Changelog
Note
This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
BREAKING CHANGES
-
Chat stream silence timeout error renamed (#25973)
The Agents chat error kind startup_timeout has been renamed to stream_silence_timeout to reflect that the timeout now applies to any gap between provider stream parts, not just first-token startup.
Migration: Clients matching on the startup_timeout error kind should update to stream_silence_timeout. This is a minor API-only change; the dashboard handles it automatically. -
OIDC login rejects non-boolean or absent email_verified (#25713)
The OIDC callback previously used a Go type assertion for email_verified that silently treated missing or string-typed values (e.g. "false") as verified. The check is now fail-closed: absent claims, unrecognized types, or non-truthy values are treated as unverified and rejected. The fix adds coerceEmailVerified() which handles bool, string ("true"/"false"/"1"/"0" via strconv.ParseBool), float64, json.Number, and integer variants.
Migration: The migration is automatic for most of the deployments. However, if the IdP has non-static user IDs, then the admins may need to use the CODER_DANGEROUS_OIDC_SKIP_ISSUER_CHECKS. Please note that it is advised to not use this flag and allow for the automated migration to take care of things. -
OIDC/GitHub email fallback restricted to first-time linking (#25712)
findLinkedUser previously fell back to email-based lookup for all logins, not just first-time linking. An attacker who registers the victim's email at the IdP (with a different OIDC subject) could bypass linked_id and match to the victim's account. The fallback now returns no user when an existing user_link has a populated linked_id that differs from the current login. Accounts with empty (legacy, pre-migration) linked_id are unaffected and are backfilled on their next successful login.
Migration: The most likely trigger is changing CODER_OIDC_ISSUER_URL (because linked_id is issuer||subject), or two IdP identities sharing one email. Affected users will see a 403 on login. Admins can use the new OIDC link repair CLI (coder exp oidc-link-repair) to re-link accounts. See also CODER_OIDC_INSECURE_EMAIL_FALLBACK for IdP broker scenarios (#26751). -
HostnameSuffix and SSHConfigOptions validated at startup (#26154)
Server-side validation has been added for CODER_CONFIGSSH_HOSTNAME_SUFFIX and CODER_SSH_CONFIG_OPTIONS. Invalid values will now cause coderd to exit with an error on startup. Client-side, coder config-ssh will also exit with an error if it detects invalid config. Relevant CLI reference: https://github.com/coder/coder/blob/2778abec4be28ff2f582e1d4b8c1d5adbb6ea1d5/docs/reference/cli/server.md#--ssh-config-options
Migration: Review your CODER_CONFIGSSH_HOSTNAME_SUFFIX and CODER_SSH_CONFIG_OPTIONS values before upgrading. If they contain invalid characters or formatting, coderd will fail to start. Fix the values before or during the upgrade. -
X-Forwarded-Host only trusted from configured proxies (#26204)
X-Forwarded-Host was previously honored unconditionally for subdomain app routing. This allowed a share=authenticated app to forge the header and route requests to a victim's owner-only app. The header is now only trusted when the socket peer is in CODER_PROXY_TRUSTED_ORIGINS, matching the existing trust model for X-Forwarded-For and X-Forwarded-Proto.
Migration: Deployments that rely on reverse proxies rewriting Host and forwarding the original in X-Forwarded-Host must configure CODER_PROXY_TRUSTED_ORIGINS with the proxy addresses. Without this, subdomain app routing will ignore X-Forwarded-Host and fall back to the received Host header. -
AI provider name collision with settings routes prevented (#26688)
The AI providers page has moved from /ai/settings/:providerId to /ai/settings/providers/:providerId (and /ai/settings/add to /ai/settings/providers/add). The old routes allowed a provider named models to collide with the static Models page. No backward-compatibility redirects were added because a catch-all redirect would reintroduce the collision.
Migration: Update any bookmarked or automated links from /ai/settings/ to /ai/settings/providers/ and from /ai/settings/add to /ai/settings/providers/add. -
Org membership required for user ACLs (#26852)
Per-user ACL grants on org-scoped resources (templates, workspaces, chats) previously did not check organization membership. A user explicitly granted access retained it after being removed from the organization. The user-ACL rule now requires is_org_member, matching the existing group-ACL behavior.
Migration: Users who have been removed from an organization but still have per-user ACL grants will lose access. Re-add them to the organization if access should be preserved. -
Interceptions API and request logs view removed (#26213)
The GET /api/v2/aibridge/interceptions endpoint, the coder aibridge interceptions list CLI command, and the Request Logs frontend page have been removed. These have been replaced by the session-based view. The /models, /clients, and /sessions endpoints remain.
