1754 Commits

Author SHA1 Message Date
040fa30aba docs: update screenshots with new logo (#18830)
stage 1 of many

- new login screenshot
- remove unused platforms screenshots
- update [screenshots
doc](https://coder.com/docs/@2025-screenshots/about/screenshots)
- update [quickstart
doc](https://coder.com/docs/@2025-screenshots/tutorials/quickstart)

closes #18813 

<details><summary>list of screenshots with old logo or that are
outdated</summary>

|docs/images/|notes?|
|--|--|
|logo-black.png| |
|jupyter-notebook.png| |
|platforms/docker/login.png| |
|platforms/docker/create-workspace.png| |
|platforms/docker/ides.png| |
|platforms/gcp/marketplace.png| |
|platforms/gcp/start.png| |
|platforms/aws/aws-linux.png| |
|platforms/aws/marketplace.png| |
|platforms/kubernetes/template-variables.png| |
|platforms/kubernetes/region-picker.png| |
|platforms/kubernetes/starter-template.png| |
|install/windows-installer.png| |
|install/homebrew.png| |
|screenshots/create-template.png| |
|screenshots/login.png| |
|screenshots/starter_templates.png| |
|screenshots/settings.png| |
|screenshots/audit.png| |
|screenshots/workspace-running-with-topbar.png| |
|screenshots/workspaces_listing.png| |
|screenshots/templates_listing.png| |
|screenshots/welcome-create-admin-user.png| |
|screenshots/workspace_launch.png| |
|screenshots/templates_insights.png| |
|screenshots/healthcheck.png| |
|screenshots/terraform.png| |
|deploy-pr-manually.png| |
|workspace-update.png| |
|custom-app.png| |
|code-server.png| |
|networking/annotatedports.png| |
|networking/portsharingmax.png| |
|networking/portforwarddashboard.png| |
|networking/listeningports.png| |
|agent-metadata.png| |
|jupyter.png| |
|admin/service-banner-maintenance.png| |
|admin/provisioner-tags.png| |
|admin/github-app-register.png| |
|admin/licenses/licenses-screen.png| |
|admin/licenses/licenses-nolicense.png| |
|admin/licenses/add-license-ui.png| |
|admin/service-banner-config.png| |
|admin/group-allowlist.png| |
|admin/networking/workspace-proxies/ws-proxy-picker.png| |
|admin/setup/appearance/application-name-logo-url.png| |
|admin/setup/appearance/announcement_banner_settings.png| |
|admin/setup/appearance/support-links.png| |
|admin/setup/appearance/service-banner-secret.png| |
|admin/quota-buildlog.png| |
|admin/integrations/kube-region-picker.png| |
|admin/integrations/coder-logstream-kube-logs-wrong-image.png| |
|admin/integrations/coder-logstream-kube-logs-pod-crashed.png| |
|admin/integrations/coder-logstream-kube-logs-normal.png| |
|admin/integrations/coder-logstream-kube-logs-quota-exceeded.png| |
|admin/git-auth-template.png| |
|admin/github-app-install.png| |
|admin/users/organizations/role-sync.png| |
|admin/users/organizations/group-sync-empty.png| |
|admin/users/organizations/workspace-list.png| |
|admin/users/organizations/new-organization.png| |
|admin/users/organizations/role-sync-empty.png| |
|admin/users/organizations/template-org-picker.png| |
|admin/users/organizations/organization-members.png| |
|admin/users/organizations/org-dropdown-create.png| |
|admin/users/organizations/default-organization-settings.png| |
|admin/users/organizations/group-sync.png| |
|admin/users/organizations/idp-org-sync.png| |
|admin/users/organizations/admin-settings-orgs.png| |
|admin/users/organizations/custom-roles.png| |
|admin/users/quotas/quota-groups.png| |
|admin/users/create-token.png| |
|admin/users/headless-user.png| |
|admin/provisioners/provisioner-jobs.png| |
|admin/github-app-permissions.png| |
|admin/templates/coder-apps-ui.png| |
|admin/templates/starter-templates.png| |
|admin/templates/create-template.png| |
|admin/templates/schedule/template-schedule-settings.png| |
|admin/templates/schedule/user-quiet-hours.png| |
|admin/templates/coder-metadata-ui.png| |
|admin/templates/duplicate-menu.png| |
|admin/templates/agent-metadata-ui.png| |
|admin/templates/troubleshooting/workspace-build-timings-ui.png| |
|admin/templates/duplicate-page.png| |
|admin/templates/new-duplicate-template.png| |
|admin/templates/import-template.png| |

