[pull] main from coder:main #96
Open
+53,558
−18,672
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ns (#18336) closes #18307 relates to #18318 preview: - [refresh-tokens](https://coder.com/docs/@18307-refresh-tokens/admin/users/oidc-auth/refresh-tokens) - [configuring-okta](https://coder.com/docs/@18307-refresh-tokens/tutorials/configuring-okta) ~(not sure why @Emyrk 's photo is so huge there though)~ ✔️ - [x] removed from [idp-sync](https://coder.com/docs/@18307-refresh-tokens/admin/users/idp-sync) to do: - move keycloak - add ping federate and azure - edit text (possibly placeholders for now - I want to see how it all relates and edit it again. right now, there's a note about the same thing in every section in way that's not super helpful/necessary) - ~convert some paragraphs to OL~ calling this out of scope for now --------- Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
…18395) Declared context outside the subtest t.Parallel.
#18265) ## Description Adds tests for `ReconcileAll` to verify the full reconciliation flow when handling expired prebuilds. This complements existing lower-level tests by checking multiple reconciliation actions (delete + create) at the higher reconciliation cycle level. Related with comment: #17996 (comment)
This commit consolidates two container endpoints on the backend and improves the frontend devcontainer support by showing names and displaying apps as appropriate. With this change, the frontend now has knowledge of the subagent and we can also display things like port forwards. The frontend was updated to show dev container labels on the border as well as subagent connection status. The recreation flow was also adjusted a bit to show placeholder app icons when relevant. Support for apps was also added, although these are still WIP on the backend. And the port forwarding utility was added in since the sub agents now provide the necessary info. Fixes coder/internal#666
…ons nullable (#18403) The fields must be nullable because there’s a period of time between inserting a row into the database and finishing the “plan” provisioner job when the final value of the field is unknown.
Updates all Go version references in the codebase to use Go 1.24.4. ## Changes - Update `go.mod` to use Go 1.24.4 - Update `dogfood/coder/Dockerfile` GO_VERSION to 1.24.4 - Update `.github/actions/setup-go/action.yaml` default version to 1.24.4 - Update `examples/parameters-dynamic-options/variables.yml` to use golang:1.24 ## Testing - ✅ All Go version references are consistent (verified with `scripts/check_go_versions.sh`) - ✅ Build tested successfully with Go 1.24.4 - ✅ Binary runs correctly Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com> Co-authored-by: sreya <4856196+sreya@users.noreply.github.com>
Updates Terraform from 1.11.4 to 1.12.2 across all relevant files. Changes include: - GitHub Actions setup-tf configuration - Dockerfile configurations (dogfood and base) - Install script - Provisioner install.go with version constants - Test data files (tfstate.json, tfplan.json, version.txt) Follows the same pattern as PR #17323 which updated to 1.11.4. Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com> Co-authored-by: sreya <4856196+sreya@users.noreply.github.com>
`content.Len()` would return `0` bytes after a file was fully read. Since the buffer `Len` function returns the length of the unread portion.
I modified the proxy host cache we already had and were using for websocket csp headers to also include the wildcard app host, then used those for frame-src policies. I did not add frame-ancestors, since if I understand correctly, those would go on the app, and this middleware does not come into play there. Maybe we will want to add it on workspace apps like we do with cors, if we find apps are setting it to `none` or something. Closes coder/internal#684
Updated with module links. - [ ] Still missing the Amazon Q agent. [preview](https://coder.com/docs/@atif%2Fai-agents-modules/ai-coder/agents#types-of-coding-agents) --------- Co-authored-by: Edward Angert <EdwardAngert@users.noreply.github.com>
Adds a custom marshaler to handle some cases where nils were being marshaled to nulls, causing the web UI to throw an error. --------- Co-authored-by: Steven Masley <stevenmasley@gmail.com>
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com> Co-authored-by: matifali <10648092+matifali@users.noreply.github.com>
…18346) Add apps to the sub agent based on the dev container customization. The implementation also provides the following env variables for use in the devcontainer json - `CODER_WORKSPACE_AGENT_NAME` - `CODER_WORKSPACE_USER_NAME` - `CODER_WORKSPACE_NAME` - `CODER_DEPLOYMENT_URL`
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com> Co-authored-by: matifali <10648092+matifali@users.noreply.github.com> Co-authored-by: Cian Johnston <cian@coder.com>
…18294) Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com> Co-authored-by: kylecarbs <7122116+kylecarbs@users.noreply.github.com>
…ints (#18387) This PR allows filtering templates and workspaces with the `has-ai-task` filter as described in the [Coder Tasks RFC](https://www.notion.so/coderhq/Coder-Tasks-207d579be5928053ab68c8d9a4b59eaa?source=copy_link#20ad579be59280e6a000eb0646d3c2df).
