt:
+        "You are a helpful software assistant working in a secure enterprise environment",
+      pre_install_script: "echo 'Pre-install setup'",
+      post_install_script: "echo 'Post-install cleanup'",
+      agent_config: JSON.stringify({
+        name: "production-agent",
+        description: "Production Amazon Q agent for enterprise environment",
+        prompt:
+          "You are a helpful software assistant working in a secure enterprise environment",
+        mcpServers: {},
+        tools: ["fs_read", "fs_write", "execute_bash", "use_aws", "knowledge"],
+        toolAliases: {},
+        allowedTools: ["fs_read"],
+        resources: [
+          "file://AmazonQ.md",
+          "file://README.md",
+          "file://.amazonq/rules/**/*.md",
+        ],
+        hooks: {},
+        toolsSettings: {},
+        useLegacyMcpJson: true,
+      }),
+    };
+
+    const state = await runTerraformApply(moduleDir, extendedConfigVars);
+
+    // All installation steps execute in the correct order
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+    expect(statusSlugEnv.name).toBe("CODER_MCP_APP_STATUS_SLUG");
+    expect(statusSlugEnv.value).toBe("amazonq");
+
+    // auth_tarball is unpacked and used as expected
+    const authTarballEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "auth_tarball",
+    );
+    expect(authTarballEnv).toBeDefined();
+    expect(authTarballEnv.value).toBe("dGVzdEF1dGhUYXJiYWxs");
+
+    // agent_config is rendered correctly, and the name field is used as the agent's name
+    // The specified ai_prompt and system_prompt are respected by the Q agent
+    // Tools are trusted globally if trust_all_tools = true
+    // Files and scripts execute in proper sequence
+  });
+
+  // 1. Basic functionality test (replaces testRequiredVariables)
+  it("works with required variables", async () => {
+    const state = await runTerraformApply(moduleDir, requiredVars);
+
+    // Should create the basic resources
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+    expect(statusSlugEnv.name).toBe("CODER_MCP_APP_STATUS_SLUG");
+    expect(statusSlugEnv.value).toBe("amazonq");
+  });
+
+  // 2. Environment variables are created correctly
+  it("creates required environment variables", async () => {
+    const state = await runTerraformApply(moduleDir, fullConfigVars);
+
+    // Check status slug environment variable
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+    expect(statusSlugEnv.name).toBe("CODER_MCP_APP_STATUS_SLUG");
+    expect(statusSlugEnv.value).toBe("amazonq");
+
+    // Check auth tarball environment variable
+    const authTarballEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "auth_tarball",
+    );
+    expect(authTarballEnv).toBeDefined();
+    expect(authTarballEnv.name).toBe("AMAZON_Q_AUTH_TARBALL");
+    expect(authTarballEnv.value).toBe("dGVzdEF1dGhUYXJiYWxs");
+  });
+
+  // 3. Empty auth tarball handling
+  it("handles empty auth tarball correctly", async () => {
+    const noAuthVars = {
+      ...requiredVars,
+      auth_tarball: "",
+    };
+
+    const state = await runTerraformApply(moduleDir, noAuthVars);
+
+    // Auth tarball environment variable should not be created when empty
+    const authTarballEnv = state.resources?.find(
+      (r) => r.type === "coder_env" && r.name === "auth_tarball",
+    );
+    expect(authTarballEnv).toBeUndefined();
+  });
+
+  // 4. Status slug is always created
+  it("creates status slug environment variable", async () => {
+    const state = await runTerraformApply(moduleDir, requiredVars);
+
+    // Status slug should always be configured
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+    expect(statusSlugEnv.name).toBe("CODER_MCP_APP_STATUS_SLUG");
+    expect(statusSlugEnv.value).toBe("amazonq");
+  });
+
+  // 5. Install options configuration
+  it("respects install option flags", async () => {
+    const noInstallVars = {
+      ...requiredVars,
+      install_amazon_q: false,
+      install_agentapi: false,
+    };
+
+    const state = await runTerraformApply(moduleDir, noInstallVars);
+
+    // Status slug should still be configured even when install options are disabled
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+    expect(statusSlugEnv.value).toBe("amazonq");
+  });
+
+  // 6. Configurable installation URL
+  it("uses configurable q_install_url parameter", async () => {
+    const customUrlVars = {
+      ...requiredVars,
+      q_install_url: "https://internal-mirror.company.com/amazon-q",
+    };
+
+    const state = await runTerraformApply(moduleDir, customUrlVars);
+
+    // Should create the basic resources
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+  });
+
+  // 7. Version configuration
+  it("uses specified versions", async () => {
+    const versionVars = {
+      ...requiredVars,
+      amazon_q_version: "1.14.1",
+      agentapi_version: "v0.6.0",
+    };
+
+    const state = await runTerraformApply(moduleDir, versionVars);
+
+    // Should create the basic resources
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+  });
+
+  // 8. UI configuration options
+  it("supports UI customization options", async () => {
+    const uiCustomVars = {
+      ...requiredVars,
+      order: 5,
+      group: "Custom AI Tools",
+      icon: "/icon/custom-amazon-q-icon.svg",
+    };
+
+    const state = await runTerraformApply(moduleDir, uiCustomVars);
+
+    // Should create the basic resources
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+  });
+
+  // 9. Pre and post install scripts
+  it("supports pre and post install scripts", async () => {
+    const scriptVars = {
+      ...requiredVars,
+      pre_install_script: "echo 'Pre-install setup'",
+      post_install_script: "echo 'Post-install cleanup'",
+    };
+
+    const state = await runTerraformApply(moduleDir, scriptVars);
+
+    // Should create the basic resources
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+  });
+
+  // 10. Valid agent_config JSON with different agent name
+  it("handles valid agent_config JSON with custom agent name", async () => {
+    const customAgentConfig = JSON.stringify({
+      name: "production-agent",
+      description: "Production Amazon Q agent",
+      prompt: "You are a production AI assistant.",
+      mcpServers: {},
+      tools: ["fs_read", "fs_write"],
+      toolAliases: {},
+      allowedTools: ["fs_read"],
+      resources: ["file://README.md"],
+      hooks: {},
+      toolsSettings: {},
+      useLegacyMcpJson: true,
+    });
+
+    const validAgentConfigVars = {
+      ...requiredVars,
+      agent_config: customAgentConfig,
+    };
+
+    const state = await runTerraformApply(moduleDir, validAgentConfigVars);
+
+    // Should create the basic resources
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+  });
+
+  // 11. Air-gapped installation support
+  it("supports air-gapped installation with custom URL", async () => {
+    const airGappedVars = {
+      ...requiredVars,
+      q_install_url: "https://artifacts.internal.corp/amazon-q-releases",
+      amazon_q_version: "1.14.1",
+    };
+
+    const state = await runTerraformApply(moduleDir, airGappedVars);
+
+    // Should create the basic resources
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+  });
+
+  // 12. Trust all tools configuration
+  it("handles trust_all_tools configuration", async () => {
+    const trustVars = {
+      ...requiredVars,
+      trust_all_tools: true,
+    };
+
+    const state = await runTerraformApply(moduleDir, trustVars);
+
+    // Should create the basic resources
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+  });
+
+  // 13. AI prompt configuration
+  it("handles AI prompt configuration", async () => {
+    const promptVars = {
+      ...requiredVars,
+      ai_prompt: "Create a comprehensive test suite for the application",
+    };
+
+    const state = await runTerraformApply(moduleDir, promptVars);
+
+    // Should create the basic resources
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+  });
+
+  // 14. Agent config with minimal structure
+  it("handles minimal agent config structure", async () => {
+    const minimalAgentConfig = JSON.stringify({
+      name: "minimal-agent",
+      description: "Minimal agent config",
+      prompt: "You are a minimal AI assistant.",
+      mcpServers: {},
+      tools: ["fs_read", "fs_write", "execute_bash", "use_aws", "knowledge"],
+      toolAliases: {},
+      allowedTools: ["fs_read"],
+      resources: ["file://README.md"],
+      hooks: {},
+      toolsSettings: {},
+      useLegacyMcpJson: true,
+    });
+
+    const minimalVars = {
+      ...requiredVars,
+      agent_config: minimalAgentConfig,
+    };
+
+    const state = await runTerraformApply(moduleDir, minimalVars);
+
+    // Should create the basic resources
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+  });
+
+  // 15. JSON encoding validation for system prompts with newlines
+  it("handles system prompts with newlines correctly", async () => {
+    const multilinePromptVars = {
+      ...requiredVars,
+      system_prompt: "Multi-line\nsystem prompt\nwith newlines",
+    };
+
+    const state = await runTerraformApply(moduleDir, multilinePromptVars);
+
+    // Should create the basic resources without JSON parsing errors
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+    expect(statusSlugEnv.value).toBe("amazonq");
+  });
+
+  // 16. Agent name extraction from custom config
+  it("extracts agent name from custom configuration correctly", async () => {
+    const customNameConfig = JSON.stringify({
+      name: "enterprise-production-agent",
+      description: "Enterprise production agent configuration",
+      prompt: "You are an enterprise production AI assistant.",
+      mcpServers: {},
+      tools: ["fs_read", "fs_write", "execute_bash", "use_aws", "knowledge"],
+      toolAliases: {},
+      allowedTools: ["fs_read", "fs_write", "execute_bash"],
+      resources: ["file://README.md", "file://.amazonq/rules/**/*.md"],
+      hooks: {},
+      toolsSettings: {},
+      useLegacyMcpJson: true,
+    });
+
+    const customNameVars = {
+      ...requiredVars,
+      agent_config: customNameConfig,
+    };
+
+    const state = await runTerraformApply(moduleDir, customNameVars);
+
+    // Should create the basic resources
+    const statusSlugEnv = findResourceInstance(
+      state,
+      "coder_env",
+      "status_slug",
+    );
+    expect(statusSlugEnv).toBeDefined();
+    expect(statusSlugEnv.value).toBe("amazonq");
+  });
 });
@@ -1,10 +1,12 @@
+# Improved amazon-q module main.tf
+
 terraform {
  required_version = ">= 1.0"

  required_providers {
    coder = {
      source  = "coder/coder"
-      version = ">= 2.5"
+      version = ">= 2.7"
    }
  }
 }
@@ -15,7 +17,6 @@ variable "agent_id" {
 }

 data "coder_workspace" "me" {}
-
 data "coder_workspace_owner" "me" {}

 variable "order" {
@@ -36,12 +37,67 @@ variable "icon" {
  default     = "/icon/amazon-q.svg"
 }

-variable "folder" {
+variable "report_tasks" {
+  type        = bool
+  description = "Whether to enable task reporting to Coder UI via AgentAPI"
+  default     = true
+}
+
+variable "cli_app" {
+  type        = bool
+  description = "Whether to create a CLI app for Amazon Q"
+  default     = false
+}
+
+variable "web_app_display_name" {
+  type        = string
+  description = "Display name for the web app"
+  default     = "AmazonQ"
+}
+
+variable "cli_app_display_name" {
+  type        = string
+  description = "Display name for the CLI app"
+  default     = "AmazonQ CLI"
+}
+
+variable "install_agentapi" {
+  type        = bool
+  description = "Whether to install AgentAPI."
+  default     = true
+}
+
+variable "ai_prompt" {
+  type        = string
+  description = "The initial task prompt to send to Amazon Q."
+  default     = ""
+}
+
+variable "pre_install_script" {
+  type        = string
+  description = "Optional script to run before installing Amazon Q."
+  default     = null
+}
+
+variable "post_install_script" {
+  type        = string
+  description = "Optional script to run after installing Amazon Q."
+  default     = null
+}
+
+variable "agentapi_version" {
+  type        = string
+  description = "The version of AgentAPI to install."
+  default     = "v0.6.1"
+}
+
+variable "workdir" {
  type        = string
  description = "The folder to run Amazon Q in."
-  default     = "/home/coder"
 }

+# ---------------------------------------------
+
 variable "install_amazon_q" {
  type        = bool
  description = "Whether to install Amazon Q."
@@ -51,43 +107,19 @@ variable "install_amazon_q" {
 variable "amazon_q_version" {
  type        = string
  description = "The version of Amazon Q to install."
-  default     = "latest"
+  default     = "1.14.1"
 }

-variable "experiment_use_screen" {
-  type        = bool
-  description = "Whether to use screen for running Amazon Q in the background."
-  default     = false
-}
-
-variable "experiment_use_tmux" {
-  type        = bool
-  description = "Whether to use tmux instead of screen for running Amazon Q in the background."
-  default     = false
-}
-
-variable "experiment_report_tasks" {
-  type        = bool
-  description = "Whether to enable task reporting."
-  default     = false
-}
-
-variable "experiment_pre_install_script" {
+variable "q_install_url" {
  type        = string
-  description = "Custom script to run before installing Amazon Q."
-  default     = null
+  description = "Base URL for Amazon Q installation downloads."
+  default     = "https://desktop-release.q.us-east-1.amazonaws.com"
 }

-variable "experiment_post_install_script" {
-  type        = string
-  description = "Custom script to run after installing Amazon Q."
-  default     = null
-}
-
-variable "experiment_auth_tarball" {
-  type        = string
-  description = "Base64 encoded, zstd compressed tarball of a pre-authenticated ~/.local/share/amazon-q directory. After running `q login` on another machine, you may generate it with: `cd ~/.local/share/amazon-q && tar -c . | zstd | base64 -w 0`"
-  default     = "tarball"
+variable "trust_all_tools" {
+  type        = bool
+  description = "Whether to trust all tools in Amazon Q."
+  default     = false
 }

 variable "system_prompt" {
@@ -98,222 +130,141 @@ variable "system_prompt" {
    and solve issues the user gives you and test your work, whenever possible.
    Avoid shortcuts like mocking tests. When you get stuck, you can ask the user
    but opt for autonomy.
-
-    YOU MUST REPORT ALL TASKS TO CODER.
-    When reporting tasks, you MUST follow these EXACT instructions:
-    - IMMEDIATELY report status after receiving ANY user message.
-    - Be granular. If you are investigating with multiple steps, report each step to coder.
-
-    Task state MUST be one of the following:
-    - Use "state": "working" when actively processing WITHOUT needing additional user input.
-    - Use "state": "complete" only when finished with a task.
-    - Use "state": "failure" when you need ANY user input, lack sufficient details, or encounter blockers.
-
-    Task summaries MUST:
-    - Include specifics about what you're doing.
-    - Include clear and actionable steps for the user.
-    - Be less than 160 characters in length.
  EOT
 }

-variable "ai_prompt" {
+variable "coder_mcp_instructions" {
  type        = string
-  description = "The initial task prompt to send to Amazon Q."
-  default     = "Please help me with my coding tasks. I'll provide specific instructions as needed."
+  description = "Instructions for the Coder MCP server integration. This defines how the agent should report tasks to Coder."
+  default     = <<-EOT
+    YOU MUST REPORT ALL TASKS TO CODER.
+    When reporting tasks you MUST follow these EXACT instructions:
+    - IMMEDIATELY report status after receiving ANY user message
+    - Be granular If you are investigating with multiple steps report each step to coder.
+
+    Task state MUST be one of the following:
+    - Use "state": "working" when actively processing WITHOUT needing additional user input
+    - Use "state": "complete" only when finished with a task
+    - Use "state": "failure" when you need ANY user input lack sufficient details or encounter blockers.
+
+    Task summaries MUST:
+    - Include specifics about what you're doing
+    - Include clear and actionable steps for the user
+    - Be less than 160 characters in length
+  EOT
+}
+
+variable "auth_tarball" {
+  type        = string
+  description = "Base64 encoded, zstd compressed tarball of a pre-authenticated ~/.local/share/amazon-q directory."
+  default     = ""
+  sensitive   = true
+}
+
+variable "agent_config" {
+  type        = string
+  description = "Optional Agent configuration JSON for Amazon Q."
+  default     = null
+}
+
+variable "agentapi_chat_based_path" {
+  type        = bool
+  description = "Whether to use chat-based path for AgentAPI.Required if CODER_WILDCARD_ACCESS_URL is not defined in coder deployment"
+  default     = false
+}
+
+# Expose status slug to the agent environment
+resource "coder_env" "status_slug" {
+  agent_id = var.agent_id
+  name     = "CODER_MCP_APP_STATUS_SLUG"
+  value    = local.app_slug
+}
+
+# Expose auth tarball as environment variable for install script
+resource "coder_env" "auth_tarball" {
+  count    = var.auth_tarball != "" ? 1 : 0
+  agent_id = var.agent_id
+  name     = "AMAZON_Q_AUTH_TARBALL"
+  value    = var.auth_tarball
 }

 locals {
-  encoded_pre_install_script  = var.experiment_pre_install_script != null ? base64encode(var.experiment_pre_install_script) : ""
-  encoded_post_install_script = var.experiment_post_install_script != null ? base64encode(var.experiment_post_install_script) : ""
-  full_prompt                 = <<-EOT
-    ${var.system_prompt}
+  app_slug               = "amazonq"
+  install_script         = file("${path.module}/scripts/install.sh")
+  start_script           = file("${path.module}/scripts/start.sh")
+  module_dir_name        = ".amazonq-module"
+  system_prompt          = jsonencode(replace(var.system_prompt, "/[\r\n]/", ""))
+  coder_mcp_instructions = jsonencode(replace(var.coder_mcp_instructions, "/[\r\n]/", ""))