|admin/templates/extend-templates/prebuilt/replacement-notification.png|
|
|admin/templates/extend-templates/prebuilt/prebuilt-workspaces.png| |

|admin/templates/extend-templates/dyn-params/dynamic-params-compare.png|
|

|admin/templates/extend-templates/dyn-params/enable-dynamic-parameters.png|
|
|admin/templates/extend-templates/template-preset-dropdown.png| |
|admin/monitoring/health-check.png| |
|admin/monitoring/logstream-kube.png| |
|admin/monitoring/notifications/user-notification-preferences.png| |
|admin/monitoring/notifications/notification-admin-prefs.png| |
|admin/workspace-proxy-picker.png| |
|admin/admin-settings-general.png| |
|admin/deployment-id-copy-clipboard.png| |
|icons-gallery.png| |
|start/setup-page.png| |
|start/workspace-schedule-settings.png| |
|start/build-template.png| |
|start/starter-templates.png| |
|start/create-template.png| |
|start/create-workspace.png| |
|start/template-preview.png| |
|start/blank-workspaces.png| |
|start/template-source-code.png| |
|start/first-template.png| |
|start/workspace-ready.png| |
|start/template-edit-source-code.png| |
|start/template-publish.png| |
|start/starter-templates-annotated.png| |
|display-apps.png| |
|workspace-automatic-updates.png| |
|workspaces/autostop.png| |
|workspaces/autostart.png| |
|create-workspace-from-templates-ui.png| |
|ide-row.png| |
|editors.png| |
|delete-template.png| |
|logo-white.png| |
|template-rbac.png| |
|coderapp-port-forward.png| |
|user-guides/terminal-access.png| |
|user-guides/workspace-bulk-actions.png| |
|user-guides/devcontainers/devcontainer-agent-ports.png| |
|user-guides/devcontainers/devcontainer-web-terminal.png| |
|user-guides/create-workspace-ui.png| |
|user-guides/workspace-view-connection-annotated.png| |
|user-guides/remote-desktops/web-rdp-demo.png| |
|user-guides/remote-desktops/amazon-dcv-windows-demo.png| |
|user-guides/desktop/coder-desktop-file-sync-add.png| |
|user-guides/desktop/coder-desktop-session-token.png| |
|user-guides/desktop/coder-desktop-win-pre-sign-in.png| |
|user-guides/desktop/coder-desktop-file-sync-conflicts-mouseover.png| |
|user-guides/desktop/coder-desktop-mac-pre-sign-in.png| |
|user-guides/desktop/coder-desktop-file-sync-watching.png| |
|user-guides/desktop/coder-desktop-win-enable-coder-connect.png| |
|user-guides/desktop/coder-desktop-sign-in.png| |
|user-guides/desktop/coder-desktop-file-sync.png| |
|user-guides/desktop/coder-desktop-file-sync-staging.png| |
|user-guides/desktop/chrome-insecure-origin.png| |
|user-guides/desktop/coder-desktop-workspaces.png| |
|user-guides/jetbrains/toolbox/workspaces.png| |
|user-guides/jetbrains/toolbox/install.png| |
|user-guides/jetbrains/toolbox/login-token.png| |
|user-guides/jetbrains/toolbox/login-url.png| |
|user-guides/schedule-settings-workspace.png| |
|user-guides/dotfiles-module.png| |
|user-guides/workspace-list-ui.png| |
|user-guides/workspace-settings-location.png| |
|template-variables.png| |
|ides/code-web-extensions.png| |
|ides/copilot.png| |
|architecture-multi-region.png| |
|external-apps.png| |
|guides/ai-agents/tasks-ui.png| |
|guides/ai-agents/duplicate.png| |
|guides/ai-agents/landing.png| |
|guides/ai-agents/workspace-page.png| |
|guides/ai-agents/realworld-ui.png| |
|guides/xray-integration/example.png| |
|guides/using-organizations/workspace-list.png| |
|guides/using-organizations/new-organization.png| |
|guides/using-organizations/template-org-picker.png| |
|guides/using-organizations/deployment-organizations.png| |
|guides/using-organizations/organization-members.png| |
|readme-logos.png| |
|metadata-ui.png| |
|secret-metadata-ui.png| |
|projector-intellij.png| |
|schedule.png| |
|ssh-keys.png| |
|template-scheduling.png| |
|templates/general-settings.png| |
|templates/build-template.png| |
|templates/update.png| |
|templates/starter-templates.png| |
|templates/create-template.png| |
|templates/select-template.png| |
|templates/pre-filled-parameters.png| |
|templates/source-code.png| |
|templates/upload-create-your-first-template.png| |
|templates/create-workspace.png| |
|templates/edit-source-code.png| |
|templates/permissions.png| |
|templates/coder-session-token.png| |
|templates/starter-templates-button.png| |
|templates/template-tour.png| |
|templates/edit-files.png| |
|templates/workspace-ready.png| |
|templates/template-menu-settings.png| |
|templates/workspace-apps.png| |
|templates/coder-login-web.png| |
|templates/new-workspace.png| |
|templates/template-variables.png| |
|templates/use-template.png| |
|templates/healthy-workspace-agent.png| |
|templates/update-policies.png| |
|templates/upload-create-template-form.png| |
|templates/develop-in-docker-template.png| |
|templates/publish.png| |
|templates/devcontainers.png| |
|templates/create-template-permissions.png| |
|port-forward-dashboard.png| |
|creating-workspace-ui.png| |
|parameters.png| |
|best-practice/build-timeline.png| |
|file-browser.png| |
|architecture-single-region.png| |
|gateway/plugin-settings-marketplace.png| |
|gateway/plugin-session-token.png| |
|gateway/plugin-connect-to-coder.png| |
|gateway/plugin-select-ide.png| |
|gateway/plugin-ide-list.png| |
|hero-image.png| |