This PR implements the backend logic for determining if the Tasks tab should be visible in the web UI as described in [the RFC](https://www.notion.so/coderhq/Coder-Tasks-207d579be5928053ab68c8d9a4b59eaa?source=copy_link#210d579be5928013ab5acbe69a2f548b). The frontend component will be added in a follow-up PR once the entire Tasks backend is implemented so as not to break the dogfood environment until then.
* use `ctx` instead of `session.Context()` for consistency * log SSH connection start with the phrase `ssh connection` for symmetry with the stop log and ease of `grep`'ing.
Fixes duplicate migration introduced by #18575
) # Add Code Navigation and Investigation Guide for Go LSP Tools Added a new section to the CLAUDE.md documentation that explains how to use Go Language Server Protocol (LSP) tools when working with the Coder codebase. The guide includes: - Commands for finding function definitions, symbol references, and getting symbol information - Examples of LSP usage with specific commands - Guidance on when to use LSP versus other tools like grep or bash - A structured investigation strategy for navigating the codebase, starting with route registration and tracing through to implementations This documentation helps developers more efficiently explore and understand the codebase structure.
…18643) # Add OAuth2 Protected Resource Metadata Endpoint This PR implements the OAuth2 Protected Resource Metadata endpoint according to RFC 9728. The endpoint is available at `/.well-known/oauth-protected-resource` and provides information about Coder as an OAuth2 protected resource. Key changes: - Added a new endpoint at `/.well-known/oauth-protected-resource` that returns metadata about Coder as an OAuth2 protected resource - Created a new `OAuth2ProtectedResourceMetadata` struct in the SDK - Added tests to verify the endpoint functionality - Updated API documentation to include the new endpoint The implementation currently returns basic metadata including the resource identifier and authorization server URL. The `scopes_supported` field is empty until a scope system based on RBAC permissions is implemented. The `bearer_methods_supported` field is omitted as Coder uses custom authentication methods rather than standard RFC 6750 bearer tokens. A TODO has been added to implement RFC 6750 bearer token support in the future.
The template presets endpoint returns a null response when a template version does not define any presets.
# Add RFC 6750 Bearer Token Authentication Support This PR implements RFC 6750 Bearer Token authentication as an additional authentication method for Coder's API. This allows clients to authenticate using standard OAuth 2.0 Bearer tokens in two ways: 1. Using the `Authorization: Bearer <token>` header 2. Using the `access_token` query parameter Key changes: - Added support for extracting tokens from both Bearer headers and access_token query parameters - Implemented proper WWW-Authenticate headers for 401/403 responses with appropriate error descriptions - Added comprehensive test coverage for the new authentication methods - Updated the OAuth2 protected resource metadata endpoint to advertise Bearer token support - Enhanced the OAuth2 testing script to verify Bearer token functionality These authentication methods are added as fallback options, maintaining backward compatibility with Coder's existing authentication mechanisms. The existing authentication methods (cookies, session token header, etc.) still take precedence. This implementation follows the OAuth 2.0 Bearer Token specification (RFC 6750) and improves interoperability with standard OAuth 2.0 clients.
Fixes the "Helm README" link on https://coder.com/docs/install/kubernetes so it goes to the right path. Side note: I don't see any content in https://coder.com/docs/about/contributing/documentation about to whom such a PR should be assigned, if any. Edward was suggested and I see you've worked on other PR's with the `docs` label, so going with that.
