Changelog

BREAKING CHANGES

• Use client IP when creating connection logs for workspace proxied app accesses (#19788,6a9b896) (@ethanndickson)

  The presence of theip field oncodersdk.ConnectionLog cannot be guaranteed, and so the field has been made optional. It may be omitted on API responses.

• Server: Only show task status for current build (#19966,eb55f0a) (@johnstcn)

  Renames theTaskStateCompleted constant toTaskStateComplete to align with the tense used inWorkspaceAppStatusStateComplete, requiring any code referencing the constant to be updated.

• Rename prompt field to input for task creation (#19982,eb74732) (@DanielleMaywood)

  Renames theCreateTaskRequest.Prompt toCreateTaskRequest.Input to align with language used in our CLI and elsewhere in the codebase.

Features

AI Bridge

AI Bridge, the self-hosted LLM proxy for auditing LLM tools and adoption is now in Early access, get started with oursetup guide.

• Addaibridgedserver pkg (#19902,615585d) (@dannykopping)
• Add aibridged package (#19797,fc9bff7) (@dannykopping)
• Initializeaibridged & mount API handler (#19798,0a79817) (@dannykopping)
• Add endpoint to list aibridge interceptions (#19929,0a6ba5d) (@pawbana)

MCP Server

New tools added to theCoder MCP Server in Beta.

• Addcoder_workspace_read_file MCP tool (#19562,4bf63b4) (@code-asher)
• Add tooltip field to workspace app that renders as markdown (#19651,e53bc24) (@rafrdz)
• Addcoder_workspace_write_file MCP tool (#19591,d5a02d5) (@code-asher)
• Add configs for external auth MCP usage + tool allow/denylist (#19794,348a2e0) (@dannykopping)
• Addcoder_workspace_edit_file MCP tool (#19629,30330ab) (@code-asher)
• Addcoder_workspace_ls MCP tool (#19652,be7aa58) (@code-asher)
• Add coder_workspace_port_forward MCP tool (#19863,7f56212) (@code-asher)
• Aibridged mcp handling (#19911,6971f61) (@dannykopping)

Tasks

v2.27.0 introduces the Tasks API (in beta) for integrating background agents into your ecosystem. Read more in ourdocumentation andblog posts.

• Don't redirect to task page when it is created (#19919,6d0943a) (@BrunoQuaresma)
• Add sidebar to task page (#19944,2df9c5b) (@BrunoQuaresma)
• Redesign tasks page to match AI tools (#19962,89339f6) (@BrunoQuaresma)
• Add notification for task status (#19965,fdb0267) (@ssncferreira)
• Delete task from sidebar (#20023,e96d69b) (@BrunoQuaresma)
• Minor prompt redesign (#20045,f009ebd) (@BrunoQuaresma)
• CLI: Add coder exp task delete (#19644,3470632) (@mafredri)
• CLI: Add quiet flag to task create (#19701,f94abfc) (@DanielleMaywood)
• CLI: Add optional --name arg to 'exp task create' (#19939,78b1ec9) (@johnstcn)
• CLI: Add exp task send (#19922,252f430) (@DanielleMaywood)
• CLI: Add formatting options to coder whoami (#19970,930bbaf) (@johnstcn)
• CLI: Improve exp task status --watch (#19969,82bebc7) (@johnstcn)
• CLI: Add exp task logs (#19915,b7e0b2a) (@DanielleMaywood)
• CLI: Add more information tocoder whoami (#19971,0a840e4) (@johnstcn)
• CLI: Add ability to create tasks for other users (#20012,abdea72) (@johnstcn)
• CLI: Addworkspace-updates scaletest command (#19905,0be9221) (@ethanndickson)

Workspace sharing

Shared workspaces are in the early stages of development and not ready for public testing; we're looking forward to sharing the work when it's available. If you have requests for shared workspaces, please leave feedback in ourGithub Discussions.