Migration: Switch any integrations using the interceptions API to the sessions API (/api/v2/aibridge/sessions). The sessions list page in the dashboard provides equivalent functionality. -
Agents insights page removed (#26457)
The /agents/settings/insights page and all of its backend support have been removed. The page had previously been hidden from navigation and was only reachable via deep link. Use the AI Gateway sessions page instead.
Migration: No action needed unless you had bookmarked or automated links to /agents/settings/insights. Redirect to the AI Gateway sessions page.
SECURITY
- Honor fixed lifetime for CLI API tokens (#26376)
Features
Updated Template Creation Process
The template creation process now uses a builder that allows users to pick a base template, select commonly used modules, and then set configuration for the template. This makes it faster to make templates, with less Terraform knowledge required.
- Base templates for all major cloud providers, module catalog with 19+ modules, and
go:embedwiring (#25909, #26115, #26117, #26193, #26194, #26634, #26838) - Wizard UI: step registry, base infra selection, module selection and search/filter, module settings, customizations, prerequisites display, loading animation, and template creation (#25123, #26423, #26424, #26427, #26428, #26433, #26523, #26524, #26531, #26627, #26674, #26682, #26757, #26806, #26835, #26830, #26878, #26880, #26881)
- Backend: compose/bundle API, variable validation, base template variables, module rendering and agent name extraction (#26347, #26349, #26350, #26351, #26354, #26360, #26425, #26432, #26633)
- Entrypoint wired from templates list page (#26756)
Improvements
Coder Agents
Durable chat runtime
Chatd now uses a more reliable state machine for queues, retries, interrupts, streaming, and multi-replica operation. (#26270, #26345, #26344, #26478)
Pinned workspace context
Chats now use stable snapshots of workspace instructions, skills, and MCP context. The agent pushes context state over a new Agent API (v2.10), coderd persists snapshots and pins them per-chat, and prompt generation consumes the pinned context instead of live-reading it on every turn. The dashboard surfaces pinned context, grouped by directory, with sizes and full .mcp.json paths. (#25983, #26145, #26385, #26389, #26430, #26438, #26526, #26533, #26558, #26570, #26573, #26577, #26581, #26598, #26614, #26715)
Quality-of-life improvements
- AI Gateway naming: Renamed user-facing "AI Bridge" surfaces to "AI Gateway" across the dashboard, API routes, docs, and swagger summaries. Added a migration guide for operators. (#26161, #26165, #26475, #26567, #26569, #26700, #26704, #26854)
- Expanded provider support: Added or improved support for Bedrock cross-account AssumeRole with Role ARN UI (#26527, #26578), GitHub Copilot provider via UI (#25888), OpenCode client and session tracking (#26098, #26128), Codex hyphenated session-id header (#26346), and Opus 4.8 known model (#25839)
- Centralized AI settings: Moved models, MCP servers, template allowlist, spend, instructions, lifecycle, and Coder Agents pages into a unified AI settings section. (#26615, #26624, #26625, #26642, #26692, #26800)
- Better context visibility: The Agents UI now shows pinned context indicators, context sizes, full
.mcp.jsonpaths, and resources grouped by directory. (#26573, #26598, #26614) - Improved Agents workspace UI: Shared chats and agents appear in the sidebar (#26056, #26328), updated search dialog with filter pills (#25753), right-panel tabs for workspace apps and ports (now GA) (#26208, #26906), multiple terminal tabs (#26089), and desktop panel toolbar with zoom modes and pop-out window (#25585)
- MCP Registry listing: Published the Coder MCP server to the official MCP Registry. (#21673)
- Improved sub-agent orchestration tools (#26673)
- Workspace skill directory returned from
read_skill(#26713) - Tool output capped to fit the model context window (#26637)
- Agent session env unified via
EnvInfoer(#26099)
AI Governance
The Cost Control and Session Correlation projects are slated for future releases, but significant groundwork has been laid in 2.35.
Cost Control
User and group AI budget management, including override endpoints, effective budget resolution, cost recording on token usage, experiment flag, and dashboard UI for user/group budget columns and spend tracking.
