chore(cli): lighten flags on help page (#9606)

2025-07-13 21:36:50 +00:00 · 2023-09-08 13:43:56 -05:00
parent e361f1107b
commit f703a5b34e
62 changed files with 413 additions and 413 deletions
--- a/cli/help.go
+++ b/cli/help.go
@ -60,7 +60,7 @@ var usageTemplate = template.Must(
 			},
 			"keyword": func(s string) string {
 				return pretty.Sprint(
-					pretty.FgColor(cliui.Color("#0173ff")),
+					pretty.FgColor(cliui.Color("#87ceeb")),
 					s,
 				)
 			},
--- a/cli/testdata/coder_--help.golden
+++ b/cli/testdata/coder_--help.golden
@ -53,38 +53,38 @@ coder v0.0.0-devel
 Global options are applied to all commands. They can be set using environment
 variables or flags.

-      [94m--[0m[94mdebug-options[0m bool
+      [96m--[0m[96mdebug-options[0m bool
          Print all options, how they're set, then exit.

-      [94m--[0m[94mdisable-direct-connections[0m bool, [94m$CODER_DISABLE_DIRECT_CONNECTIONS[0m
+      [96m--[0m[96mdisable-direct-connections[0m bool, [96m$CODER_DISABLE_DIRECT_CONNECTIONS[0m
          Disable direct (P2P) connections to workspaces.

-      [94m--[0m[94mglobal-config[0m string, [94m$CODER_CONFIG_DIR[0m (default: ~/.config/coderv2)
+      [96m--[0m[96mglobal-config[0m string, [96m$CODER_CONFIG_DIR[0m (default: ~/.config/coderv2)
          Path to the global `coder` config directory.

-      [94m--[0m[94mheader[0m string-array, [94m$CODER_HEADER[0m
+      [96m--[0m[96mheader[0m string-array, [96m$CODER_HEADER[0m
          Additional HTTP headers added to all requests. Provide as key=value.
          Can be specified multiple times.

-      [94m--[0m[94mheader-command[0m string, [94m$CODER_HEADER_COMMAND[0m
+      [96m--[0m[96mheader-command[0m string, [96m$CODER_HEADER_COMMAND[0m
          An external command that outputs additional HTTP headers added to all
          requests. The command must output each header as `key=value` on its
          own line.

-      [94m--[0m[94mno-feature-warning[0m bool, [94m$CODER_NO_FEATURE_WARNING[0m
+      [96m--[0m[96mno-feature-warning[0m bool, [96m$CODER_NO_FEATURE_WARNING[0m
          Suppress warnings about unlicensed features.

-      [94m--[0m[94mno-version-warning[0m bool, [94m$CODER_NO_VERSION_WARNING[0m
+      [96m--[0m[96mno-version-warning[0m bool, [96m$CODER_NO_VERSION_WARNING[0m
          Suppress warning when client and server versions do not match.

-      [94m--[0m[94mtoken[0m string, [94m$CODER_SESSION_TOKEN[0m
+      [96m--[0m[96mtoken[0m string, [96m$CODER_SESSION_TOKEN[0m
          Specify an authentication token. For security reasons setting
          CODER_SESSION_TOKEN is preferred.

-      [94m--[0m[94murl[0m url, [94m$CODER_URL[0m
+      [96m--[0m[96murl[0m url, [96m$CODER_URL[0m
          URL to a deployment.

-  [94m-[0m[94mv[0m, [94m--[0m[94mverbose[0m bool, [94m$CODER_VERBOSE[0m
+  [96m-[0m[96mv[0m, [96m--[0m[96mverbose[0m bool, [96m$CODER_VERBOSE[0m
          Enable verbose output.

 ———
--- a/cli/testdata/coder_agent_--help.golden
+++ b/cli/testdata/coder_agent_--help.golden
@ -6,38 +6,38 @@ coder v0.0.0-devel
  Starts the Coder workspace agent.

 [93mOPTIONS:[0m
-      [94m--[0m[94mlog-human[0m string, [94m$CODER_AGENT_LOGGING_HUMAN[0m (default: /dev/stderr)
+      [96m--[0m[96mlog-human[0m string, [96m$CODER_AGENT_LOGGING_HUMAN[0m (default: /dev/stderr)
          Output human-readable logs to a given file.

-      [94m--[0m[94mlog-json[0m string, [94m$CODER_AGENT_LOGGING_JSON[0m
+      [96m--[0m[96mlog-json[0m string, [96m$CODER_AGENT_LOGGING_JSON[0m
          Output JSON logs to a given file.

-      [94m--[0m[94mlog-stackdriver[0m string, [94m$CODER_AGENT_LOGGING_STACKDRIVER[0m
+      [96m--[0m[96mlog-stackdriver[0m string, [96m$CODER_AGENT_LOGGING_STACKDRIVER[0m
          Output Stackdriver compatible logs to a given file.

-      [94m--[0m[94mauth[0m string, [94m$CODER_AGENT_AUTH[0m (default: token)
+      [96m--[0m[96mauth[0m string, [96m$CODER_AGENT_AUTH[0m (default: token)
          Specify the authentication type to use for the agent.

-      [94m--[0m[94mdebug-address[0m string, [94m$CODER_AGENT_DEBUG_ADDRESS[0m (default: 127.0.0.1:2113)
+      [96m--[0m[96mdebug-address[0m string, [96m$CODER_AGENT_DEBUG_ADDRESS[0m (default: 127.0.0.1:2113)
          The bind address to serve a debug HTTP server.

-      [94m--[0m[94mlog-dir[0m string, [94m$CODER_AGENT_LOG_DIR[0m (default: /tmp)
+      [96m--[0m[96mlog-dir[0m string, [96m$CODER_AGENT_LOG_DIR[0m (default: /tmp)
          Specify the location for the agent log files.

-      [94m--[0m[94mno-reap[0m bool
+      [96m--[0m[96mno-reap[0m bool
          Do not start a process reaper.

-      [94m--[0m[94mpprof-address[0m string, [94m$CODER_AGENT_PPROF_ADDRESS[0m (default: 127.0.0.1:6060)
+      [96m--[0m[96mpprof-address[0m string, [96m$CODER_AGENT_PPROF_ADDRESS[0m (default: 127.0.0.1:6060)
          The address to serve pprof.

-      [94m--[0m[94mprometheus-address[0m string, [94m$CODER_AGENT_PROMETHEUS_ADDRESS[0m (default: 127.0.0.1:2112)
+      [96m--[0m[96mprometheus-address[0m string, [96m$CODER_AGENT_PROMETHEUS_ADDRESS[0m (default: 127.0.0.1:2112)
          The bind address to serve Prometheus metrics.

-      [94m--[0m[94mssh-max-timeout[0m duration, [94m$CODER_AGENT_SSH_MAX_TIMEOUT[0m (default: 72h)
+      [96m--[0m[96mssh-max-timeout[0m duration, [96m$CODER_AGENT_SSH_MAX_TIMEOUT[0m (default: 72h)
          Specify the max timeout for a SSH connection, it is advisable to set
          it to a minimum of 60s, but no more than 72h.

-      [94m--[0m[94mtailnet-listen-port[0m int, [94m$CODER_AGENT_TAILNET_LISTEN_PORT[0m (default: 0)
+      [96m--[0m[96mtailnet-listen-port[0m int, [96m$CODER_AGENT_TAILNET_LISTEN_PORT[0m (default: 0)
          Specify a static port for Tailscale to use for listening.

 ———
--- a/cli/testdata/coder_config-ssh_--help.golden
+++ b/cli/testdata/coder_config-ssh_--help.golden
@ -16,39 +16,39 @@ coder v0.0.0-devel
       $ coder config-ssh --dry-run

 [93mOPTIONS:[0m
-      [94m--[0m[94mcoder-binary-path[0m string, [94m$CODER_SSH_CONFIG_BINARY_PATH[0m
+      [96m--[0m[96mcoder-binary-path[0m string, [96m$CODER_SSH_CONFIG_BINARY_PATH[0m
          Optionally specify the absolute path to the coder binary used in
          ProxyCommand. By default, the binary invoking this command ('config
          ssh') is used.

-  [94m-[0m[94mn[0m, [94m--[0m[94mdry-run[0m bool, [94m$CODER_SSH_DRY_RUN[0m
+  [96m-[0m[96mn[0m, [96m--[0m[96mdry-run[0m bool, [96m$CODER_SSH_DRY_RUN[0m
          Perform a trial run with no changes made, showing a diff at the end.

-      [94m--[0m[94mforce-unix-filepaths[0m bool, [94m$CODER_CONFIGSSH_UNIX_FILEPATHS[0m
+      [96m--[0m[96mforce-unix-filepaths[0m bool, [96m$CODER_CONFIGSSH_UNIX_FILEPATHS[0m
          By default, 'config-ssh' uses the os path separator when writing the
          ssh config. This might be an issue in Windows machine that use a
          unix-like shell. This flag forces the use of unix file paths (the
          forward slash '/').

-      [94m--[0m[94mssh-config-file[0m string, [94m$CODER_SSH_CONFIG_FILE[0m (default: ~/.ssh/config)
+      [96m--[0m[96mssh-config-file[0m string, [96m$CODER_SSH_CONFIG_FILE[0m (default: ~/.ssh/config)
          Specifies the path to an SSH config.

-      [94m--[0m[94mssh-host-prefix[0m string, [94m$CODER_CONFIGSSH_SSH_HOST_PREFIX[0m
+      [96m--[0m[96mssh-host-prefix[0m string, [96m$CODER_CONFIGSSH_SSH_HOST_PREFIX[0m
          Override the default host prefix.

-  [94m-[0m[94mo[0m, [94m--[0m[94mssh-option[0m string-array, [94m$CODER_SSH_CONFIG_OPTS[0m
+  [96m-[0m[96mo[0m, [96m--[0m[96mssh-option[0m string-array, [96m$CODER_SSH_CONFIG_OPTS[0m
          Specifies additional SSH options to embed in each host stanza.

-      [94m--[0m[94muse-previous-options[0m bool, [94m$CODER_SSH_USE_PREVIOUS_OPTIONS[0m
+      [96m--[0m[96muse-previous-options[0m bool, [96m$CODER_SSH_USE_PREVIOUS_OPTIONS[0m
          Specifies whether or not to keep options from previous run of
          config-ssh.

-      [94m--[0m[94mwait[0m yes|no|auto, [94m$CODER_CONFIGSSH_WAIT[0m (default: auto)
+      [96m--[0m[96mwait[0m yes|no|auto, [96m$CODER_CONFIGSSH_WAIT[0m (default: auto)
          Specifies whether or not to wait for the startup script to finish
          executing. Auto means that the agent startup script behavior
          configured in the workspace template is used.

-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/cli/testdata/coder_create_--help.golden
+++ b/cli/testdata/coder_create_--help.golden
@ -10,25 +10,25 @@ coder v0.0.0-devel
       $ coder create <username>/<workspace_name>

 [93mOPTIONS:[0m
-      [94m--[0m[94mparameter[0m string-array, [94m$CODER_RICH_PARAMETER[0m
+      [96m--[0m[96mparameter[0m string-array, [96m$CODER_RICH_PARAMETER[0m
          Rich parameter value in the format "name=value".

-      [94m--[0m[94mrich-parameter-file[0m string, [94m$CODER_RICH_PARAMETER_FILE[0m
+      [96m--[0m[96mrich-parameter-file[0m string, [96m$CODER_RICH_PARAMETER_FILE[0m
          Specify a file path with values for rich parameters defined in the
          template.

-      [94m--[0m[94mstart-at[0m string, [94m$CODER_WORKSPACE_START_AT[0m
+      [96m--[0m[96mstart-at[0m string, [96m$CODER_WORKSPACE_START_AT[0m
          Specify the workspace autostart schedule. Check coder schedule start
          --help for the syntax.

-      [94m--[0m[94mstop-after[0m duration, [94m$CODER_WORKSPACE_STOP_AFTER[0m
+      [96m--[0m[96mstop-after[0m duration, [96m$CODER_WORKSPACE_STOP_AFTER[0m
          Specify a duration after which the workspace should shut down (e.g.
          8h).

-  [94m-[0m[94mt[0m, [94m--[0m[94mtemplate[0m string, [94m$CODER_TEMPLATE_NAME[0m
+  [96m-[0m[96mt[0m, [96m--[0m[96mtemplate[0m string, [96m$CODER_TEMPLATE_NAME[0m
          Specify a template name.

-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/cli/testdata/coder_delete_--help.golden
+++ b/cli/testdata/coder_delete_--help.golden
@ -8,12 +8,12 @@ coder v0.0.0-devel
  Aliases: rm

 [93mOPTIONS:[0m
-      [94m--[0m[94morphan[0m bool
+      [96m--[0m[96morphan[0m bool
          Delete a workspace without deleting its resources. This can delete a
          workspace in a broken state, but may also lead to unaccounted cloud
          resources.

-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/cli/testdata/coder_dotfiles_--help.golden
+++ b/cli/testdata/coder_dotfiles_--help.golden
@ -10,16 +10,16 @@ coder v0.0.0-devel
       $ coder dotfiles --yes git@github.com:example/dotfiles.git

 [93mOPTIONS:[0m
-  [94m-[0m[94mb[0m, [94m--[0m[94mbranch[0m string
+  [96m-[0m[96mb[0m, [96m--[0m[96mbranch[0m string
          Specifies which branch to clone. If empty, will default to cloning the
          default branch or using the existing branch in the cloned repo on
          disk.

-      [94m--[0m[94msymlink-dir[0m string, [94m$CODER_SYMLINK_DIR[0m
+      [96m--[0m[96msymlink-dir[0m string, [96m$CODER_SYMLINK_DIR[0m
          Specifies the directory for the dotfiles symlink destinations. If
          empty, will use $HOME.

-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/cli/testdata/coder_list_--help.golden
+++ b/cli/testdata/coder_list_--help.golden
@ -8,18 +8,18 @@ coder v0.0.0-devel
  Aliases: ls

 [93mOPTIONS:[0m
-  [94m-[0m[94ma[0m, [94m--[0m[94mall[0m bool
+  [96m-[0m[96ma[0m, [96m--[0m[96mall[0m bool
          Specifies whether all workspaces will be listed or not.

-  [94m-[0m[94mc[0m, [94m--[0m[94mcolumn[0m string-array (default: workspace,template,status,healthy,last built,outdated,starts at,stops after)
+  [96m-[0m[96mc[0m, [96m--[0m[96mcolumn[0m string-array (default: workspace,template,status,healthy,last built,outdated,starts at,stops after)
          Columns to display in table output. Available columns: workspace,
          template, status, healthy, last built, outdated, starts at, stops
          after, daily cost.

-  [94m-[0m[94mo[0m, [94m--[0m[94moutput[0m string (default: table)
+  [96m-[0m[96mo[0m, [96m--[0m[96moutput[0m string (default: table)
          Output format. Available formats: table, json.

-      [94m--[0m[94msearch[0m string (default: owner:me)
+      [96m--[0m[96msearch[0m string (default: owner:me)
          Search for a workspace with a query.

 ———
--- a/cli/testdata/coder_login_--help.golden
+++ b/cli/testdata/coder_login_--help.golden
@ -6,23 +6,23 @@ coder v0.0.0-devel
  Authenticate with Coder deployment

 [93mOPTIONS:[0m
-      [94m--[0m[94mfirst-user-email[0m string, [94m$CODER_FIRST_USER_EMAIL[0m
+      [96m--[0m[96mfirst-user-email[0m string, [96m$CODER_FIRST_USER_EMAIL[0m
          Specifies an email address to use if creating the first user for the
          deployment.

-      [94m--[0m[94mfirst-user-password[0m string, [94m$CODER_FIRST_USER_PASSWORD[0m
+      [96m--[0m[96mfirst-user-password[0m string, [96m$CODER_FIRST_USER_PASSWORD[0m
          Specifies a password to use if creating the first user for the
          deployment.

-      [94m--[0m[94mfirst-user-trial[0m bool, [94m$CODER_FIRST_USER_TRIAL[0m
+      [96m--[0m[96mfirst-user-trial[0m bool, [96m$CODER_FIRST_USER_TRIAL[0m
          Specifies whether a trial license should be provisioned for the Coder
          deployment or not.

-      [94m--[0m[94mfirst-user-username[0m string, [94m$CODER_FIRST_USER_USERNAME[0m
+      [96m--[0m[96mfirst-user-username[0m string, [96m$CODER_FIRST_USER_USERNAME[0m
          Specifies a username to use if creating the first user for the
          deployment.

-      [94m--[0m[94muse-token-as-session[0m bool
+      [96m--[0m[96muse-token-as-session[0m bool
          By default, the CLI will generate a new session token when logging in.
          This flag will instead use the provided token as the session token.

--- a/cli/testdata/coder_logout_--help.golden
+++ b/cli/testdata/coder_logout_--help.golden
@ -6,7 +6,7 @@ coder v0.0.0-devel
  Unauthenticate your local session

 [93mOPTIONS:[0m
-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/cli/testdata/coder_ping_--help.golden
+++ b/cli/testdata/coder_ping_--help.golden
@ -6,13 +6,13 @@ coder v0.0.0-devel
  Ping a workspace

 [93mOPTIONS:[0m
-  [94m-[0m[94mn[0m, [94m--[0m[94mnum[0m int (default: 10)
+  [96m-[0m[96mn[0m, [96m--[0m[96mnum[0m int (default: 10)
          Specifies the number of pings to perform.

-  [94m-[0m[94mt[0m, [94m--[0m[94mtimeout[0m duration (default: 5s)
+  [96m-[0m[96mt[0m, [96m--[0m[96mtimeout[0m duration (default: 5s)
          Specifies how long to wait for a ping to complete.

-      [94m--[0m[94mwait[0m duration (default: 1s)
+      [96m--[0m[96mwait[0m duration (default: 1s)
          Specifies how long to wait between pings.

 ———
--- a/cli/testdata/coder_port-forward_--help.golden
+++ b/cli/testdata/coder_port-forward_--help.golden
@ -34,10 +34,10 @@ coder v0.0.0-devel
       $ coder port-forward <workspace> --tcp 1.2.3.4:8080:8080

 [93mOPTIONS:[0m
-  [94m-[0m[94mp[0m, [94m--[0m[94mtcp[0m string-array, [94m$CODER_PORT_FORWARD_TCP[0m
+  [96m-[0m[96mp[0m, [96m--[0m[96mtcp[0m string-array, [96m$CODER_PORT_FORWARD_TCP[0m
          Forward TCP port(s) from the workspace to the local machine.

