feat(zed): settings input and MCP servers example (#317 )

This PR adds an optional `settings` input to the Zed module and updates the README with an example for configuring MCP servers. Changes: - Add `settings` variable to modules/zed/main.tf - Add `coder_script` to write/merge `~/.config/zed/settings.json` (respects `$XDG_CONFIG_HOME` and merges with existing settings if `jq` is available) - Update README with a `settings` example configuring MCP context servers and clarify default settings path Test plan: - Syntax-only: `bun test --filter zed` fails in CI without Terraform; this change only adds inputs and a startup script. No behavior change to existing outputs. Co-authored-by: Atif Ali <10648092+matifali@users.noreply.github.com> --------- Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com> Co-authored-by: DevCats <christofer@coder.com>
feat(gemini): gemini cleanup and refactor (#300 )
2026-06-03 04:58:15 +00:00 · 2025-08-12 20:26:28 -05:00 · 2025-08-12 11:37:45 -05:00 · 2025-08-12 11:18:31 -05:00 · 2025-08-11 22:36:41 -05:00 · 2025-08-11 21:18:39 -05:00
56 changed files with 2256 additions and 470 deletions
@@ -1,275 +0,0 @@
-#!/bin/bash
-
-# Tag Release Script
-# Automatically detects modules that need tagging and creates release tags
-# Usage: ./tag_release.sh
-# Operates on the current checked-out commit
-
-set -euo pipefail
-
-MODULES_TO_TAG=()
-
-usage() {
-  echo "Usage: $0"
-  echo ""
-  echo "This script will:"
-  echo "  1. Scan all modules in the registry"
-  echo "  2. Check which modules need new release tags"
-  echo "  3. Extract version information from README files"
-  echo "  4. Generate a report for confirmation"
-  echo "  5. Create and push release tags after confirmation"
-  echo ""
-  echo "The script operates on the current checked-out commit."
-  echo "Make sure you have checked out the commit you want to tag before running."
-  exit 1
-}
-
-validate_version() {
-  local version="$1"
-  if ! [[ "$version" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-    echo "❌ Invalid version format: '$version'. Expected X.Y.Z format." >&2
-    return 1
-  fi
-  return 0
-}
-
-extract_version_from_readme() {
-  local readme_path="$1"
-  local namespace="$2"
-  local module_name="$3"
-
-  [ ! -f "$readme_path" ] && return 1
-
-  local version_line
-  version_line=$(grep -E "source\s*=\s*\"registry\.coder\.com/${namespace}/${module_name}" "$readme_path" | head -1 || echo "")
-
-  if [ -n "$version_line" ]; then
-    local version
-    version=$(echo "$version_line" | sed -n 's/.*version\s*=\s*"\([^"]*\)".*/\1/p')
-    if [ -n "$version" ]; then
-      echo "$version"
-      return 0
-    fi
-  fi
-
-  local fallback_version
-  fallback_version=$(grep -E 'version\s*=\s*"[0-9]+\.[0-9]+\.[0-9]+"' "$readme_path" | head -1 | sed 's/.*version\s*=\s*"\([^"]*\)".*/\1/' || echo "")
-
-  if [ -n "$fallback_version" ]; then
-    echo "$fallback_version"
-    return 0
-  fi
-
-  return 1
-}
-
-check_module_needs_tagging() {
-  local namespace="$1"
-  local module_name="$2"
-  local readme_version="$3"
-
-  local tag_name="release/${namespace}/${module_name}/v${readme_version}"
-
-  if git rev-parse --verify "$tag_name" > /dev/null 2>&1; then
-    return 1
-  else
-    return 0
-  fi
-}
-
-detect_modules_needing_tags() {
-  MODULES_TO_TAG=()
-
-  echo "🔍 Scanning all modules for missing release tags..."
-  echo ""
-
-  local all_modules
-  all_modules=$(find registry -mindepth 3 -maxdepth 3 -type d -path "*/modules/*" | sort -u || echo "")
-
-  [ -z "$all_modules" ] && {
-    echo "❌ No modules found to check"
-    return 1
-  }
-
-  local total_checked=0
-  local needs_tagging=0
-
-  while IFS= read -r module_path; do
-    if [ -z "$module_path" ]; then continue; fi
-
-    local namespace
-    namespace=$(echo "$module_path" | cut -d'/' -f2)
-    local module_name
-    module_name=$(echo "$module_path" | cut -d'/' -f4)
-
-    total_checked=$((total_checked + 1))
-
-    local readme_path="$module_path/README.md"
-    local readme_version
-
-    if ! readme_version=$(extract_version_from_readme "$readme_path" "$namespace" "$module_name"); then
-      echo "⚠️  $namespace/$module_name: No version found in README, skipping"
-      continue
-    fi
-
-    if ! validate_version "$readme_version"; then
-      echo "⚠️  $namespace/$module_name: Invalid version format '$readme_version', skipping"
-      continue
-    fi
-
-    if check_module_needs_tagging "$namespace" "$module_name" "$readme_version"; then
-      echo "📦 $namespace/$module_name: v$readme_version (needs tag)"
-      MODULES_TO_TAG+=("$module_path:$namespace:$module_name:$readme_version")
-      needs_tagging=$((needs_tagging + 1))
-    else
-      echo "✅ $namespace/$module_name: v$readme_version (already tagged)"
-    fi
-
-  done <<< "$all_modules"
-
-  echo ""
-  echo "📊 Summary: $needs_tagging of $total_checked modules need tagging"
-  echo ""
-
-  [ $needs_tagging -eq 0 ] && {
-    echo "🎉 All modules are up to date! No tags needed."
-    return 0
-  }
-
-  echo "## Tags to be created:"
-  for module_info in "${MODULES_TO_TAG[@]}"; do
-    IFS=':' read -r module_path namespace module_name version <<< "$module_info"
-    echo "- \`release/$namespace/$module_name/v$version\`"
-  done
-  echo ""
-
-  return 0
-}
-
-create_and_push_tags() {
-  [ ${#MODULES_TO_TAG[@]} -eq 0 ] && {
-    echo "❌ No modules to tag found"
-    return 1
-  }
-
-  local current_commit
-  current_commit=$(git rev-parse HEAD)
-
-  echo "🏷️  Creating release tags for commit: $current_commit"
-  echo ""
-
-  local created_tags=0
-  local failed_tags=0
-
-  for module_info in "${MODULES_TO_TAG[@]}"; do
-    IFS=':' read -r module_path namespace module_name version <<< "$module_info"
-
-    local tag_name="release/$namespace/$module_name/v$version"
-    local tag_message="Release $namespace/$module_name v$version"
-
-    echo "Creating tag: $tag_name"
-
-    if git tag -a "$tag_name" -m "$tag_message" "$current_commit"; then
-      echo "✅ Created: $tag_name"
-      created_tags=$((created_tags + 1))
-    else
-      echo "❌ Failed to create: $tag_name"
-      failed_tags=$((failed_tags + 1))
-    fi
-  done
-
-  echo ""
-  echo "📊 Tag creation summary:"
-  echo "  Created: $created_tags"
-  echo "  Failed: $failed_tags"
-  echo ""
-
-  [ $created_tags -eq 0 ] && {
-    echo "❌ No tags were created successfully"
-    return 1
-  }
-
-  echo "🚀 Pushing tags to origin..."
-
-  local tags_to_push=()
-  for module_info in "${MODULES_TO_TAG[@]}"; do
-    IFS=':' read -r module_path namespace module_name version <<< "$module_info"
-    local tag_name="release/$namespace/$module_name/v$version"
-
-    if git rev-parse --verify "$tag_name" > /dev/null 2>&1; then
-      tags_to_push+=("$tag_name")
-    fi
-  done
-
-  local pushed_tags=0
-  local failed_pushes=0
-
-  if [ ${#tags_to_push[@]} -eq 0 ]; then
-    echo "❌ No valid tags found to push"
-  else
-    if git push --atomic origin "${tags_to_push[@]}"; then
-      echo "✅ Successfully pushed all ${#tags_to_push[@]} tags"
-      pushed_tags=${#tags_to_push[@]}
-    else
-      echo "❌ Failed to push tags"
-      failed_pushes=${#tags_to_push[@]}
-    fi
-  fi
-
-  echo ""
-  echo "📊 Push summary:"
-  echo "  Pushed: $pushed_tags"
-  echo "  Failed: $failed_pushes"
-  echo ""
-
-  if [ $pushed_tags -gt 0 ]; then
-    echo "🎉 Successfully created and pushed $pushed_tags release tags!"
-    echo ""
-    echo "📝 Next steps:"
-    echo "  - Tags will be automatically published to registry.coder.com"
-    echo "  - Monitor the registry website for updates"
-    echo "  - Check GitHub releases for any issues"
-  fi
-
-  return 0
-}
-
-main() {
-  [ $# -gt 0 ] && usage
-
-  echo "🚀 Coder Registry Tag Release Script"
-  echo "Operating on commit: $(git rev-parse HEAD)"
-  echo ""
-
-  if ! git rev-parse --git-dir > /dev/null 2>&1; then
-    echo "❌ Not in a git repository"
-    exit 1
-  fi
-
-  detect_modules_needing_tags || exit 1
-
-  [ ${#MODULES_TO_TAG[@]} -eq 0 ] && {
-    echo "✨ No modules need tagging. All done!"
-    exit 0
-  }
-
-  echo ""
-  echo "❓ Do you want to proceed with creating and pushing these release tags?"
-  echo "   This will create git tags and push them to the remote repository."
-  echo ""
-  read -p "Continue? [y/N]: " -r response
-
-  case "$response" in
-    [yY] | [yY][eE][sS])
-      echo ""
-      create_and_push_tags
-      ;;
-    *)
-      echo ""
-      echo "🚫 Operation cancelled by user"
-      exit 0
-      ;;
-  esac
-}
-
-main "$@"
@@ -48,7 +48,7 @@ jobs:
      - name: Validate formatting
        run: bun fmt:ci
      - name: Check for typos
-        uses: crate-ci/typos@v1.34.0
+        uses: crate-ci/typos@v1.35.3
        with:
          config: .github/typos.toml
  validate-readme-files:
@@ -14,6 +14,7 @@ on:
    paths:
      - ".github/workflows/deploy-registry.yaml"
      - "registry/**/templates/**"
+      - "registry/**/README.md"
      - ".icons/**"

 jobs:
@@ -29,12 +30,12 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Authenticate with Google Cloud
-        uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462
+        uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5
        with:
          workload_identity_provider: projects/309789351055/locations/global/workloadIdentityPools/github-actions/providers/github
          service_account: registry-v2-github@coder-registry-1.iam.gserviceaccount.com
      - name: Set up Google Cloud SDK
-        uses: google-github-actions/setup-gcloud@6a7c903a70c8625ed6700fa299f5ddb4ca6022e9
+        uses: google-github-actions/setup-gcloud@cb1e50a9932213ecece00a606661ae9ca44f3397
      - name: Deploy to dev.registry.coder.com
        run: gcloud builds triggers run 29818181-126d-4f8a-a937-f228b27d3d34 --branch main
      - name: Deploy to registry.coder.com
@@ -24,7 +24,7 @@ The Coder Registry is a collection of Terraform modules and templates for Coder

 ### Install Dependencies

-Install Bun:
+Install Bun (for formatting and scripts):

 ```bash
 curl -fsSL https://bun.sh/install | bash
@@ -89,7 +89,7 @@ Create `registry/[your-username]/README.md`:
 ---
 display_name: "Your Name"
 bio: "Brief description of who you are and what you do"
-avatar_url: "./.images/avatar.png"
+avatar: "./.images/avatar.png"
 github: "your-username"
 linkedin: "https://www.linkedin.com/in/your-username" # Optional
 website: "https://yourwebsite.com" # Optional
@@ -102,7 +102,7 @@ status: "community"
 Brief description of who you are and what you do.
 ```

-> **Note**: The `avatar_url` must point to `./.images/avatar.png` or `./.images/avatar.svg`.
+> **Note**: The `avatar` must point to `./.images/avatar.png` or `./.images/avatar.svg`.

 ### 2. Generate Module Files

@@ -124,19 +124,23 @@ This script generates:
   - Accurate description and usage examples
   - Correct icon path (usually `../../../../.icons/your-icon.svg`)
   - Proper tags that describe your module
-3. **Create `main.test.ts`** to test your module
+3. **Create at least one `.tftest.hcl`** to test your module with `terraform test`
 4. **Add any scripts** or additional files your module needs

 ### 4. Test and Submit

 ```bash
-# Test your module
-bun test -t 'module-name'
+# Test your module (from the module directory)
+terraform init -upgrade
+terraform test -verbose
+
+# Or run all tests in the repo
+./scripts/terraform_test_all.sh

 # Format code
-bun fmt
+bun run fmt

-# Commit and create PR
+# Commit and create PR (do not push to main directly)
 git add .
 git commit -m "Add [module-name] module"
 git push origin your-branch
@@ -335,11 +339,12 @@ coder templates push test-[template-name] -d .
 ### 2. Test Your Changes

 ```bash
-# Test a specific module
-bun test -t 'module-name'
+# Test a specific module (from the module directory)
+terraform init -upgrade
+terraform test -verbose

 # Test all modules
-bun test
+./scripts/terraform_test_all.sh
 ```

 ### 3. Maintain Backward Compatibility
@@ -388,7 +393,7 @@ Example: `https://github.com/coder/registry/compare/main...your-branch?template=
 ### Every Module Must Have

 - `main.tf` - Terraform code
- `main.test.ts` - Working tests
+- One or more `.tftest.hcl` files - Working tests with `terraform test`
 - `README.md` - Documentation with frontmatter

 ### Every Template Must Have
@@ -488,6 +493,6 @@ When reporting bugs, include:
 2. **No tests** or broken tests
 3. **Hardcoded values** instead of variables
 4. **Breaking changes** without defaults
-5. **Not running** `bun fmt` before submitting
+5. **Not running** formatting (`bun run fmt`) and tests (`terraform test`) before submitting

 Happy contributing! 🚀
@@ -18,9 +18,9 @@ sudo apt install golang-go

 Check that PRs have:

- [ ] All required files (`main.tf`, `main.test.ts`, `README.md`)
+- [ ] All required files (`main.tf`, `README.md`, at least one `.tftest.hcl`)
 - [ ] Proper frontmatter in README
- [ ] Working tests (`bun test`)
+- [ ] Working tests (`terraform test`)
 - [ ] Formatted code (`bun run fmt`)
 - [ ] Avatar image for new namespaces (`avatar.png` or `avatar.svg` in `.images/`)

@@ -42,12 +42,58 @@ go build ./cmd/readmevalidation && ./readmevalidation

 ## Making a Release

-### Create Release Tags
+### Automated Tag and Release Process

-After merging a PR:
+After merging a PR, use the automated script to create and push release tags:

-1. Get the new version from the PR (shown as `old → new`)
-2. Checkout the merge commit and create the tag:
+**Prerequisites:**
+
+- Ensure all module versions are updated in their respective README files (the script uses this as the source of truth)
+- Make sure you have the necessary permissions to push tags to the repository
+
+**Steps:**
+
+1. **Checkout the merge commit:**
+
+   ```bash
+   git checkout MERGE_COMMIT_ID
+   ```
+
+2. **Run the tag release script:**
+
+   ```bash
+   ./scripts/tag_release.sh
+   ```
+
+3. **Review and confirm:**
+   - The script will automatically scan all modules in the registry
+   - It will detect which modules need version bumps by comparing README versions to existing tags
+   - A summary will be displayed showing which modules need tagging
+   - Confirm the list is correct when prompted
+
+4. **Automatic tagging:**
+   - After confirmation, the script will automatically create all necessary release tags
+   - Tags will be pushed to the remote repository
+   - The script operates on the current checked-out commit
+
+**Example output:**
+
+```text
+🔍 Scanning all modules for missing release tags...
+
+📦 coder/code-server: v4.1.2 (needs tag)
+✅ coder/dotfiles: v1.0.5 (already tagged)
+
+## Tags to be created:
+- `release/coder/code-server/v4.1.2`
+
+❓ Do you want to proceed with creating and pushing these release tags?
+Continue? [y/N]: y
+```
+
+### Manual Process (Fallback)
+
+If the automated script fails, you can manually tag and release modules:

 ```bash
 # Checkout the merge commit
@@ -81,7 +127,7 @@ tags: ["tag1", "tag2"]
 ```yaml
 display_name: "Your Name"
 bio: "Brief description of who you are and what you do"
-avatar_url: "./.images/avatar.png"
+avatar: "./.images/avatar.png"
 github: "username"
 linkedin: "https://www.linkedin.com/in/username" # Optional
 website: "https://yourwebsite.com" # Optional
@@ -336,12 +336,12 @@ func validateAllCoderResourceFilesOfType(resourceType string) error {
 		return err
 	}

-	logger.Info(context.Background(), "rocessing README files", "num_files", len(allReadmeFiles))
+	logger.Info(context.Background(), "processing README files", "num_files", len(allReadmeFiles))
 	resources, err := parseCoderResourceReadmeFiles(resourceType, allReadmeFiles)
 	if err != nil {
 		return err
 	}
-	logger.Info(context.Background(), "rocessed README files as valid Coder resources", "num_files", len(resources), "type", resourceType)
+	logger.Info(context.Background(), "processed README files as valid Coder resources", "num_files", len(resources), "type", resourceType)

 	if err := validateCoderResourceRelativeURLs(resources); err != nil {
 		return err
@@ -0,0 +1,21 @@
+run "plan_with_required_vars" {
+  command = plan
+
+  variables {
+    agent_id = "example-agent-id"
+  }
+}
+
+run "app_url_uses_port" {
+  command = plan
+
+  variables {
+    agent_id = "example-agent-id"
+    port     = 19999
+  }
+
+  assert {
+    condition     = resource.coder_app.MODULE_NAME.url == "http://localhost:19999"
+    error_message = "Expected MODULE_NAME app URL to include configured port"
+  }
+}
@@ -4,7 +4,7 @@
    "fmt": "bun x prettier --write **/*.sh **/*.ts **/*.md *.md && terraform fmt -recursive -diff",
    "fmt:ci": "bun x prettier --check **/*.sh **/*.ts **/*.md *.md && terraform fmt -check -recursive -diff",
    "terraform-validate": "./scripts/terraform_validate.sh",
-    "test": "bun test",
+    "test": "./scripts/terraform_test_all.sh",
    "update-version": "./update-version.sh"
  },
  "devDependencies": {
@@ -1,7 +1,7 @@
 ---
 display_name: "Jay Kumar"
 bio: "I'm a Software Engineer :)"
-avatar_url: "./.images/avatar.png"
+avatar: "./.images/avatar.jpeg"
 github: "35C4n0r"
 linkedin: "https://www.linkedin.com/in/jaykum4r"
 support_email: "work.jaykumar@gmail.com"
@@ -1,36 +1,41 @@
 ---
 display_name: Gemini CLI
+description: Run Gemini CLI in your workspace for AI pair programming
 icon: ../../../../.icons/gemini.svg
-description: Run Gemini CLI in your workspace with AgentAPI integration
 verified: true
 tags: [agent, gemini, ai, google, tasks]
 ---

 # Gemini CLI

-Run [Gemini CLI](https://ai.google.dev/gemini-api/docs/cli) in your workspace to access Google's Gemini AI models, and custom pre/post install scripts. This module integrates with [AgentAPI](https://github.com/coder/agentapi) for Coder Tasks compatibility.
+Run [Gemini CLI](https://github.com/google-gemini/gemini-cli) in your workspace to access Google's Gemini AI models for interactive coding assistance and automated task execution.

 ```tf
 module "gemini" {
-  source           = "registry.coder.com/coder-labs/gemini/coder"
-  version          = "1.0.0"
-  agent_id         = coder_agent.example.id
-  gemini_api_key   = var.gemini_api_key
-  gemini_model     = "gemini-2.5-pro"
-  install_gemini   = true
-  gemini_version   = "latest"
-  agentapi_version = "latest"
+  source   = "registry.coder.com/coder-labs/gemini/coder"
+  version  = "1.1.0"
+  agent_id = coder_agent.example.id
+  folder   = "/home/coder/project"
 }
 ```

+## Features
+
+- **Interactive AI Assistance**: Run Gemini CLI directly in your terminal for coding help
+- **Automated Task Execution**: Execute coding tasks automatically via AgentAPI integration
+- **Multiple AI Models**: Support for Gemini 2.5 Pro, Flash, and other Google AI models
+- **API Key Integration**: Seamless authentication with Gemini API
+- **MCP Server Integration**: Built-in Coder MCP server for task reporting
+- **Persistent Sessions**: Maintain context across workspace sessions
+
 ## Prerequisites

- You must add the [Coder Login](https://registry.coder.com/modules/coder-login/coder) module to your template
 - Node.js and npm will be installed automatically if not present
+- The [Coder Login](https://registry.coder.com/modules/coder/coder-login) module is required

-## Usage Example
+## Examples

- Example 1:
+### Basic setup

 ```tf
 variable "gemini_api_key" {
@@ -40,39 +45,97 @@ variable "gemini_api_key" {
 }