</details>

---------

Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
2025-07-10 16:01:20 -04:00
b882d46d91 docs: fix relative links in about/contributing (#18818)
hotfix

---------

Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
2025-07-09 20:04:48 +00:00
3c2f3d640b chore: remove dbmem (#18803)
Remove the in-memory database. Addresses #15109.
2025-07-09 09:46:31 +02:00
39ed0c32e6 docs: simplify PostgreSQL setup by using 'postgresql' as release name (#18754)
Fixes #18751

Use `postgresql` as the Helm release name instead of `coder-db` to make
the service name more intuitive and eliminate confusion entirely.

## Changes
- Changed `helm install coder-db bitnami/postgresql` to `helm install
postgresql bitnami/postgresql`
- Updated PostgreSQL URLs from
`coder-db-postgresql.coder.svc.cluster.local` to
`postgresql.coder.svc.cluster.local`
- Removed explanatory notes about service naming (no longer needed)

## Benefits
 Makes examples work out-of-the-box for most users
 Uses the most straightforward and intuitive release name
 Eliminates confusion about service naming entirely
 Simpler documentation without complex explanations

## Testing
- Verified that `helm install postgresql bitnami/postgresql` creates
service named `postgresql`
- Confirmed this approach works with the connection URL
`postgresql.coder.svc.cluster.local`

Suggested by @EdwardAngert as a cleaner solution than explaining the
service naming dependency.

---------

Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: matifali <10648092+matifali@users.noreply.github.com>
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
Co-authored-by: Edward Angert <EdwardAngert@users.noreply.github.com>
2025-07-08 13:20:15 -04:00
10c1e36fff feat: add publishing of helm charts to ghcr registry (#18316) 2025-07-08 22:19:12 +05:00
5f50dcce5a feat(cli): improve devcontainer support for coder show (#18793)
Fixes coder/internal#747
2025-07-08 16:16:00 +00:00
211393a69c fix: exclude prebuilt workspaces from lifecycle executor (#18762)
## Description

This PR updates the lifecycle executor to explicitly exclude prebuilt
workspaces from being considered for lifecycle operations such as
`autostart`, `autostop`, `dormancy`, `default TTL` and `failure TTL`.

