helm/coder-v2/coder 2.34.0

v2.34.0

on Artifact Hub

Changelog

BREAKING CHANGES

• Default CODER_AI_GATEWAY_ENABLED to true (#25575)

  The AI Gateway is now enabled by default on all deployments. Set CODER_AI_GATEWAY_ENABLED=false to restore the old behavior.

• Seed AI providers from env on server startup (#24895)

  AI provider configuration from environment variables is now automatically seeded into the database on startup, replacing runtime-only provider setup. Existing database-configured providers take precedence. See AI Gateway: provider configuration moved to the database below for migration details.

• patchTemplateMeta uses optional fields (#24984)

  The UpdateTemplateMeta request now uses pointer fields so that unset fields are left unchanged. Clients sending zero values will no longer accidentally clear template metadata.

• Persist structured chat errors (#24919)

  Chat error messages are now persisted as structured ChatMessagePart entries instead of plain text. Existing clients that parse error messages as strings may need to handle the new structured format.

DEPRECATIONS

AI Gateway: provider configuration moved to the database

AI Gateway providers are now managed in the database via the dashboard
(/ai/settings) or the
AI Providers API.

The environment variables and flags below are deprecated: on the first
startup after upgrading they seed the database once, then have no further
effect. Once this one-off seeding process completes, the database is the
authoritative source for AI Provider configurations.

Deprecated configuration

Indexed multi-provider config (env-only; the two prefixes are mutually
exclusive):

Single-provider convenience options:

Failure mode

To prevent operators from editing configuration that no longer takes
effect, coderd will fail to start if any of these variables drift from a
provider already seeded in the database (for example, a changed key or base
URL). The startup error contains the names of the conflicting provider(s).

Recovery

Either:

• Remove the deprecated variables and restart (recommended once seeding has
  completed), or
• Revert them to match the seeded configuration, then make further changes
  through the dashboard or API.

After upgrading, visit /ai/settings to confirm which providers were
seeded, then delete the deprecated variables. See
Provider Configuration.

Features

Coder Agents

Coder Agents is a chat
interface and API for delegating development work to coding agents inside
your Coder deployment. The agent loop runs in the control plane, meaning
LLM credentials never enter workspaces, the agent provisions compute on
demand, and identity and policy continue to govern execution.

v2.34 adds chat sharing, an advisor system, personal skills, a chat
search UI, and scale testing tooling.

Chat sharing

Share agent chats with teammates via ACL-based permissions.

• Chat sharing foundation, API, and database ACLs (#25041, #24968, #25080)
• Enable chat sharing (#24987)
• Warn when viewing another user's chat (#25652)

Advisor

An admin-configurable advisor model that agents can consult for planning guidance without tool access.

• Advisor runtime, tool wrapper, and admin config wiring (#24620, #24622)
• Admin-configurable advisor API, SDK, and queries (#24621)
• Advisor admin settings UI and chat tool renderer (#24624, #24623)
• Stream advisor tool output (#25032)

Personal skills

Users can define their own agent skills (reusable context and instructions) that persist across chats. See extending agents for details.

• Personal skill storage, API, SDK, and resolver (#25363, #25362)
• Support personal skills in chats (#25366)
• Personal skills settings UI and docs (#25066)
• Slash menu for inserting personal skills in chat (#25386)
• Discover skills from ~/.coder/skills on the agent (#25271)

Chat UX

• Modal chat search popup with pr, repo, pr_title, and diff filters (#25535, #25569, #25638)
• Agents sidebar filters (#25402)
• Collapsible agent sections in sidebar (#25469)
• Show agent turn summary in sidebar (#25597)
• Cycle prompt history with up/down arrows (#25656)
• Jump between user prompts via arrow buttons (#25537)
• Show MCP tool inputs in chat (#25568)
• Collapse sequential read file events (#25075)
• Parse and render execute tool commands in the chat UI (#25478)
• Render markdown attachments in preview popup (#25573)
• Show reasoning heading in thinking block (#25594)
• Show workspace quota failures in chats (#25538)
• Workspace quota in usage indicator and ports submenu in WorkspacePill (#25539, #25543)
• Resizable agents sidebar (#25472)
• Guide users when chat providers or models are missing (#25607)