Embarassing mistake I made months ago 😦 *Doesn't effect schmoder, since we don't parse that max, it calculates it itself
<img width="528" alt="Screenshot 2025-07-02 at 23 06 51" src="https://github.com/user-attachments/assets/d6223d99-bc1b-4325-8eb6-d87a687bcec8" />
…me envbuilder template (#18741) This change adds a new `docker-devcontainer` template which allows you to provision a workspace running in Docker, that also creates workspaces via Docker running inside (DinD). - **chore(examples/templates): rename `docker-devcontainer` to `docker-envbuilder`** - **feat(examples/templates): add `docker-devcontainer` example template**
This interface allows it to create rich codersdk errors and pass them up to the `wsbuilder` error handling.
…18645) # Implement OAuth2 Dynamic Client Registration (RFC 7591/7592) This PR implements OAuth2 Dynamic Client Registration according to RFC 7591 and Client Configuration Management according to RFC 7592. These standards allow OAuth2 clients to register themselves programmatically with Coder as an authorization server. Key changes include: 1. Added database schema extensions to support RFC 7591/7592 fields in the `oauth2_provider_apps` table 2. Implemented `/oauth2/register` endpoint for dynamic client registration (RFC 7591) 3. Added client configuration management endpoints (RFC 7592): - GET/PUT/DELETE `/oauth2/clients/{client_id}` - Registration access token validation middleware 4. Added comprehensive validation for OAuth2 client metadata: - URI validation with support for custom schemes for native apps - Grant type and response type validation - Token endpoint authentication method validation 5. Enhanced developer documentation with: - RFC compliance guidelines - Testing best practices to avoid race conditions - Systematic debugging approaches for OAuth2 implementations The implementation follows security best practices from the RFCs, including proper token handling, secure defaults, and appropriate error responses. This enables third-party applications to integrate with Coder's OAuth2 provider capabilities programmatically.
# Organize Development Documentation into Separate Files This PR reorganizes the development documentation by splitting the monolithic CLAUDE.md file into multiple focused documents. The main file now provides a concise overview with essential commands and critical patterns, while importing detailed content from specialized guides. Key improvements: - Created separate documentation files for specific domains: - Database development patterns - OAuth2 implementation guidelines - Testing best practices - Troubleshooting common issues - Development workflows and guidelines - Restructured the main CLAUD A3E2 E.md to be more scannable with improved formatting - Added quick-reference tables for common commands - Maintained all existing content while making it more accessible - Highlighted critical patterns that must be followed This organization makes the documentation more maintainable and easier to navigate, allowing developers to quickly find relevant information for their specific tasks.
# Remove unique constraint on OAuth2 provider app names This PR removes the unique constraint on the `name` field in the `oauth2_provider_apps` table to comply with RFC 7591, which only requires unique client IDs, not unique client names. Changes include: - Removing the unique constraint from the database schema - Adding migration files for both up and down migrations - Removing the name uniqueness check in the in-memory database implementation - Updating the unique constraint constants Change-Id: Iae7a1a06546fbc8de541a52e291f8a4510d57e8a Signed-off-by: Thomas Kosiewski <tk@coder.com>
# Add MCP HTTP server with streamable transport support - Add MCP HTTP server with streamable transport support - Integrate with existing toolsdk for Coder workspace operations - Add comprehensive E2E tests with OAuth2 bearer token support - Register MCP endpoint at /api/experimental/mcp/http with authentication - Support RFC 6750 Bearer token authentication for MCP clients Change-Id: Ib9024569ae452729908797c42155006aa04330af Signed-off-by: Thomas Kosiewski <tk@coder.com>
# Add OAuth2 Provider Functionality as an Experiment This PR adds a new experiment flag `oauth2` that enables OAuth2 provider functionality in Coder. When enabled, this experiment allows Coder to act as an OAuth2 provider. The changes include: - Added the new `ExperimentOAuth2` constant with appropriate documentation - Updated the OAuth2 provider middleware to check for the experiment flag - Modified the error message to indicate that the OAuth2 provider requires enabling the experiment - Added the new experiment to the known experiments list in the SDK Previously, OAuth2 provider functionality was only available in development mode. With this change, it can be enabled in production environments by activating the experiment.