Prebuilt workspaces (i.e., those owned by the prebuild system user) are
handled separately by the prebuild reconciliation loop. Including them
in the lifecycle executor could lead to unintended behavior such as
incorrect scheduling or state transitions.

## Changes

* Updated the lifecycle executor query
`GetWorkspacesEligibleForTransition` to exclude workspaces with
`owner_id = 'c42fdf75-3097-471c-8c33-fb52454d81c0'` (prebuilds).
* Added tests to verify prebuilt workspaces are not considered in:
  * Autostop
  * Autostart
  * Default TTL
  * Dormancy
  * Failure TTL

Fixes: https://github.com/coder/coder/issues/18740
Related to: https://github.com/coder/coder/issues/18658
2025-07-08 11:35:28 +01:00
8202514ce0 feat!: add ability to cancel pending workspace build (#18713)
Closes #17791 

This PR adds ability to cancel workspace builds that are in "pending"
status.

Breaking changes:
- CancelWorkspaceBuild method in codersdk now accepts an optional
request parameter

API:
- Added `expect_status` query parameter to the cancel workspace build
endpoint
- This parameter ensures the job hasn't changed state before canceling
- API returns `412 Precondition Failed` if the job is not in the
expected status
- Valid values: `running` or `pending`
- Wrapped the entire cancel method in a database transaction

UI:
- Added confirmation dialog to the `Cancel` button, since it's a
destructive operation

![image](https://github.com/user-attachments/assets/437aa5f4-5669-45b6-82a0-e46f277114bf)

![image](https://github.com/user-attachments/assets/423b5cb1-a4fb-4a10-933b-c1c73f4b838c)


- Enabled cancel action for pending workspaces (`expect_status=pending`
is sent if workspace is in pending status)

![image](https://github.com/user-attachments/assets/32d35ff1-12e6-4f7b-9f6c-fde9da9de6cf)

---------

Co-authored-by: Dean Sheather <dean@deansheather.com>
2025-07-08 11:02:58 +02:00
2f42b64182 docs: update dynamic parameters for beta release (#18512)
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
Co-authored-by: Stephen Kirby <kirby@coder.com>
Co-authored-by: Stephen Kirby <58410745+stirby@users.noreply.github.com>
Co-authored-by: Atif Ali <atif@coder.com>
Co-authored-by: Jaayden Halko <jaayden.halko@gmail.com>
Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
Co-authored-by: Thomas Kosiewski <tk@coder.com>
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: bpmct <22407953+bpmct@users.noreply.github.com>
Co-authored-by: Bruno Quaresma <bruno@coder.com>
Co-authored-by: BrunoQuaresma <3165839+BrunoQuaresma@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Ethan <39577870+ethanndickson@users.noreply.github.com>
Co-authored-by: kylecarbs <7122116+kylecarbs@users.noreply.github.com>
Co-authored-by: Ben Potter <ben@coder.com>
Co-authored-by: Hugo Dutka <hugo@coder.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: ケイラ <mckayla@hey.com>
2025-07-07 19:46:34 -05:00
83192e2462 docs: restore missing AI agent images to fix 404 errors (#18780)
Fixes #18767

This PR restores the missing `landing.png` and `duplicate.png` images
that were accidentally deleted in commit
b26c9e2432.

## Problem
The images were deleted during a documentation restructure, but external
links and cached website content are still referencing these image URLs,
causing 404 errors:
-
`https://raw.githubusercontent.com/coder/coder/main/docs/images/guides/ai-agents/landing.png`
-
`https://raw.githubusercontent.com/coder/coder/main/docs/images/guides/ai-agents/duplicate.png`

## Solution
Restore the original images from the git history to maintain backward
compatibility for external references while preserving the current
documentation structure.