 module "gemini" {
-  count                     = data.coder_workspace.me.start_count
-  source                    = "registry.coder.com/coder-labs/gemini/coder"
-  version                   = "1.0.0"
-  agent_id                  = coder_agent.example.id
-  gemini_api_key            = var.gemini_api_key # we recommend providing this parameter inorder to have a smoother experience (i.e. no google sign-in)
-  gemini_model              = "gemini-2.5-flash"
-  install_gemini            = true
-  gemini_version            = "latest"
-  gemini_instruction_prompt = "Start every response with `Gemini says:`"
+  source         = "registry.coder.com/coder-labs/gemini/coder"
+  version        = "1.1.0"
+  agent_id       = coder_agent.example.id
+  gemini_api_key = var.gemini_api_key
+  folder         = "/home/coder/project"
 }
 ```

-## How it Works
+This basic setup will:

- **Install**: The module installs Gemini CLI using npm (installs Node.js via NVM if needed)
- **Instruction Prompt**: If `GEMINI_INSTRUCTION_PROMPT` and `GEMINI_START_DIRECTORY` are set, creates the directory (if needed) and writes the prompt to `GEMINI.md`
- **Start**: Launches Gemini CLI in the specified directory, wrapped by AgentAPI
- **Environment**: Sets `GEMINI_API_KEY`, `GOOGLE_GENAI_USE_VERTEXAI`, `GEMINI_MODEL` for the CLI (if variables provided)
+- Install Gemini CLI in the workspace
+- Configure authentication with your API key
+- Set Gemini to run in `/home/coder/project` directory
+- Enable interactive use from the terminal
+- Set up MCP server integration for task reporting
+
+### Automated task execution (Experimental)
+
+> This functionality is in early access and is still evolving.
+> For now, we recommend testing it in a demo or staging environment,
+> rather than deploying to production
+>
+> Learn more in [the Coder documentation](https://coder.com/docs/ai-coder)
+
+```tf
+variable "gemini_api_key" {
+  type        = string
+  description = "Gemini API key"
+  sensitive   = true
+}
+
+module "coder-login" {
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/coder/coder-login/coder"
+  version  = "~> 1.0"
+  agent_id = coder_agent.example.id
+}
+
+data "coder_parameter" "ai_prompt" {
+  type        = "string"
+  name        = "AI Prompt"
+  default     = ""
+  description = "Task prompt for automated Gemini execution"
+  mutable     = true
+}
+
+module "gemini" {
+  count                = data.coder_workspace.me.start_count
+  source               = "registry.coder.com/coder-labs/gemini/coder"
+  version              = "1.1.0"
+  agent_id             = coder_agent.example.id
+  gemini_api_key       = var.gemini_api_key
+  gemini_model         = "gemini-2.5-flash"
+  folder               = "/home/coder/project"
+  task_prompt          = data.coder_parameter.ai_prompt.value
+  enable_yolo_mode     = true # Auto-approve all tool calls for automation
+  gemini_system_prompt = <<-EOT
+    You are a helpful coding assistant. Always explain your code changes clearly.
+    YOU MUST REPORT ALL TASKS TO CODER.
+  EOT
+}
+```
+
+> [!WARNING]
+> YOLO mode automatically approves all tool calls without user confirmation. The agent has access to your machine's file system and terminal. Only enable in trusted, isolated environments.
+
+### Using Vertex AI (Enterprise)
+
+For enterprise users who prefer Google's Vertex AI platform:
+
+```tf
+module "gemini" {
+  source         = "registry.coder.com/coder-labs/gemini/coder"
+  version        = "1.1.0"
+  agent_id       = coder_agent.example.id
+  gemini_api_key = var.gemini_api_key
+  folder         = "/home/coder/project"
+  use_vertexai   = true
+}
+```

 ## Troubleshooting

- If Gemini CLI is not found, ensure `install_gemini = true` and your API key is valid
- Node.js and npm are installed automatically if missing (using NVM)
- Check logs in `/home/coder/.gemini-module/` for install/start output
- We highly recommend using the `gemini_api_key` variable, this also ensures smooth tasks running without needing to sign in to Google.
+- If Gemini CLI is not found, ensure your API key is valid (`install_gemini` defaults to `true`)
+- Check logs in `~/.gemini-module/` for install/start output
+- Use the `gemini_api_key` variable to avoid requiring Google sign-in

-> [!IMPORTANT]
-> To use tasks with Gemini CLI, ensure you have the `gemini_api_key` variable set, and **you pass the `AI Prompt` Parameter**.
-> By default we inject the "theme": "Default" and "selectedAuthType": "gemini-api-key" to your ~/.gemini/settings.json along with the coder mcp server.
-> In `gemini_instruction_prompt` and `AI Prompt` text we recommend using (\`\`) backticks instead of quotes to avoid escaping issues. Eg: gemini_instruction_prompt = "Start every response with \`Gemini says:\` "
+The module creates log files in the workspace's `~/.gemini-module` directory for debugging purposes.

 ## References

- [Gemini CLI Documentation](https://ai.google.dev/gemini-api/docs/cli)
+- [Gemini CLI Documentation](https://github.com/google-gemini/gemini-cli/blob/main/docs/index.md)
 - [AgentAPI Documentation](https://github.com/coder/agentapi)
- [Coder AI Agents Guide](https://coder.com/docs/tutorials/ai-agents)
+- [Coder AI Agents Guide](https://coder.com/docs/ai-coder)
@@ -8,7 +8,6 @@ import {
 } from "bun:test";
 import { execContainer, readFileContainer, runTerraformInit } from "~test";
 import {
-  loadTestFile,
  writeExecutable,
  setup as setupUtil,
  execModuleScript,
@@ -54,10 +53,24 @@ const setup = async (props?: SetupProps): Promise<{ id: string }> => {
    agentapiMockScript: props?.agentapiMockScript,
  });
  if (!props?.skipGeminiMock) {
+    const geminiMockContent = `#!/bin/bash
+
+if [[ "$1" == "--version" ]]; then
+  echo "HELLO: $(bash -c env)"
+  echo "gemini version v2.5.0"
+  exit 0
+fi
+
+set -e
+
+while true; do
+    echo "$(date) - gemini-mock"
+    sleep 15
+done`;
    await writeExecutable({
      containerId: id,
      filePath: "/usr/bin/gemini",
-      content: await loadTestFile(import.meta.dir, "gemini-mock.sh"),
+      content: geminiMockContent,
    });
  }
  return { id };
@@ -70,7 +83,7 @@ describe("gemini", async () => {
    await runTerraformInit(import.meta.dir);
  });

-  test("happy-path", async () => {
+  test("agent-api", async () => {
    const { id } = await setup();
    await execModuleScript(id);
    await expectAgentAPIStarted(id);
@@ -117,7 +130,7 @@ describe("gemini", async () => {
    await execModuleScript(id);

    const resp = await readFileContainer(id, "/home/coder/.gemini-module/agentapi-start.log");
-    expect(resp).toContain("gemini_api_key provided !");
+    expect(resp).toContain("Using direct Gemini API with API key");
  });

  test("use-vertexai", async () => {
@@ -197,6 +210,20 @@ describe("gemini", async () => {
    expect(resp).toContain(prompt);
  });

+  test("task-prompt", async () => {
+    const taskPrompt = "Create a simple Hello World function";
+    const { id } = await setup({
+      moduleVariables: {
+        task_prompt: taskPrompt,
+      },
+    });
+    await execModuleScript(id, {
+      GEMINI_TASK_PROMPT: taskPrompt,
+    });
+    const resp = await readFileContainer(id, "/home/coder/.gemini-module/agentapi-start.log");
+    expect(resp).toContain("Running automated task:");
+  });
+
  test("start-without-prompt", async () => {
    const { id } = await setup();
    await execModuleScript(id);
@@ -74,14 +74,14 @@ variable "use_vertexai" {

 variable "install_agentapi" {
  type        = bool
-  description = "Whether to install AgentAPI."
+  description = "Whether to install AgentAPI for web UI and task automation."
  default     = true
 }

 variable "agentapi_version" {
  type        = string
  description = "The version of AgentAPI to install."
-  default     = "v0.3.0"
+  default     = "v0.2.3"
 }

 variable "gemini_model" {
@@ -102,12 +102,10 @@ variable "post_install_script" {
  default     = null
 }

-data "coder_parameter" "ai_prompt" {
-  type        = "string"
-  name        = "AI Prompt"
+variable "task_prompt" {
+  type        = string
+  description = "Task prompt for automated Gemini execution"
  default     = ""
-  description = "Initial prompt for the Gemini CLI"
-  mutable     = true
 }

 variable "additional_extensions" {
@@ -122,12 +120,24 @@ variable "gemini_system_prompt" {
  default     = ""
 }

+variable "enable_yolo_mode" {
+  type        = bool
+  description = "Enable YOLO mode to automatically approve all tool calls without user confirmation. Use with caution."
+  default     = false
+}
+
 resource "coder_env" "gemini_api_key" {
  agent_id = var.agent_id
  name     = "GEMINI_API_KEY"
  value    = var.gemini_api_key
 }

+resource "coder_env" "google_api_key" {
+  agent_id = var.agent_id
+  name     = "GOOGLE_API_KEY"
+  value    = var.gemini_api_key
+}
+
 resource "coder_env" "gemini_use_vertex_ai" {
  agent_id = var.agent_id
  name     = "GOOGLE_GENAI_USE_VERTEXAI"
@@ -166,7 +176,7 @@ EOT

 module "agentapi" {
  source  = "registry.coder.com/coder/agentapi/coder"
-  version = "1.0.0"
+  version = "1.1.1"

  agent_id             = var.agent_id
  web_app_slug         = local.app_slug
@@ -181,22 +191,7 @@ module "agentapi" {
  agentapi_version     = var.agentapi_version
  pre_install_script   = var.pre_install_script
  post_install_script  = var.post_install_script
-  start_script         = <<-EOT
-     #!/bin/bash
-     set -o errexit
-     set -o pipefail
-
-     echo -n '${base64encode(local.start_script)}' | base64 -d > /tmp/start.sh
-     chmod +x /tmp/start.sh
-     GEMINI_API_KEY='${var.gemini_api_key}' \
-     GOOGLE_GENAI_USE_VERTEXAI='${var.use_vertexai}' \
-     GEMINI_MODEL='${var.gemini_model}' \
-     GEMINI_START_DIRECTORY='${var.folder}' \
-     GEMINI_TASK_PROMPT='${base64encode(data.coder_parameter.ai_prompt.value)}' \
-     /tmp/start.sh
-   EOT
-
-  install_script = <<-EOT
+  install_script       = <<-EOT
    #!/bin/bash
    set -o errexit
    set -o pipefail
@@ -209,7 +204,23 @@ module "agentapi" {
    BASE_EXTENSIONS='${base64encode(replace(local.base_extensions, "'", "'\\''"))}' \
    ADDITIONAL_EXTENSIONS='${base64encode(replace(var.additional_extensions != null ? var.additional_extensions : "", "'", "'\\''"))}' \
    GEMINI_START_DIRECTORY='${var.folder}' \
-    GEMINI_INSTRUCTION_PROMPT='${base64encode(var.gemini_system_prompt)}' \
+    GEMINI_SYSTEM_PROMPT='${base64encode(var.gemini_system_prompt)}' \
    /tmp/install.sh
  EOT
+  start_script         = <<-EOT
+     #!/bin/bash
+     set -o errexit
+     set -o pipefail
+
+     echo -n '${base64encode(local.start_script)}' | base64 -d > /tmp/start.sh
+     chmod +x /tmp/start.sh
+     GEMINI_API_KEY='${var.gemini_api_key}' \
+     GOOGLE_API_KEY='${var.gemini_api_key}' \
+     GOOGLE_GENAI_USE_VERTEXAI='${var.use_vertexai}' \
+     GEMINI_YOLO_MODE='${var.enable_yolo_mode}' \
+     GEMINI_MODEL='${var.gemini_model}' \
+     GEMINI_START_DIRECTORY='${var.folder}' \
+     GEMINI_TASK_PROMPT='${var.task_prompt}' \
+     /tmp/start.sh
+   EOT
 }
@@ -2,7 +2,6 @@

 BOLD='\033[0;1m'

-# Function to check if a command exists
 command_exists() {
    command -v "$1" >/dev/null 2>&1
 }
@@ -12,7 +11,7 @@ set -o nounset
 ARG_GEMINI_CONFIG=$(echo -n "$ARG_GEMINI_CONFIG" | base64 -d)
 BASE_EXTENSIONS=$(echo -n "$BASE_EXTENSIONS" | base64 -d)
 ADDITIONAL_EXTENSIONS=$(echo -n "$ADDITIONAL_EXTENSIONS" | base64 -d)
-GEMINI_INSTRUCTION_PROMPT=$(echo -n "$GEMINI_INSTRUCTION_PROMPT" | base64 -d)
+GEMINI_SYSTEM_PROMPT=$(echo -n "$GEMINI_SYSTEM_PROMPT" | base64 -d)

 echo "--------------------------------"
 printf "gemini_config: %s\n" "$ARG_GEMINI_CONFIG"
@@ -23,7 +22,6 @@ echo "--------------------------------"
 set +o nounset

 function install_node() {
-  # borrowed from claude-code module
    if ! command_exists npm; then
      printf "npm not found, checking for Node.js installation...\n"
      if ! command_exists node; then
@@ -52,24 +50,15 @@ function install_node() {

 function install_gemini() {
  if [ "${ARG_INSTALL}" = "true" ]; then
-    # we need node to install and run gemini-cli
    install_node

-  # If nvm does not exist, we will create a global npm directory (this os to prevent the possibility of EACCESS issues on npm -g)
  if ! command_exists nvm; then
      printf "which node: %s\n" "$(which node)"
      printf "which npm: %s\n" "$(which npm)"

-      # Create a directory for global packages
      mkdir -p "$HOME"/.npm-global
-
-      # Configure npm to use it
      npm config set prefix "$HOME/.npm-global"
-
-      # Add to PATH for current session
      export PATH="$HOME/.npm-global/bin:$PATH"
-
-      # Add to shell profile for future sessions
      if ! grep -q "export PATH=$HOME/.npm-global/bin:\$PATH" ~/.bashrc; then
          echo "export PATH=$HOME/.npm-global/bin:\$PATH" >> ~/.bashrc
      fi
@@ -108,7 +97,6 @@ function append_extensions_to_settings_json() {
    fi
    if [ ! -f "$SETTINGS_PATH" ]; then
      printf "%s does not exist. Creating with merged mcpServers structure.\n" "$SETTINGS_PATH"
-      # If ADDITIONAL_EXTENSIONS is not set or empty, use '{}'
      ADD_EXT_JSON='{}'
      if [ -n "${ADDITIONAL_EXTENSIONS:-}" ]; then
        ADD_EXT_JSON="$ADDITIONAL_EXTENSIONS"
@@ -116,10 +104,7 @@ function append_extensions_to_settings_json() {
      printf '{"mcpServers":%s}\n' "$(jq -s 'add' <(echo "$BASE_EXTENSIONS") <(echo "$ADD_EXT_JSON"))" > "$SETTINGS_PATH"
    fi

-    # Prepare temp files
    TMP_SETTINGS=$(mktemp)
-
-    # If ADDITIONAL_EXTENSIONS is not set or empty, use '{}'
    ADD_EXT_JSON='{}'
    if [ -n "${ADDITIONAL_EXTENSIONS:-}" ]; then
      printf "[append_extensions_to_settings_json] ADDITIONAL_EXTENSIONS is set.\n"
@@ -133,14 +118,13 @@ function append_extensions_to_settings_json() {
      '.mcpServers = (.mcpServers // {} + $base + $add)' \
      "$SETTINGS_PATH" > "$TMP_SETTINGS" && mv "$TMP_SETTINGS" "$SETTINGS_PATH"

-    # Add theme and selectedAuthType fields
    jq '.theme = "Default" | .selectedAuthType = "gemini-api-key"' "$SETTINGS_PATH" > "$TMP_SETTINGS" && mv "$TMP_SETTINGS" "$SETTINGS_PATH"

    printf "[append_extensions_to_settings_json] Merge complete.\n"
 }

-function add_instruction_prompt_if_exists() {
-    if [ -n "${GEMINI_INSTRUCTION_PROMPT:-}" ]; then
+function add_system_prompt_if_exists() {
+    if [ -n "${GEMINI_SYSTEM_PROMPT:-}" ]; then
        if [ -d "${GEMINI_START_DIRECTORY}" ]; then
            printf "Directory '%s' exists. Changing to it.\\n" "${GEMINI_START_DIRECTORY}"
            cd "${GEMINI_START_DIRECTORY}" || {
@@ -160,16 +144,21 @@ function add_instruction_prompt_if_exists() {
        fi
        touch GEMINI.md
        printf "Setting GEMINI.md\n"
-        echo "${GEMINI_INSTRUCTION_PROMPT}" > GEMINI.md
+        echo "${GEMINI_SYSTEM_PROMPT}" > GEMINI.md
    else
        printf "GEMINI.md is not set.\n"
    fi
 }

+function configure_mcp() {
+    export CODER_MCP_APP_STATUS_SLUG="gemini"
+    export CODER_MCP_AI_AGENTAPI_URL="http://localhost:3284"
+    coder exp mcp configure gemini "${GEMINI_START_DIRECTORY}"
+}

-# Install Gemini
 install_gemini
 gemini --version
 populate_settings_json
-add_instruction_prompt_if_exists
+add_system_prompt_if_exists
+configure_mcp

@@ -1,6 +1,7 @@
 #!/bin/bash
+set -o errexit
+set -o pipefail

-# Load shell environment
 source "$HOME"/.bashrc

 command_exists() {
@@ -15,7 +16,8 @@ fi

 printf "Version: %s\n" "$(gemini --version)"

-GEMINI_TASK_PROMPT=$(echo -n "$GEMINI_TASK_PROMPT" | base64 -d)
+MODULE_DIR="$HOME/.gemini-module"
+mkdir -p "$MODULE_DIR"

 if command_exists gemini; then
    printf "Gemini is installed\n"
@@ -43,20 +45,30 @@ else
 fi

 if [ -n "$GEMINI_TASK_PROMPT" ]; then
-    printf "Running the task prompt %s\n" "$GEMINI_TASK_PROMPT"
+    printf "Running automated task: %s\n" "$GEMINI_TASK_PROMPT"
    PROMPT="Every step of the way, report tasks to Coder with proper descriptions and statuses. Your task at hand: $GEMINI_TASK_PROMPT"
+    PROMPT_FILE="$MODULE_DIR/prompt.txt"
+    echo -n "$PROMPT" >"$PROMPT_FILE"
    GEMINI_ARGS=(--prompt-interactive "$PROMPT")
 else
-    printf "No task prompt given.\n"
+    printf "Starting Gemini CLI in interactive mode.\n"
    GEMINI_ARGS=()
 fi

-if [ -n "$GEMINI_API_KEY" ]; then
-    printf "gemini_api_key provided !\n"
-else
-    printf "gemini_api_key not provided\n"
+if [ -n "$GEMINI_YOLO_MODE" ] && [ "$GEMINI_YOLO_MODE" = "true" ]; then
+    printf "YOLO mode enabled - will auto-approve all tool calls\n"
+    GEMINI_ARGS+=(--yolo)
 fi

-# use low width to fit in the tasks UI sidebar. height is adjusted so that width x height ~= 80x1000 characters
-# are visible in the terminal screen by default.
-agentapi server --term-width 67 --term-height 1190 -- gemini "${GEMINI_ARGS[@]}"
+if [ -n "$GEMINI_API_KEY" ] || [ -n "$GOOGLE_API_KEY" ]; then
+    if [ -n "$GOOGLE_GENAI_USE_VERTEXAI" ] && [ "$GOOGLE_GENAI_USE_VERTEXAI" = "true" ]; then
+        printf "Using Vertex AI with API key\n"
+    else
+        printf "Using direct Gemini API with API key\n"
+    fi
+else
+    printf "No API key provided (neither GEMINI_API_KEY nor GOOGLE_API_KEY)\n"
+fi
+
+agentapi server --term-width 67 --term-height 1190 -- \
+    bash -c "$(printf '%q ' gemini "${GEMINI_ARGS[@]}")"
@@ -1,14 +0,0 @@
-#!/bin/bash
-
-if [[ "$1" == "--version" ]]; then
-  echo "HELLO: $(bash -c env)"
-  echo "gemini version v2.5.0"
-  exit 0
-fi
-
-set -e
-
-while true; do
-    echo "$(date) - gemini-mock"
-    sleep 15
-done
@@ -118,7 +118,6 @@ data "coder_workspace_preset" "default" {
    EOT
    "preview_port"    = "4200"
    "container_image" = "codercom/example-universal:ubuntu"
-    "jetbrains_ide"   = "PY"
  }

  # Pre-builds is a Coder Premium
@@ -16,7 +16,7 @@ The AgentAPI module is a building block for modules that need to run an AgentAPI
 ```tf
 module "agentapi" {
  source  = "registry.coder.com/coder/agentapi/coder"
-  version = "1.0.2"
+  version = "1.1.1"

  agent_id             = var.agent_id
  web_app_slug         = local.app_slug
@@ -148,4 +148,105 @@ describe("agentapi", async () => {
    ]);
    expect(respAgentAPI.exitCode).toBe(0);
  });
+
+  test("no-subdomain-base-path", async () => {
+    const { id } = await setup({
+      moduleVariables: {
+        agentapi_subdomain: "false",
+      },
+    });
+
+    const respModuleScript = await execModuleScript(id);
+    expect(respModuleScript.exitCode).toBe(0);
+
+    await expectAgentAPIStarted(id);
+    const agentApiStartLog = await readFileContainer(
+      id,
+      "/home/coder/test-agentapi-start.log",
+    );
+    expect(agentApiStartLog).toContain("Using AGENTAPI_CHAT_BASE_PATH: /@default/default.foo/apps/agentapi-web/chat");
+  });
+
+  test("validate-agentapi-version", async () => {
+    const cases = [
+      {
+        moduleVariables: {
+          agentapi_version: "v0.3.2",
+        },
+        shouldThrow: "",
+      },
+      {
+        moduleVariables: {
+          agentapi_version: "v0.3.3",
+        },
+        shouldThrow: "",
+      },
+      {
+        moduleVariables: {
+          agentapi_version: "v0.0.1",
+          agentapi_subdomain: "false",
+        },
+        shouldThrow: "Running with subdomain = false is only supported by agentapi >= v0.3.3.",
+      },
+      {
+        moduleVariables: {
+          agentapi_version: "v0.3.2",
+          agentapi_subdomain: "false",
+        },
+        shouldThrow: "Running with subdomain = false is only supported by agentapi >= v0.3.3.",
+      },
+      {
+        moduleVariables: {
+          agentapi_version: "v0.3.3",
+          agentapi_subdomain: "false",
+        },
+        shouldThrow: "",
+      },
+      {
+        moduleVariables: {
+          agentapi_version: "v0.3.999",
+          agentapi_subdomain: "false",
+        },
+        shouldThrow: "",
+      },
+      {
+        moduleVariables: {
+          agentapi_version: "v0.999.999",
+          agentapi_subdomain: "false",
+        },
+      },
+      {
+        moduleVariables: {
+          agentapi_version: "v999.999.999",
+          agentapi_subdomain: "false",
+        },
+      },
+      {
+        moduleVariables: {
+          agentapi_version: "arbitrary-string-bypasses-validation",
+        },
+        shouldThrow: "",
+      }
+    ];
+    for (const { moduleVariables, shouldThrow } of cases) {
+      if (shouldThrow) {
+        expect(setup({ moduleVariables: moduleVariables as Record<string, string> })).rejects.toThrow(shouldThrow);
+      } else {
+        expect(setup({ moduleVariables: moduleVariables as Record<string, string> })).resolves.toBeDefined();
+      }
+    }
+  });
+
+  test("agentapi-allowed-hosts", async () => {
+    // verify that the agentapi binary has access to the AGENTAPI_ALLOWED_HOSTS environment variable
+    // set in main.sh
+    const { id } = await setup();
+    await execModuleScript(id);
+    await expectAgentAPIStarted(id);
+    const agentApiStartLog = await readFileContainer(
+      id,
+      "/home/coder/agentapi-mock.log",
+    );
+    expect(agentApiStartLog).toContain("AGENTAPI_ALLOWED_HOSTS: *");
+  });
 });
@@ -117,7 +117,7 @@ variable "install_agentapi" {
 variable "agentapi_version" {
  type        = string
  description = "The version of AgentAPI to install."
-  default     = "v0.2.3"
+  default     = "v0.3.3"
 }

 variable "agentapi_port" {
@@ -126,6 +126,31 @@ variable "agentapi_port" {
  default     = 3284
 }