Chats API & tools

• stop_workspace chatd tool with recovery classification (#25355)
• Computer-use provider selection for AI agents (#24772)
• Allow attach_file in root plan-mode chats (#25346)
• Exclusive tool execution policy (#25263)
• Personal chat model overrides (#25175)
• Admin-configurable chat title generation model (#25267)
• Opt-in Coder identity headers for MCP servers (#25199)
• user_oidc auth type for MCP servers (#25172)
• Dedicated /prompts endpoint for chat history cycle (#25559)
• Resize chat image attachments client-side for provider budgets (#25467)
• Chat debug retention purge (#25156)
• Tag chat-originating agent logs with chat_id (#25111)
• Export Coder Agents debug logs (#25265)
• Shell tool and code diff display mode preferences (#25168, #25170)
• Post-fail diagnostic hints for edit_files (#25119)
• Intent labels on execute tool (#25353)
• Compact turn status labels (#25298)
• Report insufficient quota build failures in chat tools (#24956)

Scale testing

• Chat scaletest command (#25553)
• Agentfake scaletest subcommand (#25072)

AI Gateway

The AI Gateway is now enabled by default. v2.34 adds a full admin UI for
provider management, database-backed provider configuration with
encryption at rest, automatic key failover, and in-process routing from
chatd. See the AI Gateway docs
for configuration details.

Provider management UI

• AI settings promoted to a top-level admin section (#25582)
• AI settings provider form, pages, and routes (#25581, #25583)
• Known Model autocomplete and frontend defaults (#25577)
• Personal model override settings UI (#25627)

Provider backend

• AI providers table, queries, dbauthz, audit, and RBAC (#25409)
• AI providers HTTP CRUD handlers (#25411)
• Use AI provider keys at runtime (#25414)
• Encrypt ai_providers and ai_provider_keys at rest (#25326)
• Remove legacy chat provider tables (#25416)

Key management & failover

• Key pool with state tracking and walker (#24681)
• Support multiple keys per AI Bridge provider (#25296)
• Automatic key failover for Anthropic, OpenAI, and passthrough providers (#24836, #24847, #24920)

Routing & providers

• Route chatd provider traffic through AI Bridge in-process (#25629)
• Hot-reload aibridged and aibridgeproxyd providers on DB changes (#25673)
• Route extra ai_provider_types through OpenAI and Anthropic providers (#25722)
• Add copilot to ai_provider_type enum (#25616)
• Filter interceptions and sessions by provider name (#25640)
• AI budget policy and period deployment config (#25292)
• Per-group AI budget table and endpoints (#25340)
• AI model prices table (#25339)
• Serve 503 sentinel for disabled providers (#25794)
• Remove 429 from aibridge circuit breaker failure conditions (#24701)
• Request/response dump support for aibridgeproxyd (#24837)
• Audit group AI budget mutations (#25374)

User Secrets

User Secrets moves from Early Access to Beta. See the user secrets guide for details.

• User secrets management page (#25371)
• Enforce per-user limits on user_secrets (#25588)
• Audit user secret create, update, and delete (#25369)
• Refresh dynamic parameters on secret changes (#25563)
• Surface missing coder_secret requirements on resolve-autostart (#25565)
• Secret requirement contract for dynamic parameters (#25192)
• Report user secrets adoption summary in telemetry (#25564)

Security & Networking

• Azure instance identity hardened: IMDS G2 chain certificates, PKCS7 signature verification, explicit roots on macOS (#25646, #25634, #25447)
• Boundary sessions and boundary logs tables (#25441)
• Session correlation fields in BoundaryLog proto (#25619)
• GitLab support added to coderd/externalauth/gitprovider (#25195)
• Structured disconnect attribution for agent logs (#25013)
• Update IronBank base image to UBI9 and remove urllib3 (CVE-2026-44431) (#25734)

