feat: initial commit for restic

.github/scripts/version-bump.sh

@@ -77,19 +77,16 @@ update_readme_version() {
             in_target_module = 0
           }
         }
-        /^[[:space:]]*version[[:space:]]*=/ {
+        /version.*=.*"/ {
           if (in_target_module) {
-            match($0, /^[[:space]]*/
-            indent = substr($0, 1, RLENGTH)
-            print indent "version = \"" new_version "\""
+            gsub(/version[[:space:]]*=[[:space:]]*"[^"]*"/, "version = \"" new_version "\"")
             in_target_module = 0
-            next
           }
         }
         { print }
         ' "$readme_path" > "${readme_path}.tmp" && mv "${readme_path}.tmp" "$readme_path"
     return 0
-  elif grep -q '^[[:space:]]*version[[:space:]]*=' "$readme_path"; then
+  elif grep -q 'version\s*=\s*"' "$readme_path"; then
     echo "⚠️  Found version references but no module source match for $namespace/$module_name"
     return 1
   fi
@@ -151,9 +148,9 @@ main() {
     local current_version
 
     if [ -z "$latest_tag" ]; then
-      if [ -f "$readme_path" ] && grep -q '^[[:space:]]*version[[:space:]]*=' "$readme_path"; then
+      if [ -f "$readme_path" ] && grep -q 'version\s*=\s*"' "$readme_path"; then
         local readme_version
-        readme_version=$(awk '/^[[:space:]]*version[[:space:]]*=/ { match($0, /"[^"]*"/); print substr($0, RSTART+1, RLENGTH-2); exit }' "$readme_path")
+        readme_version=$(grep 'version\s*=\s*"' "$readme_path" | head -1 | sed 's/.*version\s*=\s*"\([^"]*\)".*/\1/')
         echo "No git tag found, but README shows version: $readme_version"
 
         if ! validate_version "$readme_version"; then

.github/typos.toml

@@ -5,8 +5,6 @@ Hashi = "Hashi"
 HashiCorp = "HashiCorp"
 mavrickrishi = "mavrickrishi" # Username
 mavrick = "mavrick" # Username
-inh = "inh" # Option in setpriv command
-exportfs = "exportfs" # nfs related binary
 
 [files]
 extend-exclude = ["registry/coder/templates/aws-devcontainer/architecture.svg"] #False positive

.github/workflows/ci.yaml

@@ -82,7 +82,7 @@ jobs:
       - name: Validate formatting
         run: bun fmt:ci
       - name: Check for typos
-        uses: crate-ci/typos@v1.39.0
+        uses: crate-ci/typos@v1.38.1
         with:
           config: .github/typos.toml
   validate-readme-files:

.github/workflows/golangci-lint.yml

@@ -19,6 +19,6 @@ jobs:
         with:
           go-version: stable
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v9
+        uses: golangci/golangci-lint-action@v8
         with:
           version: v2.1

.icons/cmux.svg

@@ -1,47 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg version="1.1" xmlns="http://www.w3.org/2000/svg" width="1024" height="1024">
-<path d="M0 0 C337.92 0 675.84 0 1024 0 C1024 337.92 1024 675.84 1024 1024 C686.08 1024 348.16 1024 0 1024 C0 686.08 0 348.16 0 0 Z " fill="#020708" transform="translate(0,0)"/>
-<path d="M0 0 C40.22460379 0 80.4466421 0.00304941 120.67057991 0.15463066 C125.95372492 0.17442425 131.23687063 0.19398844 136.52001762 0.21324348 C147.77834068 0.25435249 159.03666181 0.29592484 170.29497623 0.33933926 C170.99953161 0.34205531 171.70408698 0.34477135 172.42999252 0.34756971 C173.13533008 0.3502892 173.84066764 0.35300869 174.56737906 0.35581058 C175.99454502 0.36131272 177.42171098 0.36681401 178.84887695 0.37231445 C179.55666117 0.37504276 180.26444539 0.37777106 180.99367761 0.38058204 C192.50410753 0.42485496 204.01454726 0.46550406 215.52499563 0.50465261 C227.56090905 0.54564378 239.59680781 0.58979401 251.63269895 0.63687855 C258.30394122 0.66290814 264.97518119 0.68769341 271.64644051 0.70907402 C277.91414179 0.72924498 284.18181589 0.75352717 290.4494915 0.78049088 C292.69376491 0.78952735 294.93804399 0.79730645 297.18232727 0.80341911 C322.46351662 0.87417207 347.71815265 1.5042775 373 2 C373 96.05 373 190.1 373 287 C249.91 287 126.82 287 0 287 C0 192.29 0 97.58 0 0 Z " fill="#999F9E" transform="translate(326,395)"/>
-<path d="M0 0 C37.29 0 74.58 0 113 0 C113 46.86 113 93.72 113 142 C75.71 142 38.42 142 0 142 C0 95.14 0 48.28 0 0 Z " fill="#181E23" transform="translate(550,445)"/>
-<path d="M0 0 C37.29 0 74.58 0 113 0 C113 46.53 113 93.06 113 141 C95.613125 141.0309375 95.613125 141.0309375 77.875 141.0625 C74.3054248 141.071604 70.73584961 141.08070801 67.05810547 141.09008789 C62.46899414 141.09460449 62.46899414 141.09460449 60.27615356 141.09544373 C58.84198693 141.09691347 57.40782093 141.10027703 55.97366333 141.10557556 C37.3007381 141.17069509 18.67741441 140.49151091 0 140 C0 93.8 0 47.6 0 0 Z " fill="#181E23" transform="translate(362,446)"/>
-<path d="M0 0 C0 14.52 0 29.04 0 44 C-118.14 44 -236.28 44 -358 44 C-359.71802382 40.56395235 -359.1196618 36.61561104 -359.09765625 32.8359375 C-359.0962413 31.92872955 -359.09482635 31.02152161 -359.09336853 30.08682251 C-359.08776096 27.18284845 -359.07520718 24.27895085 -359.0625 21.375 C-359.05748598 19.40885528 -359.0529229 17.44270935 -359.04882812 15.4765625 C-359.03778906 10.6510121 -359.02051935 5.82551903 -359 1 C-319.04215869 0.87185681 -279.08431526 0.74439427 -239.12646896 0.61781773 C-234.3862332 0.60280127 -229.64599745 0.58777929 -224.90576172 0.57275391 C-223.49049118 0.56826798 -223.49049118 0.56826798 -222.04662931 0.56369144 C-206.8611473 0.51554559 -191.67566674 0.46695532 -176.49018669 0.41819459 C-160.85514345 0.36800044 -145.22009869 0.3182983 -129.58505249 0.26903296 C-120.82560112 0.24141872 -112.06615054 0.21359008 -103.30670166 0.18519592 C-68.87102254 0.07367311 -34.43592726 -0.03058253 0 0 Z " fill="#FEFEFE" transform="translate(692,838)"/>
-<path d="M0 0 C117.15 0 234.3 0 355 0 C355 13.86 355 27.72 355 42 C237.85 42 120.7 42 0 42 C0 28.14 0 14.28 0 0 Z " fill="#FEFEFE" transform="translate(334,135)"/>
-<path d="M0 0 C11.88 0 23.76 0 36 0 C36 19.8 36 39.6 36 60 C91.44 60 146.88 60 204 60 C204 71.55 204 83.1 204 95 C168.85263573 95.02994071 133.70661685 94.95253395 98.55956407 94.80645666 C91.61749391 94.77764681 84.67541903 94.75005412 77.7333438 94.72249681 C65.36625264 94.67337442 52.99916523 94.62336685 40.63208008 94.57275391 C28.66105336 94.52376386 16.69002497 94.47522104 4.71899414 94.42724609 C3.97369616 94.4242591 3.22839818 94.4212721 2.46051542 94.41819459 C-1.2806363 94.4032035 -5.02178805 94.38822085 -8.76293981 94.37324238 C-39.50863188 94.25013489 -70.25431782 94.12555501 -101 94 C-101 93.67 -101 93.34 -101 93 C-134.66 92.505 -134.66 92.505 -169 92 C-169 81.44 -169 70.88 -169 60 C-113.23 60 -57.46 60 0 60 C0 40.2 0 20.4 0 0 Z " fill="#191F24" transform="translate(495,302)"/>
-<path d="M0 0 C62.7 0 125.4 0 190 0 C190 11.88 190 23.76 190 36 C127.3 36 64.6 36 0 36 C0 24.12 0 12.24 0 0 Z " fill="#474B51" transform="translate(418,786)"/>
-<path d="M0 0 C49.5 0 99 0 150 0 C150 14.52 150 29.04 150 44 C100.5 44 51 44 0 44 C0 29.48 0 14.96 0 0 Z " fill="#FDFEFE" transform="translate(200,239)"/>
-<path d="M0 0 C48.18 0 96.36 0 146 0 C146 14.52 146 29.04 146 44 C131.979151 44.02742613 117.95836252 44.05097148 103.9375 44.0625 C102.90375118 44.06335602 101.87000237 44.06421204 100.80492783 44.06509399 C67.19004349 44.08969196 33.60574878 43.83234053 0 43 C0 28.81 0 14.62 0 0 Z " fill="#FEFEFE" transform="translate(677,239)"/>
-<path d="M0 0 C51.48 0 102.96 0 156 0 C156 13.53 156 27.06 156 41 C104.52 41 53.04 41 0 41 C0 27.47 0 13.94 0 0 Z " fill="#FEFEFE" transform="translate(259,188)"/>
-<path d="M0 0 C1.28729507 -0.00281982 2.57459015 -0.00563965 3.90089417 -0.00854492 C5.34078993 -0.00660032 6.78068557 -0.00455213 8.22058105 -0.00241089 C9.72647647 -0.00376487 11.23237154 -0.00554479 12.73826599 -0.00772095 C16.839391 -0.01229564 20.94049097 -0.01050558 25.04161644 -0.00734186 C29.32396896 -0.00481844 33.60631927 -0.00715575 37.88867188 -0.00872803 C45.08150621 -0.01054978 52.2743303 -0.00814327 59.46716309 -0.00338745 C67.79516627 0.00205518 76.12314497 0.00029253 84.45114756 -0.00521386 C91.58828139 -0.00974483 98.72540783 -0.01039561 105.86254263 -0.00777519 C110.13098648 -0.00621233 114.39941881 -0.00601889 118.66786194 -0.00931168 C122.67984227 -0.01219017 126.69179089 -0.01021511 130.70376778 -0.00441742 C132.18045054 -0.0030897 133.65713595 -0.00348413 135.13381767 -0.00568008 C137.1412128 -0.0083911 139.14861372 -0.0043972 141.15600586 0 C142.28205986 0.00037703 143.40811386 0.00075405 144.56829071 0.0011425 C147.07800293 0.12698364 147.07800293 0.12698364 148.07800293 1.12698364 C148.07800293 14.32698364 148.07800293 27.52698364 148.07800293 41.12698364 C96.92800293 41.12698364 45.77800293 41.12698364 -6.92199707 41.12698364 C-6.92199707 0.00231762 -6.92199707 0.00231762 0 0 Z " fill="#FEFEFE" transform="translate(616.9219970703125,187.87301635742188)"/>
-<path d="M0 0 C43.23 0 86.46 0 131 0 C131 15.84 131 31.68 131 48 C87.77 48 44.54 48 0 48 C0 32.16 0 16.32 0 0 Z " fill="#FEFEFE" transform="translate(128,353)"/>
-<path d="M0 0 C67.815 0.495 67.815 0.495 137 1 C137 15.19 137 29.38 137 44 C136.34 44 135.68 44 135 44 C135 44.66 135 45.32 135 46 C90.45 46 45.9 46 0 46 C0 30.82 0 15.64 0 0 Z " fill="#FDFEFE" transform="translate(156,294)"/>
-<path d="M0 0 C45.21 0 90.42 0 137 0 C137 14.19 137 28.38 137 43 C136.34 43 135.68 43 135 43 C135 43.66 135 44.32 135 45 C90.45 45 45.9 45 0 45 C0 30.15 0 15.3 0 0 Z " fill="#FBFCFC" transform="translate(732,295)"/>
-<path d="M0 0 C43.23 0 86.46 0 131 0 C131 15.18 131 30.36 131 46 C98.474264 46.72107728 65.97062256 47.09604795 33.4375 47.0625 C32.60141457 47.06164398 31.76532913 47.06078796 30.90390778 47.05990601 C20.60257228 47.04857042 10.30132061 47.02553343 0 47 C0 31.49 0 15.98 0 0 Z " fill="#FEFEFE" transform="translate(765,354)"/>
-<path d="M0 0 C26.73 0 53.46 0 81 0 C82.19877676 50.94801223 82.19877676 50.94801223 82 74 C77.05167364 74.80762419 72.35065215 75.12200785 67.32055664 75.11352539 C66.57629897 75.11364593 65.8320413 75.11376646 65.06523037 75.11389065 C62.68017418 75.11315027 60.29519828 75.10556237 57.91015625 75.09765625 C56.42801959 75.09618411 54.9458824 75.09516508 53.46374512 75.09460449 C47.99665543 75.08938309 42.52957691 75.07542183 37.0625 75.0625 C24.831875 75.041875 12.60125 75.02125 0 75 C0 50.25 0 25.5 0 0 Z " fill="#FB4740" transform="translate(473,226)"/>
-<path d="M0 0 C36.96 0 73.92 0 112 0 C112.6261198 6.88731776 113.15084094 13.48218949 113.1328125 20.3515625 C113.13376923 21.17707611 113.13472595 22.00258972 113.13571167 22.8531189 C113.1363846 24.57216469 113.13459319 26.29121317 113.13037109 28.01025391 C113.12494037 30.65402778 113.13038111 33.29763707 113.13671875 35.94140625 C113.13605916 37.61979204 113.13478047 39.29817773 113.1328125 40.9765625 C113.13483673 41.76809723 113.13686096 42.55963196 113.13894653 43.37515259 C113.11499765 48.88500235 113.11499765 48.88500235 112 50 C110.54518505 50.0956161 109.08574514 50.12188351 107.62779236 50.12025452 C106.68403244 50.12162918 105.74027252 50.12300385 104.76791382 50.12442017 C103.72422638 50.12082489 102.68053894 50.11722961 101.60522461 50.11352539 C100.51267868 50.11367142 99.42013275 50.11381744 98.29447937 50.1139679 C94.66374767 50.11326822 91.03306654 50.10547329 87.40234375 50.09765625 C84.89270557 50.09579226 82.38306702 50.09436827 79.87342834 50.09336853 C73.93065407 50.08993348 67.98789616 50.08204273 62.04513031 50.07201904 C53.43224996 50.0578058 44.81936343 50.05254739 36.2064743 50.04621124 C24.13763437 50.03649856 12.06884226 50.01734306 0 50 C0 33.5 0 17 0 0 Z " fill="#FDFDFD" transform="translate(117,474)"/>
-<path d="M0 0 C36.63 0 73.26 0 111 0 C111 48 111 48 110 50 C73.7 50 37.4 50 0 50 C0 33.5 0 17 0 0 Z " fill="#FEFEFE" transform="translate(795,474)"/>
-<path d="M0 0 C54.12 0 108.24 0 164 0 C164 10.89 164 21.78 164 33 C109.88 33 55.76 33 0 33 C0 22.11 0 11.22 0 0 Z " fill="#181E23" transform="translate(431,622)"/>
-<path d="M0 0 C14.58571527 -0.0225479 29.17141907 -0.04091327 43.75714779 -0.05181217 C50.52910421 -0.05697491 57.30104905 -0.06401718 64.07299805 -0.07543945 C70.60224426 -0.08644714 77.13148294 -0.09227625 83.66073799 -0.09487724 C86.15793612 -0.09673199 88.65513355 -0.10035354 91.15232658 -0.10573006 C94.63664069 -0.11293684 98.12090431 -0.1139911 101.60522461 -0.11352539 C102.64891205 -0.11712067 103.69259949 -0.12071594 104.76791382 -0.12442017 C105.71167374 -0.1230455 106.65543365 -0.12167084 107.62779236 -0.12025452 C108.45279708 -0.12117631 109.2778018 -0.1220981 110.12780666 -0.12304783 C112 0 112 0 113 1 C113 16.18 113 31.36 113 47 C75.71 47 38.42 47 0 47 C0 31.49 0 15.98 0 0 Z " fill="#FCFCFC" transform="translate(117,414)"/>
-<path d="M0 0 C0 15.84 0 31.68 0 48 C-36.96 48 -73.92 48 -112 48 C-112 32.49 -112 16.98 -112 1 C-92.15950898 0.75043408 -92.15950898 0.75043408 -83.5078125 0.64453125 C-77.67218771 0.57308961 -71.83656856 0.50132395 -66.00097656 0.42724609 C-43.99861261 0.14838814 -22.0044946 -0.06103882 0 0 Z " fill="#FAFAFA" transform="translate(906,537)"/>
-<path d="M0 0 C36.63 0 73.26 0 111 0 C111 15.51 111 31.02 111 47 C74.37 47 37.74 47 0 47 C0 31.49 0 15.98 0 0 Z " fill="#FBFCFC" transform="translate(118,538)"/>
-<path d="M0 0 C36.3 0 72.6 0 110 0 C110 15.18 110 30.36 110 46 C86.98227311 46.96572558 64.03031552 47.12476904 40.99664307 47.06866455 C36.24190736 47.05823048 31.48716586 47.05382501 26.73242188 47.04882812 C17.48826669 47.03826689 8.24413623 47.02131845 -1 47 C-1.02529825 40.62793828 -1.04284496 34.25588946 -1.05493164 27.88378906 C-1.05996891 25.71483883 -1.06679891 23.545892 -1.07543945 21.37695312 C-1.08753151 18.26431437 -1.09323428 15.1517204 -1.09765625 12.0390625 C-1.10281754 11.065065 -1.10797882 10.0910675 -1.11329651 9.08755493 C-1.11337204 8.18677216 -1.11344757 7.28598938 -1.11352539 6.35791016 C-1.115746 5.56293121 -1.11796661 4.76795227 -1.12025452 3.94888306 C-1 2 -1 2 0 0 Z " fill="#FBFCFB" transform="translate(795,414)"/>
-<path d="M0 0 C34.98 0 69.96 0 106 0 C106 15.84 106 31.68 106 48 C71.02 48 36.04 48 0 48 C0 32.16 0 16.32 0 0 Z " fill="#FBFCFC" transform="translate(154,658)"/>
-<path d="M0 0 C34.32 0 68.64 0 104 0 C104 15.84 104 31.68 104 48 C69.35 48 34.7 48 -1 48 C-1 31.99652815 -0.6951464 15.9883671 0 0 Z " fill="#FBFBFB" transform="translate(765,658)"/>
-<path d="M0 0 C10.56252046 -0.02735617 21.1249617 -0.05092969 31.6875 -0.0625 C32.46348038 -0.06335602 33.23946075 -0.06421204 34.03895569 -0.06509399 C57.71503621 -0.08818645 81.33439347 0.16962784 105 1 C105 16.18 105 31.36 105 47 C70.35 47 35.7 47 0 47 C0 31.49 0 15.98 0 0 Z " fill="#FCFDFD" transform="translate(125,598)"/>
-<path d="M0 0 C34.32 0 68.64 0 104 0 C104 15.51 104 31.02 104 47 C69.68 47 35.36 47 0 47 C0 31.49 0 15.98 0 0 Z " fill="#FBFCFC" transform="translate(794,598)"/>
-<path d="M0 0 C37.62 0 75.24 0 114 0 C114 12.54 114 25.08 114 38 C76.38 38 38.76 38 0 38 C0 25.46 0 12.92 0 0 Z " fill="#474B51" transform="translate(456,716)"/>
-<path d="M0 0 C30.69 0 61.38 0 93 0 C93 15.18 93 30.36 93 46 C62.31 46 31.62 46 0 46 C0 30.82 0 15.64 0 0 Z " fill="#FCFDFD" transform="translate(732,719)"/>
-<path d="M0 0 C30.69 0 61.38 0 93 0 C93 14.85 93 29.7 93 45 C62.31 45 31.62 45 0 45 C0 30.15 0 15.3 0 0 Z " fill="#FEFEFE" transform="translate(200,720)"/>
-<path d="M0 0 C11.22 0 22.44 0 34 0 C34.6943434 30.12954393 35.09747148 60.23833134 35.0625 90.375 C35.06121597 91.48948643 35.06121597 91.48948643 35.05990601 92.62648773 C35.04860423 101.7510267 35.02558276 110.87548153 35 120 C23.45 120 11.9 120 0 120 C0 80.4 0 40.8 0 0 Z " fill="#474B50" transform="translate(258,470)"/>
-<path d="M0 0 C30.36 0 60.72 0 92 0 C92 14.19 92 28.38 92 43 C61.64 43 31.28 43 0 43 C0 28.81 0 14.62 0 0 Z " fill="#FCFDFD" transform="translate(259,781)"/>
-<path d="M0 0 C30.03 0 60.06 0 91 0 C91 14.19 91 28.38 91 43 C60.97 43 30.94 43 0 43 C0 28.81 0 14.62 0 0 Z " fill="#FCFDFD" transform="translate(674,781)"/>
-<path d="M0 0 C16.5 0 33 0 50 0 C50 25.41 50 50.82 50 77 C33.5 77 17 77 0 77 C0 51.59 0 26.18 0 0 Z " fill="#2CCDD4" transform="translate(582,478)"/>
-<path d="M0 0 C10.56 0 21.12 0 32 0 C32 39.27 32 78.54 32 119 C21.44 119 10.88 119 0 119 C0 79.73 0 40.46 0 0 Z " fill="#474B50" transform="translate(732,471)"/>
-<path d="M0 0 C16.17 0 32.34 0 49 0 C49 25.41 49 50.82 49 77 C32.83 77 16.66 77 0 77 C0 51.59 0 26.18 0 0 Z " fill="#2DCCD2" transform="translate(394,478)"/>
-<path d="M0 0 C15.84 0 31.68 0 48 0 C48 0.33 48 0.66 48 1 C32.49 1 16.98 1 1 1 C1 25.75 1 50.5 1 76 C28.06 75.67 55.12 75.34 83 75 C82.67 65.76 82.34 56.52 82 47 C81.93702338 38.74754429 81.90172306 30.50164687 81.9375 22.25 C81.94254243 20.16145945 81.94710032 18.07291767 81.95117188 15.984375 C81.96192066 10.98955155 81.97902162 5.99479052 82 1 C82.33 1 82.66 1 83 1 C83.57831229 19.95510799 84.11107346 38.91589618 84.23217773 57.88024902 C84.24403757 59.45720133 84.26110851 61.03412324 84.28344727 62.61096191 C84.31307026 64.8085447 84.32331211 67.00536665 84.328125 69.203125 C84.3374707 70.44739258 84.34681641 71.69166016 84.35644531 72.97363281 C84 76 84 76 82.73034668 77.68478394 C80.56608158 79.32981626 79.63802574 79.28920572 76.95800781 79.06982422 C75.71830231 78.98657394 75.71830231 78.98657394 74.45355225 78.90164185 C73.54591125 78.82839691 72.63827026 78.75515198 71.703125 78.6796875 C62.53186675 78.09888659 53.42327768 77.92843278 44.234375 78.0078125 C42.339151 78.0199881 42.339151 78.0199881 40.40563965 78.03240967 C35.17784805 78.06788344 29.95020985 78.1100683 24.72265625 78.17138672 C20.85162217 78.21602536 16.98061225 78.23702797 13.109375 78.2578125 C11.32536285 78.28574387 11.32536285 78.28574387 9.50531006 78.3142395 C7.87024506 78.31942093 7.87024506 78.31942093 6.20214844 78.32470703 C4.76279938 78.33922409 4.76279938 78.33922409 3.29437256 78.35403442 C2.15865814 78.17878738 2.15865814 78.17878738 1 78 C-1.11766624 74.82350064 -1.24885987 74.11349575 -1.23046875 70.48828125 C-1.22917969 69.52510986 -1.22789062 68.56193848 -1.2265625 67.56958008 C-1.21367187 66.49474365 -1.20078125 65.41990723 -1.1875 64.3125 C-1.18105469 63.18158936 -1.17460937 62.05067871 -1.16796875 60.88549805 C-1.00069226 40.5888483 -0.4546929 20.29067045 0 0 Z " fill="#4C0F0C" transform="translate(472,225)"/>
-<path d="M0 0 C8.45159814 -0.02350035 16.90318192 -0.04110214 25.35480499 -0.05181217 C29.28212158 -0.05696064 33.20941531 -0.06390567 37.13671875 -0.07543945 C53.56520732 -0.12238185 69.94755695 -0.05605073 86.36132812 0.74389648 C96.40041688 1.22706882 106.45208983 1.36454744 116.5 1.5625 C118.60677558 1.60589009 120.71354645 1.64950917 122.8203125 1.69335938 C127.88015843 1.79819282 132.94005639 1.8999973 138 2 C138 2.33 138 2.66 138 3 C92.79 3 47.58 3 1 3 C1 5.64 1 8.28 1 11 C0.67 11 0.34 11 0 11 C0 7.37 0 3.74 0 0 Z " fill="#6F7576" transform="translate(326,395)"/>
-<path d="M0 0 C0.33 0 0.66 0 1 0 C1 7.26 1 14.52 1 22 C37.3 22 73.6 22 111 22 C111.495 22.99 111.495 22.99 112 24 C74.71 24 37.42 24 -1 24 C-0.67 16.08 -0.34 8.16 0 0 Z " fill="#0E1418" transform="translate(551,563)"/>
-<path d="M0 0 C0.33 0 0.66 0 1 0 C1.57831229 18.95510799 2.11107346 37.91589618 2.23217773 56.88024902 C2.24403757 58.45720133 2.26110851 60.03412324 2.28344727 61.61096191 C2.31307026 63.8085447 2.32331211 66.00536665 2.328125 68.203125 C2.3374707 69.44739258 2.34681641 70.69166016 2.35644531 71.97363281 C2 75 2 75 0.79858398 76.92016602 C-1.65515594 78.39334257 -3.26106965 78.2550765 -6.10546875 78.07421875 C-7.08837891 78.01943359 -8.07128906 77.96464844 -9.08398438 77.90820312 C-10.62022461 77.79895508 -10.62022461 77.79895508 -12.1875 77.6875 C-13.22326172 77.62626953 -14.25902344 77.56503906 -15.32617188 77.50195312 C-17.88531957 77.34864013 -20.44267045 77.1807893 -23 77 C-23.33 76.34 -23.66 75.68 -24 75 C-11.625 74.505 -11.625 74.505 1 74 C0.835 70.32875 0.67 66.6575 0.5 62.875 C-0.33621628 41.9290255 -0.08802477 20.95802133 0 0 Z " fill="#390D0B" transform="translate(554,226)"/>
-<path d="M0 0 C0.66 0 1.32 0 2 0 C2 15.18 2 30.36 2 46 C0.68 45.67 -0.64 45.34 -2 45 C-1.88269497 38.75188831 -1.75785931 32.50396027 -1.62768555 26.25610352 C-1.58426577 24.12885993 -1.54259607 22.0015799 -1.50268555 19.87426758 C-1.44515293 16.82361849 -1.38141033 13.77315411 -1.31640625 10.72265625 C-1.29969376 9.76537125 -1.28298126 8.80808624 -1.26576233 7.8217926 C-1.24581711 6.94095505 -1.22587189 6.06011749 -1.20532227 5.15258789 C-1.18977798 4.37315323 -1.1742337 3.59371857 -1.15821838 2.79066467 C-1 1 -1 1 0 0 Z " fill="#D1D3D3" transform="translate(228,599)"/>
-<path d="M0 0 C35.64 0.33 71.28 0.66 108 1 C108 1.33 108 1.66 108 2 C54.54 2.495 54.54 2.495 0 3 C0 2.01 0 1.02 0 0 Z " fill="#F5F7F7" transform="translate(117,521)"/>
-<path d="M0 0 C6.93 0 13.86 0 21 0 C21 0.99 21 1.98 21 3 C14.07 3 7.14 3 0 3 C0 2.01 0 1.02 0 0 Z " fill="#272A2A" transform="translate(158,292)"/>
-</svg>

.icons/copyparty.svg

@@ -1,210 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<svg
-  width="300mm"
-  height="207mm"
-  viewBox="0 0 300 207"
-  version="1.1"
-  id="svg1"
-  inkscape:version="1.3.2 (091e20ef0f, 2023-11-25)"
-  xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-  xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-  xmlns:xlink="http://www.w3.org/1999/xlink"
-  xmlns="http://www.w3.org/2000/svg"
-  xmlns:svg="http://www.w3.org/2000/svg"
-  xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-  xmlns:cc="http://creativecommons.org/ns#"
-  xmlns:dc="http://purl.org/dc/elements/1.1/">
- <title
-   id="title1">copyparty_logo</title>
- <defs
-   id="defs1">
-  <linearGradient
-    inkscape:collect="always"
-    id="linearGradient1">
-   <stop
-     style="stop-color:#ffcc55;stop-opacity:1"
-     offset="0"
-     id="stop1" />
-   <stop
-     style="stop-color:#ffcc00;stop-opacity:1"
-     offset="0.2"
-     id="stop2" />
-   <stop
-     style="stop-color:#ff8800;stop-opacity:1"
-     offset="1"
-     id="stop3" />
-  </linearGradient>
-  <linearGradient
-    inkscape:collect="always"
-    xlink:href="#linearGradient1"
-    id="linearGradient2"
-    x1="15"
-    y1="15"
-    x2="15"
-    y2="143"
-    gradientUnits="userSpaceOnUse" />
- </defs>
- <metadata
-   id="metadata5">
-  <rdf:RDF>
-   <cc:Work
-     rdf:about="">
-    <dc:format>image/svg+xml</dc:format>
-    <dc:type
-      rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-    <dc:title>copyparty_logo</dc:title>
-    <dc:source>github.com/9001/copyparty</dc:source>
-   </cc:Work>
-  </rdf:RDF>
- </metadata>
- <g
-   inkscape:groupmode="layer"
-   id="layer1"
-   inkscape:label="kassett">
-  <rect
-    style="fill:#333333"
-    id="rect1"
-    width="300"
-    height="205"
-    x="0"
-    y="0"
-    rx="12"
-    ry="12" />
-  <rect
-    style="fill:url(#linearGradient2)"
-    id="rect2"
-    width="270"
-    height="128"
-    x="15"
-    y="15"
-    rx="8"
-    ry="8" />
-  <rect
-    style="fill:#333333"
-    id="rect3"
-    width="172"
-    height="52"
-    x="64"
-    y="72"
-    rx="26"
-    ry="26" />
-  <circle
-    style="fill:#cccccc"
-    id="circle1"
-    cx="91"
-    cy="98"
-    r="18" />
-  <circle
-    style="fill:#cccccc"
-    id="circle2"
-    cx="209"
-    cy="98"
-    r="18" />
-  <path
-    style="fill:#737373;stroke-width:1px"
-    d="m 48,207 10,-39 c 1.79,-6.2 5.6,-7.8 12,-8 60,-1 100,-1 160,0 6.4,0.2 10,1.8 12,8 l 10,39 z"
-    id="path1"
-    sodipodi:nodetypes="ccccccc" />
- </g>
- <g
-   inkscape:groupmode="layer"
-   id="layer3"
-   inkscape:label="tekst"
-   style="display:none">
-  <text
-    xml:space="preserve"
-    style="font-size:38.8056px;line-height:1.25;font-family:Akbar;-inkscape-font-specification:Akbar;letter-spacing:3.70417px;word-spacing:0px;fill:#333333"
-    x="47.153069"
-    y="55.548954"
-    id="text1"><tspan
-     sodipodi:role="line"
-     id="tspan1"
-     x="47.153069"
-     y="55.548954"
-     style="-inkscape-font-specification:Akbar"
-     rotate="0 0">copyparty</tspan></text>
- </g>
- <g
-   inkscape:groupmode="layer"
-   id="layer4"
-   inkscape:label="stensatt">
-  <path
-    d="m 63.5,50.9 q -0.85,0.93 -4.73,2.3 -3.6,1.3 -4.4,1.3 -3.3,0 -5.1,-2.1 -1.75,-2 -1.75,-5.36 0,-4.6 3.76,-7.64 3.3,-2.7 7.3,-2.7 0.4,0 0.93,0.74 0.54,0.7 0.54,1.16 0,2.06 -2.2,2.7 -1.36,0.4 -4.04,1.16 -2.2,1.16 -2.2,4.4 0,3.2 2.9,3.2 0.85,0 0.85,0 0.54,0 1.44,-0.16 1.1,-0.23 2.9,-0.74 1.8,-0.54 2.13,-0.54 0.4,0 1.75,0.6 z"
-    style="fill:#333333"
-    id="path11" />
-  <path
-    d="m 87.6,45 q 0,4.2 -3.7,6.95 -3.2,2.3 -6.87,2.3 -3.4,0 -6,-2.6 -2.5,-2.6 -2.5,-6 0,-3.6 3.14,-6.64 3.2,-3 6.8,-3 3.5,0 6.3,2.76 2.83,2.76 2.83,6.25 z m -3.4,0.16 q 0,-2.25 -1.75,-3.7 -1.7,-1.5 -4,-1.5 -0.1,0 -1.6,1.6 -1.44,1.55 -2.44,1.55 -0.6,0 -0.8,-0.3 -1.16,2.3 -1.16,3 0,2.25 2.13,3.4 1.6,0.9 3.6,0.9 2,0 3.76,-1.1 2.25,-1.4 2.25,-3.84 z"
-    style="fill:#333333"
-    id="path12" />
-  <path
-    d="m 112.8,46.8 q 0,2.8 -1.9,4.4 -1.8,1.5 -4.7,1.5 -0.7,0 -2.7,-0.4 -1.9,-0.4 -2.6,-0.4 -2.1,0 -2.1,2.64 0,0.85 0.23,2.6 0.2,1.75 0.2,2.6 0,1.9 -0.77,2.83 -1.44,0 -3,-0.85 -1.46,-9.5 -1.46,-12 0,-3.65 1.75,-8.1 2.37,-6.05 6.45,-6.05 3.7,0 7.3,4.1 3.3,3.84 3.3,7.14 z m -3.8,0.2 q -0.6,-2.2 -2.6,-4.4 -2.3,-2.5 -4.3,-2.5 -1.3,0 -2.33,2.2 -0.9,1.8 -0.9,3.26 0,0.47 0.38,1.24 0.43,0.8 0.85,0.8 1.1,0 3.2,0.3 2.1,0.3 3.2,0.3 0.3,0 1.3,-0.4 1,-0.47 1.3,-0.74 z"
-    style="fill:#333333"
-    id="path13" />
-  <path
-    d="m 133,40 q -2.1,4.1 -3.2,7 -0.1,0.3 -1.6,4.5 -0.4,1.36 -1,4.2 -0.5,2.83 -1,4.2 -1,2.83 -2.3,2.64 -1.4,-0.2 -1.6,-1.6 0,-0.2 0,-0.5 0,-0.16 0.3,-1.5 1,-5.04 1,-6.44 0,-0.54 -0.1,-0.74 -1.4,-2.44 -4.1,-7.4 -2.7,-4.97 -2.4,-7.7 1.5,-1.36 2.1,-1.36 0.4,0 1.1,0.6 0.6,0.6 0.7,1.1 0.8,6.2 4.9,11.1 1,-1.8 1.8,-4.04 0.5,-1.4 1.6,-4.15 1.9,-4.46 3.4,-4.46 0.2,0 0.4,0.1 0.9,0.3 1.3,2.8 z"
-    style="fill:#333333"
-    id="path14" />
-  <path
-    d="m 157.5,48 q 0,2.8 -1.9,4.4 -1.8,1.5 -4.7,1.5 -0.7,0 -2.7,-0.4 -1.9,-0.4 -2.6,-0.4 -2,0 -2,2.64 0,0.85 0.2,2.6 0.2,1.75 0.2,2.6 0,1.9 -0.7,2.83 -1.5,0 -3,-0.85 -1.5,-9.5 -1.5,-11.95 0,-3.65 1.8,-8.1 2.3,-6.05 6.4,-6.05 3.7,0 7.2,4.1 3.3,3.84 3.3,7.14 z m -3.8,0.2 q -0.6,-2.2 -2.6,-4.4 -2.3,-2.5 -4.3,-2.5 -1.3,0 -2.3,2.2 -0.9,1.8 -0.9,3.26 0,0.47 0.4,1.24 0.4,0.8 0.8,0.8 1.1,0 3.2,0.3 2.1,0.3 3.2,0.3 0.3,0 1.3,-0.4 1,-0.47 1.3,-0.74 z"
-    style="fill:#333333"
-    id="path15" />
-  <path
-    d="m 182,53.3 q 0,0.9 -0.6,1.5 -0.6,0.6 -1.4,0.6 -1.6,0 -3,-0.9 -1.4,-0.93 -2.1,-2.3 -0.7,-0.1 -1.5,0.85 -0.9,1.16 -1.1,1.24 -1.2,0.54 -3.9,0.54 -2.2,0 -3.9,-2.44 -1.5,-2.13 -1.5,-4 0,-3.4 3.4,-6.4 3.2,-2.9 6.7,-2.9 0.9,0 1.7,0.6 0.8,0.6 0.8,1.44 0,0.54 -0.4,1.1 2.4,0.9 2.4,2.83 0,0.35 -0.1,1.05 -0.1,0.7 -0.1,1.05 0,0.4 0.1,0.6 0.5,1.3 2.5,3.4 1.9,1.9 1.9,2.2 z m -8.1,-10.1 q -0.4,0 -1.1,-0.1 -0.8,-0.16 -1.1,-0.16 -1.3,0 -3.2,1.94 -1.9,1.94 -1.9,3.3 0,0.8 0.7,1.8 0.9,1.3 2.2,1.3 2.6,0 3.5,-2.9 0.5,-2.6 1,-5.16 z"
-    style="fill:#333333"
-    id="path16" />
-  <path
-    d="m 203.8,42.4 q -0.4,0.4 -1.5,0.4 -0.9,0 -2.5,-0.3 -1.7,-0.3 -2.5,-0.3 -4.7,0 -5.5,6.9 -0.3,3.1 -0.4,3.3 -0.4,1 -1.7,2.3 h -1.1 q -0.7,-1.2 -1.3,-4.1 -0.6,-2.76 -0.6,-4.27 0,-1.16 0.1,-1.5 0.2,-0.54 1,-0.54 0.3,0 0.6,0.3 0.4,0.3 0.4,0.3 1.9,-3.53 3.1,-4.6 1.8,-1.7 5.1,-1.7 1.4,0 3.6,0.9 2.8,1.16 3.3,2.8 z"
-    style="fill:#333333"
-    id="path17" />
-  <path
-    d="m 229.5,37.16 q 0.3,0.8 0.3,1.44 0,1.86 -2.4,1.86 -1,0 -3.5,-0.5 -2.5,-0.54 -3.4,-0.54 -1.3,0 -1.5,0.1 -0.4,0.2 -0.4,1.2 0,2.2 0.6,6.9 0.7,5.86 1.6,6.13 -0.4,0.35 -0.4,1.1 -1.2,0.7 -2.6,0.7 -1.4,0 -2,-3.9 -0.2,-1.36 -0.5,-7.76 -0.2,-4.6 -0.8,-5.5 -0.3,-0.47 -4.3,-0.35 -1,0 -1.6,0.1 -0.5,0 -0.3,0 -0.8,0 -1.2,-0.7 -0.5,-1.3 -0.5,-1.4 0,-1.44 4.1,-2 1.6,-0.16 4.7,-0.5 0,-0.85 -0.1,-2.56 0,-1.75 0,-2.6 0,-4.35 2.1,-4.35 0.5,0 1.1,0.6 0.6,0.6 0.6,1.1 v 7.9 q 1.1,1.2 5,1.7 3.9,0.5 5.3,1.86 z"
-    style="fill:#333333"
-    id="path18" />
-  <path
-    d="m 251.2,40.2 q -2,4.1 -3.2,7 -0.1,0.3 -1.5,4.5 -0.5,1.36 -1,4.2 -0.5,2.83 -1,4.2 -1,2.83 -2.4,2.64 -1.4,-0.2 -1.5,-1.6 -0.1,-0.2 -0.1,-0.5 0,-0.16 0.3,-1.5 1.1,-5.04 1.1,-6.44 0,-0.54 -0.1,-0.74 -1.4,-2.44 -4.1,-7.4 -2.7,-4.97 -2.4,-7.7 1.4,-1.36 2.1,-1.36 0.4,0 1,0.6 0.6,0.6 0.7,1.1 0.9,6.2 4.9,11.1 1,-1.8 1.9,-4.04 0.5,-1.4 1.6,-4.15 1.8,-4.46 3.4,-4.46 0.2,0 0.4,0.1 0.8,0.3 1.2,2.8 z"
-    style="fill:#333333"
-    id="path19" />
- </g>
- <g
-   inkscape:groupmode="layer"
-   id="layer5"
-   inkscape:label="tagger">
-  <g
-    id="g1">
-   <path
-     id="path4"
-     style="fill:#333333"
-     d="m 111.4,83.335 -9.526,5.5 2.5,4.33 9.526,-5.5 z m -33.775,19.5 -9.526,5.5 2.5,4.33 9.526,-5.5 z"
-     sodipodi:nodetypes="cccccccccc" />
-   <path
-     id="path5"
-     style="fill:#333333"
-     d="M 88.5,73 V 84 h 5 V 73 Z m 0,39 v 11 h 5 V 112 Z"
-     sodipodi:nodetypes="cccccccccc" />
-   <path
-     id="path6"
-     style="fill:#333333"
-     d="m 68.1,87.665 9.526,5.5 2.5,-4.33 -9.526,-5.5 z m 33.775,19.5 9.527,5.5 2.5,-4.33 -9.527,-5.5 z"
-     sodipodi:nodetypes="cccccccccc" />
-  </g>
-  <g
-    id="g2"
-    transform="rotate(30,150,318.19)">
-   <path
-     id="path7"
-     style="fill:#333333"
-     d="m 111.4,83.335 -9.526,5.5 2.5,4.33 9.526,-5.5 z m -33.775,19.5 -9.526,5.5 2.5,4.33 9.526,-5.5 z"
-     sodipodi:nodetypes="cccccccccc" />
-   <path
-     id="path8"
-     style="fill:#333333"
-     d="M 88.5,73 V 84 h 5 V 73 Z m 0,39 v 11 h 5 V 112 Z"
-     sodipodi:nodetypes="cccccccccc" />
-   <path
-     id="path9"
-     style="fill:#333333"
-     d="m 68.1,87.665 9.526,5.5 2.5,-4.33 -9.526,-5.5 z m 33.775,19.5 9.527,5.5 2.5,-4.33 -9.527,-5.5 z"
-     sodipodi:nodetypes="cccccccccc" />
-  </g>
- </g>
-</svg>

