helm/coder-v2/coder 2.32.0

v2.32.0

on Artifact Hub

Changelog

BREAKING CHANGES

• chore!: remove members' ability to read their own AI Bridge interceptions (#23320)

  Regular users (non-owners, non-auditors) can no longer read AI Bridge interception data, including their own. Only owners and auditors retain read access. This tightens the RBAC surface to prevent insiders from observing what data is tracked.

• fix(cli)!: coder groups list -o json output structure changed (#22923)

  The JSON output is now a flat structure matching other coder list -o json commands. Previously this command returned empty zero-value structs due to a bug, so no working consumer of the old format could exist.

DEPRECATIONS

• AI Gateway (previously known as AI Bridge): injected MCP tools are now deprecated (#23031); this feature will remain functional but will be replaced with an MCP Gateway in a future release.

Features

Coder Agents

Coder Agents is newly introduced in Early Access. See our getting started guide to enable and start using it.

• Voice-to-text input in agent chat (#23022)
• Pinned chats with drag-to-reorder in the sidebar (#23615)
• Chat cost analytics dashboard for admins — tracks spend, model usage, and trends (#23037, #23215)
• PR Insights analytics dashboard — shows PRs created/merged by AI agents, merge rates, lines shipped, cost per merged PR (#23215)
• Agent desktop recordings — record and replay agent desktop sessions (#23894, #23895)
• Per-chat system prompt override per conversation (#24053)
• Chat spend limits with inline usage indicator (#23071, #23072) — configurable via platform controls
• Per-user per-model compaction threshold overrides (#23412)
• Skills — agents read context files and discover skills locally; skills persist as message parts (#23935, #23748) — see extending agents
• Suffix-based agent selection — select an agent model by name suffix (#23741)
• Provider key policies and per-user provider settings (#23751) — see models & providers
• Manual chat title regeneration (#23633)
• Chat read/unread indicator in sidebar (#23129)
• Chat labels (#23594)
• Workspace and agent badges in chat top bar and workspace list (#23964, #23453)
• File/image attachments in chat input; large pasted text auto-converts to file attachments (#22604, #23379)
• Inline file reference rendering in user messages (#23131)
• propose_plan tool for markdown plan proposals (#23452)
• Provider-native web search tools in agent chats (#22909)
• Workspace awareness system message automatically included on chat creation (#23213)
• Workspace TTL automatically extended on chat heartbeat (#23314)
• Global chat workspace TTL deployment-wide setting (#23265)
• Template allowlist for chats — restrict which templates agents can create workspaces from (#23262)
• Chat-access site-wide role to gate chat creation (#23724)
• Collapsible archived agents section in sidebar (#22551)
• Scroll-to-bottom button, keyboard shortcuts, and ArrowUp to edit last message in agent chat (#23212, #22417, #23705)
• Diff viewer with word-level inline highlighting and intra-file virtualization (#23423, #23363)
• Terminal panel in chat sidebar (#23231)
• Computer tool screenshots rendered as images and viewable in lightbox (#23074)
• Structured error/retry UX for agent chat (#23282)

Coder Agents can now connect to external MCP servers and expose workspace-level MCP tools. See extending agents for configuration details. To configure Coder itself as an MCP server for external agents (Claude, Cursor, etc.), see the MCP server docs.

• MCP server admin UI to configure external MCP servers (#23301)
• MCP server picker in agent chat UI (#23470)
• Auto-discover OAuth2 config for MCP servers via RFC 7591 DCR (#23406)
• PKCE support for MCP server OAuth2 flow (#23503)
• Workspace MCP tool discovery and proxying for chat (#23680)
• MCP tool annotations exposed for tool grouping (#23195)
• Collapsed MCP tool results by default (#23568)

AI Governance

See the AI Governance Add-On docs for setup and configuration.

• AI Governance seat capacity banners (#23411)
• AI session auditing (#23660) — sessions logged to audit logs
• Usage limit override inline editing (#23380)
• Bar charts for Premium and AI Governance add-on license usage (#23442)
• AI add-on column in Users and Organization Members tables (#23291)
• Add-on license display UI (#22948)
• Enabled toggle for chat models in admin panel (#23665)
• BYOK (Bring Your Own Key) — users can supply their own LLM credentials (#23013) — see models & providers
• ChatGPT support for AI Bridge (#23822)
• Multiple Copilot providers — register both business and enterprise upstreams (#23811)
• AI Bridge Sessions — list, thread detail, and client filter pages (#23388, #23391)
• Model filter on AI Bridge request logs (#22230)
• provider_name column added to interceptions (#23960)

Service Accounts (new, Premium)

A new first-class user type for machine/automation use cases. See headless auth docs for details.