-    Your first task is:
+  # Create default agent config structure
+  default_agent_config = templatefile("${path.module}/templates/agent-config.json.tpl", {
+    system_prompt = local.system_prompt
+  })

-    ${var.ai_prompt}
-  EOT
+  # Choose the JSON string: use var.agent_config if provided, otherwise encode default
+  agent_config = var.agent_config != null ? var.agent_config : local.default_agent_config
+
+  # Extract agent name from the selected config
+  agent_name = try(jsondecode(local.agent_config).name, "agent")
+
+  full_prompt = var.ai_prompt != null ? "${var.ai_prompt}" : ""
+
+  server_chat_parameters = var.agentapi_chat_based_path ? "--chat-base-path /@${data.coder_workspace_owner.me.name}/${data.coder_workspace.me.name}.${var.agent_id}/apps/${local.app_slug}/chat" : ""
 }

-resource "coder_script" "amazon_q" {
-  agent_id     = var.agent_id
-  display_name = "Amazon Q"
-  icon         = var.icon
-  script       = <<-EOT
+
+module "agentapi" {
+  source  = "registry.coder.com/coder/agentapi/coder"
+  version = "1.1.1"
+
+  agent_id             = var.agent_id
+  web_app_slug         = local.app_slug
+  web_app_order        = var.order
+  web_app_group        = var.group
+  web_app_icon         = var.icon
+  web_app_display_name = var.web_app_display_name
+  cli_app              = var.cli_app
+  cli_app_slug         = var.cli_app ? "${local.app_slug}-cli" : null
+  cli_app_display_name = var.cli_app ? var.cli_app_display_name : null
+  module_dir_name      = local.module_dir_name
+  install_agentapi     = var.install_agentapi
+  agentapi_version     = var.agentapi_version
+  pre_install_script   = var.pre_install_script
+  post_install_script  = var.post_install_script
+
+  start_script = <<-EOT
    #!/bin/bash
    set -o errexit
    set -o pipefail

-    command_exists() {
-      command -v "$1" >/dev/null 2>&1
-    }
+    echo -n '${base64encode(local.start_script)}' | base64 -d > /tmp/start.sh
+    chmod +x /tmp/start.sh
+    ARG_TRUST_ALL_TOOLS='${var.trust_all_tools}' \
+    ARG_AI_PROMPT='${base64encode(local.full_prompt)}' \
+    ARG_MODULE_DIR_NAME='${local.module_dir_name}' \
+    ARG_WORKDIR='${var.workdir}' \
+    ARG_SERVER_PARAMETERS="${local.server_chat_parameters}" \
+    ARG_REPORT_TASKS='${var.report_tasks}' \
+    /tmp/start.sh
+  EOT

-    if [ -n "${local.encoded_pre_install_script}" ]; then
-      echo "Running pre-install script..."
-      echo "${local.encoded_pre_install_script}" | base64 -d > /tmp/pre_install.sh
-      chmod +x /tmp/pre_install.sh
-      /tmp/pre_install.sh
-    fi
-
-    if [ "${var.install_amazon_q}" = "true" ]; then
-      echo "Installing Amazon Q..."
-      PREV_DIR="$PWD"
-      TMP_DIR="$(mktemp -d)"
-      cd "$TMP_DIR"
-
-      ARCH="$(uname -m)"
-      case "$ARCH" in
-        "x86_64")
-          Q_URL="https://desktop-release.q.us-east-1.amazonaws.com/${var.amazon_q_version}/q-x86_64-linux.zip"
-          ;;
-        "aarch64"|"arm64")
-          Q_URL="https://desktop-release.codewhisperer.us-east-1.amazonaws.com/${var.amazon_q_version}/q-aarch64-linux.zip"
-          ;;
-        *)
-          echo "Error: Unsupported architecture: $ARCH. Amazon Q only supports x86_64 and arm64."
-          exit 1
-          ;;
-      esac
-
-      echo "Downloading Amazon Q for $ARCH..."
-      curl --proto '=https' --tlsv1.2 -sSf "$Q_URL" -o "q.zip"
-      unzip q.zip
-      ./q/install.sh --no-confirm
-      cd "$PREV_DIR"
-      export PATH="$PATH:$HOME/.local/bin"
-      echo "Installed Amazon Q version: $(q --version)"
-    fi
-
-    echo "Extracting auth tarball..."
-    PREV_DIR="$PWD"
-    echo "${var.experiment_auth_tarball}" | base64 -d > /tmp/auth.tar.zst
-    rm -rf ~/.local/share/amazon-q
-    mkdir -p ~/.local/share/amazon-q
-    cd ~/.local/share/amazon-q
-    tar -I zstd -xf /tmp/auth.tar.zst
-    rm /tmp/auth.tar.zst
-    cd "$PREV_DIR"
-    echo "Extracted auth tarball"
-
-    if [ "${var.experiment_report_tasks}" = "true" ]; then
-      echo "Configuring Amazon Q to report tasks via Coder MCP..."
-      q mcp add --name coder --command "coder" --args "exp,mcp,server,--allowed-tools,coder_report_task" --env "CODER_MCP_APP_STATUS_SLUG=amazon-q" --scope global --force
-      echo "Added Coder MCP server to Amazon Q configuration"
-    fi
-
-    if [ -n "${local.encoded_post_install_script}" ]; then
-      echo "Running post-install script..."
-      echo "${local.encoded_post_install_script}" | base64 -d > /tmp/post_install.sh
-      chmod +x /tmp/post_install.sh
-      /tmp/post_install.sh
-    fi
-
-    if [ "${var.experiment_use_tmux}" = "true" ] && [ "${var.experiment_use_screen}" = "true" ]; then
-      echo "Error: Both experiment_use_tmux and experiment_use_screen cannot be true simultaneously."
-      echo "Please set only one of them to true."
-      exit 1
-    fi
-
-    if [ "${var.experiment_use_tmux}" = "true" ]; then
-      echo "Running Amazon Q in the background with tmux..."
-
-      if ! command_exists tmux; then
-        echo "Error: tmux is not installed. Please install tmux manually."
-        exit 1
-      fi
-
-      touch "$HOME/.amazon-q.log"
-
-      export LANG=en_US.UTF-8
-      export LC_ALL=en_US.UTF-8
-
-      tmux new-session -d -s amazon-q -c "${var.folder}" "q chat --trust-all-tools | tee -a "$HOME/.amazon-q.log" && exec bash"
-
-      tmux send-keys -t amazon-q "${local.full_prompt}"
-      sleep 5
-      tmux send-keys -t amazon-q Enter
-    fi
-
-    if [ "${var.experiment_use_screen}" = "true" ]; then
-      echo "Running Amazon Q in the background..."
-
-      if ! command_exists screen; then
-        echo "Error: screen is not installed. Please install screen manually."
-        exit 1
-      fi
-
-      touch "$HOME/.amazon-q.log"
-
-      if [ ! -f "$HOME/.screenrc" ]; then
-        echo "Creating ~/.screenrc and adding multiuser settings..." | tee -a "$HOME/.amazon-q.log"
-        echo -e "multiuser on\nacladd $(whoami)" > "$HOME/.screenrc"
-      fi
-
-      if ! grep -q "^multiuser on$" "$HOME/.screenrc"; then
-        echo "Adding 'multiuser on' to ~/.screenrc..." | tee -a "$HOME/.amazon-q.log"
-        echo "multiuser on" >> "$HOME/.screenrc"
-      fi
-
-      if ! grep -q "^acladd $(whoami)$" "$HOME/.screenrc"; then
-        echo "Adding 'acladd $(whoami)' to ~/.screenrc..." | tee -a "$HOME/.amazon-q.log"
-        echo "acladd $(whoami)" >> "$HOME/.screenrc"
-      fi
-      export LANG=en_US.UTF-8
-      export LC_ALL=en_US.UTF-8
-
-      screen -U -dmS amazon-q bash -c '
-        cd ${var.folder}
-        q chat --trust-all-tools | tee -a "$HOME/.amazon-q.log
-        exec bash
-      '
-      # Extremely hacky way to send the prompt to the screen session
-      # This will be fixed in the future, but `amazon-q` was not sending MCP
-      # tasks when an initial prompt is provided.
-      screen -S amazon-q -X stuff "${local.full_prompt}"
-      sleep 5
-      screen -S amazon-q -X stuff "^M"
-    else
-      if ! command_exists q; then
-        echo "Error: Amazon Q is not installed. Please enable install_amazon_q or install it manually."
-        exit 1
-      fi
-    fi
-    EOT
-  run_on_start = true
-}
-
-resource "coder_app" "amazon_q" {
-  slug         = "amazon-q"
-  display_name = "Amazon Q"
-  agent_id     = var.agent_id
-  command      = <<-EOT
+  install_script = <<-EOT
    #!/bin/bash
-    set -e
+    set -o errexit
+    set -o pipefail