+locals {
+  # agentapi_subdomain_false_min_version_expr matches a semantic version >= v0.3.3.
+  # Initial support was added in v0.3.1 but configuration via environment variable
+  # was added in v0.3.3.
+  # This is unfortunately a regex because there is no builtin way to compare semantic versions in Terraform.
+  # See: https://regex101.com/r/oHPyRa/1
+  agentapi_subdomain_false_min_version_expr = "^v(0\\.(3\\.[3-9]|3.[1-9]\\d+|[4-9]\\.\\d+|[1-9]\\d+\\.\\d+)|[1-9]\\d*\\.\\d+\\.\\d+)$"
+}
+
+variable "agentapi_subdomain" {
+  type        = bool
+  description = "Whether to use a subdomain for AgentAPI."
+  default     = true
+  validation {
+    condition = var.agentapi_subdomain || (
+      # If version doesn't look like a valid semantic version, just allow it.
+      # Note that boolean operators do not short-circuit in Terraform.
+      can(regex("^v\\d+\\.\\d+\\.\\d+$", var.agentapi_version)) ?
+      can(regex(local.agentapi_subdomain_false_min_version_expr, var.agentapi_version)) :
+      true
+    )
+    error_message = "Running with subdomain = false is only supported by agentapi >= v0.3.3."
+  }
+}
+
 variable "module_dir_name" {
  type        = string
  description = "Name of the subdirectory in the home directory for module files."
@@ -140,7 +165,14 @@ locals {
  encoded_post_install_script        = var.post_install_script != null ? base64encode(var.post_install_script) : ""
  agentapi_start_script_b64          = base64encode(var.start_script)
  agentapi_wait_for_start_script_b64 = base64encode(file("${path.module}/scripts/agentapi-wait-for-start.sh"))
-  main_script                        = file("${path.module}/scripts/main.sh")
+  // Chat base path is only set if not using a subdomain.
+  // NOTE:
+  //   - Initial support for --chat-base-path was added in v0.3.1 but configuration
+  //     via environment variable AGENTAPI_CHAT_BASE_PATH was added in v0.3.3.
+  //   - As CODER_WORKSPACE_AGENT_NAME is a recent addition we use agent ID
+  //     for backward compatibility.
+  agentapi_chat_base_path = var.agentapi_subdomain ? "" : "/@${data.coder_workspace_owner.me.name}/${data.coder_workspace.me.name}.${var.agent_id}/apps/${var.web_app_slug}/chat"
+  main_script             = file("${path.module}/scripts/main.sh")
 }

 resource "coder_script" "agentapi" {
@@ -165,6 +197,7 @@ resource "coder_script" "agentapi" {
    ARG_WAIT_FOR_START_SCRIPT="$(echo -n '${local.agentapi_wait_for_start_script_b64}' | base64 -d)" \
    ARG_POST_INSTALL_SCRIPT="$(echo -n '${local.encoded_post_install_script}' | base64 -d)" \
    ARG_AGENTAPI_PORT='${var.agentapi_port}' \
+    ARG_AGENTAPI_CHAT_BASE_PATH='${local.agentapi_chat_base_path}' \
    /tmp/main.sh
    EOT
  run_on_start = true
@@ -178,7 +211,7 @@ resource "coder_app" "agentapi_web" {
  icon         = var.web_app_icon
  order        = var.web_app_order
  group        = var.web_app_group
-  subdomain    = true
+  subdomain    = var.agentapi_subdomain
  healthcheck {
    url       = "http://localhost:${var.agentapi_port}/status"
    interval  = 3
@@ -13,6 +13,7 @@ START_SCRIPT="$ARG_START_SCRIPT"
 WAIT_FOR_START_SCRIPT="$ARG_WAIT_FOR_START_SCRIPT"
 POST_INSTALL_SCRIPT="$ARG_POST_INSTALL_SCRIPT"
 AGENTAPI_PORT="$ARG_AGENTAPI_PORT"
+AGENTAPI_CHAT_BASE_PATH="${ARG_AGENTAPI_CHAT_BASE_PATH:-}"
 set +o nounset

 command_exists() {
@@ -92,5 +93,9 @@ export LANG=en_US.UTF-8
 export LC_ALL=en_US.UTF-8

 cd "${WORKDIR}"
+
+export AGENTAPI_CHAT_BASE_PATH="${AGENTAPI_CHAT_BASE_PATH:-}"
+# Disable host header check since AgentAPI is proxied by Coder (which does its own validation)
+export AGENTAPI_ALLOWED_HOSTS="*"
 nohup "$module_path/scripts/agentapi-start.sh" true "${AGENTAPI_PORT}" &>"$module_path/agentapi-start.log" &
 "$module_path/scripts/agentapi-wait-for-start.sh" "${AGENTAPI_PORT}"
@@ -24,7 +24,16 @@ export const setupContainer = async ({
  });
  const coderScript = findResourceInstance(state, "coder_script");
  const id = await runContainer(image ?? "codercom/enterprise-node:latest");
-  return { id, coderScript, cleanup: () => removeContainer(id) };
+  return {
+    id, coderScript, cleanup: async () => {
+      if (process.env["DEBUG"] === "true" || process.env["DEBUG"] === "1" || process.env["DEBUG"] === "yes") {
+        console.log(`Not removing container ${id} in debug mode`);
+        console.log(`Run "docker rm -f ${id}" to remove it manually.`);
+      } else {
+        await removeContainer(id);
+      }
+    }
+  };
 };

 export const loadTestFile = async (
@@ -1,11 +1,13 @@
 #!/usr/bin/env node

 const http = require("http");
+const fs = require("fs");
 const args = process.argv.slice(2);
 const portIdx = args.findIndex((arg) => arg === "--port") + 1;
 const port = portIdx ? args[portIdx] : 3284;

 console.log(`starting server on port ${port}`);
+fs.writeFileSync("/home/coder/agentapi-mock.log", `AGENTAPI_ALLOWED_HOSTS: ${process.env.AGENTAPI_ALLOWED_HOSTS}`);

 http
  .createServer(function (_request, response) {
@@ -11,6 +11,12 @@ log_file_path="$module_path/agentapi.log"
 echo "using prompt: $use_prompt" >>/home/coder/test-agentapi-start.log
 echo "using port: $port" >>/home/coder/test-agentapi-start.log

+AGENTAPI_CHAT_BASE_PATH="${AGENTAPI_CHAT_BASE_PATH:-}"
+if [ -n "$AGENTAPI_CHAT_BASE_PATH" ]; then
+    echo "Using AGENTAPI_CHAT_BASE_PATH: $AGENTAPI_CHAT_BASE_PATH" >>/home/coder/test-agentapi-start.log
+    export AGENTAPI_CHAT_BASE_PATH
+fi
+
 agentapi server --port "$port" --term-width 67 --term-height 1190 -- \
    bash -c aiagent \
    >"$log_file_path" 2>&1
@@ -125,24 +125,7 @@ variable "ai_prompt" {
 locals {
  encoded_pre_install_script  = var.experiment_pre_install_script != null ? base64encode(var.experiment_pre_install_script) : ""
  encoded_post_install_script = var.experiment_post_install_script != null ? base64encode(var.experiment_post_install_script) : ""
-  # We need to use allowed tools to limit the context Amazon Q receives.
-  # Amazon Q can't handle big contexts, and the `create_template_version` tool
-  # has a description that's too long.
-  mcp_json         = <<EOT
-    {
-      "mcpServers": {
-        "coder": {
-          "command": "coder",
-          "args": ["exp", "mcp", "server", "--allowed-tools", "coder_report_task"],
-          "env": {
-            "CODER_MCP_APP_STATUS_SLUG": "amazon-q"
-          }
-        }
-      }
-    }
-  EOT
-  encoded_mcp_json = base64encode(local.mcp_json)
-  full_prompt      = <<-EOT
+  full_prompt                 = <<-EOT
    ${var.system_prompt}

    Your first task is:
@@ -211,6 +194,12 @@ resource "coder_script" "amazon_q" {
    cd "$PREV_DIR"
    echo "Extracted auth tarball"

+    if [ "${var.experiment_report_tasks}" = "true" ]; then
+      echo "Configuring Amazon Q to report tasks via Coder MCP..."
+      q mcp add --name coder --command "coder" --args "exp,mcp,server,--allowed-tools,coder_report_task" --env "CODER_MCP_APP_STATUS_SLUG=amazon-q" --scope global --force
+      echo "Added Coder MCP server to Amazon Q configuration"
+    fi
+
    if [ -n "${local.encoded_post_install_script}" ]; then
      echo "Running post-install script..."
      echo "${local.encoded_post_install_script}" | base64 -d > /tmp/post_install.sh
@@ -218,13 +207,6 @@ resource "coder_script" "amazon_q" {
      /tmp/post_install.sh
    fi

-    if [ "${var.experiment_report_tasks}" = "true" ]; then
-      echo "Configuring Amazon Q to report tasks via Coder MCP..."
-      mkdir -p ~/.aws/amazonq
-      echo "${local.encoded_mcp_json}" | base64 -d > ~/.aws/amazonq/mcp.json
-      echo "Created the ~/.aws/amazonq/mcp.json configuration file"
-    fi
-
    if [ "${var.experiment_use_tmux}" = "true" ] && [ "${var.experiment_use_screen}" = "true" ]; then
      echo "Error: Both experiment_use_tmux and experiment_use_screen cannot be true simultaneously."
      echo "Please set only one of them to true."
@@ -13,7 +13,7 @@ Run the [Claude Code](https://docs.anthropic.com/en/docs/agents-and-tools/claude
 ```tf
 module "claude-code" {
  source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "2.0.4"
+  version             = "2.0.7"
  agent_id            = coder_agent.example.id
  folder              = "/home/coder"
  install_claude_code = true
@@ -84,7 +84,7 @@ resource "coder_agent" "main" {
 module "claude-code" {
  count               = data.coder_workspace.me.start_count
  source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "2.0.4"
+  version             = "2.0.7"
  agent_id            = coder_agent.example.id
  folder              = "/home/coder"
  install_claude_code = true
@@ -102,7 +102,7 @@ Run Claude Code as a standalone app in your workspace. This will install Claude
 ```tf
 module "claude-code" {
  source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "2.0.4"
+  version             = "2.0.7"
  agent_id            = coder_agent.example.id
  folder              = "/home/coder"
  install_claude_code = true
@@ -10,6 +10,7 @@ import path from "path";
 import {
  execContainer,
  findResourceInstance,
+  readFileContainer,
  removeContainer,
  runContainer,
  runTerraformApply,
@@ -319,4 +320,21 @@ describe("claude-code", async () => {
      agentApiUrl: "http://localhost:3284",
    });
  });
+
+  // verify that the agentapi binary has access to the AGENTAPI_ALLOWED_HOSTS environment variable
+  // set in main.tf
+  test("agentapi-allowed-hosts", async () => {
+    const { id } = await setup();
+
+    const respModuleScript = await execModuleScript(id);
+    expect(respModuleScript.exitCode).toBe(0);
+
+    await expectAgentAPIStarted(id);
+
+    const agentApiStartLog = await readFileContainer(
+      id,
+      "/home/coder/agentapi-mock.log",
+    );
+    expect(agentApiStartLog).toContain("AGENTAPI_ALLOWED_HOSTS: *");
+  });
 });
@@ -241,6 +241,10 @@ resource "coder_script" "claude_code" {
    export LC_ALL=en_US.UTF-8

    cd "${local.workdir}"
+
+    # Disable host header check since AgentAPI is proxied by Coder (which does its own validation)
+    export AGENTAPI_ALLOWED_HOSTS="*"
+
    nohup "$module_path/scripts/agentapi-start.sh" use_prompt &> "$module_path/agentapi-start.log" &
    "$module_path/scripts/agentapi-wait-for-start.sh"
    EOT
@@ -20,6 +20,8 @@ if (
  process.exit(1);
 }

+fs.writeFileSync("/home/coder/agentapi-mock.log", `AGENTAPI_ALLOWED_HOSTS: ${process.env.AGENTAPI_ALLOWED_HOSTS}`);
+
 console.log(`starting server on port ${port}`);

 http
@@ -0,0 +1,50 @@
+run "required_vars" {
+  command = plan
+
+  variables {
+    agent_id = "foo"
+  }
+}
+
+run "offline_and_use_cached_conflict" {
+  command = plan
+
+  variables {
+    agent_id   = "foo"
+    use_cached = true
+    offline    = true
+  }
+
+  expect_failures = [
+    resource.coder_script.code-server
+  ]
+}
+
+run "offline_disallows_extensions" {
+  command = plan
+
+  variables {
+    agent_id   = "foo"
+    offline    = true
+    extensions = ["ms-python.python", "golang.go"]
+  }
+
+  expect_failures = [
+    resource.coder_script.code-server
+  ]
+}
+
+run "url_with_folder_query" {
+  command = plan
+
+  variables {
+    agent_id = "foo"
+    folder   = "/home/coder/project"
+    port     = 13337
+  }
+
+  assert {
+    condition     = resource.coder_app.code-server.url == "http://localhost:13337/?folder=%2Fhome%2Fcoder%2Fproject"
+    error_message = "coder_app URL must include encoded folder query param"
+  }
+}
@@ -16,7 +16,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/vscode-coder)
 module "cursor" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/cursor/coder"
-  version  = "1.2.1"
+  version  = "1.3.0"
  agent_id = coder_agent.example.id
 }
 ```
@@ -29,8 +29,33 @@ module "cursor" {
 module "cursor" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/cursor/coder"
-  version  = "1.2.1"
+  version  = "1.3.0"
  agent_id = coder_agent.example.id
  folder   = "/home/coder/project"
 }
 ```
+
+### Configure MCP servers for Cursor
+
+Provide a JSON-encoded string via the `mcp` input. When set, the module writes the value to `~/.cursor/mcp.json` using a `coder_script` on workspace start.
+
+```tf
+module "cursor" {
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/coder/cursor/coder"
+  version  = "1.3.0"
+  agent_id = coder_agent.example.id
+  mcp = jsonencode({
+    mcpServers = {
+      coder = {
+        command = "coder"
+        args    = ["exp", "mcp", "server"]
+        env = {
+          CODER_MCP_APP_STATUS_SLUG = "cursor"
+          CODER_MCP_AI_AGENTAPI_URL = "http://localhost:3284"
+        }
+      }
+    }
+  })
+}
+```
@@ -1,8 +1,13 @@
-import { describe, expect, it } from "bun:test";
+import { describe, it, expect } from "bun:test";
 import {
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
+  runContainer,
+  execContainer,
+  removeContainer,
+  findResourceInstance,
+  readFileContainer,
 } from "~test";

 describe("cursor", async () => {
@@ -85,4 +90,26 @@ describe("cursor", async () => {
    expect(coder_app?.instances.length).toBe(1);
    expect(coder_app?.instances[0].attributes.order).toBe(22);
  });
+
+  it("writes ~/.cursor/mcp.json when mcp provided", async () => {
+    const id = await runContainer("alpine");
+    try {
+      const mcp = JSON.stringify({ servers: { demo: { url: "http://localhost:1234" } } });
+      const state = await runTerraformApply(import.meta.dir, {
+        agent_id: "foo",
+        mcp,
+      });
+      const script = findResourceInstance(state, "coder_script", "cursor_mcp").script;
+      const resp = await execContainer(id, ["sh", "-c", script]);
+      if (resp.exitCode !== 0) {
+        console.log(resp.stdout);
+        console.log(resp.stderr);
+      }
+      expect(resp.exitCode).toBe(0);
+      const content = await readFileContainer(id, "/root/.cursor/mcp.json");
+      expect(content).toBe(mcp);
+    } finally {
+      await removeContainer(id);
+    }
+  });
 });
@@ -50,9 +50,20 @@ variable "display_name" {
  default     = "Cursor Desktop"
 }

+variable "mcp" {
+  type        = string
+  description = "JSON-encoded string to configure MCP servers for Cursor. When set, writes ~/.cursor/mcp.json."
+  default     = ""
+}
+
 data "coder_workspace" "me" {}
+
 data "coder_workspace_owner" "me" {}

+locals {
+  mcp_b64 = var.mcp != "" ? base64encode(var.mcp) : ""
+}
+
 resource "coder_app" "cursor" {
  agent_id     = var.agent_id
  external     = true
@@ -75,6 +86,21 @@ resource "coder_app" "cursor" {
  ])
 }