Templates & Provisioner

• Quickstart template with language and IDE selection (#24904)
• Exit code and status added to workspace agent scripts (#25196)
• Log resource replacement paths in Terraform provisioner (#24935)

Dashboard

• Colorblind-friendly themes for protan/deuter and tritan vision types (#24672)
• Theme mode dropdown with separate light/dark theme selection (#25183, #25181, #25076)
• Replace usage bars with ring indicators (#25708)
• Role selector in the create user form (#25060)
• Updated role editing on Users and Organization Members pages (#25059, #25058)
• Cmd/Ctrl+Enter send setting (#25169)
• Show UI for individual failed scripts (#25073)
• Show Organizations in admin dropdown for single-org OSS deployments (#25643)
• Mobile responsiveness improvements (#25174)
• Codernauts lunar lander game (#25001)

Bug fixes

• Server: External auth refresh now retries transient failures with backoff (#25686)
• Server: Concurrent external auth refresh race detected to prevent cache poisoning (#25686)
• Server: Azure identity certificate chain hardened with IMDS G2 certificates (#25646)
• Server: PKCS7 signature now verified on Azure instance identity tokens (#25634)
• Server: Service accounts excluded from license seat count (#25260)
• Server: Template admins can now read dormant workspaces (#25191)
• Server: Stale workspace agents soft-deleted on new build (#25464)
• Server: User secrets wiped when user is soft-deleted (#25574)
• Server: Org memberships cleaned up when user is soft-deleted (#25465)
• Server: WebSocket MaxMessageSize increased to 16 MiB (#25158)
• AI Gateway: Provider re-validated per request with reload classification (#25766)
• AI Gateway: Provider env key drift blocked at startup (#25849)
• AI Gateway: Credential hint tracked across key failover attempts (#25735)
• AI Gateway: Enabled thinking converted to adaptive for Bedrock Opus 4.7+ (#25742)
• AI Gateway: Quota errors classified as usage_limit instead of auth (#25676)
• Agents: OpenAI-compatible chat calls hardened (#25737)
• Agents: Stream silence timeout for chatd (#25782)
• Agents: Buffered message_parts checkpointed to avoid stale replay (#25461)
• Agents: Truncated provider streams handled (#25390)
• Agents: Orphan provider tool calls dropped on replay (#25275)
• Agents: Workspace MCP tools discovered mid-turn after create_workspace (#25422)
• Agents: Poisoned chain anchor recovered on retry (#25253)
• CLI: Use app slug instead of raw command in terminal URLs (#25668)
• CLI: Web terminal glyph rendering and tmux display corrected (#25667)
• CLI: PTY avoided for ssh command mode (#25665)
• CLI: Root HTTP transports isolated (#25517)
• Dashboard: iOS backspace restored in agent chat input (#25511)
• Dashboard: Template README content left-aligned instead of centered in narrow column (#25587)
• Dashboard: Running script count shown instead of log source count in agent log badge (#25491)
• Dashboard: Chat upload filenames sanitized client-side (#25555)
• Dashboard: Cross-org workspaces shown as disabled in chat picker (#25543)
• Dashboard: iOS visual viewport offset accounted for (#25557)
• Networking: DNS hosts preserved across control plane reconnections (#25234)
• Networking: Tailscale fork updated to fix TSMP/ICMP callback leak (#25437)

Performance improvements

• Replace pgcoordinator pg_notify triggers with app-level Publish() (#25044)
• Drop N+1 DB query on template ACL available (#25520)
• Cut DB fan-out on agent instance-identity auth (#24973)

Compare: v2.33.0...v2.34.0

Container image

• docker pull ghcr.io/coder/coder:v2.34.0

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.