-    export LANG=en_US.UTF-8
-    export LC_ALL=en_US.UTF-8
-
-    if [ "${var.experiment_use_tmux}" = "true" ]; then
-      if tmux has-session -t amazon-q 2>/dev/null; then
-        echo "Attaching to existing Amazon Q tmux session." | tee -a "$HOME/.amazon-q.log"
-        tmux attach-session -t amazon-q
-      else
-        echo "Starting a new Amazon Q tmux session." | tee -a "$HOME/.amazon-q.log"
-        tmux new-session -s amazon-q -c ${var.folder} "q chat --trust-all-tools | tee -a \"$HOME/.amazon-q.log\"; exec bash"
-      fi
-    elif [ "${var.experiment_use_screen}" = "true" ]; then
-      if screen -list | grep -q "amazon-q"; then
-        echo "Attaching to existing Amazon Q screen session." | tee -a "$HOME/.amazon-q.log"
-        screen -xRR amazon-q
-      else
-        echo "Starting a new Amazon Q screen session." | tee -a "$HOME/.amazon-q.log"
-        screen -S amazon-q bash -c 'q chat --trust-all-tools | tee -a "$HOME/.amazon-q.log"; exec bash'
-      fi
-    else
-      cd ${var.folder}
-      q chat --trust-all-tools
-    fi
-    EOT
-  icon         = var.icon
-  order        = var.order
-  group        = var.group
+    echo -n '${base64encode(local.install_script)}' | base64 -d > /tmp/install.sh
+    chmod +x /tmp/install.sh
+    ARG_INSTALL='${var.install_amazon_q}' \
+    ARG_VERSION='${var.amazon_q_version}' \
+    ARG_Q_INSTALL_URL='${var.q_install_url}' \
+    ARG_AUTH_TARBALL='${var.auth_tarball}' \
+    ARG_AGENT_CONFIG='${local.agent_config != null ? base64encode(local.agent_config) : ""}' \
+    ARG_AGENT_NAME='${local.agent_name}' \
+    ARG_MODULE_DIR_NAME='${local.module_dir_name}' \
+    ARG_CODER_MCP_APP_STATUS_SLUG='${local.app_slug}' \
+    ARG_CODER_MCP_INSTRUCTIONS='${base64encode(local.coder_mcp_instructions)}' \
+    ARG_REPORT_TASKS='${var.report_tasks}' \
+    /tmp/install.sh
+  EOT
 }
@@ -0,0 +1,152 @@
+#!/bin/bash
+# Install script for amazon-q module
+
+set -o errexit
+set -o pipefail
+
+command_exists() {
+  command -v "$1" > /dev/null 2>&1
+}
+
+# Inputs
+ARG_INSTALL=${ARG_INSTALL:-true}
+ARG_VERSION=${ARG_VERSION:-latest}
+ARG_Q_INSTALL_URL=${ARG_Q_INSTALL_URL:-https://desktop-release.q.us-east-1.amazonaws.com}
+ARG_AUTH_TARBALL=${ARG_AUTH_TARBALL:-}
+ARG_AGENT_CONFIG=${ARG_AGENT_CONFIG:-}
+ARG_AGENT_NAME=${ARG_AGENT_NAME:-default-agent}
+ARG_MODULE_DIR_NAME=${ARG_MODULE_DIR_NAME:-.aws/.amazonq}
+ARG_CODER_MCP_APP_STATUS_SLUG=${ARG_CODER_MCP_APP_STATUS_SLUG:-}
+ARG_CODER_MCP_INSTRUCTIONS=${ARG_CODER_MCP_INSTRUCTIONS:-}
+ARG_REPORT_TASKS=${ARG_REPORT_TASKS:-true}
+
+mkdir -p "$HOME/$ARG_MODULE_DIR_NAME"
+
+# Decode base64 inputs
+ARG_AGENT_CONFIG_DECODED=""
+if [ -n "$ARG_AGENT_CONFIG" ]; then
+  ARG_AGENT_CONFIG_DECODED=$(echo -n "$ARG_AGENT_CONFIG" | base64 -d)
+fi
+
+ARG_CODER_MCP_INSTRUCTIONS_DECODED=""
+if [ -n "$ARG_CODER_MCP_INSTRUCTIONS" ]; then
+  ARG_CODER_MCP_INSTRUCTIONS_DECODED=$(echo -n "$ARG_CODER_MCP_INSTRUCTIONS" | base64 -d)
+fi
+
+echo "--------------------------------"
+echo "install: $ARG_INSTALL"
+echo "version: $ARG_VERSION"
+echo "q_install_url: $ARG_Q_INSTALL_URL"
+echo "agent_name: $ARG_AGENT_NAME"
+echo "coder_mcp_app_status_slug: $ARG_CODER_MCP_APP_STATUS_SLUG"
+echo "module_dir_name: $ARG_MODULE_DIR_NAME"
+echo "auth_tarball_provided: ${ARG_AUTH_TARBALL}"
+echo "report_tasks: ${ARG_REPORT_TASKS}"
+echo "--------------------------------"
+
+# Install Amazon Q if requested
+function install_amazon_q() {
+  if [ "$ARG_INSTALL" = "true" ]; then
+    echo "Installing Amazon Q..."
+    PREV_DIR="$PWD"
+    TMP_DIR="$(mktemp -d)"
+    cd "$TMP_DIR"
+
+    ARCH="$(uname -m)"
+    case "$ARCH" in
+      "x86_64")
+        Q_URL="${ARG_Q_INSTALL_URL}/${ARG_VERSION}/q-x86_64-linux.zip"
+        ;;
+      "aarch64" | "arm64")
+        Q_URL="${ARG_Q_INSTALL_URL}/${ARG_VERSION}/q-aarch64-linux.zip"
+        ;;
+      *)
+        echo "Error: Unsupported architecture: $ARCH. Amazon Q only supports x86_64 and arm64."
+        exit 1
+        ;;
+    esac
+
+    echo "Downloading Amazon Q for $ARCH from $Q_URL..."
+    curl --proto '=https' --tlsv1.2 -sSf "$Q_URL" -o "q.zip"
+    unzip q.zip
+    ./q/install.sh --no-confirm
+    cd "$PREV_DIR"
+    rm -rf "$TMP_DIR"
+
+    # Ensure binaries are discoverable; create stable symlink to q
+    CANDIDATES=(
+      "$(command -v q || true)"
+      "$HOME/.local/bin/q"
+    )
+    FOUND_BIN=""
+    for c in "${CANDIDATES[@]}"; do
+      if [ -n "$c" ] && [ -x "$c" ]; then
+        FOUND_BIN="$c"
+        break
+      fi
+    done
+    export PATH="$PATH:$HOME/.local/bin"
+    echo "Installed Amazon Q at: $(command -v q || true) (resolved: $FOUND_BIN)"
+  fi
+}
+
+# Extract authentication tarball
+function extract_auth_tarball() {
+  if [ -n "$ARG_AUTH_TARBALL" ]; then
+    echo "Extracting auth tarball..."
+    PREV_DIR="$PWD"
+    echo "$ARG_AUTH_TARBALL" | base64 -d > /tmp/auth.tar.zst
+    rm -rf ~/.local/share/amazon-q
+    mkdir -p ~/.local/share/amazon-q
+    cd ~/.local/share/amazon-q
+    tar -I zstd -xf /tmp/auth.tar.zst
+    rm /tmp/auth.tar.zst
+    cd "$PREV_DIR"
+    echo "Extracted auth tarball to ~/.local/share/amazon-q"
+  else
+    echo "Warning: No auth tarball provided. Amazon Q may require manual authentication."
+  fi
+}
+
+# Configure MCP integration and create agent
+function configure_agent() {
+  # Create Amazon Q agent configuration directory
+  AGENT_CONFIG_DIR="$HOME/.aws/amazonq/cli-agents"
+  mkdir -p "$AGENT_CONFIG_DIR"
+  ALLOWED_TOOLS="coder_get_workspace\,coder_create_workspace\,coder_list_workspaces\,coder_list_templates\,coder_template_version_parameters\,coder_get_authenticated_user\,coder_create_workspace_build\,coder_create_template_version\,coder_get_workspace_agent_logs\,coder_get_workspace_build_logs\,coder_get_template_version_logs\,coder_update_template_active_version\,coder_upload_tar_file\,coder_create_template\,coder_delete_template\,coder_workspace_bash"
+  if [ -n "$ARG_AGENT_CONFIG_DECODED" ]; then
+    echo "Applying custom MCP configuration..."
+    # Use agent name as filename for the configuration
+    echo "$ARG_AGENT_CONFIG_DECODED" > "$AGENT_CONFIG_DIR/${ARG_AGENT_NAME}.json"
+    echo "Custom configuration saved to $AGENT_CONFIG_DIR/${ARG_AGENT_NAME}.json"
+  fi
+  if [ "$ARG_REPORT_TASKS" = "true" ]; then
+    echo "Configuring Amazon Q to report tasks via Coder MCP..."
+    q mcp add --name coder \
+      --command "coder" \
+      --agent "$ARG_AGENT_NAME" \
+      --args "exp,mcp,server,--allowed-tools,coder_report_task,--instructions,'$ARG_CODER_MCP_INSTRUCTIONS_DECODED'" \
+      --env "CODER_MCP_APP_STATUS_SLUG=${ARG_CODER_MCP_APP_STATUS_SLUG}" \
+      --env "CODER_MCP_AI_AGENTAPI_URL=http://localhost:3284" \
+      --env "CODER_AGENT_URL=${CODER_AGENT_URL}" \
+      --env "CODER_AGENT_TOKEN=${CODER_AGENT_TOKEN}" \
+      --force || echo "Warning: Failed to add Coder MCP server"
+  else
+    q mcp add --name coder \
+      --command "coder" \
+      --agent "$ARG_AGENT_NAME" \
+      --args "exp,mcp,server,--allowed-tools,coder_report_task" \
+      --env "CODER_AGENT_URL=${CODER_AGENT_URL}" \
+      --env "CODER_AGENT_TOKEN=${CODER_AGENT_TOKEN}" \
+      --force || echo "Warning: Failed to add Coder MCP server"
+  fi
+  echo "Added Coder MCP server into $ARG_AGENT_NAME in Amazon Q configuration"
+  q settings chat.defaultAgent "$ARG_AGENT_NAME"
+}
+
+# Main execution
+install_amazon_q
+extract_auth_tarball
+configure_agent
+
+echo "Amazon Q installation and configuration complete!"
@@ -0,0 +1,67 @@
+#!/bin/bash
+# Start script for amazon-q module
+
+set -o errexit
+set -o pipefail
+
+command_exists() {
+  command -v "$1" > /dev/null 2>&1
+}
+
+# Decode inputs
+ARG_AI_PROMPT=$(echo -n "${ARG_AI_PROMPT:-}" | base64 -d)
+ARG_TRUST_ALL_TOOLS=${ARG_TRUST_ALL_TOOLS:-true}
+ARG_MODULE_DIR_NAME=${ARG_MODULE_DIR_NAME:-.aws/amazonq}
+ARG_WORKDIR=${ARG_WORKDIR:-"$HOME"}
+ARG_REPORT_TASKS=${ARG_REPORT_TASKS:-true}
+ARG_SERVER_PARAMETERS=${ARG_SERVER_PARAMETERS:-""}
+
+echo "--------------------------------"
+echo "ai_prompt: $ARG_AI_PROMPT"
+echo "trust_all_tools: $ARG_TRUST_ALL_TOOLS"
+echo "module_dir_name: $ARG_MODULE_DIR_NAME"
+echo "workdir: $ARG_WORKDIR"
+echo "report_tasks: ${ARG_REPORT_TASKS}"
+echo "--------------------------------"
+
+mkdir -p "$HOME/$ARG_MODULE_DIR_NAME"
+
+# Find Amazon Q CLI
+if command_exists q; then
+  Q_CMD=q
+elif [ -x "$HOME/.local/bin/q" ]; then
+  Q_CMD="$HOME/.local/bin/q"
+else
+  echo "Error: Amazon Q CLI not found. Install it or set install_amazon_q=true."
+  exit 1
+fi
+
+mkdir -p "$ARG_WORKDIR"
+cd "$ARG_WORKDIR"
+
+# Set up environment
+export LANG=en_US.UTF-8
+export LC_ALL=en_US.UTF-8
+
+# Build command arguments
+ARGS=(chat)
+
+if [ "$ARG_TRUST_ALL_TOOLS" = "true" ]; then
+  ARGS+=(--trust-all-tools)
+fi
+
+# Log and run with agentapi integration
+printf "Running: %q %s\n" "$Q_CMD" "$(printf '%q ' "${ARGS[@]}")"
+
+# If we have an AI prompt, we need to handle it specially
+if [ -n "$ARG_AI_PROMPT" ]; then
+  if [ "$ARG_REPORT_TASKS" == "true" ]; then
+    PROMPT="Every step of the way, report your progress using coder_report_task tool with proper summary and statuses. Your task at hand: $ARG_AI_PROMPT"
+  else
+    PROMPT="$ARG_AI_PROMPT"
+  fi
+  ARGS+=("$PROMPT")
+fi
+
+# Use agentapi to manage the interactive session with initial prompt
+agentapi server ${ARG_SERVER_PARAMETERS} --term-width 67 --term-height 1190 -- "$Q_CMD" "${ARGS[@]}"
@@ -0,0 +1,27 @@
+{
+  "name": "agent",
+  "description": "This is an default agent config",
+  "prompt": ${system_prompt},
+  "mcpServers": {},
+  "tools": [
+    "fs_read",
+    "fs_write",
+    "execute_bash",
+    "use_aws",
+    "@coder",
+    "knowledge"
+  ],
+  "toolAliases": {},
+  "allowedTools": [
+    "fs_read",
+    "@coder"
+  ],
+  "resources": [
+    "file://AmazonQ.md",
+    "file://README.md",
+    "file://.amazonq/rules/**/*.md"
+  ],
+  "hooks": {},
+  "toolsSettings": {},
+  "useLegacyMcpJson": true
+}
@@ -1,117 +1,142 @@
 ---
 display_name: Claude Code
-description: Run Claude Code in your workspace
+description: Run the Claude Code agent in your workspace.
 icon: ../../../../.icons/claude.svg
 verified: true
-tags: [agent, claude-code, ai, tasks]
+tags: [agent, claude-code, ai, tasks, anthropic]
 ---

 # Claude Code

-Run the [Claude Code](https://docs.anthropic.com/en/docs/agents-and-tools/claude-code/overview) agent in your workspace to generate code and perform tasks.
+Run the [Claude Code](https://docs.anthropic.com/en/docs/agents-and-tools/claude-code/overview) agent in your workspace to generate code and perform tasks. This module integrates with [AgentAPI](https://github.com/coder/agentapi) for task reporting in the Coder UI.

 ```tf
 module "claude-code" {
-  source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "2.2.0"
-  agent_id            = coder_agent.example.id
-  folder              = "/home/coder"
-  install_claude_code = true
-  claude_code_version = "latest"
+  source         = "registry.coder.com/coder/claude-code/coder"
+  version        = "3.0.0"
+  agent_id       = coder_agent.example.id
+  workdir        = "/home/coder/project"
+  claude_api_key = "xxxx-xxxxx-xxxx"
 }
 ```

-> **Security Notice**: This module uses the [`--dangerously-skip-permissions`](https://docs.anthropic.com/en/docs/claude-code/cli-usage#cli-flags) flag when running Claude Code. This flag
-> bypasses standard permission checks and allows Claude Code broader access to your system than normally permitted. While
-> this enables more functionality, it also means Claude Code can potentially execute commands with the same privileges as
-> the user running it. Use this module _only_ in trusted environments and be aware of the security implications.
+> [!WARNING]
+> **Security Notice**: This module uses the `--dangerously-skip-permissions` flag when running Claude Code tasks. This flag bypasses standard permission checks and allows Claude Code broader access to your system than normally permitted. While this enables more functionality, it also means Claude Code can potentially execute commands with the same privileges as the user running it. Use this module _only_ in trusted environments and be aware of the security implications.
+
+> [!NOTE]
+> By default, this module is configured to run the embedded chat interface as a path-based application. In production, we recommend that you configure a [wildcard access URL](https://coder.com/docs/admin/setup#wildcard-access-url) and set `subdomain = true`. See [here](https://coder.com/docs/tutorials/best-practices/security-best-practices#disable-path-based-apps) for more details.

 ## Prerequisites

- You must add the [Coder Login](https://registry.coder.com/modules/coder-login) module to your template
-
-The `codercom/oss-dogfood:latest` container image can be used for testing on container-based workspaces.
+- An **Anthropic API key** or a _Claude Session Token_ is required for tasks.
+  - You can get the API key from the [Anthropic Console](https://console.anthropic.com/dashboard).
+  - You can get the Session Token using the `claude setup-token` command. This is a long-lived authentication token (requires Claude subscription)

 ## Examples

-### Run in the background and report tasks (Experimental)
+### Usage with Tasks and Advanced Configuration

-> This functionality is in early access as of Coder v2.21 and is still evolving.
-> For now, we recommend testing it in a demo or staging environment,
-> rather than deploying to production
->
-> Learn more in [the Coder documentation](https://coder.com/docs/tutorials/ai-agents)
->
-> Join our [Discord channel](https://discord.gg/coder) or
-> [contact us](https://coder.com/contact) to get help or share feedback.
+This example shows how to configure the Claude Code module with an AI prompt, API key shared by all users of the template, and other custom settings.

 ```tf
-variable "anthropic_api_key" {
-  type        = string
-  description = "The Anthropic API key"
-  sensitive   = true
-}
-
-module "coder-login" {
-  count    = data.coder_workspace.me.start_count
-  source   = "registry.coder.com/coder/coder-login/coder"
-  version  = "1.0.15"
-  agent_id = coder_agent.example.id
-}
-
 data "coder_parameter" "ai_prompt" {
  type        = "string"
  name        = "AI Prompt"
  default     = ""
-  description = "Write a prompt for Claude Code"
+  description = "Initial task prompt for Claude Code."
  mutable     = true
 }

-# Set the prompt and system prompt for Claude Code via environment variables
-resource "coder_agent" "main" {
-  # ...
-  env = {
-    CODER_MCP_CLAUDE_API_KEY       = var.anthropic_api_key # or use a coder_parameter
-    CODER_MCP_CLAUDE_TASK_PROMPT   = data.coder_parameter.ai_prompt.value
-    CODER_MCP_APP_STATUS_SLUG      = "claude-code"
-    CODER_MCP_CLAUDE_SYSTEM_PROMPT = <<-EOT
-      You are a helpful assistant that can help with code.
-    EOT
-  }
-}
-
 module "claude-code" {
-  count               = data.coder_workspace.me.start_count
-  source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "2.2.0"
-  agent_id            = coder_agent.example.id
-  folder              = "/home/coder"
-  install_claude_code = true
-  claude_code_version = "1.0.40"
+  source   = "registry.coder.com/coder/claude-code/coder"
+  version  = "3.0.0"
+  agent_id = coder_agent.example.id
+  workdir  = "/home/coder/project"

-  # Enable experimental features
-  experiment_report_tasks = true
+  claude_api_key = "xxxx-xxxxx-xxxx"
+  # OR
+  claude_code_oauth_token = "xxxxx-xxxx-xxxx"
+
+  claude_code_version = "1.0.82" # Pin to a specific version
+  agentapi_version    = "v0.6.1"
+
+  ai_prompt = data.coder_parameter.ai_prompt.value
+  model     = "sonnet"
+
+  permission_mode = "plan"
+
+  mcp = <<-EOF
+  {
+    "mcpServers": {
+      "my-custom-tool": {
+        "command": "my-tool-server"
+        "args": ["--port", "8080"]
+      }
+    }
+  }
+  EOF
 }
 ```

-## Run standalone
+### Standalone Mode

-Run Claude Code as a standalone app in your workspace. This will install Claude Code and run it without any task reporting to the Coder UI.
+Run and configure Claude Code as a standalone CLI in your workspace.

 ```tf
 module "claude-code" {
  source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "2.2.0"
+  version             = "3.0.0"
  agent_id            = coder_agent.example.id
-  folder              = "/home/coder"
+  workdir             = "/home/coder"
  install_claude_code = true
  claude_code_version = "latest"
+  report_tasks        = false
+  cli_app             = true
+}
+```

-  # Icon is not available in Coder v2.20 and below, so we'll use a custom icon URL
-  icon = "https://registry.npmmirror.com/@lobehub/icons-static-png/1.24.0/files/dark/claude-color.png"
+### Usage with Claude Code Subscription
+
+```tf
+
+variable "claude_code_oauth_token" {
+  type        = string
+  description = "Generate one using `claude setup-token` command"
+  sensitive   = true
+  value       = "xxxx-xxx-xxxx"
+}
+
+module "claude-code" {
+  source                  = "registry.coder.com/coder/claude-code/coder"
+  version                 = "3.0.0"
+  agent_id                = coder_agent.example.id
+  workdir                 = "/home/coder/project"
+  claude_code_oauth_token = var.claude_code_oauth_token
 }
 ```

 ## Troubleshooting

-The module will create log files in the workspace's `~/.claude-module` directory. If you run into any issues, look at them for more information.
+If you encounter any issues, check the log files in the `~/.claude-module` directory within your workspace for detailed information.
+
+```bash
+# Installation logs
+cat ~/.claude-module/install.log
+
+# Startup logs
+cat ~/.claude-module/agentapi-start.log
+
+# Pre/post install script logs
+cat ~/.claude-module/pre_install.log
+cat ~/.claude-module/post_install.log
+```
+
+> [!NOTE]
+> To use tasks with Claude Code, you must provide an `anthropic_api_key` or `claude_code_oauth_token`.
+> The `workdir` variable is required and specifies the directory where Claude Code will run.
+
+## References
+
+- [Claude Code Documentation](https://docs.anthropic.com/en/docs/agents-and-tools/claude-code/overview)
+- [AgentAPI Documentation](https://github.com/coder/agentapi)
+- [Coder AI Agents Guide](https://coder.com/docs/tutorials/ai-agents)
@@ -1,37 +1,26 @@
 import {
  test,
  afterEach,
-  expect,
  describe,
  setDefaultTimeout,
  beforeAll,
+  expect,
 } from "bun:test";
-import path from "path";
+import { execContainer, readFileContainer, runTerraformInit } from "~test";
 import {
-  execContainer,
-  findResourceInstance,
-  readFileContainer,
-  removeContainer,
-  runContainer,
-  runTerraformApply,
-  runTerraformInit,
-  writeCoder,
-  writeFileContainer,
-} from "~test";
+  loadTestFile,
+  writeExecutable,
+  setup as setupUtil,
+  execModuleScript,
+  expectAgentAPIStarted,
+} from "../agentapi/test-util";
+import dedent from "dedent";

 let cleanupFunctions: (() => Promise<void>)[] = [];
-
 const registerCleanup = (cleanup: () => Promise<void>) => {
  cleanupFunctions.push(cleanup);
 };
-
-// Cleanup logic depends on the fact that bun's built-in test runner
-// runs tests sequentially.
-// https://bun.sh/docs/test/discovery#execution-order
-// Weird things would happen if tried to run tests in parallel.
-// One test could clean up resources that another test was still using.
 afterEach(async () => {
-  // reverse the cleanup functions so that they are run in the correct order
  const cleanupFnsCopy = cleanupFunctions.slice().reverse();
  cleanupFunctions = [];
  for (const cleanup of cleanupFnsCopy) {
@@ -43,298 +32,281 @@ afterEach(async () => {
  }
 });