-      [94m--[0m[94mudp[0m string-array, [94m$CODER_PORT_FORWARD_UDP[0m
+      [96m--[0m[96mudp[0m string-array, [96m$CODER_PORT_FORWARD_UDP[0m
          Forward UDP port(s) from the workspace to the local machine. The UDP
          connection has TCP-like semantics to support stateful UDP protocols.

--- a/cli/testdata/coder_publickey_--help.golden
+++ b/cli/testdata/coder_publickey_--help.golden
@ -8,11 +8,11 @@ coder v0.0.0-devel
  Aliases: pubkey

 [93mOPTIONS:[0m
-      [94m--[0m[94mreset[0m bool
+      [96m--[0m[96mreset[0m bool
          Regenerate your public key. This will require updating the key on any
          services it's registered with.

-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/cli/testdata/coder_rename_--help.golden
+++ b/cli/testdata/coder_rename_--help.golden
@ -6,7 +6,7 @@ coder v0.0.0-devel
  Rename a workspace

 [93mOPTIONS:[0m
-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/cli/testdata/coder_reset-password_--help.golden
+++ b/cli/testdata/coder_reset-password_--help.golden
@ -6,7 +6,7 @@ coder v0.0.0-devel
  Directly connect to the database to reset a user's password

 [93mOPTIONS:[0m
-      [94m--[0m[94mpostgres-url[0m string, [94m$CODER_PG_CONNECTION_URL[0m
+      [96m--[0m[96mpostgres-url[0m string, [96m$CODER_PG_CONNECTION_URL[0m
          URL of a PostgreSQL database to connect to.

 ———
--- a/cli/testdata/coder_restart_--help.golden
+++ b/cli/testdata/coder_restart_--help.golden
@ -6,13 +6,13 @@ coder v0.0.0-devel
  Restart a workspace

 [93mOPTIONS:[0m
-      [94m--[0m[94mbuild-option[0m string-array, [94m$CODER_BUILD_OPTION[0m
+      [96m--[0m[96mbuild-option[0m string-array, [96m$CODER_BUILD_OPTION[0m
          Build option value in the format "name=value".

-      [94m--[0m[94mbuild-options[0m bool
+      [96m--[0m[96mbuild-options[0m bool
          Prompt for one-time build options defined with ephemeral parameters.

-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/cli/testdata/coder_server_--help.golden
+++ b/cli/testdata/coder_server_--help.golden
@ -14,42 +14,42 @@ coder v0.0.0-devel
                              PostgreSQL deployment.

 [93mOPTIONS:[0m
-      [94m--[0m[94mcache-dir[0m string, [94m$CODER_CACHE_DIRECTORY[0m (default: [cache dir])
+      [96m--[0m[96mcache-dir[0m string, [96m$CODER_CACHE_DIRECTORY[0m (default: [cache dir])
          The directory to cache temporary files. If unspecified and
          $CACHE_DIRECTORY is set, it will be used for compatibility with
          systemd.

-      [94m--[0m[94mdisable-owner-workspace-access[0m bool, [94m$CODER_DISABLE_OWNER_WORKSPACE_ACCESS[0m
+      [96m--[0m[96mdisable-owner-workspace-access[0m bool, [96m$CODER_DISABLE_OWNER_WORKSPACE_ACCESS[0m
          Remove the permission for the 'owner' role to have workspace execution
          on all workspaces. This prevents the 'owner' from ssh, apps, and
          terminal access based on the 'owner' role. They still have their user
          permissions to access their own workspaces.

-      [94m--[0m[94mdisable-path-apps[0m bool, [94m$CODER_DISABLE_PATH_APPS[0m
+      [96m--[0m[96mdisable-path-apps[0m bool, [96m$CODER_DISABLE_PATH_APPS[0m
          Disable workspace apps that are not served from subdomains. Path-based
          apps can make requests to the Coder API and pose a security risk when
          the workspace serves malicious JavaScript. This is recommended for
          security purposes if a --wildcard-access-url is configured.

-      [94m--[0m[94mswagger-enable[0m bool, [94m$CODER_SWAGGER_ENABLE[0m
+      [96m--[0m[96mswagger-enable[0m bool, [96m$CODER_SWAGGER_ENABLE[0m
          Expose the swagger endpoint via /swagger.

-      [94m--[0m[94mexperiments[0m string-array, [94m$CODER_EXPERIMENTS[0m
+      [96m--[0m[96mexperiments[0m string-array, [96m$CODER_EXPERIMENTS[0m
          Enable one or more experiments. These are not ready for production.
          Separate multiple experiments with commas, or enter '*' to opt-in to
          all available experiments.

-      [94m--[0m[94mpostgres-url[0m string, [94m$CODER_PG_CONNECTION_URL[0m
+      [96m--[0m[96mpostgres-url[0m string, [96m$CODER_PG_CONNECTION_URL[0m
          URL of a PostgreSQL database. If empty, PostgreSQL binaries will be
          downloaded from Maven (https://repo1.maven.org/maven2) and store all
          data in the config root. Access the built-in database with "coder
          server postgres-builtin-url".

-      [94m--[0m[94mssh-keygen-algorithm[0m string, [94m$CODER_SSH_KEYGEN_ALGORITHM[0m (default: ed25519)
+      [96m--[0m[96mssh-keygen-algorithm[0m string, [96m$CODER_SSH_KEYGEN_ALGORITHM[0m (default: ed25519)
          The algorithm to use for generating ssh keys. Accepted values are
          "ed25519", "ecdsa", or "rsa4096".

-      [94m--[0m[94mupdate-check[0m bool, [94m$CODER_UPDATE_CHECK[0m (default: false)
+      [96m--[0m[96mupdate-check[0m bool, [96m$CODER_UPDATE_CHECK[0m (default: false)
          Periodically check for new releases of Coder and inform the owner. The
          check is performed once per day.

@ -57,99 +57,99 @@ coder v0.0.0-devel
 These options change the behavior of how clients interact with the Coder.
 Clients include the coder cli, vs code extension, and the web UI.

-      [94m--[0m[94mssh-config-options[0m string-array, [94m$CODER_SSH_CONFIG_OPTIONS[0m
+      [96m--[0m[96mssh-config-options[0m string-array, [96m$CODER_SSH_CONFIG_OPTIONS[0m
          These SSH config options will override the default SSH config options.
          Provide options in "key=value" or "key value" format separated by
          commas.Using this incorrectly can break SSH to your deployment, use
          cautiously.

-      [94m--[0m[94mssh-hostname-prefix[0m string, [94m$CODER_SSH_HOSTNAME_PREFIX[0m (default: coder.)
+      [96m--[0m[96mssh-hostname-prefix[0m string, [96m$CODER_SSH_HOSTNAME_PREFIX[0m (default: coder.)
          The SSH deployment prefix is used in the Host of the ssh config.

 [93mCONFIG OPTIONS:[0m 
 Use a YAML configuration file when your server launch become unwieldy.

-  [94m-[0m[94mc[0m, [94m--[0m[94mconfig[0m yaml-config-path, [94m$CODER_CONFIG_PATH[0m
+  [96m-[0m[96mc[0m, [96m--[0m[96mconfig[0m yaml-config-path, [96m$CODER_CONFIG_PATH[0m
          Specify a YAML file to load configuration from.

-      [94m--[0m[94mwrite-config[0m bool
+      [96m--[0m[96mwrite-config[0m bool
          
          Write out the current server config as YAML to stdout.

 [93mINTROSPECTION / LOGGING OPTIONS:[0m 
-      [94m--[0m[94menable-terraform-debug-mode[0m bool, [94m$CODER_ENABLE_TERRAFORM_DEBUG_MODE[0m (default: false)
+      [96m--[0m[96menable-terraform-debug-mode[0m bool, [96m$CODER_ENABLE_TERRAFORM_DEBUG_MODE[0m (default: false)
          Allow administrators to enable Terraform debug output.

-      [94m--[0m[94mlog-human[0m string, [94m$CODER_LOGGING_HUMAN[0m (default: /dev/stderr)
+      [96m--[0m[96mlog-human[0m string, [96m$CODER_LOGGING_HUMAN[0m (default: /dev/stderr)
          Output human-readable logs to a given file.

-      [94m--[0m[94mlog-json[0m string, [94m$CODER_LOGGING_JSON[0m
+      [96m--[0m[96mlog-json[0m string, [96m$CODER_LOGGING_JSON[0m
          Output JSON logs to a given file.

-  [94m-[0m[94ml[0m, [94m--[0m[94mlog-filter[0m string-array, [94m$CODER_LOG_FILTER[0m
+  [96m-[0m[96ml[0m, [96m--[0m[96mlog-filter[0m string-array, [96m$CODER_LOG_FILTER[0m
          Filter debug logs by matching against a given regex. Use .* to match
          all debug logs.

-      [94m--[0m[94mlog-stackdriver[0m string, [94m$CODER_LOGGING_STACKDRIVER[0m
+      [96m--[0m[96mlog-stackdriver[0m string, [96m$CODER_LOGGING_STACKDRIVER[0m
          Output Stackdriver compatible logs to a given file.

 [93mINTROSPECTION / PROMETHEUS OPTIONS:[0m 
-      [94m--[0m[94mprometheus-address[0m host:port, [94m$CODER_PROMETHEUS_ADDRESS[0m (default: 127.0.0.1:2112)
+      [96m--[0m[96mprometheus-address[0m host:port, [96m$CODER_PROMETHEUS_ADDRESS[0m (default: 127.0.0.1:2112)
          The bind address to serve prometheus metrics.

-      [94m--[0m[94mprometheus-collect-agent-stats[0m bool, [94m$CODER_PROMETHEUS_COLLECT_AGENT_STATS[0m
+      [96m--[0m[96mprometheus-collect-agent-stats[0m bool, [96m$CODER_PROMETHEUS_COLLECT_AGENT_STATS[0m
          Collect agent stats (may increase charges for metrics storage).

-      [94m--[0m[94mprometheus-collect-db-metrics[0m bool, [94m$CODER_PROMETHEUS_COLLECT_DB_METRICS[0m (default: false)
+      [96m--[0m[96mprometheus-collect-db-metrics[0m bool, [96m$CODER_PROMETHEUS_COLLECT_DB_METRICS[0m (default: false)
          Collect database metrics (may increase charges for metrics storage).

-      [94m--[0m[94mprometheus-enable[0m bool, [94m$CODER_PROMETHEUS_ENABLE[0m
+      [96m--[0m[96mprometheus-enable[0m bool, [96m$CODER_PROMETHEUS_ENABLE[0m
          Serve prometheus metrics on the address defined by prometheus address.

 [93mINTROSPECTION / TRACING OPTIONS:[0m 
-      [94m--[0m[94mtrace-logs[0m bool, [94m$CODER_TRACE_LOGS[0m
+      [96m--[0m[96mtrace-logs[0m bool, [96m$CODER_TRACE_LOGS[0m
          Enables capturing of logs as events in traces. This is useful for
          debugging, but may result in a very large amount of events being sent
          to the tracing backend which may incur significant costs.

-      [94m--[0m[94mtrace[0m bool, [94m$CODER_TRACE_ENABLE[0m
+      [96m--[0m[96mtrace[0m bool, [96m$CODER_TRACE_ENABLE[0m
          Whether application tracing data is collected. It exports to a backend
          configured by environment variables. See:
          https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md.

-      [94m--[0m[94mtrace-honeycomb-api-key[0m string, [94m$CODER_TRACE_HONEYCOMB_API_KEY[0m
+      [96m--[0m[96mtrace-honeycomb-api-key[0m string, [96m$CODER_TRACE_HONEYCOMB_API_KEY[0m
          Enables trace exporting to Honeycomb.io using the provided API Key.

 [93mINTROSPECTION / PPROF OPTIONS:[0m 
-      [94m--[0m[94mpprof-address[0m host:port, [94m$CODER_PPROF_ADDRESS[0m (default: 127.0.0.1:6060)
+      [96m--[0m[96mpprof-address[0m host:port, [96m$CODER_PPROF_ADDRESS[0m (default: 127.0.0.1:6060)
          The bind address to serve pprof.

-      [94m--[0m[94mpprof-enable[0m bool, [94m$CODER_PPROF_ENABLE[0m
+      [96m--[0m[96mpprof-enable[0m bool, [96m$CODER_PPROF_ENABLE[0m
          Serve pprof metrics on the address defined by pprof address.

 [93mNETWORKING OPTIONS:[0m 
-      [94m--[0m[94maccess-url[0m url, [94m$CODER_ACCESS_URL[0m
+      [96m--[0m[96maccess-url[0m url, [96m$CODER_ACCESS_URL[0m
          The URL that users will use to access the Coder deployment.

-      [94m--[0m[94mdocs-url[0m url, [94m$CODER_DOCS_URL[0m
+      [96m--[0m[96mdocs-url[0m url, [96m$CODER_DOCS_URL[0m
          Specifies the custom docs URL.

-      [94m--[0m[94mproxy-trusted-headers[0m string-array, [94m$CODER_PROXY_TRUSTED_HEADERS[0m
+      [96m--[0m[96mproxy-trusted-headers[0m string-array, [96m$CODER_PROXY_TRUSTED_HEADERS[0m
          Headers to trust for forwarding IP addresses. e.g. Cf-Connecting-Ip,
          True-Client-Ip, X-Forwarded-For.

-      [94m--[0m[94mproxy-trusted-origins[0m string-array, [94m$CODER_PROXY_TRUSTED_ORIGINS[0m
+      [96m--[0m[96mproxy-trusted-origins[0m string-array, [96m$CODER_PROXY_TRUSTED_ORIGINS[0m
          Origin addresses to respect "proxy-trusted-headers". e.g.
          192.168.1.0/24.

-      [94m--[0m[94mredirect-to-access-url[0m bool, [94m$CODER_REDIRECT_TO_ACCESS_URL[0m
+      [96m--[0m[96mredirect-to-access-url[0m bool, [96m$CODER_REDIRECT_TO_ACCESS_URL[0m
          Specifies whether to redirect requests that do not match the access
          URL host.

-      [94m--[0m[94msecure-auth-cookie[0m bool, [94m$CODER_SECURE_AUTH_COOKIE[0m
+      [96m--[0m[96msecure-auth-cookie[0m bool, [96m$CODER_SECURE_AUTH_COOKIE[0m
          Controls if the 'Secure' property is set on browser session cookies.

-      [94m--[0m[94mwildcard-access-url[0m url, [94m$CODER_WILDCARD_ACCESS_URL[0m
+      [96m--[0m[96mwildcard-access-url[0m url, [96m$CODER_WILDCARD_ACCESS_URL[0m
          Specifies the wildcard hostname to use for workspace applications in
          the form "*.example.com".

@ -159,7 +159,7 @@ between workspaces and users are peer-to-peer. However, when Coder cannot
 establish a peer to peer connection, Coder uses a distributed relay network
 backed by Tailscale and WireGuard.

-      [94m--[0m[94mblock-direct-connections[0m bool, [94m$CODER_BLOCK_DIRECT[0m
+      [96m--[0m[96mblock-direct-connections[0m bool, [96m$CODER_BLOCK_DIRECT[0m
          Block peer-to-peer (aka. direct) workspace connections. All workspace
          connections from the CLI will be proxied through Coder (or custom
          configured DERP servers) and will never be peer-to-peer when enabled.
@ -167,28 +167,28 @@ backed by Tailscale and WireGuard.
          until they are restarted after this change has been made, but new
          connections will still be proxied regardless.

-      [94m--[0m[94mderp-config-path[0m string, [94m$CODER_DERP_CONFIG_PATH[0m
+      [96m--[0m[96mderp-config-path[0m string, [96m$CODER_DERP_CONFIG_PATH[0m
          Path to read a DERP mapping from. See:
          https://tailscale.com/kb/1118/custom-derp-servers/.

-      [94m--[0m[94mderp-config-url[0m string, [94m$CODER_DERP_CONFIG_URL[0m
+      [96m--[0m[96mderp-config-url[0m string, [96m$CODER_DERP_CONFIG_URL[0m
          URL to fetch a DERP mapping on startup. See:
          https://tailscale.com/kb/1118/custom-derp-servers/.

-      [94m--[0m[94mderp-force-websockets[0m bool, [94m$CODER_DERP_FORCE_WEBSOCKETS[0m
+      [96m--[0m[96mderp-force-websockets[0m bool, [96m$CODER_DERP_FORCE_WEBSOCKETS[0m
          Force clients and agents to always use WebSocket to connect to DERP
          relay servers. By default, DERP uses `Upgrade: derp`, which may cause
          issues with some reverse proxies. Clients may automatically fallback
          to WebSocket if they detect an issue with `Upgrade: derp`, but this
          does not work in all situations.

-      [94m--[0m[94mderp-server-enable[0m bool, [94m$CODER_DERP_SERVER_ENABLE[0m (default: true)
+      [96m--[0m[96mderp-server-enable[0m bool, [96m$CODER_DERP_SERVER_ENABLE[0m (default: true)
          Whether to enable or disable the embedded DERP relay server.

-      [94m--[0m[94mderp-server-region-name[0m string, [94m$CODER_DERP_SERVER_REGION_NAME[0m (default: Coder Embedded Relay)
+      [96m--[0m[96mderp-server-region-name[0m string, [96m$CODER_DERP_SERVER_REGION_NAME[0m (default: Coder Embedded Relay)
          Region name that for the embedded DERP server.

-      [94m--[0m[94mderp-server-stun-addresses[0m string-array, [94m$CODER_DERP_SERVER_STUN_ADDRESSES[0m (default: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302)
+      [96m--[0m[96mderp-server-stun-addresses[0m string-array, [96m$CODER_DERP_SERVER_STUN_ADDRESSES[0m (default: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302)
          Addresses for STUN servers to establish P2P connections. It's
          recommended to have at least two STUN servers to give users the best
          chance of connecting P2P to workspaces. Each STUN server will get it's
@ -196,7 +196,7 @@ backed by Tailscale and WireGuard.
          + 1`. Use special value 'disable' to turn off STUN completely.

 [93mNETWORKING / HTTP OPTIONS:[0m 
-      [94m--[0m[94mdisable-password-auth[0m bool, [94m$CODER_DISABLE_PASSWORD_AUTH[0m
+      [96m--[0m[96mdisable-password-auth[0m bool, [96m$CODER_DISABLE_PASSWORD_AUTH[0m
          Disable password authentication. This is recommended for security
          purposes in production deployments that rely on an identity provider.
          Any user with the owner role will be able to sign in with their
@ -205,23 +205,23 @@ backed by Tailscale and WireGuard.
          create-admin` command to create a new admin user directly in the
          database.