registry/coder-labs/modules/codex/README.md

@@ -13,7 +13,7 @@ Run Codex CLI in your workspace to access OpenAI's models through the Codex inte
 ```tf
 module "codex" {
   source         = "registry.coder.com/coder-labs/codex/coder"
-  version        = "3.1.0"
+  version        = "3.0.0"
   agent_id       = coder_agent.example.id
   openai_api_key = var.openai_api_key
   workdir        = "/home/coder/project"
@@ -33,7 +33,7 @@ module "codex" {
 module "codex" {
   count          = data.coder_workspace.me.start_count
   source         = "registry.coder.com/coder-labs/codex/coder"
-  version        = "3.1.0"
+  version        = "3.0.0"
   agent_id       = coder_agent.example.id
   openai_api_key = "..."
   workdir        = "/home/coder/project"
@@ -61,7 +61,7 @@ module "coder-login" {
 
 module "codex" {
   source         = "registry.coder.com/coder-labs/codex/coder"
-  version        = "3.1.0"
+  version        = "3.0.0"
   agent_id       = coder_agent.example.id
   openai_api_key = "..."
   ai_prompt      = data.coder_parameter.ai_prompt.value
@@ -84,7 +84,6 @@ module "codex" {
 - **System Prompt**: If `codex_system_prompt` is set, writes the prompt to `AGENTS.md` in the `~/.codex/` directory
 - **Start**: Launches Codex CLI in the specified directory, wrapped by AgentAPI
 - **Configuration**: Sets `OPENAI_API_KEY` environment variable and passes `--model` flag to Codex CLI (if variables provided)
-- **Session Continuity**: When `continue = true` (default), the module automatically tracks task sessions in `~/.codex-module/.codex-task-session`. On workspace restart, it resumes the existing session with full conversation history. Set `continue = false` to always start fresh sessions.
 
 ## Configuration
 
@@ -108,7 +107,7 @@ For custom Codex configuration, use `base_config_toml` and/or `additional_mcp_se
 ```tf
 module "codex" {
   source  = "registry.coder.com/coder-labs/codex/coder"
-  version = "3.1.0"
+  version = "3.0.0"
   # ... other variables ...
 
   # Override default configuration

registry/coder-labs/modules/codex/main.test.ts

@@ -368,90 +368,4 @@ describe("codex", async () => {
     expect(prompt.exitCode).not.toBe(0);
     expect(prompt.stderr).toContain("No such file or directory");
   });
-
-  test("codex-continue-capture-new-session", async () => {
-    const { id } = await setup({
-      moduleVariables: {
-        continue: "true",
-        ai_prompt: "test task",
-      },
-    });
-
-    const workdir = "/home/coder";
-    const expectedSessionId = "019a1234-5678-9abc-def0-123456789012";
-    const sessionsDir = "/home/coder/.codex/sessions";
-    const sessionFile = `${sessionsDir}/${expectedSessionId}.jsonl`;
-
-    await execContainer(id, ["mkdir", "-p", sessionsDir]);
-    await execContainer(id, [
-      "bash",
-      "-c",
-      `echo '{"id":"${expectedSessionId}","cwd":"${workdir}","created":"2024-10-24T20:00:00Z","model":"gpt-4-turbo"}' > ${sessionFile}`,
-    ]);
-
-    await execModuleScript(id);
-
-    await expectAgentAPIStarted(id);
-
-    const trackingFile = "/home/coder/.codex-module/.codex-task-session";
-    const maxAttempts = 30;
-    let trackingFileContents = "";
-    for (let attempt = 0; attempt < maxAttempts; attempt++) {
-      const result = await execContainer(id, [
-        "bash",
-        "-c",
-        `cat ${trackingFile} 2>/dev/null || echo ""`,
-      ]);
-      if (result.stdout.trim().length > 0) {
-        trackingFileContents = result.stdout;
-        break;
-      }
-      await new Promise((resolve) => setTimeout(resolve, 500));
-    }
-
-    expect(trackingFileContents).toContain(`${workdir}|${expectedSessionId}`);
-
-    const startLog = await readFileContainer(
-      id,
-      "/home/coder/.codex-module/agentapi-start.log",
-    );
-    expect(startLog).toContain("Capturing new session ID");
-    expect(startLog).toContain("Session tracked");
-    expect(startLog).toContain(expectedSessionId);
-  });
-
-  test("codex-continue-resume-existing-session", async () => {
-    const { id } = await setup({
-      moduleVariables: {
-        continue: "true",
-        ai_prompt: "test prompt",
-      },
-    });
-
-    const workdir = "/home/coder";
-    const mockSessionId = "019a1234-5678-9abc-def0-123456789012";
-    const trackingFile = "/home/coder/.codex-module/.codex-task-session";
-
-    await execContainer(id, ["mkdir", "-p", "/home/coder/.codex-module"]);
-    await execContainer(id, [
-      "bash",
-      "-c",
-      `echo "${workdir}|${mockSessionId}" > ${trackingFile}`,
-    ]);
-
-    await execModuleScript(id);
-
-    const startLog = await execContainer(id, [
-      "bash",
-      "-c",
-      "cat /home/coder/.codex-module/agentapi-start.log",
-    ]);
-    expect(startLog.stdout).toContain("Found existing task session");
-    expect(startLog.stdout).toContain(mockSessionId);
-    expect(startLog.stdout).toContain("Resuming existing session");
-    expect(startLog.stdout).toContain(
-      `Starting Codex with arguments: --model gpt-4-turbo resume ${mockSessionId}`,
-    );
-    expect(startLog.stdout).not.toContain("test prompt");
-  });
 });

registry/coder-labs/modules/codex/main.tf

@@ -137,12 +137,6 @@ variable "ai_prompt" {
   default     = ""
 }
 
-variable "continue" {
-  type        = bool
-  description = "Automatically continue existing sessions on workspace restart. When true, resumes existing conversation if found, otherwise runs prompt or starts new session. When false, always starts fresh (ignores existing sessions)."
-  default     = true
-}
-
 variable "codex_system_prompt" {
   type        = string
   description = "System instructions written to AGENTS.md in the ~/.codex directory"
@@ -193,9 +187,8 @@ module "agentapi" {
      ARG_OPENAI_API_KEY='${var.openai_api_key}' \
      ARG_REPORT_TASKS='${var.report_tasks}' \
      ARG_CODEX_MODEL='${var.codex_model}' \
-     ARG_CODEX_START_DIRECTORY='${local.workdir}' \
+     ARG_CODEX_START_DIRECTORY='${var.workdir}' \
      ARG_CODEX_TASK_PROMPT='${base64encode(var.ai_prompt)}' \
-     ARG_CONTINUE='${var.continue}' \
      /tmp/start.sh
    EOT
 
@@ -213,7 +206,7 @@ module "agentapi" {
     ARG_BASE_CONFIG_TOML='${base64encode(var.base_config_toml)}' \
     ARG_ADDITIONAL_MCP_SERVERS='${base64encode(var.additional_mcp_servers)}' \
     ARG_CODER_MCP_APP_STATUS_SLUG='${local.app_slug}' \
-    ARG_CODEX_START_DIRECTORY='${local.workdir}' \
+    ARG_CODEX_START_DIRECTORY='${var.workdir}' \
     ARG_CODEX_INSTRUCTION_PROMPT='${base64encode(var.codex_system_prompt)}' \
     /tmp/install.sh
   EOT

registry/coder-labs/modules/codex/scripts/start.sh

@@ -3,7 +3,6 @@
 source "$HOME"/.bashrc
 set -o errexit
 set -o pipefail
-
 command_exists() {
   command -v "$1" > /dev/null 2>&1
 }
@@ -17,7 +16,6 @@ fi
 printf "Version: %s\n" "$(codex --version)"
 set -o nounset
 ARG_CODEX_TASK_PROMPT=$(echo -n "$ARG_CODEX_TASK_PROMPT" | base64 -d)
-ARG_CONTINUE=${ARG_CONTINUE:-true}
 
 echo "=== Codex Launch Configuration ==="
 printf "OpenAI API Key: %s\n" "$([ -n "$ARG_OPENAI_API_KEY" ] && echo "Provided" || echo "Not provided")"
@@ -25,187 +23,53 @@ printf "Codex Model: %s\n" "${ARG_CODEX_MODEL:-"Default"}"
 printf "Start Directory: %s\n" "$ARG_CODEX_START_DIRECTORY"
 printf "Has Task Prompt: %s\n" "$([ -n "$ARG_CODEX_TASK_PROMPT" ] && echo "Yes" || echo "No")"
 printf "Report Tasks: %s\n" "$ARG_REPORT_TASKS"
-printf "Continue Sessions: %s\n" "$ARG_CONTINUE"
 echo "======================================"
 set +o nounset
+CODEX_ARGS=()
 
-SESSION_TRACKING_FILE="$HOME/.codex-module/.codex-task-session"
+if command_exists codex; then
+  printf "Codex is installed\n"
+else
+  printf "Error: Codex is not installed. Please enable install_codex or install it manually\n"
+  exit 1
+fi
 
-find_session_for_directory() {
-  local target_dir="$1"
-
-  if [ ! -f "$SESSION_TRACKING_FILE" ]; then
-    return 1
-  fi
-
-  local session_id=$(grep "^$target_dir|" "$SESSION_TRACKING_FILE" | cut -d'|' -f2 | head -1)
-
-  if [ -n "$session_id" ]; then
-    echo "$session_id"
-    return 0
-  fi
-
-  return 1
-}
-
-store_session_mapping() {
-  local dir="$1"
-  local session_id="$2"
-
-  mkdir -p "$(dirname "$SESSION_TRACKING_FILE")"
-
-  if [ -f "$SESSION_TRACKING_FILE" ]; then
-    grep -v "^$dir|" "$SESSION_TRACKING_FILE" > "$SESSION_TRACKING_FILE.tmp" 2> /dev/null || true
-    mv "$SESSION_TRACKING_FILE.tmp" "$SESSION_TRACKING_FILE"
-  fi
-
-  echo "$dir|$session_id" >> "$SESSION_TRACKING_FILE"
-}
-
-find_recent_session_file() {
-  local target_dir="$1"
-  local sessions_dir="$HOME/.codex/sessions"
-
-  if [ ! -d "$sessions_dir" ]; then
-    return 1
-  fi
-
-  local latest_file=""
-  local latest_time=0
-
-  while IFS= read -r session_file; do
-    local file_time=$(stat -c %Y "$session_file" 2> /dev/null || stat -f %m "$session_file" 2> /dev/null || echo "0")
-    local first_line=$(head -n 1 "$session_file" 2> /dev/null)
-    local session_cwd=$(echo "$first_line" | grep -o '"cwd":"[^"]*"' | cut -d'"' -f4)
-
-    if [ "$session_cwd" = "$target_dir" ] && [ "$file_time" -gt "$latest_time" ]; then
-      latest_file="$session_file"
-      latest_time="$file_time"
-    fi
-  done < <(find "$sessions_dir" -type f -name "*.jsonl" 2> /dev/null)
-
-  if [ -n "$latest_file" ]; then
-    local first_line=$(head -n 1 "$latest_file")
-    local session_id=$(echo "$first_line" | grep -o '"id":"[^"]*"' | cut -d'"' -f4)
-    if [ -n "$session_id" ]; then
-      echo "$session_id"
-      return 0
-    fi
-  fi
-
-  return 1
-}
-
-wait_for_session_file() {
-  local target_dir="$1"
-  local max_attempts=20
-  local attempt=0
-
-  while [ $attempt -lt $max_attempts ]; do
-    local session_id=$(find_recent_session_file "$target_dir" 2> /dev/null || echo "")
-    if [ -n "$session_id" ]; then
-      echo "$session_id"
-      return 0
-    fi
-    sleep 0.5
-    attempt=$((attempt + 1))
-  done
-
-  return 1
-}
-
-validate_codex_installation() {
-  if command_exists codex; then
-    printf "Codex is installed\n"
-  else
-    printf "Error: Codex is not installed. Please enable install_codex or install it manually\n"
+if [ -d "${ARG_CODEX_START_DIRECTORY}" ]; then
+  printf "Directory '%s' exists. Changing to it.\\n" "${ARG_CODEX_START_DIRECTORY}"
+  cd "${ARG_CODEX_START_DIRECTORY}" || {
+    printf "Error: Could not change to directory '%s'.\\n" "${ARG_CODEX_START_DIRECTORY}"
     exit 1
-  fi
-}
+  }
+else
+  printf "Directory '%s' does not exist. Creating and changing to it.\\n" "${ARG_CODEX_START_DIRECTORY}"
+  mkdir -p "${ARG_CODEX_START_DIRECTORY}" || {
+    printf "Error: Could not create directory '%s'.\\n" "${ARG_CODEX_START_DIRECTORY}"
+    exit 1
+  }
+  cd "${ARG_CODEX_START_DIRECTORY}" || {
+    printf "Error: Could not change to directory '%s'.\\n" "${ARG_CODEX_START_DIRECTORY}"
+    exit 1
+  }
+fi
 
-setup_workdir() {
-  if [ -d "${ARG_CODEX_START_DIRECTORY}" ]; then
-    printf "Directory '%s' exists. Changing to it.\\n" "${ARG_CODEX_START_DIRECTORY}"
-    cd "${ARG_CODEX_START_DIRECTORY}" || {
-      printf "Error: Could not change to directory '%s'.\\n" "${ARG_CODEX_START_DIRECTORY}"
-      exit 1
-    }
+if [ -n "$ARG_CODEX_MODEL" ]; then
+  CODEX_ARGS+=("--model" "$ARG_CODEX_MODEL")
+fi
+
+if [ -n "$ARG_CODEX_TASK_PROMPT" ]; then
+  printf "Running the task prompt %s\n" "$ARG_CODEX_TASK_PROMPT"
+  if [ "${ARG_REPORT_TASKS}" == "true" ]; then
+    PROMPT="Complete the task at hand in one go. Every step of the way, report your progress using coder_report_task tool with proper summary and statuses. Your task at hand: $ARG_CODEX_TASK_PROMPT"
   else
-    printf "Directory '%s' does not exist. Creating and changing to it.\\n" "${ARG_CODEX_START_DIRECTORY}"
-    mkdir -p "${ARG_CODEX_START_DIRECTORY}" || {
-      printf "Error: Could not create directory '%s'.\\n" "${ARG_CODEX_START_DIRECTORY}"
-      exit 1
-    }
-    cd "${ARG_CODEX_START_DIRECTORY}" || {
-      printf "Error: Could not change to directory '%s'.\\n" "${ARG_CODEX_START_DIRECTORY}"
-      exit 1
-    }
+    PROMPT="Your task at hand: $ARG_CODEX_TASK_PROMPT"
   fi
-}
+  CODEX_ARGS+=("$PROMPT")
+else
+  printf "No task prompt given.\n"
+fi
 
-build_codex_args() {
-  CODEX_ARGS=()
-
-  if [ -n "$ARG_CODEX_MODEL" ]; then
-    CODEX_ARGS+=("--model" "$ARG_CODEX_MODEL")
-  fi
-
-  if [ "$ARG_CONTINUE" = "true" ]; then
-    existing_session=$(find_session_for_directory "$ARG_CODEX_START_DIRECTORY" 2> /dev/null || echo "")
-
-    if [ -n "$existing_session" ]; then
-      printf "Found existing task session for this directory: %s\n" "$existing_session"
-      printf "Resuming existing session...\n"
-      CODEX_ARGS+=("resume" "$existing_session")
-    else
-      printf "No existing task session found for this directory\n"
-      printf "Starting new task session...\n"
-
-      if [ -n "$ARG_CODEX_TASK_PROMPT" ]; then
-        if [ "${ARG_REPORT_TASKS}" == "true" ]; then
-          PROMPT="Complete the task at hand in one go. Every step of the way, report your progress using coder_report_task tool with proper summary and statuses. Your task at hand: $ARG_CODEX_TASK_PROMPT"
-        else
-          PROMPT="Your task at hand: $ARG_CODEX_TASK_PROMPT"
-        fi
-        CODEX_ARGS+=("$PROMPT")
-      fi
-    fi
-  else
-    printf "Continue disabled, starting fresh session\n"
-
-    if [ -n "$ARG_CODEX_TASK_PROMPT" ]; then
-      if [ "${ARG_REPORT_TASKS}" == "true" ]; then
-        PROMPT="Complete the task at hand in one go. Every step of the way, report your progress using coder_report_task tool with proper summary and statuses. Your task at hand: $ARG_CODEX_TASK_PROMPT"
-      else
-        PROMPT="Your task at hand: $ARG_CODEX_TASK_PROMPT"
-      fi
-      CODEX_ARGS+=("$PROMPT")
-    fi
-  fi
-}
-
-capture_session_id() {
-  if [ "$ARG_CONTINUE" = "true" ] && [ -z "$existing_session" ]; then
-    printf "Capturing new session ID...\n"
-    new_session=$(wait_for_session_file "$ARG_CODEX_START_DIRECTORY" || echo "")
-
-    if [ -n "$new_session" ]; then
-      store_session_mapping "$ARG_CODEX_START_DIRECTORY" "$new_session"
-      printf "✓ Session tracked: %s\n" "$new_session"
-      printf "This session will be automatically resumed on next restart\n"
-    else
-      printf "⚠ Could not capture session ID after 10s timeout\n"
-    fi
-  fi
-}
-
-start_codex() {
-  printf "Starting Codex with arguments: %s\n" "${CODEX_ARGS[*]}"
-  agentapi server --term-width 67 --term-height 1190 -- codex "${CODEX_ARGS[@]}" &
-  capture_session_id
-}
-
-validate_codex_installation
-setup_workdir
-build_codex_args
-start_codex
+# Terminal dimensions optimized for Coder Tasks UI sidebar:
+# - Width 67: fits comfortably in sidebar
+# - Height 1190: adjusted due to Codex terminal height bug
+printf "Starting Codex with arguments: %s\n" "${CODEX_ARGS[*]}"
+agentapi server --term-width 67 --term-height 1190 -- codex "${CODEX_ARGS[@]}"

registry/coder-labs/modules/codex/testdata/codex-mock.sh

@@ -1,6 +1,5 @@
 #!/bin/bash
 
-# Handle --version flag
 if [[ "$1" == "--version" ]]; then
   echo "HELLO: $(bash -c env)"
   echo "codex version v1.0.0"
@@ -9,30 +8,7 @@ fi
 
 set -e
 
-SESSION_ID=""
-IS_RESUME=false
-
-while [[ $# -gt 0 ]]; do
-  case $1 in
-    resume)
-      IS_RESUME=true
-      SESSION_ID="$2"
-      shift 2
-      ;;
-    *)
-      shift
-      ;;
-  esac
-done
-
-if [ "$IS_RESUME" = false ]; then
-  SESSION_ID="019a1234-5678-9abc-def0-123456789012"
-  echo "Created new session: $SESSION_ID"
-else
-  echo "Resuming session: $SESSION_ID"
-fi
-
 while true; do
-  echo "$(date) - codex-mock (session: $SESSION_ID)"
+  echo "$(date) - codex-mock"
   sleep 15
 done

registry/coder-labs/modules/copilot/README.md

@@ -13,7 +13,7 @@ Run [GitHub Copilot CLI](https://docs.github.com/copilot/concepts/agents/about-c
 ```tf
 module "copilot" {
   source   = "registry.coder.com/coder-labs/copilot/coder"
-  version  = "0.2.2"
+  version  = "0.2.1"
   agent_id = coder_agent.example.id
   workdir  = "/home/coder/projects"
 }
@@ -51,7 +51,7 @@ data "coder_parameter" "ai_prompt" {
 
 module "copilot" {
   source   = "registry.coder.com/coder-labs/copilot/coder"
-  version  = "0.2.2"
+  version  = "0.2.1"
   agent_id = coder_agent.example.id
   workdir  = "/home/coder/projects"
 
@@ -71,12 +71,12 @@ Customize tool permissions, MCP servers, and Copilot settings:
 ```tf
 module "copilot" {
   source   = "registry.coder.com/coder-labs/copilot/coder"
-  version  = "0.2.2"
+  version  = "0.2.1"
   agent_id = coder_agent.example.id
   workdir  = "/home/coder/projects"
 
-  # Version pinning (defaults to "latest", use specific version if desired)
-  copilot_version = "0.0.334"
+  # Version pinning (defaults to "0.0.334", use "latest" for newest version)
+  copilot_version = "latest"
 
   # Tool permissions
   allow_tools         = ["shell(git)", "shell(npm)", "write"]
@@ -142,7 +142,7 @@ variable "github_token" {
 
 module "copilot" {
   source       = "registry.coder.com/coder-labs/copilot/coder"
-  version      = "0.2.2"
+  version      = "0.2.1"
   agent_id     = coder_agent.example.id
   workdir      = "/home/coder/projects"
   github_token = var.github_token
@@ -156,7 +156,7 @@ Run Copilot as a command-line tool without task reporting or web interface. This
 ```tf
 module "copilot" {
   source       = "registry.coder.com/coder-labs/copilot/coder"
-  version      = "0.2.2"
+  version      = "0.2.1"
   agent_id     = coder_agent.example.id
   workdir      = "/home/coder"
   report_tasks = false

registry/coder-labs/modules/copilot/main.tf

@@ -104,7 +104,7 @@ variable "agentapi_version" {
 variable "copilot_version" {
   type        = string
   description = "The version of GitHub Copilot CLI to install. Use 'latest' for the latest version or specify a version like '0.0.334'."
-  default     = "latest"
+  default     = "0.0.334"
 }
 
 variable "report_tasks" {

registry/coder-labs/modules/sourcegraph-amp/README.md

@@ -13,7 +13,7 @@ Run [Amp CLI](https://ampcode.com/) in your workspace to access Sourcegraph's AI
 ```tf
 module "amp-cli" {
   source                  = "registry.coder.com/coder-labs/sourcegraph-amp/coder"
-  version                 = "2.0.1"
+  version                 = "2.0.0"
   agent_id                = coder_agent.example.id
   sourcegraph_amp_api_key = var.sourcegraph_amp_api_key
   install_sourcegraph_amp = true
@@ -48,7 +48,7 @@ variable "amp_api_key" {
 module "amp-cli" {
   count              = data.coder_workspace.me.start_count
   source             = "registry.coder.com/coder-labs/sourcegraph-amp/coder"
-  amp_version        = "2.0.1"
+  amp_version        = "2.0.0"
   agent_id           = coder_agent.example.id
   amp_api_key        = var.amp_api_key # recommended for tasks usage
   workdir            = "/home/coder/project"

registry/coder-labs/modules/sourcegraph-amp/main.tf

@@ -6,12 +6,7 @@ terraform {
       source  = "coder/coder"
       version = ">= 2.7"
     }
-    external = {
-      source  = "hashicorp/external"
-      version = "2.3.5"
-    }
   }
-
 }
 
 variable "agent_id" {

registry/coder-labs/templates/tasks-docker/main.tf

@@ -1,8 +1,7 @@
 terraform {
   required_providers {
     coder = {
-      source  = "coder/coder"
-      version = ">= 2.13"
+      source = "coder/coder"
     }
     docker = {
       source = "kreuzwerker/docker"
@@ -13,32 +12,22 @@ terraform {
 # This template requires a valid Docker socket
 # However, you can reference our Kubernetes/VM
 # example templates and adapt the Claude Code module
-#
-# see: https://registry.coder.com/templates
+# 
+# see: https://registry.coder.com/templates 
 provider "docker" {}
 
-# A `coder_ai_task` resource enables Tasks and associates
-# the task with the coder_app that will act as an AI agent.
-resource "coder_ai_task" "task" {
-  count  = data.coder_workspace.me.start_count
-  app_id = module.claude-code[count.index].task_app_id
-}
-
-# You can read the task prompt from the `coder_task` data source.
-data "coder_task" "me" {}
-
 # The Claude Code module does the automatic task reporting
 # Other agent modules: https://registry.coder.com/modules?search=agent
-# Or use a custom agent:
+# Or use a custom agent:  
 module "claude-code" {
   count               = data.coder_workspace.me.start_count
   source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "4.0.0"
+  version             = "3.0.0"
   agent_id            = coder_agent.main.id
   workdir             = "/home/coder/projects"
   order               = 999
   claude_api_key      = ""
-  ai_prompt           = data.coder_task.me.prompt
+  ai_prompt           = data.coder_parameter.ai_prompt.value
   system_prompt       = data.coder_parameter.system_prompt.value
   model               = "sonnet"
   permission_mode     = "plan"
@@ -62,13 +51,13 @@ data "coder_workspace_preset" "default" {
         (servers, dev watchers, GUI apps).
       -	Built-in tools - use for everything else:
        (file operations, git commands, builds & installs, one-off shell commands)
-
+	    
       Remember this decision rule:
       - Stays running? → desktop-commander
       - Finishes immediately? → built-in tools
-
+      
       -- Context --
-      There is an existing app and tmux dev server running on port 8000. Be sure to read it's CLAUDE.md (./realworld-django-rest-framework-angular/CLAUDE.md) to learn more about it.
+      There is an existing app and tmux dev server running on port 8000. Be sure to read it's CLAUDE.md (./realworld-django-rest-framework-angular/CLAUDE.md) to learn more about it. 
 
       Since this app is for demo purposes and the user is previewing the homepage and subsequent pages, aim to make the first visual change/prototype very quickly so the user can preview it, then focus on backend or logic which can be a more involved, long-running architecture plan.
 
@@ -118,7 +107,7 @@ data "coder_workspace_preset" "default" {
 
   # Pre-builds is a Coder Premium
   # feature to speed up workspace creation
-  #
+  # 
   # see https://coder.com/docs/admin/templates/extending-templates/prebuilt-workspaces
   # prebuilds {
   #   instances = 1
@@ -137,6 +126,13 @@ data "coder_parameter" "system_prompt" {
   description  = "System prompt for the agent with generalized instructions"
   mutable      = false
 }
+data "coder_parameter" "ai_prompt" {
+  type        = "string"
+  name        = "AI Prompt"
+  default     = ""
+  description = "Write a prompt for Claude Code"
+  mutable     = true
+}
 data "coder_parameter" "setup_script" {
   name         = "setup_script"
   display_name = "Setup Script"
@@ -377,4 +373,4 @@ resource "docker_container" "workspace" {
     label = "coder.workspace_name"
     value = data.coder_workspace.me.name
   }
-}
+}

registry/coder/modules/agentapi/README.md

@@ -16,7 +16,7 @@ The AgentAPI module is a building block for modules that need to run an AgentAPI
 ```tf
 module "agentapi" {
   source  = "registry.coder.com/coder/agentapi/coder"
-  version = "2.0.0"
+  version = "1.2.0"
 
   agent_id             = var.agent_id
   web_app_slug         = local.app_slug

registry/coder/modules/agentapi/main.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     coder = {
       source  = "coder/coder"
-      version = ">= 2.12"
+      version = ">= 2.7"
     }
   }
 }
@@ -239,6 +239,8 @@ resource "coder_app" "agentapi_cli" {
   group        = var.cli_app_group
 }
 
-output "task_app_id" {
-  value = coder_app.agentapi_web.id
+resource "coder_ai_task" "agentapi" {
+  sidebar_app {
+    id = coder_app.agentapi_web.id
+  }
 }

registry/coder/modules/aider/README.md

@@ -8,58 +8,76 @@ tags: [agent, ai, aider]
 
 # Aider
 
-Run [Aider](https://aider.chat) AI pair programming in your workspace. This module installs Aider with AgentAPI for seamless Coder Tasks Support.
+Run [Aider](https://aider.chat) AI pair programming in your workspace. This module installs Aider and provides a persistent session using screen or tmux.
 