-const setupContainer = async ({
-  image,
-  vars,
-}: {
-  image?: string;
-  vars?: Record<string, string>;
-} = {}) => {
-  const state = await runTerraformApply(import.meta.dir, {
-    agent_id: "foo",
-    ...vars,
-  });
-  const coderScript = findResourceInstance(state, "coder_script");
-  const id = await runContainer(image ?? "codercom/enterprise-node:latest");
-  registerCleanup(() => removeContainer(id));
-  return { id, coderScript };
-};
-
-const loadTestFile = async (...relativePath: string[]) => {
-  return await Bun.file(
-    path.join(import.meta.dir, "testdata", ...relativePath),
-  ).text();
-};
-
-const writeExecutable = async ({
-  containerId,
-  filePath,
-  content,
-}: {
-  containerId: string;
-  filePath: string;
-  content: string;
-}) => {
-  await writeFileContainer(containerId, filePath, content, {
-    user: "root",
-  });
-  await execContainer(
-    containerId,
-    ["bash", "-c", `chmod 755 ${filePath}`],
-    ["--user", "root"],
-  );
-};
-
-const writeAgentAPIMockControl = async ({
-  containerId,
-  content,
-}: {
-  containerId: string;
-  content: string;
-}) => {
-  await writeFileContainer(containerId, "/tmp/agentapi-mock.control", content, {
-    user: "coder",
-  });
-};
-
 interface SetupProps {
  skipAgentAPIMock?: boolean;
  skipClaudeMock?: boolean;
+  moduleVariables?: Record<string, string>;
+  agentapiMockScript?: string;
 }

-const projectDir = "/home/coder/project";
-
 const setup = async (props?: SetupProps): Promise<{ id: string }> => {
-  const { id, coderScript } = await setupContainer({
-    vars: {
-      experiment_report_tasks: "true",
+  const projectDir = "/home/coder/project";
+  const { id } = await setupUtil({
+    moduleDir: import.meta.dir,
+    moduleVariables: {
+      install_claude_code: props?.skipClaudeMock ? "true" : "false",
      install_agentapi: props?.skipAgentAPIMock ? "true" : "false",
-      install_claude_code: "false",
-      agentapi_version: "preview",
-      folder: projectDir,
+      workdir: projectDir,
+      ...props?.moduleVariables,
    },
+    registerCleanup,
+    projectDir,
+    skipAgentAPIMock: props?.skipAgentAPIMock,
+    agentapiMockScript: props?.agentapiMockScript,
  });
-  await execContainer(id, ["bash", "-c", `mkdir -p '${projectDir}'`]);
-  // the module script assumes that there is a coder executable in the PATH
-  await writeCoder(id, await loadTestFile("coder-mock.js"));
-  if (!props?.skipAgentAPIMock) {
-    await writeExecutable({
-      containerId: id,
-      filePath: "/usr/bin/agentapi",
-      content: await loadTestFile("agentapi-mock.js"),
-    });
-  }
  if (!props?.skipClaudeMock) {
    await writeExecutable({
      containerId: id,
      filePath: "/usr/bin/claude",
-      content: await loadTestFile("claude-mock.js"),
+      content: await loadTestFile(import.meta.dir, "claude-mock.sh"),
    });
  }
-  await writeExecutable({
-    containerId: id,
-    filePath: "/home/coder/script.sh",
-    content: coderScript.script,
-  });
  return { id };
 };

-const expectAgentAPIStarted = async (id: string) => {
-  const resp = await execContainer(id, [
-    "bash",
-    "-c",
-    `curl -fs -o /dev/null "http://localhost:3284/status"`,
-  ]);
-  if (resp.exitCode !== 0) {
-    console.log("agentapi not started");
-    console.log(resp.stdout);
-    console.log(resp.stderr);
-  }
-  expect(resp.exitCode).toBe(0);
-};
-
-const execModuleScript = async (id: string) => {
-  const resp = await execContainer(id, [
-    "bash",
-    "-c",
-    `set -o errexit; set -o pipefail; cd /home/coder && ./script.sh 2>&1 | tee /home/coder/script.log`,
-  ]);
-  if (resp.exitCode !== 0) {
-    console.log(resp.stdout);
-    console.log(resp.stderr);
-  }
-  return resp;
-};
-
-// increase the default timeout to 60 seconds
 setDefaultTimeout(60 * 1000);

-// we don't run these tests in CI because they take too long and make network
-// calls. they are dedicated for local development.
 describe("claude-code", async () => {
  beforeAll(async () => {
    await runTerraformInit(import.meta.dir);
  });

-  // test that the script runs successfully if claude starts without any errors
  test("happy-path", async () => {
    const { id } = await setup();
+    await execModuleScript(id);
+    await expectAgentAPIStarted(id);
+  });
+
+  test("install-claude-code-version", async () => {
+    const version_to_install = "1.0.40";
+    const { id } = await setup({
+      skipClaudeMock: true,
+      moduleVariables: {
+        install_claude_code: "true",
+        claude_code_version: version_to_install,
+      },
+    });
+    await execModuleScript(id);
+    const resp = await execContainer(id, [
+      "bash",
+      "-c",
+      "cat /home/coder/.claude-module/install.log",
+    ]);
+    expect(resp.stdout).toContain(version_to_install);
+  });
+
+  test("check-latest-claude-code-version-works", async () => {
+    const { id } = await setup({
+      skipClaudeMock: true,
+      skipAgentAPIMock: true,
+      moduleVariables: {
+        install_claude_code: "true",
+      },
+    });
+    await execModuleScript(id);
+    await expectAgentAPIStarted(id);
+  });
+
+  test("claude-api-key", async () => {
+    const apiKey = "test-api-key-123";
+    const { id } = await setup({
+      moduleVariables: {
+        claude_api_key: apiKey,
+      },
+    });
+    await execModuleScript(id);
+
+    const envCheck = await execContainer(id, [
+      "bash",
+      "-c",
+      'env | grep CLAUDE_API_KEY || echo "CLAUDE_API_KEY not found"',
+    ]);
+    expect(envCheck.stdout).toContain("CLAUDE_API_KEY");
+  });
+
+  test("claude-mcp-config", async () => {
+    const mcpConfig = JSON.stringify({
+      mcpServers: {
+        test: {
+          command: "test-cmd",
+          type: "stdio",
+        },
+      },
+    });
+    const { id } = await setup({
+      skipClaudeMock: true,
+      moduleVariables: {
+        mcp: mcpConfig,
+      },
+    });
+    await execModuleScript(id);
+
+    const resp = await readFileContainer(id, "/home/coder/.claude.json");
+    expect(resp).toContain("test-cmd");
+  });
+
+  test("claude-task-prompt", async () => {
+    const prompt = "This is a task prompt for Claude.";
+    const { id } = await setup({
+      moduleVariables: {
+        ai_prompt: prompt,
+      },
+    });
+    await execModuleScript(id);

    const resp = await execContainer(id, [
      "bash",
      "-c",
-      "sudo /home/coder/script.sh",
+      "cat /home/coder/.claude-module/agentapi-start.log",
    ]);
-    expect(resp.exitCode).toBe(0);
-
-    await expectAgentAPIStarted(id);
+    expect(resp.stdout).toContain(prompt);
  });

-  // test that the script removes lastSessionId from the .claude.json file
-  test("last-session-id-removed", async () => {
-    const { id } = await setup();
+  test("claude-permission-mode", async () => {
+    const mode = "plan";
+    const { id } = await setup({
+      moduleVariables: {
+        permission_mode: mode,
+        task_prompt: "test prompt",
+      },
+    });
+    await execModuleScript(id);

-    await writeFileContainer(
-      id,
-      "/home/coder/.claude.json",
-      JSON.stringify({
-        projects: {
-          [projectDir]: {
-            lastSessionId: "123",
-          },
-        },
-      }),
-    );
-
-    const catResp = await execContainer(id, [
-      "bash",
-      "-c",
-      "cat /home/coder/.claude.json",
-    ]);
-    expect(catResp.exitCode).toBe(0);
-    expect(catResp.stdout).toContain("lastSessionId");
-
-    const respModuleScript = await execModuleScript(id);
-    expect(respModuleScript.exitCode).toBe(0);
-
-    await expectAgentAPIStarted(id);
-
-    const catResp2 = await execContainer(id, [
-      "bash",
-      "-c",
-      "cat /home/coder/.claude.json",
-    ]);
-    expect(catResp2.exitCode).toBe(0);
-    expect(catResp2.stdout).not.toContain("lastSessionId");
-  });
-
-  // test that the script handles a .claude.json file that doesn't contain
-  // a lastSessionId field
-  test("last-session-id-not-found", async () => {
-    const { id } = await setup();
-
-    await writeFileContainer(
-      id,
-      "/home/coder/.claude.json",
-      JSON.stringify({
-        projects: {
-          "/home/coder": {},
-        },
-      }),
-    );
-
-    const respModuleScript = await execModuleScript(id);
-    expect(respModuleScript.exitCode).toBe(0);
-
-    await expectAgentAPIStarted(id);
-
-    const catResp = await execContainer(id, [
+    const startLog = await execContainer(id, [
      "bash",
      "-c",
      "cat /home/coder/.claude-module/agentapi-start.log",
    ]);
-    expect(catResp.exitCode).toBe(0);
-    expect(catResp.stdout).toContain(
-      "No lastSessionId found in .claude.json - nothing to do",
-    );
+    expect(startLog.stdout).toContain(`--permission-mode ${mode}`);
  });

-  // test that if claude fails to run with the --continue flag and returns a
-  // no conversation found error, then the module script retries without the flag
-  test("no-conversation-found", async () => {
-    const { id } = await setup();
-    await writeAgentAPIMockControl({
-      containerId: id,
-      content: "no-conversation-found",
+  test("claude-model", async () => {
+    const model = "opus";
+    const { id } = await setup({
+      moduleVariables: {
+        model: model,
+        task_prompt: "test prompt",
+      },
    });
-    // check that mocking works
-    const respAgentAPI = await execContainer(id, [
+    await execModuleScript(id);
+
+    const startLog = await execContainer(id, [
      "bash",
      "-c",
-      "agentapi --continue",
+      "cat /home/coder/.claude-module/agentapi-start.log",
    ]);
-    expect(respAgentAPI.exitCode).toBe(1);
-    expect(respAgentAPI.stderr).toContain("No conversation found to continue");
-
-    const respModuleScript = await execModuleScript(id);
-    expect(respModuleScript.exitCode).toBe(0);
-
-    await expectAgentAPIStarted(id);
+    expect(startLog.stdout).toContain(`--model ${model}`);
  });

-  test("install-agentapi", async () => {
-    const { id } = await setup({ skipAgentAPIMock: true });
-
-    const respModuleScript = await execModuleScript(id);
-    expect(respModuleScript.exitCode).toBe(0);
-
-    await expectAgentAPIStarted(id);
-    const respAgentAPI = await execContainer(id, [
-      "bash",
-      "-c",
-      "agentapi --version",
-    ]);
-    expect(respAgentAPI.exitCode).toBe(0);
-  });
-
-  // the coder binary should be executed with specific env vars
-  // that are set by the module script
-  test("coder-env-vars", async () => {
-    const { id } = await setup();
-
-    const respModuleScript = await execModuleScript(id);
-    expect(respModuleScript.exitCode).toBe(0);
-
-    const respCoderMock = await execContainer(id, [
-      "bash",
-      "-c",
-      "cat /home/coder/coder-mock-output.json",
-    ]);
-    if (respCoderMock.exitCode !== 0) {
-      console.log(respCoderMock.stdout);
-      console.log(respCoderMock.stderr);
-    }
-    expect(respCoderMock.exitCode).toBe(0);
-    expect(JSON.parse(respCoderMock.stdout)).toEqual({
-      statusSlug: "ccw",
-      agentApiUrl: "http://localhost:3284",
+  test("claude-continue-previous-conversation", async () => {
+    const { id } = await setup({
+      moduleVariables: {
+        continue: "true",
+        task_prompt: "test prompt",
+      },
    });
+    await execModuleScript(id);
+
+    const startLog = await execContainer(id, [
+      "bash",
+      "-c",
+      "cat /home/coder/.claude-module/agentapi-start.log",
+    ]);
+    expect(startLog.stdout).toContain("--continue");
  });

-  // verify that the agentapi binary has access to the AGENTAPI_ALLOWED_HOSTS environment variable
-  // set in main.tf
-  test("agentapi-allowed-hosts", async () => {
-    const { id } = await setup();
+  test("pre-post-install-scripts", async () => {
+    const { id } = await setup({
+      moduleVariables: {
+        pre_install_script: "#!/bin/bash\necho 'claude-pre-install-script'",
+        post_install_script: "#!/bin/bash\necho 'claude-post-install-script'",
+      },
+    });
+    await execModuleScript(id);

-    const respModuleScript = await execModuleScript(id);
-    expect(respModuleScript.exitCode).toBe(0);
-
-    await expectAgentAPIStarted(id);
-
-    const agentApiStartLog = await readFileContainer(
+    const preInstallLog = await readFileContainer(
      id,
-      "/home/coder/agentapi-mock.log",
+      "/home/coder/.claude-module/pre_install.log",
+    );
+    expect(preInstallLog).toContain("claude-pre-install-script");
+
+    const postInstallLog = await readFileContainer(
+      id,
+      "/home/coder/.claude-module/post_install.log",
+    );
+    expect(postInstallLog).toContain("claude-post-install-script");
+  });
+
+  test("workdir-variable", async () => {
+    const workdir = "/home/coder/claude-test-folder";
+    const { id } = await setup({
+      skipClaudeMock: false,
+      moduleVariables: {
+        workdir,
+      },
+    });
+    await execModuleScript(id);
+
+    const resp = await readFileContainer(
+      id,
+      "/home/coder/.claude-module/agentapi-start.log",
+    );
+    expect(resp).toContain(workdir);
+  });
+
+  test("coder-mcp-config-created", async () => {
+    const { id } = await setup({
+      moduleVariables: {
+        install_claude_code: "false",
+      },
+    });
+    await execModuleScript(id);
+
+    const installLog = await readFileContainer(
+      id,
+      "/home/coder/.claude-module/install.log",
+    );
+    expect(installLog).toContain(
+      "Configuring Claude Code to report tasks via Coder MCP",
+    );
+  });
+
+  test("dangerously-skip-permissions", async () => {
+    const { id } = await setup({
+      moduleVariables: {
+        dangerously_skip_permissions: "true",
+      },
+    });
+    await execModuleScript(id);
+
+    const startLog = await execContainer(id, [
+      "bash",
+      "-c",
+      "cat /home/coder/.claude-module/agentapi-start.log",
+    ]);
+    expect(startLog.stdout).toContain(`--dangerously-skip-permissions`);
+  });
+
+  test("subdomain-false", async () => {
+    const { id } = await setup({
+      skipAgentAPIMock: true,
+      moduleVariables: {
+        subdomain: "false",
+        post_install_script: dedent`
+        #!/bin/bash
+        env | grep AGENTAPI_CHAT_BASE_PATH || echo "AGENTAPI_CHAT_BASE_PATH not found"
+        `,
+      },
+    });
+
+    await execModuleScript(id);
+    const startLog = await execContainer(id, [
+      "bash",
+      "-c",
+      "cat /home/coder/.claude-module/post_install.log",
+    ]);
+    expect(startLog.stdout).toContain(
+      "ARG_AGENTAPI_CHAT_BASE_PATH=/@default/default.foo/apps/ccw/chat",
    );
-    expect(agentApiStartLog).toContain("AGENTAPI_ALLOWED_HOSTS: *");
  });
 });
@@ -36,12 +36,72 @@ variable "icon" {
  default     = "/icon/claude.svg"
 }