-      [94m--[0m[94mdisable-session-expiry-refresh[0m bool, [94m$CODER_DISABLE_SESSION_EXPIRY_REFRESH[0m
+      [96m--[0m[96mdisable-session-expiry-refresh[0m bool, [96m$CODER_DISABLE_SESSION_EXPIRY_REFRESH[0m
          Disable automatic session expiry bumping due to activity. This forces
          all sessions to become invalid after the session expiry duration has
          been reached.

-      [94m--[0m[94mhttp-address[0m string, [94m$CODER_HTTP_ADDRESS[0m (default: 127.0.0.1:3000)
+      [96m--[0m[96mhttp-address[0m string, [96m$CODER_HTTP_ADDRESS[0m (default: 127.0.0.1:3000)
          HTTP bind address of the server. Unset to disable the HTTP endpoint.

-      [94m--[0m[94mmax-token-lifetime[0m duration, [94m$CODER_MAX_TOKEN_LIFETIME[0m (default: 876600h0m0s)
+      [96m--[0m[96mmax-token-lifetime[0m duration, [96m$CODER_MAX_TOKEN_LIFETIME[0m (default: 876600h0m0s)
          The maximum lifetime duration users can specify when creating an API
          token.

-      [94m--[0m[94mproxy-health-interval[0m duration, [94m$CODER_PROXY_HEALTH_INTERVAL[0m (default: 1m0s)
+      [96m--[0m[96mproxy-health-interval[0m duration, [96m$CODER_PROXY_HEALTH_INTERVAL[0m (default: 1m0s)
          The interval in which coderd should be checking the status of
          workspace proxies.

-      [94m--[0m[94msession-duration[0m duration, [94m$CODER_SESSION_DURATION[0m (default: 24h0m0s)
+      [96m--[0m[96msession-duration[0m duration, [96m$CODER_SESSION_DURATION[0m (default: 24h0m0s)
          The token expiry duration for browser sessions. Sessions may last
          longer if they are actively making requests, but this functionality
          can be disabled via --disable-session-expiry-refresh.
@ -231,178 +231,178 @@ Configure TLS / HTTPS for your Coder deployment. If you're running Coder behind
 a TLS-terminating reverse proxy or are accessing Coder over a secure link, you
 can safely ignore these settings.

-      [94m--[0m[94mstrict-transport-security[0m int, [94m$CODER_STRICT_TRANSPORT_SECURITY[0m (default: 0)
+      [96m--[0m[96mstrict-transport-security[0m int, [96m$CODER_STRICT_TRANSPORT_SECURITY[0m (default: 0)
          Controls if the 'Strict-Transport-Security' header is set on all
          static file responses. This header should only be set if the server is
          accessed via HTTPS. This value is the MaxAge in seconds of the header.

-      [94m--[0m[94mstrict-transport-security-options[0m string-array, [94m$CODER_STRICT_TRANSPORT_SECURITY_OPTIONS[0m
+      [96m--[0m[96mstrict-transport-security-options[0m string-array, [96m$CODER_STRICT_TRANSPORT_SECURITY_OPTIONS[0m
          Two optional fields can be set in the Strict-Transport-Security
          header; 'includeSubDomains' and 'preload'. The
          'strict-transport-security' flag must be set to a non-zero value for
          these options to be used.

-      [94m--[0m[94mtls-address[0m host:port, [94m$CODER_TLS_ADDRESS[0m (default: 127.0.0.1:3443)
+      [96m--[0m[96mtls-address[0m host:port, [96m$CODER_TLS_ADDRESS[0m (default: 127.0.0.1:3443)
          HTTPS bind address of the server.

-      [94m--[0m[94mtls-cert-file[0m string-array, [94m$CODER_TLS_CERT_FILE[0m
+      [96m--[0m[96mtls-cert-file[0m string-array, [96m$CODER_TLS_CERT_FILE[0m
          Path to each certificate for TLS. It requires a PEM-encoded file. To
          configure the listener to use a CA certificate, concatenate the
          primary certificate and the CA certificate together. The primary
          certificate should appear first in the combined file.

-      [94m--[0m[94mtls-client-auth[0m string, [94m$CODER_TLS_CLIENT_AUTH[0m (default: none)
+      [96m--[0m[96mtls-client-auth[0m string, [96m$CODER_TLS_CLIENT_AUTH[0m (default: none)
          Policy the server will follow for TLS Client Authentication. Accepted
          values are "none", "request", "require-any", "verify-if-given", or
          "require-and-verify".

-      [94m--[0m[94mtls-client-ca-file[0m string, [94m$CODER_TLS_CLIENT_CA_FILE[0m
+      [96m--[0m[96mtls-client-ca-file[0m string, [96m$CODER_TLS_CLIENT_CA_FILE[0m
          PEM-encoded Certificate Authority file used for checking the
          authenticity of client.

-      [94m--[0m[94mtls-client-cert-file[0m string, [94m$CODER_TLS_CLIENT_CERT_FILE[0m
+      [96m--[0m[96mtls-client-cert-file[0m string, [96m$CODER_TLS_CLIENT_CERT_FILE[0m
          Path to certificate for client TLS authentication. It requires a
          PEM-encoded file.

-      [94m--[0m[94mtls-client-key-file[0m string, [94m$CODER_TLS_CLIENT_KEY_FILE[0m
+      [96m--[0m[96mtls-client-key-file[0m string, [96m$CODER_TLS_CLIENT_KEY_FILE[0m
          Path to key for client TLS authentication. It requires a PEM-encoded
          file.

-      [94m--[0m[94mtls-enable[0m bool, [94m$CODER_TLS_ENABLE[0m
+      [96m--[0m[96mtls-enable[0m bool, [96m$CODER_TLS_ENABLE[0m
          Whether TLS will be enabled.

-      [94m--[0m[94mtls-key-file[0m string-array, [94m$CODER_TLS_KEY_FILE[0m
+      [96m--[0m[96mtls-key-file[0m string-array, [96m$CODER_TLS_KEY_FILE[0m
          Paths to the private keys for each of the certificates. It requires a
          PEM-encoded file.

-      [94m--[0m[94mtls-min-version[0m string, [94m$CODER_TLS_MIN_VERSION[0m (default: tls12)
+      [96m--[0m[96mtls-min-version[0m string, [96m$CODER_TLS_MIN_VERSION[0m (default: tls12)
          Minimum supported version of TLS. Accepted values are "tls10",
          "tls11", "tls12" or "tls13".

 [93mOAUTH2 / GITHUB OPTIONS:[0m 
-      [94m--[0m[94moauth2-github-allow-everyone[0m bool, [94m$CODER_OAUTH2_GITHUB_ALLOW_EVERYONE[0m
+      [96m--[0m[96moauth2-github-allow-everyone[0m bool, [96m$CODER_OAUTH2_GITHUB_ALLOW_EVERYONE[0m
          Allow all logins, setting this option means allowed orgs and teams
          must be empty.

-      [94m--[0m[94moauth2-github-allow-signups[0m bool, [94m$CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS[0m
+      [96m--[0m[96moauth2-github-allow-signups[0m bool, [96m$CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS[0m
          Whether new users can sign up with GitHub.

-      [94m--[0m[94moauth2-github-allowed-orgs[0m string-array, [94m$CODER_OAUTH2_GITHUB_ALLOWED_ORGS[0m
+      [96m--[0m[96moauth2-github-allowed-orgs[0m string-array, [96m$CODER_OAUTH2_GITHUB_ALLOWED_ORGS[0m
          Organizations the user must be a member of to Login with GitHub.

-      [94m--[0m[94moauth2-github-allowed-teams[0m string-array, [94m$CODER_OAUTH2_GITHUB_ALLOWED_TEAMS[0m
+      [96m--[0m[96moauth2-github-allowed-teams[0m string-array, [96m$CODER_OAUTH2_GITHUB_ALLOWED_TEAMS[0m
          Teams inside organizations the user must be a member of to Login with
          GitHub. Structured as: <organization-name>/<team-slug>.

-      [94m--[0m[94moauth2-github-client-id[0m string, [94m$CODER_OAUTH2_GITHUB_CLIENT_ID[0m
+      [96m--[0m[96moauth2-github-client-id[0m string, [96m$CODER_OAUTH2_GITHUB_CLIENT_ID[0m
          Client ID for Login with GitHub.

-      [94m--[0m[94moauth2-github-client-secret[0m string, [94m$CODER_OAUTH2_GITHUB_CLIENT_SECRET[0m
+      [96m--[0m[96moauth2-github-client-secret[0m string, [96m$CODER_OAUTH2_GITHUB_CLIENT_SECRET[0m
          Client secret for Login with GitHub.

-      [94m--[0m[94moauth2-github-enterprise-base-url[0m string, [94m$CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL[0m
+      [96m--[0m[96moauth2-github-enterprise-base-url[0m string, [96m$CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL[0m
          Base URL of a GitHub Enterprise deployment to use for Login with
          GitHub.

 [93mOIDC OPTIONS:[0m 
-      [94m--[0m[94moidc-group-auto-create[0m bool, [94m$CODER_OIDC_GROUP_AUTO_CREATE[0m (default: false)
+      [96m--[0m[96moidc-group-auto-create[0m bool, [96m$CODER_OIDC_GROUP_AUTO_CREATE[0m (default: false)
          Automatically creates missing groups from a user's groups claim.

-      [94m--[0m[94moidc-allow-signups[0m bool, [94m$CODER_OIDC_ALLOW_SIGNUPS[0m (default: true)
+      [96m--[0m[96moidc-allow-signups[0m bool, [96m$CODER_OIDC_ALLOW_SIGNUPS[0m (default: true)
          Whether new users can sign up with OIDC.

-      [94m--[0m[94moidc-auth-url-params[0m struct[map[string]string], [94m$CODER_OIDC_AUTH_URL_PARAMS[0m (default: {"access_type": "offline"})
+      [96m--[0m[96moidc-auth-url-params[0m struct[map[string]string], [96m$CODER_OIDC_AUTH_URL_PARAMS[0m (default: {"access_type": "offline"})
          OIDC auth URL parameters to pass to the upstream provider.

-      [94m--[0m[94moidc-client-cert-file[0m string, [94m$CODER_OIDC_CLIENT_CERT_FILE[0m
+      [96m--[0m[96moidc-client-cert-file[0m string, [96m$CODER_OIDC_CLIENT_CERT_FILE[0m
          Pem encoded certificate file to use for oauth2 PKI/JWT authorization.
          The public certificate that accompanies oidc-client-key-file. A
          standard x509 certificate is expected.

-      [94m--[0m[94moidc-client-id[0m string, [94m$CODER_OIDC_CLIENT_ID[0m
+      [96m--[0m[96moidc-client-id[0m string, [96m$CODER_OIDC_CLIENT_ID[0m
          Client ID to use for Login with OIDC.

-      [94m--[0m[94moidc-client-key-file[0m string, [94m$CODER_OIDC_CLIENT_KEY_FILE[0m
+      [96m--[0m[96moidc-client-key-file[0m string, [96m$CODER_OIDC_CLIENT_KEY_FILE[0m
          Pem encoded RSA private key to use for oauth2 PKI/JWT authorization.
          This can be used instead of oidc-client-secret if your IDP supports
          it.

-      [94m--[0m[94moidc-client-secret[0m string, [94m$CODER_OIDC_CLIENT_SECRET[0m
+      [96m--[0m[96moidc-client-secret[0m string, [96m$CODER_OIDC_CLIENT_SECRET[0m
          Client secret to use for Login with OIDC.

-      [94m--[0m[94moidc-email-domain[0m string-array, [94m$CODER_OIDC_EMAIL_DOMAIN[0m
+      [96m--[0m[96moidc-email-domain[0m string-array, [96m$CODER_OIDC_EMAIL_DOMAIN[0m
          Email domains that clients logging in with OIDC must match.

-      [94m--[0m[94moidc-email-field[0m string, [94m$CODER_OIDC_EMAIL_FIELD[0m (default: email)
+      [96m--[0m[96moidc-email-field[0m string, [96m$CODER_OIDC_EMAIL_FIELD[0m (default: email)
          OIDC claim field to use as the email.

-      [94m--[0m[94moidc-group-field[0m string, [94m$CODER_OIDC_GROUP_FIELD[0m
+      [96m--[0m[96moidc-group-field[0m string, [96m$CODER_OIDC_GROUP_FIELD[0m
          This field must be set if using the group sync feature and the scope
          name is not 'groups'. Set to the claim to be used for groups.

-      [94m--[0m[94moidc-group-mapping[0m struct[map[string]string], [94m$CODER_OIDC_GROUP_MAPPING[0m (default: {})
+      [96m--[0m[96moidc-group-mapping[0m struct[map[string]string], [96m$CODER_OIDC_GROUP_MAPPING[0m (default: {})
          A map of OIDC group IDs and the group in Coder it should map to. This
          is useful for when OIDC providers only return group IDs.

-      [94m--[0m[94moidc-ignore-email-verified[0m bool, [94m$CODER_OIDC_IGNORE_EMAIL_VERIFIED[0m
+      [96m--[0m[96moidc-ignore-email-verified[0m bool, [96m$CODER_OIDC_IGNORE_EMAIL_VERIFIED[0m
          Ignore the email_verified claim from the upstream provider.

-      [94m--[0m[94moidc-ignore-userinfo[0m bool, [94m$CODER_OIDC_IGNORE_USERINFO[0m (default: false)
+      [96m--[0m[96moidc-ignore-userinfo[0m bool, [96m$CODER_OIDC_IGNORE_USERINFO[0m (default: false)
          Ignore the userinfo endpoint and only use the ID token for user
          information.

-      [94m--[0m[94moidc-issuer-url[0m string, [94m$CODER_OIDC_ISSUER_URL[0m
+      [96m--[0m[96moidc-issuer-url[0m string, [96m$CODER_OIDC_ISSUER_URL[0m
          Issuer URL to use for Login with OIDC.

-      [94m--[0m[94moidc-group-regex-filter[0m regexp, [94m$CODER_OIDC_GROUP_REGEX_FILTER[0m (default: .*)
+      [96m--[0m[96moidc-group-regex-filter[0m regexp, [96m$CODER_OIDC_GROUP_REGEX_FILTER[0m (default: .*)
          If provided any group name not matching the regex is ignored. This
          allows for filtering out groups that are not needed. This filter is
          applied after the group mapping.

-      [94m--[0m[94moidc-scopes[0m string-array, [94m$CODER_OIDC_SCOPES[0m (default: openid,profile,email)
+      [96m--[0m[96moidc-scopes[0m string-array, [96m$CODER_OIDC_SCOPES[0m (default: openid,profile,email)
          Scopes to grant when authenticating with OIDC.

-      [94m--[0m[94moidc-user-role-default[0m string-array, [94m$CODER_OIDC_USER_ROLE_DEFAULT[0m
+      [96m--[0m[96moidc-user-role-default[0m string-array, [96m$CODER_OIDC_USER_ROLE_DEFAULT[0m
          If user role sync is enabled, these roles are always included for all
          authenticated users. The 'member' role is always assigned.

-      [94m--[0m[94moidc-user-role-field[0m string, [94m$CODER_OIDC_USER_ROLE_FIELD[0m
+      [96m--[0m[96moidc-user-role-field[0m string, [96m$CODER_OIDC_USER_ROLE_FIELD[0m
          This field must be set if using the user roles sync feature. Set this
          to the name of the claim used to store the user's role. The roles
          should be sent as an array of strings.

-      [94m--[0m[94moidc-user-role-mapping[0m struct[map[string][]string], [94m$CODER_OIDC_USER_ROLE_MAPPING[0m (default: {})
+      [96m--[0m[96moidc-user-role-mapping[0m struct[map[string][]string], [96m$CODER_OIDC_USER_ROLE_MAPPING[0m (default: {})
          A map of the OIDC passed in user roles and the groups in Coder it
          should map to. This is useful if the group names do not match. If
          mapped to the empty string, the role will ignored.

-      [94m--[0m[94moidc-username-field[0m string, [94m$CODER_OIDC_USERNAME_FIELD[0m (default: preferred_username)
+      [96m--[0m[96moidc-username-field[0m string, [96m$CODER_OIDC_USERNAME_FIELD[0m (default: preferred_username)
          OIDC claim field to use as the username.

-      [94m--[0m[94moidc-sign-in-text[0m string, [94m$CODER_OIDC_SIGN_IN_TEXT[0m (default: OpenID Connect)
+      [96m--[0m[96moidc-sign-in-text[0m string, [96m$CODER_OIDC_SIGN_IN_TEXT[0m (default: OpenID Connect)
          The text to show on the OpenID Connect sign in button.

-      [94m--[0m[94moidc-icon-url[0m url, [94m$CODER_OIDC_ICON_URL[0m
+      [96m--[0m[96moidc-icon-url[0m url, [96m$CODER_OIDC_ICON_URL[0m
          URL pointing to the icon to use on the OpenID Connect login button.

 [93mPROVISIONING OPTIONS:[0m 
 Tune the behavior of the provisioner, which is responsible for creating,
 updating, and deleting workspace resources.

-      [94m--[0m[94mprovisioner-force-cancel-interval[0m duration, [94m$CODER_PROVISIONER_FORCE_CANCEL_INTERVAL[0m (default: 10m0s)
+      [96m--[0m[96mprovisioner-force-cancel-interval[0m duration, [96m$CODER_PROVISIONER_FORCE_CANCEL_INTERVAL[0m (default: 10m0s)
          Time to force cancel provisioning tasks that are stuck.

-      [94m--[0m[94mprovisioner-daemon-poll-interval[0m duration, [94m$CODER_PROVISIONER_DAEMON_POLL_INTERVAL[0m (default: 1s)
+      [96m--[0m[96mprovisioner-daemon-poll-interval[0m duration, [96m$CODER_PROVISIONER_DAEMON_POLL_INTERVAL[0m (default: 1s)
          Time to wait before polling for a new job.

-      [94m--[0m[94mprovisioner-daemon-poll-jitter[0m duration, [94m$CODER_PROVISIONER_DAEMON_POLL_JITTER[0m (default: 100ms)
+      [96m--[0m[96mprovisioner-daemon-poll-jitter[0m duration, [96m$CODER_PROVISIONER_DAEMON_POLL_JITTER[0m (default: 100ms)
          Random jitter added to the poll interval.

-      [94m--[0m[94mprovisioner-daemon-psk[0m string, [94m$CODER_PROVISIONER_DAEMON_PSK[0m
+      [96m--[0m[96mprovisioner-daemon-psk[0m string, [96m$CODER_PROVISIONER_DAEMON_PSK[0m
          Pre-shared key to authenticate external provisioner daemons to Coder
          server.

-      [94m--[0m[94mprovisioner-daemons[0m int, [94m$CODER_PROVISIONER_DAEMONS[0m (default: 3)
+      [96m--[0m[96mprovisioner-daemons[0m int, [96m$CODER_PROVISIONER_DAEMONS[0m (default: 3)
          Number of provisioner daemons to create on start. If builds are stuck
          in queued state for a long time, consider increasing this.