## Testing
 Verified images are restored to correct location
 Confirmed file sizes match original images
 No conflicts with current documentation structure

Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: kylecarbs <7122116+kylecarbs@users.noreply.github.com>
2025-07-07 19:48:10 -04:00
f2983164f5 chore: fix some small groups and acl typos (#18732)
- Add `format:"uri"` to `Group.AvatarURL` (matches `User.AvatarURL`
field)
- `<user_id>` and `<group_id>` were backwards in the `example:` tags
- The `@Success` annotation for `/acl [get]` had an incorrect type
2025-07-07 11:01:17 -06:00
e3627fd562 docs: fix markdown in Windsurf doc (#18753)
hotfix


[preview](https://coder.com/docs/@18705-windsurf-md/user-guides/workspace-access/windsurf)

Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
2025-07-07 18:52:19 +05:00
1e715e2f66 chore: add suggestions to the tasks docs (#18766) 2025-07-07 09:15:53 -04:00
b26c9e2432 feat: update tasks docs (#18659)
Preview: https://coder.com/docs/@tasks-docs/ai-coder

---------

Co-authored-by: Hugo Dutka <hugo@coder.com>
2025-07-07 08:21:59 -04:00
aad14b8a6b docs: add RDP desktop button gif (#18758)
Forgot to add this in #18716
2025-07-06 20:15:37 +05:00
ca13b58d57 docs: reorganize remote desktop docs (#18716)
- Reorganize each option in two sections: Web and Desktop Client
- Moves the warning about UDP connections to the bottom
- Move Coder Desktop as the first option
- Links the Coder Desktop RDP module

Preview:
https://coder.com/docs/@remote-desktop-module/user-guides/workspace-access/remote-desktops
2025-07-06 15:46:15 +05:00
02372caf92 docs: align feature stages for July release (#18752)
some of these changes might also be in other PRs, but hopefully this
doesn't cause any merge conflicts

closes #18197

---------

Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
2025-07-04 09:34:49 -04:00
7fbb3ced5b feat: add MCP HTTP server experiment and improve experiment middleware (#18712)
# Add MCP HTTP Server Experiment

This PR adds a new experiment flag `mcp-server-http` to enable the MCP HTTP server functionality. The changes include:

1. Added a new experiment constant `ExperimentMCPServerHTTP` with the value "mcp-server-http"
2. Added display name and documentation for the new experiment
3. Improved the experiment middleware to:
   - Support requiring multiple experiments
   - Provide better error messages with experiment display names
   - Add a development mode bypass option
4. Applied the new experiment requirement to the MCP HTTP endpoint
5. Replaced the custom OAuth2 middleware with the standard experiment middleware

The PR also improves the `Enabled()` method on the `Experiments` type by using `slices.Contains()` for better readability.
2025-07-03 20:09:18 +02:00
15551541e8 feat: add OAuth2 provider functionality as an experiment (#18692)
# Add OAuth2 Provider Functionality as an Experiment

This PR adds a new experiment flag `oauth2` that enables OAuth2 provider functionality in Coder. When enabled, this experiment allows Coder to act as an OAuth2 provider.

The changes include:
- Added the new `ExperimentOAuth2` constant with appropriate documentation
- Updated the OAuth2 provider middleware to check for the experiment flag
- Modified the error message to indicate that the OAuth2 provider requires enabling the experiment
- Added the new experiment to the known experiments list in the SDK

Previously, OAuth2 provider functionality was only available in development mode. With this change, it can be enabled in production environments by activating the experiment.
2025-07-03 19:44:29 +02:00
494dccc510 feat: implement MCP HTTP server endpoint with authentication (#18670)
# Add MCP HTTP server with streamable transport support

- Add MCP HTTP server with streamable transport support
- Integrate with existing toolsdk for Coder workspace operations
- Add comprehensive E2E tests with OAuth2 bearer token support
- Register MCP endpoint at /api/experimental/mcp/http with authentication
- Support RFC 6750 Bearer token authentication for MCP clients

Change-Id: Ib9024569ae452729908797c42155006aa04330af
Signed-off-by: Thomas Kosiewski <tk@coder.com>
2025-07-03 19:27:41 +02:00
74e1d5c4b6 feat: implement OAuth2 dynamic client registration (RFC 7591/7592) (#18645)
# Implement OAuth2 Dynamic Client Registration (RFC 7591/7592)

This PR implements OAuth2 Dynamic Client Registration according to RFC 7591 and Client Configuration Management according to RFC 7592. These standards allow OAuth2 clients to register themselves programmatically with Coder as an authorization server.

