NotificationsYou must be signed in to change notification settings
Fork948
Star10.5k

feat: add workspace SSH execution tool for AI SDK#18924

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Merged

ThomasK33 merged 1 commit intomainfromthomask33/07-20-feat_toolsdk_add_ssh_exec_tool

Jul 21, 2025

Merged

feat: add workspace SSH execution tool for AI SDK#18924

ThomasK33 merged 1 commit intomainfromthomask33/07-20-feat_toolsdk_add_ssh_exec_tool

Jul 21, 2025

Conversation

Copy link

Member

ThomasK33 commentedJul 20, 2025•
edited by coderabbitaibot
Loading

Add SSH Command Execution Tool for Coder Workspaces

This PR adds a new AI toolcoder_workspace_ssh_exec that allows executing commands in Coder workspaces via SSH. The tool provides functionality similar to thecoder ssh <workspace> <command> CLI command.

Key features:

Executes commands in workspaces via SSH and returns the output and exit code
Automatically starts workspaces if they're stopped
Waits for the agent to be ready before executing commands
Trims leading and trailing whitespace from command output
Supports various workspace identifier formats:
- workspace (uses current user)
- owner/workspace
- owner--workspace
- workspace.agent (specific agent)
- owner/workspace.agent

The implementation includes:

A new tool definition with schema and handler
Helper functions for workspace and agent discovery
Workspace name normalization to handle different input formats
Comprehensive test coverage including integration tests

This tool enables AI assistants to execute commands in user workspaces, making it possible to automate tasks and provide more interactive assistance.

Summary by CodeRabbit

New Features
- Introduced the ability to execute bash commands inside a Coder workspace via SSH, supporting multiple workspace identification formats.
Tests
- Added comprehensive unit and integration tests for executing bash commands in workspaces, including input validation, output handling, and error scenarios.
Chores
- Registered the new bash execution tool in the global tools list.

github-actionsbot assignedThomasK33

Jul 20, 2025

Copy link

MemberAuthor

ThomasK33 commentedJul 20, 2025

feat: add workspace SSH execution tool for AI SDK #18924 👈(View in Graphite)
main

This stack of pull requests is managed byGraphite. Learn more aboutstacking.

Copy link

Member

bpmct commentedJul 20, 2025

It works! Seeing some weird errors though

ThomasK33 force-pushed thethomask33/07-20-feat_toolsdk_add_ssh_exec_tool branch 2 times, most recently frome976eea to678cabcCompare

July 21, 2025 11:57

ThomasK33 marked this pull request as ready for review

July 21, 2025 12:26

ThomasK33 linked an issue

Jul 21, 2025

that may beclosed by this pull request

MCP: Addexec tool to run commands in workspacescoder/internal#774

Closed

feat(toolsdk): add SSH exec tool

3970946

Change-Id: I61f694a89e33c60ab6e5a68b6773755bff1840a4Signed-off-by: Thomas Kosiewski <tk@coder.com>

ThomasK33 force-pushed thethomask33/07-20-feat_toolsdk_add_ssh_exec_tool branch from678cabc to3970946Compare

July 21, 2025 17:09

Copy link

coderabbitaibot commentedJul 21, 2025•
edited
Loading

📝 Walkthrough

Walkthrough

A new tool,WorkspaceBash, is introduced to thetoolsdk package, enabling execution of bash commands within Coder workspaces via SSH. The implementation includes input normalization, workspace and agent resolution, SSH execution, and comprehensive error handling. Associated tests validate input handling, normalization, tool registration, and command execution. The tool is also registered in the global tools list.

Changes

File(s)	Change Summary
codersdk/toolsdk/bash.go	Added`WorkspaceBash` tool for executing bash commands in workspaces, with input normalization, workspace/agent resolution, SSH execution, and error handling. Introduced supporting types and functions.
codersdk/toolsdk/bash_test.go	Added unit tests for`WorkspaceBash` tool: input validation, normalization, tool registration, and error scenarios.
codersdk/toolsdk/toolsdk.go	Added`ToolNameWorkspaceBash` constant and registered`WorkspaceBash` in the exported`All` tools slice.
codersdk/toolsdk/toolsdk_test.go	Added helper for workspace/agent setup and new subtests for`WorkspaceBash` tool execution, including command output and error scenarios. Modified helper to use test context.