 ```tf
-variable "api_key" {
-  type        = string
-  description = "API key"
-  sensitive   = true
-}
-
 module "aider" {
-  source      = "registry.coder.com/coder/aider/coder"
-  version     = "2.0.0"
-  agent_id    = coder_agent.example.id
-  api_key     = var.api_key
-  ai_provider = "google"
-  model       = "gemini"
+  source   = "registry.coder.com/coder/aider/coder"
+  version  = "1.1.2"
+  agent_id = coder_agent.example.id
 }
 ```
 
-## Prerequisites
+## Features
 
-- pipx is automatically installed if not already available
+- **Interactive Parameter Selection**: Choose your AI provider, model, and configuration options when creating the workspace
+- **Multiple AI Providers**: Supports Anthropic (Claude), OpenAI, DeepSeek, GROQ, and OpenRouter
+- **Persistent Sessions**: Uses screen (default) or tmux to keep Aider running in the background
+- **Optional Dependencies**: Install Playwright for web page scraping and PortAudio for voice coding
+- **Project Integration**: Works with any project directory, including Git repositories
+- **Browser UI**: Use Aider in your browser with a modern web interface instead of the terminal
+- **Non-Interactive Mode**: Automatically processes tasks when provided via the `task_prompt` variable
 
-## Usage Example
+## Module Parameters
+
+> [!NOTE]
+> The `use_screen` and `use_tmux` parameters cannot both be enabled at the same time. By default, `use_screen` is set to `true` and `use_tmux` is set to `false`.
+
+## Usage Examples
+
+### Basic setup with API key
 
 ```tf
-data "coder_parameter" "ai_prompt" {
-  name        = "AI Prompt"
-  description = "Write an initial prompt for Aider to work on."
-  type        = "string"
-  default     = ""
-  mutable     = true
-}
-
-variable "gemini_api_key" {
+variable "anthropic_api_key" {
   type        = string
-  description = "Gemini API key"
+  description = "Anthropic API key"
   sensitive   = true
 }
 
 module "aider" {
-  source           = "registry.coder.com/coder/aider/coder"
-  version          = "2.0.0"
-  agent_id         = coder_agent.example.id
-  api_key          = var.gemini_api_key
-  install_aider    = true
-  workdir          = "/home/coder"
-  ai_provider      = "google"
-  model            = "gemini"
-  install_agentapi = true
-  ai_prompt        = data.coder_parameter.ai_prompt.value
-  system_prompt    = "..."
+  count      = data.coder_workspace.me.start_count
+  source     = "registry.coder.com/coder/aider/coder"
+  version    = "1.1.2"
+  agent_id   = coder_agent.example.id
+  ai_api_key = var.anthropic_api_key
+}
+```
+
+This basic setup will:
+
+- Install Aider in the workspace
+- Create a persistent screen session named "aider"
+- Configure Aider to use Anthropic Claude 3.7 Sonnet model
+- Enable task reporting (configures Aider to report tasks to Coder MCP)
+
+### Using OpenAI with tmux
+
+```tf
+variable "openai_api_key" {
+  type        = string
+  description = "OpenAI API key"
+  sensitive   = true
+}
+
+module "aider" {
+  count       = data.coder_workspace.me.start_count
+  source      = "registry.coder.com/coder/aider/coder"
+  version     = "1.1.2"
+  agent_id    = coder_agent.example.id
+  use_tmux    = true
+  ai_provider = "openai"
+  ai_model    = "4o" # Uses Aider's built-in alias for gpt-4o
+  ai_api_key  = var.openai_api_key
 }
 ```
 
@@ -75,16 +93,174 @@ variable "custom_api_key" {
 module "aider" {
   count               = data.coder_workspace.me.start_count
   source              = "registry.coder.com/coder/aider/coder"
-  version             = "2.0.0"
+  version             = "1.1.2"
   agent_id            = coder_agent.example.id
-  workdir             = "/home/coder"
   ai_provider         = "custom"
   custom_env_var_name = "MY_CUSTOM_API_KEY"
-  model               = "custom-model"
-  api_key             = var.custom_api_key
+  ai_model            = "custom-model"
+  ai_api_key          = var.custom_api_key
 }
 ```
 
+### Adding Custom Extensions (Experimental)
+
+You can extend Aider's capabilities by adding custom extensions:
+
+```tf
+module "aider" {
+  count      = data.coder_workspace.me.start_count
+  source     = "registry.coder.com/coder/aider/coder"
+  version    = "1.1.2"
+  agent_id   = coder_agent.example.id
+  ai_api_key = var.anthropic_api_key
+
+  experiment_pre_install_script = <<-EOT
+  pip install some-custom-dependency
+  EOT
+
+  experiment_additional_extensions = <<-EOT
+  custom-extension:
+    args: []
+    cmd: custom-extension-command
+    description: A custom extension for Aider
+    enabled: true
+    envs: {}
+    name: custom-extension
+    timeout: 300
+    type: stdio
+  EOT
+}
+```
+
+Note: The indentation in the heredoc is preserved, so you can write the YAML naturally.
+
+## Task Reporting (Experimental)
+
+> This functionality is in early access as of Coder v2.21 and is still evolving.
+> For now, we recommend testing it in a demo or staging environment,
+> rather than deploying to production
+>
+> Learn more in [the Coder documentation](https://coder.com/docs/tutorials/ai-agents)
+>
+> Join our [Discord channel](https://discord.gg/coder) or
+> [contact us](https://coder.com/contact) to get help or share feedback.
+
+Your workspace must have either `screen` or `tmux` installed to use this.
+
+Task reporting is **enabled by default** in this module, allowing you to:
+
+- Send an initial prompt to Aider during workspace creation
+- Monitor task progress in the Coder UI
+- Use the `coder_parameter` resource to collect prompts from users
+
+### Setting up Task Reporting
+
+To use task reporting effectively:
+
+1. Add the Coder Login module to your template
+2. Configure the necessary variables to pass the task prompt
+3. Optionally add a coder_parameter to collect prompts from users
+
+Here's a complete example:
+
+```tf
+module "coder-login" {
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/modules/coder-login/coder"
+  version  = "1.0.15"
+  agent_id = coder_agent.example.id
+}
+
+variable "anthropic_api_key" {
+  type        = string
+  description = "Anthropic API key"
+  sensitive   = true
+}
+
+data "coder_parameter" "ai_prompt" {
+  type        = "string"
+  name        = "AI Prompt"
+  default     = ""
+  description = "Write a prompt for Aider"
+  mutable     = true
+  ephemeral   = true
+}
+
+module "aider" {
+  count       = data.coder_workspace.me.start_count
+  source      = "registry.coder.com/coder/aider/coder"
+  version     = "1.1.2"
+  agent_id    = coder_agent.example.id
+  ai_api_key  = var.anthropic_api_key
+  task_prompt = data.coder_parameter.ai_prompt.value
+
+  # Optionally customize the system prompt
+  system_prompt = <<-EOT
+You are a helpful Coding assistant. Aim to autonomously investigate
+and solve issues the user gives you and test your work, whenever possible.
+Avoid shortcuts like mocking tests. When you get stuck, you can ask the user
+but opt for autonomy.
+YOU MUST REPORT ALL TASKS TO CODER.
+When reporting tasks, you MUST follow these EXACT instructions:
+- IMMEDIATELY report status after receiving ANY user message.
+- Be granular. If you are investigating with multiple steps, report each step to coder.
+Task state MUST be one of the following:
+- Use "state": "working" when actively processing WITHOUT needing additional user input.
+- Use "state": "complete" only when finished with a task.
+- Use "state": "failure" when you need ANY user input, lack sufficient details, or encounter blockers.
+Task summaries MUST:
+- Include specifics about what you're doing.
+- Include clear and actionable steps for the user.
+- Be less than 160 characters in length.
+  EOT
+}
+```
+
+When a task prompt is provided via the `task_prompt` variable, the module automatically:
+
+1. Combines the system prompt with the task prompt into a single message in the format:
+
+```
+SYSTEM PROMPT:
+[system_prompt content]
+
+This is your current task: [task_prompt]
+```
+
+2. Executes the task during workspace creation using the `--message` and `--yes-always` flags
+3. Logs task output to `$HOME/.aider.log` for reference
+
+If you want to disable task reporting, set `experiment_report_tasks = false` in your module configuration.
+
+## Using Aider in Your Workspace
+
+After the workspace starts, Aider will be installed and configured according to your parameters. A persistent session will automatically be started during workspace creation.
+
+### Session Options
+
+You can run Aider in three different ways:
+
+1. **Direct Mode**: Aider starts directly in the specified folder when you click the app button
+
+- Simple setup without persistent context
+- Suitable for quick coding sessions
+
+2. **Screen Mode** (Default): Run Aider in a screen session that persists across connections
+
+- Session name: "aider" (or configured via `session_name`)
+
+3. **Tmux Mode**: Run Aider in a tmux session instead of screen
+
+- Set `use_tmux = true` to enable
+- Session name: "aider" (or configured via `session_name`)
+- Configures tmux with mouse support for shared sessions
+
+Persistent sessions (screen/tmux) allow you to:
+
+- Disconnect and reconnect without losing context
+- Run Aider in the background while doing other work
+- Switch between terminal and browser interfaces
+
 ### Available AI Providers and Models
 
 Aider supports various providers and models, and this module integrates directly with Aider's built-in model aliases:
@@ -104,12 +280,10 @@ For a complete and up-to-date list of supported aliases and models, please refer
 
 ## Troubleshooting
 
-- If `aider` is not found, ensure `install_aider = true` and your API key is valid
-- Logs are written under `/home/coder/.aider-module/` (`install.log`, `agentapi-start.log`) for debugging
-- If AgentAPI fails to start, verify that your container has network access and executable permissions for the scripts
+If you encounter issues:
 
-## References
+1. **Screen/Tmux issues**: If you can't reconnect to your session, check if the session exists with `screen -list` or `tmux list-sessions`
+2. **API key issues**: Ensure you've entered the correct API key for your selected provider
+3. **Browser mode issues**: If the browser interface doesn't open, check that you're accessing it from a machine that can reach your Coder workspace
 
-- [Aider Documentation](https://aider.chat/docs)
-- [AgentAPI Documentation](https://github.com/coder/agentapi)
-- [Coder AI Agents Guide](https://coder.com/docs/tutorials/ai-agents)
+For more information on using Aider, see the [Aider documentation](https://aider.chat/docs/).

registry/coder/modules/aider/main.test.ts

@@ -1,138 +1,107 @@
+import { describe, expect, it } from "bun:test";
 import {
-  test,
-  afterEach,
-  describe,
-  setDefaultTimeout,
-  beforeAll,
-  expect,
-} from "bun:test";
-import { execContainer, readFileContainer, runTerraformInit } from "~test";
-import {
-  loadTestFile,
-  writeExecutable,
-  setup as setupUtil,
-  execModuleScript,
-  expectAgentAPIStarted,
-} from "../../../coder/modules/agentapi/test-util";
+  findResourceInstance,
+  runTerraformApply,
+  runTerraformInit,
+  testRequiredVariables,
+} from "~test";
 
-let cleanupFunctions: (() => Promise<void>)[] = [];
-const registerCleanup = (cleanup: () => Promise<void>) => {
-  cleanupFunctions.push(cleanup);
-};
-afterEach(async () => {
-  const cleanupFnsCopy = cleanupFunctions.slice().reverse();
-  cleanupFunctions = [];
-  for (const cleanup of cleanupFnsCopy) {
-    try {
-      await cleanup();
-    } catch (error) {
-      console.error("Error during cleanup:", error);
-    }
-  }
-});
+describe("aider", async () => {
+  await runTerraformInit(import.meta.dir);
 
-interface SetupProps {
-  skipAgentAPIMock?: boolean;
-  skipAiderMock?: boolean;
-  moduleVariables?: Record<string, string>;
-  agentapiMockScript?: string;
-}
-
-const setup = async (props?: SetupProps): Promise<{ id: string }> => {
-  const projectDir = "/home/coder/project";
-  const { id } = await setupUtil({
-    moduleDir: import.meta.dir,
-    moduleVariables: {
-      install_aider: props?.skipAiderMock ? "true" : "false",
-      install_agentapi: props?.skipAgentAPIMock ? "true" : "false",
-      aider_model: "test-model",
-      ...props?.moduleVariables,
-    },
-    registerCleanup,
-    projectDir,
-    skipAgentAPIMock: props?.skipAgentAPIMock,
-    agentapiMockScript: props?.agentapiMockScript,
+  testRequiredVariables(import.meta.dir, {
+    agent_id: "foo",
   });
 
-  // Place the Aider mock CLI binary inside the container
-  if (!props?.skipAiderMock) {
-    await writeExecutable({
-      containerId: id,
-      filePath: "/usr/bin/aider",
-      content: await loadTestFile(`${import.meta.dir}`, "aider-mock.sh"),
+  it("configures task prompt correctly", async () => {
+    const testPrompt = "Add a hello world function";
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      task_prompt: testPrompt,
     });
-  }
 
-  return { id };
-};
-
-setDefaultTimeout(60 * 1000);
-
-describe("Aider", async () => {
-  beforeAll(async () => {
-    await runTerraformInit(import.meta.dir);
-  });
-
-  test("happy-path", async () => {
-    const { id } = await setup({
-      moduleVariables: {
-        model: "gemini",
-      },
-    });
-    await execModuleScript(id);
-    await expectAgentAPIStarted(id);
-  });
-
-  test("api-key", async () => {
-    const apiKey = "test-api-key-123";
-    const { id } = await setup({
-      moduleVariables: {
-        api_key: apiKey,
-        model: "gemini",
-      },
-    });
-    await execModuleScript(id);
-    const resp = await readFileContainer(
-      id,
-      "/home/coder/.aider-module/agentapi-start.log",
+    const instance = findResourceInstance(state, "coder_script");
+    expect(instance.script).toContain(
+      `This is your current task: ${testPrompt}`,
     );
-    expect(resp).toContain("API key provided!");
+    expect(instance.script).toContain("aider --architect --yes-always");
   });
 
-  test("custom-folder", async () => {
-    const workdir = "/tmp/aider-test";
-    const { id } = await setup({
-      moduleVariables: {
-        workdir,
-        model: "gemini",
-      },
+  it("handles custom system prompt", async () => {
+    const customPrompt = "Report all tasks with state: working";
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      system_prompt: customPrompt,
     });
-    await execModuleScript(id);
-    const resp = await readFileContainer(
-      id,
-      "/home/coder/.aider-module/install.log",
-    );
-    expect(resp).toContain(workdir);
+
+    const instance = findResourceInstance(state, "coder_script");
+    expect(instance.script).toContain(customPrompt);
   });
 
-  test("pre-post-install-scripts", async () => {
-    const { id } = await setup({
-      moduleVariables: {
-        pre_install_script: "#!/bin/bash\necho 'pre-install-script'",
-        post_install_script: "#!/bin/bash\necho 'post-install-script'",
-        model: "gemini",
-      },
+  it("handles pre and post install scripts", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      experiment_pre_install_script: "echo 'Pre-install script executed'",
+      experiment_post_install_script: "echo 'Post-install script executed'",
     });
-    await execModuleScript(id);
-    const preLog = await readFileContainer(
-      id,
-      "/home/coder/.aider-module/pre_install.log",
+
+    const instance = findResourceInstance(state, "coder_script");
+
+    expect(instance.script).toContain("Running pre-install script");
+    expect(instance.script).toContain("Running post-install script");
+    expect(instance.script).toContain("base64 -d > /tmp/pre_install.sh");
+    expect(instance.script).toContain("base64 -d > /tmp/post_install.sh");
+  });
+
+  it("validates that use_screen and use_tmux cannot both be true", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      use_screen: true,
+      use_tmux: true,
+    });
+
+    const instance = findResourceInstance(state, "coder_script");
+
+    expect(instance.script).toContain(
+      "Error: Both use_screen and use_tmux cannot be enabled at the same time",
     );
-    expect(preLog).toContain("pre-install-script");
-    const postLog = await readFileContainer(
-      id,
-      "/home/coder/.aider-module/post_install.log",
+    expect(instance.script).toContain("exit 1");
+  });
+
+  it("configures Aider with known provider and model", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      ai_provider: "anthropic",
+      ai_model: "sonnet",
+      ai_api_key: "test-anthropic-key",
+    });
+
+    const instance = findResourceInstance(state, "coder_script");
+    expect(instance.script).toContain(
+      'export ANTHROPIC_API_KEY=\\"test-anthropic-key\\"',
+    );
+    expect(instance.script).toContain("--model sonnet");
+    expect(instance.script).toContain(
+      "Starting Aider using anthropic provider and model: sonnet",
+    );
+  });
+
+  it("handles custom provider with custom env var and API key", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      ai_provider: "custom",
+      custom_env_var_name: "MY_CUSTOM_API_KEY",
+      ai_model: "custom-model",
+      ai_api_key: "test-custom-key",
+    });
+
+    const instance = findResourceInstance(state, "coder_script");
+    expect(instance.script).toContain(
+      'export MY_CUSTOM_API_KEY=\\"test-custom-key\\"',
+    );
+    expect(instance.script).toContain("--model custom-model");
+    expect(instance.script).toContain(
+      "Starting Aider using custom provider and model: custom-model",
     );
-    expect(postLog).toContain("post-install-script");
   });
 });

registry/coder/modules/aider/main.tf

@@ -36,84 +36,87 @@ variable "icon" {
   default     = "/icon/aider.svg"
 }
 
-variable "workdir" {
+variable "folder" {
   type        = string
   description = "The folder to run Aider in."
   default     = "/home/coder"
 }
 
-variable "report_tasks" {
-  type        = bool
-  description = "Whether to enable task reporting to Coder UI via AgentAPI"
-  default     = false
-}
-
-variable "subdomain" {
-  type        = bool
-  description = "Whether to use a subdomain for AgentAPI."
-  default     = false
-}
-
-variable "cli_app" {
-  type        = bool
-  description = "Whether to create a CLI app for Aider"
-  default     = false
-}
-
-variable "web_app_display_name" {
-  type        = string
-  description = "Display name for the web app"
-  default     = "Aider"
-}
-
-variable "cli_app_display_name" {
-  type        = string
-  description = "Display name for the CLI app"
-  default     = "Aider CLI"
-}
-
-variable "pre_install_script" {
-  type        = string
-  description = "Custom script to run before installing Aider."
-  default     = null
-}
-
-variable "post_install_script" {
-  type        = string
-  description = "Custom script to run after installing Aider."
-  default     = null
-}
-
-variable "install_agentapi" {
-  type        = bool
-  description = "Whether to install AgentAPI."
-  default     = true
-}
-
-variable "agentapi_version" {
-  type        = string
-  description = "The version of AgentAPI to install."
-  default     = "v0.10.0"
-}
-
-variable "ai_prompt" {
-  type        = string
-  description = "Initial task prompt for Aider."
-  default     = ""
-}
-
-# ---------------------------------------------
-
 variable "install_aider" {
   type        = bool
   description = "Whether to install Aider."
   default     = true
 }
 
+variable "aider_version" {
+  type        = string
+  description = "The version of Aider to install."
+  default     = "latest"
+}
+
+variable "use_screen" {
+  type        = bool
+  description = "Whether to use screen for running Aider in the background"
+  default     = true
+}
+
+variable "use_tmux" {
+  type        = bool
+  description = "Whether to use tmux instead of screen for running Aider in the background"
+  default     = false
+}
+
+variable "session_name" {
+  type        = string
+  description = "Name for the persistent session (screen or tmux)"
+  default     = "aider"
+}
+
+variable "experiment_report_tasks" {
+  type        = bool
+  description = "Whether to enable task reporting."
+  default     = true
+}
+
 variable "system_prompt" {
   type        = string
   description = "System prompt for instructing Aider on task reporting and behavior"
-  default     = "You are a helpful coding assistant that helps developers write, debug, and understand code. Provide clear explanations, follow best practices, and help solve coding problems efficiently."
+  default     = <<-EOT
+You are a helpful Coding assistant. Aim to autonomously investigate
+and solve issues the user gives you and test your work, whenever possible.
+Avoid shortcuts like mocking tests. When you get stuck, you can ask the user
+but opt for autonomy.
+YOU MUST REPORT ALL TASKS TO CODER.
+When reporting tasks, you MUST follow these EXACT instructions:
+- IMMEDIATELY report status after receiving ANY user message.
+- Be granular. If you are investigating with multiple steps, report each step to coder.
+Task state MUST be one of the following:
+- Use "state": "working" when actively processing WITHOUT needing additional user input.
+- Use "state": "complete" only when finished with a task.
+- Use "state": "failure" when you need ANY user input, lack sufficient details, or encounter blockers.
+Task summaries MUST:
+- Include specifics about what you're doing.
+- Include clear and actionable steps for the user.
+- Be less than 160 characters in length.
+EOT
+}
+
+variable "task_prompt" {
+  type        = string
+  description = "Task prompt to use with Aider"
+  default     = ""
+}
+
+variable "experiment_pre_install_script" {
+  type        = string
+  description = "Custom script to run before installing Aider."
+  default     = null
+}
+
+variable "experiment_post_install_script" {
+  type        = string
+  description = "Custom script to run after installing Aider."
+  default     = null
 }
 
 variable "experiment_additional_extensions" {
@@ -125,19 +128,20 @@ variable "experiment_additional_extensions" {
 variable "ai_provider" {
   type        = string
   description = "AI provider to use with Aider (openai, anthropic, azure, google, etc.)"
-  default     = "google"
+  default     = "anthropic"
   validation {
     condition     = contains(["openai", "anthropic", "azure", "google", "cohere", "mistral", "ollama", "custom"], var.ai_provider)
-    error_message = "provider must be one of: openai, anthropic, azure, google, cohere, mistral, ollama, custom"
+    error_message = "ai_provider must be one of: openai, anthropic, azure, google, cohere, mistral, ollama, custom"
   }
 }
 
-variable "model" {
+variable "ai_model" {
   type        = string
   description = "AI model to use with Aider. Can use Aider's built-in aliases like '4o' (gpt-4o), 'sonnet' (claude-3-7-sonnet), 'opus' (claude-3-opus), etc."
+  default     = "sonnet"
 }
 
-variable "api_key" {
+variable "ai_api_key" {
   type        = string
   description = "API key for the selected AI provider. This will be set as the appropriate environment variable based on the provider."
   default     = ""
@@ -150,66 +154,55 @@ variable "custom_env_var_name" {
   default     = ""
 }
 
-variable "base_aider_config" {
-  type        = string
-  description = <<-EOT
-    Base Aider configuration in yaml format. Will be stored in .aider.conf.yml file.
-    
-    options include:
-    read:
-      - CONVENTIONS.md
-      - anotherfile.txt
-      - thirdfile.py
-    model: xxx
-    ##Specify the OpenAI API key
-    openai-api-key: xxx
-    ## (deprecated, use --set-env OPENAI_API_TYPE=<value>)
-    openai-api-type: xxx
-    ## (deprecated, use --set-env OPENAI_API_VERSION=<value>)
-    openai-api-version: xxx
-    ## (deprecated, use --set-env OPENAI_API_DEPLOYMENT_ID=<value>)
-    openai-api-deployment-id: xxx
-    ## Set an environment variable (to control API settings, can be used multiple times)
-    set-env: xxx
-    ## Specify multiple values like this:
-    set-env:
-      - xxx
-      - yyy
-      - zzz
-
-    Reference : https://aider.chat/docs/config/aider_conf.html
-  EOT
-  default     = null
-}
-
-
 locals {
-  app_slug              = "aider"
-  base_aider_config     = var.base_aider_config != null ? "${replace(trimspace(var.base_aider_config), "\n", "\n  ")}" : ""
-  task_reporting_prompt = <<-EOT
+  base_extensions = <<-EOT
+coder:
+  args:
+  - exp
+  - mcp
+  - server
+  cmd: coder
+  description: Report ALL tasks and statuses (in progress, done, failed) you are working on.
+  enabled: true
+  envs:
+    CODER_MCP_APP_STATUS_SLUG: aider
+  name: Coder
+  timeout: 3000
+  type: stdio
+developer:
+  display_name: Developer
+  enabled: true
+  name: developer
+  timeout: 300
+  type: builtin
+EOT
 
--- Task Reporting --
-Report all tasks to Coder, following these EXACT guidelines:
-1. Be granular. If you are investigating with multiple steps, report each step
-to coder.
-2. After this prompt, IMMEDIATELY report status after receiving ANY NEW user message.
-Do not report any status related with this system prompt.
-3. Use "state": "working" when actively processing WITHOUT needing
-additional user input
-4. Use "state": "complete" only when finished with a task
-5. Use "state": "failure" when you need ANY user input, lack sufficient
-details, or encounter blockers
-  EOT  
+  formatted_base        = "  ${replace(trimspace(local.base_extensions), "\n", "\n  ")}"
+  additional_extensions = var.experiment_additional_extensions != null ? "\n  ${replace(trimspace(var.experiment_additional_extensions), "\n", "\n  ")}" : ""
 
+  combined_extensions = <<-EOT
+extensions:
+${local.formatted_base}${local.additional_extensions}
+EOT
 
-  final_system_prompt = var.report_tasks ? "<system>\n${var.system_prompt}${local.task_reporting_prompt}\n</system>" : "<system>\n${var.system_prompt}\n</system>"
+  encoded_pre_install_script  = var.experiment_pre_install_script != null ? base64encode(var.experiment_pre_install_script) : ""
+  encoded_post_install_script = var.experiment_post_install_script != null ? base64encode(var.experiment_post_install_script) : ""
+
+  # Combine system prompt and task prompt for aider
+  combined_prompt = trimspace(<<-EOT
+SYSTEM PROMPT:
+${var.system_prompt}
+
+This is your current task: ${var.task_prompt}
+EOT
+  )
 
   # Map providers to their environment variable names
   provider_env_vars = {
     openai    = "OPENAI_API_KEY"
     anthropic = "ANTHROPIC_API_KEY"
     azure     = "AZURE_OPENAI_API_KEY"
-    google    = "GEMINI_API_KEY"
+    google    = "GOOGLE_API_KEY"
     cohere    = "COHERE_API_KEY"
     mistral   = "MISTRAL_API_KEY"
     ollama    = "OLLAMA_HOST"
@@ -221,60 +214,296 @@ details, or encounter blockers
 
   # Model flag for aider command
   model_flag = var.ai_provider == "ollama" ? "--ollama-model" : "--model"
-
-  install_script  = file("${path.module}/scripts/install.sh")
-  start_script    = file("${path.module}/scripts/start.sh")
-  module_dir_name = ".aider-module"
 }
 
-module "agentapi" {
-  source  = "registry.coder.com/coder/agentapi/coder"
-  version = "1.2.0"
-
-  agent_id             = var.agent_id
-  web_app_slug         = local.app_slug
-  web_app_order        = var.order
-  web_app_group        = var.group
-  web_app_icon         = var.icon
-  web_app_display_name = var.web_app_display_name
-  cli_app              = var.cli_app
-  cli_app_slug         = var.cli_app ? "${local.app_slug}-cli" : null
-  cli_app_display_name = var.cli_app ? var.cli_app_display_name : null
-  agentapi_subdomain   = var.subdomain
-  module_dir_name      = local.module_dir_name
-  install_agentapi     = var.install_agentapi
-  agentapi_version     = var.agentapi_version
-  pre_install_script   = var.pre_install_script
-  post_install_script  = var.post_install_script
-  start_script         = <<-EOT
+# Install and Initialize Aider
+resource "coder_script" "aider" {
+  agent_id     = var.agent_id
+  display_name = "Aider"
+  icon         = var.icon
+  script       = <<-EOT
     #!/bin/bash
-    set -o errexit
-    set -o pipefail
+    set -e
 
-    echo -n '${base64encode(local.start_script)}' | base64 -d > /tmp/start.sh
-    chmod +x /tmp/start.sh   
-    ARG_WORKDIR='${var.workdir}' \
-    ARG_API_KEY='${base64encode(var.api_key)}' \
-    ARG_MODEL='${var.model}' \
-    ARG_PROVIDER='${var.ai_provider}' \
-    ARG_ENV_API_NAME_HOLDER='${local.env_var_name}' \
-    ARG_SYSTEM_PROMPT='${base64encode(local.final_system_prompt)}' \
-    ARG_AI_PROMPT='${base64encode(var.ai_prompt)}' \
-    /tmp/start.sh
-  EOT
-
-  install_script = <<-EOT
-    #!/bin/bash
-    set -o errexit
-    set -o pipefail
-
-    echo -n '${base64encode(local.install_script)}' | base64 -d > /tmp/install.sh
-    chmod +x /tmp/install.sh
-    ARG_WORKDIR='${var.workdir}' \
-    ARG_INSTALL_AIDER='${var.install_aider}' \
-    ARG_REPORT_TASKS='${var.report_tasks}' \
-    ARG_AIDER_CONFIG="$(echo -n '${base64encode(local.base_aider_config)}' | base64 -d)" \
-    /tmp/install.sh
+    command_exists() {
+      command -v "$1" >/dev/null 2>&1
+    }
+
+    echo "Setting up Aider AI pair programming..."
+
+    if [ "${var.use_screen}" = "true" ] && [ "${var.use_tmux}" = "true" ]; then
+      echo "Error: Both use_screen and use_tmux cannot be enabled at the same time."
+      exit 1
+    fi
+
+    mkdir -p "${var.folder}"
+
+    if [ "$(uname)" = "Linux" ]; then
+      echo "Checking dependencies for Linux..."
+
+      if [ "${var.use_tmux}" = "true" ]; then
+        if ! command_exists tmux; then
+          echo "Installing tmux for persistent sessions..."
+          if command -v apt-get >/dev/null 2>&1; then
+            if command -v sudo >/dev/null 2>&1; then
+              sudo apt-get update -qq
+              sudo apt-get install -y -qq tmux
+            else
+              apt-get update -qq || echo "Warning: Cannot update package lists without sudo privileges"
+              apt-get install -y -qq tmux || echo "Warning: Cannot install tmux without sudo privileges"
+            fi
+          elif command -v dnf >/dev/null 2>&1; then
+            if command -v sudo >/dev/null 2>&1; then
+              sudo dnf install -y -q tmux
+            else
+              dnf install -y -q tmux || echo "Warning: Cannot install tmux without sudo privileges"
+            fi
+          else
+            echo "Warning: Unable to install tmux on this system. Neither apt-get nor dnf found."
+          fi
+        else
+          echo "tmux is already installed, skipping installation."
+        fi
+      elif [ "${var.use_screen}" = "true" ]; then
+        if ! command_exists screen; then
+          echo "Installing screen for persistent sessions..."
+          if command -v apt-get >/dev/null 2>&1; then
+            if command -v sudo >/dev/null 2>&1; then
+              sudo apt-get update -qq
+              sudo apt-get install -y -qq screen
+            else
+              apt-get update -qq || echo "Warning: Cannot update package lists without sudo privileges"
+              apt-get install -y -qq screen || echo "Warning: Cannot install screen without sudo privileges"
+            fi
+          elif command -v dnf >/dev/null 2>&1; then
+            if command -v sudo >/dev/null 2>&1; then
+              sudo dnf install -y -q screen
+            else
+              dnf install -y -q screen || echo "Warning: Cannot install screen without sudo privileges"
+            fi
+          else
+            echo "Warning: Unable to install screen on this system. Neither apt-get nor dnf found."
+          fi
+        else
+          echo "screen is already installed, skipping installation."
+        fi
+      fi
+    else
+      echo "This module currently only supports Linux workspaces."
+      exit 1
+    fi
+
+    if [ -n "${local.encoded_pre_install_script}" ]; then
+      echo "Running pre-install script..."
+      echo "${local.encoded_pre_install_script}" | base64 -d > /tmp/pre_install.sh
+      chmod +x /tmp/pre_install.sh
+      /tmp/pre_install.sh
+    fi
+
+    if [ "${var.install_aider}" = "true" ]; then
+      echo "Installing Aider..."
+
+      if ! command_exists python3 || ! command_exists pip3; then
+        echo "Installing Python dependencies required for Aider..."
+        if command -v apt-get >/dev/null 2>&1; then
+          if command -v sudo >/dev/null 2>&1; then
+            sudo apt-get update -qq
+            sudo apt-get install -y -qq python3-pip python3-venv
+          else
+            apt-get update -qq || echo "Warning: Cannot update package lists without sudo privileges"
+            apt-get install -y -qq python3-pip python3-venv || echo "Warning: Cannot install Python packages without sudo privileges"
+          fi
+        elif command -v dnf >/dev/null 2>&1; then
+          if command -v sudo >/dev/null 2>&1; then
+            sudo dnf install -y -q python3-pip python3-virtualenv
+          else
+            dnf install -y -q python3-pip python3-virtualenv || echo "Warning: Cannot install Python packages without sudo privileges"
+          fi
+        else
+          echo "Warning: Unable to install Python on this system. Neither apt-get nor dnf found."
+        fi
+      else
+        echo "Python is already installed, skipping installation."
+      fi
+
+      if ! command_exists aider; then
+        curl -LsSf https://aider.chat/install.sh | sh
+      fi
+
+      if [ -f "$HOME/.bashrc" ]; then
+        if ! grep -q 'export PATH="$HOME/bin:$PATH"' "$HOME/.bashrc"; then
+          echo 'export PATH="$HOME/bin:$PATH"' >> "$HOME/.bashrc"
+        fi
+      fi
+
+      if [ -f "$HOME/.zshrc" ]; then
+        if ! grep -q 'export PATH="$HOME/bin:$PATH"' "$HOME/.zshrc"; then
+          echo 'export PATH="$HOME/bin:$PATH"' >> "$HOME/.zshrc"
+        fi
+      fi
+
+    fi
+
+    if [ -n "${local.encoded_post_install_script}" ]; then
+      echo "Running post-install script..."
+      echo "${local.encoded_post_install_script}" | base64 -d > /tmp/post_install.sh
+      chmod +x /tmp/post_install.sh
+      /tmp/post_install.sh
+    fi
+
+    if [ "${var.experiment_report_tasks}" = "true" ]; then
+      echo "Configuring Aider to report tasks via Coder MCP..."
+
+      mkdir -p "$HOME/.config/aider"
+
+      cat > "$HOME/.config/aider/config.yml" << EOL
+${trimspace(local.combined_extensions)}
+EOL
+      echo "Added Coder MCP extension to Aider config.yml"
+    fi
+
+    echo "Starting persistent Aider session..."
+
+    touch "$HOME/.aider.log"
+
+    export LANG=en_US.UTF-8
+    export LC_ALL=en_US.UTF-8
+
+    export PATH="$HOME/bin:$PATH"
+
+    if [ "${var.use_tmux}" = "true" ]; then
+      if [ -n "${var.task_prompt}" ]; then
+        echo "Running Aider with message in tmux session..."
+
+        # Configure tmux for shared sessions
+        if [ ! -f "$HOME/.tmux.conf" ]; then
+          echo "Creating ~/.tmux.conf with shared session settings..."
+          echo "set -g mouse on" > "$HOME/.tmux.conf"
+        fi
+
+        if ! grep -q "^set -g mouse on$" "$HOME/.tmux.conf"; then
+          echo "Adding 'set -g mouse on' to ~/.tmux.conf..."
+          echo "set -g mouse on" >> "$HOME/.tmux.conf"
+        fi
+
+        echo "Starting Aider using ${var.ai_provider} provider and model: ${var.ai_model}"
+        tmux new-session -d -s ${var.session_name} -c ${var.folder} "export ${local.env_var_name}=\"${var.ai_api_key}\"; aider --architect --yes-always ${local.model_flag} ${var.ai_model} --message \"${local.combined_prompt}\""
+        echo "Aider task started in tmux session '${var.session_name}'. Check the UI for progress."
+      else
+        # Configure tmux for shared sessions
+        if [ ! -f "$HOME/.tmux.conf" ]; then
+          echo "Creating ~/.tmux.conf with shared session settings..."
+          echo "set -g mouse on" > "$HOME/.tmux.conf"
+        fi
+
+        if ! grep -q "^set -g mouse on$" "$HOME/.tmux.conf"; then
+          echo "Adding 'set -g mouse on' to ~/.tmux.conf..."
+          echo "set -g mouse on" >> "$HOME/.tmux.conf"
+        fi
+
+        echo "Starting Aider using ${var.ai_provider} provider and model: ${var.ai_model}"
+        tmux new-session -d -s ${var.session_name} -c ${var.folder} "export ${local.env_var_name}=\"${var.ai_api_key}\"; aider --architect --yes-always ${local.model_flag} ${var.ai_model} --message \"${var.system_prompt}\""
+        echo "Tmux session '${var.session_name}' started. Access it by clicking the Aider button."
+      fi
+    else
+      if [ -n "${var.task_prompt}" ]; then
+        echo "Running Aider with message in screen session..."
+
+        if [ ! -f "$HOME/.screenrc" ]; then
+          echo "Creating ~/.screenrc and adding multiuser settings..."
+          echo -e "multiuser on\nacladd $(whoami)" > "$HOME/.screenrc"
+        fi
+
+        if ! grep -q "^multiuser on$" "$HOME/.screenrc"; then
+          echo "Adding 'multiuser on' to ~/.screenrc..."
+          echo "multiuser on" >> "$HOME/.screenrc"
+        fi
+
+        if ! grep -q "^acladd $(whoami)$" "$HOME/.screenrc"; then
+          echo "Adding 'acladd $(whoami)' to ~/.screenrc..."
+          echo "acladd $(whoami)" >> "$HOME/.screenrc"
+        fi
+
+        echo "Starting Aider using ${var.ai_provider} provider and model: ${var.ai_model}"
+        screen -U -dmS ${var.session_name} bash -c "
+          cd ${var.folder}
+          export PATH=\"$HOME/bin:$HOME/.local/bin:$PATH\"
+          export ${local.env_var_name}=\"${var.ai_api_key}\"
+          aider --architect --yes-always ${local.model_flag} ${var.ai_model} --message \"${local.combined_prompt}\"
+          /bin/bash
+        "
+
+        echo "Aider task started in screen session '${var.session_name}'. Check the UI for progress."
+      else
+
+        if [ ! -f "$HOME/.screenrc" ]; then
+          echo "Creating ~/.screenrc and adding multiuser settings..."
+          echo -e "multiuser on\nacladd $(whoami)" > "$HOME/.screenrc"
+        fi
+
+        if ! grep -q "^multiuser on$" "$HOME/.screenrc"; then
+          echo "Adding 'multiuser on' to ~/.screenrc..."
+          echo "multiuser on" >> "$HOME/.screenrc"
+        fi
+
+        if ! grep -q "^acladd $(whoami)$" "$HOME/.screenrc"; then
+          echo "Adding 'acladd $(whoami)' to ~/.screenrc..."
+          echo "acladd $(whoami)" >> "$HOME/.screenrc"
+        fi
+
+        echo "Starting Aider using ${var.ai_provider} provider and model: ${var.ai_model}"
+        screen -U -dmS ${var.session_name} bash -c "
+          cd ${var.folder}
+          export PATH=\"$HOME/bin:$HOME/.local/bin:$PATH\"
+          export ${local.env_var_name}=\"${var.ai_api_key}\"
+          aider --architect --yes-always ${local.model_flag} ${var.ai_model} --message \"${local.combined_prompt}\"
+          /bin/bash
+        "
+        echo "Screen session '${var.session_name}' started. Access it by clicking the Aider button."
+      fi
+    fi
+
+    echo "Aider setup complete!"
   EOT
+  run_on_start = true
 }
 