+resource "coder_script" "cursor_mcp" {
+  count              = var.mcp != "" ? 1 : 0
+  agent_id           = var.agent_id
+  display_name       = "Cursor MCP"
+  icon               = "/icon/cursor.svg"
+  run_on_start       = true
+  start_blocks_login = false
+  script             = <<-EOT
+    #!/bin/sh
+    set -eu
+    mkdir -p "$HOME/.cursor"
+    echo -n "${local.mcp_b64}" | base64 -d > "$HOME/.cursor/mcp.json"
+  EOT
+}
+
 output "cursor_url" {
  value       = coder_app.cursor.url
  description = "Cursor IDE Desktop URL."
@@ -15,7 +15,7 @@ The devcontainers-cli module provides an easy way to install [`@devcontainers/cl
 ```tf
 module "devcontainers-cli" {
  source   = "registry.coder.com/coder/devcontainers-cli/coder"
-  version  = "1.0.31"
+  version  = "1.0.32"
  agent_id = coder_agent.example.id
 }
 ```
@@ -45,6 +45,8 @@ const executeScriptInContainerWithPackageManager = async (

  console.log(path);

+  await execContainer(id, [shell, "-c", "mkdir -p /tmp/coder-script-data"]);
+
  const resp = await execContainer(
    id,
    [shell, "-c", instance.script],
@@ -52,6 +54,8 @@ const executeScriptInContainerWithPackageManager = async (
      "--env",
      "CODER_SCRIPT_BIN_DIR=/tmp/coder-script-data/bin",
      "--env",
+      "CODER_SCRIPT_DATA_DIR=/tmp/coder-script-data",
+      "--env",
      `PATH=${path}:/tmp/coder-script-data/bin`,
    ],
  );
@@ -1,5 +1,11 @@
 #!/usr/bin/env sh