@ -411,11 +411,11 @@ Telemetry is critical to our ability to improve Coder. We strip all
 personalinformation before sending data to our servers. Please only disable
 telemetrywhen required by your organization's security policy.

-      [94m--[0m[94mtelemetry[0m bool, [94m$CODER_TELEMETRY_ENABLE[0m (default: false)
+      [96m--[0m[96mtelemetry[0m bool, [96m$CODER_TELEMETRY_ENABLE[0m (default: false)
          Whether telemetry is enabled or not. Coder collects anonymized usage
          data to help improve our product.

-      [94m--[0m[94mtelemetry-trace[0m bool, [94m$CODER_TELEMETRY_TRACE[0m (default: false)
+      [96m--[0m[96mtelemetry-trace[0m bool, [96m$CODER_TELEMETRY_TRACE[0m (default: false)
          Whether Opentelemetry traces are sent to Coder. Coder collects
          anonymized application tracing to help improve our product. Disabling
          telemetry also disables this option.
@ -424,7 +424,7 @@ telemetrywhen required by your organization's security policy.
 Allow users to set quiet hours schedules each day for workspaces to avoid
 workspaces stopping during the day due to template max TTL.

-      [94m--[0m[94mdefault-quiet-hours-schedule[0m string, [94m$CODER_QUIET_HOURS_DEFAULT_SCHEDULE[0m
+      [96m--[0m[96mdefault-quiet-hours-schedule[0m string, [96m$CODER_QUIET_HOURS_DEFAULT_SCHEDULE[0m
          The default daily cron schedule applied to users that haven't set a
          custom quiet hours schedule themselves. The quiet hours schedule
          determines when workspaces will be force stopped due to the template's
@ -435,7 +435,7 @@ workspaces stopping during the day due to template max TTL.
          are not supported).

 [93m⚠️ DANGEROUS OPTIONS:[0m 
-      [94m--[0m[94mdangerous-allow-path-app-sharing[0m bool, [94m$CODER_DANGEROUS_ALLOW_PATH_APP_SHARING[0m
+      [96m--[0m[96mdangerous-allow-path-app-sharing[0m bool, [96m$CODER_DANGEROUS_ALLOW_PATH_APP_SHARING[0m
          Allow workspace apps that are not served from subdomains to be shared.
          Path-based app sharing is DISABLED by default for security purposes.
          Path-based apps can make requests to the Coder API and pose a security
@ -443,7 +443,7 @@ workspaces stopping during the day due to template max TTL.
          can be disabled entirely with --disable-path-apps for further
          security.

-      [94m--[0m[94mdangerous-allow-path-app-site-owner-access[0m bool, [94m$CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS[0m
+      [96m--[0m[96mdangerous-allow-path-app-site-owner-access[0m bool, [96m$CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS[0m
          Allow site-owners to access workspace apps from workspaces they do not
          own. Owners cannot access path-based apps they do not own by default.
          Path-based apps can make requests to the Coder API and pose a security
@ -454,14 +454,14 @@ workspaces stopping during the day due to template max TTL.
 [93mENTERPRISE OPTIONS:[0m 
 These options are only available in the Enterprise Edition.

-      [94m--[0m[94mbrowser-only[0m bool, [94m$CODER_BROWSER_ONLY[0m
+      [96m--[0m[96mbrowser-only[0m bool, [96m$CODER_BROWSER_ONLY[0m
          Whether Coder only allows connections to workspaces via the browser.

-      [94m--[0m[94mderp-server-relay-url[0m url, [94m$CODER_DERP_SERVER_RELAY_URL[0m
+      [96m--[0m[96mderp-server-relay-url[0m url, [96m$CODER_DERP_SERVER_RELAY_URL[0m
          An HTTP URL that is accessible by other replicas to relay DERP
          traffic. Required for high availability.

-      [94m--[0m[94mexternal-token-encryption-keys[0m string-array, [94m$CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS[0m
+      [96m--[0m[96mexternal-token-encryption-keys[0m string-array, [96m$CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS[0m
          Encrypt OIDC and Git authentication tokens with AES-256-GCM in the
          database. The value must be a comma-separated list of base64-encoded
          keys. Each key, when base64-decoded, must be exactly 32 bytes in
@ -471,7 +471,7 @@ These options are only available in the Enterprise Edition.
          process of rotating keys with the `coder server dbcrypt rotate`
          command.

-      [94m--[0m[94mscim-auth-header[0m string, [94m$CODER_SCIM_AUTH_HEADER[0m
+      [96m--[0m[96mscim-auth-header[0m string, [96m$CODER_SCIM_AUTH_HEADER[0m
          Enables SCIM and sets the authentication header for the built-in SCIM
          server. New users are automatically created with OIDC authentication.

--- a/cli/testdata/coder_server_create-admin-user_--help.golden
+++ b/cli/testdata/coder_server_create-admin-user_--help.golden
@ -7,27 +7,27 @@ coder v0.0.0-devel
  it to every organization.

 [93mOPTIONS:[0m
-      [94m--[0m[94memail[0m string, [94m$CODER_EMAIL[0m
+      [96m--[0m[96memail[0m string, [96m$CODER_EMAIL[0m
          The email of the new user. If not specified, you will be prompted via
          stdin.

-      [94m--[0m[94mpassword[0m string, [94m$CODER_PASSWORD[0m
+      [96m--[0m[96mpassword[0m string, [96m$CODER_PASSWORD[0m
          The password of the new user. If not specified, you will be prompted
          via stdin.

-      [94m--[0m[94mpostgres-url[0m string, [94m$CODER_PG_CONNECTION_URL[0m
+      [96m--[0m[96mpostgres-url[0m string, [96m$CODER_PG_CONNECTION_URL[0m
          URL of a PostgreSQL database. If empty, the built-in PostgreSQL
          deployment will be used (Coder must not be already running in this
          case).

-      [94m--[0m[94mraw-url[0m bool
+      [96m--[0m[96mraw-url[0m bool
          Output the raw connection URL instead of a psql command.

-      [94m--[0m[94mssh-keygen-algorithm[0m string, [94m$CODER_SSH_KEYGEN_ALGORITHM[0m (default: ed25519)
+      [96m--[0m[96mssh-keygen-algorithm[0m string, [96m$CODER_SSH_KEYGEN_ALGORITHM[0m (default: ed25519)
          The algorithm to use for generating ssh keys. Accepted values are
          "ed25519", "ecdsa", or "rsa4096".

-      [94m--[0m[94musername[0m string, [94m$CODER_USERNAME[0m
+      [96m--[0m[96musername[0m string, [96m$CODER_USERNAME[0m
          The username of the new user. If not specified, you will be prompted
          via stdin.

--- a/cli/testdata/coder_server_postgres-builtin-serve_--help.golden
+++ b/cli/testdata/coder_server_postgres-builtin-serve_--help.golden
@ -6,7 +6,7 @@ coder v0.0.0-devel
  Run the built-in PostgreSQL deployment.

 [93mOPTIONS:[0m
-      [94m--[0m[94mraw-url[0m bool
+      [96m--[0m[96mraw-url[0m bool
          Output the raw connection URL instead of a psql command.

 ———
--- a/cli/testdata/coder_server_postgres-builtin-url_--help.golden
+++ b/cli/testdata/coder_server_postgres-builtin-url_--help.golden
@ -6,7 +6,7 @@ coder v0.0.0-devel
  Output the connection URL for the built-in PostgreSQL deployment.

 [93mOPTIONS:[0m
-      [94m--[0m[94mraw-url[0m bool
+      [96m--[0m[96mraw-url[0m bool
          Output the raw connection URL instead of a psql command.

 ———
--- a/cli/testdata/coder_speedtest_--help.golden
+++ b/cli/testdata/coder_speedtest_--help.golden
@ -6,15 +6,15 @@ coder v0.0.0-devel
  Run upload and download tests from your machine to a workspace

 [93mOPTIONS:[0m
-  [94m-[0m[94md[0m, [94m--[0m[94mdirect[0m bool
+  [96m-[0m[96md[0m, [96m--[0m[96mdirect[0m bool
          Specifies whether to wait for a direct connection before testing
          speed.

-      [94m--[0m[94mdirection[0m up|down (default: down)
+      [96m--[0m[96mdirection[0m up|down (default: down)
          Specifies whether to run in reverse mode where the client receives and
          the server sends.

-  [94m-[0m[94mt[0m, [94m--[0m[94mtime[0m duration (default: 5s)
+  [96m-[0m[96mt[0m, [96m--[0m[96mtime[0m duration (default: 5s)
          Specifies the duration to monitor traffic.

 ———
--- a/cli/testdata/coder_ssh_--help.golden
+++ b/cli/testdata/coder_ssh_--help.golden
@ -6,42 +6,42 @@ coder v0.0.0-devel
  Start a shell into a workspace

 [93mOPTIONS:[0m
-  [94m-[0m[94mA[0m, [94m--[0m[94mforward-agent[0m bool, [94m$CODER_SSH_FORWARD_AGENT[0m
+  [96m-[0m[96mA[0m, [96m--[0m[96mforward-agent[0m bool, [96m$CODER_SSH_FORWARD_AGENT[0m
          Specifies whether to forward the SSH agent specified in
          $SSH_AUTH_SOCK.

-  [94m-[0m[94mG[0m, [94m--[0m[94mforward-gpg[0m bool, [94m$CODER_SSH_FORWARD_GPG[0m
+  [96m-[0m[96mG[0m, [96m--[0m[96mforward-gpg[0m bool, [96m$CODER_SSH_FORWARD_GPG[0m
          Specifies whether to forward the GPG agent. Unsupported on Windows
          workspaces, but supports all clients. Requires gnupg (gpg, gpgconf) on
          both the client and workspace. The GPG agent must already be running
          locally and will not be started for you. If a GPG agent is already
          running in the workspace, it will be attempted to be killed.

-      [94m--[0m[94midentity-agent[0m string, [94m$CODER_SSH_IDENTITY_AGENT[0m
+      [96m--[0m[96midentity-agent[0m string, [96m$CODER_SSH_IDENTITY_AGENT[0m
          Specifies which identity agent to use (overrides $SSH_AUTH_SOCK),
          forward agent must also be enabled.

-  [94m-[0m[94ml[0m, [94m--[0m[94mlog-dir[0m string, [94m$CODER_SSH_LOG_DIR[0m
+  [96m-[0m[96ml[0m, [96m--[0m[96mlog-dir[0m string, [96m$CODER_SSH_LOG_DIR[0m
          Specify the directory containing SSH diagnostic log files.

-      [94m--[0m[94mno-wait[0m bool, [94m$CODER_SSH_NO_WAIT[0m
+      [96m--[0m[96mno-wait[0m bool, [96m$CODER_SSH_NO_WAIT[0m
          Enter workspace immediately after the agent has connected. This is the
          default if the template has configured the agent startup script
          behavior as non-blocking.
          DEPRECATED: Use --wait instead.

-  [94m-[0m[94mR[0m, [94m--[0m[94mremote-forward[0m string, [94m$CODER_SSH_REMOTE_FORWARD[0m
+  [96m-[0m[96mR[0m, [96m--[0m[96mremote-forward[0m string, [96m$CODER_SSH_REMOTE_FORWARD[0m
          Enable remote port forwarding (remote_port:local_address:local_port).

-      [94m--[0m[94mstdio[0m bool, [94m$CODER_SSH_STDIO[0m
+      [96m--[0m[96mstdio[0m bool, [96m$CODER_SSH_STDIO[0m
          Specifies whether to emit SSH output over stdin/stdout.

-      [94m--[0m[94mwait[0m yes|no|auto, [94m$CODER_SSH_WAIT[0m (default: auto)
+      [96m--[0m[96mwait[0m yes|no|auto, [96m$CODER_SSH_WAIT[0m (default: auto)
          Specifies whether or not to wait for the startup script to finish
          executing. Auto means that the agent startup script behavior
          configured in the workspace template is used.

-      [94m--[0m[94mworkspace-poll-interval[0m duration, [94m$CODER_WORKSPACE_POLL_INTERVAL[0m (default: 1m)
+      [96m--[0m[96mworkspace-poll-interval[0m duration, [96m$CODER_WORKSPACE_POLL_INTERVAL[0m (default: 1m)
          Specifies how often to poll for workspace automated shutdown.

 ———
--- a/cli/testdata/coder_start_--help.golden
+++ b/cli/testdata/coder_start_--help.golden
@ -6,13 +6,13 @@ coder v0.0.0-devel
  Start a workspace

 [93mOPTIONS:[0m
-      [94m--[0m[94mbuild-option[0m string-array, [94m$CODER_BUILD_OPTION[0m
+      [96m--[0m[96mbuild-option[0m string-array, [96m$CODER_BUILD_OPTION[0m
          Build option value in the format "name=value".

-      [94m--[0m[94mbuild-options[0m bool
+      [96m--[0m[96mbuild-options[0m bool
          Prompt for one-time build options defined with ephemeral parameters.

-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/cli/testdata/coder_stat_--help.golden
+++ b/cli/testdata/coder_stat_--help.golden
@ -11,11 +11,11 @@ coder v0.0.0-devel
    mem     Show memory usage, in gigabytes.

 [93mOPTIONS:[0m
-  [94m-[0m[94mc[0m, [94m--[0m[94mcolumn[0m string-array (default: host_cpu,host_memory,home_disk,container_cpu,container_memory)
+  [96m-[0m[96mc[0m, [96m--[0m[96mcolumn[0m string-array (default: host_cpu,host_memory,home_disk,container_cpu,container_memory)
          Columns to display in table output. Available columns: host cpu, host
          memory, home disk, container cpu, container memory.

-  [94m-[0m[94mo[0m, [94m--[0m[94moutput[0m string (default: table)
+  [96m-[0m[96mo[0m, [96m--[0m[96moutput[0m string (default: table)
          Output format. Available formats: table, json.

 ———
--- a/cli/testdata/coder_stat_cpu_--help.golden
+++ b/cli/testdata/coder_stat_cpu_--help.golden
@ -6,10 +6,10 @@ coder v0.0.0-devel
  Show CPU usage, in cores.

 [93mOPTIONS:[0m
-      [94m--[0m[94mhost[0m bool
+      [96m--[0m[96mhost[0m bool
          Force host CPU measurement.

-  [94m-[0m[94mo[0m, [94m--[0m[94moutput[0m string (default: text)
+  [96m-[0m[96mo[0m, [96m--[0m[96moutput[0m string (default: text)
          Output format. Available formats: text, json.

 ———
--- a/cli/testdata/coder_stat_disk_--help.golden
+++ b/cli/testdata/coder_stat_disk_--help.golden
@ -6,13 +6,13 @@ coder v0.0.0-devel
  Show disk usage, in gigabytes.

 [93mOPTIONS:[0m
-  [94m-[0m[94mo[0m, [94m--[0m[94moutput[0m string (default: text)
+  [96m-[0m[96mo[0m, [96m--[0m[96moutput[0m string (default: text)
          Output format. Available formats: text, json.

-      [94m--[0m[94mpath[0m string (default: /)
+      [96m--[0m[96mpath[0m string (default: /)
          Path for which to check disk usage.

-      [94m--[0m[94mprefix[0m Ki|Mi|Gi|Ti (default: Gi)
+      [96m--[0m[96mprefix[0m Ki|Mi|Gi|Ti (default: Gi)
          SI Prefix for disk measurement.

 ———
--- a/cli/testdata/coder_stat_mem_--help.golden
+++ b/cli/testdata/coder_stat_mem_--help.golden
@ -6,13 +6,13 @@ coder v0.0.0-devel
  Show memory usage, in gigabytes.

 [93mOPTIONS:[0m
-      [94m--[0m[94mhost[0m bool
+      [96m--[0m[96mhost[0m bool
          Force host memory measurement.

-  [94m-[0m[94mo[0m, [94m--[0m[94moutput[0m string (default: text)
+  [96m-[0m[96mo[0m, [96m--[0m[96moutput[0m string (default: text)
          Output format. Available formats: text, json.

-      [94m--[0m[94mprefix[0m Ki|Mi|Gi|Ti (default: Gi)
+      [96m--[0m[96mprefix[0m Ki|Mi|Gi|Ti (default: Gi)
          SI Prefix for memory measurement.

 ———
--- a/cli/testdata/coder_state_pull_--help.golden
+++ b/cli/testdata/coder_state_pull_--help.golden
@ -6,7 +6,7 @@ coder v0.0.0-devel
  Pull a Terraform state file from a workspace.

 [93mOPTIONS:[0m
-  [94m-[0m[94mb[0m, [94m--[0m[94mbuild[0m int
+  [96m-[0m[96mb[0m, [96m--[0m[96mbuild[0m int
          Specify a workspace build to target by name. Defaults to latest.

 ———
--- a/cli/testdata/coder_state_push_--help.golden
+++ b/cli/testdata/coder_state_push_--help.golden
@ -6,7 +6,7 @@ coder v0.0.0-devel
  Push a Terraform state file to a workspace.

 [93mOPTIONS:[0m
-  [94m-[0m[94mb[0m, [94m--[0m[94mbuild[0m int
+  [96m-[0m[96mb[0m, [96m--[0m[96mbuild[0m int
          Specify a workspace build to target by name. Defaults to latest.

 ———
--- a/cli/testdata/coder_stop_--help.golden
+++ b/cli/testdata/coder_stop_--help.golden
@ -6,7 +6,7 @@ coder v0.0.0-devel
  Stop a workspace

 [93mOPTIONS:[0m
-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/cli/testdata/coder_templates_create_--help.golden
+++ b/cli/testdata/coder_templates_create_--help.golden
@ -6,59 +6,59 @@ coder v0.0.0-devel
  Create a template from the current directory or as specified by flag

 [93mOPTIONS:[0m
-      [94m--[0m[94mdefault-ttl[0m duration (default: 24h)
+      [96m--[0m[96mdefault-ttl[0m duration (default: 24h)
          Specify a default TTL for workspaces created from this template. It is
          the default time before shutdown - workspaces created from this
          template default to this value. Maps to "Default autostop" in the UI.

-  [94m-[0m[94md[0m, [94m--[0m[94mdirectory[0m string (default: .)
+  [96m-[0m[96md[0m, [96m--[0m[96mdirectory[0m string (default: .)
          Specify the directory to create from, use '-' to read tar from stdin.

-      [94m--[0m[94mfailure-ttl[0m duration (default: 0h)
+      [96m--[0m[96mfailure-ttl[0m duration (default: 0h)
          Specify a failure TTL for workspaces created from this template. It is
          the amount of time after a failed "start" build before coder
          automatically schedules a "stop" build to cleanup.This licensed
          feature's default is 0h (off). Maps to "Failure cleanup"in the UI.