-variable "folder" {
+variable "workdir" {
  type        = string
  description = "The folder to run Claude Code in."
-  default     = "/home/coder"
 }

+variable "report_tasks" {
+  type        = bool
+  description = "Whether to enable task reporting to Coder UI via AgentAPI"
+  default     = true
+}
+
+variable "cli_app" {
+  type        = bool
+  description = "Whether to create a CLI app for Claude Code"
+  default     = false
+}
+
+variable "web_app_display_name" {
+  type        = string
+  description = "Display name for the web app"
+  default     = "Claude Code"
+}
+
+variable "cli_app_display_name" {
+  type        = string
+  description = "Display name for the CLI app"
+  default     = "Claude Code CLI"
+}
+
+variable "pre_install_script" {
+  type        = string
+  description = "Custom script to run before installing Claude Code."
+  default     = null
+}
+
+variable "post_install_script" {
+  type        = string
+  description = "Custom script to run after installing Claude Code."
+  default     = null
+}
+
+variable "install_agentapi" {
+  type        = bool
+  description = "Whether to install AgentAPI."
+  default     = true
+}
+
+variable "agentapi_version" {
+  type        = string
+  description = "The version of AgentAPI to install."
+  default     = "v0.7.1"
+}
+
+variable "ai_prompt" {
+  type        = string
+  description = "Initial task prompt for Claude Code."
+  default     = ""
+}
+
+variable "subdomain" {
+  type        = bool
+  description = "Whether to use a subdomain for AgentAPI."
+  default     = false
+}
+
+
 variable "install_claude_code" {
  type        = bool
  description = "Whether to install Claude Code."
@@ -54,245 +114,179 @@ variable "claude_code_version" {
  default     = "latest"
 }

-variable "experiment_cli_app" {
+variable "claude_api_key" {
+  type        = string
+  description = "The API key to use for the Claude Code server."
+  default     = ""
+}
+
+variable "model" {
+  type        = string
+  description = "Sets the model for the current session with an alias for the latest model (sonnet or opus) or a model’s full name."
+  default     = ""
+}
+
+variable "resume_session_id" {
+  type        = string
+  description = "Resume a specific session by ID."
+  default     = ""
+}
+
+variable "continue" {
  type        = bool
-  description = "Whether to create the CLI workspace app."
+  description = "Load the most recent conversation in the current directory. Task will fail in a new workspace with no conversation/session to continue"
  default     = false
 }

-variable "experiment_cli_app_order" {
-  type        = number
-  description = "The order of the CLI workspace app."
-  default     = null
-}
-
-variable "experiment_cli_app_group" {
-  type        = string
-  description = "The group of the CLI workspace app."
-  default     = null
-}
-
-variable "experiment_report_tasks" {
+variable "dangerously_skip_permissions" {
  type        = bool
-  description = "Whether to enable task reporting."
+  description = "Skip the permission prompts. Use with caution. This will be set to true if using Coder Tasks"
  default     = false
 }

-variable "experiment_pre_install_script" {
+variable "permission_mode" {
  type        = string
-  description = "Custom script to run before installing Claude Code."
-  default     = null
+  description = "Permission mode for the cli, check https://docs.anthropic.com/en/docs/claude-code/iam#permission-modes"
+  default     = ""
+  validation {
+    condition     = contains(["", "default", "acceptEdits", "plan", "bypassPermissions"], var.permission_mode)
+    error_message = "interaction_mode must be one of: default, acceptEdits, plan, bypassPermissions."
+  }
 }

-variable "experiment_post_install_script" {
+variable "mcp" {
  type        = string
-  description = "Custom script to run after installing Claude Code."
-  default     = null
+  description = "MCP JSON to be added to the claude code local scope"
+  default     = ""
 }

-
-variable "install_agentapi" {
-  type        = bool
-  description = "Whether to install AgentAPI."
-  default     = true
-}
-
-variable "agentapi_version" {
+variable "allowed_tools" {
  type        = string
-  description = "The version of AgentAPI to install."
-  default     = "v0.3.3"
+  description = "A list of tools that should be allowed without prompting the user for permission, in addition to settings.json files."
+  default     = ""
 }

-variable "subdomain" {
-  type        = bool
-  description = "Whether to use a subdomain for the Claude Code app."
-  default     = true
+variable "disallowed_tools" {
+  type        = string
+  description = "A list of tools that should be disallowed without prompting the user for permission, in addition to settings.json files."
+  default     = ""
+
+}
+
+variable "claude_code_oauth_token" {
+  type        = string
+  description = "Set up a long-lived authentication token (requires Claude subscription). Generated using `claude setup-token` command"
+  sensitive   = true
+  default     = ""
+}
+
+variable "system_prompt" {
+  type        = string
+  description = "The system prompt to use for the Claude Code server."
+  default     = "Send a task status update to notify the user that you are ready for input, and then wait for user input."
+}
+
+variable "claude_md_path" {
+  type        = string
+  description = "The path to CLAUDE.md."
+  default     = "$HOME/.claude/CLAUDE.md"
+}
+
+resource "coder_env" "claude_code_md_path" {
+  count = var.claude_md_path == "" ? 0 : 1
+
+  agent_id = var.agent_id
+  name     = "CODER_MCP_CLAUDE_MD_PATH"
+  value    = var.claude_md_path
+}
+
+resource "coder_env" "claude_code_system_prompt" {
+  count = var.system_prompt == "" ? 0 : 1
+
+  agent_id = var.agent_id
+  name     = "CODER_MCP_CLAUDE_SYSTEM_PROMPT"
+  value    = var.system_prompt
+}
+
+resource "coder_env" "claude_code_oauth_token" {
+  agent_id = var.agent_id
+  name     = "CLAUDE_CODE_OAUTH_TOKEN"
+  value    = var.claude_code_oauth_token
+}
+
+resource "coder_env" "claude_api_key" {
+  count = length(var.claude_api_key) > 0 ? 1 : 0
+
+  agent_id = var.agent_id
+  name     = "CLAUDE_API_KEY"
+  value    = var.claude_api_key
 }

 locals {
  # we have to trim the slash because otherwise coder exp mcp will
  # set up an invalid claude config 
-  workdir                            = trimsuffix(var.folder, "/")
-  encoded_pre_install_script         = var.experiment_pre_install_script != null ? base64encode(var.experiment_pre_install_script) : ""
-  encoded_post_install_script        = var.experiment_post_install_script != null ? base64encode(var.experiment_post_install_script) : ""
-  agentapi_start_script_b64          = base64encode(file("${path.module}/scripts/agentapi-start.sh"))
-  agentapi_wait_for_start_script_b64 = base64encode(file("${path.module}/scripts/agentapi-wait-for-start.sh"))
-  remove_last_session_id_script_b64  = base64encode(file("${path.module}/scripts/remove-last-session-id.sh"))
-  claude_code_app_slug               = "ccw"
-  // Chat base path is only set if not using a subdomain.
-  // NOTE:
-  //   - Initial support for --chat-base-path was added in v0.3.1 but configuration
-  //     via environment variable AGENTAPI_CHAT_BASE_PATH was added in v0.3.3.
-  //   - As CODER_WORKSPACE_AGENT_NAME is a recent addition we use agent ID
-  //     for backward compatibility.
-  agentapi_chat_base_path = var.subdomain ? "" : "/@${data.coder_workspace_owner.me.name}/${data.coder_workspace.me.name}.${var.agent_id}/apps/${local.claude_code_app_slug}/chat"
-  server_base_path        = var.subdomain ? "" : "/@${data.coder_workspace_owner.me.name}/${data.coder_workspace.me.name}.${var.agent_id}/apps/${local.claude_code_app_slug}"
-  healthcheck_url         = "http://localhost:3284${local.server_base_path}/status"
+  workdir                           = trimsuffix(var.workdir, "/")
+  app_slug                          = "ccw"
+  install_script                    = file("${path.module}/scripts/install.sh")
+  start_script                      = file("${path.module}/scripts/start.sh")
+  module_dir_name                   = ".claude-module"
+  remove_last_session_id_script_b64 = base64encode(file("${path.module}/scripts/remove-last-session-id.sh"))
 }

-# Install and Initialize Claude Code
-resource "coder_script" "claude_code" {
-  agent_id     = var.agent_id
-  display_name = "Claude Code"
-  icon         = var.icon
-  script       = <<-EOT
+module "agentapi" {
+
+  source  = "registry.coder.com/coder/agentapi/coder"
+  version = "1.1.1"
+
+  agent_id             = var.agent_id
+  web_app_slug         = local.app_slug
+  web_app_order        = var.order
+  web_app_group        = var.group
+  web_app_icon         = var.icon
+  web_app_display_name = var.web_app_display_name
+  cli_app              = var.cli_app
+  cli_app_slug         = var.cli_app ? "${local.app_slug}-cli" : null
+  cli_app_display_name = var.cli_app ? var.cli_app_display_name : null
+  agentapi_subdomain   = var.subdomain
+  module_dir_name      = local.module_dir_name
+  install_agentapi     = var.install_agentapi
+  agentapi_version     = var.agentapi_version
+  pre_install_script   = var.pre_install_script
+  post_install_script  = var.post_install_script
+  start_script         = <<-EOT
+     #!/bin/bash
+     set -o errexit
+     set -o pipefail
+     echo -n '${base64encode(local.start_script)}' | base64 -d > /tmp/start.sh
+     echo -n "${local.remove_last_session_id_script_b64}" | base64 -d > "/tmp/remove-last-session-id.sh"
+     chmod +x /tmp/start.sh
+     chmod +x /tmp/remove-last-session-id.sh
+
+     ARG_MODEL='${var.model}' \
+     ARG_RESUME_SESSION_ID='${var.resume_session_id}' \
+     ARG_CONTINUE='${var.continue}' \
+     ARG_DANGEROUSLY_SKIP_PERMISSIONS='${var.dangerously_skip_permissions}' \
+     ARG_PERMISSION_MODE='${var.permission_mode}' \
+     ARG_WORKDIR='${local.workdir}' \
+     ARG_AI_PROMPT='${base64encode(var.ai_prompt)}' \
+     /tmp/start.sh
+   EOT
+
+  install_script = <<-EOT
    #!/bin/bash
-    set -e
-    set -x
+    set -o errexit
+    set -o pipefail