+# Aider CLI app
+resource "coder_app" "aider_cli" {
+  agent_id     = var.agent_id
+  slug         = "aider"
+  display_name = "Aider"
+  icon         = var.icon
+  command      = <<-EOT
+    #!/bin/bash
+    set -e
+
+    export PATH="$HOME/bin:$HOME/.local/bin:$PATH"
+
+    export LANG=en_US.UTF-8
+    export LC_ALL=en_US.UTF-8
+
+    if [ "${var.use_tmux}" = "true" ]; then
+      if tmux has-session -t ${var.session_name} 2>/dev/null; then
+        echo "Attaching to existing Aider tmux session..."
+        tmux attach-session -t ${var.session_name}
+      else
+        echo "Starting new Aider tmux session..."
+        tmux new-session -s ${var.session_name} -c ${var.folder} "export ${local.env_var_name}=\"${var.ai_api_key}\"; aider ${local.model_flag} ${var.ai_model} --message \"${local.combined_prompt}\"; exec bash"
+      fi
+    elif [ "${var.use_screen}" = "true" ]; then
+      if ! screen -list | grep -q "${var.session_name}"; then
+        echo "Error: No existing Aider session found. Please wait for the script to start it."
+        exit 1
+      fi
+      screen -xRR ${var.session_name}
+    else
+      cd "${var.folder}"
+      echo "Starting Aider directly..."
+      export ${local.env_var_name}="${var.ai_api_key}"
+      aider ${local.model_flag} ${var.ai_model} --message "${local.combined_prompt}"
+    fi
+  EOT
+  order        = var.order
+  group        = var.group
+}

registry/coder/modules/aider/main.tftest.hcl

@@ -1,149 +0,0 @@
-run "test_aider_basic" {
-  command = plan
-
-  variables {
-    agent_id = "test-agent-123"
-    workdir  = "/home/coder"
-    model    = "gemini"
-  }
-
-  assert {
-    condition     = var.workdir == "/home/coder"
-    error_message = "Workdir variable should default to /home/coder"
-  }
-
-  assert {
-    condition     = var.agent_id == "test-agent-123"
-    error_message = "Agent ID variable should be set correctly"
-  }
-
-  assert {
-    condition     = var.install_aider == true
-    error_message = "install_aider should default to true"
-  }
-
-  assert {
-    condition     = var.install_agentapi == true
-    error_message = "install_agentapi should default to true"
-  }
-
-  assert {
-    condition     = var.report_tasks == false
-    error_message = "report_tasks should default to false"
-  }
-}
-
-run "test_with_api_key" {
-  command = plan
-
-  variables {
-    agent_id = "test-agent-456"
-    workdir  = "/home/coder/workspace"
-    api_key  = "test-api-key-123"
-    model    = "gemini"
-  }
-
-  assert {
-    condition     = var.api_key == "test-api-key-123"
-    error_message = "API key value should match the input"
-  }
-}
-
-run "test_custom_options" {
-  command = plan
-
-  variables {
-    agent_id          = "test-agent-789"
-    workdir           = "/home/coder/custom"
-    order             = 5
-    group             = "development"
-    icon              = "/icon/custom.svg"
-    model             = "4o"
-    ai_prompt         = "Help me write better code"
-    install_aider     = false
-    install_agentapi  = false
-    agentapi_version  = "v0.10.0"
-    api_key           = ""
-    base_aider_config = "read:\n  - CONVENTIONS.md"
-  }
-
-  assert {
-    condition     = var.order == 5
-    error_message = "Order variable should be set to 5"
-  }
-
-  assert {
-    condition     = var.group == "development"
-    error_message = "Group variable should be set to 'development'"
-  }
-
-  assert {
-    condition     = var.icon == "/icon/custom.svg"
-    error_message = "Icon variable should be set to custom icon"
-  }
-
-  assert {
-    condition     = var.model == "4o"
-    error_message = "Model variable should be set to '4o'"
-  }
-
-  assert {
-    condition     = var.ai_prompt == "Help me write better code"
-    error_message = "AI prompt variable should be set correctly"
-  }
-
-  assert {
-    condition     = var.install_aider == false
-    error_message = "install_aider should be set to false"
-  }
-
-  assert {
-    condition     = var.install_agentapi == false
-    error_message = "install_agentapi should be set to false"
-  }
-
-  assert {
-    condition     = var.agentapi_version == "v0.10.0"
-    error_message = "AgentAPI version should be set to 'v0.10.0'"
-  }
-}
-
-run "test_with_scripts" {
-  command = plan
-
-  variables {
-    agent_id            = "test-agent-scripts"
-    workdir             = "/home/coder/scripts"
-    model               = "gemini"
-    pre_install_script  = "echo 'Pre-install script'"
-    post_install_script = "echo 'Post-install script'"
-  }
-
-  assert {
-    condition     = var.pre_install_script == "echo 'Pre-install script'"
-    error_message = "Pre-install script should be set correctly"
-  }
-
-  assert {
-    condition     = var.post_install_script == "echo 'Post-install script'"
-    error_message = "Post-install script should be set correctly"
-  }
-}
-
-run "test_ai_provider_env_mapping" {
-  command = plan
-
-  variables {
-    agent_id            = "test-agent-provider"
-    workdir             = "/home/coder/test"
-    ai_provider         = "google"
-    model               = "gemini"
-    custom_env_var_name = ""
-  }
-
-  # Ensure provider -> env var mapping works as expected (based on locals.provider_env_vars)
-  assert {
-    condition     = var.ai_provider == "google"
-    error_message = "AI provider should be set to 'google' for this test"
-  }
-}

registry/coder/modules/aider/scripts/install.sh

@@ -1,49 +0,0 @@
-#!/bin/bash
-set -euo pipefail
-
-# Function to check if a command exists
-command_exists() {
-  command -v "$1" > /dev/null 2>&1
-}
-
-# Inputs
-ARG_WORKDIR=${ARG_WORKDIR:-/home/coder}
-ARG_INSTALL_AIDER=${ARG_INSTALL_AIDER:-true}
-ARG_AIDER_CONFIG=${ARG_AIDER_CONFIG:-}
-
-echo "--------------------------------"
-echo "Install flag: $ARG_INSTALL_AIDER"
-echo "Workspace: $ARG_WORKDIR"
-echo "--------------------------------"
-
-function install_aider() {
-  echo "pipx installing..."
-  sudo apt-get install -y pipx
-  echo "pipx installed!"
-  pipx ensurepath
-  mkdir -p "$ARG_WORKDIR/.local/bin"
-  export PATH="$HOME/.local/bin:$ARG_WORKDIR/.local/bin:$PATH"
-
-  if ! command_exists aider; then
-    echo "Installing Aider via pipx..."
-    pipx install --force aider-install
-    aider-install
-  fi
-  echo "Aider installed: $(aider --version || echo 'Aider installation check failed')"
-}
-
-function configure_aider_settings() {
-  if [ -n "${ARG_AIDER_CONFIG}" ]; then
-    echo "Configuring Aider environment variables and model"
-
-    mkdir -p "$HOME/.config/aider"
-
-    echo "$ARG_AIDER_CONFIG" > "$HOME/.config/aider/.aider.conf.yml"
-    echo "Aider config created at $HOME/.config/aider/.aider.conf.yml"
-  else
-    printf "No Aider environment variables or model configured\n"
-  fi
-}
-
-install_aider
-configure_aider_settings

registry/coder/modules/aider/scripts/start.sh

@@ -1,55 +0,0 @@
-#!/bin/bash
-set -euo pipefail
-
-# Ensure pipx-installed apps are in PATH
-export PATH="$HOME/.local/bin:$PATH"
-
-ARG_WORKDIR=${ARG_WORKDIR:-/home/coder}
-ARG_API_KEY=$(echo -n "${ARG_API_KEY:-}" | base64 -d)
-ARG_SYSTEM_PROMPT=$(echo -n "${ARG_SYSTEM_PROMPT:-}" | base64 -d 2> /dev/null || echo "")
-ARG_AI_PROMPT=$(echo -n "${ARG_AI_PROMPT:-}" | base64 -d 2> /dev/null || echo "")
-ARG_MODEL=${ARG_MODEL:-}
-ARG_PROVIDER=${ARG_PROVIDER:-}
-ARG_ENV_API_NAME_HOLDER=${ARG_ENV_API_NAME_HOLDER:-}
-
-echo "--------------------------------"
-echo "Provider: $ARG_PROVIDER"
-echo "Model: $ARG_MODEL"
-echo "--------------------------------"
-
-if [ -n "$ARG_API_KEY" ]; then
-  printf "API key provided!\n"
-  export $ARG_ENV_API_NAME_HOLDER=$ARG_API_KEY
-else
-  printf "API key not provided.\n"
-fi
-
-build_initial_prompt() {
-  local initial_prompt=""
-  if [ -n "$ARG_AI_PROMPT" ]; then
-    if [ -n "$ARG_SYSTEM_PROMPT" ]; then
-      initial_prompt="$ARG_SYSTEM_PROMPT $ARG_AI_PROMPT"
-    else
-      initial_prompt="$ARG_AI_PROMPT"
-    fi
-  fi
-  echo "$initial_prompt"
-}
-
-start_agentapi() {
-  echo "Starting in directory: $ARG_WORKDIR"
-  cd "$ARG_WORKDIR"
-
-  local initial_prompt
-  initial_prompt=$(build_initial_prompt)
-  if [ -n "$initial_prompt" ]; then
-    echo "Starting agentapi with initial prompt"
-    agentapi server -I="$initial_prompt" --type aider --term-width=67 --term-height=1190 -- aider --model $ARG_MODEL --yes-always
-  else
-    agentapi server --term-width=67 --term-height=1190 -- aider --model $ARG_MODEL --yes-always
-  fi
-}
-
-# TODO: Implement MCP server for coder when Aider support MCP servers.
-
-start_agentapi

registry/coder/modules/aider/testdata/aider-mock.sh

@@ -1,14 +0,0 @@
-#!/bin/bash
-
-if [[ "$1" == "--version" ]]; then
-  echo "HELLO: $(bash -c env)"
-  echo "aider version v0.86.0"
-  exit 0
-fi
-
-set -e
-
-while true; do
-  echo "$(date) - aider-agent-mock"
-  sleep 15
-done

registry/coder/modules/amazon-q/README.md

@@ -13,7 +13,7 @@ Run [Amazon Q](https://aws.amazon.com/q/) in your workspace to access Amazon's A
 ```tf
 module "amazon-q" {
   source   = "registry.coder.com/coder/amazon-q/coder"
-  version  = "3.0.0"
+  version  = "2.1.1"
   agent_id = coder_agent.example.id
   workdir  = "/home/coder"
 
@@ -102,7 +102,7 @@ data "coder_parameter" "ai_prompt" {
 
 module "amazon-q" {
   source          = "registry.coder.com/coder/amazon-q/coder"
-  version         = "3.0.0"
+  version         = "2.1.1"
   agent_id        = coder_agent.example.id
   workdir         = "/home/coder"
   auth_tarball    = var.amazon_q_auth_tarball
@@ -228,7 +228,7 @@ If no custom `agent_config` is provided, the default agent name "agent" is used.
 ```tf
 module "amazon-q" {
   source       = "registry.coder.com/coder/amazon-q/coder"
-  version      = "3.0.0"
+  version      = "2.1.1"
   agent_id     = coder_agent.example.id
   workdir      = "/home/coder"
   auth_tarball = var.amazon_q_auth_tarball
@@ -258,7 +258,7 @@ This example will:
 ```tf
 module "amazon-q" {
   source          = "registry.coder.com/coder/amazon-q/coder"
-  version         = "3.0.0"
+  version         = "2.1.1"
   agent_id        = coder_agent.example.id
   workdir         = "/home/coder"
   auth_tarball    = var.amazon_q_auth_tarball
@@ -279,7 +279,7 @@ module "amazon-q" {
 ```tf
 module "amazon-q" {
   source       = "registry.coder.com/coder/amazon-q/coder"
-  version      = "3.0.0"
+  version      = "2.1.1"
   agent_id     = coder_agent.example.id
   workdir      = "/home/coder"
   auth_tarball = var.amazon_q_auth_tarball
@@ -305,7 +305,7 @@ module "amazon-q" {
 ```tf
 module "amazon-q" {
   source           = "registry.coder.com/coder/amazon-q/coder"
-  version          = "3.0.0"
+  version          = "2.1.1"
   agent_id         = coder_agent.example.id
   workdir          = "/home/coder"
   auth_tarball     = var.amazon_q_auth_tarball
@@ -319,7 +319,7 @@ module "amazon-q" {
 ```tf
 module "amazon-q" {
   source       = "registry.coder.com/coder/amazon-q/coder"
-  version      = "3.0.0"
+  version      = "2.1.1"
   agent_id     = coder_agent.example.id
   workdir      = "/home/coder"
   auth_tarball = var.amazon_q_auth_tarball
@@ -340,7 +340,7 @@ module "amazon-q" {
 ```tf
 module "amazon-q" {
   source       = "registry.coder.com/coder/amazon-q/coder"
-  version      = "3.0.0"
+  version      = "2.1.1"
   agent_id     = coder_agent.example.id
   workdir      = "/home/coder"
   auth_tarball = var.amazon_q_auth_tarball
@@ -358,7 +358,7 @@ For environments without direct internet access, you can host Amazon Q installat
 ```tf
 module "amazon-q" {
   source       = "registry.coder.com/coder/amazon-q/coder"
-  version      = "3.0.0"
+  version      = "2.1.1"
   agent_id     = coder_agent.example.id
   workdir      = "/home/coder"
   auth_tarball = var.amazon_q_auth_tarball

registry/coder/modules/amazon-q/main.tf

@@ -6,7 +6,7 @@ terraform {
   required_providers {
     coder = {
       source  = "coder/coder"
-      version = ">= 2.12"
+      version = ">= 2.7"
     }
   }
 }
@@ -214,7 +214,7 @@ locals {
 
 module "agentapi" {
   source  = "registry.coder.com/coder/agentapi/coder"
-  version = "2.0.0"
+  version = "1.2.0"
 
   agent_id             = var.agent_id
   folder               = local.workdir
@@ -268,7 +268,3 @@ module "agentapi" {
     /tmp/install.sh
   EOT
 }
-
-output "task_app_id" {
-  value = module.agentapi.task_app_id
-}

registry/coder/modules/claude-code/README.md

@@ -13,7 +13,7 @@ Run the [Claude Code](https://docs.anthropic.com/en/docs/agents-and-tools/claude
 ```tf
 module "claude-code" {
   source         = "registry.coder.com/coder/claude-code/coder"
-  version        = "4.0.1"
+  version        = "3.1.1"
   agent_id       = coder_agent.example.id
   workdir        = "/home/coder/project"
   claude_api_key = "xxxx-xxxxx-xxxx"
@@ -32,29 +32,8 @@ module "claude-code" {
   - You can get the API key from the [Anthropic Console](https://console.anthropic.com/dashboard).
   - You can get the Session Token using the `claude setup-token` command. This is a long-lived authentication token (requires Claude subscription)
 
-### Session Resumption Behavior
-
-By default, Claude Code automatically resumes existing conversations when your workspace restarts. Sessions are tracked per workspace directory, so conversations continue where you left off. If no session exists (first start), your `ai_prompt` will run normally. To disable this behavior and always start fresh, set `continue = false`
-
 ## Examples
 
-### Usage with Agent Boundaries
-
-This example shows how to configure the Claude Code module to run the agent behind a process-level boundary that restricts its network access.
-
-```tf
-module "claude-code" {
-  source                           = "dev.registry.coder.com/coder/claude-code/coder"
-  enable_boundary                  = true
-  boundary_version                 = "main"
-  boundary_log_dir                 = "/tmp/boundary_logs"
-  boundary_log_level               = "WARN"
-  boundary_additional_allowed_urls = ["GET *google.com"]
-  boundary_proxy_port              = "8087"
-  version                          = "3.4.3"
-}
-```
-
 ### Usage with Tasks and Advanced Configuration
 
 This example shows how to configure the Claude Code module with an AI prompt, API key shared by all users of the template, and other custom settings.
@@ -70,7 +49,7 @@ data "coder_parameter" "ai_prompt" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.0.1"
+  version  = "3.1.1"
   agent_id = coder_agent.example.id
   workdir  = "/home/coder/project"
 
@@ -106,7 +85,7 @@ Run and configure Claude Code as a standalone CLI in your workspace.
 ```tf
 module "claude-code" {
   source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "4.0.1"
+  version             = "3.1.1"
   agent_id            = coder_agent.example.id
   workdir             = "/home/coder"
   install_claude_code = true
@@ -129,7 +108,7 @@ variable "claude_code_oauth_token" {
 
 module "claude-code" {
   source                  = "registry.coder.com/coder/claude-code/coder"
-  version                 = "4.0.1"
+  version                 = "3.1.1"
   agent_id                = coder_agent.example.id
   workdir                 = "/home/coder/project"
   claude_code_oauth_token = var.claude_code_oauth_token
@@ -202,7 +181,7 @@ resource "coder_env" "bedrock_api_key" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.0.1"
+  version  = "3.1.1"
   agent_id = coder_agent.example.id
   workdir  = "/home/coder/project"
   model    = "global.anthropic.claude-sonnet-4-5-20250929-v1:0"
@@ -259,7 +238,7 @@ resource "coder_env" "google_application_credentials" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.0.1"
+  version  = "3.1.1"
   agent_id = coder_agent.example.id
   workdir  = "/home/coder/project"
   model    = "claude-sonnet-4@20250514"

registry/coder/modules/claude-code/main.test.ts

@@ -167,7 +167,7 @@ describe("claude-code", async () => {
     const { id } = await setup({
       moduleVariables: {
         permission_mode: mode,
-        ai_prompt: "test prompt",
+        task_prompt: "test prompt",
       },
     });
     await execModuleScript(id);
@@ -185,7 +185,7 @@ describe("claude-code", async () => {
     const { id } = await setup({
       moduleVariables: {
         model: model,
-        ai_prompt: "test prompt",
+        task_prompt: "test prompt",
       },
     });
     await execModuleScript(id);
@@ -198,63 +198,13 @@ describe("claude-code", async () => {
     expect(startLog.stdout).toContain(`--model ${model}`);
   });
 
-  test("claude-continue-resume-task-session", async () => {
+  test("claude-continue-previous-conversation", async () => {
     const { id } = await setup({
       moduleVariables: {
         continue: "true",
-        report_tasks: "true",
-        ai_prompt: "test prompt",
+        task_prompt: "test prompt",
       },
     });
-
-    // Create a mock task session file with the hardcoded task session ID
-    const taskSessionId = "cd32e253-ca16-4fd3-9825-d837e74ae3c2";
-    const sessionDir = `/home/coder/.claude/projects/-home-coder-project`;
-    await execContainer(id, ["mkdir", "-p", sessionDir]);
-    await execContainer(id, [
-      "bash",
-      "-c",
-      `touch ${sessionDir}/session-${taskSessionId}.jsonl`,
-    ]);
-
-    await execModuleScript(id);
-
-    const startLog = await execContainer(id, [
-      "bash",
-      "-c",
-      "cat /home/coder/.claude-module/agentapi-start.log",
-    ]);
-    expect(startLog.stdout).toContain("--resume");
-    expect(startLog.stdout).toContain(taskSessionId);
-    expect(startLog.stdout).toContain("Resuming existing task session");
-    expect(startLog.stdout).toContain("--dangerously-skip-permissions");
-  });
-
-  test("claude-continue-resume-standalone-session", async () => {
-    const { id } = await setup({
-      moduleVariables: {
-        continue: "true",
-        report_tasks: "false",
-        ai_prompt: "test prompt",
-      },
-    });
-
-    const sessionId = "some-random-session-id";
-    const workdir = "/home/coder/project";
-    const claudeJson = {
-      projects: {
-        [workdir]: {
-          lastSessionId: sessionId,
-        },
-      },
-    };
-
-    await execContainer(id, [
-      "bash",
-      "-c",
-      `echo '${JSON.stringify(claudeJson)}' > /home/coder/.claude.json`,
-    ]);
-
     await execModuleScript(id);
 
     const startLog = await execContainer(id, [
@@ -263,7 +213,6 @@ describe("claude-code", async () => {
       "cat /home/coder/.claude-module/agentapi-start.log",
     ]);
     expect(startLog.stdout).toContain("--continue");
-    expect(startLog.stdout).toContain("Resuming existing session");
   });
 
   test("pre-post-install-scripts", async () => {

registry/coder/modules/claude-code/main.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     coder = {
       source  = "coder/coder"
-      version = ">= 2.12"
+      version = ">= 2.7"
     }
   }
 }
@@ -134,8 +134,8 @@ variable "resume_session_id" {
 
 variable "continue" {
   type        = bool
-  description = "Automatically continue existing sessions on workspace restart. When true, resumes existing conversation if found, otherwise runs prompt or starts new session. When false, always starts fresh (ignores existing sessions)."
-  default     = true
+  description = "Load the most recent conversation in the current directory. Task will fail in a new workspace with no conversation/session to continue"
+  default     = false
 }
 
 variable "dangerously_skip_permissions" {
@@ -192,54 +192,6 @@ variable "claude_md_path" {
   default     = "$HOME/.claude/CLAUDE.md"
 }
 
-variable "enable_boundary" {
-  type        = bool
-  description = "Whether to enable coder boundary for network filtering"
-  default     = false
-}
-
-variable "boundary_version" {
-  type        = string
-  description = "Boundary version, valid git reference should be provided (tag, commit, branch)"
-  default     = "main"
-}
-
-variable "boundary_log_dir" {
-  type        = string
-  description = "Directory for boundary logs"
-  default     = "/tmp/boundary_logs"
-}
-
-variable "boundary_log_level" {
-  type        = string
-  description = "Log level for boundary process"
-  default     = "WARN"
-}
-
-variable "boundary_additional_allowed_urls" {
-  type        = list(string)
-  description = "Additional URLs to allow through boundary (in addition to default allowed URLs)"
-  default     = []
-}
-
-variable "boundary_proxy_port" {
-  type        = string
-  description = "Port for HTTP Proxy used by Boundary"
-  default     = "8087"
-}
-
-variable "enable_boundary_pprof" {
-  type        = bool
-  description = "Whether to enable coder boundary pprof server"
-  default     = false
-}
-
-variable "boundary_pprof_port" {
-  type        = string
-  description = "Port for pprof server used by Boundary"
-  default     = "6067"
-}
-
 resource "coder_env" "claude_code_md_path" {
   count = var.claude_md_path == "" ? 0 : 1
 
@@ -270,15 +222,13 @@ resource "coder_env" "claude_api_key" {
 
 locals {
   # we have to trim the slash because otherwise coder exp mcp will
-  # set up an invalid claude config
+  # set up an invalid claude config 
   workdir                           = trimsuffix(var.workdir, "/")
   app_slug                          = "ccw"
   install_script                    = file("${path.module}/scripts/install.sh")
   start_script                      = file("${path.module}/scripts/start.sh")
   module_dir_name                   = ".claude-module"
   remove_last_session_id_script_b64 = base64encode(file("${path.module}/scripts/remove-last-session-id.sh"))
-  # Extract hostname from access_url for boundary --allow flag
-  coder_host = replace(replace(data.coder_workspace.me.access_url, "https://", ""), "http://", "")
 
   # Required prompts for the module to properly report task status to Coder
   report_tasks_system_prompt = <<-EOT
@@ -313,8 +263,9 @@ locals {
 }
 
 module "agentapi" {
+
   source  = "registry.coder.com/coder/agentapi/coder"
-  version = "2.0.0"
+  version = "1.2.0"
 
   agent_id             = var.agent_id
   web_app_slug         = local.app_slug
@@ -348,16 +299,6 @@ module "agentapi" {
      ARG_PERMISSION_MODE='${var.permission_mode}' \
      ARG_WORKDIR='${local.workdir}' \
      ARG_AI_PROMPT='${base64encode(var.ai_prompt)}' \
-     ARG_REPORT_TASKS='${var.report_tasks}' \
-     ARG_ENABLE_BOUNDARY='${var.enable_boundary}' \
-     ARG_BOUNDARY_VERSION='${var.boundary_version}' \
-     ARG_BOUNDARY_LOG_DIR='${var.boundary_log_dir}' \
-     ARG_BOUNDARY_LOG_LEVEL='${var.boundary_log_level}' \
-     ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS='${join("|", var.boundary_additional_allowed_urls)}' \
-     ARG_BOUNDARY_PROXY_PORT='${var.boundary_proxy_port}' \
-     ARG_ENABLE_BOUNDARY_PPROF='${var.enable_boundary_pprof}' \
-     ARG_BOUNDARY_PPROF_PORT='${var.boundary_pprof_port}' \
-     ARG_CODER_HOST='${local.coder_host}' \
      /tmp/start.sh
    EOT
 
@@ -379,7 +320,3 @@ module "agentapi" {
     /tmp/install.sh
   EOT
 }
-
-output "task_app_id" {
-  value = module.agentapi.task_app_id
-}

registry/coder/modules/claude-code/main.tftest.hcl

@@ -57,7 +57,7 @@ run "test_claude_code_with_custom_options" {
     group                        = "development"
     icon                         = "/icon/custom.svg"
     model                        = "opus"
-    ai_prompt                    = "Help me write better code"
+    task_prompt                  = "Help me write better code"
     permission_mode              = "plan"
     continue                     = true
     install_claude_code          = false
@@ -88,8 +88,8 @@ run "test_claude_code_with_custom_options" {
   }
 
   assert {
-    condition     = var.ai_prompt == "Help me write better code"
-    error_message = "AI prompt variable should be set correctly"
+    condition     = var.task_prompt == "Help me write better code"
+    error_message = "Task prompt variable should be set correctly"
   }
 
   assert {
@@ -188,32 +188,6 @@ run "test_claude_code_permission_mode_validation" {
   }
 }
 
-run "test_claude_code_with_boundary" {
-  command = plan
-
-  variables {
-    agent_id         = "test-agent-boundary"
-    workdir          = "/home/coder/boundary-test"
-    enable_boundary  = true
-    boundary_log_dir = "/tmp/test-boundary-logs"
-  }
-
-  assert {
-    condition     = var.enable_boundary == true
-    error_message = "Boundary should be enabled"
-  }
-
-  assert {
-    condition     = var.boundary_log_dir == "/tmp/test-boundary-logs"
-    error_message = "Boundary log dir should be set correctly"
-  }
-
-  assert {
-    condition     = local.coder_host != ""
-    error_message = "Coder host should be extracted from access URL"
-  }
-}
-
 run "test_claude_code_system_prompt" {
   command = plan
 
@@ -293,4 +267,4 @@ run "test_claude_report_tasks_disabled" {
     condition     = endswith(trimspace(coder_env.claude_code_system_prompt.value), "</system>")
     error_message = "System prompt should end with </system>"
   }
-}
+}

registry/coder/modules/claude-code/scripts/install.sh

@@ -1,12 +1,10 @@
 #!/bin/bash
+set -euo pipefail
 
 if [ -f "$HOME/.bashrc" ]; then
   source "$HOME"/.bashrc
 fi
 
-# Set strict error handling AFTER sourcing bashrc to avoid unbound variable errors from user dotfiles
-set -euo pipefail
-
 BOLD='\033[0;1m'
 
 command_exists() {
@@ -93,6 +91,11 @@ function report_tasks() {
     export CODER_MCP_APP_STATUS_SLUG="$ARG_MCP_APP_STATUS_SLUG"
     export CODER_MCP_AI_AGENTAPI_URL="http://localhost:3284"
     coder exp mcp configure claude-code "$ARG_WORKDIR"
+  else
+    export CODER_MCP_APP_STATUS_SLUG=""
+    export CODER_MCP_AI_AGENTAPI_URL=""
+    echo "Configuring Claude Code with Coder MCP..."
+    coder exp mcp configure claude-code "$ARG_WORKDIR"
   fi
 }
 

registry/coder/modules/claude-code/scripts/remove-last-session-id.sh

@@ -26,19 +26,15 @@ echo ".claude.json path $claude_json_path"
 # Check if .claude.json exists
 if [ ! -f "$claude_json_path" ]; then
   echo "No .claude.json file found"
-  exit 1
+  exit 0
 fi
 
 # Use jq to check if lastSessionId exists for the working directory and remove it
 
 if jq -e ".projects[\"$working_dir\"].lastSessionId" "$claude_json_path" > /dev/null 2>&1; then
   # Remove lastSessionId and update the file
-  if jq "del(.projects[\"$working_dir\"].lastSessionId)" "$claude_json_path" > "${claude_json_path}.tmp" && mv "${claude_json_path}.tmp" "$claude_json_path"; then
-    echo "Removed lastSessionId from .claude.json"
-    exit 0
-  else
-    echo "Failed to remove lastSessionId from .claude.json"
-  fi
+  jq "del(.projects[\"$working_dir\"].lastSessionId)" "$claude_json_path" > "${claude_json_path}.tmp" && mv "${claude_json_path}.tmp" "$claude_json_path"
+  echo "Removed lastSessionId from .claude.json"
 else
   echo "No lastSessionId found in .claude.json - nothing to do"
 fi

registry/coder/modules/claude-code/scripts/start.sh

@@ -1,12 +1,9 @@
 #!/bin/bash
+set -euo pipefail
 
 if [ -f "$HOME/.bashrc" ]; then
   source "$HOME"/.bashrc
 fi
-
-# Set strict error handling AFTER sourcing bashrc to avoid unbound variable errors from user dotfiles
-set -euo pipefail
-
 export PATH="$HOME/.local/bin:$PATH"
 
 command_exists() {
@@ -20,15 +17,6 @@ ARG_DANGEROUSLY_SKIP_PERMISSIONS=${ARG_DANGEROUSLY_SKIP_PERMISSIONS:-}
 ARG_PERMISSION_MODE=${ARG_PERMISSION_MODE:-}
 ARG_WORKDIR=${ARG_WORKDIR:-"$HOME"}
 ARG_AI_PROMPT=$(echo -n "${ARG_AI_PROMPT:-}" | base64 -d)
-ARG_REPORT_TASKS=${ARG_REPORT_TASKS:-true}
-ARG_ENABLE_BOUNDARY=${ARG_ENABLE_BOUNDARY:-false}
-ARG_BOUNDARY_VERSION=${ARG_BOUNDARY_VERSION:-"main"}
-ARG_BOUNDARY_LOG_DIR=${ARG_BOUNDARY_LOG_DIR:-"/tmp/boundary_logs"}
-ARG_BOUNDARY_LOG_LEVEL=${ARG_BOUNDARY_LOG_LEVEL:-"WARN"}
-ARG_BOUNDARY_PROXY_PORT=${ARG_BOUNDARY_PROXY_PORT:-"8087"}
-ARG_ENABLE_BOUNDARY_PPROF=${ARG_ENABLE_BOUNDARY_PPROF:-false}
-ARG_BOUNDARY_PPROF_PORT=${ARG_BOUNDARY_PPROF_PORT:-"6067"}
-ARG_CODER_HOST=${ARG_CODER_HOST:-}
 
 echo "--------------------------------"
 
@@ -39,36 +27,13 @@ printf "ARG_DANGEROUSLY_SKIP_PERMISSIONS: %s\n" "$ARG_DANGEROUSLY_SKIP_PERMISSIO
 printf "ARG_PERMISSION_MODE: %s\n" "$ARG_PERMISSION_MODE"
 printf "ARG_AI_PROMPT: %s\n" "$ARG_AI_PROMPT"
 printf "ARG_WORKDIR: %s\n" "$ARG_WORKDIR"
-printf "ARG_REPORT_TASKS: %s\n" "$ARG_REPORT_TASKS"
-printf "ARG_ENABLE_BOUNDARY: %s\n" "$ARG_ENABLE_BOUNDARY"
-printf "ARG_BOUNDARY_VERSION: %s\n" "$ARG_BOUNDARY_VERSION"
-printf "ARG_BOUNDARY_LOG_DIR: %s\n" "$ARG_BOUNDARY_LOG_DIR"
-printf "ARG_BOUNDARY_LOG_LEVEL: %s\n" "$ARG_BOUNDARY_LOG_LEVEL"
-printf "ARG_BOUNDARY_PROXY_PORT: %s\n" "$ARG_BOUNDARY_PROXY_PORT"
-printf "ARG_CODER_HOST: %s\n" "$ARG_CODER_HOST"
 
 echo "--------------------------------"
 
-# Clean up stale session data (see remove-last-session-id.sh for details)
-CAN_CONTINUE_CONVERSATION=false
-set +e
-bash "/tmp/remove-last-session-id.sh" "$(pwd)" 2> /dev/null
-session_cleanup_exit_code=$?
-set -e
-
-case $session_cleanup_exit_code in
-  0)
-    CAN_CONTINUE_CONVERSATION=true
-    ;;
-esac
-
-function install_boundary() {
-  # Install boundary from public github repo
-  git clone https://github.com/coder/boundary
-  cd boundary
-  git checkout $ARG_BOUNDARY_VERSION
-  go install ./cmd/...
-}
+# see the remove-last-session-id.sh script for details
+# about why we need it
+# avoid exiting if the script fails
+bash "/tmp/remove-last-session-id.sh" "$(pwd)" 2> /dev/null || true
 
 function validate_claude_installation() {
   if command_exists claude; then
@@ -79,144 +44,41 @@ function validate_claude_installation() {
   fi
 }
 
-# Hardcoded task session ID for Coder task reporting
-# This ensures all task sessions use a consistent, predictable ID
-TASK_SESSION_ID="cd32e253-ca16-4fd3-9825-d837e74ae3c2"
-
-task_session_exists() {
-  local workdir_normalized=$(echo "$ARG_WORKDIR" | tr '/' '-')
-  local project_dir="$HOME/.claude/projects/${workdir_normalized}"
-
-  if [ -d "$project_dir" ] && find "$project_dir" -type f -name "*${TASK_SESSION_ID}*" 2> /dev/null | grep -q .; then
-    return 0
-  else
-    return 1
-  fi
-}
-
 ARGS=()
 
-function start_agentapi() {
-  # For Task reporting
-  export CODER_MCP_ALLOWED_TOOLS="coder_report_task"
-
-  mkdir -p "$ARG_WORKDIR"
-  cd "$ARG_WORKDIR"
-
+function build_claude_args() {
   if [ -n "$ARG_MODEL" ]; then
     ARGS+=(--model "$ARG_MODEL")
   fi
 
+  if [ -n "$ARG_RESUME_SESSION_ID" ]; then
+    ARGS+=(--resume "$ARG_RESUME_SESSION_ID")
+  fi
+
+  if [ "$ARG_CONTINUE" = "true" ]; then
+    ARGS+=(--continue)
+  fi
+
   if [ -n "$ARG_PERMISSION_MODE" ]; then
     ARGS+=(--permission-mode "$ARG_PERMISSION_MODE")
   fi
 