-      [94m--[0m[94mignore-lockfile[0m bool (default: false)
+      [96m--[0m[96mignore-lockfile[0m bool (default: false)
          Ignore warnings about not having a .terraform.lock.hcl file present in
          the template.

-      [94m--[0m[94minactivity-ttl[0m duration (default: 0h)
+      [96m--[0m[96minactivity-ttl[0m duration (default: 0h)
          Specify an inactivity TTL for workspaces created from this template.
          It is the amount of time the workspace is not used before it is be
          stopped and auto-locked. This includes across multiple builds (e.g.
          auto-starts and stops). This licensed feature's default is 0h (off).
          Maps to "Dormancy threshold" in the UI.

-      [94m--[0m[94mmax-ttl[0m duration
+      [96m--[0m[96mmax-ttl[0m duration
          Edit the template maximum time before shutdown - workspaces created
          from this template must shutdown within the given duration after
          starting. This is an enterprise-only feature.

-  [94m-[0m[94mm[0m, [94m--[0m[94mmessage[0m string
+  [96m-[0m[96mm[0m, [96m--[0m[96mmessage[0m string
          Specify a message describing the changes in this version of the
          template. Messages longer than 72 characters will be displayed as
          truncated.

-      [94m--[0m[94mprivate[0m bool
+      [96m--[0m[96mprivate[0m bool
          Disable the default behavior of granting template access to the
          'everyone' group. The template permissions must be updated to allow
          non-admin users to use this template.

-      [94m--[0m[94mprovisioner-tag[0m string-array
+      [96m--[0m[96mprovisioner-tag[0m string-array
          Specify a set of tags to target provisioner daemons.

-      [94m--[0m[94mvar[0m string-array
+      [96m--[0m[96mvar[0m string-array
          Alias of --variable.

-      [94m--[0m[94mvariable[0m string-array
+      [96m--[0m[96mvariable[0m string-array
          Specify a set of values for Terraform-managed variables.

-      [94m--[0m[94mvariables-file[0m string
+      [96m--[0m[96mvariables-file[0m string
          Specify a file path with values for Terraform-managed variables.

-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/cli/testdata/coder_templates_delete_--help.golden
+++ b/cli/testdata/coder_templates_delete_--help.golden
@ -8,7 +8,7 @@ coder v0.0.0-devel
  Aliases: rm

 [93mOPTIONS:[0m
-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/cli/testdata/coder_templates_edit_--help.golden
+++ b/cli/testdata/coder_templates_edit_--help.golden
@ -6,54 +6,54 @@ coder v0.0.0-devel
  Edit the metadata of a template by name.

 [93mOPTIONS:[0m
-      [94m--[0m[94mallow-user-autostart[0m bool (default: true)
+      [96m--[0m[96mallow-user-autostart[0m bool (default: true)
          Allow users to configure autostart for workspaces on this template.
          This can only be disabled in enterprise.

-      [94m--[0m[94mallow-user-autostop[0m bool (default: true)
+      [96m--[0m[96mallow-user-autostop[0m bool (default: true)
          Allow users to customize the autostop TTL for workspaces on this
          template. This can only be disabled in enterprise.

-      [94m--[0m[94mallow-user-cancel-workspace-jobs[0m bool (default: true)
+      [96m--[0m[96mallow-user-cancel-workspace-jobs[0m bool (default: true)
          Allow users to cancel in-progress workspace jobs.

-      [94m--[0m[94mdefault-ttl[0m duration
+      [96m--[0m[96mdefault-ttl[0m duration
          Edit the template default time before shutdown - workspaces created
          from this template default to this value. Maps to "Default autostop"
          in the UI.

-      [94m--[0m[94mdescription[0m string
+      [96m--[0m[96mdescription[0m string
          Edit the template description.

-      [94m--[0m[94mdisplay-name[0m string
+      [96m--[0m[96mdisplay-name[0m string
          Edit the template display name.

-      [94m--[0m[94mfailure-ttl[0m duration (default: 0h)
+      [96m--[0m[96mfailure-ttl[0m duration (default: 0h)
          Specify a failure TTL for workspaces created from this template. It is
          the amount of time after a failed "start" build before coder
          automatically schedules a "stop" build to cleanup.This licensed
          feature's default is 0h (off). Maps to "Failure cleanup" in the UI.

-      [94m--[0m[94micon[0m string
+      [96m--[0m[96micon[0m string
          Edit the template icon path.

-      [94m--[0m[94minactivity-ttl[0m duration (default: 0h)
+      [96m--[0m[96minactivity-ttl[0m duration (default: 0h)
          Specify an inactivity TTL for workspaces created from this template.
          It is the amount of time the workspace is not used before it is be
          stopped and auto-locked. This includes across multiple builds (e.g.
          auto-starts and stops). This licensed feature's default is 0h (off).
          Maps to "Dormancy threshold" in the UI.

-      [94m--[0m[94mmax-ttl[0m duration
+      [96m--[0m[96mmax-ttl[0m duration
          Edit the template maximum time before shutdown - workspaces created
          from this template must shutdown within the given duration after
          starting, regardless of user activity. This is an enterprise-only
          feature. Maps to "Max lifetime" in the UI.

-      [94m--[0m[94mname[0m string
+      [96m--[0m[96mname[0m string
          Edit the template name.

-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/cli/testdata/coder_templates_init_--help.golden
+++ b/cli/testdata/coder_templates_init_--help.golden
@ -6,7 +6,7 @@ coder v0.0.0-devel
  Get started with a templated template.

 [93mOPTIONS:[0m
-      [94m--[0m[94mid[0m aws-ecs-container|aws-linux|aws-windows|azure-linux|do-linux|docker|docker-with-dotfiles|fly-docker-image|gcp-linux|gcp-vm-container|gcp-windows|kubernetes
+      [96m--[0m[96mid[0m aws-ecs-container|aws-linux|aws-windows|azure-linux|do-linux|docker|docker-with-dotfiles|fly-docker-image|gcp-linux|gcp-vm-container|gcp-windows|kubernetes
          Specify a given example template by ID.

 ———
--- a/cli/testdata/coder_templates_list_--help.golden
+++ b/cli/testdata/coder_templates_list_--help.golden
@ -8,12 +8,12 @@ coder v0.0.0-devel
  Aliases: ls

 [93mOPTIONS:[0m
-  [94m-[0m[94mc[0m, [94m--[0m[94mcolumn[0m string-array (default: name,last updated,used by)
+  [96m-[0m[96mc[0m, [96m--[0m[96mcolumn[0m string-array (default: name,last updated,used by)
          Columns to display in table output. Available columns: name, created
          at, last updated, organization id, provisioner, active version id,
          used by, default ttl.

-  [94m-[0m[94mo[0m, [94m--[0m[94moutput[0m string (default: table)
+  [96m-[0m[96mo[0m, [96m--[0m[96moutput[0m string (default: table)
          Output format. Available formats: table, json.

 ———
--- a/cli/testdata/coder_templates_pull_--help.golden
+++ b/cli/testdata/coder_templates_pull_--help.golden
@ -6,10 +6,10 @@ coder v0.0.0-devel
  Download the latest version of a template to a path.

 [93mOPTIONS:[0m
-      [94m--[0m[94mtar[0m bool
+      [96m--[0m[96mtar[0m bool
          Output the template as a tar archive to stdout.

-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/cli/testdata/coder_templates_push_--help.golden
+++ b/cli/testdata/coder_templates_push_--help.golden
@ -6,45 +6,45 @@ coder v0.0.0-devel
  Push a new template version from the current directory or as specified by flag

 [93mOPTIONS:[0m
-      [94m--[0m[94mactivate[0m bool (default: true)
+      [96m--[0m[96mactivate[0m bool (default: true)
          Whether the new template will be marked active.

-      [94m--[0m[94malways-prompt[0m bool
+      [96m--[0m[96malways-prompt[0m bool
          Always prompt all parameters. Does not pull parameter values from
          active template version.

-      [94m--[0m[94mcreate[0m bool (default: false)
+      [96m--[0m[96mcreate[0m bool (default: false)
          Create the template if it does not exist.

-  [94m-[0m[94md[0m, [94m--[0m[94mdirectory[0m string (default: .)
+  [96m-[0m[96md[0m, [96m--[0m[96mdirectory[0m string (default: .)
          Specify the directory to create from, use '-' to read tar from stdin.

-      [94m--[0m[94mignore-lockfile[0m bool (default: false)
+      [96m--[0m[96mignore-lockfile[0m bool (default: false)
          Ignore warnings about not having a .terraform.lock.hcl file present in
          the template.

-  [94m-[0m[94mm[0m, [94m--[0m[94mmessage[0m string
+  [96m-[0m[96mm[0m, [96m--[0m[96mmessage[0m string
          Specify a message describing the changes in this version of the
          template. Messages longer than 72 characters will be displayed as
          truncated.

-      [94m--[0m[94mname[0m string
+      [96m--[0m[96mname[0m string
          Specify a name for the new template version. It will be automatically
          generated if not provided.

-      [94m--[0m[94mprovisioner-tag[0m string-array
+      [96m--[0m[96mprovisioner-tag[0m string-array
          Specify a set of tags to target provisioner daemons.

-      [94m--[0m[94mvar[0m string-array
+      [96m--[0m[96mvar[0m string-array
          Alias of --variable.

-      [94m--[0m[94mvariable[0m string-array
+      [96m--[0m[96mvariable[0m string-array
          Specify a set of values for Terraform-managed variables.

-      [94m--[0m[94mvariables-file[0m string
+      [96m--[0m[96mvariables-file[0m string
          Specify a file path with values for Terraform-managed variables.

-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/cli/testdata/coder_templates_versions_list_--help.golden
+++ b/cli/testdata/coder_templates_versions_list_--help.golden
@ -6,11 +6,11 @@ coder v0.0.0-devel
  List all the versions of the specified template

 [93mOPTIONS:[0m
-  [94m-[0m[94mc[0m, [94m--[0m[94mcolumn[0m string-array (default: name,created at,created by,status,active)
+  [96m-[0m[96mc[0m, [96m--[0m[96mcolumn[0m string-array (default: name,created at,created by,status,active)
          Columns to display in table output. Available columns: name, created
          at, created by, status, active.

-  [94m-[0m[94mo[0m, [94m--[0m[94moutput[0m string (default: table)
+  [96m-[0m[96mo[0m, [96m--[0m[96moutput[0m string (default: table)
          Output format. Available formats: table, json.

 ———
--- a/cli/testdata/coder_tokens_create_--help.golden
+++ b/cli/testdata/coder_tokens_create_--help.golden
@ -6,10 +6,10 @@ coder v0.0.0-devel
  Create a token

 [93mOPTIONS:[0m
-      [94m--[0m[94mlifetime[0m duration, [94m$CODER_TOKEN_LIFETIME[0m (default: 720h0m0s)
+      [96m--[0m[96mlifetime[0m duration, [96m$CODER_TOKEN_LIFETIME[0m (default: 720h0m0s)
          Specify a duration for the lifetime of the token.

-  [94m-[0m[94mn[0m, [94m--[0m[94mname[0m string, [94m$CODER_TOKEN_NAME[0m
+  [96m-[0m[96mn[0m, [96m--[0m[96mname[0m string, [96m$CODER_TOKEN_NAME[0m
          Specify a human-readable name.

 ———
--- a/cli/testdata/coder_tokens_list_--help.golden
+++ b/cli/testdata/coder_tokens_list_--help.golden
@ -8,15 +8,15 @@ coder v0.0.0-devel
  Aliases: ls

 [93mOPTIONS:[0m
-  [94m-[0m[94ma[0m, [94m--[0m[94mall[0m bool
+  [96m-[0m[96ma[0m, [96m--[0m[96mall[0m bool
          Specifies whether all users' tokens will be listed or not (must have
          Owner role to see all tokens).

-  [94m-[0m[94mc[0m, [94m--[0m[94mcolumn[0m string-array (default: id,name,last used,expires at,created at)
+  [96m-[0m[96mc[0m, [96m--[0m[96mcolumn[0m string-array (default: id,name,last used,expires at,created at)
          Columns to display in table output. Available columns: id, name, last
          used, expires at, created at, owner.

-  [94m-[0m[94mo[0m, [94m--[0m[94moutput[0m string (default: table)
+  [96m-[0m[96mo[0m, [96m--[0m[96moutput[0m string (default: table)
          Output format. Available formats: table, json.

 ———
--- a/cli/testdata/coder_update_--help.golden
+++ b/cli/testdata/coder_update_--help.golden
@ -8,20 +8,20 @@ coder v0.0.0-devel
  Use --always-prompt to change the parameter values of the workspace.

 [93mOPTIONS:[0m
-      [94m--[0m[94malways-prompt[0m bool
+      [96m--[0m[96malways-prompt[0m bool
          Always prompt all parameters. Does not pull parameter values from
          existing workspace.

-      [94m--[0m[94mbuild-option[0m string-array, [94m$CODER_BUILD_OPTION[0m
+      [96m--[0m[96mbuild-option[0m string-array, [96m$CODER_BUILD_OPTION[0m
          Build option value in the format "name=value".

-      [94m--[0m[94mbuild-options[0m bool
+      [96m--[0m[96mbuild-options[0m bool
          Prompt for one-time build options defined with ephemeral parameters.

-      [94m--[0m[94mparameter[0m string-array, [94m$CODER_RICH_PARAMETER[0m
+      [96m--[0m[96mparameter[0m string-array, [96m$CODER_RICH_PARAMETER[0m
          Rich parameter value in the format "name=value".

-      [94m--[0m[94mrich-parameter-file[0m string, [94m$CODER_RICH_PARAMETER_FILE[0m
+      [96m--[0m[96mrich-parameter-file[0m string, [96m$CODER_RICH_PARAMETER_FILE[0m
          Specify a file path with values for rich parameters defined in the
          template.

--- a/cli/testdata/coder_users_activate_--help.golden
+++ b/cli/testdata/coder_users_activate_--help.golden
@ -11,7 +11,7 @@ coder v0.0.0-devel
   $ coder users activate example_user

 [93mOPTIONS:[0m
-  [94m-[0m[94mc[0m, [94m--[0m[94mcolumn[0m string-array (default: username,email,created_at,status)
+  [96m-[0m[96mc[0m, [96m--[0m[96mcolumn[0m string-array (default: username,email,created_at,status)
          Specify a column to filter in the table.

 ———
--- a/cli/testdata/coder_users_create_--help.golden
+++ b/cli/testdata/coder_users_create_--help.golden
@ -4,19 +4,19 @@ coder v0.0.0-devel
  coder users create [flags]

 [93mOPTIONS:[0m
-  [94m-[0m[94me[0m, [94m--[0m[94memail[0m string
+  [96m-[0m[96me[0m, [96m--[0m[96memail[0m string
          Specifies an email address for the new user.

-      [94m--[0m[94mlogin-type[0m string
+      [96m--[0m[96mlogin-type[0m string
          Optionally specify the login type for the user. Valid values are:
          password, none, github, oidc. Using 'none' prevents the user from
          authenticating and requires an API key/token to be generated by an
          admin.

-  [94m-[0m[94mp[0m, [94m--[0m[94mpassword[0m string
+  [96m-[0m[96mp[0m, [96m--[0m[96mpassword[0m string
          Specifies a password for the new user.

-  [94m-[0m[94mu[0m, [94m--[0m[94musername[0m string
+  [96m-[0m[96mu[0m, [96m--[0m[96musername[0m string
          Specifies a username for the new user.

 ———
--- a/cli/testdata/coder_users_list_--help.golden
+++ b/cli/testdata/coder_users_list_--help.golden
@ -6,11 +6,11 @@ coder v0.0.0-devel
  Aliases: ls

 [93mOPTIONS:[0m
-  [94m-[0m[94mc[0m, [94m--[0m[94mcolumn[0m string-array (default: username,email,created_at,status)
+  [96m-[0m[96mc[0m, [96m--[0m[96mcolumn[0m string-array (default: username,email,created_at,status)
          Columns to display in table output. Available columns: id, username,
          email, created at, status.

-  [94m-[0m[94mo[0m, [94m--[0m[94moutput[0m string (default: table)
+  [96m-[0m[96mo[0m, [96m--[0m[96moutput[0m string (default: table)
          Output format. Available formats: table, json.

 ———
--- a/cli/testdata/coder_users_show_--help.golden
+++ b/cli/testdata/coder_users_show_--help.golden
@ -8,7 +8,7 @@ coder v0.0.0-devel
   $ coder users show me

 [93mOPTIONS:[0m
-  [94m-[0m[94mo[0m, [94m--[0m[94moutput[0m string (default: table)
+  [96m-[0m[96mo[0m, [96m--[0m[96moutput[0m string (default: table)
          Output format. Available formats: table, json.

 ———
--- a/cli/testdata/coder_users_suspend_--help.golden
+++ b/cli/testdata/coder_users_suspend_--help.golden
@ -11,7 +11,7 @@ coder v0.0.0-devel
   $ coder users suspend example_user

 [93mOPTIONS:[0m
-  [94m-[0m[94mc[0m, [94m--[0m[94mcolumn[0m string-array (default: username,email,created_at,status)
+  [96m-[0m[96mc[0m, [96m--[0m[96mcolumn[0m string-array (default: username,email,created_at,status)
          Specify a column to filter in the table.

 ———
--- a/cli/testdata/coder_version_--help.golden
+++ b/cli/testdata/coder_version_--help.golden
@ -6,7 +6,7 @@ coder v0.0.0-devel
  Show coder version

 [93mOPTIONS:[0m
-  [94m-[0m[94mo[0m, [94m--[0m[94moutput[0m string (default: text)
+  [96m-[0m[96mo[0m, [96m--[0m[96moutput[0m string (default: text)
          Output format. Available formats: text, json.

 ———
--- a/enterprise/cli/testdata/coder_--help.golden
+++ b/enterprise/cli/testdata/coder_--help.golden
@ -24,38 +24,38 @@ coder v0.0.0-devel
 Global options are applied to all commands. They can be set using environment
 variables or flags.

-      [94m--[0m[94mdebug-options[0m bool
+      [96m--[0m[96mdebug-options[0m bool
          Print all options, how they're set, then exit.

-      [94m--[0m[94mdisable-direct-connections[0m bool, [94m$CODER_DISABLE_DIRECT_CONNECTIONS[0m
+      [96m--[0m[96mdisable-direct-connections[0m bool, [96m$CODER_DISABLE_DIRECT_CONNECTIONS[0m
          Disable direct (P2P) connections to workspaces.