• Addsharing addcommand to the CLI (#19576,909acbc) (@brettkolodny)
• Addsharing showcommand to the CLI (#19707,065c7c3) (@brettkolodny)
• Addsharing remove command to the CLI (#19767,8d5c566) (@brettkolodny)
• Add--shared-with-me flag tocoder list command (#19948,647101b) (@brettkolodny)

Core

• Add user filter to templates page to filter by template author (#19561,95dccf3) (@rafrdz)
• Add default workspace name to Template Embed form (#19688,5c1a708) (@mtojek)
• Add workspaces/acl [delete] endpoint (#19772,854f3c0) (@brettkolodny)
• Add helm var to support RBAC for deploying workspaces in extra namespaces (#19517,6238937) (@rowansmithau)
• Addshared_with_group: andshared_with_user: filters to /workspaces endpoint (#19875,38ca987) (@brettkolodny)
• Show warning in AppLink if hostname is long enough to break port forwarding (#19506,6c01a77) (@aqandrew)
• Add prebuild timing metrics to Prometheus (#19503,0ab345c) (@ssncferreira)
• Replace the jetbrains-gateway module with the jetbrains toolbox (#19583,b61a5d7) (@app/blink-so)
• Supportcustom notifications (#19751,eec6c8c) (@ssncferreira)
• Ensure OAuth2 refresh tokens outlive access tokens (#19769,088d149) (@ThomasK33)
• Scopeallow_list to includeresource_type (#19748,679179f) (@Emyrk)
• Add best effort attempt to revoke oauth access token in external auth provider (#19775,439b041) (@pawbana)
• Implement API key scopes database migration (#19861,fb0ce38) (@ThomasK33)
• Add lint check for API key scope enum completeness (#19862,acc0890) (@ThomasK33)
• Generate RBAC scope name constants (#19896,adb7521) (@ThomasK33)
• Add scaletest Runner for dynamicparameters load gen (#19890,289f021) (@spikecurtis)
• Add public RBAC scope catalog for user-requestable permissions (#19913,47c92ad) (@ThomasK33)
• Add external API key scopes (#19916,4bda395) (@ThomasK33)
• Add multi-scope support to API keys (#19917,d0db9ec) (@ThomasK33)
• Publish RBAC scopes in OAuth2 metadata endpoints (#19942,05537c1) (@ThomasK33)
• Remove agent name from app URLs (#19750,d29a524) (@rafrdz)
• Implement composite API key scopes for workspaces and templates (#19945,79126ab) (@ThomasK33)
• Server: Add tasks delete endpoint (#19638,e5ac640) (@mafredri)
• Server: Allow specifying a name for a task (#19745,f3b152b) (@DanielleMaywood)
• Server: Add experimental tasks send endpoint (#19941,5317d30) (@mafredri)
• Server: Add experimental tasks logs endpoint (#19958,0bac5a4) (@mafredri)
• Server: Add ability to search org members by user_id, is_system, github_user_id (#20048,ff930ad) (@johnstcn)
• Dashboard: Display warning messages when wildcard is not configured (#19660,7c8f8f4) (@kacpersaw)
• Dashboard: Display warnings in tasks page when wildcard is not configured (#19780,0601cc8) (@kacpersaw)
• Dashboard: Allow starting task workspace from task page (#19790,b71d671) (@DanielleMaywood)
• Dashboard: Add custom notification settings (#19938,da467ba) (@ssncferreira)
• Dashboard: Add task notifications to user settings (#20006,7bddd80) (@ssncferreira)
• Enterprise: Allow system users to be added to groups (#19518,4e9ee80) (@SasSwart)