-    command_exists() {
-      command -v "$1" >/dev/null 2>&1
-    }
-
-    function install_claude_code_cli() {
-      echo "Installing Claude Code via official installer"
-      set +e
-      curl -fsSL claude.ai/install.sh | bash -s -- "${var.claude_code_version}" 2>&1
-      CURL_EXIT=$${PIPESTATUS[0]}
-      set -e
-      if [ $CURL_EXIT -ne 0 ]; then
-        echo "Claude Code installer failed with exit code $$CURL_EXIT"
-      fi
-
-      # Ensure binaries are discoverable.
-      export PATH="~/.local/bin:$PATH"
-      echo "Installed Claude Code successfully. Version: $(claude --version || echo 'unknown')"
-    }
-
-    if [ ! -d "${local.workdir}" ]; then
-      echo "Warning: The specified folder '${local.workdir}' does not exist."
-      echo "Creating the folder..."
-      mkdir -p "${local.workdir}"
-      echo "Folder created successfully."
-    fi
-    if [ -n "${local.encoded_pre_install_script}" ]; then
-      echo "Running pre-install script..."
-      echo "${local.encoded_pre_install_script}" | base64 -d > /tmp/pre_install.sh
-      chmod +x /tmp/pre_install.sh
-      /tmp/pre_install.sh
-    fi
-
-    if [ "${var.install_claude_code}" = "true" ]; then
-      install_claude_code_cli
-    fi
-
-    # Install AgentAPI if enabled
-    if [ "${var.install_agentapi}" = "true" ]; then
-      echo "Installing AgentAPI..."
-      arch=$(uname -m)
-      if [ "$arch" = "x86_64" ]; then
-        binary_name="agentapi-linux-amd64"
-      elif [ "$arch" = "aarch64" ]; then
-        binary_name="agentapi-linux-arm64"
-      else
-        echo "Error: Unsupported architecture: $arch"
-        exit 1
-      fi
-      curl \
-        --retry 5 \
-        --retry-delay 5 \
-        --fail \
-        --retry-all-errors \
-        -L \
-        -C - \
-        -o agentapi \
-        "https://github.com/coder/agentapi/releases/download/${var.agentapi_version}/$binary_name"
-      chmod +x agentapi
-      sudo mv agentapi /usr/local/bin/agentapi
-    fi
-    if ! command_exists agentapi; then
-      echo "Error: AgentAPI is not installed. Please enable install_agentapi or install it manually."
-      exit 1
-    fi
-
-    # this must be kept in sync with the agentapi-start.sh script
-    module_path="$HOME/.claude-module"
-    mkdir -p "$module_path/scripts"
-
-    # save the prompt for the agentapi start command
-    echo -n "$CODER_MCP_CLAUDE_TASK_PROMPT" > "$module_path/prompt.txt"
-
-    echo -n "${local.agentapi_start_script_b64}" | base64 -d > "$module_path/scripts/agentapi-start.sh"
-    echo -n "${local.agentapi_wait_for_start_script_b64}" | base64 -d > "$module_path/scripts/agentapi-wait-for-start.sh"
-    echo -n "${local.remove_last_session_id_script_b64}" | base64 -d > "$module_path/scripts/remove-last-session-id.sh"
-    chmod +x "$module_path/scripts/agentapi-start.sh"
-    chmod +x "$module_path/scripts/agentapi-wait-for-start.sh"
-
-    if [ "${var.experiment_report_tasks}" = "true" ]; then
-      echo "Configuring Claude Code to report tasks via Coder MCP..."
-      export CODER_MCP_APP_STATUS_SLUG="${local.claude_code_app_slug}"
-      export CODER_MCP_AI_AGENTAPI_URL="http://localhost:3284"
-      coder exp mcp configure claude-code "${local.workdir}"
-    fi
-
-    if [ -n "${local.encoded_post_install_script}" ]; then
-      echo "Running post-install script..."
-      echo "${local.encoded_post_install_script}" | base64 -d > /tmp/post_install.sh
-      chmod +x /tmp/post_install.sh
-      /tmp/post_install.sh
-    fi
-
-    if ! command_exists claude; then
-      echo "Error: Claude Code is not installed. Please enable install_claude_code or install it manually."
-      exit 1
-    fi
-
-    export LANG=en_US.UTF-8
-    export LC_ALL=en_US.UTF-8
-
-    cd "${local.workdir}"
-
-    # Disable host header check since AgentAPI is proxied by Coder (which does its own validation)
-    export AGENTAPI_ALLOWED_HOSTS="*"
-    
-    # Set chat base path for non-subdomain routing (only set if not using subdomain)
-    export AGENTAPI_CHAT_BASE_PATH="${local.agentapi_chat_base_path}"
-
-    nohup "$module_path/scripts/agentapi-start.sh" use_prompt &> "$module_path/agentapi-start.log" &
-    "$module_path/scripts/agentapi-wait-for-start.sh"
-    EOT
-  run_on_start = true
+    echo -n '${base64encode(local.install_script)}' | base64 -d > /tmp/install.sh
+    chmod +x /tmp/install.sh
+    ARG_CLAUDE_CODE_VERSION='${var.claude_code_version}' \
+    ARG_MCP_APP_STATUS_SLUG='${local.app_slug}' \
+    ARG_INSTALL_CLAUDE_CODE='${var.install_claude_code}' \
+    ARG_REPORT_TASKS='${var.report_tasks}' \
+    ARG_WORKDIR='${local.workdir}' \
+    ARG_ALLOWED_TOOLS='${var.allowed_tools}' \
+    ARG_DISALLOWED_TOOLS='${var.disallowed_tools}' \
+    ARG_MCP='${var.mcp != null ? base64encode(replace(var.mcp, "'", "'\\''")) : ""}' \
+    /tmp/install.sh
+  EOT
 }
-
-resource "coder_app" "claude_code_web" {
-  # use a short slug to mitigate https://github.com/coder/coder/issues/15178
-  slug         = local.claude_code_app_slug
-  display_name = "Claude Code Web"
-  agent_id     = var.agent_id
-  url          = "http://localhost:3284/"
-  icon         = var.icon
-  order        = var.order
-  group        = var.group
-  subdomain    = var.subdomain
-  healthcheck {
-    url       = local.healthcheck_url
-    interval  = 3
-    threshold = 20
-  }
-}
-
-resource "coder_app" "claude_code" {
-  count = var.experiment_cli_app ? 1 : 0
-
-  slug         = "claude-code"
-  display_name = "Claude Code CLI"
-  agent_id     = var.agent_id
-  command      = <<-EOT
-    #!/bin/bash
-    set -e
-
-    export LANG=en_US.UTF-8
-    export LC_ALL=en_US.UTF-8
-
-    agentapi attach
-    EOT
-  icon         = var.icon
-  order        = var.experiment_cli_app_order
-  group        = var.experiment_cli_app_group
-}
-
-resource "coder_ai_task" "claude_code" {
-  sidebar_app {
-    id = coder_app.claude_code_web.id
-  }
-}
@@ -0,0 +1,189 @@
+run "test_claude_code_basic" {
+  command = plan
+
+  variables {
+    agent_id = "test-agent-123"
+    workdir  = "/home/coder/projects"
+  }
+
+  assert {
+    condition     = var.workdir == "/home/coder/projects"
+    error_message = "Workdir variable should be set correctly"
+  }
+
+  assert {
+    condition     = var.agent_id == "test-agent-123"
+    error_message = "Agent ID variable should be set correctly"
+  }
+
+  assert {
+    condition     = var.install_claude_code == true
+    error_message = "Install claude_code should default to true"
+  }
+
+  assert {
+    condition     = var.install_agentapi == true
+    error_message = "Install agentapi should default to true"
+  }
+
+  assert {
+    condition     = var.report_tasks == true
+    error_message = "report_tasks should default to true"
+  }
+}
+
+run "test_claude_code_with_api_key" {
+  command = plan
+
+  variables {
+    agent_id       = "test-agent-456"
+    workdir        = "/home/coder/workspace"
+    claude_api_key = "test-api-key-123"
+  }
+
+  assert {
+    condition     = coder_env.claude_api_key.value == "test-api-key-123"
+    error_message = "Claude API key value should match the input"
+  }
+}
+
+run "test_claude_code_with_custom_options" {
+  command = plan
+
+  variables {
+    agent_id                     = "test-agent-789"
+    workdir                      = "/home/coder/custom"
+    order                        = 5
+    group                        = "development"
+    icon                         = "/icon/custom.svg"
+    model                        = "opus"
+    task_prompt                  = "Help me write better code"
+    permission_mode              = "plan"
+    continue                     = true
+    install_claude_code          = false
+    install_agentapi             = false
+    claude_code_version          = "1.0.0"
+    agentapi_version             = "v0.6.0"
+    dangerously_skip_permissions = true
+  }
+
+  assert {
+    condition     = var.order == 5
+    error_message = "Order variable should be set to 5"
+  }
+
+  assert {
+    condition     = var.group == "development"
+    error_message = "Group variable should be set to 'development'"
+  }
+
+  assert {
+    condition     = var.icon == "/icon/custom.svg"
+    error_message = "Icon variable should be set to custom icon"
+  }
+
+  assert {
+    condition     = var.model == "opus"
+    error_message = "Claude model variable should be set to 'opus'"
+  }
+
+  assert {
+    condition     = var.task_prompt == "Help me write better code"
+    error_message = "Task prompt variable should be set correctly"
+  }
+
+  assert {
+    condition     = var.permission_mode == "plan"
+    error_message = "Permission mode should be set to 'plan'"
+  }
+
+  assert {
+    condition     = var.continue == true
+    error_message = "Continue should be set to true"
+  }
+
+  assert {
+    condition     = var.claude_code_version == "1.0.0"
+    error_message = "Claude Code version should be set to '1.0.0'"
+  }
+
+  assert {
+    condition     = var.agentapi_version == "v0.6.0"
+    error_message = "AgentAPI version should be set to 'v0.6.0'"
+  }
+
+  assert {
+    condition     = var.dangerously_skip_permissions == true
+    error_message = "dangerously_skip_permissions should be set to true"
+  }
+}
+
+run "test_claude_code_with_mcp_and_tools" {
+  command = plan
+
+  variables {
+    agent_id = "test-agent-mcp"
+    workdir  = "/home/coder/mcp-test"
+    mcp = jsonencode({
+      mcpServers = {
+        test = {
+          command = "test-server"
+          args    = ["--config", "test.json"]
+        }
+      }
+    })
+    allowed_tools    = "bash,python"
+    disallowed_tools = "rm"
+  }
+
+  assert {
+    condition     = var.mcp != ""
+    error_message = "MCP configuration should be provided"
+  }
+
+  assert {
+    condition     = var.allowed_tools == "bash,python"
+    error_message = "Allowed tools should be set"
+  }
+
+  assert {
+    condition     = var.disallowed_tools == "rm"
+    error_message = "Disallowed tools should be set"
+  }
+}
+
+run "test_claude_code_with_scripts" {
+  command = plan
+
+  variables {
+    agent_id            = "test-agent-scripts"
+    workdir             = "/home/coder/scripts"
+    pre_install_script  = "echo 'Pre-install script'"
+    post_install_script = "echo 'Post-install script'"
+  }
+
+  assert {
+    condition     = var.pre_install_script == "echo 'Pre-install script'"
+    error_message = "Pre-install script should be set correctly"
+  }
+
+  assert {
+    condition     = var.post_install_script == "echo 'Post-install script'"
+    error_message = "Post-install script should be set correctly"
+  }
+}
+
+run "test_claude_code_permission_mode_validation" {
+  command = plan
+
+  variables {
+    agent_id        = "test-agent-validation"
+    workdir         = "/home/coder/test"
+    permission_mode = "acceptEdits"
+  }
+
+  assert {
+    condition     = contains(["", "default", "acceptEdits", "plan", "bypassPermissions"], var.permission_mode)
+    error_message = "Permission mode should be one of the valid options"
+  }
+}
@@ -1,63 +0,0 @@
-#!/bin/bash
-set -o errexit
-set -o pipefail
-
-# this must be kept in sync with the main.tf file
-module_path="$HOME/.claude-module"
-scripts_dir="$module_path/scripts"
-log_file_path="$module_path/agentapi.log"
-
-# if the first argument is not empty, start claude with the prompt
-if [ -n "$1" ]; then
-  cp "$module_path/prompt.txt" /tmp/claude-code-prompt
-else
-  rm -f /tmp/claude-code-prompt
-fi
-
-# if the log file already exists, archive it
-if [ -f "$log_file_path" ]; then
-  mv "$log_file_path" "$log_file_path"".$(date +%s)"
-fi
-
-# see the remove-last-session-id.sh script for details
-# about why we need it
-# avoid exiting if the script fails
-bash "$scripts_dir/remove-last-session-id.sh" "$(pwd)" 2> /dev/null || true
-
-# we'll be manually handling errors from this point on
-set +o errexit
-
-function start_agentapi() {
-  local continue_flag="$1"
-  local prompt_subshell='"$(cat /tmp/claude-code-prompt)"'
-
-  # use low width to fit in the tasks UI sidebar. height is adjusted so that width x height ~= 80x1000 characters
-  # visible in the terminal screen by default.
-  agentapi server --term-width 67 --term-height 1190 -- \
-    bash -c "claude $continue_flag --dangerously-skip-permissions $prompt_subshell" \
-    > "$log_file_path" 2>&1
-}
-
-echo "Starting AgentAPI..."
-
-# attempt to start claude with the --continue flag
-start_agentapi --continue
-exit_code=$?
-
-echo "First AgentAPI exit code: $exit_code"
-
-if [ $exit_code -eq 0 ]; then
-  exit 0
-fi
-
-# if there was no conversation to continue, claude exited with an error.
-# start claude without the --continue flag.
-if grep -q "No conversation found to continue" "$log_file_path"; then
-  echo "AgentAPI with --continue flag failed, starting claude without it."
-  start_agentapi
-  exit_code=$?
-fi
-
-echo "Second AgentAPI exit code: $exit_code"
-
-exit $exit_code
@@ -1,30 +0,0 @@
-#!/bin/bash
-set -o errexit
-set -o pipefail
-
-# This script waits for the agentapi server to start on port 3284.
-# It considers the server started after 3 consecutive successful responses.
-
-agentapi_started=false
-
-echo "Waiting for agentapi server to start on port 3284..."
-for i in $(seq 1 150); do
-  for j in $(seq 1 3); do
-    sleep 0.1
-    if curl -fs -o /dev/null "http://localhost:3284/status"; then
-      echo "agentapi response received ($j/3)"
-    else
-      echo "agentapi server not responding ($i/15)"
-      continue 2
-    fi
-  done
-  agentapi_started=true
-  break
-done
-
-if [ "$agentapi_started" != "true" ]; then
-  echo "Error: agentapi server did not start on port 3284 after 15 seconds."
-  exit 1
-fi
-
-echo "agentapi server started on port 3284."
@@ -0,0 +1,102 @@
+#!/bin/bash
+set -euo pipefail
+
+source "$HOME"/.bashrc
+
+BOLD='\033[0;1m'
+
+command_exists() {
+  command -v "$1" > /dev/null 2>&1
+}
+
+ARG_CLAUDE_CODE_VERSION=${ARG_CLAUDE_CODE_VERSION:-}
+ARG_WORKDIR=${ARG_WORKDIR:-"$HOME"}
+ARG_INSTALL_CLAUDE_CODE=${ARG_INSTALL_CLAUDE_CODE:-}
+ARG_REPORT_TASKS=${ARG_REPORT_TASKS:-true}
+ARG_MCP_APP_STATUS_SLUG=${ARG_MCP_APP_STATUS_SLUG:-}
+ARG_MCP=$(echo -n "${ARG_MCP:-}" | base64 -d)
+ARG_ALLOWED_TOOLS=${ARG_ALLOWED_TOOLS:-}
+ARG_DISALLOWED_TOOLS=${ARG_DISALLOWED_TOOLS:-}
+
+echo "--------------------------------"
+
+printf "ARG_CLAUDE_CODE_VERSION: %s\n" "$ARG_CLAUDE_CODE_VERSION"
+printf "ARG_WORKDIR: %s\n" "$ARG_WORKDIR"
+printf "ARG_INSTALL_CLAUDE_CODE: %s\n" "$ARG_INSTALL_CLAUDE_CODE"
+printf "ARG_REPORT_TASKS: %s\n" "$ARG_REPORT_TASKS"
+printf "ARG_MCP_APP_STATUS_SLUG: %s\n" "$ARG_MCP_APP_STATUS_SLUG"
+printf "ARG_MCP: %s\n" "$ARG_MCP"
+printf "ARG_ALLOWED_TOOLS: %s\n" "$ARG_ALLOWED_TOOLS"
+printf "ARG_DISALLOWED_TOOLS: %s\n" "$ARG_DISALLOWED_TOOLS"
+
+echo "--------------------------------"
+
+function install_claude_code_cli() {
+  if [ "$ARG_INSTALL_CLAUDE_CODE" = "true" ]; then
+    echo "Installing Claude Code via official installer"
+    set +e
+    curl -fsSL claude.ai/install.sh | bash -s -- "$ARG_CLAUDE_CODE_VERSION" 2>&1
+    CURL_EXIT=${PIPESTATUS[0]}
+    set -e
+    if [ $CURL_EXIT -ne 0 ]; then
+      echo "Claude Code installer failed with exit code $$CURL_EXIT"
+    fi
+
+    # Ensure binaries are discoverable.
+    echo "Creating a symlink for claude"
+    sudo ln -s /home/coder/.local/bin/claude /usr/local/bin/claude
+
+    echo "Installed Claude Code successfully. Version: $(claude --version || echo 'unknown')"
+  else
+    echo "Skipping Claude Code installation as per configuration."
+  fi
+}
+
+function setup_claude_configurations() {
+  if [ ! -d "$ARG_WORKDIR" ]; then
+    echo "Warning: The specified folder '$ARG_WORKDIR' does not exist."
+    echo "Creating the folder..."
+    mkdir -p "$ARG_WORKDIR"
+    echo "Folder created successfully."
+  fi
+
+  module_path="$HOME/.claude-module"
+  mkdir -p "$module_path"
+
+  if [ "$ARG_MCP" != "" ]; then
+    while IFS= read -r server_name && IFS= read -r server_json; do
+      echo "------------------------"
+      echo "Executing: claude mcp add \"$server_name\" '$server_json'"
+      claude mcp add "$server_name" "$server_json"
+      echo "------------------------"
+      echo ""
+    done < <(echo "$ARG_MCP" | jq -r '.mcpServers | to_entries[] | .key, (.value | @json)')
+  fi
+
+  if [ -n "$ARG_ALLOWED_TOOLS" ]; then
+    coder --allowedTools "$ARG_ALLOWED_TOOLS"
+  fi
+
+  if [ -n "$ARG_DISALLOWED_TOOLS" ]; then
+    coder --disallowedTools "$ARG_DISALLOWED_TOOLS"
+  fi
+
+}
+
+function report_tasks() {
+  if [ "$ARG_REPORT_TASKS" = "true" ]; then
+    echo "Configuring Claude Code to report tasks via Coder MCP..."
+    export CODER_MCP_APP_STATUS_SLUG="$ARG_MCP_APP_STATUS_SLUG"
+    export CODER_MCP_AI_AGENTAPI_URL="http://localhost:3284"
+    coder exp mcp configure claude-code "$ARG_WORKDIR"
+  else
+    export CODER_MCP_APP_STATUS_SLUG=""
+    export CODER_MCP_AI_AGENTAPI_URL=""
+    echo "Configuring Claude Code with Coder MCP..."
+    coder exp mcp configure claude-code "$ARG_WORKDIR"
+  fi
+}
+
+install_claude_code_cli
+setup_claude_configurations
+report_tasks
@@ -0,0 +1,82 @@
+#!/bin/bash
+set -euo pipefail
+
+source "$HOME"/.bashrc
+export PATH="$HOME/.local/bin:$PATH"
+
+command_exists() {
+  command -v "$1" > /dev/null 2>&1
+}
+
+ARG_MODEL=${ARG_MODEL:-}
+ARG_RESUME_SESSION_ID=${ARG_RESUME_SESSION_ID:-}
+ARG_CONTINUE=${ARG_CONTINUE:-false}
+ARG_DANGEROUSLY_SKIP_PERMISSIONS=${ARG_DANGEROUSLY_SKIP_PERMISSIONS:-}
+ARG_PERMISSION_MODE=${ARG_PERMISSION_MODE:-}
+ARG_WORKDIR=${ARG_WORKDIR:-"$HOME"}
+ARG_AI_PROMPT=$(echo -n "${ARG_AI_PROMPT:-}" | base64 -d)
+
+echo "--------------------------------"
+
+printf "ARG_MODEL: %s\n" "$ARG_MODEL"
+printf "ARG_RESUME: %s\n" "$ARG_RESUME_SESSION_ID"
+printf "ARG_CONTINUE: %s\n" "$ARG_CONTINUE"
+printf "ARG_DANGEROUSLY_SKIP_PERMISSIONS: %s\n" "$ARG_DANGEROUSLY_SKIP_PERMISSIONS"
+printf "ARG_PERMISSION_MODE: %s\n" "$ARG_PERMISSION_MODE"
+printf "ARG_AI_PROMPT: %s\n" "$ARG_AI_PROMPT"
+printf "ARG_WORKDIR: %s\n" "$ARG_WORKDIR"
+
+echo "--------------------------------"
+
+# see the remove-last-session-id.sh script for details
+# about why we need it
+# avoid exiting if the script fails
+bash "/tmp/remove-last-session-id.sh" "$(pwd)" 2> /dev/null || true
+
+function validate_claude_installation() {
+  if command_exists claude; then
+    printf "Claude Code is installed\n"
+  else
+    printf "Error: Claude Code is not installed. Please enable install_claude_code or install it manually\n"
+    exit 1
+  fi
+}
+
+ARGS=()
+
+function build_claude_args() {
+  if [ -n "$ARG_MODEL" ]; then
+    ARGS+=(--model "$ARG_MODEL")
+  fi
+
+  if [ -n "$ARG_RESUME_SESSION_ID" ]; then
+    ARGS+=(--resume "$ARG_RESUME_SESSION_ID")
+  fi
+
+  if [ "$ARG_CONTINUE" = "true" ]; then
+    ARGS+=(--continue)
+  fi
+
+  if [ -n "$ARG_PERMISSION_MODE" ]; then
+    ARGS+=(--permission-mode "$ARG_PERMISSION_MODE")
+  fi
+
+}
+
+function start_agentapi() {
+  mkdir -p "$ARG_WORKDIR"
+  cd "$ARG_WORKDIR"
+  if [ -n "$ARG_AI_PROMPT" ]; then
+    ARGS+=(--dangerously-skip-permissions "$ARG_AI_PROMPT")
+  else
+    if [ -n "$ARG_DANGEROUSLY_SKIP_PERMISSIONS" ]; then
+      ARGS+=(--dangerously-skip-permissions)
+    fi
+  fi
+  printf "Running claude code with args: %s\n" "$(printf '%q ' "${ARGS[@]}")"
+  agentapi server --type claude --term-width 67 --term-height 1190 -- claude "${ARGS[@]}"
+}
+
+validate_claude_installation
+build_claude_args
+start_agentapi
@@ -1,39 +0,0 @@
-#!/usr/bin/env node
-
-const http = require("http");
-const fs = require("fs");
-const args = process.argv.slice(2);
-const port = 3284;
-
-const controlFile = "/tmp/agentapi-mock.control";
-let control = "";
-if (fs.existsSync(controlFile)) {
-  control = fs.readFileSync(controlFile, "utf8");
-}
-
-if (
-  control === "no-conversation-found" &&
-  args.join(" ").includes("--continue")
-) {
-  // this must match the error message in the agentapi-start.sh script
-  console.error("No conversation found to continue");
-  process.exit(1);
-}
-
-fs.writeFileSync(
-  "/home/coder/agentapi-mock.log",
-  `AGENTAPI_ALLOWED_HOSTS: ${process.env.AGENTAPI_ALLOWED_HOSTS}`,
-);
-
-console.log(`starting server on port ${port}`);
-
-http
-  .createServer(function (_request, response) {
-    response.writeHead(200);
-    response.end(
-      JSON.stringify({
-        status: "stable",
-      }),
-    );
-  })
-  .listen(port);
@@ -1,9 +0,0 @@
-#!/usr/bin/env node
-
-const main = async () => {
-  console.log("mocking claude");
-  // sleep for 30 minutes
-  await new Promise((resolve) => setTimeout(resolve, 30 * 60 * 1000));
-};
-
-main();
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [[ "$1" == "--version" ]]; then
+  echo "claude version v1.0.0"
+  exit 0
+fi
+
+set -e
+
+while true; do
+  echo "$(date) - claude-mock"
+  sleep 15
+done
@@ -1,14 +0,0 @@
-#!/usr/bin/env node
-
-const fs = require("fs");
-
-const statusSlugEnvVar = "CODER_MCP_APP_STATUS_SLUG";
-const agentApiUrlEnvVar = "CODER_MCP_AI_AGENTAPI_URL";
-
-fs.writeFileSync(
-  "/home/coder/coder-mock-output.json",
-  JSON.stringify({
-    statusSlug: process.env[statusSlugEnvVar] ?? "env var not set",
-    agentApiUrl: process.env[agentApiUrlEnvVar] ?? "env var not set",
-  }),
-);
@@ -13,7 +13,7 @@ Run the [Goose](https://block.github.io/goose/) agent in your workspace to gener
 ```tf
 module "goose" {
  source           = "registry.coder.com/coder/goose/coder"
-  version          = "2.1.1"
+  version          = "2.1.2"
  agent_id         = coder_agent.example.id
  folder           = "/home/coder"
  install_goose    = true
@@ -79,7 +79,7 @@ resource "coder_agent" "main" {
 module "goose" {
  count            = data.coder_workspace.me.start_count
  source           = "registry.coder.com/coder/goose/coder"
-  version          = "2.1.1"
+  version          = "2.1.2"
  agent_id         = coder_agent.example.id
  folder           = "/home/coder"
  install_goose    = true
@@ -123,4 +123,6 @@ Note: The indentation in the heredoc is preserved, so you can write the YAML nat

 ## Troubleshooting

+By default, this module is configured to run the embedded chat interface as a path-based application. In production, we recommend that you configure a [wildcard access URL](https://coder.com/docs/admin/setup#wildcard-access-url) and set `subdomain = true`. See [here](https://coder.com/docs/tutorials/best-practices/security-best-practices#disable-path-based-apps) for more details.
+
 The module will create log files in the workspace's `~/.goose-module` directory. If you run into any issues, look at them for more information.
@@ -2,6 +2,7 @@ import {
  test,
  afterEach,
  describe,
+  it,
  setDefaultTimeout,
  beforeAll,
  expect,
@@ -253,22 +254,41 @@ describe("goose", async () => {
    expect(prompt.stderr).toContain("No such file or directory");
  });

-  test("subdomain-false", async () => {
-    const { id } = await setup({
-      agentapiMockScript: await loadTestFile(
-        import.meta.dir,
-        "agentapi-mock-print-args.js",
-      ),
-      moduleVariables: {
-        subdomain: "false",
-      },
+  describe("subdomain", async () => {
+    it("sets AGENTAPI_CHAT_BASE_PATH when false", async () => {
+      const { id } = await setup({
+        agentapiMockScript: await loadTestFile(
+          import.meta.dir,
+          "agentapi-mock-print-args.js",
+        ),
+        moduleVariables: {
+          subdomain: "false",
+        },
+      });
+
+      await execModuleScript(id);
+
+      const agentapiMockOutput = await readFileContainer(id, agentapiStartLog);
+      expect(agentapiMockOutput).toContain(
+        "AGENTAPI_CHAT_BASE_PATH=/@default/default.foo/apps/goose/chat",
+      );
    });

-    await execModuleScript(id);
+    it("does not set AGENTAPI_CHAT_BASE_PATH when true", async () => {
+      const { id } = await setup({
+        agentapiMockScript: await loadTestFile(
+          import.meta.dir,
+          "agentapi-mock-print-args.js",
+        ),
+        moduleVariables: {
+          subdomain: "true",
+        },
+      });

-    const agentapiMockOutput = await readFileContainer(id, agentapiStartLog);
-    expect(agentapiMockOutput).toContain(
-      "AGENTAPI_CHAT_BASE_PATH=/@default/default.foo/apps/goose/chat",
-    );
+      await execModuleScript(id);
+
+      const agentapiMockOutput = await readFileContainer(id, agentapiStartLog);
+      expect(agentapiMockOutput).toMatch(/AGENTAPI_CHAT_BASE_PATH=$/m);
+    });
  });
 });
@@ -69,7 +69,7 @@ variable "agentapi_version" {
 variable "subdomain" {
  type        = bool
  description = "Whether to use a subdomain for AgentAPI."
-  default     = true
+  default     = false
 }

 variable "goose_provider" {
@@ -16,7 +16,7 @@ Install the JF CLI and authenticate package managers with Artifactory using OAut
 module "jfrog" {
  count          = data.coder_workspace.me.start_count
  source         = "registry.coder.com/coder/jfrog-oauth/coder"
-  version        = "1.1.0"
+  version        = "1.2.0"
  agent_id       = coder_agent.example.id
  jfrog_url      = "https://example.jfrog.io"
  username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
@@ -27,6 +27,7 @@ module "jfrog" {
    pypi   = ["pypi", "extra-index-pypi"]
    docker = ["example-docker-staging.jfrog.io", "example-docker-production.jfrog.io"]
    conda  = ["conda", "conda-local"]
+    maven  = ["maven", "maven-local"]
  }
 }
 ```
@@ -46,7 +47,7 @@ Configure the Python pip package manager to fetch packages from Artifactory whil
 module "jfrog" {
  count          = data.coder_workspace.me.start_count
  source         = "registry.coder.com/coder/jfrog-oauth/coder"
-  version        = "1.1.0"
+  version        = "1.2.0"
  agent_id       = coder_agent.example.id
  jfrog_url      = "https://example.jfrog.io"
  username_field = "email"
@@ -75,7 +76,7 @@ The [JFrog extension](https://open-vsx.org/extension/JFrog/jfrog-vscode-extensio
 module "jfrog" {
  count                 = data.coder_workspace.me.start_count
  source                = "registry.coder.com/coder/jfrog-oauth/coder"
-  version               = "1.1.0"
+  version               = "1.2.0"
  agent_id              = coder_agent.example.id
  jfrog_url             = "https://example.jfrog.io"
  username_field        = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
@@ -150,4 +150,38 @@ EOF`;
      'if [ -z "YES" ]; then\n  not_configured conda',
    );
  });
+  it("generates a maven settings.xml with multiple repos", async () => {
+    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
+      agent_id: "some-agent-id",
+      jfrog_url: fakeFrogUrl,
+      package_managers: JSON.stringify({
+        maven: ["central", "snapshots", "local"],
+      }),
+    });
+
+    const coderScript = findResourceInstance(state, "coder_script");
+
+    expect(coderScript.script).toContain(
+      'jf mvnc --global --repo-resolve "central"',
+    );
+
+    expect(coderScript.script).toContain("<servers>");
+    expect(coderScript.script).toContain("<id>central</id>");
+    expect(coderScript.script).toContain("<id>snapshots</id>");
+    expect(coderScript.script).toContain("<id>local</id>");
+
+    expect(coderScript.script).toContain(
+      "<url>http://localhost:8081/artifactory/central</url>",
+    );
+    expect(coderScript.script).toContain(
+      "<url>http://localhost:8081/artifactory/snapshots</url>",
+    );
+    expect(coderScript.script).toContain(
+      "<url>http://localhost:8081/artifactory/local</url>",
+    );
+
+    expect(coderScript.script).toContain(
+      'if [ -z "YES" ]; then\n  not_configured maven',
+    );
+  });
 });
@@ -59,6 +59,7 @@ variable "package_managers" {
    pypi   = optional(list(string), [])
    docker = optional(list(string), [])
    conda  = optional(list(string), [])
+    maven  = optional(list(string), [])
  })
  description = <<-EOF
    A map of package manager names to their respective artifactory repositories. Unused package managers can be omitted.
@@ -69,6 +70,7 @@ variable "package_managers" {
        pypi   = ["YOUR_PYPI_REPO_KEY", "ANOTHER_PYPI_REPO_KEY"]
        docker = ["YOUR_DOCKER_REPO_KEY", "ANOTHER_DOCKER_REPO_KEY"]
        conda  = ["YOUR_CONDA_REPO_KEY", "ANOTHER_CONDA_REPO_KEY"]
+        maven  = ["YOUR_MAVEN_REPO_KEY", "ANOTHER_MAVEN_REPO_KEY"]
      }
  EOF
 }
@@ -103,6 +105,9 @@ locals {
  conda_conf = templatefile(
    "${path.module}/conda.conf.tftpl", merge(local.common_values, { REPOS = var.package_managers.conda })
  )
+  maven_settings = templatefile(
+    "${path.module}/settings.xml.tftpl", merge(local.common_values, { REPOS = var.package_managers.maven })
+  )
 }