- User AI budget override endpoints and auditing (#25439, #25745, #26142)
- Record cost on AI Gateway token usages (#26229)
ai-gateway-cost-controlexperiment flag (#26399)- User AI budget override UI and AI spend in user dropdown (#26402, #26698)
- Group AI budget management UI with per-member columns (#26375, #26566, #26574, #26659)
Session Correlation (Gateway + Firewall)
End-to-end correlation between AI Gateway interceptions and Agent Firewall sessions, including RBAC, boundary log persistence and retention, and API endpoints for session and log retrieval.
boundary_logRBAC resource (#24810)- Agent Firewall correlation columns on
aibridge_interceptionsandRecordInterceptionRequest(#24817, #25884, #25926) - Persist and purge boundary logs past retention (#24812, #24815)
- Agent Firewall session and log retrieval endpoints (#24814, #24816)
- Surface agent firewall correlation in AI Gateway sessions API (#26416)
- Capture, persist, and strip Agent Firewall correlation headers in AI Gateway (#26529)
- Send connection logs from
agentfakeagents (#26083)
AI Gateway Keys
New ai_gateway_keys table with RBAC, CRUD endpoints, CLI commands, dashboard management page, key auth lookup, and pool failover metrics. (#25563, #25564, #25565, #25689, #25817, #26505, #26506, #25901)
RBAC & Organizations
- Configurable default organization member roles (#25994, #26028, #26107)
- SCIM 2.0 compliance handler and deployment configuration reporting (#25572, #26628)
- OIDC link repair CLI tool with
--force-reset-allflag (#26418, #26534) - Auto-handle changed OIDC providers deployment flag (#26419)
- INSECURE OIDC email fallback flag for IdP brokers (#26751)
Workspace & Templates
- Workspace autostop reminder notifications with dashboard configuration (#26417, #26429, #26439, #26676, #26762, #26772)
- Preset query parameter for workspace creation deeplinks (#24328)
- Ephemeral parameters support at workspace creation via CLI (#26012)
- Workspace deleted banner on build page (#25664)
--no-wildcardflag forcoder config-ssh(#26753)
Dashboard & Platform
- User avatar editing (#26652)
- Bouncy pop animation on inbox notification badge (#26057)
- Copy PR branch name from git panel (#25589)
- Show error details for generic errors (#25803)
Organizationfield added toWorkspaceFilter(#26727)- Search and provider filter on models list (#26683)
Infrastructure & Observability
- NATS: initial implementation with cluster peer support and experiment flag (#25602, #25632, #25703, #26441)
CODER_CLUSTER_HOSTCLI argument (#26680)coderd_api_websocket_probes_totalmetric (#25012)- Git SSH keys encrypted at rest via dbcrypt (#25872)
- Rotated agent logs included in support bundles (#26055)
- Fetch providers over DRPC (#26650)
listenersetpackage (#24993)
Bug fixes
Chat reliability fixes
Fixed runner startup, inflight work, shutdown, auto-archive, and stuck-context edge cases.
- Ensure runner initializes from the DB first (#26455)
- Resolve inflight race (#26460)
- Bind goInflight contexts to server lifetime (#26811)
- Reset auto-archive ticker after runs (#26512)
- Always commit a workspace context marker (#26520)
- Subscribe to pubsub before accepting websocket in watchChats (#25663)
- Surface chat error diagnostics (#26367)
Context and compaction fixes
Fixed lost API key routing, over-limit compaction loops, and oversized tool outputs wedging chats.
- Preserve chat API key after compaction (#25930)
- Fix compaction still-over-limit check (#26377)
- Cap tool output to fit the model context window (#26637)
- Tighten single tool result byte budget (#26763)
- Discourage doctrine in compaction summaries (#25850)
- Strip injected context from chat watch events (#26397)
Provider replay fixes
- Drop foreign provider-executed tools on model switch (#26555)
- Convert file attachment that would otherwise be dropped (#26556)
Attachment fixes
- Forward user-uploaded PDFs to Anthropic and Bedrock (#25946)
- Forward attached filenames to Anthropic chat models (#26051)
- Allow agents to attach any file type (#26560)
Provider compatibility fixes
Fixed OpenAI-compatible models, Gemini thought signatures, Anthropic thinking, Bedrock errors, SigV4 proxying, disabled providers, and Opus 4.8 behavior.
- Harden OpenAI-compatible chat calls (#25737)
- Preserve Gemini thought signatures (#25933)
- Show Anthropic Opus 4.7+ thinking (#26026)
- Show correct provider and clean detail for Bedrock errors (#26338)
- Support Bedrock Opus 4.8 adaptive thinking (#26691)
- Strip proxy headers from bridge requests to fix Bedrock SigV4 signing (#26019)
- Stop Agents dead-ending on unsupported providers (#26841)
- Serve 503 sentinel for disabled providers, classify as non-retryable (#25794, #25800)
- Use stream silence timeout (#25782)
- Retry provider stream cancellations and quota 429s (#26010, #26200)
- Re-validate provider per request and classify reloads (#25766)
Agents UI fixes
Fixed transcript rendering, tool activity, code blocks, diff stability, sticky truncation, typed input preservation, workspace unlinking, and read-only shared chats.