-  if [ -n "$ARG_RESUME_SESSION_ID" ]; then
-    echo "Resuming task session by ID: $ARG_RESUME_SESSION_ID"
-    ARGS+=(--resume "$ARG_RESUME_SESSION_ID")
-    if [ "$ARG_DANGEROUSLY_SKIP_PERMISSIONS" = "true" ]; then
-      ARGS+=(--dangerously-skip-permissions)
-    fi
-  elif [ "$ARG_CONTINUE" = "true" ]; then
-    if [ "$ARG_REPORT_TASKS" = "true" ] && task_session_exists; then
-      echo "Task session detected (ID: $TASK_SESSION_ID)"
-      ARGS+=(--resume "$TASK_SESSION_ID")
-      ARGS+=(--dangerously-skip-permissions)
-      echo "Resuming existing task session"
-    elif [ "$ARG_REPORT_TASKS" = "false" ] && [ "$CAN_CONTINUE_CONVERSATION" = true ]; then
-      echo "Previous session exists"
-      ARGS+=(--continue)
-      if [ "$ARG_DANGEROUSLY_SKIP_PERMISSIONS" = "true" ]; then
-        ARGS+=(--dangerously-skip-permissions)
-      fi
-      echo "Resuming existing session"
-    else
-      echo "No existing session found"
-      if [ "$ARG_REPORT_TASKS" = "true" ]; then
-        ARGS+=(--session-id "$TASK_SESSION_ID")
-      fi
-      if [ -n "$ARG_AI_PROMPT" ]; then
-        if [ "$ARG_REPORT_TASKS" = "true" ]; then
-          ARGS+=(--dangerously-skip-permissions -- "$ARG_AI_PROMPT")
-        else
-          if [ "$ARG_DANGEROUSLY_SKIP_PERMISSIONS" = "true" ]; then
-            ARGS+=(--dangerously-skip-permissions)
-          fi
-          ARGS+=(-- "$ARG_AI_PROMPT")
-        fi
-        echo "Starting new session with prompt"
-      else
-        if [ "$ARG_REPORT_TASKS" = "true" ] || [ "$ARG_DANGEROUSLY_SKIP_PERMISSIONS" = "true" ]; then
-          ARGS+=(--dangerously-skip-permissions)
-        fi
-        echo "Starting new session"
-      fi
-    fi
+}
+
+function start_agentapi() {
+  mkdir -p "$ARG_WORKDIR"
+  cd "$ARG_WORKDIR"
+  if [ -n "$ARG_AI_PROMPT" ]; then
+    ARGS+=(--dangerously-skip-permissions "$ARG_AI_PROMPT")
   else
-    echo "Continue disabled, starting fresh session"
-    if [ "$ARG_REPORT_TASKS" = "true" ]; then
-      ARGS+=(--session-id "$TASK_SESSION_ID")
-    fi
-    if [ -n "$ARG_AI_PROMPT" ]; then
-      if [ "$ARG_REPORT_TASKS" = "true" ]; then
-        ARGS+=(--dangerously-skip-permissions -- "$ARG_AI_PROMPT")
-      else
-        if [ "$ARG_DANGEROUSLY_SKIP_PERMISSIONS" = "true" ]; then
-          ARGS+=(--dangerously-skip-permissions)
-        fi
-        ARGS+=(-- "$ARG_AI_PROMPT")
-      fi
-      echo "Starting new session with prompt"
-    else
-      if [ "$ARG_REPORT_TASKS" = "true" ] || [ "$ARG_DANGEROUSLY_SKIP_PERMISSIONS" = "true" ]; then
-        ARGS+=(--dangerously-skip-permissions)
-      fi
-      echo "Starting claude code session"
+    if [ -n "$ARG_DANGEROUSLY_SKIP_PERMISSIONS" ]; then
+      ARGS+=(--dangerously-skip-permissions)
     fi
   fi
-
   printf "Running claude code with args: %s\n" "$(printf '%q ' "${ARGS[@]}")"
-
-  if [ "${ARG_ENABLE_BOUNDARY:-false}" = "true" ]; then
-    install_boundary
-
-    mkdir -p "$ARG_BOUNDARY_LOG_DIR"
-    printf "Starting with coder boundary enabled\n"
-
-    # Build boundary args with conditional --unprivileged flag
-    BOUNDARY_ARGS=(--log-dir "$ARG_BOUNDARY_LOG_DIR")
-    # Add default allowed URLs
-    BOUNDARY_ARGS+=(--allow "domain=anthropic.com" --allow "domain=registry.npmjs.org" --allow "domain=sentry.io" --allow "domain=claude.ai" --allow "domain=$ARG_CODER_HOST")
-
-    # Add any additional allowed URLs from the variable
-    if [ -n "$ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS" ]; then
-      IFS='|' read -ra ADDITIONAL_URLS <<< "$ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS"
-      for url in "${ADDITIONAL_URLS[@]}"; do
-        # Quote the URL to preserve spaces within the allow rule
-        BOUNDARY_ARGS+=(--allow "$url")
-      done
-    fi
-
-    # Set HTTP Proxy port used by Boundary
-    BOUNDARY_ARGS+=(--proxy-port $ARG_BOUNDARY_PROXY_PORT)
-
-    # Set log level for boundary
-    BOUNDARY_ARGS+=(--log-level $ARG_BOUNDARY_LOG_LEVEL)
-
-    if [ "${ARG_ENABLE_BOUNDARY_PPROF:-false}" = "true" ]; then
-      # Enable boundary pprof server on specified port
-      BOUNDARY_ARGS+=(--pprof)
-      BOUNDARY_ARGS+=(--pprof-port ${ARG_BOUNDARY_PPROF_PORT})
-    fi
-
-    agentapi server --allowed-hosts="*" --type claude --term-width 67 --term-height 1190 -- \
-      sudo -E env PATH=$PATH setpriv --reuid=$(id -u) --regid=$(id -g) --clear-groups \
-      --inh-caps=+net_admin --ambient-caps=+net_admin --bounding-set=+net_admin boundary "${BOUNDARY_ARGS[@]}" -- \
-      claude "${ARGS[@]}"
-  else
-    agentapi server --type claude --term-width 67 --term-height 1190 -- claude "${ARGS[@]}"
-  fi
+  agentapi server --type claude --term-width 67 --term-height 1190 -- claude "${ARGS[@]}"
 }
 
 validate_claude_installation
+build_claude_args
 start_agentapi

registry/coder/modules/cmux/README.md

@@ -1,104 +0,0 @@
----
-display_name: cmux
-description: Coding Agent Multiplexer - Run multiple AI agents in parallel
-icon: ../../../../.icons/cmux.svg
-verified: false
-tags: [ai, agents, development, multiplexer]
----
-
-# cmux
-
-Automatically install and run [cmux](https://github.com/coder/cmux) in a Coder workspace. By default, the module installs `@coder/cmux@latest` from npm (with a fallback to downloading the npm tarball if npm is unavailable). cmux is a desktop application for parallel agentic development that enables developers to run multiple AI agents simultaneously across isolated cmux workspaces.
-
-```tf
-module "cmux" {
-  count    = data.coder_workspace.me.start_count
-  source   = "registry.coder.com/coder/cmux/coder"
-  version  = "1.0.2"
-  agent_id = coder_agent.example.id
-}
-```
-
-## Features
-
-- **Parallel Agent Execution**: Run multiple AI agents simultaneously on different tasks
-- **Cmux Workspace Isolation**: Each agent works in its own isolated environment
-- **Git Divergence Visualization**: Track changes across different cmux agent workspaces
-- **Long-Running Processes**: Resume AI work after interruptions
-- **Cost Tracking**: Monitor API usage across agents
-
-## Examples
-
-### Basic Usage
-
-```tf
-module "cmux" {
-  count    = data.coder_workspace.me.start_count
-  source   = "registry.coder.com/coder/cmux/coder"
-  version  = "1.0.2"
-  agent_id = coder_agent.example.id
-}
-```
-
-### Pin Version
-
-```tf
-module "cmux" {
-  count    = data.coder_workspace.me.start_count
-  source   = "registry.coder.com/coder/cmux/coder"
-  version  = "1.0.2"
-  agent_id = coder_agent.example.id
-  # Default is "latest"; set to a specific version to pin
-  install_version = "0.4.0"
-}
-```
-
-### Custom Port
-
-```tf
-module "cmux" {
-  count    = data.coder_workspace.me.start_count
-  source   = "registry.coder.com/coder/cmux/coder"
-  version  = "1.0.2"
-  agent_id = coder_agent.example.id
-  port     = 8080
-}
-```
-
-### Use Cached Installation
-
-Run an existing copy of cmux if found, otherwise install from npm:
-
-```tf
-module "cmux" {
-  count      = data.coder_workspace.me.start_count
-  source     = "registry.coder.com/coder/cmux/coder"
-  version    = "1.0.2"
-  agent_id   = coder_agent.example.id
-  use_cached = true
-}
-```
-
-### Skip Install
-
-Run without installing from the network (requires cmux to be pre-installed):
-
-```tf
-module "cmux" {
-  count    = data.coder_workspace.me.start_count
-  source   = "registry.coder.com/coder/cmux/coder"
-  version  = "1.0.2"
-  agent_id = coder_agent.example.id
-  install  = false
-}
-```
-
-## Supported Platforms
-
-- Linux (x86_64, aarch64)
-
-## Notes
-
-- cmux is currently in preview and you may encounter bugs
-- Requires internet connectivity for agent operations (unless `install` is set to false)
-- Installs `@coder/cmux` from npm by default (falls back to the npm tarball if npm is unavailable)

registry/coder/modules/cmux/cmux.tftest.hcl

@@ -1,64 +0,0 @@
-run "required_vars" {
-  command = plan
-
-  variables {
-    agent_id = "foo"
-  }
-}
-
-run "install_false_and_use_cached_conflict" {
-  command = plan
-
-  variables {
-    agent_id   = "foo"
-    use_cached = true
-    install    = false
-  }
-
-  expect_failures = [
-    resource.coder_script.cmux
-  ]
-}
-
-run "custom_port" {
-  command = plan
-
-  variables {
-    agent_id = "foo"
-    port     = 8080
-  }
-
-  assert {
-    condition     = resource.coder_app.cmux.url == "http://localhost:8080"
-    error_message = "coder_app URL must use the configured port"
-  }
-}
-
-run "custom_version" {
-  command = plan
-
-  variables {
-    agent_id        = "foo"
-    install_version = "0.3.0"
-  }
-}
-
-# install=false should succeed
-run "install_false_only_success" {
-  command = plan
-
-  variables {
-    agent_id = "foo"
-    install  = false
-  }
-}
-
-# use_cached-only should succeed
-run "use_cached_only_success" {
-  command = plan
-
-  variables {
-    agent_id   = "foo"
-    use_cached = true
-  }
-}

registry/coder/modules/cmux/main.test.ts

@@ -1,66 +0,0 @@
-import { describe, expect, it } from "bun:test";
-import {
-  executeScriptInContainer,
-  runTerraformApply,
-  runTerraformInit,
-  testRequiredVariables,
-} from "~test";
-
-describe("cmux", async () => {
-  await runTerraformInit(import.meta.dir);
-
-  testRequiredVariables(import.meta.dir, {
-    agent_id: "foo",
-  });
-
-  it("runs with default", async () => {
-    const state = await runTerraformApply(import.meta.dir, {
-      agent_id: "foo",
-    });
-
-    const output = await executeScriptInContainer(
-      state,
-      "alpine/curl",
-      "sh",
-      "apk add --no-cache bash tar gzip ca-certificates findutils nodejs && update-ca-certificates",
-    );
-    if (output.exitCode !== 0) {
-      console.log("STDOUT:\n" + output.stdout.join("\n"));
-      console.log("STDERR:\n" + output.stderr.join("\n"));
-    }
-    expect(output.exitCode).toBe(0);
-    const expectedLines = [
-      "📥 npm not found; downloading tarball from npm registry...",
-      "🥳 cmux has been installed in /tmp/cmux",
-      "🚀 Starting cmux server on port 4000...",
-      "Check logs at /tmp/cmux.log!",
-    ];
-    for (const line of expectedLines) {
-      expect(output.stdout).toContain(line);
-    }
-  }, 60000);
-
-  it("runs with npm present", async () => {
-    const state = await runTerraformApply(import.meta.dir, {
-      agent_id: "foo",
-    });
-
-    const output = await executeScriptInContainer(
-      state,
-      "node:20-alpine",
-      "sh",
-      "apk add bash",
-    );
-
-    expect(output.exitCode).toBe(0);
-    const expectedLines = [
-      "📦 Installing @coder/cmux via npm into /tmp/cmux...",
-      "🥳 cmux has been installed in /tmp/cmux",
-      "🚀 Starting cmux server on port 4000...",
-      "Check logs at /tmp/cmux.log!",
-    ];
-    for (const line of expectedLines) {
-      expect(output.stdout).toContain(line);
-    }
-  }, 60000);
-});

registry/coder/modules/cmux/main.tf

@@ -1,149 +0,0 @@
-terraform {
-  # Requires Terraform 1.9+ for cross-variable validation references
-  required_version = ">= 1.9"
-
-  required_providers {
-    coder = {
-      source  = "coder/coder"
-      version = ">= 2.5"
-    }
-  }
-}
-
-variable "agent_id" {
-  type        = string
-  description = "The ID of a Coder agent."
-}
-
-variable "port" {
-  type        = number
-  description = "The port to run cmux on."
-  default     = 4000
-}
-
-variable "display_name" {
-  type        = string
-  description = "The display name for the cmux application."
-  default     = "cmux"
-}
-
-variable "slug" {
-  type        = string
-  description = "The slug for the cmux application."
-  default     = "cmux"
-}
-
-variable "install_prefix" {
-  type        = string
-  description = "The prefix to install cmux to."
-  default     = "/tmp/cmux"
-}
-
-variable "log_path" {
-  type        = string
-  description = "The path for cmux logs."
-  default     = "/tmp/cmux.log"
-}
-
-variable "install_version" {
-  type        = string
-  description = "The version of cmux to install."
-  default     = "latest"
-}
-
-variable "share" {
-  type    = string
-  default = "owner"
-  validation {
-    condition     = var.share == "owner" || var.share == "authenticated" || var.share == "public"
-    error_message = "Incorrect value. Please set either 'owner', 'authenticated', or 'public'."
-  }
-}
-
-variable "order" {
-  type        = number
-  description = "The order determines the position of app in the UI presentation. The lowest order is shown first and apps with equal order are sorted by name (ascending order)."
-  default     = null
-}
-
-variable "group" {
-  type        = string
-  description = "The name of a group that this app belongs to."
-  default     = null
-}
-
-variable "install" {
-  type        = bool
-  description = "Install cmux from the network (npm or tarball). If false, run without installing (requires a pre-installed cmux)."
-  default     = true
-}
-
-variable "use_cached" {
-  type        = bool
-  description = "Use cached copy of cmux if present; otherwise install from npm"
-  default     = false
-}
-
-variable "subdomain" {
-  type        = bool
-  description = <<-EOT
-    Determines whether the app will be accessed via it's own subdomain or whether it will be accessed via a path on Coder.
-    If wildcards have not been setup by the administrator then apps with "subdomain" set to true will not be accessible.
-  EOT
-  default     = false
-}
-
-variable "open_in" {
-  type        = string
-  description = <<-EOT
-    Determines where the app will be opened. Valid values are `"tab"` and `"slim-window" (default)`.
-    `"tab"` opens in a new tab in the same browser window.
-    `"slim-window"` opens a new browser window without navigation controls.
-  EOT
-  default     = "slim-window"
-  validation {
-    condition     = contains(["tab", "slim-window"], var.open_in)
-    error_message = "The 'open_in' variable must be one of: 'tab', 'slim-window'."
-  }
-}
-
-resource "coder_script" "cmux" {
-  agent_id     = var.agent_id
-  display_name = "cmux"
-  icon         = "/icon/cmux.svg"
-  script = templatefile("${path.module}/run.sh", {
-    VERSION : var.install_version,
-    PORT : var.port,
-    LOG_PATH : var.log_path,
-    INSTALL_PREFIX : var.install_prefix,
-    OFFLINE : !var.install,
-    USE_CACHED : var.use_cached,
-  })
-  run_on_start = true
-
-  lifecycle {
-    precondition {
-      condition     = var.install || !var.use_cached
-      error_message = "Cannot use 'use_cached' when 'install' is false"
-    }
-  }
-}
-
-resource "coder_app" "cmux" {
-  agent_id     = var.agent_id
-  slug         = var.slug
-  display_name = var.display_name
-  url          = "http://localhost:${var.port}"
-  icon         = "/icon/cmux.svg"
-  subdomain    = var.subdomain
-  share        = var.share
-  order        = var.order
-  group        = var.group
-  open_in      = var.open_in
-
-  healthcheck {
-    url       = "http://localhost:${var.port}/health"
-    interval  = 5
-    threshold = 6
-  }
-}

registry/coder/modules/cmux/run.sh

@@ -1,135 +0,0 @@
-#!/usr/bin/env bash
-
-BOLD='\033[0;1m'
-RESET='\033[0m'
-CMUX_BINARY="${INSTALL_PREFIX}/cmux"
-
-function run_cmux() {
-  local port_value
-  port_value="${PORT}"
-  if [ -z "$port_value" ]; then
-    port_value="4000"
-  fi
-  echo "🚀 Starting cmux server on port $port_value..."
-  echo "Check logs at ${LOG_PATH}!"
-  PORT="$port_value" "$CMUX_BINARY" server --port "$port_value" > "${LOG_PATH}" 2>&1 &
-}
-
-# Check if cmux is already installed for offline mode
-if [ "${OFFLINE}" = true ]; then
-  if [ -f "$CMUX_BINARY" ]; then
-    echo "🥳 Found a copy of cmux"
-    run_cmux
-    exit 0
-  fi
-  echo "❌ Failed to find a copy of cmux"
-  exit 1
-fi
-
-# If there is no cached install OR we don't want to use a cached install
-if [ ! -f "$CMUX_BINARY" ] || [ "${USE_CACHED}" != true ]; then
-  printf "$${BOLD}Installing cmux from npm...\n"
-
-  # Clean up from other install (in case install prefix changed).
-  if [ -n "$CODER_SCRIPT_BIN_DIR" ] && [ -e "$CODER_SCRIPT_BIN_DIR/cmux" ]; then
-    rm "$CODER_SCRIPT_BIN_DIR/cmux"
-  fi
-
-  mkdir -p "$(dirname "$CMUX_BINARY")"
-
-  if command -v npm > /dev/null 2>&1; then
-    echo "📦 Installing @coder/cmux via npm into ${INSTALL_PREFIX}..."
-    NPM_WORKDIR="${INSTALL_PREFIX}/npm"
-    mkdir -p "$NPM_WORKDIR"
-    cd "$NPM_WORKDIR" || exit 1
-    if [ ! -f package.json ]; then
-      echo '{}' > package.json
-    fi
-    PKG="@coder/cmux"
-    if [ -z "${VERSION}" ] || [ "${VERSION}" = "latest" ]; then
-      PKG_SPEC="$PKG@latest"
-    else
-      PKG_SPEC="$PKG@${VERSION}"
-    fi
-    if ! npm install --no-audit --no-fund --omit=dev "$PKG_SPEC"; then
-      echo "❌ Failed to install @coder/cmux via npm"
-      exit 1
-    fi
-    # Determine the installed binary path
-    BIN_DIR="$NPM_WORKDIR/node_modules/.bin"
-    CANDIDATE="$BIN_DIR/cmux"
-    if [ ! -f "$CANDIDATE" ]; then
-      echo "❌ Could not locate cmux binary after npm install"
-      exit 1
-    fi
-    chmod +x "$CANDIDATE" || true
-    ln -sf "$CANDIDATE" "$CMUX_BINARY"
-  else
-    echo "📥 npm not found; downloading tarball from npm registry..."
-    VERSION_TO_USE="${VERSION}"
-    if [ -z "$VERSION_TO_USE" ] || [ "$VERSION_TO_USE" = "latest" ]; then
-      # Try to determine the latest version
-      META_URL="https://registry.npmjs.org/@coder/cmux/latest"
-      VERSION_TO_USE="$(curl -fsSL "$META_URL" | sed -n 's/.*"version":"\([^"]*\)".*/\1/p' | head -n1)"
-      if [ -z "$VERSION_TO_USE" ]; then
-        echo "❌ Could not determine latest version for @coder/cmux"
-        exit 1
-      fi
-    fi
-    TARBALL_URL="https://registry.npmjs.org/@coder/cmux/-/cmux-$VERSION_TO_USE.tgz"
-    TMP_DIR="$(mktemp -d)"
-    TAR_PATH="$TMP_DIR/cmux.tgz"
-    if ! curl -fsSL "$TARBALL_URL" -o "$TAR_PATH"; then
-      echo "❌ Failed to download tarball: $TARBALL_URL"
-      rm -rf "$TMP_DIR"
-      exit 1
-    fi
-    if ! tar -xzf "$TAR_PATH" -C "$TMP_DIR"; then
-      echo "❌ Failed to extract tarball"
-      rm -rf "$TMP_DIR"
-      exit 1
-    fi
-    CANDIDATE=""
-    # Common locations
-    if [ -f "$TMP_DIR/package/bin/cmux" ]; then
-      CANDIDATE="$TMP_DIR/package/bin/cmux"
-    elif [ -f "$TMP_DIR/package/bin/cmux.js" ]; then
-      CANDIDATE="$TMP_DIR/package/bin/cmux.js"
-    elif [ -f "$TMP_DIR/package/bin/cmux.mjs" ]; then
-      CANDIDATE="$TMP_DIR/package/bin/cmux.mjs"
-    else
-      # Try to read package.json bin field
-      if [ -f "$TMP_DIR/package/package.json" ]; then
-        BIN_PATH=$(sed -n 's/.*"bin"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p' "$TMP_DIR/package/package.json" | head -n1)
-        if [ -z "$BIN_PATH" ]; then
-          BIN_PATH=$(sed -n '/"bin"[[:space:]]*:[[:space:]]*{/,/}/p' "$TMP_DIR/package/package.json" | sed -n 's/.*"cmux"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p' | head -n1)
-        fi
-        if [ -n "$BIN_PATH" ] && [ -f "$TMP_DIR/package/$BIN_PATH" ]; then
-          CANDIDATE="$TMP_DIR/package/$BIN_PATH"
-        fi
-      fi
-      # Fallback: search for plausible filenames
-      if [ -z "$CANDIDATE" ] || [ ! -f "$CANDIDATE" ]; then
-        CANDIDATE=$(find "$TMP_DIR/package" -maxdepth 4 -type f \( -name "cmux" -o -name "cmux.js" -o -name "cmux.mjs" -o -name "cmux.cjs" \) | head -n1)
-      fi
-    fi
-    if [ -z "$CANDIDATE" ] || [ ! -f "$CANDIDATE" ]; then
-      echo "❌ Could not locate cmux binary in tarball"
-      rm -rf "$TMP_DIR"
-      exit 1
-    fi
-    cp "$CANDIDATE" "$CMUX_BINARY"
-    chmod +x "$CMUX_BINARY" || true
-    rm -rf "$TMP_DIR"
-  fi
-
-  printf "🥳 cmux has been installed in ${INSTALL_PREFIX}\n\n"
-fi
-
-# Make cmux available in PATH if CODER_SCRIPT_BIN_DIR is set
-if [ -n "$CODER_SCRIPT_BIN_DIR" ] && [ ! -e "$CODER_SCRIPT_BIN_DIR/cmux" ]; then
-  ln -s "$CMUX_BINARY" "$CODER_SCRIPT_BIN_DIR/cmux"
-fi
-
-# Start cmux
-run_cmux