#18712) # Add MCP HTTP Server Experiment This PR adds a new experiment flag `mcp-server-http` to enable the MCP HTTP server functionality. The changes include: 1. Added a new experiment constant `ExperimentMCPServerHTTP` with the value "mcp-server-http" 2. Added display name and documentation for the new experiment 3. Improved the experiment middleware to: - Support requiring multiple experiments - Provide better error messages with experiment display names - Add a development mode bypass option 4. Applied the new experiment requirement to the MCP HTTP endpoint 5. Replaced the custom OAuth2 middleware with the standard experiment middleware The PR also improves the `Enabled()` method on the `Experiments` type by using `slices.Contains()` for better readability.
# Refactor OAuth2 Provider Code into Dedicated Package This PR refactors the OAuth2 provider functionality by moving it from the main `coderd` package into a dedicated `oauth2provider` package. The change improves code organization and maintainability without changing functionality. Key changes: - Created a new `oauth2provider` package to house all OAuth2 provider-related code - Moved existing OAuth2 provider functionality from `coderd/identityprovider` to the new package - Refactored handler functions to follow a consistent pattern of returning `http.HandlerFunc` instead of being handlers directly - Split large files into smaller, more focused files organized by functionality: - `app_secrets.go` - Manages OAuth2 application secrets - `apps.go` - Handles OAuth2 application CRUD operations - `authorize.go` - Implements the authorization flow - `metadata.go` - Provides OAuth2 metadata endpoints - `registration.go` - Handles dynamic client registration - `revoke.go` - Implements token revocation - `secrets.go` - Manages secret generation and validation - `tokens.go` - Handles token issuance and validation This refactoring improves code organization and makes the OAuth2 provider functionality more maintainable while preserving all existing behavior.
) # OAuth2 Provider Code Reorganization This PR reorganizes the OAuth2 provider code to improve separation of concerns and maintainability. The changes include: 1. Migrating OAuth2 provider app validation tests from `coderd/oauth2_test.go` to `oauth2provider/provider_test.go` 2. Moving OAuth2 client registration validation tests to `oauth2provider/validation_test.go` 3. Adding new comprehensive test files for metadata and validation edge cases 4. Renaming `OAuth2ProviderAppSecret` to `AppSecret` for better naming consistency 5. Simplifying the main integration test in `oauth2_test.go` to focus on core functionality The PR maintains all existing test coverage while organizing the code more logically, making it easier to understand and maintain the OAuth2 provider implementation. This reorganization will help with future enhancements to the OAuth2 provider functionality.
If using dynamic parameters, workspace tags are extracted using `coder/preview`.
Add a confirmation dialog to the release script that prompts the user to manually update the release calendar documentation before proceeding with the release. ## Changes - Added a confirmation prompt that asks users to update the release calendar documentation - Provides the URL to the documentation (https://coder.com/docs/install/releases#release-schedule) - Suggests running the `./scripts/update-release-calendar.sh` script - Requires explicit confirmation before proceeding with the release - Exits the script if the user hasn't updated the documentation ## Testing - [x] Script syntax validation passes (`bash -n scripts/release.sh`) - [x] Changes are placed at the appropriate point in the release flow (after release notes editing, before actual release creation) This addresses the issue where the release calendar documentation was getting out of date. While automation can be added later, this ensures users manually confirm the documentation is updated before each release. Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com> Co-authored-by: bpmct <22407953+bpmct@users.noreply.github.com>
Adds a new hook called `useWithRetry` as part of coder/internal#659 --------- Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com> Co-authored-by: BrunoQuaresma <3165839+BrunoQuaresma@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com>
some of these changes might also be in other PRs, but hopefully this doesn't cause any merge conflicts closes #18197 --------- Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
- Reorganize each option in two sections: Web and Desktop Client - Moves the warning about UDP connections to the bottom - Move Coder Desktop as the first option - Links the Coder Desktop RDP module Preview: https://coder.com/docs/@remote-desktop-module/user-guides/workspace-access/remote-desktops
Forgot to add this in #18716
This bumps `slog` to incorporate coder/slog#219. Before: ```json { "fields": { "Code": "{Int32:0 Valid:false}", "ValidCode": "{Int32:12 Valid:true}" } } ``` After: ```json { "fields": { "Code": null, "ValidCode": 12 } } ```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.1)
Can you help keep this open source service alive? 💖 Please sponsor : )