- Keep agent chat sticky truncation in sync as the transcript grows (#26714)
- Preserve chat input typed while loading (#26415)
- Improve live tool activity display (#26147)
- Dedupe agent tool timeline entries (#25970)
- Horizontally scroll wide code blocks in agent chat (#26016)
- Dedupe diff files to prevent CodeView duplicate-id crash (#26597)
- Make other-user chats read-only (#25736)
- Allow unlinking chat workspaces (#25833)
- Custom copy/paste menu for the web terminal (#26015)
- Show execute tool errors (#25886)
- Collapse agent command output by default (#25748)
Security & Auth
- Reject suspended users during OIDC and GitHub OAuth login (#24996)
- Prevent cross-tenant workspace app rebinding (#26103)
- Prevent session token exfiltration via external app URLs (#26146)
- Prevent open redirect in proxy authentication flow (#26647)
- Validate agent-supplied AllowedIPs in coordinator (#26144)
- Prevent command injection in agent shell execer (#26235)
- Verify workspace owner matches app username (#26085)
- Resolve client IP from rightmost untrusted X-Forwarded-For entry (#26646)
- Validate
FileSizeinNewDataBuilderto prevent OOM DoS (#25710) - Reject oversized and invalid zip uploads (#25877)
- Escape appearance values in HTML output (#25804)
- Prevent user-admin from resetting owner password (#25709)
- Require deployment-wide workspace read permissions for WatchAllWorkspaceBuilds endpoint (#27028)
AI Gateway
- Block AI provider env key drift (#25849)
- Deprecate AI provider seeding env config (#25854)
- Recreate
ai_provider_typeinstead of ADD VALUE (#25895) - Backfill legacy Bedrock AI provider rows and stale model config strings (#26155)
- Resolve model config provider via
ai_provider_id(#26660) - Synchronize bridge and pool shutdown with in-flight requests (#26743)
- Track credential hint across key failover attempts (#25735)
- Add max bytes request limit (#26164)
- Always verify TLS on proxy upstream transport (#26131)
- Negative metric counter increment from token arithmetic (#26547)
- Fixes to Firewall and Gateway session correlation mechanism (#27047)
Workspace & Server
- Handle concurrent build number race in lifecycle executor (#25824)
- Allow lifecycle code path to retry failed stop jobs (#26203)
- Show correct deletion time in dormancy notification (#26488)
- Let admins change their own workspace sharing role (#26559)
- Only send prebuild claim reinit for the claim build (#26548)
- Scope provisioner module file downloads to the daemon's org (#26635)
- Enforce required external auth on workspace create (#26314)
- Handle blank dynamic parameter values consistently (#26122)
- Allow deleting external-agent workspaces (#26501)
Dashboard
- Default agent logs tab to failed script, restore log auto-expand on failure (#25442, #26237)
- Keep TemplateVersionEditor file tree in sync (#25068)
- Set external auth provider polling status individually (#26313)
- Inline ports panel in workspace pill on mobile (#25042)
- Respect
automatic_updatespolicy in workspace action list (#26362) - Show only parent agent apps in workspaces table (#26568)
- Add alt text to Avatar for WCAG compliance (#26223)
Template Builder
- UI elements' positioning, sizing, empty states, corrected link, and other small fixes (#26925, #26924, #26939, #26907, #26947, #26938, #27015)
Documentation
- AI Gateway: migration guide for AI Bridge to AI Gateway rebranding (#26854), key failover (#25893), Bedrock IAM role assumption and static credentials (#26703, #26563), ChatGPT/Codex BYOK setup (#26348), Codex WebSocket fallback troubleshooting (#26565), AI Gateway routing (#25852)
- Coder Agents: chatd architecture docs (#26478), chat sharing (#25592), Agents vs Chats API clarification (#26021)
- Upgrade guides: ESR 2.29 to 2.34 (#25910), GitLab
read_apiscope change (#26829) - Getting started: new top-level "Get started" section (#26821), "Customize your template" series (#26712)
- Tooling: Vale prose linter wired into docs CI (#25467), canonical content guidelines (#26352)
- VS Code 1.122 Custom Endpoint support (#26126), Coder Desktop log collection (#26631)
Compare: v2.34.0...v2.35.0
Container image
docker pull ghcr.io/coder/coder:v2.35.0
Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.