helm/coder-v2/coder 2.28.0

v2.28.0

on Artifact Hub

Changelog

BREAKING CHANGES

• Ensure consistent secret token generation and hashing (#20388, 13ca9ea) (@Emyrk)

  This change standardizes how Coder hashes secret tokens by switching OAuth2 tokens from salted userpassword. Hash to the same SHA256 hashing method used for API keys, improving consistency across all secret token types.
  This is a breaking change because existing OAuth2 tokens will no longer validate correctly after the update, but the impact is limited to OAuth2 functionality which is only available in dev builds and experimental features.

• Removed TaskAppID field from WorkspaceBuild API response in favor of new task data model (#20583, 7a97ebe) (@DanielleMaywood)

  This change removes the task_app_id field from the WorkspaceBuild API response, which was a temporary field that stored the task's workspace app ID directly in the workspace build object. Clients that were consuming this field from the API will need to instead fetch this information from the new dedicated Task data model via the Task API endpoints.

• AI Bridge is now stable - removed experimental flag and moved from /api/experimental/aibridge/* to /api/v2/aibridge/* (#20544, a119fe2) (@dannykopping)

  Removes the experimental flag for AI Bridge and promotes it to Stable. Update URL routes to /api/v2/aibridge/* for continued use of AI Bridge.

Features

Bridge

• Add AWS Bedrock support (#20507, d18441d) (@dannykopping)
• AI Bridge API endpoints are now stable and no longer experimental (#20523, 95f45b3) (@dannykopping)

CLI

• Add filtering by initiator to provisioner job listing in the CLI (#20137, d17dd5d) (@SasSwart)
• Add cli command scaletest dynamic-parameters (#20034, 65335bc) (@spikecurtis)
• Add provisioner tags to dynamic-parameters scaletest (#20435, 0f342ec) (@spikecurtis)
• Add scoped token support to CLI (#19985, cadf135) (@ThomasK33)
• CLI: Prompt for missing required template variables on template creation (#19973, bb58844) (@rafrdz)
• CLI: Warn user if setting autostart on workspace with template-level autostart (#20454, fb9d8e3) (@mtojek)
• CLI: Add dynamic completions for ssh command (#20171, 9780d02) (@matifali)
• AI Bridge CLI commands are now stable and no longer experimental (#20524, f5f17f9) (@dannykopping)

Dashboard

• Add remove task button into the tasks list (#20036, f23a6a1) (@BrunoQuaresma)
• Add workspace status on tasks (#20037, 6b61c8a) (@BrunoQuaresma)
• Select template version for tasks (#20146, 840afb2) (@BrunoQuaresma)
• Include latest build id in task responses (#20181, 23a44d1) (@BrunoQuaresma)
• Skip deprecated:false in templates search bar (#20274, 8ac5453) (@mtojek)
• Underline links in announcement banner for better visibility (#20166, 5119db3) (@app/blink-so)
• Improve template version select ux (#20347, a6461ab) (@BrunoQuaresma)
• Add copy on ctrl/command+shift+c and selection to web terminal (#20129, cbaa97c) (@code-asher)
• Add terminal in the task page (#20396, aa689cb) (@BrunoQuaresma)
• Add support buttons (#20339, f2a4105) (@mtojek)
• Add copyparty icon (#20440, 8daf4f3) (@DevelopmentCats)
• Dashboard: Make TaskPrompt PromptTextarea read-only when submitting (#20363, f6526b7) (@johnstcn)
• Added AI Governance page to view AI Bridge request interception logs (#20331, f5909e5) (@jakehwll)

Experimental Features

• Add allow_list to resource-scoped API tokens (#19964, ed90ecf) (@ThomasK33)
• Add allow list to API keys (#19972, f684831) (@ThomasK33)

MCP Server

• Add task create, list, status, and delete MCP tools (#19901, ebcfae2) (@code-asher)
• Add list_apps MCP tool (#19952, 94c76b9) (@code-asher)
• Add task send and logs MCP tools (#20230, 41de4ad) (@code-asher)