+# We want to cd into `$CODER_SCRIPT_DATA_DIR` as the current directory
+# might contain a `package.json` with `packageManager` set to something
+# other than the detected package manager. When this happens, it can
+# cause the installation to fail.
+cd "$CODER_SCRIPT_DATA_DIR"
+
 # If @devcontainers/cli is already installed, we can skip
 if command -v devcontainer >/dev/null 2>&1; then
    echo "🥳 @devcontainers/cli is already installed into $(which devcontainer)!"
@@ -34,7 +40,7 @@ install() {
        # so that the devcontainer command is available
        if [ -z "$PNPM_HOME" ]; then
            PNPM_HOME="$CODER_SCRIPT_BIN_DIR"
-            export M_HOME
+            export PNPM_HOME
        fi
        pnpm add -g @devcontainers/cli
    elif [ "$PACKAGE_MANAGER" = "yarn" ]; then
@@ -13,7 +13,7 @@ Run the [Goose](https://block.github.io/goose/) agent in your workspace to gener
 ```tf
 module "goose" {
  source           = "registry.coder.com/coder/goose/coder"
-  version          = "2.0.1"
+  version          = "2.1.1"
  agent_id         = coder_agent.example.id
  folder           = "/home/coder"
  install_goose    = true
@@ -79,7 +79,7 @@ resource "coder_agent" "main" {
 module "goose" {
  count            = data.coder_workspace.me.start_count
  source           = "registry.coder.com/coder/goose/coder"
-  version          = "2.0.1"
+  version          = "2.1.1"
  agent_id         = coder_agent.example.id
  folder           = "/home/coder"
  install_goose    = true
@@ -251,4 +251,21 @@ describe("goose", async () => {
    expect(prompt.exitCode).not.toBe(0);
    expect(prompt.stderr).toContain("No such file or directory");
  });
+
+  test("subdomain-false", async () => {
+    const { id } = await setup({
+      agentapiMockScript: await loadTestFile(
+        import.meta.dir,
+        "agentapi-mock-print-args.js",
+      ),
+      moduleVariables: {
+        subdomain: "false",
+      },
+    });
+
+    await execModuleScript(id);
+
+    const agentapiMockOutput = await readFileContainer(id, agentapiStartLog);
+    expect(agentapiMockOutput).toContain("AGENTAPI_CHAT_BASE_PATH=/@default/default.foo/apps/goose/chat");
+  });
 });
@@ -63,7 +63,13 @@ variable "install_agentapi" {
 variable "agentapi_version" {
  type        = string
  description = "The version of AgentAPI to install."
-  default     = "v0.2.3"
+  default     = "v0.3.3"
+}
+
+variable "subdomain" {
+  type        = bool
+  description = "Whether to use a subdomain for AgentAPI."
+  default     = true
 }

 variable "goose_provider" {
@@ -133,7 +139,7 @@ EOT

 module "agentapi" {
  source  = "registry.coder.com/coder/agentapi/coder"
-  version = "1.0.0"
+  version = "1.1.1"

  agent_id             = var.agent_id
  web_app_slug         = local.app_slug
@@ -146,6 +152,7 @@ module "agentapi" {
  module_dir_name      = local.module_dir_name
  install_agentapi     = var.install_agentapi
  agentapi_version     = var.agentapi_version
+  agentapi_subdomain   = var.subdomain
  pre_install_script   = var.pre_install_script
  post_install_script  = var.post_install_script
  start_script         = local.start_script
@@ -3,6 +3,7 @@
 const http = require("http");
 const args = process.argv.slice(2);
 console.log(args);
+console.log(`AGENTAPI_CHAT_BASE_PATH=${process.env["AGENTAPI_CHAT_BASE_PATH"]}`);
 const port = 3284;

 console.log(`starting server on port ${port}`);
@@ -14,7 +14,7 @@ This module adds JetBrains IDE buttons to launch IDEs directly from the dashboar
 module "jetbrains" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/jetbrains/coder"
-  version  = "1.0.1"
+  version  = "1.0.3"
  agent_id = coder_agent.example.id
  folder   = "/home/coder/project"
 }
@@ -39,7 +39,7 @@ When `default` contains IDE codes, those IDEs are created directly without user
 module "jetbrains" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/jetbrains/coder"
-  version  = "1.0.1"
+  version  = "1.0.3"
  agent_id = coder_agent.example.id
  folder   = "/home/coder/project"
  default  = ["PY", "IU"] # Pre-configure GoLand and IntelliJ IDEA
@@ -52,7 +52,7 @@ module "jetbrains" {
 module "jetbrains" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/jetbrains/coder"
-  version  = "1.0.1"
+  version  = "1.0.3"
  agent_id = coder_agent.example.id
  folder   = "/home/coder/project"
  # Show parameter with limited options
@@ -66,7 +66,7 @@ module "jetbrains" {
 module "jetbrains" {
  count         = data.coder_workspace.me.start_count
  source        = "registry.coder.com/coder/jetbrains/coder"
-  version       = "1.0.1"
+  version       = "1.0.3"
  agent_id      = coder_agent.example.id
  folder        = "/home/coder/project"
  default       = ["IU", "PY"]
@@ -81,7 +81,7 @@ module "jetbrains" {
 module "jetbrains" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/jetbrains/coder"
-  version  = "1.0.1"
+  version  = "1.0.3"
  agent_id = coder_agent.example.id
  folder   = "/workspace/project"

@@ -107,7 +107,7 @@ module "jetbrains" {
 module "jetbrains_pycharm" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/jetbrains/coder"
-  version  = "1.0.1"
+  version  = "1.0.3"
  agent_id = coder_agent.example.id
  folder   = "/workspace/project"

@@ -0,0 +1,131 @@
+run "requires_agent_and_folder" {
+  command = plan
+
+  # Setting both required vars should plan
+  variables {
+    agent_id = "foo"
+    folder   = "/home/coder"
+  }
+}
+
+run "creates_parameter_when_default_empty_latest" {
+  command = plan
+
+  variables {
+    agent_id      = "foo"
+    folder        = "/home/coder"
+    major_version = "latest"
+  }
+
+  # When default is empty, a coder_parameter should be created
+  assert {
+    condition     = can(data.coder_parameter.jetbrains_ides[0].type)
+    error_message = "Expected data.coder_parameter.jetbrains_ides to exist when default is empty"
+  }
+}
+
+run "no_apps_when_default_empty" {
+  command = plan
+
+  variables {
+    agent_id = "foo"
+    folder   = "/home/coder"
+  }
+
+  assert {
+    condition     = length(resource.coder_app.jetbrains) == 0
+    error_message = "Expected no coder_app resources when default is empty"
+  }
+}
+
+run "single_app_when_default_GO" {
+  command = plan
+
+  variables {
+    agent_id = "foo"
+    folder   = "/home/coder"
+    default  = ["GO"]
+  }
+
+  assert {
+    condition     = length(resource.coder_app.jetbrains) == 1
+    error_message = "Expected exactly one coder_app when default contains GO"
+  }
+}
+
+run "url_contains_required_params" {
+  command = apply
+
+  variables {
+    agent_id = "test-agent-123"
+    folder   = "/custom/project/path"
+    default  = ["GO"]
+  }
+
+  assert {
+    condition     = anytrue([for app in values(resource.coder_app.jetbrains) : length(regexall("jetbrains://gateway/coder", app.url)) > 0])
+    error_message = "URL must contain jetbrains scheme"
+  }
+
+  assert {
+    condition     = anytrue([for app in values(resource.coder_app.jetbrains) : length(regexall("&folder=/custom/project/path", app.url)) > 0])
+    error_message = "URL must include folder path"
+  }
+
+  assert {
+    condition     = anytrue([for app in values(resource.coder_app.jetbrains) : length(regexall("ide_product_code=GO", app.url)) > 0])
+    error_message = "URL must include product code"
+  }
+
+  assert {
+    condition     = anytrue([for app in values(resource.coder_app.jetbrains) : length(regexall("ide_build_number=", app.url)) > 0])
+    error_message = "URL must include build number"
+  }
+}
+
+run "includes_agent_name_when_set" {
+  command = apply
+
+  variables {
+    agent_id   = "test-agent-123"
+    agent_name = "main-agent"
+    folder     = "/custom/project/path"
+    default    = ["GO"]
+  }
+
+  assert {
+    condition     = anytrue([for app in values(resource.coder_app.jetbrains) : length(regexall("&agent_name=main-agent", app.url)) > 0])
+    error_message = "URL must include agent_name when provided"
+  }
+}
+
+run "parameter_order_when_default_empty" {
+  command = plan
+
+  variables {
+    agent_id              = "foo"
+    folder                = "/home/coder"
+    coder_parameter_order = 5
+  }
+
+  assert {
+    condition     = data.coder_parameter.jetbrains_ides[0].order == 5
+    error_message = "Expected coder_parameter order to be set to 5"
+  }
+}
+
+run "app_order_when_default_not_empty" {
+  command = plan
+
+  variables {
+    agent_id        = "foo"
+    folder          = "/home/coder"
+    default         = ["GO"]
+    coder_app_order = 10
+  }
+
+  assert {
+    condition     = anytrue([for app in values(resource.coder_app.jetbrains) : app.order == 10])
+    error_message = "Expected coder_app order to be set to 10"
+  }
+}
@@ -202,6 +202,7 @@ data "coder_parameter" "jetbrains_ides" {
  count        = length(var.default) == 0 ? 1 : 0
  type         = "list(string)"
  name         = "jetbrains_ides"
+  description  = "Select which JetBrains IDEs to configure for use in this workspace."
  display_name = "JetBrains IDEs"
  icon         = "/icon/jetbrains-toolbox.svg"
  mutable      = true
@@ -230,6 +231,7 @@ resource "coder_app" "jetbrains" {
  icon         = local.options_metadata[each.key].icon
  external     = true
  order        = var.coder_app_order
+  group        = var.group
  url = join("", [
    "jetbrains://gateway/coder?&workspace=", # requires 2.6.3+ version of Toolbox
    data.coder_workspace.me.name,
@@ -0,0 +1,33 @@
+---
+display_name: VSCode Desktop Core
+description: Building block for modules that need to link to an external VSCode-based IDE
+icon: ../../../../.icons/coder.svg
+verified: true
+tags: [internal, library]
+---
+
+# VS Code Desktop Core
+
+> [!CAUTION]
+> We do not recommend using this module directly. Instead, please consider using one of our [Desktop IDE modules](https://registry.coder.com/modules?search=tag%3Aide).
+
+The VSCode Desktop Core module is a building block for modules that need to expose access to VSCode-based IDEs. It is intended primarily to be used as a library to create modules for VSCode-based IDEs.
+
+```tf
+module "vscode-desktop-core" {
+  source  = "registry.coder.com/coder/vscode-desktop-core/coder"
+  version = "1.0.0"
+
+  agent_id = var.agent_id
+
+  coder_app_icon         = "/icon/code.svg"
+  coder_app_slug         = "vscode"
+  coder_app_display_name = "VS Code Desktop"
+  coder_app_order        = var.order
+  coder_app_group        = var.group
+
+  folder      = var.folder
+  open_recent = var.open_recent
+  protocol    = "vscode"
+}
+```
@@ -0,0 +1,100 @@
+import { describe, expect, it } from "bun:test";
+import {
+  runTerraformApply,
+  runTerraformInit,
+  testRequiredVariables,
+} from "~test";
+
+// hardcoded coder_app name in main.tf
+const appName = "vscode-desktop";
+
+const defaultVariables = {
+  agent_id: "foo",
+  coder_app_icon: "/icon/code.svg",
+  coder_app_slug: "vscode",
+  coder_app_display_name: "VS Code Desktop",
+  protocol: "vscode",
+}
+
+describe("vscode-desktop-core", async () => {
+  await runTerraformInit(import.meta.dir);
+
+  testRequiredVariables(import.meta.dir, defaultVariables);
+
+  it("default output", async () => {
+    const state = await runTerraformApply(import.meta.dir, defaultVariables);
+    expect(state.outputs.ide_uri.value).toBe(
+      `${defaultVariables.protocol}://coder.coder-remote/open?owner=default&workspace=default&url=https://mydeployment.coder.com&token=$SESSION_TOKEN`,
+    );
+
+    const coder_app = state.resources.find(
+      (res) => res.type === "coder_app" && res.name === appName,
+    );
+
+    expect(coder_app).not.toBeNull();
+    expect(coder_app?.instances.length).toBe(1);
+    expect(coder_app?.instances[0].attributes.order).toBeNull();
+  });
+
+  it("adds folder", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      folder: "/foo/bar",
+
+      ...defaultVariables
+    });
+
+    expect(state.outputs.ide_uri.value).toBe(
+      `${defaultVariables.protocol}://coder.coder-remote/open?owner=default&workspace=default&folder=/foo/bar&url=https://mydeployment.coder.com&token=$SESSION_TOKEN`,
+    );
+  });
+
+  it("adds folder and open_recent", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      folder: "/foo/bar",
+      open_recent: "true",
+
+      ...defaultVariables,
+    });
+    expect(state.outputs.ide_uri.value).toBe(
+      `${defaultVariables.protocol}://coder.coder-remote/open?owner=default&workspace=default&folder=/foo/bar&openRecent&url=https://mydeployment.coder.com&token=$SESSION_TOKEN`,
+    );
+  });
+
+  it("adds folder but not open_recent", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      folder: "/foo/bar",
+      openRecent: "false",
+
+      ...defaultVariables,
+    });
+    expect(state.outputs.ide_uri.value).toBe(
+      `${defaultVariables.protocol}://coder.coder-remote/open?owner=default&workspace=default&folder=/foo/bar&url=https://mydeployment.coder.com&token=$SESSION_TOKEN`,
+    );
+  });
+
+  it("adds open_recent", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      open_recent: "true",
+
+      ...defaultVariables,
+    });
+    expect(state.outputs.ide_uri.value).toBe(
+      `${defaultVariables.protocol}://coder.coder-remote/open?owner=default&workspace=default&openRecent&url=https://mydeployment.coder.com&token=$SESSION_TOKEN`,
+    );
+  });
+
+  it("expect order to be set", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      coder_app_order: "22",
+      ...defaultVariables
+    });
+
+    const coder_app = state.resources.find(
+      (res) => res.type === "coder_app" && res.name === appName,
+    );
+
+    expect(coder_app).not.toBeNull();
+    expect(coder_app?.instances.length).toBe(1);
+    expect(coder_app?.instances[0].attributes.order).toBe(22);
+  });
+});
@@ -0,0 +1,92 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+      version = ">= 2.5"
+    }
+  }
+}
+
+variable "agent_id" {
+  type        = string
+  description = "The ID of a Coder agent."
+}
+
+variable "folder" {
+  type        = string
+  description = "The folder to open in the IDE."
+  default     = ""
+}
+
+variable "open_recent" {
+  type        = bool
+  description = "Open the most recent workspace or folder. Falls back to the folder if there is no recent workspace or folder to open."
+  default     = false
+}
+
+variable "protocol" {
+  type        = string
+  description = "The URI protocol for the IDE."
+}
+
+variable "coder_app_icon" {
+  type        = string
+  description = "The icon of the coder_app."
+}
+
+variable "coder_app_slug" {
+  type        = string
+  description = "The slug of the coder_app."
+}
+
+variable "coder_app_display_name" {
+  type        = string
+  description = "The display name of the coder_app."
+}
+
+variable "coder_app_order" {
+  type        = number
+  description = "The order of the coder_app."
+  default     = null
+}
+
+variable "coder_app_group" {
+  type        = string
+  description = "The group of the coder_app."
+  default     = null
+}
+
+data "coder_workspace" "me" {}
+data "coder_workspace_owner" "me" {}
+
+resource "coder_app" "vscode-desktop" {
+  agent_id = var.agent_id
+  external = true
+
+  icon         = var.coder_app_icon
+  slug         = var.coder_app_slug
+  display_name = var.coder_app_display_name
+
+  order = var.coder_app_order
+  group = var.coder_app_group
+
+  # While the call to "join" is not strictly necessary, it makes the URL more readable.
+  url = join("", [
+    "${var.protocol}://coder.coder-remote/open",
+    "?owner=${data.coder_workspace_owner.me.name}",
+    "&workspace=${data.coder_workspace.me.name}",
+    var.folder != "" ? join("", ["&folder=", var.folder]) : "",
+    var.open_recent ? "&openRecent" : "",
+    "&url=${data.coder_workspace.me.access_url}",
+    # NOTE: There is a protocol whitelist for the token replacement, so this will only work with the protocols hardcoded in the front-end.
+    # (https://github.com/coder/coder/blob/6ba4b5bbc95e2e528d7f5b1e31fffa200ae1a6db/site/src/modules/apps/apps.ts#L18)
+    "&token=$SESSION_TOKEN",
+  ])
+}
+
+output "ide_uri" {
+  value       = coder_app.vscode-desktop.url
+  description = "IDE URI."
+}
@@ -19,7 +19,7 @@ Zed is a high-performance, multiplayer code editor from the creators of Atom and
 module "zed" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/zed/coder"
-  version  = "1.0.1"
+  version  = "1.1.0"
  agent_id = coder_agent.example.id
 }
 ```
@@ -32,7 +32,7 @@ module "zed" {
 module "zed" {
  count    = data.coder_workspace.me.start_count
  source   = "registry.coder.com/coder/zed/coder"
-  version  = "1.0.1"
+  version  = "1.1.0"
  agent_id = coder_agent.example.id
  folder   = "/home/coder/project"
 }
@@ -44,7 +44,7 @@ module "zed" {
 module "zed" {
  count        = data.coder_workspace.me.start_count
  source       = "registry.coder.com/coder/zed/coder"
-  version      = "1.0.1"
+  version      = "1.1.0"
  agent_id     = coder_agent.example.id
  display_name = "Zed Editor"
  order        = 1
@@ -57,8 +57,36 @@ module "zed" {
 module "zed" {
  count      = data.coder_workspace.me.start_count
  source     = "registry.coder.com/coder/zed/coder"
-  version    = "1.0.1"
+  version    = "1.1.0"
  agent_id   = coder_agent.example.id
  agent_name = coder_agent.example.name
 }
 ```
+
+### Configure Zed settings including MCP servers
+
+Zed stores settings at `~/.config/zed/settings.json` by default. If `XDG_CONFIG_HOME` is set on Linux, settings will be at `$XDG_CONFIG_HOME/zed/settings.json`.
+
+You can declaratively set/merge settings with the `settings` input. Provide a JSON string (e.g., via `jsonencode(...)`). For example, to configure MCP servers:
+
+```tf
+module "zed" {
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/coder/zed/coder"
+  version  = "1.1.0"
+  agent_id = coder_agent.example.id
+
+  settings = jsonencode({
+    context_servers = {
+      your-mcp-server = {
+        source  = "custom"
+        command = "some-command"
+        args    = ["arg-1", "arg-2"]
+        env     = {}
+      }
+    }
+  })
+}
+```
+
+See Zed’s settings files documentation: https://zed.dev/docs/configuring-zed#settings-files
@@ -50,7 +50,14 @@ variable "display_name" {
  default     = "Zed"
 }

+variable "settings" {
+  type        = string
+  description = "JSON encoded settings.json"
+  default     = ""
+}
+
 data "coder_workspace" "me" {}
+
 data "coder_workspace_owner" "me" {}

 locals {
@@ -60,6 +67,30 @@ locals {
  hostname       = var.agent_name != "" ? "${local.agent_name}.${local.workspace_name}.${local.owner_name}.coder" : "${local.workspace_name}.coder"
 }

+resource "coder_script" "zed_settings" {
+  agent_id     = var.agent_id
+  display_name = "Configure Zed settings"
+  icon         = "/icon/zed.svg"
+  run_on_start = true
+  script       = <<-EOT
+    set -eu
+    SETTINGS_JSON='${replace(var.settings, "\"", "\\\"")}'