Sequence Diagram(s)

sequenceDiagram    participant User    participant ToolHandler as WorkspaceBash Handler    participant SDK as codersdk.Client    participant Workspace    participant Agent    participant SSH    User->>ToolHandler: Provide workspace name & command    ToolHandler->>ToolHandler: Normalize workspace input    ToolHandler->>SDK: Find workspace & agent    alt Workspace stopped        ToolHandler->>SDK: Start workspace and wait for build    end    ToolHandler->>Agent: Wait for agent to be ready    ToolHandler->>SSH: Establish SSH connection    ToolHandler->>SSH: Execute command    SSH-->>ToolHandler: Return output & exit code    ToolHandler-->>User: Return trimmed output & exit code

Estimated code review effort

4 (~90 minutes)

✨ Finishing Touches

📝 Generate Docstrings

🪧 Tips

Chat

There are 3 ways to chat withCodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Explain this complex logic.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag@coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai explain this code block.
- @coderabbitai modularize this function.
PR comments: Tag@coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and explain its main purpose.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on oursupport page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings togenerate docstrings for this PR.
@coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add@coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add@coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add@coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

Visit ourDocumentation for detailed information on how to use CodeRabbit.
Join ourDiscord Community to get help, request features, and share feedback.
Follow us onX/Twitter for updates and announcements.

Copy link

MemberAuthor

ThomasK33 commentedJul 21, 2025

@CodeRabbit review

Copy link

coderabbitaibot commentedJul 21, 2025

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

1 similar comment

Copy link

coderabbitaibot commentedJul 21, 2025

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

coderabbitaibot reviewed

Jul 21, 2025

View reviewed changes

Copy link

coderabbitaibot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)

codersdk/toolsdk/bash.go (1)
96-108:Consider adding timeout configuration for SSH operations.
The SSH dial and connection operations don't have explicit timeouts, which could cause the tool to hang indefinitely if the agent is unresponsive.
Consider adding a timeout to the dial options:
 // Dial agent conn, err := wsClient.DialAgent(ctx, workspaceAgent.ID, &workspacesdk.DialAgentOptions{ BlockEndpoints: false,+// Add a reasonable timeout if the context doesn't already have one })
You might also want to ensure the context has a deadline if it doesn't already:
// At the beginning of the handler, after validationif_,ok:=ctx.Deadline();!ok {varcancel context.CancelFuncctx,cancel=context.WithTimeout(ctx,5*time.Minute)defercancel()}
codersdk/toolsdk/toolsdk_test.go (1)
31-50:Helper function follows established patterns but consider test isolation.
ThesetupWorkspaceForAgent function replicates the SSH test setup pattern correctly. However, there are a few observations:
The function creates a hardcoded username "myuser" which could potentially cause issues in concurrent tests
The function properly usest.Helper() to improve error reporting
The nolint comments are appropriate for test code
Consider using a unique username to avoid potential conflicts:
-userClient, user := coderdtest.CreateAnotherUserMutators(t, client, first.OrganizationID, nil, func(r *codersdk.CreateUserRequestWithOrgs) {-r.Username = "myuser"-})+userClient, user := coderdtest.CreateAnotherUserMutators(t, client, first.OrganizationID, nil, func(r *codersdk.CreateUserRequestWithOrgs) {+r.Username = fmt.Sprintf("myuser-%d", time.Now().UnixNano())+})
However, based on the retrieved learnings, unique identifiers should be used in concurrent tests to prevent race conditions.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between40a6367 and3970946.