 data "coder_workspace" "me" {}
@@ -133,6 +138,9 @@ resource "coder_script" "jfrog" {
      HAS_CONDA             = length(var.package_managers.conda) == 0 ? "" : "YES"
      CONDA_CONF            = local.conda_conf
      REPOSITORY_CONDA      = try(element(var.package_managers.conda, 0), "")
+      HAS_MAVEN             = length(var.package_managers.maven) == 0 ? "" : "YES"
+      MAVEN_SETTINGS        = local.maven_settings
+      REPOSITORY_MAVEN      = try(element(var.package_managers.maven, 0), "")
    }
  ))
  run_on_start = true
@@ -94,6 +94,20 @@ EOF
  config_complete
 fi

+# Configure Maven to use the Artifactory "maven" repository.
+if [ -z "${HAS_MAVEN}" ]; then
+  not_configured maven
+else
+  echo "☕ Configuring maven..."
+  jf mvnc --global --repo-resolve "${REPOSITORY_MAVEN}"
+  # Create Maven config directory if it doesn't exist
+  mkdir -p ~/.m2
+  cat << EOF > ~/.m2/settings.xml
+${MAVEN_SETTINGS}
+EOF
+  config_complete
+fi
+
 # Install the JFrog vscode extension for code-server.
 if [ "${CONFIGURE_CODE_SERVER}" == "true" ]; then
  while ! [ -x /tmp/code-server/bin/code-server ]; do
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
+          http://maven.apache.org/xsd/settings-1.0.0.xsd">
+  
+  <servers>
+%{ for REPO in REPOS ~}
+    <server>
+      <id>${REPO}</id>
+      <username>${ARTIFACTORY_USERNAME}</username>
+      <password>${ARTIFACTORY_ACCESS_TOKEN}</password>
+    </server>
+%{ endfor ~}
+  </servers>
+  
+  <profiles>
+    <profile>
+      <id>artifactory</id>
+      <repositories>
+%{ for REPO in REPOS ~}
+        <repository>
+          <id>${REPO}</id>
+          <url>${JFROG_URL}/artifactory/${REPO}</url>
+          <releases>
+            <enabled>true</enabled>
+          </releases>
+          <snapshots>
+            <enabled>true</enabled>
+          </snapshots>
+        </repository>
+%{ endfor ~}
+      </repositories>
+      <pluginRepositories>
+%{ for REPO in REPOS ~}
+        <pluginRepository>
+          <id>${REPO}</id>
+          <url>${JFROG_URL}/artifactory/${REPO}</url>
+          <releases>
+            <enabled>true</enabled>
+          </releases>
+          <snapshots>
+            <enabled>true</enabled>
+          </snapshots>
+        </pluginRepository>
+%{ endfor ~}
+      </pluginRepositories>
+    </profile>
+  </profiles>
+  
+  <activeProfiles>
+    <activeProfile>artifactory</activeProfile>
+  </activeProfiles>
+  
+</settings>
@@ -13,7 +13,7 @@ Install the JF CLI and authenticate package managers with Artifactory using Arti
 ```tf
 module "jfrog" {
  source                   = "registry.coder.com/coder/jfrog-token/coder"
-  version                  = "1.1.0"
+  version                  = "1.2.0"
  agent_id                 = coder_agent.example.id
  jfrog_url                = "https://XXXX.jfrog.io"
  artifactory_access_token = var.artifactory_access_token
@@ -23,6 +23,7 @@ module "jfrog" {
    pypi   = ["pypi", "extra-index-pypi"]
    docker = ["example-docker-staging.jfrog.io", "example-docker-production.jfrog.io"]
    conda  = ["conda", "conda-local"]
+    maven  = ["maven", "maven-local"]
  }
 }
 ```
@@ -41,7 +42,7 @@ For detailed instructions, please see this [guide](https://coder.com/docs/v2/lat
 ```tf
 module "jfrog" {
  source                   = "registry.coder.com/coder/jfrog-token/coder"
-  version                  = "1.1.0"
+  version                  = "1.2.0"
  agent_id                 = coder_agent.example.id
  jfrog_url                = "https://YYYY.jfrog.io"
  artifactory_access_token = var.artifactory_access_token # An admin access token
@@ -50,17 +51,19 @@ module "jfrog" {
    go    = ["go-local"]
    pypi  = ["pypi-local"]
    conda = ["conda-local"]
+    maven = ["maven-local"]
  }
 }
 ```

-You should now be able to install packages from Artifactory using both the `jf npm`, `jf go`, `jf pip` and `npm`, `go`, `pip`, `conda` commands.
+You should now be able to install packages from Artifactory using both the `jf npm`, `jf go`, `jf pip` and `npm`, `go`, `pip`, `conda`, `maven` commands.

 ```shell
 jf npm install prettier
 jf go get github.com/golang/example/hello
 jf pip install requests
 conda install numpy
+mvn clean install
 ```

 ```shell
@@ -68,6 +71,7 @@ npm install prettier
 go get github.com/golang/example/hello
 pip install requests
 conda install numpy
+mvn clean install
 ```