+    if [ -z "$${SETTINGS_JSON}" ] || [ "$${SETTINGS_JSON}" = "{}" ]; then
+      exit 0
+    fi
+    CONFIG_HOME="$${XDG_CONFIG_HOME:-$HOME/.config}"
+    ZED_DIR="$${CONFIG_HOME}/zed"
+    mkdir -p "$${ZED_DIR}"
+    SETTINGS_FILE="$${ZED_DIR}/settings.json"
+    if command -v jq >/dev/null 2>&1 && [ -s "$${SETTINGS_FILE}" ]; then
+      tmpfile="$(mktemp)"
+      jq -s '.[0] * .[1]' "$${SETTINGS_FILE}" <(printf '%s\n' "$${SETTINGS_JSON}") > "$${tmpfile}" && mv "$${tmpfile}" "$${SETTINGS_FILE}"
+    else
+      printf '%s\n' "$${SETTINGS_JSON}" > "$${SETTINGS_FILE}"
+    fi
+  EOT
+}
+
 resource "coder_app" "zed" {
  agent_id     = var.agent_id
  display_name = var.display_name
@@ -0,0 +1,40 @@
+run "default_output" {
+  command = apply
+
+  variables {
+    agent_id = "foo"
+  }
+
+  assert {
+    condition     = output.zed_url == "zed://ssh/default.coder"
+    error_message = "zed_url did not match expected default URL"
+  }
+}
+
+run "adds_folder" {
+  command = apply
+
+  variables {
+    agent_id = "foo"
+    folder   = "/foo/bar"
+  }
+
+  assert {
+    condition     = output.zed_url == "zed://ssh/default.coder/foo/bar"
+    error_message = "zed_url did not include provided folder path"
+  }
+}
+
+run "adds_agent_name" {
+  command = apply
+
+  variables {
+    agent_id   = "foo"
+    agent_name = "myagent"
+  }
+
+  assert {
+    condition     = output.zed_url == "zed://ssh/myagent.default.default.coder"
+    error_message = "zed_url did not include agent_name in hostname"
+  }
+}
@@ -1,7 +1,7 @@
 ---
 display_name: "Eric Paulsen"
 bio: "Field CTO, EMEA @ Coder"
-avatar_url: "./.images/avatar.png"
+avatar: "./.images/avatar.png"
 github: "ericpaulsen"
 linkedin: "https://www.linkedin.com/in/ericpaulsen17" # Optional
 website: "https://ericpaulsen.io" # Optional
@@ -0,0 +1,32 @@
+---
+display_name: "Mark Milligan"
+bio: "VP of Revenue  at https://nuon.co. Former VP of Sales at Coder. Love building startup revenue teams and tinkering with technology."
+avatar: "./.images/avatar.png"
+github: "sharkymark"
+linkedin: "https://www.linkedin.com/in/marktmilligan" # Optional
+website: "https://markmilligan.io" # Optional
+support_email: "mtm20176@gmail.com" # Optional
+status: "community"
+---
+
+# Mark Milligan
+
+Former VP of Sales at Coder for 4 years, and now VP of Revenue at Nuon. I love building startup revenue teams and tinkering with technology.
+
+## About Me
+
+Visit my [website](https://markmilligan.io) to learn more about my work and interests.
+
+## Links
+
+[My presentation about Great White Sharks](https://docs.google.com/presentation/d/13I3Af7l-ZSVCh-ovEvOKIM30ABIvNKhkRC3CnYZN450/edit?slide=id.p#slide=id.p) - given twice in 2020 and 2021 to the Coder team.
+
+[NOAA Radar](https://radar.weather.gov/)
+
+[Flight Radar](https://www.flightradar24.com/airport/aus)
+
+### Webcams
+
+[Austin - facing south](https://cctv.austinmobility.io/image/51.jpg)
+
+[Austin - facing north](https://cctv.austinmobility.io/image/52.jpg)
@@ -0,0 +1,34 @@
+---
+display_name: "Claude Code AI Agent Template"
+description: The goal is to try the experimental ai agent integration with Claude CodeAI agent
+icon: "../../../../.icons/claude.svg"
+verified: false
+tags: ["ai", "docker", "container", "claude", "agent", "tasks"]
+---
+
+# ai agent template for a workspace in a container on a Docker host
+
+### Docker image
+
+1. Based on Coder-managed image `codercom/example-universal:ubuntu`
+
+[Image on DockerHub](https://hub.docker.com/r/codercom/example-universal)
+
+### Apps included
+
+1. A web-based terminal
+1. code-server Web IDE
+1. A [sample app](https://github.com/gothinkster/realworld) to test the environment
+1. [Claude Code AI agent](https://www.anthropic.com/claude-code) to assist with development tasks
+
+### Resources
+
+[Coder docs on AI agents and tasks](https://coder.com/docs/ai-coder/tasks)
+
+[main.tf for Coder example](https://github.com/coder/registry/blob/main/registry/coder-labs/templates/tasks-docker/main.tf)
+
+[Claude Code Coder Terraform module](https://registry.coder.com/modules/coder/claude-code)
+
+[Docker Terraform provider](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs)
+
+[Coder Terraform provider](https://registry.terraform.io/providers/coder/coder/latest/docs)
@@ -0,0 +1,363 @@
+terraform {
+  required_providers {
+    coder = {
+      source = "coder/coder"
+    }
+    docker = {
+      source = "kreuzwerker/docker"
+    }
+  }
+}
+
+provider "docker" {
+  host = var.socket
+}
+
+provider "coder" {
+}
+
+data "coder_workspace" "me" {
+}
+
+data "coder_workspace_owner" "me" {
+}
+
+data "coder_provisioner" "me" {
+}
+
+variable "socket" {
+  type        = string
+  description = <<-EOF
+  The Unix socket that the Docker daemon listens on and how containers
+  communicate with the Docker daemon.
+
+  Either Unix or TCP
+  e.g., unix:///var/run/docker.sock
+
+  EOF
+  default     = "unix:///var/run/docker.sock"
+}
+
+variable "anthropic_api_key" {
+  type        = string
+  description = "Generate one at: https://console.anthropic.com/settings/keys"
+  sensitive   = true
+}
+
+resource "coder_env" "anthropic_api_key" {
+  agent_id = coder_agent.dev.id
+  name     = "CODER_MCP_CLAUDE_API_KEY"
+  value    = var.anthropic_api_key
+}
+
+# The Claude Code module does the automatic task reporting
+# Other agent modules: https://registry.coder.com/modules?search=agent
+# Or use a custom agent:  
+module "claude-code" {
+  count               = data.coder_workspace.me.start_count
+  source              = "registry.coder.com/coder/claude-code/coder"
+  version             = "2.0.0"
+  agent_id            = coder_agent.dev.id
+  folder              = "/home/coder/projects"
+  install_claude_code = true
+  claude_code_version = "latest"
+  order               = 999
+
+  experiment_post_install_script = data.coder_parameter.setup_script.value
+
+  # This enables Coder Tasks
+  experiment_report_tasks = true
+}
+
+# We are using presets to set the prompts, image, and set up instructions
+# See https://coder.com/docs/admin/templates/extending-templates/parameters#workspace-presets
+data "coder_workspace_preset" "default" {
+  name    = "Real World App: Angular + Django"
+  default = true
+  parameters = {
+    "system_prompt" = <<-EOT
+      -- Framing --
+      You are a helpful assistant that can help with code. You are running inside a Coder Workspace and provide status updates to the user via Coder MCP. Stay on track, feel free to debug, but when the original plan fails, do not choose a different route/architecture without checking the user first.
+
+      -- Tool Selection --
+      - playwright: previewing your changes after you made them
+        to confirm it worked as expected
+	    -	desktop-commander - use only for commands that keep running
+        (servers, dev watchers, GUI apps).
+      -	Built-in tools - use for everything else:
+       (file operations, git commands, builds & installs, one-off shell commands)
+	    
+      Remember this decision rule:
+      - Stays running? → desktop-commander
+      - Finishes immediately? → built-in tools
+      
+      -- Context --
+      There is an existing app and tmux dev server running on port 8000. Be sure to read it's CLAUDE.md (./realworld-django-rest-framework-angular/CLAUDE.md) to learn more about it. 
+
+      Since this app is for demo purposes and the user is previewing the homepage and subsequent pages, aim to make the first visual change/prototype very quickly so the user can preview it, then focus on backend or logic which can be a more involved, long-running architecture plan.
+
+    EOT
+
+    "setup_script"    = <<-EOT
+    # Set up projects dir
+    mkdir -p /home/coder/projects
+    cd $HOME/projects
+
+    # Packages: Install additional packages
+    sudo apt-get update && sudo apt-get install -y tmux
+    if ! command -v google-chrome >/dev/null 2>&1; then
+      yes | npx playwright install chrome
+    fi
+
+    # MCP: Install and configure MCP Servers
+    npm install -g @wonderwhy-er/desktop-commander
+    claude mcp add playwright npx -- @playwright/mcp@latest --headless --isolated --no-sandbox
+    claude mcp add desktop-commander desktop-commander
+
+    # Repo: Clone and pull changes from the git repository
+    if [ ! -d "realworld-django-rest-framework-angular" ]; then
+      git clone https://github.com/coder-contrib/realworld-django-rest-framework-angular.git
+    else
+      cd realworld-django-rest-framework-angular
+      git fetch
+      # Check for uncommitted changes
+      if git diff-index --quiet HEAD -- && \
+        [ -z "$(git status --porcelain --untracked-files=no)" ] && \
+        [ -z "$(git log --branches --not --remotes)" ]; then
+        echo "Repo is clean. Pulling latest changes..."
+        git pull
+      else
+        echo "Repo has uncommitted or unpushed changes. Skipping pull."
+      fi
+
+      cd ..
+    fi
+
+    # Initialize: Start the development server
+    cd realworld-django-rest-framework-angular && ./start-dev.sh
+    EOT
+    "preview_port"    = "4200"
+    "container_image" = "codercom/example-universal:ubuntu"
+  }
+}
+
+# Advanced parameters (these are all set via preset)
+data "coder_parameter" "system_prompt" {
+  name         = "system_prompt"
+  display_name = "System Prompt"
+  type         = "string"
+  form_type    = "textarea"
+  description  = "System prompt for the agent with generalized instructions"
+  mutable      = false
+}
+data "coder_parameter" "ai_prompt" {
+  type        = "string"
+  name        = "AI Prompt"
+  default     = ""
+  description = "Write a prompt for Claude Code"
+  mutable     = true
+}
+data "coder_parameter" "setup_script" {
+  name         = "setup_script"
+  display_name = "Setup Script"
+  type         = "string"
+  form_type    = "textarea"
+  description  = "Script to run before running the agent"
+  mutable      = false
+}
+data "coder_parameter" "container_image" {
+  name         = "container_image"
+  display_name = "Container Image"
+  type         = "string"
+  default      = "codercom/example-universal:ubuntu"
+  mutable      = false
+}
+data "coder_parameter" "preview_port" {
+  name         = "preview_port"
+  display_name = "Preview Port"
+  description  = "The port the web app is running to preview in Tasks"
+  type         = "number"
+  default      = "3000"
+  mutable      = false
+}
+
+# Other variables for Claude Code
+resource "coder_env" "claude_task_prompt" {
+  agent_id = coder_agent.dev.id
+  name     = "CODER_MCP_CLAUDE_TASK_PROMPT"
+  value    = data.coder_parameter.ai_prompt.value
+}
+resource "coder_env" "app_status_slug" {
+  agent_id = coder_agent.dev.id
+  name     = "CODER_MCP_APP_STATUS_SLUG"
+  value    = "claude-code"
+}
+resource "coder_env" "claude_system_prompt" {
+  agent_id = coder_agent.dev.id
+  name     = "CODER_MCP_CLAUDE_SYSTEM_PROMPT"
+  value    = data.coder_parameter.system_prompt.value
+}
+
+module "coder-login" {
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/modules/coder-login/coder"
+  agent_id = coder_agent.dev.id
+}
+
+module "dotfiles" {
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/modules/dotfiles/coder"
+  agent_id = coder_agent.dev.id
+}
+
+module "code-server" {
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/modules/code-server/coder"
+  agent_id = coder_agent.dev.id
+  folder   = "/home/coder/projects"
+}
+
+module "git-config" {
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/modules/git-config/coder"
+  agent_id = coder_agent.dev.id
+}
+
+resource "coder_agent" "dev" {
+  arch = data.coder_provisioner.me.arch
+  os   = "linux"
+
+  # The following metadata blocks are optional. They are used to display
+  # information about your workspace in the dashboard. You can remove them
+  # if you don't want to display any information.
+  # For basic resources, you can use the `coder stat` command.
+  # If you need more control, you can write your own script.
+
+  metadata {
+    display_name = "CPU Usage"
+    key          = "0_cpu_usage"
+    script       = "coder stat cpu"
+    interval     = 10
+    timeout      = 1
+  }
+
+  metadata {
+    display_name = "RAM Usage"
+    key          = "1_ram_usage"
+    script       = "coder stat mem"
+    interval     = 10
+    timeout      = 1
+  }
+
+  metadata {
+    display_name = "Home Disk"
+    key          = "3_home_disk"
+    script       = "coder stat disk --path $${HOME}"
+    interval     = 60
+    timeout      = 1
+  }
+
+  metadata {
+    display_name = "CPU Usage (Host)"
+    key          = "4_cpu_usage_host"
+    script       = "coder stat cpu --host"
+    interval     = 10
+    timeout      = 1
+  }
+
+  metadata {
+    display_name = "Memory Usage (Host)"
+    key          = "5_mem_usage_host"
+    script       = "coder stat mem --host"
+    interval     = 10
+    timeout      = 1
+  }
+
+  display_apps {
+    vscode                 = true
+    vscode_insiders        = false
+    ssh_helper             = false
+    port_forwarding_helper = true
+    web_terminal           = true
+  }
+
+  startup_script_behavior = "non-blocking"
+  connection_timeout      = 300
+
+  env = {
+
+    GIT_AUTHOR_NAME     = coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name)
+    GIT_AUTHOR_EMAIL    = "${data.coder_workspace_owner.me.email}"
+    GIT_COMMITTER_NAME  = coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name)
+    GIT_COMMITTER_EMAIL = "${data.coder_workspace_owner.me.email}"
+  }
+
+  startup_script = <<EOT
+#!/bin/sh
+
+EOT
+
+}
+
+resource "coder_app" "preview" {
+  agent_id     = coder_agent.dev.id
+  slug         = "preview"
+  display_name = "Preview your app"
+  icon         = "${data.coder_workspace.me.access_url}/emojis/1f50e.png"
+  url          = "http://localhost:${data.coder_parameter.preview_port.value}"
+  share        = "authenticated"
+  subdomain    = true
+  open_in      = "tab"
+  order        = 0
+  healthcheck {
+    url       = "http://localhost:${data.coder_parameter.preview_port.value}/"
+    interval  = 5
+    threshold = 15
+  }
+}
+
+resource "docker_container" "workspace" {
+  count = data.coder_workspace.me.start_count
+  image = data.coder_parameter.container_image.value
+  # Uses lower() to avoid Docker restriction on container names.
+  name     = "coder-${data.coder_workspace_owner.me.name}-${lower(data.coder_workspace.me.name)}"
+  hostname = lower(data.coder_workspace.me.name)
+  dns      = ["1.1.1.1"]
+
+  # Use the docker gateway if the access URL is 127.0.0.1
+  #entrypoint = ["sh", "-c", replace(coder_agent.dev.init_script, "127.0.0.1", "host.docker.internal")]
+
+  # Use the docker gateway if the access URL is 127.0.0.1
+  command = [
+    "sh", "-c",
+    <<EOT
+    trap '[ $? -ne 0 ] && echo === Agent script exited with non-zero code. Sleeping infinitely to preserve logs... && sleep infinity' EXIT
+    ${replace(coder_agent.dev.init_script, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal")}
+    EOT
+  ]
+
+
+  env = ["CODER_AGENT_TOKEN=${coder_agent.dev.token}"]
+  volumes {
+    container_path = "/home/coder/"
+    volume_name    = docker_volume.coder_volume.name
+    read_only      = false
+  }
+  host {
+    host = "host.docker.internal"
+    ip   = "host-gateway"
+  }
+}
+
+resource "docker_volume" "coder_volume" {
+  name = "coder-${data.coder_workspace_owner.me.name}-${data.coder_workspace.me.name}"
+}
+
+resource "coder_metadata" "workspace_info" {
+  count       = data.coder_workspace.me.start_count
+  resource_id = docker_container.workspace[0].id
+  item {
+    key   = "image"
+    value = data.coder_parameter.container_image.value
+  }
+}
@@ -0,0 +1,664 @@
+#!/bin/bash
+
+# Tag Release Script
+# Automatically detects modules that need tagging and creates release tags
+# Usage: ./tag_release.sh [OPTIONS]
+# Operates on the current checked-out commit
+
+set -euo pipefail
+
+MODULES_TO_TAG=()
+AUTO_APPROVE=false
+DRY_RUN=false
+VERBOSE=false
+QUIET=false
+OUTPUT_FORMAT="plain"
+TARGET_NAMESPACE=""
+TARGET_MODULE=""
+SKIP_PUSH=false
+
+JSON_OUTPUT='{
+  "metadata": {},
+  "summary": {},
+  "modules": [],
+  "warnings": [],
+  "errors": []
+}'
+
+readonly EXIT_SUCCESS=0
+readonly EXIT_ERROR=1
+readonly EXIT_NO_ACTION_NEEDED=2
+readonly EXIT_VALIDATION_FAILED=3
+
+usage() {
+  cat << EOF
+Usage: $0 [OPTIONS]
+
+OPTIONS:
+  -y, --auto-approve       Skip confirmation prompt
+  -d, --dry-run           Preview without creating tags
+  -v, --verbose           Detailed output
+  -q, --quiet             Minimal output
+  -f, --format=FORMAT     Output format: 'plain' or 'json'
+  -n, --namespace=NAME    Target specific namespace
+  -m, --module=NAME       Target specific module
+  -s, --skip-push         Create tags but don't push
+  -h, --help              Show this help
+
+EXAMPLES:
+  $0                      # Interactive mode
+  $0 -y -q -f json        # CI/CD automation
+  $0 -d -v                # Test with verbose output
+  $0 -m code-server -d    # Target specific module
+  $0 -n coder -m code-server -d  # Target module in namespace
+
+Exit codes: 0=success, 1=error, 2=no action needed, 3=validation failed
+EOF
+  exit 0
+}
+
+log() {
+  local level="$1"
+  shift
+  local message="$*"
+  local timestamp
+  timestamp=$(date -u '+%Y-%m-%dT%H:%M:%SZ')
+
+  case "$level" in
+    "ERROR")
+      if [[ "$OUTPUT_FORMAT" == "json" ]]; then
+        add_json_error "script_error" "$message"
+      elif [[ "$QUIET" != "true" ]]; then
+        echo "❌ $message" >&2
+      fi
+      ;;
+    "WARN")
+      if [[ "$OUTPUT_FORMAT" == "json" ]]; then
+        add_json_warning "" "$message" "warning"
+      elif [[ "$QUIET" != "true" ]]; then
+        echo "⚠️  $message" >&2
+      fi
+      ;;
+    "INFO")
+      if [[ "$QUIET" != "true" && "$OUTPUT_FORMAT" != "json" ]]; then
+        echo "$message"
+      fi
+      ;;
+    "SUCCESS")
+      if [[ "$QUIET" != "true" && "$OUTPUT_FORMAT" != "json" ]]; then
+        echo "✅ $message"
+      fi
+      ;;
+    "DEBUG")
+      if [[ "$VERBOSE" == "true" && "$OUTPUT_FORMAT" != "json" ]]; then
+        echo "🔍 [$timestamp] $message" >&2
+      fi
+      ;;
+  esac
+}
+
+add_json_error() {
+  local type="$1"
+  local message="$2"
+  local details="${3:-}"
+  local exit_code="${4:-1}"
+
+  JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq --arg type "$type" --arg msg "$message" --arg details "$details" --argjson code "$exit_code" \
+    '.errors += [{"type": $type, "message": $msg, "details": $details, "exit_code": $code}]')
+}
+
+add_json_warning() {
+  local module="$1"
+  local message="$2"
+  local type="$3"
+
+  JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq --arg module "$module" --arg msg "$message" --arg type "$type" \