📒 Files selected for processing (4)

codersdk/toolsdk/bash.go (1 hunks)
codersdk/toolsdk/bash_test.go (1 hunks)
codersdk/toolsdk/toolsdk.go (2 hunks)
codersdk/toolsdk/toolsdk_test.go (4 hunks)

🧰 Additional context used

🧠 Learnings (3)

codersdk/toolsdk/toolsdk.go (1)

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.035Z
Learning: Applies to coderd/coderdtest/**/* : Thecoderdtest package incoderd/coderdtest/ provides utilities for creating test instances of the Coder server, setting up test users and workspaces, and mocking external components.

codersdk/toolsdk/toolsdk_test.go (10)

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.034Z
Learning: Applies to coderd/coderd.go : The REST API is defined incoderd/coderd.go and uses Chi for HTTP routing.

Learnt from: CR
PR: coder/coder#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-21T14:32:56.474Z
Learning: Applies to **/*_test.go : Never use hardcoded names in concurrent Go tests

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.035Z
Learning: Applies to **/*.go : Coder emphasizes clear error handling, with specific patterns required: Concise error messages that avoid phrases like "failed to"; Wrapping errors with%w to maintain error chains; Using sentinel errors with the "err" prefix (e.g.,errNotFound).

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.035Z
Learning: Applies to coderd/dbauthz/*.go : The database authorization (dbauthz) system enforces fine-grained access control across all database operations. All database operations must pass through this layer to ensure security.

Learnt from: ThomasK33
PR:#18809
File: coderd/apidoc/swagger.json:2160-2186
Timestamp: 2025-07-21T14:30:40.568Z
Learning: For the Coder repository, API specification or standards compliance issues should be raised in the Go source files (e.g., handler annotations or swaggo comments), not in auto-generated files like coderd/apidoc/swagger.json.

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.035Z
Learning: Applies to coderdenttest/**/* : Enterprise features have dedicated test utilities in thecoderdenttest package.

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.035Z
Learning: Applies to **/*_test.go : All tests should run in parallel usingt.Parallel() to ensure efficient testing and expose potential race conditions.

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.035Z
Learning: Applies to **/*_test.go : All tests must uset.Parallel() to run concurrently, which improves test suite performance and helps identify race conditions.

Learnt from: CR
PR: coder/coder#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-21T14:32:56.474Z
Learning: Applies to **/*_test.go : Use unique identifiers in concurrent Go tests to prevent race conditions (e.g., fmt.Sprintf with t.Name() and time.Now().UnixNano())

codersdk/toolsdk/bash_test.go (5)

Learnt from: CR
PR: coder/coder#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-21T14:32:56.474Z
Learning: Applies to **/*_test.go : Never use hardcoded names in concurrent Go tests

🔇 Additional comments (6)

codersdk/toolsdk/toolsdk.go (1)
36-36:LGTM!
The new tool constant and registration follow the established patterns in the codebase.
Also applies to: 187-187
codersdk/toolsdk/bash_test.go (1)
1-162:Excellent test coverage!
The test file follows all best practices:
All tests uset.Parallel() as required
Comprehensive coverage of input validation, error scenarios, and normalization
Well-structured test cases with clear naming
Good use of table-driven tests for normalization
codersdk/toolsdk/bash.go (1)
1-296:Well-implemented SSH execution tool!
The implementation is thorough and handles various edge cases well:
Comprehensive workspace name format support
Auto-start functionality for stopped workspaces
Proper error handling and exit code extraction
Good separation of concerns with helper functions
Clear documentation and examples
codersdk/toolsdk/toolsdk_test.go (3)
19-19:Import addition looks correct.
The import foragenttest is properly added and will be used in the new SSH execution test.
462-462:Good improvement: using test context instead of background context.
The change fromcontext.Background() tot.Context() is a proper improvement that:
Ensures test timeout compliance
Allows for proper cancellation when tests are stopped
Follows Go testing best practices
399-448:No parallel execution in toolsdk_test.go—hardcoded “myuser” is safe
TestTools (func TestTools at line 55) and its “WorkspaceSSHExec” subtest (around line 399) do not invoke t.Parallel(), so all steps—including the hardcoded “myuser” in setupWorkspaceForAgent—run sequentially. There’s no concurrent test execution here, so no race condition risk.
Likely an incorrect or invalid review comment.