Key changes include:

1. Added database schema extensions to support RFC 7591/7592 fields in the `oauth2_provider_apps` table
2. Implemented `/oauth2/register` endpoint for dynamic client registration (RFC 7591)
3. Added client configuration management endpoints (RFC 7592):
   - GET/PUT/DELETE `/oauth2/clients/{client_id}`
   - Registration access token validation middleware

4. Added comprehensive validation for OAuth2 client metadata:
   - URI validation with support for custom schemes for native apps
   - Grant type and response type validation
   - Token endpoint authentication method validation

5. Enhanced developer documentation with:
   - RFC compliance guidelines
   - Testing best practices to avoid race conditions
   - Systematic debugging approaches for OAuth2 implementations

The implementation follows security best practices from the RFCs, including proper token handling, secure defaults, and appropriate error responses. This enables third-party applications to integrate with Coder's OAuth2 provider capabilities programmatically.
2025-07-03 18:33:47 +02:00
7d412c2272 feat(examples/templates): add docker-devcontainer template and rename envbuilder template (#18741)
This change adds a new `docker-devcontainer` template which allows you
to provision a workspace running in Docker, that also creates workspaces
via Docker running inside (DinD).

- **chore(examples/templates): rename `docker-devcontainer` to
`docker-envbuilder`**
- **feat(examples/templates): add `docker-devcontainer` example
template**
2025-07-03 15:50:08 +03:00
351745752b docs: update release calendar with 2.24 release (#18742) 2025-07-03 11:20:16 +00:00
6db6f48300 chore: fix broken link in docs (#18733)
Fixes the "Helm README" link on
https://coder.com/docs/install/kubernetes so it goes to the right path.

Side note: I don't see any content in
https://coder.com/docs/about/contributing/documentation about to whom
such a PR should be assigned, if any. Edward was suggested and I see
you've worked on other PR's with the `docs` label, so going with that.
2025-07-02 22:34:29 -04:00
33bbf18a4b feat: add OAuth2 protected resource metadata endpoint for RFC 9728 (#18643)
# Add OAuth2 Protected Resource Metadata Endpoint

This PR implements the OAuth2 Protected Resource Metadata endpoint according to RFC 9728. The endpoint is available at `/.well-known/oauth-protected-resource` and provides information about Coder as an OAuth2 protected resource.

Key changes:
- Added a new endpoint at `/.well-known/oauth-protected-resource` that returns metadata about Coder as an OAuth2 protected resource
- Created a new `OAuth2ProtectedResourceMetadata` struct in the SDK
- Added tests to verify the endpoint functionality
- Updated API documentation to include the new endpoint

The implementation currently returns basic metadata including the resource identifier and authorization server URL. The `scopes_supported` field is empty until a scope system based on RBAC permissions is implemented. The `bearer_methods_supported` field is omitted as Coder uses custom authentication methods rather than standard RFC 6750 bearer tokens.

A TODO has been added to implement RFC 6750 bearer token support in the future.
2025-07-02 18:58:41 +02:00
01163ea57b feat: allow users to pause prebuilt workspace reconciliation (#18700)
This PR provides two commands:
* `coder prebuilds pause`
* `coder prebuilds resume`

These allow the suspension of all prebuilds activity, intended for use
if prebuilds are misbehaving.
2025-07-02 15:05:42 +00:00
4072d228c5 feat: support dynamic parameters on create template request (#18636)
Future work is to add this checkbox to the UI to opt into dynamic
parameters from the first template create.
2025-07-02 09:44:01 -05:00
91aa583ea4 docs: mention Windsurf module in Windsurf documentation (#18715)
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: bpmct <22407953+bpmct@users.noreply.github.com>
2025-07-02 19:13:35 +05:00
0b8ed9c2bd docs: move the duplicate Coder Desktop install warning to Troubleshooting (#18691)
Co-authored-by: Edward Angert <EdwardAngert@users.noreply.github.com>
2025-07-02 11:22:58 +00:00
0b82f41a24 feat: allow masking workspace parameter inputs (#18595) 2025-07-01 16:27:43 -06:00
ab254adfb9 docs: add section about how to disable path based apps to security best practices (#18419)
add a new section specifically about how to disable path-based apps to
the security best practices doc

## todo

- [x] copy review
- [x] cross-linking

---------

Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
Co-authored-by: Dean Sheather <dean@deansheather.com>
2025-07-01 13:18:47 -04:00
6f2834f62a feat: oauth2 - add authorization server metadata endpoint and PKCE support (#18548)
## Summary

  This PR implements critical MCP OAuth2 compliance features for Coder's authorization server, adding PKCE support, resource parameter handling, and OAuth2 server metadata discovery. This brings Coder's OAuth2 implementation significantly closer to production readiness for MCP (Model Context Protocol)
  integrations.