-      [94m--[0m[94mglobal-config[0m string, [94m$CODER_CONFIG_DIR[0m (default: ~/.config/coderv2)
+      [96m--[0m[96mglobal-config[0m string, [96m$CODER_CONFIG_DIR[0m (default: ~/.config/coderv2)
          Path to the global `coder` config directory.

-      [94m--[0m[94mheader[0m string-array, [94m$CODER_HEADER[0m
+      [96m--[0m[96mheader[0m string-array, [96m$CODER_HEADER[0m
          Additional HTTP headers added to all requests. Provide as key=value.
          Can be specified multiple times.

-      [94m--[0m[94mheader-command[0m string, [94m$CODER_HEADER_COMMAND[0m
+      [96m--[0m[96mheader-command[0m string, [96m$CODER_HEADER_COMMAND[0m
          An external command that outputs additional HTTP headers added to all
          requests. The command must output each header as `key=value` on its
          own line.

-      [94m--[0m[94mno-feature-warning[0m bool, [94m$CODER_NO_FEATURE_WARNING[0m
+      [96m--[0m[96mno-feature-warning[0m bool, [96m$CODER_NO_FEATURE_WARNING[0m
          Suppress warnings about unlicensed features.

-      [94m--[0m[94mno-version-warning[0m bool, [94m$CODER_NO_VERSION_WARNING[0m
+      [96m--[0m[96mno-version-warning[0m bool, [96m$CODER_NO_VERSION_WARNING[0m
          Suppress warning when client and server versions do not match.

-      [94m--[0m[94mtoken[0m string, [94m$CODER_SESSION_TOKEN[0m
+      [96m--[0m[96mtoken[0m string, [96m$CODER_SESSION_TOKEN[0m
          Specify an authentication token. For security reasons setting
          CODER_SESSION_TOKEN is preferred.

-      [94m--[0m[94murl[0m url, [94m$CODER_URL[0m
+      [96m--[0m[96murl[0m url, [96m$CODER_URL[0m
          URL to a deployment.

-  [94m-[0m[94mv[0m, [94m--[0m[94mverbose[0m bool, [94m$CODER_VERBOSE[0m
+  [96m-[0m[96mv[0m, [96m--[0m[96mverbose[0m bool, [96m$CODER_VERBOSE[0m
          Enable verbose output.

 ———
--- a/enterprise/cli/testdata/coder_features_list_--help.golden
+++ b/enterprise/cli/testdata/coder_features_list_--help.golden
@ -6,11 +6,11 @@ coder v0.0.0-devel
  Aliases: ls

 [93mOPTIONS:[0m
-  [94m-[0m[94mc[0m, [94m--[0m[94mcolumn[0m string-array (default: Name,Entitlement,Enabled,Limit,Actual)
+  [96m-[0m[96mc[0m, [96m--[0m[96mcolumn[0m string-array (default: Name,Entitlement,Enabled,Limit,Actual)
          Specify a column to filter in the table. Available columns are: Name,
          Entitlement, Enabled, Limit, Actual.

-  [94m-[0m[94mo[0m, [94m--[0m[94moutput[0m string (default: table)
+  [96m-[0m[96mo[0m, [96m--[0m[96moutput[0m string (default: table)
          Output format. Available formats are: table, json.

 ———
--- a/enterprise/cli/testdata/coder_groups_create_--help.golden
+++ b/enterprise/cli/testdata/coder_groups_create_--help.golden
@ -6,10 +6,10 @@ coder v0.0.0-devel
  Create a user group

 [93mOPTIONS:[0m
-  [94m-[0m[94mu[0m, [94m--[0m[94mavatar-url[0m string, [94m$CODER_AVATAR_URL[0m
+  [96m-[0m[96mu[0m, [96m--[0m[96mavatar-url[0m string, [96m$CODER_AVATAR_URL[0m
          Set an avatar for a group.

-      [94m--[0m[94mdisplay-name[0m string, [94m$CODER_DISPLAY_NAME[0m
+      [96m--[0m[96mdisplay-name[0m string, [96m$CODER_DISPLAY_NAME[0m
          Optional human friendly name for the group.

 ———
--- a/enterprise/cli/testdata/coder_groups_edit_--help.golden
+++ b/enterprise/cli/testdata/coder_groups_edit_--help.golden
@ -6,19 +6,19 @@ coder v0.0.0-devel
  Edit a user group

 [93mOPTIONS:[0m
-  [94m-[0m[94ma[0m, [94m--[0m[94madd-users[0m string-array
+  [96m-[0m[96ma[0m, [96m--[0m[96madd-users[0m string-array
          Add users to the group. Accepts emails or IDs.

-  [94m-[0m[94mu[0m, [94m--[0m[94mavatar-url[0m string
+  [96m-[0m[96mu[0m, [96m--[0m[96mavatar-url[0m string
          Update the group avatar.

-      [94m--[0m[94mdisplay-name[0m string, [94m$CODER_DISPLAY_NAME[0m
+      [96m--[0m[96mdisplay-name[0m string, [96m$CODER_DISPLAY_NAME[0m
          Optional human friendly name for the group.

-  [94m-[0m[94mn[0m, [94m--[0m[94mname[0m string
+  [96m-[0m[96mn[0m, [96m--[0m[96mname[0m string
          Update the group name.

-  [94m-[0m[94mr[0m, [94m--[0m[94mrm-users[0m string-array
+  [96m-[0m[96mr[0m, [96m--[0m[96mrm-users[0m string-array
          Remove users to the group. Accepts emails or IDs.

 ———
--- a/enterprise/cli/testdata/coder_groups_list_--help.golden
+++ b/enterprise/cli/testdata/coder_groups_list_--help.golden
@ -6,11 +6,11 @@ coder v0.0.0-devel
  List user groups

 [93mOPTIONS:[0m
-  [94m-[0m[94mc[0m, [94m--[0m[94mcolumn[0m string-array (default: name,display name,organization id,members,avatar url)
+  [96m-[0m[96mc[0m, [96m--[0m[96mcolumn[0m string-array (default: name,display name,organization id,members,avatar url)
          Columns to display in table output. Available columns: name, display
          name, organization id, members, avatar url.

-  [94m-[0m[94mo[0m, [94m--[0m[94moutput[0m string (default: table)
+  [96m-[0m[96mo[0m, [96m--[0m[96moutput[0m string (default: table)
          Output format. Available formats: table, json.

 ———
--- a/enterprise/cli/testdata/coder_licenses_add_--help.golden
+++ b/enterprise/cli/testdata/coder_licenses_add_--help.golden
@ -6,13 +6,13 @@ coder v0.0.0-devel
  Add license to Coder deployment

 [93mOPTIONS:[0m
-      [94m--[0m[94mdebug[0m bool
+      [96m--[0m[96mdebug[0m bool
          Output license claims for debugging.

-  [94m-[0m[94mf[0m, [94m--[0m[94mfile[0m string
+  [96m-[0m[96mf[0m, [96m--[0m[96mfile[0m string
          Load license from file.

-  [94m-[0m[94ml[0m, [94m--[0m[94mlicense[0m string
+  [96m-[0m[96ml[0m, [96m--[0m[96mlicense[0m string
          License string.

 ———
--- a/enterprise/cli/testdata/coder_licenses_list_--help.golden
+++ b/enterprise/cli/testdata/coder_licenses_list_--help.golden
@ -8,11 +8,11 @@ coder v0.0.0-devel
  Aliases: ls

 [93mOPTIONS:[0m
-  [94m-[0m[94mc[0m, [94m--[0m[94mcolumn[0m string-array (default: UUID,Expires At,Uploaded At,Features)
+  [96m-[0m[96mc[0m, [96m--[0m[96mcolumn[0m string-array (default: UUID,Expires At,Uploaded At,Features)
          Columns to display in table output. Available columns: id, uuid,
          uploaded at, features, expires at, trial.

-  [94m-[0m[94mo[0m, [94m--[0m[94moutput[0m string (default: table)
+  [96m-[0m[96mo[0m, [96m--[0m[96moutput[0m string (default: table)
          Output format. Available formats: table, json.

 ———
--- a/enterprise/cli/testdata/coder_provisionerd_start_--help.golden
+++ b/enterprise/cli/testdata/coder_provisionerd_start_--help.golden
@ -6,19 +6,19 @@ coder v0.0.0-devel
  Run a provisioner daemon

 [93mOPTIONS:[0m
-  [94m-[0m[94mc[0m, [94m--[0m[94mcache-dir[0m string, [94m$CODER_CACHE_DIRECTORY[0m (default: [cache dir])
+  [96m-[0m[96mc[0m, [96m--[0m[96mcache-dir[0m string, [96m$CODER_CACHE_DIRECTORY[0m (default: [cache dir])
          Directory to store cached data.

-      [94m--[0m[94mpoll-interval[0m duration, [94m$CODER_PROVISIONERD_POLL_INTERVAL[0m (default: 1s)
+      [96m--[0m[96mpoll-interval[0m duration, [96m$CODER_PROVISIONERD_POLL_INTERVAL[0m (default: 1s)
          How often to poll for provisioner jobs.

-      [94m--[0m[94mpoll-jitter[0m duration, [94m$CODER_PROVISIONERD_POLL_JITTER[0m (default: 100ms)
+      [96m--[0m[96mpoll-jitter[0m duration, [96m$CODER_PROVISIONERD_POLL_JITTER[0m (default: 100ms)
          How much to jitter the poll interval by.

-      [94m--[0m[94mpsk[0m string, [94m$CODER_PROVISIONER_DAEMON_PSK[0m
+      [96m--[0m[96mpsk[0m string, [96m$CODER_PROVISIONER_DAEMON_PSK[0m
          Pre-shared key to authenticate with Coder server.

-  [94m-[0m[94mt[0m, [94m--[0m[94mtag[0m string-array, [94m$CODER_PROVISIONERD_TAGS[0m
+  [96m-[0m[96mt[0m, [96m--[0m[96mtag[0m string-array, [96m$CODER_PROVISIONERD_TAGS[0m
          Tags to filter provisioner jobs by.

 ———
--- a/enterprise/cli/testdata/coder_server_--help.golden
+++ b/enterprise/cli/testdata/coder_server_--help.golden
@ -15,42 +15,42 @@ coder v0.0.0-devel
                              PostgreSQL deployment.

 [93mOPTIONS:[0m
-      [94m--[0m[94mcache-dir[0m string, [94m$CODER_CACHE_DIRECTORY[0m (default: [cache dir])
+      [96m--[0m[96mcache-dir[0m string, [96m$CODER_CACHE_DIRECTORY[0m (default: [cache dir])
          The directory to cache temporary files. If unspecified and
          $CACHE_DIRECTORY is set, it will be used for compatibility with
          systemd.

-      [94m--[0m[94mdisable-owner-workspace-access[0m bool, [94m$CODER_DISABLE_OWNER_WORKSPACE_ACCESS[0m
+      [96m--[0m[96mdisable-owner-workspace-access[0m bool, [96m$CODER_DISABLE_OWNER_WORKSPACE_ACCESS[0m
          Remove the permission for the 'owner' role to have workspace execution
          on all workspaces. This prevents the 'owner' from ssh, apps, and
          terminal access based on the 'owner' role. They still have their user
          permissions to access their own workspaces.

-      [94m--[0m[94mdisable-path-apps[0m bool, [94m$CODER_DISABLE_PATH_APPS[0m
+      [96m--[0m[96mdisable-path-apps[0m bool, [96m$CODER_DISABLE_PATH_APPS[0m
          Disable workspace apps that are not served from subdomains. Path-based
          apps can make requests to the Coder API and pose a security risk when
          the workspace serves malicious JavaScript. This is recommended for
          security purposes if a --wildcard-access-url is configured.

-      [94m--[0m[94mswagger-enable[0m bool, [94m$CODER_SWAGGER_ENABLE[0m
+      [96m--[0m[96mswagger-enable[0m bool, [96m$CODER_SWAGGER_ENABLE[0m
          Expose the swagger endpoint via /swagger.

-      [94m--[0m[94mexperiments[0m string-array, [94m$CODER_EXPERIMENTS[0m
+      [96m--[0m[96mexperiments[0m string-array, [96m$CODER_EXPERIMENTS[0m
          Enable one or more experiments. These are not ready for production.
          Separate multiple experiments with commas, or enter '*' to opt-in to
          all available experiments.

-      [94m--[0m[94mpostgres-url[0m string, [94m$CODER_PG_CONNECTION_URL[0m
+      [96m--[0m[96mpostgres-url[0m string, [96m$CODER_PG_CONNECTION_URL[0m
          URL of a PostgreSQL database. If empty, PostgreSQL binaries will be
          downloaded from Maven (https://repo1.maven.org/maven2) and store all
          data in the config root. Access the built-in database with "coder
          server postgres-builtin-url".

-      [94m--[0m[94mssh-keygen-algorithm[0m string, [94m$CODER_SSH_KEYGEN_ALGORITHM[0m (default: ed25519)
+      [96m--[0m[96mssh-keygen-algorithm[0m string, [96m$CODER_SSH_KEYGEN_ALGORITHM[0m (default: ed25519)
          The algorithm to use for generating ssh keys. Accepted values are
          "ed25519", "ecdsa", or "rsa4096".

-      [94m--[0m[94mupdate-check[0m bool, [94m$CODER_UPDATE_CHECK[0m (default: false)
+      [96m--[0m[96mupdate-check[0m bool, [96m$CODER_UPDATE_CHECK[0m (default: false)
          Periodically check for new releases of Coder and inform the owner. The
          check is performed once per day.

@ -58,99 +58,99 @@ coder v0.0.0-devel
 These options change the behavior of how clients interact with the Coder.
 Clients include the coder cli, vs code extension, and the web UI.

-      [94m--[0m[94mssh-config-options[0m string-array, [94m$CODER_SSH_CONFIG_OPTIONS[0m
+      [96m--[0m[96mssh-config-options[0m string-array, [96m$CODER_SSH_CONFIG_OPTIONS[0m
          These SSH config options will override the default SSH config options.
          Provide options in "key=value" or "key value" format separated by
          commas.Using this incorrectly can break SSH to your deployment, use
          cautiously.

-      [94m--[0m[94mssh-hostname-prefix[0m string, [94m$CODER_SSH_HOSTNAME_PREFIX[0m (default: coder.)
+      [96m--[0m[96mssh-hostname-prefix[0m string, [96m$CODER_SSH_HOSTNAME_PREFIX[0m (default: coder.)
          The SSH deployment prefix is used in the Host of the ssh config.

 [93mCONFIG OPTIONS:[0m 
 Use a YAML configuration file when your server launch become unwieldy.

-  [94m-[0m[94mc[0m, [94m--[0m[94mconfig[0m yaml-config-path, [94m$CODER_CONFIG_PATH[0m
+  [96m-[0m[96mc[0m, [96m--[0m[96mconfig[0m yaml-config-path, [96m$CODER_CONFIG_PATH[0m
          Specify a YAML file to load configuration from.

-      [94m--[0m[94mwrite-config[0m bool
+      [96m--[0m[96mwrite-config[0m bool
          
          Write out the current server config as YAML to stdout.

 [93mINTROSPECTION / LOGGING OPTIONS:[0m 
-      [94m--[0m[94menable-terraform-debug-mode[0m bool, [94m$CODER_ENABLE_TERRAFORM_DEBUG_MODE[0m (default: false)
+      [96m--[0m[96menable-terraform-debug-mode[0m bool, [96m$CODER_ENABLE_TERRAFORM_DEBUG_MODE[0m (default: false)
          Allow administrators to enable Terraform debug output.

-      [94m--[0m[94mlog-human[0m string, [94m$CODER_LOGGING_HUMAN[0m (default: /dev/stderr)
+      [96m--[0m[96mlog-human[0m string, [96m$CODER_LOGGING_HUMAN[0m (default: /dev/stderr)
          Output human-readable logs to a given file.

-      [94m--[0m[94mlog-json[0m string, [94m$CODER_LOGGING_JSON[0m
+      [96m--[0m[96mlog-json[0m string, [96m$CODER_LOGGING_JSON[0m
          Output JSON logs to a given file.

-  [94m-[0m[94ml[0m, [94m--[0m[94mlog-filter[0m string-array, [94m$CODER_LOG_FILTER[0m
+  [96m-[0m[96ml[0m, [96m--[0m[96mlog-filter[0m string-array, [96m$CODER_LOG_FILTER[0m
          Filter debug logs by matching against a given regex. Use .* to match
          all debug logs.

-      [94m--[0m[94mlog-stackdriver[0m string, [94m$CODER_LOGGING_STACKDRIVER[0m
+      [96m--[0m[96mlog-stackdriver[0m string, [96m$CODER_LOGGING_STACKDRIVER[0m
          Output Stackdriver compatible logs to a given file.

 [93mINTROSPECTION / PROMETHEUS OPTIONS:[0m 
-      [94m--[0m[94mprometheus-address[0m host:port, [94m$CODER_PROMETHEUS_ADDRESS[0m (default: 127.0.0.1:2112)
+      [96m--[0m[96mprometheus-address[0m host:port, [96m$CODER_PROMETHEUS_ADDRESS[0m (default: 127.0.0.1:2112)
          The bind address to serve prometheus metrics.

-      [94m--[0m[94mprometheus-collect-agent-stats[0m bool, [94m$CODER_PROMETHEUS_COLLECT_AGENT_STATS[0m
+      [96m--[0m[96mprometheus-collect-agent-stats[0m bool, [96m$CODER_PROMETHEUS_COLLECT_AGENT_STATS[0m
          Collect agent stats (may increase charges for metrics storage).

-      [94m--[0m[94mprometheus-collect-db-metrics[0m bool, [94m$CODER_PROMETHEUS_COLLECT_DB_METRICS[0m (default: false)
+      [96m--[0m[96mprometheus-collect-db-metrics[0m bool, [96m$CODER_PROMETHEUS_COLLECT_DB_METRICS[0m (default: false)
          Collect database metrics (may increase charges for metrics storage).

-      [94m--[0m[94mprometheus-enable[0m bool, [94m$CODER_PROMETHEUS_ENABLE[0m
+      [96m--[0m[96mprometheus-enable[0m bool, [96m$CODER_PROMETHEUS_ENABLE[0m
          Serve prometheus metrics on the address defined by prometheus address.

 [93mINTROSPECTION / TRACING OPTIONS:[0m 
-      [94m--[0m[94mtrace-logs[0m bool, [94m$CODER_TRACE_LOGS[0m
+      [96m--[0m[96mtrace-logs[0m bool, [96m$CODER_TRACE_LOGS[0m
          Enables capturing of logs as events in traces. This is useful for
          debugging, but may result in a very large amount of events being sent
          to the tracing backend which may incur significant costs.