• Create service accounts via the API or coder users create --service-account (#22698, #23186)
• UI for creating and managing service accounts (#23140)
• Workspace sharing mode restricted to service accounts (#23093, #23327)
• Filter workspace and user views by service account (#23468)
• Service accounts are a Premium feature (#24020)

Security & Networking

• Block CONNECT tunnels to private/reserved IP ranges in AI Bridge Proxy — prevents the proxy from reaching internal networks; Coder access URL is always exempt (#23109)
• Disable reverse/local port forwarding per agent via --block-reverse-port-forwarding and --block-local-port-forwarding agent flags (#24026) — see port forwarding
• Rate limiting by user instead of IP for authenticated requests (#22049)
• Workspace agent now uses header auth instead of cookies for WebSocket dials (#22226)
• user:read OAuth2 scope added (#23348)

CLI & Workspace

• coder create --no-wait flag — create a workspace without waiting for it to start (#22867)
• Kubernetes Gateway API: HTTPRoute support as an alternative to Ingress (#23501)
• Workspace stops before starting with new parameters (#23541)
• SSH: Retry transient connection failures during setup (#24010)
• Coder Connect: Dial timeout and keepalive (#24015)
• Coder Connect: Trailing dot added to hostname to prevent DNS search domain expansion (#22607)
• coder exp sync want now accepts multiple --depends-on args (#23869)
• Error when CODER_SESSION_TOKEN env var is set during coder login (#22879)
• Apply defaults when rendering select prompts (#22093)
• Reuse multi-select parameter values on workspace update (#22261)

Users & Groups

• New user editing page (#23328)
• Filtering and pagination for group members (#23392) and org members (#23334) — see groups & roles
• Multi-user dialog for adding group members at once (#23396)
• New endpoint for users to view their own OIDC claims (#23053) — see OIDC auth
• Onboarding info fields added to first user setup (#23989)
• Allow member users to generate support bundles (#23040)
• Typed confirmation required for license removal (#22082)

Templates & Prebuilds

• Prebuild claiming is now durable and idempotent (#23108)
• Validate prebuild presets using dynamic parameter validation (#21858)
• Mark presets as validation_failed to prevent endless prebuild retries (#22085)
• Allow template deletion when only prebuild workspaces remain (#23417)
• coder_env merge_strategy support (#23107) — see environment variables
• Warn about active prebuilds when duplicating a template (#22945)

Dashboard

• Web push notifications graduated from experiment to always-on
• PWA support for Agents page — install as a mobile/desktop app (#22650)
• Lexical rich text editor replaces the textarea in agent chat input (#22449)
• Smooth text streaming engine for LLM responses (#22503)
• WCAG 2.1 AA accessibility improvements across core frontend flows (#22673, #22746)
• Improved DERP health page readability (#22984)
• Confirmation dialog for archive & delete workspace actions (#23150)
• Settings and Analytics moved from dialogs to sidebar sub-navigation (#23126)
• Show inline validation errors for URL-prefilled workspace names (#22347)

Bug fixes

• Server: Race condition in external auth token refresh fixed (#22904)
• Server: Chat hang when workspace agent is unavailable fixed (#23707)
• Server: Failed workspace start now runs stop build first before restarting (#22925)
• Server: MCP OAuth2 token refresh now works everywhere (#23713)
• Server: Render HTML error page for OIDC email validation failures (#23059)
• Server: Show accurate error when startup script fails (instead of "agents not connected") (#22843)
• Server: Sub-agents no longer counted in workspace build duration metrics (#22732)
• Server: Provisioner coder_env and coder_script iteration is now deterministic (#22706)
• CLI: coder login token no longer fails without --url flag (#22742)
• CLI: Retry dial timeouts in SSH connection setup (#24199)
• Dashboard: User status change chart now handles DST correctly (#22191)
• Dashboard: Disallow deselecting dynamic dropdown values (#22931)

Performance improvements

• ListAIBridgeSessions 10x faster (#23774)
• Audit and connection log count query optimizations (#23835)
• Chat streaming latency reduced with event-driven acquisition (#23745)
• Multiple chatd scale bottlenecks fixed by benchmarking (#22957)
• Coordinator peer mapping performance improvement (#23696)
• Connection logs batched to reduce DB lock contention (#23727)
• GetProvisionerJobsByIDsWithQueuePosition query optimized (#22724)

Compare: v2.31.9...v2.32.0

Container image

• docker pull ghcr.io/coder/coder:v2.32.0

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.