Server

• Add backoff to workspace agent polling (#20157, e8f0e3e) (@rafrdz)
• Mount pprof and metrics to /api/v2/debug for admins (#20353, 0652b18) (@deansheather)
• Implement oauth2 RFC 7009 token revocation endpoint (#20362, 4bd7c7b) (@Emyrk)
• Add an organization member permission level (#19953, 4f7b279) (@aslilac)
• Server: Add tasks rbac object (#20234, 299a54a) (@mafredri)
• Server: Implement task to app linking (#20237, a8f87c2) (@mafredri)
• Server: Add audit resource for tasks (#20301, 408b09a) (@mafredri)
• Server: Notify on task completion/failure (#20327, 0faee8e) (@johnstcn)
• Server: Add owner-related fields to tasks_with_status view (#20471, 659f89e) (@johnstcn)

Tasks

• Add remove task button into the tasks list (#20036, f23a6a1) (@BrunoQuaresma)
• Add workspace status on tasks (#20037, 6b61c8a) (@BrunoQuaresma)
• Add task create, list, status, and delete MCP tools (#19901, ebcfae2) (@code-asher)
• Select template version for tasks (#20146, 840afb2) (@BrunoQuaresma)
• Include latest build id in task responses (#20181, 23a44d1) (@BrunoQuaresma)
• Add task send and logs MCP tools (#20230, 41de4ad) (@code-asher)
• Add terminal in the task page (#20396, aa689cb) (@BrunoQuaresma)
• Dashboard: Make TaskPrompt PromptTextarea read-only when submitting (#20363, f6526b7) (@johnstcn)
• Server: Implement task to app linking (#20237, a8f87c2) (@mafredri)
• Server: Add audit resource for tasks (#20301, 408b09a) (@mafredri)
• Server: Notify on task completion/failure (#20327, 0faee8e) (@johnstcn)
• Server: Add owner-related fields to tasks_with_status view (#20471, 659f89e) (@johnstcn)
• Database: Add task status and status view (#20235, 952c69f) (@mafredri)
• Database: Add ListTasks query (#20282, 9f22937) (@johnstcn)
• Server: Add telemetry for database Tasks (#20279, dc6e50d) (@johnstcn)
• Tasks are now automatically deleted when their associated workspace is deleted (#20585, 73dedcc) (@johnstcn)
• Disable task notifications by default (#20518, a1e7e10) (@DanielleMaywood)

Templates

• Cancel pending prebuilds from non-active template versions (#20387, f6e86c6) (@ssncferreira)
• Provisioner: Warn when .terraform.lock.hcl is modified during init (#20451, 40e1784) (@mtojek)
• Improved prebuild membership reconciliation performance (#20555, 7e8fcb4) (@ssncferreira)
• Canceled pending prebuilds are now automatically deleted (#20554, c3e3bb5) (@ssncferreira)
• Add a dependency management graph for agents (#20208, 6c62136) (@SasSwart)