Bug fixes

• Don't show prebuild workspaces as tasks (#19572,abc946c) (@BrunoQuaresma)
• Suppress license expiry warning if a new license covers the gap (#19601,605dad8) (@deansheather)
• Limit the scope of the template average build time query to the last 100 (#19648,4fab14b) (@cstyan)
• Expire token for prebuilds user when regenerating session token (#19667,06cbb28) (@johnstcn)
• Show popup on successful template build (#19674,d415964) (@mtojek)
• Change enqueue error to debug log level (#19686,04dfda8) (@spikecurtis)
• Pin pg_dump version when generating schema (#19696,1b4ce09) (@ethanndickson)
• Prevent new workspace page from scrolling past the bottom of the screen (#19705,a78d65c) (@brettkolodny)
• Support path parameters in OAuth2 metadata endpoints (#19729,2701d55) (@ThomasK33)
• Add xmlns attribute to amazon-q.svg for proper rendering (#19738,d7d69d1) (@app/blink-so)
• Add support for spaces in search & enable searching by display name in templates (#19552,1677a30) (@rafrdz)
• Prevent unruly stacking contexts from breaking scrolling (#19785,8e79dbb) (@aslilac)
• Trim whitespace from API tokens (#19814,d238480) (@ThomasK33)
• Scroll item list into view when openingMultiSelectCombobox (#19806,8ff4ba0) (@aslilac)
• Correct MCP tools' input schemas (#19825,18b0aca) (@dannykopping)
• Use filepath to construct mcp test write path (#19808,c31768d) (@code-asher)
• Fix TestCloserStack_Timeout to wait for all asyncClosers (#19837,4fc0093) (@spikecurtis)
• Update bitnami to use legacy image (#19891,738dbc6) (@david-fraley)
• Update bitnami image (#19892,40ffb79) (@david-fraley)
• Add retry logic to OAuth2 metadata tests to avoid race conditions (#19813,6fb4cc6) (@ThomasK33)
• Make app tabs scrollable (#19881,e7d648f) (@BrunoQuaresma)
• Use unique cookies for workspace proxies (#19930,42dd544) (@deansheather)
• Force task to be created with latest version (#19923,5ff503b) (@BrunoQuaresma)
• Handle chat app not found for Tasks (#19947,c2d5143) (@BrunoQuaresma)
• Fix for template dormancy hour/day toggle (#19884,aaa5071) (@rowansmithau)
• Add tasks link to sidebar logo (#20038,b8370c2) (@BrunoQuaresma)
• CLI: Enhance error handling for multiple agents in SSH command (#19943,c8742ba) (@kacpersaw)
• CLI: Only implicitly read from stdin if the directory flag is unset (#19681,f867a9d) (@ethanndickson)
• Server: Filter out non-task workspaces in api.tasksList (#19559,dbc6c98) (@joh...

Contributors

Stable (since October 7, 2025)

Changelog

Bug fixes

• Server: Ensure agent WebSocket conn is cleaned up (#19711,7afe6c8) (@DanielleMaywood)
• pinpg_dump version when generating schema (#19696,c0f1b9d) (@ethanndickson)
• Remove expensive GetWorkspaces query from entitlements (#19747,5369204) (@kacpersaw)

Compare:v2.26.0...v2.26.1

Container image

• docker pull ghcr.io/coder/coder:v2.26.1

Install/upgrade

Refer to our docs toinstall orupgrade Coder, or use a release asset below.

Contributors

Stable (since October 01, 2025)

Changelog

Bug fixes

• Server: Ensure agent WebSocket conn is cleaned up (#19711,7afe6c8) (@DanielleMaywood)
• Stop reading closed channel for/watch devcontainers endpoint (#19373) (@DanielleMaywood)

Compare:v2.25.2...v2.25.3

Container image

• docker pull ghcr.io/coder/coder:v2.25.3

Install/upgrade

Refer to our docs toinstall orupgrade Coder, or use a release asset below.

Contributors

Stable (since September 04, 2025)

Changelog

Security Fixes

• Expire token for prebuilds user when regenerating session token (#19667) (#19668,ec66090) (@johnstcn)

  ⚠ Fixes an issue allowing previously authenticated users to claim prebuilt workspaces created from templates using thecoder-login module. Read more in ourGHSA for this vulnerability.