 ### Configure code-server with JFrog extension
@@ -77,7 +81,7 @@ The [JFrog extension](https://open-vsx.org/extension/JFrog/jfrog-vscode-extensio
 ```tf
 module "jfrog" {
  source                   = "registry.coder.com/coder/jfrog-token/coder"
-  version                  = "1.1.0"
+  version                  = "1.2.0"
  agent_id                 = coder_agent.example.id
  jfrog_url                = "https://XXXX.jfrog.io"
  artifactory_access_token = var.artifactory_access_token
@@ -97,7 +101,7 @@ data "coder_workspace" "me" {}

 module "jfrog" {
  source                   = "registry.coder.com/coder/jfrog-token/coder"
-  version                  = "1.1.0"
+  version                  = "1.2.0"
  agent_id                 = coder_agent.example.id
  jfrog_url                = "https://XXXX.jfrog.io"
  artifactory_access_token = var.artifactory_access_token
@@ -187,4 +187,39 @@ EOF`;
      'if [ -z "YES" ]; then\n  not_configured conda',
    );
  });
+  it("generates a maven settings.xml with multiple repos", async () => {
+    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
+      agent_id: "some-agent-id",
+      jfrog_url: fakeFrogUrl,
+      artifactory_access_token: "XXXX",
+      package_managers: JSON.stringify({
+        maven: ["central", "snapshots", "local"],
+      }),
+    });
+
+    const coderScript = findResourceInstance(state, "coder_script");
+
+    expect(coderScript.script).toContain(
+      'jf mvnc --global --repo-resolve "central"',
+    );
+
+    expect(coderScript.script).toContain("<servers>");
+    expect(coderScript.script).toContain("<id>central</id>");
+    expect(coderScript.script).toContain("<id>snapshots</id>");
+    expect(coderScript.script).toContain("<id>local</id>");
+
+    expect(coderScript.script).toContain(
+      `<url>${fakeFrogUrl}/artifactory/central</url>`,
+    );
+    expect(coderScript.script).toContain(
+      `<url>${fakeFrogUrl}/artifactory/snapshots</url>`,
+    );
+    expect(coderScript.script).toContain(
+      `<url>${fakeFrogUrl}/artifactory/local</url>`,
+    );
+
+    expect(coderScript.script).toContain(
+      'if [ -z "YES" ]; then\n  not_configured maven',
+    );
+  });
 });
@@ -92,6 +92,7 @@ variable "package_managers" {
    pypi   = optional(list(string), [])
    docker = optional(list(string), [])
    conda  = optional(list(string), [])
+    maven  = optional(list(string), [])
  })
  description = <<-EOF
    A map of package manager names to their respective artifactory repositories. Unused package managers can be omitted.
@@ -102,6 +103,7 @@ variable "package_managers" {
        pypi   = ["YOUR_PYPI_REPO_KEY", "ANOTHER_PYPI_REPO_KEY"]
        docker = ["YOUR_DOCKER_REPO_KEY", "ANOTHER_DOCKER_REPO_KEY"]
        conda  = ["YOUR_CONDA_REPO_KEY", "ANOTHER_CONDA_REPO_KEY"]
+        maven  = ["YOUR_MAVEN_REPO_KEY", "ANOTHER_MAVEN_REPO_KEY"]
      }
  EOF
 }
@@ -136,6 +138,9 @@ locals {
  conda_conf = templatefile(
    "${path.module}/conda.conf.tftpl", merge(local.common_values, { REPOS = var.package_managers.conda })
  )
+  maven_settings = templatefile(
+    "${path.module}/settings.xml.tftpl", merge(local.common_values, { REPOS = var.package_managers.maven })
+  )
 }

 # Configure the Artifactory provider
@@ -179,6 +184,9 @@ resource "coder_script" "jfrog" {
      HAS_CONDA             = length(var.package_managers.conda) == 0 ? "" : "YES"
      CONDA_CONF            = local.conda_conf
      REPOSITORY_CONDA      = try(element(var.package_managers.conda, 0), "")
+      HAS_MAVEN             = length(var.package_managers.maven) == 0 ? "" : "YES"
+      MAVEN_SETTINGS        = local.maven_settings
+      REPOSITORY_MAVEN      = try(element(var.package_managers.maven, 0), "")
    }
  ))
  run_on_start = true
@@ -93,6 +93,20 @@ EOF
  config_complete
 fi

+# Configure Maven to use the Artifactory "maven" repository.
+if [ -z "${HAS_MAVEN}" ]; then
+  not_configured maven
+else
+  echo "☕ Configuring maven..."
+  jf mvnc --global --repo-resolve "${REPOSITORY_MAVEN}"
+  # Create Maven config directory if it doesn't exist
+  mkdir -p ~/.m2
+  cat << EOF > ~/.m2/settings.xml
+${MAVEN_SETTINGS}
+EOF
+  config_complete
+fi
+
 # Install the JFrog vscode extension for code-server.
 if [ "${CONFIGURE_CODE_SERVER}" == "true" ]; then
  while ! [ -x /tmp/code-server/bin/code-server ]; do
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
+          http://maven.apache.org/xsd/settings-1.0.0.xsd">
+  
+  <servers>
+%{ for REPO in REPOS ~}
+    <server>
+      <id>${REPO}</id>
+      <username>${ARTIFACTORY_USERNAME}</username>
+      <password>${ARTIFACTORY_ACCESS_TOKEN}</password>
+    </server>
+%{ endfor ~}
+  </servers>
+  
+  <profiles>
+    <profile>
+      <id>artifactory</id>
+      <repositories>
+%{ for REPO in REPOS ~}
+        <repository>
+          <id>${REPO}</id>
+          <url>${JFROG_URL}/artifactory/${REPO}</url>
+          <releases>
+            <enabled>true</enabled>
+          </releases>
+          <snapshots>
+            <enabled>true</enabled>
+          </snapshots>
+        </repository>
+%{ endfor ~}
+      </repositories>
+      <pluginRepositories>
+%{ for REPO in REPOS ~}
+        <pluginRepository>
+          <id>${REPO}</id>
+          <url>${JFROG_URL}/artifactory/${REPO}</url>
+          <releases>
+            <enabled>true</enabled>
+          </releases>
+          <snapshots>
+            <enabled>true</enabled>
+          </snapshots>
+        </pluginRepository>
+%{ endfor ~}
+      </pluginRepositories>
+    </profile>
+  </profiles>
+  
+  <activeProfiles>
+    <activeProfile>artifactory</activeProfile>
+  </activeProfiles>
+  
+</settings>
@@ -14,11 +14,12 @@ Automatically install [KasmVNC](https://kasmweb.com/kasmvnc) in a workspace, and
 module "kasmvnc" {
  count               = data.coder_workspace.me.start_count
  source              = "registry.coder.com/coder/kasmvnc/coder"
-  version             = "1.2.2"
+  version             = "1.2.3"
  agent_id            = coder_agent.example.id
  desktop_environment = "xfce"
  subdomain           = true
 }
 ```

-> **Note:** This module only works on workspaces with a pre-installed desktop environment. As an example base image you can use `codercom/enterprise-desktop` image.
+> [!IMPORTANT]
+> This module only works on workspaces with a pre-installed desktop environment. As an example base image you can use [`codercom/example-desktop`](https://hub.docker.com/r/codercom/example-desktop) image.
@@ -40,7 +40,7 @@ variable "use_kubeconfig" {

 variable "namespace" {
  type        = string
-  default     = "default"
+  default     = "coder"
  description = "The Kubernetes namespace to create workspaces in (must exist prior to creating workspaces). If the Coder host is itself running as a Pod on the same Kubernetes cluster as you are deploying workspaces to, set this to the same namespace."
 }

@@ -62,7 +62,7 @@ data "coder_parameter" "cpu" {
  display_name = "CPU"
  description  = "CPU limit (cores)."
  default      = "2"
-  icon         = "/emojis/1f5a5.png"
+  icon         = "/icon/memory.svg"
  mutable      = true
  validation {
    min = 1
@@ -161,6 +161,8 @@ locals {
    # ENVBUILDER_GIT_URL and ENVBUILDER_CACHE_REPO will be overridden by the provider
    # if the cache repo is enabled.
    "ENVBUILDER_GIT_URL" : var.cache_repo == "" ? local.repo_url : "",
+    # Used for when SSH is an available authentication mechanism for git providers
+    "ENVBUILDER_GIT_SSH_PRIVATE_KEY_BASE64" : base64encode(try(data.coder_workspace_owner.me.ssh_private_key, "")),
    # Use the docker gateway if the access URL is 127.0.0.1
    "ENVBUILDER_INIT_SCRIPT" : replace(coder_agent.main.init_script, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal"),
    "ENVBUILDER_FALLBACK_IMAGE" : data.coder_parameter.fallback_image.value,
@@ -263,8 +265,9 @@ resource "kubernetes_deployment" "main" {
          name              = "dev"
          image             = var.cache_repo == "" ? local.devcontainer_builder_image : envbuilder_cached_image.cached.0.image
          image_pull_policy = "Always"
-          security_context {}
-
+          security_context {
+            privileged = true
+          }
          # Set the environment using cached_image.cached.0.env if the cache repo is enabled.
          # Otherwise, use the local.envbuilder_env.
          # You could alternatively write the environment variables to a ConfigMap or Secret
@@ -352,21 +355,22 @@ resource "coder_agent" "main" {
  # if you don't want to display any information.
  # For basic resources, you can use the `coder stat` command.
  # If you need more control, you can write your own script.
-  metadata {
-    display_name = "CPU Usage"
-    key          = "0_cpu_usage"
-    script       = "coder stat cpu"
-    interval     = 10
-    timeout      = 1
-  }
-
-  metadata {
-    display_name = "RAM Usage"
-    key          = "1_ram_usage"
-    script       = "coder stat mem"
-    interval     = 10
-    timeout      = 1
-  }
+  # Note: May not work on AWS Linux Nodes See: https://github.com/coder/clistat/issues/17
+  # metadata {
+  #   display_name = "CPU Usage"
+  #   key          = "0_cpu_usage"
+  #   script       = "coder stat cpu"
+  #   interval     = 10
+  #   timeout      = 1
+  # }
+  # Note: May not work on AWS Linux Nodes
+  # metadata {
+  #   display_name = "RAM Usage"
+  #   key          = "1_ram_usage"
+  #   script       = "coder stat mem"
+  #   interval     = 10
+  #   timeout      = 1
+  # }

  metadata {
    display_name = "Workspaces Disk"
Author	SHA1	Message	Date
35C4n0r	d212de47ed	feat: refactor claude code to use agentapi module (#402 ) Closes #302 ## Description <!-- Briefly describe what this PR does and why --> ## Type of Change - [ ] New module - [ ] Bug fix - [x] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information <!-- Delete this section if not applicable --> Path: `registry/[namespace]/modules/[module-name]` New version: `v3.0.0` Breaking change: [ ] Yes [ ] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun run fmt`) - [x] Changes tested locally ## Related Issues <!-- Link related issues or write "None" if not applicable --> --------- Co-authored-by: DevCats <christofer@coder.com> Co-authored-by: Atif Ali <me@matifali.dev>	2025-09-18 10:04:52 -05:00
Marcin Tojek	54b9bf3038	add: nextflow module (#416 )	2025-09-18 09:30:48 +00:00
Cian Johnston	cb990bbee0	fix(registry/modules/claude-code): default subdomain to false (#419 ) Relates to https://github.com/coder/coder/issues/18779 By default, we set `subdomain = true`. Most folks testing this out don't have a wildcard subdomain setup. This switches to path-based behaviour by default and adds a note to the troubleshooting section.	2025-09-15 13:09:12 +01:00
Cian Johnston	213aabb3b0	fix(registry/modules/goose): default subdomain to false (#420 ) Relates to https://github.com/coder/coder/issues/18779 See also https://github.com/coder/registry/pull/419 By default, we set subdomain = true. Most folks testing this out don't have a wildcard subdomain setup. This switches to path-based behaviour by default and adds a note to the troubleshooting section.	2025-09-15 09:00:07 +01:00
david-fraley	2937286712	feat: update Tasks on Docker Template (#418 )	2025-09-11 21:53:22 +00:00
Atif Ali	8d556a8ab7	chore: update KasmVNC README note (#417 )	2025-09-11 15:46:44 +05:00
Michael Orlov	16015559e2	feat: refactor Amazon Q module to use agentAPI (#362 ) ### Title: feat: complete amazon-q module v2.0.0 with comprehensive enhancements ### Description: Closes #240 This PR introduces a complete rewrite and enhancement of the amazon-q module, bringing it to version 2.0.0. The module now provides AgentAPI support. ## Type of Change - [ ] New module - [ ] Bug fix - [x] Feature/enhancement - [x] Documentation - [ ] Other ## Module Information Path: `registry/coder/modules/amazon-q` New version: `v2.0.0` Breaking change: [x] Yes [ ] No ## Key Features & Enhancements ### 🚀 Core Functionality - AgentAPI Support: Web and CLI app integration with health checks - Amazon Q CLI Integration: Automatic installation and configuration of Amazon Q CLI - MCP Integration: Model Context Protocol support for task reporting to Coder - Authentication System: Tarball-based authentication with environment variable management ### 🛠️ Customization & Configuration - Pre/Post Install Scripts: Support for custom setup and finalization scripts - Agent Configuration: Templated agent config with tool and resource management - Custom System Prompts: Configurable AI behavior and task reporting instructions - Version Pinning: Support for specific Amazon Q CLI and AgentAPI versions ### 📚 Documentation & Testing - Comprehensive README: Complete user guide with examples, configuration details, and troubleshooting - Visual Documentation: Updated screenshots and interface examples - Terraform Testing: Complete .tftest.hcl with 8 test cases (all passing) - Registry Compliance: Full adherence to Coder Registry contributing guidelines d## Breaking Changes This is a major version update (v2.0.0) with breaking changes: - Renamed variables names (Removed experimantal_ prefix) - Updated AgentAPI integration method - Modified default configuration structure ## Testing & Validation - [x] Tests pass (`terraform test` - 8/8 tests passing) - [x] Code formatted (`bun run fmt`) - [x] Changes tested locally - [x] Registry compliance verified - [x] Documentation reviewed and updated ## Related Issues Closes #240 - Amazon Q module enhancement request ## Additional Notes - Module is now production-ready with professional quality code and documentation - Full compliance with Coder Registry contributing guidelines - Comprehensive test coverage ensures reliability - Ready for registry submission and community use ## Screenshots: <img width="3001" height="1068" alt="image" src="https://github.com/user-attachments/assets/24453cb3-d4dc-4a45-bb62-7a834940ebae" /> <img width="1209" height="600" alt="image" src="https://github.com/user-attachments/assets/f2b18c42-ba7f-4e16-a9e7-d51ad1095712" /> <img width="1505" height="1251" alt="image" src="https://github.com/user-attachments/assets/3e6e49b1-808d-482e-a237-b606e50262f5" /> https://github.com/user-attachments/assets/6533dead-35f1-47f5-875a-3cebb81453c9 https://github.com/user-attachments/assets/da8047f6-7023-4e6c-af90-138541298089 /claim #240 Co-authored-by: Michael Orlov <michaelo@amdocs.com>	2025-09-10 18:50:22 -05:00
हिमांशु	f1010ee7a6	Add maven package manager support to JFrog modules (#414 ) Closes #33 /claim #33 ## Description Jfrog Modules doesn't support conda package manager, This PR adds support of that ## Type of Change - [ ] New module - [ ] Bug fix - [x] Feature/enhancement - [ ] Documentation - [ ] Other ## Testing & Validation - [x] Tests pass (`bun test`) - [ ] Code formatted (`bun run fmt`) - [ ] Changes tested locally ## Related Issues #33 ## video https://github.com/user-attachments/assets/61c33963-e1a7-43e2-b1cc-fdb747405cf5	2025-09-09 10:36:31 +05:00
dependabot[bot]	17734c073a	chore(deps): bump the github-actions group across 1 directory with 5 updates (#415 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-08 16:54:57 +05:00
greg-the-coder	6813e0b5b8	Fix/kubernetes devcontainer template to require fewer updates on initial deployment (#386 ) Co-authored-by: greg-the-coder <greg@coder.com> Co-authored-by: Atif Ali <atif@coder.com>	2025-09-07 21:48:49 +05:30