Bug fixes

• Check permission to update username (#20139, d93629b) (@mtojek)
• Add heartbeat to keep dynamic params websocket open (#20026, c517aab) (@rafrdz)
• Only show error once when failing to update org member roles (#20155, 2ec9be2) (@aslilac)
• Adjust workspace claims to be initiated by users (#20179, 544f155) (@SasSwart)
• Allow unhanger to unhang dormant workspaces (#20229, 8942b50) (@deansheather)
• Set default values for RevokeURL property in external auth configs (#20270, 847058c) (@pawbana)
• Add default value for RevokeURL property in external auth config for GitHub (#20272, 152103b) (@pawbana)
• Keep button in loading state after start request is made (#20294, 24dddd5) (@BrunoQuaresma)
• Select the correct version when template changes (#20293, 9861931) (@BrunoQuaresma)
• Avoid connection logging crashes in agent (#20307, 6c99d5e) (@deansheather)
• Use the selected version to check external auth (#20316, 91d4f8b) (@BrunoQuaresma)
• Clear prompt after task creation (#20344, 09a41f3) (@BrunoQuaresma)
• Use AvatarData in OAuth2AppsSettings (#20342, a833b7a) (@BrunoQuaresma)
• Improve options table reading (#20341, 838fbc1) (@BrunoQuaresma)
• Introduce dedicated queries for workspaces and workspace agents metrics (#19786, 141ef23) (@cstyan)
• Normalize oauth2 scope parsing (#20359, 251f787) (@ThomasK33)
• Retry embedded postgres port allocation (#20371, e73f9d3) (@zedkipp)
• Renumber api key allow list migration (#20457, c6e551f) (@ThomasK33)
• Fix URL parameter for task (#20463, cd0a284) (@BrunoQuaresma)
• Initialize pseudo console with default size for SSH sessions (#20472, b890930) (@fioan89)
• CLI: Use correct task status in list/status output (#20453, e8e31dc) (@mafredri)
• Server: Correct the name of the unmarshall error variable (#20150, 039fa89) (@yyefimov)
• Server: Prevent task working notification for first app status (#20313, ade3fce) (@johnstcn)
• Server: Support string type for oidc response's expires_in json property (#20152, 1c8ee5c) (@yyefimov)
• Database: Ensure task name uniqueness (#20236, 5dc57da) (@mafredri)
• Database: Add missing columns to tasks with status (#20311, 82945cf) (@mafredri)
• Database: Use transaction for workspace builder (#20506, c3cbd97) (@mafredri)
• Server: Pipe through task id and prompt (#20408, 5a31c59) (@DanielleMaywood)
• devcontainers: check if ssh folder exists in post_create (#19987, 8274251) (@mafredri)
• Provisioner: Use sidebar app id instead of app id (#20246, 5d66f1f) (@DanielleMaywood)
• Dashboard: Disable task prompt submit button when prompt empty (#20357, a1fa5c8) (@DanielleMaywood)
• Dashboard: Preserve file path when building template version (#20481, ed3d6fa) (@breadface)
• Dashboard: Fix react state violation in filetree create/update utils (#20483, 40fc337) (@DanielleMaywood)
• Fixed issue where workspace builds could be created on deleted workspaces (#20586, 3801701) (@johnstcn)
• Fixed Helm chart bug where RBAC resources were incorrectly rendered when workspacePerms=false (#20569, e909a99) (@rowansmithau)
• Fixed task link generation in workspace app status by adding task_id to workspace view (#20551, 1ebc217) (@johnstcn)
• Fixed incorrect audit log links for task resources (#20547, 566146a) (@johnstcn)
• Fixed lifecycle executor permissions to properly handle task workspaces during autostart/autostop (#20539, 6cb618c) (@DanielleMaywood)
• Fixed bug where preset selector would disappear when switching between templates (#20514, 45af387) (@DanielleMaywood)

Documentation

• Fix link to Grafana dashboard example for AI Bridge (#20205, 037e6f0) (@matifali)
• List tasks CLI docs in manifest.json (#20220, 6c5b741) (@david-fraley)
• Add documentation for upcoming Agent Boundary feature (#20099, 7973615) (@jcjiang)
• Add troubleshooting steps for prebuilt workspaces (#20231, 06db587) (@SasSwart)
• Add warning around macOS install (#20253, 2e45236) (@david-fraley)
• Create WIP 10k scale doc (#20213, ccf0b34) (@spikecurtis)
• Add base URLs and authentication section to AI Bridge (#20404, 823b14a) (@matifali)
• Edit Boundary documentation to reflect current functionality (#20403, da31a4b) (@jcjiang)
• Document location property for support links (#20445, 9061493) (@mtojek)
• Add comprehensive Web Terminal documentation (#20458, c301a0d) (@mtojek)
• Add description of dynamic parameters test (#20488, e720afa) (@spikecurtis)
• Update coder_token_lifetime description to include units and examples (#20516, cf93c34) (@david-fraley)
• Update notifications documentation to include task events (#20190, 6b72ef8) (@ssncferreira)
• Add documentation for exp CLI commands (#20019, fa82f84) (@johnstcn)
• Add external provisioner configuration for prebuilds (#20305, 09e2daf) (@ssncferreira)
• Improve prebuild provisioners section (#20321, 104aa19) (@ssncferreira)
• Update numbered lists to be consistent (#20350, ef51e7d) (@matifali)
• Fix 'prebuilds' system user typo (#20356, 14e8002) (@ssncferreira)
• Add missing provisionerd metrics to docs (#20358, c1f8465) (@ssncferreira)
• Add bridge documentation for early access (#20188, d0f434b) (@stirby)
• Add Audit Log purge advice (#20052, d63bb2c) (@dannykopping)
• Updated AI Bridge documentation to reflect stable status (#20521, d102f06) (@dannykopping)

Code refactoring

• Add wildcard scope entries for API key scopes (#20032, b60ae0a) (@ThomasK33)

Compare: v2.27.2...v2.28.0

Container image

• docker pull ghcr.io/coder/coder:v2.28.0

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.