  ## What's Added

  ### OAuth2 Authorization Server Metadata (RFC 8414)
  - Add `/.well-known/oauth-authorization-server` endpoint for automatic client discovery
  - Returns standardized metadata including supported grant types, response types, and PKCE methods
  - Essential for MCP client compatibility and OAuth2 standards compliance

  ### PKCE Support (RFC 7636)
  - Implement Proof Key for Code Exchange with S256 challenge method
  - Add `code_challenge` and `code_challenge_method` parameters to authorization flow
  - Add `code_verifier` validation in token exchange
  - Provides enhanced security for public clients (mobile apps, CLIs)

  ### Resource Parameter Support (RFC 8707)
  - Add `resource` parameter to authorization and token endpoints
  - Store resource URI and bind tokens to specific audiences
  - Critical for MCP's resource-bound token model

  ### Enhanced OAuth2 Error Handling
  - Add OAuth2-compliant error responses with proper error codes
  - Use standard error format: `{"error": "code", "error_description": "details"}`
  - Improve error consistency across OAuth2 endpoints

  ### Authorization UI Improvements
  - Fix authorization flow to use POST-based consent instead of GET redirects
  - Remove dependency on referer headers for security decisions
  - Improve CSRF protection with proper state parameter validation

  ## Why This Matters

  **For MCP Integration:** MCP requires OAuth2 authorization servers to support PKCE, resource parameters, and metadata discovery. Without these features, MCP clients cannot securely authenticate with Coder.

  **For Security:** PKCE prevents authorization code interception attacks, especially critical for public clients. Resource binding ensures tokens are only valid for intended services.

  **For Standards Compliance:** These are widely adopted OAuth2 extensions that improve interoperability with modern OAuth2 clients.

  ## Database Changes

  - **Migration 000343:** Adds `code_challenge`, `code_challenge_method`, `resource_uri` to `oauth2_provider_app_codes`
  - **Migration 000343:** Adds `audience` field to `oauth2_provider_app_tokens` for resource binding
  - **Audit Updates:** New OAuth2 fields properly tracked in audit system
  - **Backward Compatibility:** All changes maintain compatibility with existing OAuth2 flows

  ## Test Coverage

  - Comprehensive PKCE test suite in `coderd/identityprovider/pkce_test.go`
  - OAuth2 metadata endpoint tests in `coderd/oauth2_metadata_test.go`
  - Integration tests covering PKCE + resource parameter combinations
  - Negative tests for invalid PKCE verifiers and malformed requests

  ## Testing Instructions

  ```bash
  # Run the comprehensive OAuth2 test suite
  ./scripts/oauth2/test-mcp-oauth2.sh

  Manual Testing with Interactive Server

  # Start Coder in development mode
  ./scripts/develop.sh

  # In another terminal, set up test app and run interactive flow
  eval $(./scripts/oauth2/setup-test-app.sh)
  ./scripts/oauth2/test-manual-flow.sh
  # Opens browser with OAuth2 flow, handles callback automatically

  # Clean up when done
  ./scripts/oauth2/cleanup-test-app.sh

  Individual Component Testing

  # Test metadata endpoint
  curl -s http://localhost:3000/.well-known/oauth-authorization-server | jq .

  # Test PKCE generation
  ./scripts/oauth2/generate-pkce.sh

  # Run specific test suites
  go test -v ./coderd/identityprovider -run TestVerifyPKCE
  go test -v ./coderd -run TestOAuth2AuthorizationServerMetadata
```

  ### Breaking Changes

  None. All changes maintain backward compatibility with existing OAuth2 flows.