-      [94m--[0m[94mtrace[0m bool, [94m$CODER_TRACE_ENABLE[0m
+      [96m--[0m[96mtrace[0m bool, [96m$CODER_TRACE_ENABLE[0m
          Whether application tracing data is collected. It exports to a backend
          configured by environment variables. See:
          https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md.

-      [94m--[0m[94mtrace-honeycomb-api-key[0m string, [94m$CODER_TRACE_HONEYCOMB_API_KEY[0m
+      [96m--[0m[96mtrace-honeycomb-api-key[0m string, [96m$CODER_TRACE_HONEYCOMB_API_KEY[0m
          Enables trace exporting to Honeycomb.io using the provided API Key.

 [93mINTROSPECTION / PPROF OPTIONS:[0m 
-      [94m--[0m[94mpprof-address[0m host:port, [94m$CODER_PPROF_ADDRESS[0m (default: 127.0.0.1:6060)
+      [96m--[0m[96mpprof-address[0m host:port, [96m$CODER_PPROF_ADDRESS[0m (default: 127.0.0.1:6060)
          The bind address to serve pprof.

-      [94m--[0m[94mpprof-enable[0m bool, [94m$CODER_PPROF_ENABLE[0m
+      [96m--[0m[96mpprof-enable[0m bool, [96m$CODER_PPROF_ENABLE[0m
          Serve pprof metrics on the address defined by pprof address.

 [93mNETWORKING OPTIONS:[0m 
-      [94m--[0m[94maccess-url[0m url, [94m$CODER_ACCESS_URL[0m
+      [96m--[0m[96maccess-url[0m url, [96m$CODER_ACCESS_URL[0m
          The URL that users will use to access the Coder deployment.

-      [94m--[0m[94mdocs-url[0m url, [94m$CODER_DOCS_URL[0m
+      [96m--[0m[96mdocs-url[0m url, [96m$CODER_DOCS_URL[0m
          Specifies the custom docs URL.

-      [94m--[0m[94mproxy-trusted-headers[0m string-array, [94m$CODER_PROXY_TRUSTED_HEADERS[0m
+      [96m--[0m[96mproxy-trusted-headers[0m string-array, [96m$CODER_PROXY_TRUSTED_HEADERS[0m
          Headers to trust for forwarding IP addresses. e.g. Cf-Connecting-Ip,
          True-Client-Ip, X-Forwarded-For.

-      [94m--[0m[94mproxy-trusted-origins[0m string-array, [94m$CODER_PROXY_TRUSTED_ORIGINS[0m
+      [96m--[0m[96mproxy-trusted-origins[0m string-array, [96m$CODER_PROXY_TRUSTED_ORIGINS[0m
          Origin addresses to respect "proxy-trusted-headers". e.g.
          192.168.1.0/24.

-      [94m--[0m[94mredirect-to-access-url[0m bool, [94m$CODER_REDIRECT_TO_ACCESS_URL[0m
+      [96m--[0m[96mredirect-to-access-url[0m bool, [96m$CODER_REDIRECT_TO_ACCESS_URL[0m
          Specifies whether to redirect requests that do not match the access
          URL host.

-      [94m--[0m[94msecure-auth-cookie[0m bool, [94m$CODER_SECURE_AUTH_COOKIE[0m
+      [96m--[0m[96msecure-auth-cookie[0m bool, [96m$CODER_SECURE_AUTH_COOKIE[0m
          Controls if the 'Secure' property is set on browser session cookies.

-      [94m--[0m[94mwildcard-access-url[0m url, [94m$CODER_WILDCARD_ACCESS_URL[0m
+      [96m--[0m[96mwildcard-access-url[0m url, [96m$CODER_WILDCARD_ACCESS_URL[0m
          Specifies the wildcard hostname to use for workspace applications in
          the form "*.example.com".

@ -160,7 +160,7 @@ between workspaces and users are peer-to-peer. However, when Coder cannot
 establish a peer to peer connection, Coder uses a distributed relay network
 backed by Tailscale and WireGuard.

-      [94m--[0m[94mblock-direct-connections[0m bool, [94m$CODER_BLOCK_DIRECT[0m
+      [96m--[0m[96mblock-direct-connections[0m bool, [96m$CODER_BLOCK_DIRECT[0m
          Block peer-to-peer (aka. direct) workspace connections. All workspace
          connections from the CLI will be proxied through Coder (or custom
          configured DERP servers) and will never be peer-to-peer when enabled.
@ -168,28 +168,28 @@ backed by Tailscale and WireGuard.
          until they are restarted after this change has been made, but new
          connections will still be proxied regardless.

-      [94m--[0m[94mderp-config-path[0m string, [94m$CODER_DERP_CONFIG_PATH[0m
+      [96m--[0m[96mderp-config-path[0m string, [96m$CODER_DERP_CONFIG_PATH[0m
          Path to read a DERP mapping from. See:
          https://tailscale.com/kb/1118/custom-derp-servers/.

-      [94m--[0m[94mderp-config-url[0m string, [94m$CODER_DERP_CONFIG_URL[0m
+      [96m--[0m[96mderp-config-url[0m string, [96m$CODER_DERP_CONFIG_URL[0m
          URL to fetch a DERP mapping on startup. See:
          https://tailscale.com/kb/1118/custom-derp-servers/.

-      [94m--[0m[94mderp-force-websockets[0m bool, [94m$CODER_DERP_FORCE_WEBSOCKETS[0m
+      [96m--[0m[96mderp-force-websockets[0m bool, [96m$CODER_DERP_FORCE_WEBSOCKETS[0m
          Force clients and agents to always use WebSocket to connect to DERP
          relay servers. By default, DERP uses `Upgrade: derp`, which may cause
          issues with some reverse proxies. Clients may automatically fallback
          to WebSocket if they detect an issue with `Upgrade: derp`, but this
          does not work in all situations.

-      [94m--[0m[94mderp-server-enable[0m bool, [94m$CODER_DERP_SERVER_ENABLE[0m (default: true)
+      [96m--[0m[96mderp-server-enable[0m bool, [96m$CODER_DERP_SERVER_ENABLE[0m (default: true)
          Whether to enable or disable the embedded DERP relay server.

-      [94m--[0m[94mderp-server-region-name[0m string, [94m$CODER_DERP_SERVER_REGION_NAME[0m (default: Coder Embedded Relay)
+      [96m--[0m[96mderp-server-region-name[0m string, [96m$CODER_DERP_SERVER_REGION_NAME[0m (default: Coder Embedded Relay)
          Region name that for the embedded DERP server.

-      [94m--[0m[94mderp-server-stun-addresses[0m string-array, [94m$CODER_DERP_SERVER_STUN_ADDRESSES[0m (default: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302)
+      [96m--[0m[96mderp-server-stun-addresses[0m string-array, [96m$CODER_DERP_SERVER_STUN_ADDRESSES[0m (default: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302)
          Addresses for STUN servers to establish P2P connections. It's
          recommended to have at least two STUN servers to give users the best
          chance of connecting P2P to workspaces. Each STUN server will get it's
@ -197,7 +197,7 @@ backed by Tailscale and WireGuard.
          + 1`. Use special value 'disable' to turn off STUN completely.

 [93mNETWORKING / HTTP OPTIONS:[0m 
-      [94m--[0m[94mdisable-password-auth[0m bool, [94m$CODER_DISABLE_PASSWORD_AUTH[0m
+      [96m--[0m[96mdisable-password-auth[0m bool, [96m$CODER_DISABLE_PASSWORD_AUTH[0m
          Disable password authentication. This is recommended for security
          purposes in production deployments that rely on an identity provider.
          Any user with the owner role will be able to sign in with their
@ -206,23 +206,23 @@ backed by Tailscale and WireGuard.
          create-admin` command to create a new admin user directly in the
          database.

-      [94m--[0m[94mdisable-session-expiry-refresh[0m bool, [94m$CODER_DISABLE_SESSION_EXPIRY_REFRESH[0m
+      [96m--[0m[96mdisable-session-expiry-refresh[0m bool, [96m$CODER_DISABLE_SESSION_EXPIRY_REFRESH[0m
          Disable automatic session expiry bumping due to activity. This forces
          all sessions to become invalid after the session expiry duration has
          been reached.

-      [94m--[0m[94mhttp-address[0m string, [94m$CODER_HTTP_ADDRESS[0m (default: 127.0.0.1:3000)
+      [96m--[0m[96mhttp-address[0m string, [96m$CODER_HTTP_ADDRESS[0m (default: 127.0.0.1:3000)
          HTTP bind address of the server. Unset to disable the HTTP endpoint.

-      [94m--[0m[94mmax-token-lifetime[0m duration, [94m$CODER_MAX_TOKEN_LIFETIME[0m (default: 876600h0m0s)
+      [96m--[0m[96mmax-token-lifetime[0m duration, [96m$CODER_MAX_TOKEN_LIFETIME[0m (default: 876600h0m0s)
          The maximum lifetime duration users can specify when creating an API
          token.

-      [94m--[0m[94mproxy-health-interval[0m duration, [94m$CODER_PROXY_HEALTH_INTERVAL[0m (default: 1m0s)
+      [96m--[0m[96mproxy-health-interval[0m duration, [96m$CODER_PROXY_HEALTH_INTERVAL[0m (default: 1m0s)
          The interval in which coderd should be checking the status of
          workspace proxies.

-      [94m--[0m[94msession-duration[0m duration, [94m$CODER_SESSION_DURATION[0m (default: 24h0m0s)
+      [96m--[0m[96msession-duration[0m duration, [96m$CODER_SESSION_DURATION[0m (default: 24h0m0s)
          The token expiry duration for browser sessions. Sessions may last
          longer if they are actively making requests, but this functionality
          can be disabled via --disable-session-expiry-refresh.
@ -232,178 +232,178 @@ Configure TLS / HTTPS for your Coder deployment. If you're running Coder behind
 a TLS-terminating reverse proxy or are accessing Coder over a secure link, you
 can safely ignore these settings.

-      [94m--[0m[94mstrict-transport-security[0m int, [94m$CODER_STRICT_TRANSPORT_SECURITY[0m (default: 0)
+      [96m--[0m[96mstrict-transport-security[0m int, [96m$CODER_STRICT_TRANSPORT_SECURITY[0m (default: 0)
          Controls if the 'Strict-Transport-Security' header is set on all
          static file responses. This header should only be set if the server is
          accessed via HTTPS. This value is the MaxAge in seconds of the header.

-      [94m--[0m[94mstrict-transport-security-options[0m string-array, [94m$CODER_STRICT_TRANSPORT_SECURITY_OPTIONS[0m
+      [96m--[0m[96mstrict-transport-security-options[0m string-array, [96m$CODER_STRICT_TRANSPORT_SECURITY_OPTIONS[0m
          Two optional fields can be set in the Strict-Transport-Security
          header; 'includeSubDomains' and 'preload'. The
          'strict-transport-security' flag must be set to a non-zero value for
          these options to be used.

-      [94m--[0m[94mtls-address[0m host:port, [94m$CODER_TLS_ADDRESS[0m (default: 127.0.0.1:3443)
+      [96m--[0m[96mtls-address[0m host:port, [96m$CODER_TLS_ADDRESS[0m (default: 127.0.0.1:3443)
          HTTPS bind address of the server.

-      [94m--[0m[94mtls-cert-file[0m string-array, [94m$CODER_TLS_CERT_FILE[0m
+      [96m--[0m[96mtls-cert-file[0m string-array, [96m$CODER_TLS_CERT_FILE[0m
          Path to each certificate for TLS. It requires a PEM-encoded file. To
          configure the listener to use a CA certificate, concatenate the
          primary certificate and the CA certificate together. The primary
          certificate should appear first in the combined file.

-      [94m--[0m[94mtls-client-auth[0m string, [94m$CODER_TLS_CLIENT_AUTH[0m (default: none)
+      [96m--[0m[96mtls-client-auth[0m string, [96m$CODER_TLS_CLIENT_AUTH[0m (default: none)
          Policy the server will follow for TLS Client Authentication. Accepted
          values are "none", "request", "require-any", "verify-if-given", or
          "require-and-verify".

-      [94m--[0m[94mtls-client-ca-file[0m string, [94m$CODER_TLS_CLIENT_CA_FILE[0m
+      [96m--[0m[96mtls-client-ca-file[0m string, [96m$CODER_TLS_CLIENT_CA_FILE[0m
          PEM-encoded Certificate Authority file used for checking the
          authenticity of client.

-      [94m--[0m[94mtls-client-cert-file[0m string, [94m$CODER_TLS_CLIENT_CERT_FILE[0m
+      [96m--[0m[96mtls-client-cert-file[0m string, [96m$CODER_TLS_CLIENT_CERT_FILE[0m
          Path to certificate for client TLS authentication. It requires a
          PEM-encoded file.

-      [94m--[0m[94mtls-client-key-file[0m string, [94m$CODER_TLS_CLIENT_KEY_FILE[0m
+      [96m--[0m[96mtls-client-key-file[0m string, [96m$CODER_TLS_CLIENT_KEY_FILE[0m
          Path to key for client TLS authentication. It requires a PEM-encoded
          file.

-      [94m--[0m[94mtls-enable[0m bool, [94m$CODER_TLS_ENABLE[0m
+      [96m--[0m[96mtls-enable[0m bool, [96m$CODER_TLS_ENABLE[0m
          Whether TLS will be enabled.

-      [94m--[0m[94mtls-key-file[0m string-array, [94m$CODER_TLS_KEY_FILE[0m
+      [96m--[0m[96mtls-key-file[0m string-array, [96m$CODER_TLS_KEY_FILE[0m
          Paths to the private keys for each of the certificates. It requires a
          PEM-encoded file.

-      [94m--[0m[94mtls-min-version[0m string, [94m$CODER_TLS_MIN_VERSION[0m (default: tls12)
+      [96m--[0m[96mtls-min-version[0m string, [96m$CODER_TLS_MIN_VERSION[0m (default: tls12)
          Minimum supported version of TLS. Accepted values are "tls10",
          "tls11", "tls12" or "tls13".

 [93mOAUTH2 / GITHUB OPTIONS:[0m 
-      [94m--[0m[94moauth2-github-allow-everyone[0m bool, [94m$CODER_OAUTH2_GITHUB_ALLOW_EVERYONE[0m
+      [96m--[0m[96moauth2-github-allow-everyone[0m bool, [96m$CODER_OAUTH2_GITHUB_ALLOW_EVERYONE[0m
          Allow all logins, setting this option means allowed orgs and teams
          must be empty.

-      [94m--[0m[94moauth2-github-allow-signups[0m bool, [94m$CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS[0m
+      [96m--[0m[96moauth2-github-allow-signups[0m bool, [96m$CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS[0m
          Whether new users can sign up with GitHub.

-      [94m--[0m[94moauth2-github-allowed-orgs[0m string-array, [94m$CODER_OAUTH2_GITHUB_ALLOWED_ORGS[0m
+      [96m--[0m[96moauth2-github-allowed-orgs[0m string-array, [96m$CODER_OAUTH2_GITHUB_ALLOWED_ORGS[0m
          Organizations the user must be a member of to Login with GitHub.

-      [94m--[0m[94moauth2-github-allowed-teams[0m string-array, [94m$CODER_OAUTH2_GITHUB_ALLOWED_TEAMS[0m
+      [96m--[0m[96moauth2-github-allowed-teams[0m string-array, [96m$CODER_OAUTH2_GITHUB_ALLOWED_TEAMS[0m
          Teams inside organizations the user must be a member of to Login with
          GitHub. Structured as: <organization-name>/<team-slug>.

-      [94m--[0m[94moauth2-github-client-id[0m string, [94m$CODER_OAUTH2_GITHUB_CLIENT_ID[0m
+      [96m--[0m[96moauth2-github-client-id[0m string, [96m$CODER_OAUTH2_GITHUB_CLIENT_ID[0m
          Client ID for Login with GitHub.

-      [94m--[0m[94moauth2-github-client-secret[0m string, [94m$CODER_OAUTH2_GITHUB_CLIENT_SECRET[0m
+      [96m--[0m[96moauth2-github-client-secret[0m string, [96m$CODER_OAUTH2_GITHUB_CLIENT_SECRET[0m
          Client secret for Login with GitHub.

-      [94m--[0m[94moauth2-github-enterprise-base-url[0m string, [94m$CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL[0m
+      [96m--[0m[96moauth2-github-enterprise-base-url[0m string, [96m$CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL[0m
          Base URL of a GitHub Enterprise deployment to use for Login with
          GitHub.

 [93mOIDC OPTIONS:[0m 
-      [94m--[0m[94moidc-group-auto-create[0m bool, [94m$CODER_OIDC_GROUP_AUTO_CREATE[0m (default: false)
+      [96m--[0m[96moidc-group-auto-create[0m bool, [96m$CODER_OIDC_GROUP_AUTO_CREATE[0m (default: false)
          Automatically creates missing groups from a user's groups claim.

-      [94m--[0m[94moidc-allow-signups[0m bool, [94m$CODER_OIDC_ALLOW_SIGNUPS[0m (default: true)
+      [96m--[0m[96moidc-allow-signups[0m bool, [96m$CODER_OIDC_ALLOW_SIGNUPS[0m (default: true)
          Whether new users can sign up with OIDC.

-      [94m--[0m[94moidc-auth-url-params[0m struct[map[string]string], [94m$CODER_OIDC_AUTH_URL_PARAMS[0m (default: {"access_type": "offline"})
+      [96m--[0m[96moidc-auth-url-params[0m struct[map[string]string], [96m$CODER_OIDC_AUTH_URL_PARAMS[0m (default: {"access_type": "offline"})
          OIDC auth URL parameters to pass to the upstream provider.

-      [94m--[0m[94moidc-client-cert-file[0m string, [94m$CODER_OIDC_CLIENT_CERT_FILE[0m
+      [96m--[0m[96moidc-client-cert-file[0m string, [96m$CODER_OIDC_CLIENT_CERT_FILE[0m
          Pem encoded certificate file to use for oauth2 PKI/JWT authorization.
          The public certificate that accompanies oidc-client-key-file. A
          standard x509 certificate is expected.

-      [94m--[0m[94moidc-client-id[0m string, [94m$CODER_OIDC_CLIENT_ID[0m
+      [96m--[0m[96moidc-client-id[0m string, [96m$CODER_OIDC_CLIENT_ID[0m
          Client ID to use for Login with OIDC.

-      [94m--[0m[94moidc-client-key-file[0m string, [94m$CODER_OIDC_CLIENT_KEY_FILE[0m
+      [96m--[0m[96moidc-client-key-file[0m string, [96m$CODER_OIDC_CLIENT_KEY_FILE[0m
          Pem encoded RSA private key to use for oauth2 PKI/JWT authorization.
          This can be used instead of oidc-client-secret if your IDP supports
          it.