+    '.warnings += [{"module": $module, "message": $msg, "type": $type}]')
+}
+
+add_json_module() {
+  local namespace="$1"
+  local module_name="$2"
+  local path="$3"
+  local version="$4"
+  local tag_name="$5"
+  local status="$6"
+  local already_existed="$7"
+
+  JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq --arg ns "$namespace" --arg name "$module_name" --arg path "$path" \
+    --arg version "$version" --arg tag "$tag_name" --arg status "$status" --argjson existed "$already_existed" \
+    '.modules += [{"namespace": $ns, "module_name": $name, "path": $path, "version": $version, "tag_name": $tag, "status": $status, "already_existed": $existed}]')
+}
+
+parse_arguments() {
+  while [[ $# -gt 0 ]]; do
+    case $1 in
+      -y | --auto-approve)
+        AUTO_APPROVE=true
+        shift
+        ;;
+      -d | --dry-run)
+        DRY_RUN=true
+        shift
+        ;;
+      -v | --verbose)
+        VERBOSE=true
+        shift
+        ;;
+      -q | --quiet)
+        QUIET=true
+        shift
+        ;;
+      -f | --format=* | --format)
+        if [[ "$1" == "-f" || "$1" == "--format" ]]; then
+          if [[ -z "$2" ]]; then
+            log "ERROR" "Option $1 requires a value"
+            exit $EXIT_ERROR
+          fi
+          OUTPUT_FORMAT="$2"
+          shift 2
+        else
+          OUTPUT_FORMAT="${1#*=}"
+          shift
+        fi
+        if [[ "$OUTPUT_FORMAT" != "plain" && "$OUTPUT_FORMAT" != "json" ]]; then
+          log "ERROR" "Invalid format '$OUTPUT_FORMAT'. Must be 'plain' or 'json'"
+          exit $EXIT_ERROR
+        fi
+        ;;
+      -n | --namespace=* | --namespace)
+        if [[ "$1" == "-n" || "$1" == "--namespace" ]]; then
+          if [[ -z "$2" ]]; then
+            log "ERROR" "Option $1 requires a value"
+            exit $EXIT_ERROR
+          fi
+          TARGET_NAMESPACE="$2"
+          shift 2
+        else
+          TARGET_NAMESPACE="${1#*=}"
+          shift
+        fi
+        ;;
+      -m | --module=* | --module)
+        if [[ "$1" == "-m" || "$1" == "--module" ]]; then
+          if [[ -z "$2" ]]; then
+            log "ERROR" "Option $1 requires a value"
+            exit $EXIT_ERROR
+          fi
+          TARGET_MODULE="$2"
+          shift 2
+        else
+          TARGET_MODULE="${1#*=}"
+          shift
+        fi
+        ;;
+      -s | --skip-push)
+        SKIP_PUSH=true
+        shift
+        ;;
+      -h | --help)
+        usage
+        ;;
+      *)
+        log "ERROR" "Unknown option: $1"
+        echo "Use --help for usage information."
+        exit $EXIT_ERROR
+        ;;
+    esac
+  done
+
+  if [[ "$VERBOSE" == "true" && "$QUIET" == "true" ]]; then
+    echo "❌ --verbose and --quiet cannot be used together" >&2
+    exit $EXIT_ERROR
+  fi
+}
+
+validate_version() {
+  local version="$1"
+  if ! [[ "$version" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+    log "DEBUG" "Invalid version format: '$version'. Expected X.Y.Z format."
+    return 1
+  fi
+  return 0
+}
+
+extract_version_from_readme() {
+  local readme_path="$1"
+  local namespace="$2"
+  local module_name="$3"
+
+  log "DEBUG" "Extracting version from $readme_path for $namespace/$module_name"
+
+  [ ! -f "$readme_path" ] && {
+    log "DEBUG" "README file not found: $readme_path"
+    return 1
+  }
+
+  local version_line
+  version_line=$(grep -E "source\s*=\s*\"registry\.coder\.com/${namespace}/${module_name}" "$readme_path" | head -1 || echo "")
+
+  if [ -n "$version_line" ]; then
+    local version
+    version=$(echo "$version_line" | sed -n 's/.*version\s*=\s*"\([^"]*\)".*/\1/p')
+    if [ -n "$version" ]; then
+      log "DEBUG" "Found version '$version' from source line: $version_line"
+      echo "$version"
+      return 0
+    fi
+  fi
+
+  local fallback_version
+  fallback_version=$(grep -E 'version\s*=\s*"[0-9]+\.[0-9]+\.[0-9]+"' "$readme_path" | head -1 | sed 's/.*version\s*=\s*"\([^"]*\)".*/\1/' || echo "")
+
+  if [ -n "$fallback_version" ]; then
+    log "DEBUG" "Found fallback version '$fallback_version'"
+    echo "$fallback_version"
+    return 0
+  fi
+
+  log "DEBUG" "No version found in $readme_path"
+  return 1
+}
+
+check_module_needs_tagging() {
+  local namespace="$1"
+  local module_name="$2"
+  local readme_version="$3"
+
+  local tag_name="release/${namespace}/${module_name}/v${readme_version}"
+
+  log "DEBUG" "Checking if tag exists: $tag_name"
+
+  if git rev-parse --verify "$tag_name" > /dev/null 2>&1; then
+    log "DEBUG" "Tag $tag_name already exists"
+    return 1
+  else
+    log "DEBUG" "Tag $tag_name needs to be created"
+    return 0
+  fi
+}
+
+should_process_module() {
+  local namespace="$1"
+  local module_name="$2"
+
+  if [[ -n "$TARGET_NAMESPACE" && "$TARGET_NAMESPACE" != "$namespace" ]]; then
+    log "DEBUG" "Skipping $namespace/$module_name: namespace filter"
+    return 1
+  fi
+
+  if [[ -n "$TARGET_MODULE" && "$TARGET_MODULE" != "$module_name" ]]; then
+    log "DEBUG" "Skipping $namespace/$module_name: module filter"
+    return 1
+  fi
+
+  return 0
+}
+
+detect_modules_needing_tags() {
+  MODULES_TO_TAG=()
+
+  log "INFO" "🔍 Scanning all modules for missing release tags..."
+  if [[ "$OUTPUT_FORMAT" != "json" ]]; then
+    echo ""
+  fi
+
+  local all_modules
+  all_modules=$(find registry -mindepth 3 -maxdepth 3 -type d -path "*/modules/*" | sort -u || echo "")
+
+  [ -z "$all_modules" ] && {
+    log "ERROR" "No modules found to check"
+    return $EXIT_ERROR
+  }
+
+  local total_checked=0
+  local needs_tagging=0
+  local already_tagged=0
+  local skipped=0
+
+  while IFS= read -r module_path; do
+    if [ -z "$module_path" ]; then continue; fi
+
+    local namespace
+    namespace=$(echo "$module_path" | cut -d'/' -f2)
+    local module_name
+    module_name=$(echo "$module_path" | cut -d'/' -f4)
+
+    if ! should_process_module "$namespace" "$module_name"; then
+      skipped=$((skipped + 1))
+      continue
+    fi
+
+    total_checked=$((total_checked + 1))
+
+    local readme_path="$module_path/README.md"
+    local readme_version
+
+    if ! readme_version=$(extract_version_from_readme "$readme_path" "$namespace" "$module_name"); then
+      log "WARN" "$namespace/$module_name: No version found in README, skipping"
+      add_json_warning "$namespace/$module_name" "No version found in README, skipping" "missing_version"
+      skipped=$((skipped + 1))
+      continue
+    fi
+
+    if ! validate_version "$readme_version"; then
+      log "WARN" "$namespace/$module_name: Invalid version format '$readme_version', skipping"
+      add_json_warning "$namespace/$module_name" "Invalid version format '$readme_version', skipping" "invalid_version"
+      skipped=$((skipped + 1))
+      continue
+    fi
+
+    local tag_name="release/$namespace/$module_name/v$readme_version"
+
+    if check_module_needs_tagging "$namespace" "$module_name" "$readme_version"; then
+      log "INFO" "📦 $namespace/$module_name: v$readme_version (needs tag)"
+      MODULES_TO_TAG+=("$module_path:$namespace:$module_name:$readme_version")
+      needs_tagging=$((needs_tagging + 1))
+
+      local status="needs_tagging"
+      if [[ "$DRY_RUN" == "true" ]]; then
+        status="would_be_tagged"
+      fi
+      add_json_module "$namespace" "$module_name" "$module_path" "$readme_version" "$tag_name" "$status" false
+    else
+      log "SUCCESS" "$namespace/$module_name: v$readme_version (already tagged)"
+      already_tagged=$((already_tagged + 1))
+      add_json_module "$namespace" "$module_name" "$module_path" "$readme_version" "$tag_name" "already_tagged" true
+    fi
+
+  done <<< "$all_modules"
+
+  JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq --argjson total "$total_checked" --argjson needs "$needs_tagging" \
+    --argjson tagged "$already_tagged" --argjson skip "$skipped" \
+    '.summary.total_scanned = $total | .summary.needs_tagging = $needs | .summary.already_tagged = $tagged | .summary.skipped = $skip')
+
+  if [[ "$OUTPUT_FORMAT" != "json" ]]; then
+    echo ""
+    log "INFO" "📊 Summary: $needs_tagging of $total_checked modules need tagging"
+    echo ""
+  fi
+
+  [ $needs_tagging -eq 0 ] && {
+    if [[ "$OUTPUT_FORMAT" != "json" ]]; then
+      log "SUCCESS" "🎉 All modules are up to date! No tags needed."
+    fi
+    JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq '.summary.operation_status = "no_action_needed"')
+    return $EXIT_NO_ACTION_NEEDED
+  }
+
+  if [[ "$OUTPUT_FORMAT" != "json" ]]; then
+    echo "## Tags to be created:"
+    for module_info in "${MODULES_TO_TAG[@]}"; do
+      IFS=':' read -r module_path namespace module_name version <<< "$module_info"
+      echo "- \`release/$namespace/$module_name/v$version\`"
+    done
+    echo ""
+  fi
+
+  return $EXIT_SUCCESS
+}
+
+pre_flight_checks() {
+  log "DEBUG" "Running pre-flight checks..."
+
+  if ! git rev-parse --git-dir > /dev/null 2>&1; then
+    log "ERROR" "Not in a git repository"
+    return $EXIT_ERROR
+  fi
+
+  if ! git remote get-url origin > /dev/null 2>&1; then
+    log "ERROR" "No 'origin' remote found"
+    return $EXIT_ERROR
+  fi
+
+  if [[ "$SKIP_PUSH" != "true" && "$DRY_RUN" != "true" ]]; then
+    log "DEBUG" "Testing remote connectivity..."
+    if ! git ls-remote --exit-code origin > /dev/null 2>&1; then
+      log "ERROR" "Cannot connect to remote repository"
+      return $EXIT_ERROR
+    fi
+  fi
+
+  if ! git rev-parse HEAD > /dev/null 2>&1; then
+    log "ERROR" "Cannot determine current commit"
+    return $EXIT_ERROR
+  fi
+
+  log "DEBUG" "Pre-flight checks passed"
+  return $EXIT_SUCCESS
+}
+
+create_and_push_tags() {
+  [ ${#MODULES_TO_TAG[@]} -eq 0 ] && {
+    log "ERROR" "No modules to tag found"
+    return $EXIT_ERROR
+  }
+
+  local current_commit
+  current_commit=$(git rev-parse HEAD)
+
+  if [[ "$DRY_RUN" == "true" ]]; then
+    log "INFO" "🏷️  [DRY RUN] Would create release tags for commit: $current_commit"
+    JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq '.summary.operation_status = "dry_run" | .summary.tags_created = 0 | .summary.tags_pushed = 0')
+    return $EXIT_SUCCESS
+  fi
+
+  log "INFO" "🏷️  Creating release tags for commit: $current_commit"
+  if [[ "$OUTPUT_FORMAT" != "json" ]]; then
+    echo ""
+  fi
+
+  local created_tags=0
+  local failed_tags=0
+  local created_tag_names=()
+
+  for module_info in "${MODULES_TO_TAG[@]}"; do
+    IFS=':' read -r module_path namespace module_name version <<< "$module_info"
+
+    local tag_name="release/$namespace/$module_name/v$version"
+    local tag_message="Release $namespace/$module_name v$version"
+
+    log "DEBUG" "Creating tag: $tag_name"
+    log "INFO" "Creating tag: $tag_name"
+
+    if git tag -a "$tag_name" -m "$tag_message" "$current_commit" 2> /dev/null; then
+      log "SUCCESS" "Created: $tag_name"
+      created_tags=$((created_tags + 1))
+      created_tag_names+=("$tag_name")
+
+      JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq --arg tag "$tag_name" \
+        '(.modules[] | select(.tag_name == $tag) | .status) = "tag_created"')
+    else
+      log "ERROR" "Failed to create: $tag_name"
+      add_json_error "tag_creation_failed" "Failed to create tag: $tag_name" "git tag -a $tag_name -m '$tag_message' $current_commit"
+      failed_tags=$((failed_tags + 1))
+
+      JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq --arg tag "$tag_name" \
+        '(.modules[] | select(.tag_name == $tag) | .status) = "tag_creation_failed"')
+    fi
+  done
+
+  if [[ "$OUTPUT_FORMAT" != "json" ]]; then
+    echo ""
+    log "INFO" "📊 Tag creation summary:"
+    log "INFO" "  Created: $created_tags"
+    log "INFO" "  Failed: $failed_tags"
+    echo ""
+  fi
+
+  [ $created_tags -eq 0 ] && {
+    log "ERROR" "No tags were created successfully"
+    JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq '.summary.operation_status = "failed" | .summary.tags_created = 0 | .summary.tags_pushed = 0')
+    return $EXIT_ERROR
+  }
+
+  JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq --argjson created "$created_tags" '.summary.tags_created = $created')
+
+  if [[ "$SKIP_PUSH" == "true" ]]; then
+    log "INFO" "🚫 Skipping push (--skip-push specified)"
+    JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq '.summary.operation_status = "tags_created_not_pushed" | .summary.tags_pushed = 0')
+    for tag_name in "${created_tag_names[@]}"; do
+      JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq --arg tag "$tag_name" \
+        '(.modules[] | select(.tag_name == $tag) | .status) = "tag_created_not_pushed"')
+    done
+    return $EXIT_SUCCESS
+  fi
+
+  log "INFO" "🚀 Pushing tags to origin..."
+
+  local tags_to_push=()
+  for tag_name in "${created_tag_names[@]}"; do
+    if git rev-parse --verify "$tag_name" > /dev/null 2>&1; then
+      tags_to_push+=("$tag_name")
+    fi
+  done
+
+  local pushed_tags=0
+  local failed_pushes=0
+
+  if [ ${#tags_to_push[@]} -eq 0 ]; then
+    log "ERROR" "No valid tags found to push"
+    JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq '.summary.operation_status = "failed" | .summary.tags_pushed = 0')
+  else
+    if git push --atomic origin "${tags_to_push[@]}" 2> /dev/null; then
+      log "SUCCESS" "Successfully pushed all ${#tags_to_push[@]} tags"
+      pushed_tags=${#tags_to_push[@]}
+
+      for tag_name in "${tags_to_push[@]}"; do
+        JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq --arg tag "$tag_name" \
+          '(.modules[] | select(.tag_name == $tag) | .status) = "tagged_and_pushed"')
+      done
+    else
+      log "ERROR" "Failed to push tags"
+      add_json_error "push_failed" "Failed to push tags to remote" "git push --atomic origin ${tags_to_push[*]}"
+      failed_pushes=${#tags_to_push[@]}
+
+      for tag_name in "${tags_to_push[@]}"; do
+        JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq --arg tag "$tag_name" \
+          '(.modules[] | select(.tag_name == $tag) | .status) = "tag_created_push_failed"')
+      done
+    fi
+  fi
+
+  JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq --argjson pushed "$pushed_tags" '.summary.tags_pushed = $pushed')
+
+  if [[ "$OUTPUT_FORMAT" != "json" ]]; then
+    echo ""
+    log "INFO" "📊 Push summary:"
+    log "INFO" "  Pushed: $pushed_tags"
+    log "INFO" "  Failed: $failed_pushes"
+    echo ""
+  fi
+
+  if [ $pushed_tags -gt 0 ]; then
+    if [[ "$OUTPUT_FORMAT" != "json" ]]; then
+      log "SUCCESS" "🎉 Successfully created and pushed $pushed_tags release tags!"
+      echo ""
+      log "INFO" "📝 Next steps:"
+      log "INFO" "  - Tags will be automatically published to registry.coder.com"
+      log "INFO" "  - Monitor the registry website for updates"
+      log "INFO" "  - Check GitHub releases for any issues"
+    fi
+    JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq '.summary.operation_status = "success"')
+    return $EXIT_SUCCESS
+  else
+    JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq '.summary.operation_status = "failed"')
+    return $EXIT_ERROR
+  fi
+}
+
+finalize_json_output() {
+  local timestamp
+  timestamp=$(date -u '+%Y-%m-%dT%H:%M:%SZ')
+  local current_commit
+  current_commit=$(git rev-parse HEAD 2> /dev/null || echo "unknown")
+  local command_line="$0 $*"
+
+  JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq --arg ts "$timestamp" --arg commit "$current_commit" \
+    --arg cmd "$command_line" \
+    '.metadata.timestamp = $ts | .metadata.commit = $commit | .metadata.command = $cmd')
+
+  echo "$JSON_OUTPUT"
+}
+
+main() {
+  parse_arguments "$@"
+
+  if [[ "$OUTPUT_FORMAT" == "json" ]]; then
+    if ! command -v jq > /dev/null 2>&1; then
+      echo '{"error": "jq is required for JSON output format but not found"}' >&2
+      exit $EXIT_ERROR
+    fi
+  fi
+
+  if [[ "$OUTPUT_FORMAT" != "json" ]]; then
+    log "INFO" "🚀 Coder Registry Tag Release Script"
+    log "INFO" "Operating on commit: $(git rev-parse HEAD 2> /dev/null || echo 'unknown')"
+    echo ""
+  fi
+
+  if ! pre_flight_checks; then
+    if [[ "$OUTPUT_FORMAT" == "json" ]]; then
+      JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq '.summary.operation_status = "preflight_failed"')
+      finalize_json_output "$@"
+    fi
+    exit $EXIT_ERROR
+  fi
+
+  local detect_exit_code
+  detect_modules_needing_tags
+  detect_exit_code=$?
+
+  case $detect_exit_code in
+    $EXIT_NO_ACTION_NEEDED)
+      if [[ "$OUTPUT_FORMAT" == "json" ]]; then
+        finalize_json_output "$@"
+      else
+        log "SUCCESS" "✨ No modules need tagging. All done!"
+      fi
+      exit $EXIT_SUCCESS
+      ;;
+    $EXIT_ERROR)
+      if [[ "$OUTPUT_FORMAT" == "json" ]]; then
+        JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq '.summary.operation_status = "scan_failed"')
+        finalize_json_output "$@"
+      fi
+      exit $EXIT_ERROR
+      ;;
+  esac
+
+  if [[ "$AUTO_APPROVE" != "true" && "$OUTPUT_FORMAT" != "json" && "$DRY_RUN" != "true" ]]; then
+    echo ""
+    log "INFO" "❓ Do you want to proceed with creating and pushing these release tags?"
+    log "INFO" "   This will create git tags and push them to the remote repository."
+    echo ""
+    read -p "Continue? [y/N]: " -r response
+
+    case "$response" in
+      [yY] | [yY][eE][sS])
+        echo ""
+        ;;
+      *)
+        echo ""
+        log "INFO" "🚫 Operation cancelled by user"
+        if [[ "$OUTPUT_FORMAT" == "json" ]]; then
+          JSON_OUTPUT=$(echo "$JSON_OUTPUT" | jq '.summary.operation_status = "cancelled_by_user"')
+          finalize_json_output "$@"
+        fi
+        exit $EXIT_SUCCESS
+        ;;
+    esac
+  fi
+
+  local create_exit_code
+  create_and_push_tags
+  create_exit_code=$?
+
+  if [[ "$OUTPUT_FORMAT" == "json" ]]; then
+    finalize_json_output "$@"
+  fi
+
+  exit $create_exit_code
+}
+
+main "$@"
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Find all directories that contain any .tftest.hcl files and run terraform test in each
+
+run_dir() {
+  local dir="$1"
+  echo "==> Running terraform test in $dir"
+  (cd "$dir" && terraform init -upgrade -input=false -no-color > /dev/null && terraform test -no-color -verbose)
+}
+
+mapfile -t test_dirs < <(find . -type f -name "*.tftest.hcl" -print0 | xargs -0 -I{} dirname {} | sort -u)
+
+if [[ ${#test_dirs[@]} -eq 0 ]]; then
+  echo "No .tftest.hcl tests found."
+  exit 0
+fi
+
+status=0
+for d in "${test_dirs[@]}"; do
+  if ! run_dir "$d"; then
+    status=1
+  fi
+done
+
+exit $status
@@ -247,8 +247,8 @@ export const runTerraformApply = async <TVars extends TerraformVariables>(
      "-compact-warnings",
      "-input=false",
      "-auto-approve",
-      "-state",
      "-no-color",
+      "-state",
      stateFile,
    ],
    {