---

Change-Id: Ifbd0d9a543d545f9f56ecaa77ff2238542ff954a
Signed-off-by: Thomas Kosiewski <tk@coder.com>
2025-07-01 15:39:29 +02:00
dbfbef6ecb chore(cli): increase reconciliation interval to 1 minute (#18690)
Increase prebuilds reconciliation and backoff interval to 1 minute by
default.
2025-07-01 14:35:02 +01:00
57a6d59d8d docs: add warning about prebuilds incompatibility with certain features (#18689)
## Description

This PR adds a warning to the prebuilds documentation about
incompatibility with Workspace schedule (autostart/autostop), dormancy,
and DevContainers. These configurations can interfere with prebuild
behavior and should be avoided for now.

Preview:
![Screenshot 2025-07-01 at 12 58
02](https://github.com/user-attachments/assets/e1a837de-b66c-4414-bd0b-471474b43b84)
2025-07-01 13:59:07 +01:00
74e1953619 docs: bitnami/postgresql primary prefix for persistence.size config key (#18446)
The `bitnami/postgresql`chart doesn't have a value with key
`persistence.size`. The correct value key which control the size of the
PVC is `primary.persistence.size`.

See:
-
https://github.com/bitnami/charts/blob/postgresql/16.7.12/bitnami/postgresql/values.yaml
- The JSON schema,
[`values.schema.json`](https://github.com/bitnami/charts/blob/postgresql/16.7.12/bitnami/postgresql/values.schema.json)
of the
[`values.yaml`](https://github.com/bitnami/charts/blob/postgresql/16.7.12/bitnami/postgresql/values.yaml)
included in the chart is out of sync.
https://github.com/bitnami/readme-generator-for-helm/issues/142
2025-06-30 16:55:57 -04:00
4756080eb2 feat(site): display devcontainer start error (#18637)
Fixes https://github.com/coder/internal/issues/705

Surface errors on the UI when a devcontainer agent is unable to be
injected.
2025-06-30 21:34:29 +01:00
715c7b0c24 chore: correct RD limitation comment (#18668)
subj
2025-06-30 22:46:00 +05:00
b1e8d5d5e0 docs: remove beta label from Coder Desktop (#18651)
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: Edward Angert <EdwardAngert@users.noreply.github.com>
2025-06-30 21:23:09 +05:00
d4208d23aa refactor: show icons for multi-select parameter options (#18594) 2025-06-27 10:54:47 -06:00
d26d0fc269 docs: edit descriptions in ai-coder section (#18373)
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
2025-06-27 12:09:02 +00:00
7a3a6d4d26 chore: update README logos (#18619) 2025-06-26 19:27:17 +00:00
c6e0ba12d3 feat: graduate prebuilds to general availability (#18607)
This PR removes the prebuilds experiment and allows the use of prebuilds
without opting into an experiment.
2025-06-26 15:54:52 +02:00
f2d229eed3 fix!: use devcontainer ID when rebuilding a devcontainer (#18604)
This PR replaces the use of the **container** ID with the
**devcontainer** ID. This is a breaking change. This allows rebuilding a
devcontainer when there is no valid container ID.
2025-06-26 11:41:57 +01:00
fb0e7a21a7 docs: add Coder Desktop to remote desktop docs (#18326)
Co-authored-by: Spike Curtis <spike@coder.com>
2025-06-26 11:16:41 +05:00
072c81cd73 docs: remove nested alerts (#18580)
hotfix

removes nested gfm alerts, which is a known ~issue~ feature
https://github.com/orgs/community/discussions/16925#discussioncomment-12043928

Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
2025-06-25 15:17:49 +00:00
688d2ee3eb chore: remove chats experiment (#18535) 2025-06-25 13:03:32 +00:00
b5316d2b42 docs: fix a warning alert type on toolbox docs (#18560) 2025-06-25 08:21:12 +00:00
4ff2254e5f chore: remove ai tasks from experiment (#18511)
Closes https://github.com/coder/internal/issues/661
2025-06-24 16:24:01 +02:00
0238f2926d feat: persist AI task state in template imports & workspace builds (#18449) 2025-06-24 10:36:37 +00:00
6cc4cfa346 feat: allow for default presets (#18445) 2025-06-24 12:19:19 +02:00