-      [94m--[0m[94moidc-client-secret[0m string, [94m$CODER_OIDC_CLIENT_SECRET[0m
+      [96m--[0m[96moidc-client-secret[0m string, [96m$CODER_OIDC_CLIENT_SECRET[0m
          Client secret to use for Login with OIDC.

-      [94m--[0m[94moidc-email-domain[0m string-array, [94m$CODER_OIDC_EMAIL_DOMAIN[0m
+      [96m--[0m[96moidc-email-domain[0m string-array, [96m$CODER_OIDC_EMAIL_DOMAIN[0m
          Email domains that clients logging in with OIDC must match.

-      [94m--[0m[94moidc-email-field[0m string, [94m$CODER_OIDC_EMAIL_FIELD[0m (default: email)
+      [96m--[0m[96moidc-email-field[0m string, [96m$CODER_OIDC_EMAIL_FIELD[0m (default: email)
          OIDC claim field to use as the email.

-      [94m--[0m[94moidc-group-field[0m string, [94m$CODER_OIDC_GROUP_FIELD[0m
+      [96m--[0m[96moidc-group-field[0m string, [96m$CODER_OIDC_GROUP_FIELD[0m
          This field must be set if using the group sync feature and the scope
          name is not 'groups'. Set to the claim to be used for groups.

-      [94m--[0m[94moidc-group-mapping[0m struct[map[string]string], [94m$CODER_OIDC_GROUP_MAPPING[0m (default: {})
+      [96m--[0m[96moidc-group-mapping[0m struct[map[string]string], [96m$CODER_OIDC_GROUP_MAPPING[0m (default: {})
          A map of OIDC group IDs and the group in Coder it should map to. This
          is useful for when OIDC providers only return group IDs.

-      [94m--[0m[94moidc-ignore-email-verified[0m bool, [94m$CODER_OIDC_IGNORE_EMAIL_VERIFIED[0m
+      [96m--[0m[96moidc-ignore-email-verified[0m bool, [96m$CODER_OIDC_IGNORE_EMAIL_VERIFIED[0m
          Ignore the email_verified claim from the upstream provider.

-      [94m--[0m[94moidc-ignore-userinfo[0m bool, [94m$CODER_OIDC_IGNORE_USERINFO[0m (default: false)
+      [96m--[0m[96moidc-ignore-userinfo[0m bool, [96m$CODER_OIDC_IGNORE_USERINFO[0m (default: false)
          Ignore the userinfo endpoint and only use the ID token for user
          information.

-      [94m--[0m[94moidc-issuer-url[0m string, [94m$CODER_OIDC_ISSUER_URL[0m
+      [96m--[0m[96moidc-issuer-url[0m string, [96m$CODER_OIDC_ISSUER_URL[0m
          Issuer URL to use for Login with OIDC.

-      [94m--[0m[94moidc-group-regex-filter[0m regexp, [94m$CODER_OIDC_GROUP_REGEX_FILTER[0m (default: .*)
+      [96m--[0m[96moidc-group-regex-filter[0m regexp, [96m$CODER_OIDC_GROUP_REGEX_FILTER[0m (default: .*)
          If provided any group name not matching the regex is ignored. This
          allows for filtering out groups that are not needed. This filter is
          applied after the group mapping.

-      [94m--[0m[94moidc-scopes[0m string-array, [94m$CODER_OIDC_SCOPES[0m (default: openid,profile,email)
+      [96m--[0m[96moidc-scopes[0m string-array, [96m$CODER_OIDC_SCOPES[0m (default: openid,profile,email)
          Scopes to grant when authenticating with OIDC.

-      [94m--[0m[94moidc-user-role-default[0m string-array, [94m$CODER_OIDC_USER_ROLE_DEFAULT[0m
+      [96m--[0m[96moidc-user-role-default[0m string-array, [96m$CODER_OIDC_USER_ROLE_DEFAULT[0m
          If user role sync is enabled, these roles are always included for all
          authenticated users. The 'member' role is always assigned.

-      [94m--[0m[94moidc-user-role-field[0m string, [94m$CODER_OIDC_USER_ROLE_FIELD[0m
+      [96m--[0m[96moidc-user-role-field[0m string, [96m$CODER_OIDC_USER_ROLE_FIELD[0m
          This field must be set if using the user roles sync feature. Set this
          to the name of the claim used to store the user's role. The roles
          should be sent as an array of strings.

-      [94m--[0m[94moidc-user-role-mapping[0m struct[map[string][]string], [94m$CODER_OIDC_USER_ROLE_MAPPING[0m (default: {})
+      [96m--[0m[96moidc-user-role-mapping[0m struct[map[string][]string], [96m$CODER_OIDC_USER_ROLE_MAPPING[0m (default: {})
          A map of the OIDC passed in user roles and the groups in Coder it
          should map to. This is useful if the group names do not match. If
          mapped to the empty string, the role will ignored.

-      [94m--[0m[94moidc-username-field[0m string, [94m$CODER_OIDC_USERNAME_FIELD[0m (default: preferred_username)
+      [96m--[0m[96moidc-username-field[0m string, [96m$CODER_OIDC_USERNAME_FIELD[0m (default: preferred_username)
          OIDC claim field to use as the username.

-      [94m--[0m[94moidc-sign-in-text[0m string, [94m$CODER_OIDC_SIGN_IN_TEXT[0m (default: OpenID Connect)
+      [96m--[0m[96moidc-sign-in-text[0m string, [96m$CODER_OIDC_SIGN_IN_TEXT[0m (default: OpenID Connect)
          The text to show on the OpenID Connect sign in button.

-      [94m--[0m[94moidc-icon-url[0m url, [94m$CODER_OIDC_ICON_URL[0m
+      [96m--[0m[96moidc-icon-url[0m url, [96m$CODER_OIDC_ICON_URL[0m
          URL pointing to the icon to use on the OpenID Connect login button.

 [93mPROVISIONING OPTIONS:[0m 
 Tune the behavior of the provisioner, which is responsible for creating,
 updating, and deleting workspace resources.

-      [94m--[0m[94mprovisioner-force-cancel-interval[0m duration, [94m$CODER_PROVISIONER_FORCE_CANCEL_INTERVAL[0m (default: 10m0s)
+      [96m--[0m[96mprovisioner-force-cancel-interval[0m duration, [96m$CODER_PROVISIONER_FORCE_CANCEL_INTERVAL[0m (default: 10m0s)
          Time to force cancel provisioning tasks that are stuck.

-      [94m--[0m[94mprovisioner-daemon-poll-interval[0m duration, [94m$CODER_PROVISIONER_DAEMON_POLL_INTERVAL[0m (default: 1s)
+      [96m--[0m[96mprovisioner-daemon-poll-interval[0m duration, [96m$CODER_PROVISIONER_DAEMON_POLL_INTERVAL[0m (default: 1s)
          Time to wait before polling for a new job.

-      [94m--[0m[94mprovisioner-daemon-poll-jitter[0m duration, [94m$CODER_PROVISIONER_DAEMON_POLL_JITTER[0m (default: 100ms)
+      [96m--[0m[96mprovisioner-daemon-poll-jitter[0m duration, [96m$CODER_PROVISIONER_DAEMON_POLL_JITTER[0m (default: 100ms)
          Random jitter added to the poll interval.

-      [94m--[0m[94mprovisioner-daemon-psk[0m string, [94m$CODER_PROVISIONER_DAEMON_PSK[0m
+      [96m--[0m[96mprovisioner-daemon-psk[0m string, [96m$CODER_PROVISIONER_DAEMON_PSK[0m
          Pre-shared key to authenticate external provisioner daemons to Coder
          server.

-      [94m--[0m[94mprovisioner-daemons[0m int, [94m$CODER_PROVISIONER_DAEMONS[0m (default: 3)
+      [96m--[0m[96mprovisioner-daemons[0m int, [96m$CODER_PROVISIONER_DAEMONS[0m (default: 3)
          Number of provisioner daemons to create on start. If builds are stuck
          in queued state for a long time, consider increasing this.

@ -412,11 +412,11 @@ Telemetry is critical to our ability to improve Coder. We strip all
 personalinformation before sending data to our servers. Please only disable
 telemetrywhen required by your organization's security policy.

-      [94m--[0m[94mtelemetry[0m bool, [94m$CODER_TELEMETRY_ENABLE[0m (default: false)
+      [96m--[0m[96mtelemetry[0m bool, [96m$CODER_TELEMETRY_ENABLE[0m (default: false)
          Whether telemetry is enabled or not. Coder collects anonymized usage
          data to help improve our product.

-      [94m--[0m[94mtelemetry-trace[0m bool, [94m$CODER_TELEMETRY_TRACE[0m (default: false)
+      [96m--[0m[96mtelemetry-trace[0m bool, [96m$CODER_TELEMETRY_TRACE[0m (default: false)
          Whether Opentelemetry traces are sent to Coder. Coder collects
          anonymized application tracing to help improve our product. Disabling
          telemetry also disables this option.
@ -425,7 +425,7 @@ telemetrywhen required by your organization's security policy.
 Allow users to set quiet hours schedules each day for workspaces to avoid
 workspaces stopping during the day due to template max TTL.

-      [94m--[0m[94mdefault-quiet-hours-schedule[0m string, [94m$CODER_QUIET_HOURS_DEFAULT_SCHEDULE[0m
+      [96m--[0m[96mdefault-quiet-hours-schedule[0m string, [96m$CODER_QUIET_HOURS_DEFAULT_SCHEDULE[0m
          The default daily cron schedule applied to users that haven't set a
          custom quiet hours schedule themselves. The quiet hours schedule
          determines when workspaces will be force stopped due to the template's
@ -436,7 +436,7 @@ workspaces stopping during the day due to template max TTL.
          are not supported).

 [93m⚠️ DANGEROUS OPTIONS:[0m 
-      [94m--[0m[94mdangerous-allow-path-app-sharing[0m bool, [94m$CODER_DANGEROUS_ALLOW_PATH_APP_SHARING[0m
+      [96m--[0m[96mdangerous-allow-path-app-sharing[0m bool, [96m$CODER_DANGEROUS_ALLOW_PATH_APP_SHARING[0m
          Allow workspace apps that are not served from subdomains to be shared.
          Path-based app sharing is DISABLED by default for security purposes.
          Path-based apps can make requests to the Coder API and pose a security
@ -444,7 +444,7 @@ workspaces stopping during the day due to template max TTL.
          can be disabled entirely with --disable-path-apps for further
          security.

-      [94m--[0m[94mdangerous-allow-path-app-site-owner-access[0m bool, [94m$CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS[0m
+      [96m--[0m[96mdangerous-allow-path-app-site-owner-access[0m bool, [96m$CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS[0m
          Allow site-owners to access workspace apps from workspaces they do not
          own. Owners cannot access path-based apps they do not own by default.
          Path-based apps can make requests to the Coder API and pose a security
@ -455,14 +455,14 @@ workspaces stopping during the day due to template max TTL.
 [93mENTERPRISE OPTIONS:[0m 
 These options are only available in the Enterprise Edition.

-      [94m--[0m[94mbrowser-only[0m bool, [94m$CODER_BROWSER_ONLY[0m
+      [96m--[0m[96mbrowser-only[0m bool, [96m$CODER_BROWSER_ONLY[0m
          Whether Coder only allows connections to workspaces via the browser.

-      [94m--[0m[94mderp-server-relay-url[0m url, [94m$CODER_DERP_SERVER_RELAY_URL[0m
+      [96m--[0m[96mderp-server-relay-url[0m url, [96m$CODER_DERP_SERVER_RELAY_URL[0m
          An HTTP URL that is accessible by other replicas to relay DERP
          traffic. Required for high availability.

-      [94m--[0m[94mexternal-token-encryption-keys[0m string-array, [94m$CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS[0m
+      [96m--[0m[96mexternal-token-encryption-keys[0m string-array, [96m$CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS[0m
          Encrypt OIDC and Git authentication tokens with AES-256-GCM in the
          database. The value must be a comma-separated list of base64-encoded
          keys. Each key, when base64-decoded, must be exactly 32 bytes in
@ -472,7 +472,7 @@ These options are only available in the Enterprise Edition.
          process of rotating keys with the `coder server dbcrypt rotate`
          command.

-      [94m--[0m[94mscim-auth-header[0m string, [94m$CODER_SCIM_AUTH_HEADER[0m
+      [96m--[0m[96mscim-auth-header[0m string, [96m$CODER_SCIM_AUTH_HEADER[0m
          Enables SCIM and sets the authentication header for the built-in SCIM
          server. New users are automatically created with OIDC authentication.

--- a/enterprise/cli/testdata/coder_server_create-admin-user_--help.golden
+++ b/enterprise/cli/testdata/coder_server_create-admin-user_--help.golden
@ -7,27 +7,27 @@ coder v0.0.0-devel
  it to every organization.

 [93mOPTIONS:[0m
-      [94m--[0m[94memail[0m string, [94m$CODER_EMAIL[0m
+      [96m--[0m[96memail[0m string, [96m$CODER_EMAIL[0m
          The email of the new user. If not specified, you will be prompted via
          stdin.

-      [94m--[0m[94mpassword[0m string, [94m$CODER_PASSWORD[0m
+      [96m--[0m[96mpassword[0m string, [96m$CODER_PASSWORD[0m
          The password of the new user. If not specified, you will be prompted
          via stdin.

-      [94m--[0m[94mpostgres-url[0m string, [94m$CODER_PG_CONNECTION_URL[0m
+      [96m--[0m[96mpostgres-url[0m string, [96m$CODER_PG_CONNECTION_URL[0m
          URL of a PostgreSQL database. If empty, the built-in PostgreSQL
          deployment will be used (Coder must not be already running in this
          case).

-      [94m--[0m[94mraw-url[0m bool
+      [96m--[0m[96mraw-url[0m bool
          Output the raw connection URL instead of a psql command.

-      [94m--[0m[94mssh-keygen-algorithm[0m string, [94m$CODER_SSH_KEYGEN_ALGORITHM[0m (default: ed25519)
+      [96m--[0m[96mssh-keygen-algorithm[0m string, [96m$CODER_SSH_KEYGEN_ALGORITHM[0m (default: ed25519)
          The algorithm to use for generating ssh keys. Accepted values are
          "ed25519", "ecdsa", or "rsa4096".

-      [94m--[0m[94musername[0m string, [94m$CODER_USERNAME[0m
+      [96m--[0m[96musername[0m string, [96m$CODER_USERNAME[0m
          The username of the new user. If not specified, you will be prompted
          via stdin.

--- a/enterprise/cli/testdata/coder_server_dbcrypt_decrypt_--help.golden
+++ b/enterprise/cli/testdata/coder_server_dbcrypt_decrypt_--help.golden
@ -6,14 +6,14 @@ coder v0.0.0-devel
  Decrypt a previously encrypted database.

 [93mOPTIONS:[0m
-      [94m--[0m[94mkeys[0m string-array, [94m$CODER_EXTERNAL_TOKEN_ENCRYPTION_DECRYPT_KEYS[0m
+      [96m--[0m[96mkeys[0m string-array, [96m$CODER_EXTERNAL_TOKEN_ENCRYPTION_DECRYPT_KEYS[0m
          Keys required to decrypt existing data. Must be a comma-separated list
          of base64-encoded keys.

-      [94m--[0m[94mpostgres-url[0m string, [94m$CODER_PG_CONNECTION_URL[0m
+      [96m--[0m[96mpostgres-url[0m string, [96m$CODER_PG_CONNECTION_URL[0m
          The connection URL for the Postgres database.

-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/enterprise/cli/testdata/coder_server_dbcrypt_delete_--help.golden
+++ b/enterprise/cli/testdata/coder_server_dbcrypt_delete_--help.golden
@ -8,10 +8,10 @@ coder v0.0.0-devel
  Aliases: rm

 [93mOPTIONS:[0m
-      [94m--[0m[94mpostgres-url[0m string, [94m$CODER_EXTERNAL_TOKEN_ENCRYPTION_POSTGRES_URL[0m
+      [96m--[0m[96mpostgres-url[0m string, [96m$CODER_EXTERNAL_TOKEN_ENCRYPTION_POSTGRES_URL[0m
          The connection URL for the Postgres database.

-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/enterprise/cli/testdata/coder_server_dbcrypt_rotate_--help.golden
+++ b/enterprise/cli/testdata/coder_server_dbcrypt_rotate_--help.golden
@ -6,17 +6,17 @@ coder v0.0.0-devel
  Rotate database encryption keys.

 [93mOPTIONS:[0m
-      [94m--[0m[94mnew-key[0m string, [94m$CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_NEW_KEY[0m
+      [96m--[0m[96mnew-key[0m string, [96m$CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_NEW_KEY[0m
          The new external token encryption key. Must be base64-encoded.

-      [94m--[0m[94mold-keys[0m string-array, [94m$CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_OLD_KEYS[0m
+      [96m--[0m[96mold-keys[0m string-array, [96m$CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_OLD_KEYS[0m
          The old external token encryption keys. Must be a comma-separated list
          of base64-encoded keys.

-      [94m--[0m[94mpostgres-url[0m string, [94m$CODER_PG_CONNECTION_URL[0m
+      [96m--[0m[96mpostgres-url[0m string, [96m$CODER_PG_CONNECTION_URL[0m
          The connection URL for the Postgres database.

-  [94m-[0m[94my[0m, [94m--[0m[94myes[0m bool
+  [96m-[0m[96my[0m, [96m--[0m[96myes[0m bool
          Bypass prompts.

 ———
--- a/enterprise/cli/testdata/coder_server_postgres-builtin-serve_--help.golden
+++ b/enterprise/cli/testdata/coder_server_postgres-builtin-serve_--help.golden
@ -6,7 +6,7 @@ coder v0.0.0-devel
  Run the built-in PostgreSQL deployment.

 [93mOPTIONS:[0m
-      [94m--[0m[94mraw-url[0m bool
+      [96m--[0m[96mraw-url[0m bool
          Output the raw connection URL instead of a psql command.

 ———
--- a/enterprise/cli/testdata/coder_server_postgres-builtin-url_--help.golden
+++ b/enterprise/cli/testdata/coder_server_postgres-builtin-url_--help.golden
@ -6,7 +6,7 @@ coder v0.0.0-devel
  Output the connection URL for the built-in PostgreSQL deployment.

 [93mOPTIONS:[0m
-      [94m--[0m[94mraw-url[0m bool
+      [96m--[0m[96mraw-url[0m bool
          Output the raw connection URL instead of a psql command.

 ———