registry/coder/modules/goose/README.md

@@ -13,7 +13,7 @@ Run the [Goose](https://block.github.io/goose/) agent in your workspace to gener
 ```tf
 module "goose" {
   source           = "registry.coder.com/coder/goose/coder"
-  version          = "3.0.0"
+  version          = "2.2.1"
   agent_id         = coder_agent.example.id
   folder           = "/home/coder"
   install_goose    = true
@@ -79,7 +79,7 @@ resource "coder_agent" "main" {
 module "goose" {
   count            = data.coder_workspace.me.start_count
   source           = "registry.coder.com/coder/goose/coder"
-  version          = "3.0.0"
+  version          = "2.2.1"
   agent_id         = coder_agent.example.id
   folder           = "/home/coder"
   install_goose    = true

registry/coder/modules/goose/main.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     coder = {
       source  = "coder/coder"
-      version = ">= 2.12"
+      version = ">= 2.7"
     }
   }
 }
@@ -140,7 +140,7 @@ EOT
 
 module "agentapi" {
   source  = "registry.coder.com/coder/agentapi/coder"
-  version = "2.0.0"
+  version = "1.2.0"
 
   agent_id             = var.agent_id
   web_app_slug         = local.app_slug
@@ -174,7 +174,3 @@ module "agentapi" {
     /tmp/install.sh
   EOT
 }
-
-output "task_app_id" {
-  value = module.agentapi.task_app_id
-}

registry/coder/modules/jetbrains/README.md

@@ -14,7 +14,7 @@ This module adds JetBrains IDE buttons to launch IDEs directly from the dashboar
 module "jetbrains" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/jetbrains/coder"
-  version  = "1.1.1"
+  version  = "1.1.0"
   agent_id = coder_agent.example.id
   folder   = "/home/coder/project"
   # tooltip  = "You need to [Install Coder Desktop](https://coder.com/docs/user-guides/desktop#install-coder-desktop) to use this button."  # Optional
@@ -40,7 +40,7 @@ When `default` contains IDE codes, those IDEs are created directly without user
 module "jetbrains" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/jetbrains/coder"
-  version  = "1.1.1"
+  version  = "1.1.0"
   agent_id = coder_agent.example.id
   folder   = "/home/coder/project"
   default  = ["PY", "IU"] # Pre-configure GoLand and IntelliJ IDEA
@@ -53,7 +53,7 @@ module "jetbrains" {
 module "jetbrains" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/jetbrains/coder"
-  version  = "1.1.1"
+  version  = "1.1.0"
   agent_id = coder_agent.example.id
   folder   = "/home/coder/project"
   # Show parameter with limited options
@@ -67,7 +67,7 @@ module "jetbrains" {
 module "jetbrains" {
   count         = data.coder_workspace.me.start_count
   source        = "registry.coder.com/coder/jetbrains/coder"
-  version       = "1.1.1"
+  version       = "1.1.0"
   agent_id      = coder_agent.example.id
   folder        = "/home/coder/project"
   default       = ["IU", "PY"]
@@ -82,7 +82,7 @@ module "jetbrains" {
 module "jetbrains" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/jetbrains/coder"
-  version  = "1.1.1"
+  version  = "1.1.0"
   agent_id = coder_agent.example.id
   folder   = "/workspace/project"
 
@@ -108,7 +108,7 @@ module "jetbrains" {
 module "jetbrains_pycharm" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/jetbrains/coder"
-  version  = "1.1.1"
+  version  = "1.1.0"
   agent_id = coder_agent.example.id
   folder   = "/workspace/project"
 
@@ -128,7 +128,7 @@ Add helpful tooltip text that appears when users hover over the IDE app buttons:
 module "jetbrains" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/jetbrains/coder"
-  version  = "1.1.1"
+  version  = "1.1.0"
   agent_id = coder_agent.example.id
   folder   = "/home/coder/project"
   default  = ["IU", "PY"]

registry/coder/modules/jetbrains/main.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.9"
+  required_version = ">= 1.0"
 
   required_providers {
     coder = {
@@ -163,8 +163,7 @@ variable "ide_config" {
     condition     = length(var.ide_config) > 0
     error_message = "The ide_config must not be empty."
   }
-  # ide_config must be a superset of var.options
-  # Requires Terraform 1.9+ for cross-variable validation references
+  # ide_config must be a superset of var.. options
   validation {
     condition = alltrue([
       for code in var.options : contains(keys(var.ide_config), code)

registry/coder/modules/kasmvnc/README.md

@@ -14,7 +14,7 @@ Automatically install [KasmVNC](https://kasmweb.com/kasmvnc) in a workspace, and
 module "kasmvnc" {
   count               = data.coder_workspace.me.start_count
   source              = "registry.coder.com/coder/kasmvnc/coder"
-  version             = "1.2.5"
+  version             = "1.2.4"
   agent_id            = coder_agent.example.id
   desktop_environment = "xfce"
   subdomain           = true

registry/coder/modules/kasmvnc/main.tf

@@ -23,7 +23,7 @@ variable "port" {
 variable "kasm_version" {
   type        = string
   description = "Version of KasmVNC to install."
-  default     = "1.4.0"
+  default     = "1.3.2"
 }
 
 variable "desktop_environment" {

registry/coder/modules/kasmvnc/run.sh

@@ -8,10 +8,10 @@ error() {
   exit 1
 }
 
-# Function to check if KasmVNC is already installed
+# Function to check if vncserver is already installed
 check_installed() {
-  if command -v kasmvncserver &> /dev/null; then
-    echo "KasmVNC is already installed."
+  if command -v vncserver &> /dev/null; then
+    echo "vncserver is already installed."
     return 0 # Don't exit, just indicate it's installed
   else
     return 1 # Indicates not installed
@@ -158,7 +158,7 @@ case "$arch" in
     ;;
 esac
 
-# Check if KasmVNC is installed, and install if not
+# Check if vncserver is installed, and install if not
 if ! check_installed; then
   # Check for NOPASSWD sudo (required)
   if ! command -v sudo &> /dev/null || ! sudo -n true 2> /dev/null; then
@@ -188,7 +188,7 @@ if ! check_installed; then
       ;;
   esac
 else
-  echo "KasmVNC already installed. Skipping installation."
+  echo "vncserver already installed. Skipping installation."
 fi
 
 if command -v sudo &> /dev/null && sudo -n true 2> /dev/null; then
@@ -227,7 +227,7 @@ EOF
 # This password is not used since we start the server without auth.
 # The server is protected via the Coder session token / tunnel
 # and does not listen publicly
-echo -e "password\npassword\n" | kasmvncpasswd -wo -u "$USER"
+echo -e "password\npassword\n" | vncpasswd -wo -u "$USER"
 
 get_http_dir() {
   # determine the served file path
@@ -290,7 +290,7 @@ VNC_LOG="/tmp/kasmvncserver.log"
 printf "🚀 Starting KasmVNC server...\n"
 
 set +e
-kasmvncserver -select-de "${DESKTOP_ENVIRONMENT}" -disableBasicAuth > "$VNC_LOG" 2>&1
+vncserver -select-de "${DESKTOP_ENVIRONMENT}" -disableBasicAuth > "$VNC_LOG" 2>&1
 RETVAL=$?
 set -e
 

registry/coder/modules/kiro/kiro.tftest.hcl

@@ -1,124 +0,0 @@
-run "required_vars" {
-  command = plan
-
-  variables {
-    agent_id = "foo"
-  }
-}
-
-run "default_output" {
-  command = plan
-
-  variables {
-    agent_id = "foo"
-  }
-
-  assert {
-    condition     = output.kiro_url == "kiro://coder.coder-remote/open?owner=default&workspace=default&url=https://mydeployment.coder.com&token=$SESSION_TOKEN"
-    error_message = "Default kiro_url must match expected value"
-  }
-
-  assert {
-    condition     = coder_app.kiro.order == null
-    error_message = "coder_app order must be null by default"
-  }
-}
-
-run "adds_folder" {
-  command = plan
-
-  variables {
-    agent_id = "foo"
-    folder   = "/foo/bar"
-  }
-
-  assert {
-    condition     = output.kiro_url == "kiro://coder.coder-remote/open?owner=default&workspace=default&folder=/foo/bar&url=https://mydeployment.coder.com&token=$SESSION_TOKEN"
-    error_message = "URL must include folder parameter"
-  }
-}
-
-run "folder_and_open_recent" {
-  command = plan
-
-  variables {
-    agent_id    = "foo"
-    folder      = "/foo/bar"
-    open_recent = true
-  }
-
-  assert {
-    condition     = output.kiro_url == "kiro://coder.coder-remote/open?owner=default&workspace=default&folder=/foo/bar&openRecent&url=https://mydeployment.coder.com&token=$SESSION_TOKEN"
-    error_message = "URL must include folder and openRecent parameters"
-  }
-}
-
-run "custom_slug_display_name" {
-  command = plan
-
-  variables {
-    agent_id     = "foo"
-    slug         = "kiro-ai"
-    display_name = "Kiro AI IDE"
-  }
-
-  assert {
-    condition     = coder_app.kiro.slug == "kiro-ai"
-    error_message = "coder_app slug must be set to kiro-ai"
-  }
-
-  assert {
-    condition     = coder_app.kiro.display_name == "Kiro AI IDE"
-    error_message = "coder_app display_name must be set to Kiro AI IDE"
-  }
-}
-
-run "sets_order" {
-  command = plan
-
-  variables {
-    agent_id = "foo"
-    order    = 5
-  }
-
-  assert {
-    condition     = coder_app.kiro.order == 5
-    error_message = "coder_app order must be set to 5"
-  }
-}
-
-run "sets_group" {
-  command = plan
-
-  variables {
-    agent_id = "foo"
-    group    = "AI IDEs"
-  }
-
-  assert {
-    condition     = coder_app.kiro.group == "AI IDEs"
-    error_message = "coder_app group must be set to AI IDEs"
-  }
-}
-
-run "writes_mcp_json" {
-  command = plan
-
-  variables {
-    agent_id = "foo"
-    mcp = jsonencode({
-      servers = {
-        demo = { url = "http://localhost:1234" }
-      }
-    })
-  }
-
-  assert {
-    condition = strcontains(coder_script.kiro_mcp[0].script, base64encode(jsonencode({
-      servers = {
-        demo = { url = "http://localhost:1234" }
-      }
-    })))
-    error_message = "coder_script must contain base64-encoded MCP JSON"
-  }
-}

registry/coder/modules/restic/README.md

@@ -0,0 +1,523 @@
+---
+display_name: Restic Backup
+description: Cloud-backed ephemeral workspaces with automatic backup on stop and restore on start using Restic
+icon: ../../../../.icons/restic.svg
+verified: false
+tags: [backup, restore, cloud, restic, s3, b2]
+---
+
+# Restic Backup
+
+Automatic cloud backups for Coder workspaces. Backs up on stop, restores on start.
+
+## Features
+
+- Auto backup/restore on workspace stop/start
+- Works with S3, B2, Azure, GCS, SFTP, local storage
+- Encrypted and deduplicated
+- Workspace-aware tagging for easy browsing
+- Configurable retention policies
+- Clone backups between workspaces
+
+## Quick Start
+
+```tf
+module "restic" {
+  count      = data.coder_workspace.me.start_count
+  source     = "registry.coder.com/coder/restic/coder"
+  version    = "1.0.0"
+  agent_id   = coder_agent.main.id
+  repository = "s3:s3.amazonaws.com/my-workspace-backups"
+  password   = var.restic_password
+
+  env = {
+    AWS_ACCESS_KEY_ID     = var.aws_access_key
+    AWS_SECRET_ACCESS_KEY = var.aws_secret_key
+  }
+}
+```
+
+## How It Works
+
+1. Workspace stops → automatic backup to cloud
+2. Workspace starts → automatic restore from backup
+3. Backups are tagged with `workspace-id`, `workspace-owner`, `workspace-name`
+4. Auto-restore uses `workspace-id` to find the correct backup
+5. Manually restore any backup using `snapshot_id`
+
+## Storage Backend Configuration
+
+### AWS S3
+
+[Official Restic S3 Documentation](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#amazon-s3)
+
+```tf
+module "restic" {
+  count      = data.coder_workspace.me.start_count
+  source     = "registry.coder.com/coder/restic/coder"
+  version    = "1.0.0"
+  agent_id   = coder_agent.main.id
+  repository = "s3:s3.amazonaws.com/my-bucket/workspace-backups"
+  password   = var.restic_password
+
+  env = {
+    AWS_ACCESS_KEY_ID     = var.aws_access_key
+    AWS_SECRET_ACCESS_KEY = var.aws_secret_key
+    AWS_DEFAULT_REGION    = "us-east-1"
+  }
+}
+```
+
+### Backblaze B2 (Cost-Effective)
+
+[Official Restic B2 Documentation](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#backblaze-b2)
+
+```tf
+module "restic" {
+  count      = data.coder_workspace.me.start_count
+  source     = "registry.coder.com/coder/restic/coder"
+  version    = "1.0.0"
+  agent_id   = coder_agent.main.id
+  repository = "b2:my-bucket:workspace-backups"
+  password   = var.restic_password
+
+  env = {
+    B2_ACCOUNT_ID  = var.b2_account_id
+    B2_ACCOUNT_KEY = var.b2_account_key
+  }
+}
+```
+
+### Azure Blob Storage
+
+[Official Restic Azure Documentation](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#microsoft-azure-blob-storage)
+
+```tf
+module "restic" {
+  count      = data.coder_workspace.me.start_count
+  source     = "registry.coder.com/coder/restic/coder"
+  version    = "1.0.0"
+  agent_id   = coder_agent.main.id
+  repository = "azure:container-name:/workspace-backups"
+  password   = var.restic_password
+
+  env = {
+    AZURE_ACCOUNT_NAME = var.azure_account_name
+    AZURE_ACCOUNT_KEY  = var.azure_account_key
+  }
+}
+```
+
+### Google Cloud Storage
+
+[Official Restic GCS Documentation](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#google-cloud-storage)
+
+```tf
+module "restic" {
+  count      = data.coder_workspace.me.start_count
+  source     = "registry.coder.com/coder/restic/coder"
+  version    = "1.0.0"
+  agent_id   = coder_agent.main.id
+  repository = "gs:my-bucket:/workspace-backups"
+  password   = var.restic_password
+
+  env = {
+    GOOGLE_PROJECT_ID              = var.gcp_project_id
+    GOOGLE_APPLICATION_CREDENTIALS = "/path/to/service-account.json"
+  }
+}
+```
+
+### MinIO or S3-Compatible Storage
+
+[Official Restic Minio Documentation](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#minio-server) | [S3-Compatible](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#s3-compatible-storage)
+
+```tf
+module "restic" {
+  count      = data.coder_workspace.me.start_count
+  source     = "registry.coder.com/coder/restic/coder"
+  version    = "1.0.0"
+  agent_id   = coder_agent.main.id
+  repository = "s3:http://minio.company.com:9000/workspace-backups"
+  password   = var.restic_password
+
+  env = {
+    AWS_ACCESS_KEY_ID     = var.minio_access_key
+    AWS_SECRET_ACCESS_KEY = var.minio_secret_key
+  }
+}
+```
+
+### SFTP
+
+[Official Restic SFTP Documentation](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#sftp)
+
+```tf
+module "restic" {
+  count      = data.coder_workspace.me.start_count
+  source     = "registry.coder.com/coder/restic/coder"
+  version    = "1.0.0"
+  agent_id   = coder_agent.main.id
+  repository = "sftp:user@backup-server.com:/backups/restic"
+  password   = var.restic_password
+
+  # SSH key should be at ~/.ssh/id_rsa
+  # Or configure custom SSH command:
+  env = {
+    RESTIC_SFTP_COMMAND = "ssh user@host -i /path/to/key -s sftp"
+  }
+}
+```
+
+### Local Directory (Testing)
+
+[Official Restic Local Documentation](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#local)
+
+```tf
+module "restic" {
+  count      = data.coder_workspace.me.start_count
+  source     = "registry.coder.com/coder/restic/coder"
+  version    = "1.0.0"
+  agent_id   = coder_agent.main.id
+  repository = "/backup/restic-repo"
+  password   = var.restic_password
+}
+```
+
+**Note:** Use persistent storage (Docker volume, PV) for local repositories.
+
+## Advanced Configuration
+
+### Selective Backup Paths
+
+Only backup specific directories:
+
+```tf
+module "restic" {
+  count      = data.coder_workspace.me.start_count
+  source     = "registry.coder.com/coder/restic/coder"
+  version    = "1.0.0"
+  agent_id   = coder_agent.main.id
+  repository = "s3:s3.amazonaws.com/backups"
+  password   = var.restic_password
+
+  backup_paths = [
+    "/home/coder/projects",
+    "/home/coder/.config",
+    "/home/coder/data",
+  ]
+
+  exclude_patterns = [
+    "**/.git",
+    "**/node_modules",
+    "**/__pycache__",
+    "**/target",
+    "**/.venv",
+    "**/tmp",
+  ]
+
+  env = {
+    AWS_ACCESS_KEY_ID     = var.aws_access_key
+    AWS_SECRET_ACCESS_KEY = var.aws_secret_key
+  }
+}
+```
+
+### Periodic Backups While Running
+
+Backup every N minutes while workspace is active:
+
+```tf
+module "restic" {
+  count      = data.coder_workspace.me.start_count
+  source     = "registry.coder.com/coder/restic/coder"
+  version    = "1.0.0"
+  agent_id   = coder_agent.main.id
+  repository = "b2:workspace-backups"
+  password   = var.restic_password
+
+  # Backup every 30 minutes while workspace is running
+  backup_interval_minutes = 30
+
+  env = {
+    B2_ACCOUNT_ID  = var.b2_account_id
+    B2_ACCOUNT_KEY = var.b2_account_key
+  }
+}
+```
+
+### Custom Stop Script
+
+Run cleanup before backup:
+
+```tf
+module "restic" {
+  count      = data.coder_workspace.me.start_count
+  source     = "registry.coder.com/coder/restic/coder"
+  version    = "1.0.0"
+  agent_id   = coder_agent.main.id
+  repository = "s3:s3.amazonaws.com/backups"
+  password   = var.restic_password
+
+  custom_stop_script = <<-EOF
+    #!/bin/bash
+    echo "Cleaning up before backup..."
+    rm -rf /tmp/*
+    docker system prune -f
+    find /home/coder -name "*.log" -delete
+  EOF
+
+  env = {
+    AWS_ACCESS_KEY_ID     = var.aws_access_key
+    AWS_SECRET_ACCESS_KEY = var.aws_secret_key
+  }
+}
+```
+
+### Clone Another Workspace's Backup
+
+Restore from a specific snapshot:
+
+```tf
+module "restic" {
+  count      = data.coder_workspace.me.start_count
+  source     = "registry.coder.com/coder/restic/coder"
+  version    = "1.0.0"
+  agent_id   = coder_agent.main.id
+  repository = "s3:s3.amazonaws.com/backups"
+  password   = var.restic_password
+
+  # Restore from specific snapshot (find ID using: restic snapshots)
+  restore_on_start = true
+  snapshot_id      = "abc123def" # The snapshot ID to restore
+
+  env = {
+    AWS_ACCESS_KEY_ID     = var.aws_access_key
+    AWS_SECRET_ACCESS_KEY = var.aws_secret_key
+  }
+}
+```
+
+To find snapshot IDs from another workspace:
+
+```bash
+# List all snapshots grouped by workspace
+restic snapshots --group-by tags
+
+# Or filter by specific workspace
+restic snapshots --tag workspace-owner:john --tag workspace-name:dev-workspace
+```
+
+### Custom Retention Policies
+
+Control how many backups to keep:
+
+```tf
+module "restic" {
+  count      = data.coder_workspace.me.start_count
+  source     = "registry.coder.com/coder/restic/coder"
+  version    = "1.0.0"
+  agent_id   = coder_agent.main.id
+  repository = "s3:s3.amazonaws.com/backups"
+  password   = var.restic_password
+
+  # Keep last 10 backups
+  retention_keep_last = 10
+
+  # Keep daily backups for 14 days
+  retention_keep_daily = 14
+
+  # Keep weekly backups for 8 weeks
+  retention_keep_weekly = 8
+
+  # Keep monthly backups for 6 months
+  retention_keep_monthly = 6
+
+  # Apply retention automatically
+  auto_forget = true
+
+  # Don't prune on stop (too slow)
+  auto_prune = false
+
+  env = {
+    AWS_ACCESS_KEY_ID     = var.aws_access_key
+    AWS_SECRET_ACCESS_KEY = var.aws_secret_key
+  }
+}
+```
+
+### Using HCP Vault Secrets
+
+Store credentials securely:
+
+```tf
+module "vault_secrets" {
+  source     = "registry.coder.com/coder/hcp-vault-secrets/coder"
+  version    = "1.0.34"
+  agent_id   = coder_agent.main.id
+  app_name   = "workspace-backups"
+  project_id = var.hcp_project_id
+  secrets    = ["RESTIC_PASSWORD", "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY"]
+}
+
+module "restic" {
+  count      = data.coder_workspace.me.start_count
+  source     = "registry.coder.com/coder/restic/coder"
+  version    = "1.0.0"
+  agent_id   = coder_agent.main.id
+  repository = "s3:s3.amazonaws.com/backups"
+  password   = "" # Will use RESTIC_PASSWORD from vault
+
+  depends_on = [module.vault_secrets]
+}
+```
+
+## Manual Operations
+
+### Trigger Manual Backup
+
+Click the **"Backup Now"** button in the Coder UI, or run from terminal:
+
+```bash
+restic-backup --tag manual-backup
+```
+
+### List Your Workspace's Backups
+
+```bash
+restic snapshots --tag workspace-id:$RESTIC_WORKSPACE_ID
+```
+
+Or view all snapshots:
+
+```bash
+restic snapshots
+```
+
+### List All Workspace Backups in Repository
+
+```bash
+restic snapshots --group-by tags
+```
+
+This shows snapshots grouped by workspace, making it easy to see all workspace backups in the repository.
+
+### Restore Specific Snapshot
+
+```bash
+# List snapshots for this workspace
+restic snapshots --tag workspace-id:$RESTIC_WORKSPACE_ID
+
+# Restore to temporary location for inspection
+restic restore /tmp/restore < snapshot-id > --target
+
+# Or restore to original location
+restic restore / < snapshot-id > --target
+```
+
+### Check Repository Health
+
+```bash
+restic check
+```
+
+### Manual Cleanup
+
+```bash
+# Remove old snapshots for this workspace
+restic forget --tag workspace-id:$RESTIC_WORKSPACE_ID --keep-last 3
+
+# Reclaim space (removes unreferenced data)
+restic prune
+```
+
+## Important Considerations
+
+### Stop Backup Limitations
+
+> **Warning**: The `backup_on_stop` feature may not work on all template types if the agent is terminated before backup completes. See [coder/coder#6174](https://github.com/coder/coder/issues/6174) for details.
+
+**Recommendations**:
+
+- Test stop backups with your specific template
+- Keep backups fast (use selective paths and exclusions)
+- Use `backup_interval_minutes` for important data
+- Set `auto_prune = false` for stop backups (prune is slow)
+
+### Repository Organization
+
+**Single Shared Repository** (Recommended):
+
+- All workspaces share one repository
+- Backups are tagged with workspace metadata
+- Deduplication saves space
+- Easy credential management
+
+**Per-Workspace Repositories**:
+
+- Each workspace uses separate repository
+- More isolation but more complex
+- No cross-workspace restore
+
+### Security
+
+- Repository password encrypts ALL backups
+- Use Coder parameters or external secrets for credentials
+- Backend credentials should have minimal permissions
+- Consider separate repositories for different teams
+
+### Performance Tips
+
+- **Use exclusions**: Skip `.git`, `node_modules`, caches
+- **Selective paths**: Only backup what you need
+- **Interval backups**: Balance frequency vs performance
+- **Retention policies**: Keep low retention to save storage costs
+- **Prune manually**: Don't enable `auto_prune` on stop (too slow)
+
+## Troubleshooting
+
+### Backup Fails on Stop
+
+The workspace might be terminating before backup completes. Try:
+
+- Reducing backup size with selective paths
+- Using interval backups instead
+- Testing with a local repository first
+
+### Restore Blocks Login Too Long
+
+- Reduce restore size with selective backup paths
+- Set `start_blocks_login = false` to allow login during restore
+- Use faster storage backend
+
+### Repository Not Found
+
+Ensure:
+
+- Repository URL is correct
+- Backend credentials are valid
+- Network connectivity to storage backend
+- Repository has been initialized (`auto_init_repo = true`)
+
+### Permission Denied
+
+Check:
+
+- Backend credentials have write permissions
+- Local directory (if used) is writable
+- SSH key (for SFTP) is accessible
+
+### Out of Storage Space
+
+Run cleanup:
+
+```bash
+restic forget --tag workspace-id:$RESTIC_WORKSPACE_ID --keep-last 2
+restic prune
+```
+
+## Links
+
+- [Restic Documentation](https://restic.readthedocs.io/)
+- [Restic GitHub](https://github.com/restic/restic)
+- [Coder Documentation](https://coder.com/docs)

registry/coder/modules/restic/main.test.ts

@@ -0,0 +1,75 @@
+import { describe, expect, it } from "bun:test";
+import {
+  executeScriptInContainer,
+  runTerraformApply,
+  runTerraformInit,
+  testRequiredVariables,
+} from "~test";
+
+describe("restic", async () => {
+  await runTerraformInit(import.meta.dir);
+
+  testRequiredVariables(import.meta.dir, {
+    agent_id: "test-agent-id",
+    repository: "s3:s3.amazonaws.com/test-bucket",
+    password: "test-password",
+  });
+
+  it("installs restic successfully", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "test-agent",
+      repository: "/tmp/restic-repo",
+      password: "test-password",
+      install_restic: "true",
+      auto_init_repo: "false",
+      restore_on_start: "false",
+    });
+
+    const output = await executeScriptInContainer(
+      state,
+      "alpine",
+      "sh",
+      "apk add --no-cache curl bzip2",
+    );
+
+    if (output.exitCode !== 0) {
+      console.log("Exit code:", output.exitCode);
+      console.log("STDOUT:", output.stdout.join("\n"));
+      console.log("STDERR:", output.stderr.join("\n"));
+    }
+
+    expect(output.exitCode).toBe(0);
+    const stdout = output.stdout.join("\n");
+    expect(stdout).toContain("Restic Backup Module Setup");
+    expect(stdout).toContain("Installing Restic...");
+    expect(stdout).toContain("Detected OS: linux");
+    expect(stdout).toContain("Architecture:");
+    expect(stdout).toContain("Fetching latest version");
+    expect(stdout).toContain("Version:");
+    expect(stdout).toContain("Downloading Restic");
+    expect(stdout).toContain("Restic installed:");
+    expect(stdout).toContain("Restic verified:");
+    expect(stdout).toContain("restic");
+    expect(stdout).toContain("Restic setup complete");
+  });
+
+  it("creates backup helper script in workspace", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "test-agent",
+      repository: "/tmp/restic-repo",
+      password: "test-password",
+      install_restic: "false",
+      auto_init_repo: "false",
+      restore_on_start: "false",
+    });
+
+    const output = await executeScriptInContainer(state, "alpine");
+
+    const stdout = output.stdout.join("\n");
+
+    expect(stdout).toContain("Installing backup helper script");
+    expect(stdout).toContain("Backup helper installed:");
+    expect(stdout).toContain("/restic-backup");
+    expect(stdout).toContain("Backup helper verified as executable");
+  });
+});

registry/coder/modules/restic/main.tf

@@ -0,0 +1,271 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+      version = ">= 0.12"
+    }
+  }
+}
+
+data "coder_workspace" "me" {}
+
+data "coder_workspace_owner" "me" {}
+
+variable "agent_id" {
+  type        = string
+  description = "The ID of a Coder agent."
+}
+
+variable "repository" {
+  type        = string
+  description = "Restic repository location (e.g., 's3:s3.amazonaws.com/bucket', 'b2:bucket-name', '/local/path')."
+}
+
+variable "password" {
+  type        = string
+  description = "Password for encrypting the Restic repository. Keep this secure!"
+  sensitive   = true
+}
+
+variable "install_restic" {
+  type        = bool
+  description = "Whether to install Restic binary."
+  default     = true
+}
+
+variable "restic_version" {
+  type        = string
+  description = "Version of Restic to install (e.g., '0.16.4' or 'latest')."
+  default     = "latest"
+}
+
+variable "backup_paths" {
+  type        = list(string)
+  description = "List of paths to backup. Can be absolute or relative to 'directory'."
+  default     = ["/home/coder"]
+}
+
+variable "exclude_patterns" {
+  type        = list(string)
+  description = "Patterns to exclude from backup (e.g., ['**/.git', '**/node_modules'])."
+  default     = []
+}
+
+variable "backup_tags" {
+  type        = list(string)
+  description = "Additional tags to apply to all snapshots."
+  default     = []
+}
+
+variable "directory" {
+  type        = string
+  description = "Working directory for backup operations."
+  default     = "~"
+}
+
+variable "backup_on_stop" {
+  type        = bool
+  description = "Whether to automatically backup when workspace stops."
+  default     = true
+}
+
+variable "backup_interval_minutes" {
+  type        = number
+  description = "Backup every N minutes while workspace is running (0 = disabled)."
+  default     = 0
+}
+
+variable "restore_on_start" {
+  type        = bool
+  description = "Whether to restore from backup when workspace starts."
+  default     = true
+}
+
+variable "snapshot_id" {
+  type        = string
+  description = "Specific snapshot ID to restore. If empty and restore_on_start is true, restores latest backup of this workspace. If set, restores that specific snapshot (useful for cloning workspaces)."
+  default     = ""
+}
+
+variable "restore_target" {
+  type        = string
+  description = "Target directory for restore ('/' restores to original paths)."
+  default     = "/"
+}
+
+variable "start_blocks_login" {
+  type        = bool
+  description = "Whether to block login until restore completes."
+  default     = true
+}
+
+variable "custom_stop_script" {
+  type        = string
+  description = "Custom script to run before stop backup."
+  default     = ""
+}
+
+variable "retention_keep_last" {
+  type        = number
+  description = "Keep last N snapshots per workspace."
+  default     = 10
+}
+
+variable "retention_keep_daily" {
+  type        = number
+  description = "Keep daily snapshots for N days."
+  default     = 14
+}
+
+variable "retention_keep_weekly" {
+  type        = number
+  description = "Keep weekly snapshots for N weeks."
+  default     = 8
+}
+
+variable "retention_keep_monthly" {
+  type        = number
+  description = "Keep monthly snapshots for N months."
+  default     = 6
+}
+
+variable "auto_forget" {
+  type        = bool
+  description = "Apply retention policies automatically after backup."
+  default     = false
+}
+
+variable "auto_prune" {
+  type        = bool
+  description = "Run prune after forget to reclaim space (slower but frees storage)."
+  default     = false
+}
+
+variable "auto_init_repo" {
+  type        = bool
+  description = "Automatically initialize repository if it doesn't exist."
+  default     = true
+}
+
+variable "env" {
+  type        = map(string)
+  description = "Environment variables for backend configuration (e.g., AWS_ACCESS_KEY_ID, B2_ACCOUNT_KEY). See README for backend-specific examples."
+  default     = {}
+  sensitive   = true
+}
+
+variable "icon" {
+  type        = string
+  description = "Icon to use for Restic apps."
+  default     = "/icon/restic.svg"
+}
+
+variable "order" {
+  type        = number
+  description = "Order of apps in UI."
+  default     = null
+}
+
+variable "group" {
+  type        = string
+  description = "Group name for apps."
+  default     = null
+}
+
+resource "coder_env" "restic_repository" {
+  agent_id = var.agent_id
+  name     = "RESTIC_REPOSITORY"
+  value    = var.repository
+}
+
+resource "coder_env" "restic_password" {
+  agent_id = var.agent_id
+  name     = "RESTIC_PASSWORD"
+  value    = var.password
+}
+
+resource "coder_env" "backend_env" {
+  for_each = nonsensitive(var.env)
+  agent_id = var.agent_id
+  name     = each.key
+  value    = each.value
+}
+
+resource "coder_env" "workspace_owner" {
+  agent_id = var.agent_id
+  name     = "RESTIC_WORKSPACE_OWNER"
+  value    = data.coder_workspace_owner.me.name
+}
+
+resource "coder_env" "workspace_name" {
+  agent_id = var.agent_id
+  name     = "RESTIC_WORKSPACE_NAME"
+  value    = data.coder_workspace.me.name
+}
+
+resource "coder_env" "workspace_id" {
+  agent_id = var.agent_id
+  name     = "RESTIC_WORKSPACE_ID"
+  value    = data.coder_workspace.me.id
+}
+
+resource "coder_script" "install_and_restore" {
+  agent_id           = var.agent_id
+  display_name       = "Restic Setup"
+  icon               = var.icon
+  run_on_start       = true
+  start_blocks_login = var.restore_on_start && var.start_blocks_login
+
+  script = templatefile("${path.module}/scripts/run.sh", {
+    INSTALL_RESTIC    = var.install_restic
+    RESTIC_VERSION    = var.restic_version
+    AUTO_INIT         = var.auto_init_repo
+    RESTORE_ON_START  = var.restore_on_start
+    SNAPSHOT_ID       = var.snapshot_id
+    RESTORE_TARGET    = var.restore_target
+    BACKUP_INTERVAL   = var.backup_interval_minutes
+    BACKUP_PATHS      = jsonencode(var.backup_paths)
+    EXCLUDE_PATTERNS  = jsonencode(var.exclude_patterns)
+    BACKUP_TAGS       = jsonencode(var.backup_tags)
+    DIRECTORY         = var.directory
+    RETENTION_LAST    = var.retention_keep_last
+    RETENTION_DAILY   = var.retention_keep_daily
+    RETENTION_WEEKLY  = var.retention_keep_weekly
+    RETENTION_MONTHLY = var.retention_keep_monthly
+    AUTO_FORGET       = var.auto_forget
+    AUTO_PRUNE        = var.auto_prune
+    BACKUP_SCRIPT_B64 = base64encode(file("${path.module}/scripts/backup.sh"))
+  })
+}
+
+resource "coder_script" "stop_backup" {
+  count              = var.backup_on_stop ? 1 : 0
+  agent_id           = var.agent_id
+  display_name       = "Restic Backup"
+  icon               = var.icon
+  run_on_stop        = true
+  start_blocks_login = false
+
+  script = <<-EOT
+    #!/usr/bin/env bash
+    set -euo pipefail
+    
+    ${var.custom_stop_script}
+    
+    "$CODER_SCRIPT_BIN_DIR/restic-backup" --tag "stop-backup"
+  EOT
+}
+
+resource "coder_app" "restic_backup" {
+  agent_id     = var.agent_id
+  slug         = "restic-backup"
+  display_name = "Backup Now"
+  icon         = var.icon
+  order        = var.order
+  group        = var.group
+
+  command = "$CODER_SCRIPT_BIN_DIR/restic-backup --tag manual-backup"
+}
+

registry/coder/modules/restic/restic.tftest.hcl

@@ -0,0 +1,333 @@
+run "required_variables" {
+  command = plan
+
+  variables {
+    agent_id   = "test-agent"
+    repository = "s3:s3.amazonaws.com/test-bucket"
+    password   = "test-password"
+  }
+}
+
+run "stop_backup_script_created_when_enabled" {
+  command = plan
+
+  variables {
+    agent_id       = "test-agent"
+    repository     = "/tmp/restic-repo"
+    password       = "test-password"
+    backup_on_stop = true
+  }
+
+  assert {
+    condition     = coder_script.stop_backup[0].run_on_stop == true
+    error_message = "Stop backup script should have run_on_stop enabled"
+  }
+
+  assert {
+    condition     = coder_script.stop_backup[0].agent_id == "test-agent"
+    error_message = "Stop backup script should use correct agent_id"
+  }
+}
+
+run "stop_backup_script_not_created_when_disabled" {
+  command = plan
+
+  variables {
+    agent_id       = "test-agent"
+    repository     = "/tmp/restic-repo"
+    password       = "test-password"
+    backup_on_stop = false
+  }
+
+  assert {
+    condition     = length(coder_script.stop_backup) == 0
+    error_message = "Stop backup script should not be created when backup_on_stop is false"
+  }
+}
+
+run "restore_blocks_login_by_default" {
+  command = plan
+
+  variables {
+    agent_id         = "test-agent"
+    repository       = "/tmp/restic-repo"
+    password         = "test-password"
+    restore_on_start = true
+  }
+
+  assert {
+    condition     = coder_script.install_and_restore.start_blocks_login == true
+    error_message = "Install script should block login when restore_on_start and start_blocks_login are true"
+  }
+}
+
+run "restore_does_not_block_login_when_disabled" {
+  command = plan
+
+  variables {
+    agent_id           = "test-agent"
+    repository         = "/tmp/restic-repo"
+    password           = "test-password"
+    restore_on_start   = true
+    start_blocks_login = false
+  }
+
+  assert {
+    condition     = coder_script.install_and_restore.start_blocks_login == false
+    error_message = "Install script should not block login when start_blocks_login is false"
+  }
+}
+
+run "workspace_metadata_env_vars_created" {
+  command = plan
+
+  variables {
+    agent_id   = "test-agent"
+    repository = "/tmp/restic-repo"
+    password   = "test-password"
+  }
+
+  assert {
+    condition     = coder_env.workspace_owner.name == "RESTIC_WORKSPACE_OWNER"
+    error_message = "Workspace owner env var should be RESTIC_WORKSPACE_OWNER"
+  }
+
+  assert {
+    condition     = coder_env.workspace_name.name == "RESTIC_WORKSPACE_NAME"
+    error_message = "Workspace name env var should be RESTIC_WORKSPACE_NAME"
+  }
+
+  assert {
+    condition     = coder_env.workspace_id.name == "RESTIC_WORKSPACE_ID"
+    error_message = "Workspace ID env var should be RESTIC_WORKSPACE_ID"
+  }
+}
+
+run "core_env_vars_created" {
+  command = plan
+
+  variables {
+    agent_id   = "test-agent"
+    repository = "s3:s3.amazonaws.com/bucket"
+    password   = "secure-password"
+  }
+
+  assert {
+    condition     = coder_env.restic_repository.name == "RESTIC_REPOSITORY"
+    error_message = "Repository env var should be RESTIC_REPOSITORY"
+  }
+
+  assert {
+    condition     = coder_env.restic_repository.value == "s3:s3.amazonaws.com/bucket"
+    error_message = "Repository env var should match input"
+  }
+
+  assert {
+    condition     = coder_env.restic_password.name == "RESTIC_PASSWORD"
+    error_message = "Password env var should be RESTIC_PASSWORD"
+  }
+}
+
+run "safe_retention_defaults" {
+  command = plan
+
+  variables {
+    agent_id   = "test-agent"
+    repository = "/tmp/restic-repo"
+    password   = "test-password"
+  }
+
+  # Verify auto_forget is false by default (safe)
+  assert {
+    condition     = var.auto_forget == false
+    error_message = "auto_forget should be false by default for safety"
+  }
+
+  # Verify reasonable retention defaults
+  assert {
+    condition     = var.retention_keep_last == 10
+    error_message = "Default retention_keep_last should be 10"
+  }
+
+  assert {
+    condition     = var.retention_keep_daily == 14
+    error_message = "Default retention_keep_daily should be 14"
+  }
+}
+
+run "manual_backup_app_created" {
+  command = plan
+
+  variables {
+    agent_id   = "test-agent"
+    repository = "/tmp/restic-repo"
+    password   = "test-password"
+  }
+
+  assert {
+    condition     = coder_app.restic_backup.slug == "restic-backup"
+    error_message = "Backup app should have slug restic-backup"
+  }
+
+  assert {
+    condition     = coder_app.restic_backup.display_name == "Backup Now"
+    error_message = "Backup app should display 'Backup Now'"
+  }
+
+  assert {
+    condition     = can(regex("restic-backup", coder_app.restic_backup.command))
+    error_message = "Backup app command should call restic-backup helper"
+  }
+}
+
+run "install_restic_enabled_in_script" {
+  command = plan
+
+  variables {
+    agent_id       = "test-agent"
+    repository     = "/tmp/restic-repo"
+    password       = "test-password"
+    install_restic = true
+  }
+
+  assert {
+    condition     = can(regex("INSTALL_RESTIC=\"true\"", coder_script.install_and_restore.script))
+    error_message = "Script should have INSTALL_RESTIC set to true"
+  }
+}
+
+run "install_restic_disabled_in_script" {
+  command = plan
+
+  variables {
+    agent_id       = "test-agent"
+    repository     = "/tmp/restic-repo"
+    password       = "test-password"
+    install_restic = false
+  }
+
+  assert {
+    condition     = can(regex("INSTALL_RESTIC=\"false\"", coder_script.install_and_restore.script))
+    error_message = "Script should have INSTALL_RESTIC set to false"
+  }
+}
+
+run "auto_init_repo_configuration" {
+  command = plan
+
+  variables {
+    agent_id       = "test-agent"
+    repository     = "/tmp/restic-repo"
+    password       = "test-password"
+    auto_init_repo = false
+  }
+
+  assert {
+    condition     = can(regex("AUTO_INIT=\"false\"", coder_script.install_and_restore.script))
+    error_message = "Script should have AUTO_INIT set to false"
+  }
+}
+
+run "restore_on_start_configuration" {
+  command = plan
+
+  variables {
+    agent_id         = "test-agent"
+    repository       = "/tmp/restic-repo"
+    password         = "test-password"
+    restore_on_start = true
+    snapshot_id      = "abc123"
+  }
+
+  assert {
+    condition     = can(regex("RESTORE_ON_START=\"true\"", coder_script.install_and_restore.script))
+    error_message = "Script should have RESTORE_ON_START set to true"
+  }
+
+  assert {
+    condition     = can(regex("SNAPSHOT_ID=\"abc123\"", coder_script.install_and_restore.script))
+    error_message = "Script should have SNAPSHOT_ID set to abc123"
+  }
+}
+
+run "interval_backup_configuration" {
+  command = plan
+
+  variables {
+    agent_id                = "test-agent"
+    repository              = "/tmp/restic-repo"
+    password                = "test-password"
+    backup_interval_minutes = 30
+  }
+
+  assert {
+    condition     = can(regex("BACKUP_INTERVAL=\"30\"", coder_script.install_and_restore.script))
+    error_message = "Script should have BACKUP_INTERVAL set to 30"
+  }
+}
+
+run "interval_backup_disabled_by_default" {
+  command = plan
+
+  variables {
+    agent_id   = "test-agent"
+    repository = "/tmp/restic-repo"
+    password   = "test-password"
+  }
+
+  assert {
+    condition     = can(regex("BACKUP_INTERVAL=\"0\"", coder_script.install_and_restore.script))
+    error_message = "Script should have BACKUP_INTERVAL set to 0 by default"
+  }
+}
+
+run "backup_paths_and_exclusions_configuration" {
+  command = plan
+
+  variables {
+    agent_id         = "test-agent"
+    repository       = "/tmp/restic-repo"
+    password         = "test-password"
+    backup_paths     = ["/home/coder", "/workspace"]
+    exclude_patterns = ["*.log", "node_modules"]
+    backup_tags      = ["production", "daily"]
+  }
+
+  assert {
+    condition     = can(regex("/home/coder", coder_script.install_and_restore.script))
+    error_message = "Script should contain backup path /home/coder"
+  }
+
+  assert {
+    condition     = can(regex("/workspace", coder_script.install_and_restore.script))
+    error_message = "Script should contain backup path /workspace"
+  }
+
+  assert {
+    condition     = can(regex("\\*.log", coder_script.install_and_restore.script))
+    error_message = "Script should contain exclude pattern *.log"
+  }
+
+  assert {
+    condition     = can(regex("production", coder_script.install_and_restore.script))
+    error_message = "Script should contain backup tag production"
+  }
+}
+
+run "custom_stop_script_included" {
+  command = plan
+
+  variables {
+    agent_id           = "test-agent"
+    repository         = "/tmp/restic-repo"
+    password           = "test-password"
+    backup_on_stop     = true
+    custom_stop_script = "echo 'Pre-backup cleanup'"
+  }
+
+  assert {
+    condition     = can(regex("echo 'Pre-backup cleanup'", coder_script.stop_backup[0].script))
+    error_message = "Stop script should contain custom stop script"
+  }
+}
+

registry/coder/modules/restic/scripts/backup.sh

@@ -0,0 +1,104 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+CONF_FILE="$CODER_SCRIPT_DATA_DIR/restic-backup.conf"
+if [ -f "$CONF_FILE" ]; then
+  # shellcheck source=/dev/null
+  source "$CONF_FILE"
+else
+  echo "Error: Configuration file not found: $CONF_FILE" >&2
+  exit 1
+fi
+
+EXTRA_TAGS=()
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --tag)
+      EXTRA_TAGS+=("$2")
+      shift 2
+      ;;
+    *)
+      echo "Unknown argument: $1" >&2
+      echo "Usage: restic-backup [--tag TAG]" >&2
+      exit 1
+      ;;
+  esac
+done
+
+echo "--------------------------------"
+echo "Restic Backup"
+echo "--------------------------------"
+
+DIRECTORY="${DIRECTORY/#\~/$HOME}"
+
+PATHS=$(echo "$BACKUP_PATHS" | python3 -c "import json, sys; print(' '.join(json.load(sys.stdin)))" 2> /dev/null || echo ".")
+EXCLUDES=$(echo "$EXCLUDE_PATTERNS" | python3 -c "import json, sys; [print(f'--exclude={p}') for p in json.load(sys.stdin)]" 2> /dev/null || echo "")
+TAGS=$(echo "$BACKUP_TAGS" | python3 -c "import json, sys; [print(f'--tag={t}') for t in json.load(sys.stdin)]" 2> /dev/null || echo "")
+
+TAG_ARGS=(
+  "--tag=workspace-id:$RESTIC_WORKSPACE_ID"
+  "--tag=workspace-owner:$RESTIC_WORKSPACE_OWNER"
+  "--tag=workspace-name:$RESTIC_WORKSPACE_NAME"
+)
+
+if [ -n "$TAGS" ]; then
+  while IFS= read -r tag; do
+    [ -n "$tag" ] && TAG_ARGS+=("$tag")
+  done <<< "$TAGS"
+fi
+
+for tag in "${EXTRA_TAGS[@]}"; do
+  TAG_ARGS+=("--tag=$tag")
+done
+
+EXCLUDE_ARGS=()
+if [ -n "$EXCLUDES" ]; then
+  while IFS= read -r exclude; do
+    [ -n "$exclude" ] && EXCLUDE_ARGS+=("$exclude")
+  done <<< "$EXCLUDES"
+fi
+
+cd "$DIRECTORY" || {
+  echo "Error: Failed to change to directory: $DIRECTORY" >&2
+  exit 1
+}
+
+echo "Working directory: $(pwd)"
+echo "Backup paths: $PATHS"
+echo "Tags: ${TAG_ARGS[*]}"
+[ ${#EXCLUDE_ARGS[@]} -gt 0 ] && echo "Exclusions: ${EXCLUDE_ARGS[*]}"
+echo "Starting backup..."
+
+# shellcheck disable=SC2086
+if restic backup $PATHS "${TAG_ARGS[@]}" "${EXCLUDE_ARGS[@]}"; then
+  echo "Backup completed successfully"
+else
+  echo "Error: Backup failed" >&2
+  exit 1
+fi
+
+if [ "$AUTO_FORGET" = "true" ]; then
+  echo "Applying retention policies..."
+
+  FORGET_ARGS=(
+    "--tag=workspace-id:$RESTIC_WORKSPACE_ID"
+    "--keep-last=$RETENTION_LAST"
+  )
+
+  [ "$RETENTION_DAILY" -gt 0 ] && FORGET_ARGS+=("--keep-daily=$RETENTION_DAILY")
+  [ "$RETENTION_WEEKLY" -gt 0 ] && FORGET_ARGS+=("--keep-weekly=$RETENTION_WEEKLY")
+  [ "$RETENTION_MONTHLY" -gt 0 ] && FORGET_ARGS+=("--keep-monthly=$RETENTION_MONTHLY")
+
+  if [ "$AUTO_PRUNE" = "true" ]; then
+    FORGET_ARGS+=("--prune")
+    echo "Pruning unreferenced data..."
+  fi
+
+  if restic forget "${FORGET_ARGS[@]}"; then
+    echo "Retention policies applied"
+  else
+    echo "Warning: Failed to apply retention policies" >&2
+  fi
+fi
+
+echo "Backup process complete"

registry/coder/modules/restic/scripts/run.sh

@@ -0,0 +1,296 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+: $${CODER_SCRIPT_BIN_DIR:=$HOME/.local/bin}
+: $${CODER_SCRIPT_DATA_DIR:=$HOME/.local/share/coder}
+
+mkdir -p "$CODER_SCRIPT_BIN_DIR"
+mkdir -p "$CODER_SCRIPT_DATA_DIR"
+
+export PATH="$HOME/.local/bin:$PATH"
+INSTALL_RESTIC="${INSTALL_RESTIC}"
+RESTIC_VERSION="${RESTIC_VERSION}"
+AUTO_INIT="${AUTO_INIT}"
+RESTORE_ON_START="${RESTORE_ON_START}"
+SNAPSHOT_ID="${SNAPSHOT_ID}"
+RESTORE_TARGET="${RESTORE_TARGET}"
+BACKUP_INTERVAL="${BACKUP_INTERVAL}"
+BACKUP_PATHS='${BACKUP_PATHS}'
+EXCLUDE_PATTERNS='${EXCLUDE_PATTERNS}'
+BACKUP_TAGS='${BACKUP_TAGS}'
+DIRECTORY="${DIRECTORY}"
+RETENTION_LAST="${RETENTION_LAST}"
+RETENTION_DAILY="${RETENTION_DAILY}"
+RETENTION_WEEKLY="${RETENTION_WEEKLY}"
+RETENTION_MONTHLY="${RETENTION_MONTHLY}"
+AUTO_FORGET="${AUTO_FORGET}"
+AUTO_PRUNE="${AUTO_PRUNE}"
+BACKUP_SCRIPT_B64='${BACKUP_SCRIPT_B64}'
+
+echo "--------------------------------"
+echo "Restic Backup Module Setup"
+echo "--------------------------------"
+
+detect_os_arch() {
+  OS=$(uname -s | tr '[:upper:]' '[:lower:]')
+  ARCH=$(uname -m)
+
+  case "$ARCH" in
+    x86_64)
+      ARCH="amd64"
+      ;;
+    aarch64 | arm64)
+      ARCH="arm64"
+      ;;
+    armv7l)
+      ARCH="arm"
+      ;;
+    *)
+      echo "Unsupported architecture: $ARCH"
+      exit 1
+      ;;
+  esac
+
+  case "$OS" in
+    linux | darwin) ;;
+    *)
+      echo "Unsupported OS: $OS"
+      exit 1
+      ;;
+  esac
+
+  echo "Detected OS: $OS, Architecture: $ARCH"
+}
+
+install_restic() {
+  if [ "$INSTALL_RESTIC" != "true" ]; then
+    echo "Skipping Restic installation (install_restic=false)"
+    return
+  fi
+
+  if command -v restic > /dev/null 2>&1; then
+    INSTALLED_VERSION=$(restic version | head -n1 | awk '{print $2}')
+    echo "Restic already installed: $INSTALLED_VERSION"
+
+    if [ "$RESTIC_VERSION" != "latest" ] && [ "$INSTALLED_VERSION" != "$RESTIC_VERSION" ]; then
+      echo "Warning: Version mismatch (installed: $INSTALLED_VERSION, requested: $RESTIC_VERSION)"
+    fi
+    return
+  fi
+
+  echo "Installing Restic..."
+
+  detect_os_arch
+
+  if [ "$RESTIC_VERSION" = "latest" ]; then
+    echo "Fetching latest version..."
+    LATEST_VERSION=$(curl -fsSL https://api.github.com/repos/restic/restic/releases/latest | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
+
+    if [ -z "$LATEST_VERSION" ]; then
+      echo "Error: Failed to fetch latest version"
+      exit 1
+    fi
+
+    echo "Version: $LATEST_VERSION"
+    DOWNLOAD_URL="https://github.com/restic/restic/releases/download/v$${LATEST_VERSION}/restic_$${LATEST_VERSION}_$${OS}_$${ARCH}.bz2"
+  else
+    DOWNLOAD_URL="https://github.com/restic/restic/releases/download/v${RESTIC_VERSION}/restic_${RESTIC_VERSION}_$${OS}_$${ARCH}.bz2"
+  fi
+
+  echo "Downloading Restic..."
+
+  mkdir -p "$HOME/.local/bin"
+
+  TMP_FILE=$(mktemp)
+  if curl -fsSL "$DOWNLOAD_URL" -o "$TMP_FILE"; then
+    bunzip2 -c "$TMP_FILE" > "$HOME/.local/bin/restic"
+    chmod +x "$HOME/.local/bin/restic"
+    rm "$TMP_FILE"
+    echo "Restic installed: $($HOME/.local/bin/restic version)"
+  else
+    echo "Error: Download failed"
+    rm -f "$TMP_FILE"
+    exit 1
+  fi
+}
+
+verify_installation() {
+  if ! command -v restic > /dev/null 2>&1; then
+    echo "Error: restic command not found in PATH"
+    echo "PATH: $PATH"
+
+    if [ "$INSTALL_RESTIC" = "true" ]; then
+      exit 1
+    else
+      echo "Warning: restic not found but install_restic=false, continuing anyway"
+      return
+    fi
+  fi
+
+  echo "Restic verified: $(restic version | head -n1)"
+}
+
+init_repository() {
+  if [ "$AUTO_INIT" != "true" ]; then
+    echo "Skipping repository initialization (auto_init_repo=false)"
+    return
+  fi
+
+  echo "Checking repository..."
+
+  if restic snapshots > /dev/null 2>&1; then
+    echo "Repository already initialized"
+    return
+  fi
+
+  echo "Initializing repository..."
+  if restic init; then
+    echo "Repository initialized"
+  else
+    echo "Error: Failed to initialize repository"
+    exit 1
+  fi
+}
+
+install_backup_helper() {
+  echo "Installing backup helper script..."
+
+  HELPER_SCRIPT="$CODER_SCRIPT_BIN_DIR/restic-backup"
+
+  echo -n "$BACKUP_SCRIPT_B64" | base64 -d > "$HELPER_SCRIPT"
+  chmod +x "$HELPER_SCRIPT"
+
+  cat > "$CODER_SCRIPT_DATA_DIR/restic-backup.conf" << EOF
+BACKUP_PATHS='$BACKUP_PATHS'
+EXCLUDE_PATTERNS='$EXCLUDE_PATTERNS'
+BACKUP_TAGS='$BACKUP_TAGS'
+DIRECTORY='$DIRECTORY'
+RETENTION_LAST='$RETENTION_LAST'
+RETENTION_DAILY='$RETENTION_DAILY'
+RETENTION_WEEKLY='$RETENTION_WEEKLY'
+RETENTION_MONTHLY='$RETENTION_MONTHLY'
+AUTO_FORGET='$AUTO_FORGET'
+AUTO_PRUNE='$AUTO_PRUNE'
+EOF
+
+  if [ ! -x "$HELPER_SCRIPT" ]; then
+    echo "Error: Backup helper is not executable"
+    exit 1
+  fi
+
+  echo "Backup helper installed: $HELPER_SCRIPT"
+  echo "Backup helper verified as executable"
+}
+
+find_latest_snapshot() {
+  local TAG_FILTER="$1"
+
+  SNAPSHOTS_JSON=$(restic snapshots --tag "$TAG_FILTER" --json 2> /dev/null || echo "[]")
+
+  LATEST_SNAPSHOT=$(echo "$SNAPSHOTS_JSON" | python3 -c "
+import json, sys
+snapshots = json.load(sys.stdin)
+if snapshots:
+    latest = max(snapshots, key=lambda s: s['time'])
+    print(latest['short_id'])
+else:
+    print('')
+" 2> /dev/null || echo "")
+
+  echo "$LATEST_SNAPSHOT"
+}
+
+restore_on_start() {
+  if [ "$RESTORE_ON_START" != "true" ]; then
+    echo "Skipping restore (restore_on_start=false)"
+    return
+  fi
+
+  echo "--------------------------------"
+  echo "Restore Configuration"
+  echo "--------------------------------"
+
+  SNAPSHOT_TO_RESTORE=""
+
+  if [ -n "$SNAPSHOT_ID" ]; then
+    echo "Restoring specific snapshot: $SNAPSHOT_ID"
+    SNAPSHOT_TO_RESTORE="$SNAPSHOT_ID"
+  else
+    echo "Finding latest backup for this workspace..."
+    SNAPSHOT_TO_RESTORE=$(find_latest_snapshot "workspace-id:$RESTIC_WORKSPACE_ID")
+
+    if [ -z "$SNAPSHOT_TO_RESTORE" ]; then
+      echo "No previous backup found"
+      echo "Starting with fresh workspace"
+      return
+    fi
+
+    echo "Found snapshot: $SNAPSHOT_TO_RESTORE"
+  fi
+
+  echo "Restoring to $RESTORE_TARGET..."
+
+  if restic restore "$SNAPSHOT_TO_RESTORE" --target "$RESTORE_TARGET"; then
+    echo "Restore completed successfully"
+  else
+    echo "Error: Restore failed"
+    exit 1
+  fi
+}
+
+setup_interval_backup() {
+  if [ "$BACKUP_INTERVAL" -eq 0 ]; then
+    return
+  fi
+
+  echo "Setting up interval backup (every $BACKUP_INTERVAL minutes)..."
+
+  cat > "$CODER_SCRIPT_DATA_DIR/interval-backup.sh" << 'EOFSCRIPT'
+#!/usr/bin/env bash
+set -euo pipefail
+
+INTERVAL_MINUTES="$1"
+INTERVAL_SECONDS=$((INTERVAL_MINUTES * 60))
+
+echo "Starting interval backup loop (every $INTERVAL_MINUTES minutes)"
+
+while true; do
+  sleep "$INTERVAL_SECONDS"
+  
+  echo "Running scheduled backup..."
+  if "$CODER_SCRIPT_BIN_DIR/restic-backup" --tag "interval-backup"; then
+    echo "Scheduled backup completed"
+  else
+    echo "Scheduled backup failed"
+  fi
+done
+EOFSCRIPT
+
+  chmod +x "$CODER_SCRIPT_DATA_DIR/interval-backup.sh"
+
+  nohup "$CODER_SCRIPT_DATA_DIR/interval-backup.sh" "$BACKUP_INTERVAL" \
+    >> "$CODER_SCRIPT_DATA_DIR/interval-backup.log" 2>&1 &
+
+  echo "Interval backup started in background (PID: $!)"
+}
+
+main() {
+  install_restic
+  verify_installation
+  init_repository
+  install_backup_helper
+  restore_on_start
+  setup_interval_backup
+
+  echo "--------------------------------"
+  echo "Restic setup complete"
+  echo "--------------------------------"
+  echo "Available commands:"
+  echo "  restic-backup          - Run manual backup"
+  echo "  restic snapshots       - List all snapshots"
+  echo "  restic restore <id>    - Restore specific snapshot"
+  echo ""
+  echo "Repository: $${RESTIC_REPOSITORY:-not set}"
+}
+
+main

registry/coder/modules/vault-token/README.md

@@ -19,7 +19,7 @@ variable "vault_token" {
 
 module "vault" {
   source          = "registry.coder.com/coder/vault-token/coder"
-  version         = "1.2.2"
+  version         = "1.2.1"
   agent_id        = coder_agent.example.id
   vault_token     = var.token # optional
   vault_addr      = "https://vault.example.com"
@@ -73,7 +73,7 @@ variable "vault_token" {
 
 module "vault" {
   source            = "registry.coder.com/coder/vault-token/coder"
-  version           = "1.2.2"
+  version           = "1.2.1"
   agent_id          = coder_agent.example.id
   vault_addr        = "https://vault.example.com"
   vault_token       = var.token

registry/coder/modules/vault-token/run.sh

@@ -68,7 +68,7 @@ install() {
     else
       printf "Upgrading Vault CLI from version %s to %s ...\n\n" "$${CURRENT_VERSION}" "${INSTALL_VERSION}"
     fi
-    fetch vault.zip "https://releases.hashicorp.com/vault/$${INSTALL_VERSION}/vault_$${INSTALL_VERSION}_linux_$${ARCH}.zip"
+    fetch vault.zip "https://releases.hashicorp.com/vault/$${INSTALL_VERSION}/vault_$${INSTALL_VERSION}_linux_amd64.zip"
     if [ $? -ne 0 ]; then
       printf "Failed to download Vault.\n"
       return 1

registry/coder/modules/windows-rdp/README.md

@@ -15,7 +15,7 @@ Enable Remote Desktop + a web based client on Windows workspaces, powered by [de
 module "windows_rdp" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/windows-rdp/coder"
-  version  = "1.3.0"
+  version  = "1.2.3"
   agent_id = resource.coder_agent.main.id
 }
 ```
@@ -32,7 +32,7 @@ module "windows_rdp" {
 module "windows_rdp" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/windows-rdp/coder"
-  version  = "1.3.0"
+  version  = "1.2.3"
   agent_id = resource.coder_agent.main.id
 }
 ```
@@ -43,7 +43,7 @@ module "windows_rdp" {
 module "windows_rdp" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/windows-rdp/coder"
-  version  = "1.3.0"
+  version  = "1.2.3"
   agent_id = resource.coder_agent.main.id
 }
 ```
@@ -54,7 +54,7 @@ module "windows_rdp" {
 module "windows_rdp" {
   count                       = data.coder_workspace.me.start_count
   source                      = "registry.coder.com/coder/windows-rdp/coder"
-  version                     = "1.3.0"
+  version                     = "1.2.3"
   agent_id                    = resource.coder_agent.main.id
   devolutions_gateway_version = "2025.2.2" # Specify a specific version
 }

registry/coder/modules/windows-rdp/devolutions-patch.js

@@ -25,426 +25,401 @@
  * @typedef {Readonly<{ querySelector: string; value: string; }>} FormFieldEntry
  * @typedef {Readonly<Record<string, FormFieldEntry>>} FormFieldEntries
  */
-(function () {
-  /**
-   * The communication protocol to set Devolutions to.
-   */
-  const PROTOCOL = "RDP";
 
-  /**
-   * The hostname to use with Devolutions.
-   */
-  const HOSTNAME = "localhost";
+/**
+ * The communication protocol to set Devolutions to.
+ */
+const PROTOCOL = "RDP";
 
-  /**
-   * How often to poll the screen for the main Devolutions form.
-   */
-  const POLL_INTERVAL_MS = 500;
+/**
+ * The hostname to use with Devolutions.
+ */
+const HOSTNAME = "localhost";
 
-  /**
-   * The fields in the Devolutions sign-in form that should be populated with
-   * values from the Coder workspace.
-   *
-   * All properties should be defined as placeholder templates in the form
-   * VALUE_NAME. The Coder module, when spun up, should then run some logic to
-   * replace the template slots with actual values. These values should never
-   * change from within JavaScript itself.
-   *
-   * @satisfies {FormFieldEntries}
-   */
-  const formFieldEntries = {
+/**
+ * How often to poll the screen for the main Devolutions form.
+ */
+const SCREEN_POLL_INTERVAL_MS = 500;
+
+/**
+ * The fields in the Devolutions sign-in form that should be populated with
+ * values from the Coder workspace.
+ *
+ * All properties should be defined as placeholder templates in the form
+ * VALUE_NAME. The Coder module, when spun up, should then run some logic to
+ * replace the template slots with actual values. These values should never
+ * change from within JavaScript itself.
+ *
+ * @satisfies {FormFieldEntries}
+ */
+const formFieldEntries = {
+  /** @readonly */
+  username: {
     /** @readonly */
-    username: {
-      /** @readonly */
-      querySelector: "web-client-username-control input",
+    querySelector: "web-client-username-control input",
 
-      /** @readonly */
-      value: "${CODER_USERNAME}",
-    },
     /** @readonly */
-    password: {
-      /** @readonly */
-      querySelector: "web-client-password-control input",
+    value: "${CODER_USERNAME}",
+  },
 
-      /** @readonly */
-      value: "${CODER_PASSWORD}",
-    },
-  };
+  /** @readonly */
+  password: {
+    /** @readonly */
+    querySelector: "web-client-password-control input",
 
-  /**
-   * This ensures that the Devolutions login form (which by default, always shows
-   * up on screen when the app first launches) stays visually hidden from the user
-   * when they open Devolutions via the Coder module.
-   *
-   * The form will still be filled out automatically and submitted in the
-   * background via the rest of the logic in this file, so this function is mainly
-   * to help avoid screen flickering and make the overall experience feel a little
-   * more polished (even though it's just one giant hack).
-   *
-   * @returns {void}
-   */
-  function hideFormForInitialSubmission() {
-    const styleId = "coder-patch--styles-initial-submission";
-    const cssOpacityVariableName = "--coder-opacity-multiplier";
+    /** @readonly */
+    value: "${CODER_PASSWORD}",
+  },
+};
 
-    /** @type {HTMLStyleElement | null} */
-    // biome-ignore lint/style/useTemplate: Have to skip interpolation for the main.tf interpolation
-    let styleContainer = document.querySelector("#" + styleId);
-    if (!styleContainer) {
-      styleContainer = document.createElement("style");
-      styleContainer.id = styleId;
-      styleContainer.innerHTML = `
-        /*
-          Have to use opacity instead of visibility, because the element still
-          needs to be interactive via the script so that it can be auto-filled.
-        */
-        :root {
-          /*
-            Can be 0 or 1. Start off invisible to avoid risks of UI flickering,
-            but the rest of the function should be in charge of making the form
-            container visible again if something goes wrong during setup.
+/**
+ * Handles typing in the values for the input form. All values are written
+ * immediately, even though that would be physically impossible with a real
+ * keyboard.
+ *
+ * Note: this code will never break, but you might get warnings in the console
+ * from Angular about unexpected value changes. Angular patches over a lot of
+ * the built-in browser APIs to support its component change detection system.
+ * As part of that, it has validations for checking whether an input it
+ * previously had control over changed without it doing anything.
+ *
+ * But the only way to simulate a keyboard input is by setting the input's
+ * .value property, and then firing an input event. So basically, the inner
+ * value will change, which Angular won't be happy about, but then the input
+ * event will fire and sync everything back together.
+ *
+ * @param {HTMLInputElement} inputField
+ * @param {string} inputText
+ * @returns {Promise<void>}
+ */
+function setInputValue(inputField, inputText) {
+  return new Promise((resolve, reject) => {
+    // Adding timeout for input event, even though we'll be dispatching it
+    // immediately, just in the off chance that something in the Angular app
+    // intercepts it or stops it from propagating properly
+    const timeoutId = window.setTimeout(() => {
+      reject(new Error("Input event did not get processed correctly in time."));
+    }, 3_000);
 
-            Double dollar sign needed to avoid Terraform script false positives
-          */
-          $${cssOpacityVariableName}: 0;
-        }
-
-        /*
-          web-client-form is the container for the main session form, while
-          the div is for the dropdown that is used for selecting the protocol.
-          The dropdown is not inside of the form for CSS styling reasons, so we
-          need to select both.
-        */
-        web-client-form,
-        body > div.p-overlay {
-          /*
-            Double dollar sign needed to avoid Terraform script false positives
-          */
-          opacity: calc(100% * var($${cssOpacityVariableName})) !important;
-        }
-      `;
-
-      document.head.appendChild(styleContainer);
-    }
-
-    // The root node being undefined should be physically impossible (if it's
-    // undefined, the browser itself is busted), but we need to do a type check
-    // here so that the rest of the function doesn't need to do type checks over
-    // and over.
-    const rootNode = document.querySelector(":root");
-    if (!(rootNode instanceof HTMLHtmlElement)) {
-      // Remove the container entirely because if the browser is busted, who knows
-      // if the CSS variables can be applied correctly. Better to have something
-      // be a bit more ugly/painful to use, than have it be impossible to use
-      styleContainer.remove();
-      return;
-    }
-
-    // It's safe to make the form visible preemptively because Devolutions
-    // outputs the Windows view through an HTML canvas that it overlays on top
-    // of the rest of the app. Even if the form isn't hidden at the style level,
-    // it will still be covered up.
-    const restoreOpacity = () => {
-      rootNode.style.setProperty(cssOpacityVariableName, "1");
+    const handleSuccessfulDispatch = () => {
+      window.clearTimeout(timeoutId);
+      inputField.removeEventListener("input", handleSuccessfulDispatch);
+      resolve();
     };
 
-    // If this file gets more complicated, it might make sense to set up the
-    // timeout and event listener so that if one triggers, it cancels the other,
-    // but having restoreOpacity run more than once is a no-op for right now.
-    // Not a big deal if these don't get cleaned up.
+    inputField.addEventListener("input", handleSuccessfulDispatch);
 
-    // Have the form automatically reappear no matter what, so that if something
-    // does break, the user isn't left out to dry
-    window.setTimeout(restoreOpacity, 5_000);
+    // Code assumes that Angular will have an event handler in place to handle
+    // the new event
+    const inputEvent = new Event("input", {
+      bubbles: true,
+      cancelable: true,
+    });
 
-    /** @type {HTMLFormElement | null} */
-    const form = document.querySelector("web-client-form > form");
-    form?.addEventListener(
-      "submit",
-      () => {
-        // Not restoring opacity right away just to give the HTML canvas a little
-        // bit of time to get spun up and cover up the main form
-        window.setTimeout(restoreOpacity, 1_000);
-      },
-      { once: true },
+    inputField.value = inputText;
+    inputField.dispatchEvent(inputEvent);
+  });
+}
+
+/**
+ * Takes a Devolutions remote session form, auto-fills it with data, and then
+ * submits it.
+ *
+ * The logic here is more convoluted than it should be for two main reasons:
+ * 1. Devolutions' HTML markup has errors. There are labels, but they aren't
+ *    bound to the inputs they're supposed to describe. This means no easy hooks
+ *    for selecting the elements, unfortunately.
+ * 2. Trying to modify the .value properties on some of the inputs doesn't
+ *    work. Probably some combo of Angular data-binding and some inputs having
+ *    the readonly attribute. Have to simulate user input to get around this.
+ *
+ * @param {HTMLFormElement} myForm
+ * @returns {Promise<void>}
+ */
+async function autoSubmitForm(myForm) {
+  const setProtocolValue = () => {
+    /** @type {HTMLDivElement | null} */
+    const protocolDropdownTrigger = myForm.querySelector('div[role="button"]');
+    if (protocolDropdownTrigger === null) {
+      throw new Error("No clickable trigger for setting protocol value");
+    }
+
+    protocolDropdownTrigger.click();
+
+    // Can't use form as container for querying the list of dropdown options,
+    // because the elements don't actually exist inside the form. They're placed
+    // in the top level of the HTML doc, and repositioned to make it look like
+    // they're part of the form. Avoids CSS stacking context issues, maybe?
+    /** @type {HTMLLIElement | null} */
+    const protocolOption = document.querySelector(
+      // biome-ignore lint/style/useTemplate: Have to skip interpolation for the main.tf interpolation
+      'p-dropdownitem[ng-reflect-label="' + PROTOCOL + '"] li',
     );
-  }
 
-  /**
-   * Sets up custom styles for hiding default Devolutions elements that Coder
-   * users shouldn't need to care about.
-   *
-   * @returns {void}
-   */
-  function setupAlwaysOnStyles() {
-    const styleId = "coder-patch--styles-always-on";
-    // biome-ignore lint/style/useTemplate: Have to skip interpolation for the main.tf interpolation
-    const existingContainer = document.querySelector("#" + styleId);
-    if (existingContainer) {
+    if (protocolOption === null) {
+      throw new Error(
+        "Unable to find protocol option on screen that matches desired protocol",
+      );
+    }
+
+    protocolOption.click();
+  };
+
+  const setHostname = () => {
+    /** @type {HTMLInputElement | null} */
+    const hostnameInput = myForm.querySelector("p-autocomplete#hostname input");
+
+    if (hostnameInput === null) {
+      throw new Error("Unable to find field for adding hostname");
+    }
+
+    return setInputValue(hostnameInput, HOSTNAME);
+  };
+
+  const setCoderFormFieldValues = async () => {
+    // The RDP form will not appear on screen unless the dropdown is set to use
+    // the RDP protocol
+    const rdpSubsection = myForm.querySelector("rdp-form");
+    if (rdpSubsection === null) {
+      throw new Error(
+        "Unable to find RDP subsection. Is the value of the protocol set to RDP?",
+      );
+    }
+
+    for (const { value, querySelector } of Object.values(formFieldEntries)) {
+      /** @type {HTMLInputElement | null} */
+      const input = document.querySelector(querySelector);
+
+      if (input === null) {
+        throw new Error(
+          // biome-ignore lint/style/useTemplate: Have to skip interpolation for the main.tf interpolation
+          'Unable to element that matches query "' + querySelector + '"',
+        );
+      }
+
+      await setInputValue(input, value);
+    }
+  };
+
+  const triggerSubmission = () => {
+    /** @type {HTMLButtonElement | null} */
+    const submitButton = myForm.querySelector(
+      'p-button[ng-reflect-type="submit"] button',
+    );
+
+    if (submitButton === null) {
+      throw new Error("Unable to find submission button");
+    }
+
+    if (submitButton.disabled) {
+      throw new Error(
+        "Unable to submit form because submit button is disabled. Are all fields filled out correctly?",
+      );
+    }
+
+    submitButton.click();
+  };
+
+  setProtocolValue();
+  await setHostname();
+  await setCoderFormFieldValues();
+  triggerSubmission();
+}
+
+/**
+ * Sets up logic for auto-populating the form data when the form appears on
+ * screen.
+ *
+ * @returns {void}
+ */
+function setupFormDetection() {
+  /** @type {HTMLFormElement | null} */
+  let formValueFromLastMutation = null;
+
+  /** @returns {void} */
+  const onDynamicTabMutation = () => {
+    /** @type {HTMLFormElement | null} */
+    const latestForm = document.querySelector("web-client-form > form");
+
+    // Only try to auto-fill if we went from having no form on screen to
+    // having a form on screen. That way, we don't accidentally override the
+    // form if the user is trying to customize values, and this essentially
+    // makes the script values function as default values
+    const mounted = formValueFromLastMutation === null && latestForm !== null;
+    if (mounted) {
+      autoSubmitForm(latestForm);
+    }
+
+    formValueFromLastMutation = latestForm;
+  };
+
+  /** @type {number | undefined} */
+  let pollingId = undefined;
+
+  /** @returns {void} */
+  const checkScreenForDynamicTab = () => {
+    const dynamicTab = document.querySelector("web-client-dynamic-tab");
+
+    // Keep polling until the main content container is on screen
+    if (dynamicTab === null) {
       return;
     }
 
-    const styleContainer = document.createElement("style");
+    window.clearInterval(pollingId);
+
+    // Call the mutation callback manually, to ensure it runs at least once
+    onDynamicTabMutation();
+
+    // Having the mutation observer is kind of an extra safety net that isn't
+    // really expected to run that often. Most of the content in the dynamic
+    // tab is being rendered through Canvas, which won't trigger any mutations
+    // that the observer can detect
+    const dynamicTabObserver = new MutationObserver(onDynamicTabMutation);
+    dynamicTabObserver.observe(dynamicTab, {
+      subtree: true,
+      childList: true,
+    });
+  };
+
+  pollingId = window.setInterval(
+    checkScreenForDynamicTab,
+    SCREEN_POLL_INTERVAL_MS,
+  );
+}
+
+/**
+ * Sets up custom styles for hiding default Devolutions elements that Coder
+ * users shouldn't need to care about.
+ *
+ * @returns {void}
+ */
+function setupAlwaysOnStyles() {
+  const styleId = "coder-patch--styles-always-on";
+  // biome-ignore lint/style/useTemplate: Have to skip interpolation for the main.tf interpolation
+  const existingContainer = document.querySelector("#" + styleId);
+  if (existingContainer) {
+    return;
+  }
+
+  const styleContainer = document.createElement("style");
+  styleContainer.id = styleId;
+  styleContainer.innerHTML = `
+    /* app-menu corresponds to the sidebar of the default view. */
+    app-menu {
+      display: none !important;
+    }
+  `;
+
+  document.head.appendChild(styleContainer);
+}
+
+/**
+ * This ensures that the Devolutions login form (which by default, always shows
+ * up on screen when the app first launches) stays visually hidden from the user
+ * when they open Devolutions via the Coder module.
+ *
+ * The form will still be filled out automatically and submitted in the
+ * background via the rest of the logic in this file, so this function is mainly
+ * to help avoid screen flickering and make the overall experience feel a little
+ * more polished (even though it's just one giant hack).
+ *
+ * @returns {void}
+ */
+function hideFormForInitialSubmission() {
+  const styleId = "coder-patch--styles-initial-submission";
+  const cssOpacityVariableName = "--coder-opacity-multiplier";
+
+  /** @type {HTMLStyleElement | null} */
+  // biome-ignore lint/style/useTemplate: Have to skip interpolation for the main.tf interpolation
+  let styleContainer = document.querySelector("#" + styleId);
+  if (!styleContainer) {
+    styleContainer = document.createElement("style");
     styleContainer.id = styleId;
     styleContainer.innerHTML = `
-      /* app-menu corresponds to the sidebar of the default view. */
-      app-menu {
-        display: none !important;
+      /*
+        Have to use opacity instead of visibility, because the element still
+        needs to be interactive via the script so that it can be auto-filled.
+      */
+      :root {
+        /*
+          Can be 0 or 1. Start off invisible to avoid risks of UI flickering,
+          but the rest of the function should be in charge of making the form
+          container visible again if something goes wrong during setup.
+
+          Double dollar sign needed to avoid Terraform script false positives
+        */
+        $${cssOpacityVariableName}: 0;
       }
 
-      /* app-net-scan corresponds to the auto-discovery feature. */
-      app-net-scan {
-        display: none !important;
+      /*
+        web-client-form is the container for the main session form, while
+        the div is for the dropdown that is used for selecting the protocol.
+        The dropdown is not inside of the form for CSS styling reasons, so we
+        need to select both.
+       */
+      web-client-form,
+      body > div.p-overlay {
+        /*
+          Double dollar sign needed to avoid Terraform script false positives
+        */
+        opacity: calc(100% * var($${cssOpacityVariableName})) !important;
       }
     `;
 
     document.head.appendChild(styleContainer);
   }
 
-  /**
-   * Handles typing in the values for the input form. All values are written
-   * immediately, even though that would be physically impossible with a real
-   * keyboard.
-   *
-   * Note: this code will never break, but you might get warnings in the console
-   * from Angular about unexpected value changes. Angular patches over a lot of
-   * the built-in browser APIs to support its component change detection system.
-   * As part of that, it has validations for checking whether an input it
-   * previously had control over changed without it doing anything.
-   *
-   * But the only way to simulate a keyboard input is by setting the input's
-   * .value property, and then firing an input event. So basically, the inner
-   * value will change, which Angular won't be happy about, but then the input
-   * event will fire and sync everything back together.
-   *
-   * @param {HTMLInputElement} inputField
-   * @param {string} inputText
-   * @returns {Promise<void>}
-   */
-  function setInputValue(inputField, inputText) {
-    return new Promise((resolve, reject) => {
-      // Adding timeout for input event, even though we'll be dispatching it
-      // immediately, just in the off chance that something in the Angular app
-      // intercepts it or stops it from propagating properly
-      const timeoutId = window.setTimeout(() => {
-        reject(
-          new Error("Input event did not get processed correctly in time."),
-        );
-      }, 3_000);
-
-      const handleSuccessfulDispatch = () => {
-        window.clearTimeout(timeoutId);
-        inputField.removeEventListener("input", handleSuccessfulDispatch);
-        resolve();
-      };
-
-      inputField.addEventListener("input", handleSuccessfulDispatch);
-
-      // Code assumes that Angular will have an event handler in place to handle
-      // the new event
-      const inputEvent = new Event("input", {
-        bubbles: true,
-        cancelable: true,
-      });
-
-      inputField.value = inputText;
-      inputField.dispatchEvent(inputEvent);
-    });
+  // The root node being undefined should be physically impossible (if it's
+  // undefined, the browser itself is busted), but we need to do a type check
+  // here so that the rest of the function doesn't need to do type checks over
+  // and over.
+  const rootNode = document.querySelector(":root");
+  if (!(rootNode instanceof HTMLHtmlElement)) {
+    // Remove the container entirely because if the browser is busted, who knows
+    // if the CSS variables can be applied correctly. Better to have something
+    // be a bit more ugly/painful to use, than have it be impossible to use
+    styleContainer.remove();
+    return;
   }
 
-  /**
-   * Takes a Devolutions remote session form, auto-fills it with data, and then
-   * submits it.
-   *
-   * The logic here is more convoluted than it should be for two main reasons:
-   * 1. Devolutions' HTML markup has errors. There are labels, but they aren't
-   *    bound to the inputs they're supposed to describe. This means no easy hooks
-   *    for selecting the elements, unfortunately.
-   * 2. Trying to modify the .value properties on some of the inputs doesn't
-   *    work. Probably some combo of Angular data-binding and some inputs having
-   *    the readonly attribute. Have to simulate user input to get around this.
-   *
-   * @param {HTMLFormElement} form
-   */
-  async function fillForm(form) {
-    try {
-      log("Form detected. Starting auto-fill...");
+  // It's safe to make the form visible preemptively because Devolutions
+  // outputs the Windows view through an HTML canvas that it overlays on top
+  // of the rest of the app. Even if the form isn't hidden at the style level,
+  // it will still be covered up.
+  const restoreOpacity = () => {
+    rootNode.style.setProperty(cssOpacityVariableName, "1");
+  };
 
-      // By default, RDP is selected. Leaving this here if needed
-      // in the future.
-      const protocolTrigger = form.querySelector('p-dropdown[id="protocol"]');
-      if (protocolTrigger) {
-        protocolTrigger.click();
-        const protocolOption = document.querySelector(
-          `li[aria-label="$${PROTOCOL}"]`,
-        );
-        if (protocolOption) {
-          protocolOption.click();
-          log(`Protocol set to $${PROTOCOL}`);
-        } else {
-          log("Protocol option not found.");
-        }
-      } else {
-        log("Protocol dropdown trigger not found.");
-      }
+  // If this file gets more complicated, it might make sense to set up the
+  // timeout and event listener so that if one triggers, it cancels the other,
+  // but having restoreOpacity run more than once is a no-op for right now.
+  // Not a big deal if these don't get cleaned up.
 
-      const hostnameInput = form.querySelector("p-autocomplete#hostname input");
-      if (hostnameInput) {
-        await setInputValue(hostnameInput, HOSTNAME);
-        log(`Hostname set to $${HOSTNAME}`);
-      } else {
-        log("Hostname input not found.");
-      }
+  // Have the form automatically reappear no matter what, so that if something
+  // does break, the user isn't left out to dry
+  window.setTimeout(restoreOpacity, 5_000);
 
-      for (const [key, { querySelector, value }] of Object.entries(
-        formFieldEntries,
-      )) {
-        const input = document.querySelector(querySelector);
-        if (input) {
-          await setInputValue(input, value);
-          log(`Set $${key} to $${value}`);
-        } else {
-          log(`Input for $${key} not found with selector: $${querySelector}`);
-        }
-      }
+  /** @type {HTMLFormElement | null} */
+  const form = document.querySelector("web-client-form > form");
+  form?.addEventListener(
+    "submit",
+    () => {
+      // Not restoring opacity right away just to give the HTML canvas a little
+      // bit of time to get spun up and cover up the main form
+      window.setTimeout(restoreOpacity, 1_000);
+    },
+    { once: true },
+  );
+}
 
-      const submitButton = form.querySelector(
-        'p-button[class="p-element"] button',
-      );
-      if (submitButton && !submitButton.disabled) {
-        submitButton.click();
-        log("Form submitted.");
-      } else {
-        log("Submit button not found or disabled.");
-      }
-    } catch (err) {
-      console.error("[Devolutions Patch] Error during form fill:", err);
-    }
-  }
+// Always safe to call these immediately because even if the Angular app isn't
+// loaded by the time the function gets called, the CSS will always be globally
+// available for when Angular is finally ready
+setupAlwaysOnStyles();
+hideFormForInitialSubmission();
 
-  /**
-   * Attaches a click event listener to the "Close Session" button within the provided top bar element.
-   * When clicked, the listener triggers the window to close.
-   * Logs a message indicating whether the listener was successfully attached or if the button was not found.
-   *
-   * @param {HTMLElement} topBar - The container element that includes the "Close Session" button.
-   * @returns {void}
-   */
-  function attachCloseListener(topBar) {
-    const buttons = topBar.querySelectorAll("button");
-
-    const closeButton = Array.from(buttons).find((button) => {
-      const labelSpan = button.querySelector(".p-button-label");
-      return labelSpan && labelSpan.textContent.trim() === "Close Session";
-    });
-
-    if (closeButton) {
-      closeButton.parentElement.addEventListener("click", () => {
-        window.close();
-      });
-      log("Close listener attached.");
-    } else {
-      log("Close button not found in top bar.");
-    }
-  }
-
-  /**
-   * Sets the checked state of a checkbox based on its label text.
-   * Searches all <p-checkbox> components in the document and identifies the one
-   * whose label matches the provided `filterText`. Once found, it sets the checkbox
-   * to the specified `checked` state (true or false) and dispatches a change event
-   * to ensure any bound listeners (e.g., Angular change detection) are triggered.
-   * Logs the outcome of the operation for debugging or audit purposes.
-   *
-   * @param {string} filterText - The exact label text of the checkbox to target.
-   * @param {boolean} checked - The desired checked state (true to check, false to uncheck).
-   * @returns {void}
-   */
-  function setCheckbox(filterText, checked) {
-    const checkboxes = document.querySelectorAll("p-checkbox");
-
-    const targetCheckbox = Array.from(checkboxes).find((checkbox) => {
-      const label = checkbox.querySelector(".p-checkbox-label");
-      return label && label.textContent.trim() === filterText;
-    });
-
-    if (targetCheckbox) {
-      const input = targetCheckbox.querySelector('input[type="checkbox"]');
-      if (input) {
-        input.checked = checked;
-        input.dispatchEvent(new Event("change", { bubbles: true }));
-      }
-      log(`$${filterText} set to $${checked}.`);
-    } else {
-      log(`$${filterText} checkbox not found in top bar.`);
-    }
-  }
-
-  /**
-   * Continuously polls the DOM for a specific form element.
-   * - Searches for a <form> inside a <web-client-form> element.
-   * - If found, calls `fillForm(form)` to process it.
-   * - If not found, logs a retry message and schedules another check after a delay.
-   *
-   * @returns {void}
-   */
-  function pollForForm() {
-    const form = document.querySelector("web-client-form form");
-    if (form) {
-      fillForm(form);
-
-      // Start polling for top bar after form is filled
-      pollForSessionToolBar();
-    } else {
-      log("Form not yet available. Retrying...");
-      setTimeout(pollForForm, POLL_INTERVAL_MS);
-    }
-  }
-
-  /**
-   * Continuously polls the DOM for a specific form element.
-   * - Searches for a <session-toolbar> element.
-   * - If found, adds another listener to session toolbar
-   * - If not found, logs a retry message and schedules another check after a delay.
-   *
-   * @returns {void}
-   */
-  function pollForSessionToolBar() {
-    const sessionToolBar = document.querySelector("session-toolbar");
-    if (sessionToolBar) {
-      log("Top bar detected. Proceeding with next steps...");
-      attachCloseListener(sessionToolBar);
-
-      // Automatically set checkboxes to improve user experience
-      setCheckbox("Unicode Keyboard Mode", true);
-      setCheckbox("Dynamic Resize", true);
-    } else {
-      log("Top bar not yet available. Retrying...");
-      setTimeout(pollForSessionToolBar, POLL_INTERVAL_MS);
-    }
-  }
-
-  /**
-   * Logs a message to the console with a standardized prefix.
-   * Format: [Devolutions Patch] $<message>
-   *
-   * @param {string} msg - The message to log.
-   * @returns {void}
-   */
-  function log(msg) {
-    console.log(`[Devolutions Patch] $${msg}`);
-  }
-
-  // Always safe to call these immediately because even if the Angular app isn't
-  // loaded by the time the function gets called, the CSS will always be globally
-  // available for when Angular is finally ready
-  setupAlwaysOnStyles();
-  hideFormForInitialSubmission();
-
-  log("Script loaded. Starting form detection...");
-  if (document.readyState === "loading") {
-    document.addEventListener("DOMContentLoaded", pollForForm);
-  } else {
-    pollForForm();
-  }
-})();
+if (document.readyState === "loading") {
+  document.addEventListener("DOMContentLoaded", setupFormDetection);
+} else {
+  setupFormDetection();
+}

registry/coder/modules/windows-rdp/main.test.ts

@@ -59,11 +59,9 @@ describe("Web RDP", async () => {
     expect(lines).toEqual(
       expect.arrayContaining<string>([
         '$moduleName = "DevolutionsGateway"',
-        // Default is "latest" to automatically get the newest version
-        '$moduleVersion = "latest"',
-        "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12",
-        "Set-PSRepository -Name PSGallery -InstallationPolicy Trusted",
-        "Install-Module -Name $moduleName -Force",
+        // Devolutions does versioning in the format year.minor.patch
+        expect.stringMatching(/^\$moduleVersion = "\d{4}\.\d+\.\d+"$/),
+        "Install-Module -Name $moduleName -RequiredVersion $moduleVersion -Force",
       ]),
     );
   });
@@ -88,7 +86,7 @@ describe("Web RDP", async () => {
      * @see {@link https://regex101.com/r/UMgQpv/2}
      */
     const formEntryValuesRe =
-      /username:\s*\{[\s\S]*?value:\s*"(?<username>[^"]+)"[\s\S]*?password:\s*\{[\s\S]*?value:\s*"(?<password>[^"]+)"/;
+      /^const formFieldEntries = \{$.*?^\s+username: \{$.*?^\s*?querySelector.*?,$.*?^\s*value: "(?<username>.+?)",$.*?password: \{$.*?^\s+querySelector: .*?,$.*?^\s*value: "(?<password>.+?)",$.*?^};$/ms;
 
     // Test that things work with the default username/password
     const defaultState = await runTerraformApply<TestVariables>(

registry/coder/modules/windows-rdp/main.tf

@@ -9,24 +9,6 @@ terraform {
   }
 }
 
-variable "display_name" {
-  type        = string
-  description = "The display name for the Web RDP application."
-  default     = "Web RDP"
-}
-
-variable "slug" {
-  type        = string
-  description = "The slug for the Web RDP application."
-  default     = "web-rdp"
-}
-
-variable "icon" {
-  type        = string
-  description = "The icon for the Web RDP application."
-  default     = "/icon/desktop.svg"
-}
-
 variable "order" {
   type        = number
   description = "The order determines the position of app in the UI presentation. The lowest order is shown first and apps with equal order are sorted by name (ascending order)."
@@ -66,8 +48,8 @@ variable "admin_password" {
 
 variable "devolutions_gateway_version" {
   type        = string
-  default     = "latest"
-  description = "Version of Devolutions Gateway to install. Use 'latest' for the most recent version, or specify a version like '2025.3.2'."
+  default     = "2025.2.2"
+  description = "Version of Devolutions Gateway to install. Defaults to the latest available version."
 }
 
 resource "coder_script" "windows-rdp" {
@@ -95,10 +77,10 @@ resource "coder_script" "windows-rdp" {
 resource "coder_app" "windows-rdp" {
   agent_id     = var.agent_id
   share        = var.share
-  slug         = var.slug
-  display_name = var.display_name
+  slug         = "web-rdp"
+  display_name = "Web RDP"
   url          = "http://localhost:7171"
-  icon         = var.icon
+  icon         = "/icon/desktop.svg"
   subdomain    = true
   order        = var.order
   group        = var.group

registry/coder/modules/windows-rdp/powershell-installation-script.tftpl

@@ -2,9 +2,6 @@ function Set-AdminPassword {
     param (
         [string]$adminPassword
     )
-    # Explicitly import LocalAccounts module
-    Import-Module Microsoft.PowerShell.LocalAccounts -ErrorAction SilentlyContinue
-    
     # Set admin password
     Get-LocalUser -Name "${admin_username}" | Set-LocalUser -Password (ConvertTo-SecureString -AsPlainText $adminPassword -Force)
     # Enable admin user
@@ -31,61 +28,23 @@ function Install-DevolutionsGateway {
 $moduleName = "DevolutionsGateway"
 $moduleVersion = "${devolutions_gateway_version}"
 
-# Ensure TLS 1.2 is enabled for PSGallery
-[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-
 # Install the module with the specified version for all users
 # This requires administrator privileges
 try {
     # Install-PackageProvider is required for AWS. Need to set command to
     # terminate on failure so that try/catch actually triggers
     Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -ErrorAction Stop
-    
-    # Set PSGallery as trusted after NuGet is installed
-    Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
-    
-    if ($moduleVersion -eq "latest" -or [string]::IsNullOrWhiteSpace($moduleVersion)) {
-        Install-Module -Name $moduleName -Force
-    } else {
-        Install-Module -Name $moduleName -RequiredVersion $moduleVersion -Force
-    }
+    Install-Module -Name $moduleName -RequiredVersion $moduleVersion -Force
 }
 catch {
     # If the first command failed, assume that we're on GCP and run
     # Install-Module only
-    if ($moduleVersion -eq "latest" -or [string]::IsNullOrWhiteSpace($moduleVersion)) {
-        Install-Module -Name $moduleName -Force
-    } else {
-        Install-Module -Name $moduleName -RequiredVersion $moduleVersion -Force
-    }
+    Install-Module -Name $moduleName -RequiredVersion $moduleVersion -Force
 }
 
 # Construct the module path for system-wide installation
-$modulePath = $null # Declare outside the loop
-
-if ($moduleVersion -eq "latest" -or [string]::IsNullOrWhiteSpace($moduleVersion)) {
-    $installedModule = Get-InstalledModule -Name $moduleName -ErrorAction SilentlyContinue
-    if ($installedModule) {
-        $installedVersion = $installedModule.Version.ToString()
-    }
-} else {
-    $installedVersion = $moduleVersion
-}
-
-$paths = $env:PSModulePath -split ';'
-
-foreach ($path in $paths) {
-    $candidatePath = Join-Path -Path $path -ChildPath $moduleName
-    if ($installedVersion) {
-        $candidatePath = Join-Path -Path $candidatePath -ChildPath $installedVersion
-    }
-
-    $psd1Path = Join-Path -Path $candidatePath -ChildPath "$moduleName.psd1"
-    if (Test-Path $psd1Path) {
-        $modulePath = $psd1Path
-        break
-    }
-}
+$moduleBasePath = "C:\Windows\system32\config\systemprofile\Documents\PowerShell\Modules\$moduleName\$moduleVersion"
+$modulePath = Join-Path -Path $moduleBasePath -ChildPath "$moduleName.psd1"
 
 # Import the module using the full path
 Import-Module $modulePath

registry/coder/modules/zed/README.md

@@ -19,7 +19,7 @@ Zed is a high-performance, multiplayer code editor from the creators of Atom and
 module "zed" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/zed/coder"
-  version  = "1.1.1"
+  version  = "1.1.0"
   agent_id = coder_agent.example.id
 }
 ```
@@ -32,7 +32,7 @@ module "zed" {
 module "zed" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/zed/coder"
-  version  = "1.1.1"
+  version  = "1.1.0"
   agent_id = coder_agent.example.id
   folder   = "/home/coder/project"
 }
@@ -44,7 +44,7 @@ module "zed" {
 module "zed" {
   count        = data.coder_workspace.me.start_count
   source       = "registry.coder.com/coder/zed/coder"
-  version      = "1.1.1"
+  version      = "1.1.0"
   agent_id     = coder_agent.example.id
   display_name = "Zed Editor"
   order        = 1
@@ -57,7 +57,7 @@ module "zed" {
 module "zed" {
   count      = data.coder_workspace.me.start_count
   source     = "registry.coder.com/coder/zed/coder"
-  version    = "1.1.1"
+  version    = "1.1.0"
   agent_id   = coder_agent.example.id
   agent_name = coder_agent.example.name
 }
@@ -73,7 +73,7 @@ You can declaratively set/merge settings with the `settings` input. Provide a JS
 module "zed" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/zed/coder"
-  version  = "1.1.1"
+  version  = "1.1.0"
   agent_id = coder_agent.example.id
 
   settings = jsonencode({

registry/coder/modules/zed/main.tf

@@ -73,7 +73,6 @@ resource "coder_script" "zed_settings" {
   icon         = "/icon/zed.svg"
   run_on_start = true
   script       = <<-EOT
-    #!/bin/sh
     set -eu
     SETTINGS_JSON='${replace(var.settings, "\"", "\\\"")}'
     if [ -z "$${SETTINGS_JSON}" ] || [ "$${SETTINGS_JSON}" = "{}" ]; then

registry/coder/templates/kubernetes-devcontainer/main.tf

@@ -264,7 +264,7 @@ resource "kubernetes_deployment" "main" {
         container {
           name              = "dev"
           image             = var.cache_repo == "" ? local.devcontainer_builder_image : envbuilder_cached_image.cached.0.image
-          image_pull_policy = "IfNotPresent"
+          image_pull_policy = "Always"
           security_context {
             privileged = true
           }
@@ -455,4 +455,4 @@ resource "coder_metadata" "container_info" {
     key   = "cache repo"
     value = var.cache_repo == "" ? "not enabled" : var.cache_repo
   }
-}
+}

registry/coder/templates/kubernetes-envbox/main.tf

@@ -152,7 +152,7 @@ resource "kubernetes_pod" "main" {
       name = "dev"
       # We highly recommend pinning this to a specific release of envbox, as the latest tag may change.
       image             = "ghcr.io/coder/envbox:latest"
-      image_pull_policy = "IfNotPresent"
+      image_pull_policy = "Always"
       command           = ["/envbox", "docker"]
 
       security_context {
@@ -310,4 +310,4 @@ resource "kubernetes_pod" "main" {
       }
     }
   }
-}
+}

registry/coder/templates/kubernetes/main.tf

@@ -287,7 +287,7 @@ resource "kubernetes_deployment" "main" {
         container {
           name              = "dev"
           image             = "codercom/enterprise-base:ubuntu"
-          image_pull_policy = "IfNotPresent"
+          image_pull_policy = "Always"
           command           = ["sh", "-c", coder_agent.main.init_script]
           security_context {
             run_as_user = "1000"

registry/djarbz/README.md

@@ -1,11 +0,0 @@
----
-display_name: "Austin"
-bio: "IT Pro by day, script kiddie at night."
-avatar: "./.images/avatar.png"
-github: "djarbz"
-status: "community"
----
-
-# Austin
-
-I like to program as a hobby.

registry/djarbz/modules/copyparty/README.md

@@ -1,68 +0,0 @@
----
-display_name: copyparty
-description: A web based file explorer alternative to Filebrowser.
-icon: ../../../../.icons/copyparty.svg
-verified: false
-tags: [files, filebrowser, web, copyparty]
----
-
-# copyparty
-
-<!-- Describes what this module does -->
-
-This module installs Copyparty, an alternative to Filebrowser.
-[Copyparty](https://github.com/9001/copyparty) is a portable file server with accelerated resumable uploads, dedup, WebDAV, FTP, TFTP, zeroconf, media indexer, thumbnails++ all in one file, no deps
-
-```tf
-module "copyparty" {
-  count   = data.coder_workspace.me.start_count
-  source  = "registry.coder.com/djarbz/copyparty/coder"
-  version = "1.0.1"
-}
-```
-
-<!-- Add a screencast or screenshot here  put them in .images directory -->
-
-![copyparty-browser-fs8](../../.images/copyparty_screenshot.png)
-
-## Examples
-
-### Example 1
-
-Some basic command line options:
-
-```tf
-module "copyparty" {
-  count    = data.coder_workspace.me.start_count
-  source   = "registry.coder.com/djarbz/copyparty/coder"
-  version  = "1.0.1"
-  agent_id = coder_agent.example.id
-  arguments = [
-    "-v", "/home/coder/:/home:r",       # Share home directory (read-only)
-    "-v", "${local.repo_dir}:/repo:rw", # Share project directory (read-write)
-    "-e2dsa",                           # Enables general file indexing"
-  ]
-}
-```
-
-### Example 2
-
-```tf
-module "copyparty" {
-  count     = data.coder_workspace.me.start_count
-  source    = "registry.coder.com/djarbz/copyparty/coder"
-  version   = "1.0.1"
-  agent_id  = coder_agent.example.id
-  subdomain = true
-  arguments = [
-    "-v", "/tmp:/tmp:r",                         # Share tmp directory (read-only)
-    "-v", "/home/coder/:/home:rw",               # Share home directory (read-write)
-    "-v", "${local.root_dir}:/work:A:c,dotsrch", # Share work directory (All Perms)
-    "-e2dsa",                                    # Enables general file indexing
-    "--re-maxage", "900",                        # Rescan filesystem for changes every SEC
-    "--see-dots",                                # Show dotfiles by default if user has correct permissions on volume
-    "--xff-src=lan",                             # List of trusted reverse-proxy CIDRs (comma-separated) or `lan` for private IPs.
-    "--rproxy", "1",                             # Which ip to associate clients with, index of X-FWD IP.
-  ]
-}
-```

registry/djarbz/modules/copyparty/copyparty.tftest.hcl

@@ -1,204 +0,0 @@
-# --- Test Case 1: Required Variables ---
-run "plan_with_required_vars" {
-  command = plan
-
-  variables {
-    agent_id = "example-agent-id"
-  }
-}
-
-# --- Test Case 2: Coder App URL uses custom port ---
-run "app_url_uses_port" {
-  command = plan
-
-  variables {
-    agent_id = "example-agent-id"
-    port     = 19999
-  }
-
-  assert {
-    condition     = resource.coder_app.copyparty.url == "http://localhost:19999"
-    error_message = "Expected copyparty app URL to include configured port"
-  }
-}
-
-# --- Test Case 3: Default Values ---
-run "test_defaults" {
-  # This run block applies the module with default values
-  # (except for the required 'agent_id' provided above).
-
-  variables {
-    agent_id = "example-agent-id"
-  }
-
-  # --- Asserts for coder_app "copyparty" ---
-  assert {
-    condition     = resource.coder_app.copyparty.display_name == "copyparty"
-    error_message = "Default display_name is incorrect"
-  }
-
-  assert {
-    condition     = resource.coder_app.copyparty.slug == "copyparty"
-    error_message = "Default slug is incorrect"
-  }
-
-  assert {
-    condition     = resource.coder_app.copyparty.url == "http://localhost:3923"
-    error_message = "Default URL is incorrect, expected port 3923"
-  }
-
-  assert {
-    condition     = resource.coder_app.copyparty.subdomain == false
-    error_message = "Default subdomain should be false"
-  }
-
-  assert {
-    condition     = resource.coder_app.copyparty.share == "owner"
-    error_message = "Default share value should be 'owner'"
-  }
-
-  assert {
-    condition     = resource.coder_app.copyparty.open_in == "slim-window"
-    error_message = "Default open_in value should be 'slim-window'"
-  }
-
-  # --- Asserts for coder_script "copyparty" ---
-  assert {
-    condition     = coder_script.copyparty.display_name == "copyparty"
-    error_message = "Script display_name is incorrect"
-  }
-
-  # Check rendered script content (this assumes your run.sh uses the variables)
-  assert {
-    condition     = strcontains(coder_script.copyparty.script, "PORT=\"3923\"")
-    error_message = "Script content does not reflect default port"
-  }
-
-  assert {
-    condition     = strcontains(coder_script.copyparty.script, "LOG_PATH=\"/tmp/copyparty.log\"")
-    error_message = "Script content does not reflect default log_path"
-  }
-
-  assert {
-    condition     = strcontains(coder_script.copyparty.script, "ARGUMENTS=()")
-    error_message = "Script content does not reflect default empty arguments"
-  }
-}
-
-# --- Test Case 4: Custom Values ---
-run "test_custom_values" {
-  # Override default variables for this specific run
-  variables {
-    agent_id       = "example-agent-id"
-    port           = 8080
-    slug           = "my-custom-app"
-    display_name   = "My Custom App"
-    share          = "authenticated"
-    open_in        = "tab"
-    pinned_version = "v1.2.3"
-    arguments      = ["--verbose", "-v"]
-    log_path       = "/var/log/custom.log"
-  }
-
-  # --- Asserts for coder_app "copyparty" ---
-  assert {
-    condition     = resource.coder_app.copyparty.display_name == "My Custom App"
-    error_message = "Custom display_name was not applied"
-  }
-
-  assert {
-    condition     = resource.coder_app.copyparty.slug == "my-custom-app"
-    error_message = "Custom slug was not applied"
-  }
-
-  assert {
-    condition     = resource.coder_app.copyparty.url == "http://localhost:8080"
-    error_message = "Custom port was not applied to URL"
-  }
-
-  assert {
-    condition     = resource.coder_app.copyparty.share == "authenticated"
-    error_message = "Custom share value was not applied"
-  }
-
-  assert {
-    condition     = resource.coder_app.copyparty.open_in == "tab"
-    error_message = "Custom open_in value was not applied"
-  }
-
-  # --- Asserts for coder_script "copyparty" ---
-  assert {
-    condition     = strcontains(coder_script.copyparty.script, "PORT=\"8080\"")
-    error_message = "Script content does not reflect custom port"
-  }
-
-  assert {
-    condition     = strcontains(coder_script.copyparty.script, "PINNED_VERSION=\"v1.2.3\"")
-    error_message = "Script content does not reflect custom pinned_version"
-  }
-
-  assert {
-    condition     = strcontains(coder_script.copyparty.script, "ARGUMENTS=(\"--verbose\" \"-v\")")
-    error_message = "Script content does not reflect custom arguments"
-  }
-
-  assert {
-    condition     = strcontains(coder_script.copyparty.script, "LOG_PATH=\"/var/log/custom.log\"")
-    error_message = "Script content does not reflect custom log_path"
-  }
-}
-
-# --- Test Case 5: Validation Failure (open_in) ---
-run "test_invalid_open_in" {
-  # This is a 'plan' test that expects a failure
-  command = plan
-
-  variables {
-    agent_id = "example-agent-id"
-    open_in  = "invalid-value"
-  }
-
-  # Expect this plan to fail due to the validation rule in 'var.open_in'
-  expect_failures = [
-    var.open_in,
-  ]
-}
-
-# --- Test Case 6: Validation Failure (share) ---
-run "test_invalid_share" {
-  # This is a 'plan' test that expects a failure
-  command = plan
-
-  variables {
-    agent_id = "example-agent-id"
-    share    = "everyone" # This is not 'owner', 'authenticated', or 'public'
-  }
-
-  # Expect this plan to fail due to the validation rule in 'var.share'
-  expect_failures = [
-    var.share,
-  ]
-}
-
-# --- Test Case 7: Comma in Arguments [Readme Example 2] ---
-run "test_comma_args" {
-  # Arguments containing commas
-  variables {
-    agent_id = "example-agent-id"
-    arguments = [
-      "-v", "/tmp:/tmp:r",             # Share tmp directory (read-only)
-      "-v", "/home/coder/:/home:rw",   # Share home directory (read-write)
-      "-v", "/work:/work:A:c,dotsrch", # Share work directory (All Perms)
-      "-e2dsa",                        # Enables general file indexing
-      "--re-maxage", "900",            # Rescan filesystem for changes every SEC
-      "--see-dots",                    # Show dotfiles by default if user has correct permissions on volume
-      "--xff-src=lan",                 # List of trusted reverse-proxy CIDRs (comma-separated) or `lan` for private IPs.
-      "--rproxy", "1",                 # Which ip to associate clients with, index of X-FWD IP.
-    ]
-  }
-
-  assert {
-    condition     = strcontains(coder_script.copyparty.script, "ARGUMENTS=(\"-v\" \"/tmp:/tmp:r\" \"-v\" \"/home/coder/:/home:rw\" \"-v\" \"/work:/work:A:c,dotsrch\" \"-e2dsa\" \"--re-maxage\" \"900\" \"--see-dots\" \"--xff-src=lan\" \"--rproxy\" \"1\")")
-    error_message = "Script content does not reflect Readme Example #2 arguments with commas"
-  }
-}

registry/djarbz/modules/copyparty/main.tf

@@ -1,174 +0,0 @@
-terraform {
-  required_version = ">= 1.0"
-
-  required_providers {
-    coder = {
-      source  = "coder/coder"
-      version = ">= 2.5"
-    }
-  }
-}
-
-locals {
-  # A built-in icon like "/icon/code.svg" or a full URL of icon
-  icon_url = "/icon/copyparty.svg"
-  # a map of all possible values
-  # options = {
-  #   "Option 1" = {
-  #     "name"  = "Option 1",
-  #     "value" = "1"
-  #     "icon"  = "/emojis/1.png"
-  #   }
-  #   "Option 2" = {
-  #     "name"  = "Option 2",
-  #     "value" = "2"
-  #     "icon"  = "/emojis/2.png"
-  #   }
-  # }
-}
-
-# Add required variables for your modules and remove any unneeded variables
-variable "agent_id" {
-  type        = string
-  description = "The ID of a Coder agent."
-}
-
-variable "log_path" {
-  type        = string
-  description = "The path to log copyparty to."
-  default     = "/tmp/copyparty.log"
-}
-
-variable "port" {
-  type        = number
-  description = "ports to listen on (comma/range); ignored for unix-sockets (default: 3923)"
-  default     = 3923
-}
-
-variable "slug" {
-  type        = string
-  description = "The slug for the copyparty application."
-  default     = "copyparty"
-}
-
-variable "display_name" {
-  type        = string
-  description = "The display name for the copyparty application."
-  default     = "copyparty"
-}
-
-variable "group" {
-  type        = string
-  description = "The name of a group that this app belongs to."
-  default     = null
-}
-
-variable "open_in" {
-  type        = string
-  description = <<-EOT
-    Determines where the app will be opened. Valid values are `"tab"` and `"slim-window" (default)`.
-    `"tab"` opens in a new tab in the same browser window.
-    `"slim-window"` opens a new browser window without navigation controls.
-  EOT
-  default     = "slim-window"
-  validation {
-    condition     = contains(["tab", "slim-window"], var.open_in)
-    error_message = "The 'open_in' variable must be one of: 'tab', 'slim-window'."
-  }
-}
-
-variable "subdomain" {
-  type        = bool
-  description = <<-EOT
-    Determines whether the app will be accessed via it's own subdomain or whether it will be accessed via a path on Coder.
-    If wildcards have not been setup by the administrator then apps with "subdomain" set to true will not be accessible.
-  EOT
-  default     = false
-}
-
-variable "share" {
-  type    = string
-  default = "owner"
-  validation {
-    condition     = var.share == "owner" || var.share == "authenticated" || var.share == "public"
-    error_message = "Incorrect value. Please set either 'owner', 'authenticated', or 'public'."
-  }
-}
-
-# variable "mutable" {
-#   type        = bool
-#   description = "Whether the parameter is mutable."
-#   default     = true
-# }
-
-variable "order" {
-  type        = number
-  description = "The order determines the position of app in the UI presentation. The lowest order is shown first and apps with equal order are sorted by name (ascending order)."
-  default     = null
-}
-# Add other variables here
-
-variable "pinned_version" {
-  type        = string
-  description = "Install a specific version in semver format (v1.19.16)."
-  default     = ""
-}
-
-variable "arguments" {
-  type        = list(string)
-  description = "A list of arguments to pass to the application."
-  default     = []
-}
-
-
-resource "coder_script" "copyparty" {
-  agent_id     = var.agent_id
-  display_name = "copyparty"
-  icon         = local.icon_url
-  script = templatefile("${path.module}/run.sh", {
-    LOG_PATH : var.log_path,
-    PORT : var.port,
-    PINNED_VERSION : var.pinned_version,
-    ARGUMENTS : join(" ", formatlist("\"%s\"", var.arguments)),
-  })
-  run_on_start = true
-  run_on_stop  = false
-}
-
-resource "coder_app" "copyparty" {
-  agent_id     = var.agent_id
-  slug         = var.slug
-  display_name = var.display_name
-  url          = "http://localhost:${var.port}"
-  icon         = local.icon_url
-  subdomain    = var.subdomain
-  share        = var.share
-  order        = var.order
-  group        = var.group
-  open_in      = var.open_in
-
-  # Remove if the app does not have a healthcheck endpoint
-  healthcheck {
-    url       = "http://localhost:${var.port}"
-    interval  = 5
-    threshold = 6
-  }
-}
-
-# data "coder_parameter" "copyparty" {
-#   type         = "list(string)"
-#   name         = "copyparty"
-#   display_name = "copyparty"
-#   icon         = local.icon_url
-#   mutable      = var.mutable
-#   default      = local.options["Option 1"]["value"]
-
-#   dynamic "option" {
-#     for_each = local.options
-#     content {
-#       icon  = option.value.icon
-#       name  = option.value.name
-#       value = option.value.value
-#     }
-#   }
-# }

registry/djarbz/modules/copyparty/run.sh

@@ -1,97 +0,0 @@
-#!/usr/bin/env bash
-
-# Convert templated variables to shell variables
-# This variable is assigned to itself, so the assignment does nothing.
-# shellcheck disable=SC2269
-LOG_PATH="${LOG_PATH}"
-
-# Ports to listen on (comma/range); ignored for unix-sockets (default: 3923)
-PORT="${PORT}"
-# Pinned version (e.g., v1.19.16); overrides latest release discovery if set
-PINNED_VERSION="${PINNED_VERSION}"
-# Custom CLI Arguments
-# The variable from Terraform is a series of quoted and space separated strings.
-# We need to parse it into a proper bash array.
-ARGUMENTS=(${ARGUMENTS})
-
-# VARIABLE appears unused. Verify use (or export if used externally).
-# shellcheck disable=SC2034
-MODULE_NAME="Copyparty"
-
-printf '\e[1mInstalling %s ...\e[0m\n' "$${MODULE_NAME}"
-
-# Add code here
-# Use variables from the templatefile function in main.tf
-# e.g. LOG_PATH, PORT, etc.
-
-printf "🐍 Verifying Python 3 installation...\n"
-if ! command -v python3 &> /dev/null; then
-  printf "❌ Python3 could not be found. Please install it to continue.\n"
-  exit 1
-fi
-printf "✅ Python3 is installed.\n"
-
-RELEASE_TO_INSTALL=""
-# Install provided version to pin, otherwise discover latest github release from `https://github.com/9001/copyparty`.
-if [[ -n "$${PINNED_VERSION}" ]]; then
-  printf "📌 Pinned version specified: %s\n" "$${PINNED_VERSION}"
-  # Verify that it is in v#.#.# format
-  if [[ ! "$${PINNED_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-    printf "❌ Invalid format for PINNED_VERSION. Expected 'v#.#.#' (e.g., v1.19.16).\n"
-    exit 1
-  fi
-  RELEASE_TO_INSTALL="$${PINNED_VERSION}"
-  printf "✅ Using pinned version %s.\n" "$${RELEASE_TO_INSTALL}"
-else
-  printf "🔎 Discovering latest release from GitHub...\n"
-  # Use curl to get the latest release tag from the GitHub API and sed to parse it
-  LATEST_RELEASE=$(curl -fsSL https://api.github.com/repos/9001/copyparty/releases/latest | grep '"tag_name":' | sed -E 's/.*"(v[^"]+)".*/\1/')
-  if [[ -z "$${LATEST_RELEASE}" ]]; then
-    printf "❌ Could not determine the latest release. Please check your internet connection.\n"
-    exit 1
-  fi
-  RELEASE_TO_INSTALL="$${LATEST_RELEASE}"
-  printf "🏷️  Latest release is %s.\n" "$${RELEASE_TO_INSTALL}"
-fi
-
-# Download appropriate release version assets: `copyparty-sfx.py` and `helptext.html`.
-printf "🚀 Downloading copyparty %s...\n" "$${RELEASE_TO_INSTALL}"
-DOWNLOAD_URL="https://github.com/9001/copyparty/releases/download/$${RELEASE_TO_INSTALL}"
-
-printf "⏬ Downloading copyparty-sfx.py...\n"
-if ! curl -fsSL -o /tmp/copyparty-sfx.py "$${DOWNLOAD_URL}/copyparty-sfx.py"; then
-  printf "❌ Failed to download copyparty-sfx.py.\n"
-  exit 1
-fi
-
-printf "⏬ Downloading helptext.html...\n"
-if ! curl -fsSL -o /tmp/helptext.html "$${DOWNLOAD_URL}/helptext.html"; then
-  # This is not a fatal error, just a warning.
-  printf "⚠️  Could not download helptext.html. The application will still work.\n"
-fi
-
-chmod +x /tmp/copyparty-sfx.py
-printf "✅ Download complete.\n"
-
-printf "🥳 Installation complete!\n"
-
-# Build a clean, quoted string of the command for logging purposes only.
-log_command="python3 /tmp/copyparty-sfx.py -p '$${PORT}'"
-for arg in "$${ARGUMENTS[@]}"; do
-  # printf "DEBUG: ARG [$${arg}]\n"
-  log_command+=" '$${arg}'"
-done
-
-# Dump the executing command to a tmp file for diagnostic review.
-{
-  printf "=== Starting copyparty at %s ===\n" "$(date)"
-  printf "EXECUTING: %s\n" "$${log_command}"
-} > "/tmp/copyparty.cmd"
-
-printf "👷 Starting %s in background...\n" "$${MODULE_NAME}"
-
-# Execute the actual command using the robust array expansion.
-# Then, capture its output (stdout and stderr) to the log file.
-python3 /tmp/copyparty-sfx.py -p "$${PORT}" "$${ARGUMENTS[@]}" > "$${LOG_PATH}" 2>&1 &
-
-printf "✅ Service started. Check logs at %s\n" "$${LOG_PATH}"

registry/ericpaulsen/templates/nfs-deployment/README.md

@@ -1,70 +0,0 @@
----
-display_name: "NFS K8s Deployment"
-description: "Mount an NFS share to a Coder K8s workspace"
-icon: "../../../../.icons/folder.svg"
-verified: false
-tags: ["kubernetes", "shared-dir", "nfs"]
----
-
-# NFS K8s Deployment
-
-This template provisions a Coder workspace as a Kubernetes Deployment, with an NFS share mounted
-as a volume. The NFS share will synchronize the server-side files onto the client (Coder workspace)
-When you stop the Coder workspace and rebuild, the NFS share will be re-mounted, and the changes persisted.
-
-Note the `volume` and `volume_mount` blocks in the deployment and container spec,
-respectively:
-
-```terraform
-resource "kubernetes_deployment" "main" {
-  spec {
-    template {
-      spec {
-        container {
-          volume_mount {
-            mount_path = data.coder_parameter.nfs_mount_path.value # mount path in the container
-            name       = "nfs-share"
-          }
-        }
-        volume {
-          name = "nfs-share"
-          nfs {
-            path   = data.coder_parameter.nfs_mount_path.value # path to be exported from the server
-            server = data.coder_parameter.nfs_server.value     # server IP address
-          }
-        }
-      }
-    }
-  }
-}
-```
-
-## server-side configuration
-
-1. Create an NFS mount on the server for the clients to access:
-
-   ```console
-   export NFS_MNT_PATH=/mnt/nfs_share
-   # Create directory to shaare
-   sudo mkdir -p $NFS_MNT_PATH
-   # Assign UID & GIDs access
-   sudo chown -R uid:gid $NFS_MNT_PATH
-   sudo chmod 777 $NFS_MNT_PATH
-   ```
-
-1. Grant access to the client by updating the `/etc/exports` file, which
-   controls the directories shared with remote clients. See
-   [Red Hat's docs for more information about the configuration options](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-nfs-server-config-exports).
-
-   ```console
-   # Provides read/write access to clients accessing the NFS from any IP address.
-   /mnt/nfs_share  *(rw,sync,no_subtree_check)
-   ```
-
-1. Export the NFS file share directory. You must do this every time you change
-   `/etc/exports`.
-
-   ```console
-   sudo exportfs -a
-   sudo systemctl restart <nfs-package>
-   ```

registry/ericpaulsen/templates/nfs-deployment/main.tf

@@ -1,348 +0,0 @@
-terraform {
-  required_providers {
-    coder = {
-      source = "coder/coder"
-    }
-    kubernetes = {
-      source = "hashicorp/kubernetes"
-    }
-  }
-}
-
-provider "coder" {
-}
-
-provider "kubernetes" {
-  config_path = var.use_kubeconfig == true ? "~/.kube/config" : null
-}
-
-variable "use_kubeconfig" {
-  type        = bool
-  description = <<-EOF
-  Use host kubeconfig? (true/false)
-
-  Set this to false if the Coder host is itself running as a Pod on the same
-  Kubernetes cluster as you are deploying workspaces to.
-
-  Set this to true if the Coder host is running outside the Kubernetes cluster
-  for workspaces.  A valid "~/.kube/config" must be present on the Coder host.
-  EOF
-  default     = false
-}
-
-variable "namespace" {
-  type        = string
-  description = "The Kubernetes namespace to create workspaces in (must exist prior to creating workspaces). If the Coder host is itself running as a Pod on the same Kubernetes cluster as you are deploying workspaces to, set this to the same namespace."
-}
-
-data "coder_workspace" "me" {}
-data "coder_workspace_owner" "me" {}
-
-data "coder_parameter" "cpu" {
-  name         = "cpu"
-  display_name = "CPU"
-  description  = "The number of CPU cores"
-  default      = "2"
-  icon         = "/icon/memory.svg"
-  mutable      = true
-  option {
-    name  = "2 Cores"
-    value = "2"
-  }
-  option {
-    name  = "4 Cores"
-    value = "4"
-  }
-  option {
-    name  = "6 Cores"
-    value = "6"
-  }
-  option {
-    name  = "8 Cores"
-    value = "8"
-  }
-}
-
-data "coder_parameter" "memory" {
-  name         = "memory"
-  display_name = "Memory"
-  description  = "The amount of memory in GB"
-  default      = "2"
-  icon         = "/icon/memory.svg"
-  mutable      = true
-  option {
-    name  = "2 GB"
-    value = "2"
-  }
-  option {
-    name  = "4 GB"
-    value = "4"
-  }
-  option {
-    name  = "6 GB"
-    value = "6"
-  }
-  option {
-    name  = "8 GB"
-    value = "8"
-  }
-}
-
-data "coder_parameter" "home_disk_size" {
-  name         = "home_disk_size"
-  display_name = "Home disk size"
-  description  = "The size of the home disk in GB"
-  default      = "10"
-  type         = "number"
-  icon         = "/emojis/1f4be.png"
-  mutable      = false
-  validation {
-    min = 1
-    max = 99999
-  }
-}
-
-data "coder_parameter" "nfs_server" {
-  name         = "nfs_server"
-  type         = "string"
-  display_name = "NFS Server IP"
-  description  = "The NFS server IP address to use for the workspace"
-}
-
-data "coder_parameter" "nfs_mount_path" {
-  name         = "nfs_mount_path"
-  type         = "string"
-  display_name = "NFS Mount Path"
-  description  = "The path in your workspace container to mount the NFS share to"
-  default      = "/mnt/nfs-share"
-  validation {
-    regex = "^/[a-zA-Z0-9_-]+(/[a-zA-Z0-9_-]+)*$"
-    error = "NFS mount path must be a valid path in your workspace container"
-  }
-}
-
-resource "coder_agent" "coder" {
-  os   = "linux"
-  arch = "amd64"
-
-  # The following metadata blocks are optional. They are used to display
-  # information about your workspace in the dashboard. You can remove them
-  # if you don't want to display any information.
-  # For basic resources, you can use the `coder stat` command.
-  # If you need more control, you can write your own script.
-  metadata {
-    display_name = "CPU Usage"
-    key          = "0_cpu_usage"
-    script       = "coder stat cpu"
-    interval     = 10
-    timeout      = 1
-  }
-
-  metadata {
-    display_name = "RAM Usage"
-    key          = "1_ram_usage"
-    script       = "coder stat mem"
-    interval     = 10
-    timeout      = 1
-  }
-
-  metadata {
-    display_name = "Home Disk"
-    key          = "3_home_disk"
-    script       = "coder stat disk --path $${HOME}"
-    interval     = 60
-    timeout      = 1
-  }
-
-  metadata {
-    display_name = "CPU Usage (Host)"
-    key          = "4_cpu_usage_host"
-    script       = "coder stat cpu --host"
-    interval     = 10
-    timeout      = 1
-  }
-
-  metadata {
-    display_name = "Memory Usage (Host)"
-    key          = "5_mem_usage_host"
-    script       = "coder stat mem --host"
-    interval     = 10
-    timeout      = 1
-  }
-
-  metadata {
-    display_name = "Load Average (Host)"
-    key          = "6_load_host"
-    # get load avg scaled by number of cores
-    script   = <<EOT
-      echo "`cat /proc/loadavg | awk '{ print $1 }'` `nproc`" | awk '{ printf "%0.2f", $1/$2 }'
-    EOT
-    interval = 60
-    timeout  = 1
-  }
-}
-
-module "vscode-web" {
-  count          = data.coder_workspace.me.start_count
-  source         = "registry.coder.com/coder/vscode-web/coder"
-  version        = "1.3.1"
-  agent_id       = coder_agent.coder.id
-  accept_license = true
-}
-
-resource "kubernetes_deployment" "main" {
-  count = data.coder_workspace.me.start_count
-  depends_on = [
-    kubernetes_persistent_volume_claim.home
-  ]
-  wait_for_rollout = false
-  metadata {
-    name      = "coder-${data.coder_workspace.me.id}"
-    namespace = var.namespace
-    labels = {
-      "app.kubernetes.io/name"     = "coder-workspace"
-      "app.kubernetes.io/instance" = "coder-workspace-${data.coder_workspace.me.id}"
-      "app.kubernetes.io/part-of"  = "coder"
-      "com.coder.resource"         = "true"
-      "com.coder.workspace.id"     = data.coder_workspace.me.id
-      "com.coder.workspace.name"   = data.coder_workspace.me.name
-      "com.coder.user.id"          = data.coder_workspace_owner.me.id
-      "com.coder.user.username"    = data.coder_workspace_owner.me.name
-    }
-    annotations = {
-      "com.coder.user.email" = data.coder_workspace_owner.me.email
-    }
-  }
-
-  spec {
-    replicas = 1
-    selector {
-      match_labels = {
-        "app.kubernetes.io/name"     = "coder-workspace"
-        "app.kubernetes.io/instance" = "coder-workspace-${data.coder_workspace.me.id}"
-        "app.kubernetes.io/part-of"  = "coder"
-        "com.coder.resource"         = "true"
-        "com.coder.workspace.id"     = data.coder_workspace.me.id
-        "com.coder.workspace.name"   = data.coder_workspace.me.name
-        "com.coder.user.id"          = data.coder_workspace_owner.me.id
-        "com.coder.user.username"    = data.coder_workspace_owner.me.name
-      }
-    }
-    strategy {
-      type = "Recreate"
-    }
-
-    template {
-      metadata {
-        labels = {
-          "app.kubernetes.io/name"     = "coder-workspace"
-          "app.kubernetes.io/instance" = "coder-workspace-${data.coder_workspace.me.id}"
-          "app.kubernetes.io/part-of"  = "coder"
-          "com.coder.resource"         = "true"
-          "com.coder.workspace.id"     = data.coder_workspace.me.id
-          "com.coder.workspace.name"   = data.coder_workspace.me.name
-          "com.coder.user.id"          = data.coder_workspace_owner.me.id
-          "com.coder.user.username"    = data.coder_workspace_owner.me.name
-        }
-      }
-      spec {
-
-        container {
-          name              = "dev"
-          image             = "codercom/enterprise-base:ubuntu"
-          image_pull_policy = "Always"
-          command           = ["sh", "-c", coder_agent.coder.init_script]
-          env {
-            name  = "CODER_AGENT_TOKEN"
-            value = coder_agent.coder.token
-          }
-          resources {
-            requests = {
-              "cpu"    = "250m"
-              "memory" = "512Mi"
-            }
-            limits = {
-              "cpu"    = "${data.coder_parameter.cpu.value}"
-              "memory" = "${data.coder_parameter.memory.value}Gi"
-            }
-          }
-          volume_mount {
-            mount_path = "/home/${lower(data.coder_workspace_owner.me.name)}"
-            name       = "home"
-            read_only  = false
-          }
-          volume_mount {
-            mount_path = data.coder_parameter.nfs_mount_path.value
-            name       = "nfs-share"
-          }
-        }
-
-        volume {
-          name = "home"
-          persistent_volume_claim {
-            claim_name = kubernetes_persistent_volume_claim.home.metadata.0.name
-            read_only  = false
-          }
-        }
-
-        volume {
-          name = "nfs-share"
-          nfs {
-            path   = data.coder_parameter.nfs_mount_path.value
-            server = data.coder_parameter.nfs_server.value
-          }
-        }
-
-        affinity {
-          // This affinity attempts to spread out all workspace pods evenly across
-          // nodes.
-          pod_anti_affinity {
-            preferred_during_scheduling_ignored_during_execution {
-              weight = 1
-              pod_affinity_term {
-                topology_key = "kubernetes.io/hostname"
-                label_selector {
-                  match_expressions {
-                    key      = "app.kubernetes.io/name"
-                    operator = "In"
-                    values   = ["coder-workspace"]
-                  }
-                }
-              }
-            }
-          }
-        }
-      }
-    }
-  }
-}
-
-resource "kubernetes_persistent_volume_claim" "home" {
-  metadata {
-    name      = "${lower(data.coder_workspace_owner.me.name)}-${lower(data.coder_workspace_owner.me.name)}-home"
-    namespace = var.namespace
-    labels = {
-      "app.kubernetes.io/name"     = "coder-pvc"
-      "app.kubernetes.io/instance" = "coder-pvc-${data.coder_workspace.me.id}"
-      "app.kubernetes.io/part-of"  = "coder"
-      //Coder-specific labels.
-      "com.coder.resource"       = "true"
-      "com.coder.workspace.id"   = data.coder_workspace.me.id
-      "com.coder.workspace.name" = data.coder_workspace.me.name
-      "com.coder.user.id"        = data.coder_workspace_owner.me.id
-      "com.coder.user.username"  = data.coder_workspace_owner.me.name
-    }
-    annotations = {
-      "com.coder.user.email" = data.coder_workspace_owner.me.email
-    }
-  }
-  wait_until_bound = false
-  spec {
-    access_modes = ["ReadWriteOnce"]
-    resources {
-      requests = {
-        storage = "${data.coder_parameter.home_disk_size.value}Gi"
-      }
-    }
-  }
-}