• Server: Add audit log on creating a new session key (#19672) (#19684,a79adb1) (@johnstcn)

  Adds an audit log entry when an API key is created viacoder login.

Bug Fixes

• Fix GCP service accounts (#19312) (#19315,d324cf7) (@ethanndickson)

Compare:v2.25.1...v2.25.2

Container image

• docker pull ghcr.io/coder/coder:v2.25.2

Install/upgrade

Refer to our docs toinstall orupgrade Coder, or use a release asset below.

Contributors

Stable (since September 04, 2025)

Changelog

Security Fixes

• Expire token for prebuilds user when regenerating session token (#19667) (#19668,ec66090) (@johnstcn)

  ⚠ Fixes an issue allowing previously authenticated users to claim prebuilt workspaces created from templates using thecoder-login module. Read more in ourGHSA for this vulnerability.

• Server: Add audit log on creating a new session key (#19672) (#19684,a79adb1) (@johnstcn)

  Adds an audit log entry when an API key is created viacoder login.

Compare:v2.24.3...v2.24.4

Container image

• docker pull ghcr.io/coder/coder:v2.24.4

Install/upgrade

Refer to our docs toinstall orupgrade Coder, or use a release asset below.

Contributors

Changelog

KNOWN ISSUES

• You may see higher numbers of "API Key Created" entries in the audit logs. This is expected due to fixing an audit logging omission (#19672).
• Jetbrains users may experience inflated API key creation. This will be fixed in a future patch to the Jetbrains plugin version.

BREAKING CHANGES

• Support empty or default fields when updating templates (#19256,aab2ccd) (@rafrdz)

  Breaking change to the Coder Go SDK. Field types incodersdk.UpdateTemplateMeta forIcon,Description, andDisplayName changed fromstring to*string. Consumers must pass pointers and handlenil checks. Code that assigns/reads plain strings will no longer compile without updates.

• fix(coderd/prometheusmetrics)!: filter deleted wsbuilds to reduce db load (#19197,1b66495) (@mafredri)

  Breaking change tocoderd_api_workspace_latest_build Prometheus metric. Thecoderd_api_workspace_latest_build Prometheus metric no longer includes builds belonging to deleted workspaces, as such, this metric will show fewer statuses.

Security Fixes

• Expire token for prebuilds user when regenerating session token (#19667) (#19668,ec66090) (@johnstcn)

  ⚠ Fixes an issue allowing previously authenticated users to claim prebuilt workspaces created from templates using thecoder-login module. Read more in ourGHSA for this vulnerability.

• Server: Add audit log on creating a new session key (#19672) (#19684,a79adb1) (@johnstcn)

  Adds an audit log entry when an API key is created viacoder login.

Features

• Validate presets on template import to prevent publishing an unusable template (#18844,f256a23) (@SasSwart)
• Allow bypassing current CORS magic based on template config (#18706,ffbfaf2) (@cstyan)
• Add MCP tools for ChatGPT. ChatGPT can now create Coder workspaces. (#19102,79cd80e) (@hugodutka)
• Add prebuild timing metrics to Prometheus (#19503,0ab345c) (@ssncferreira)
• Addauthor filter command to template filtering (#19202,5b80c47) (@Emyrk)
• Implement rich multi-selector for multi-select in the CLI (#19201,a7fac30) (@mtojek)
• Add Sourcegraph Amp logo sourced from presskit (#19421,7bcbb83) (@DevelopmentCats)
• Claim prebuilds based on workspace parameters instead of preset ID to improve prebuilds usability (#19279,f9a6adc) (@SasSwart)
• 📥 External workspaces is now in Early Access. Read more in ourexternal workspaces documentation.
  • CLI: Add enterpriseexternal-workspaces CLI command (#19287,7b1dcd9) (@kacpersaw)
  • Server: Addhas_external_agent flag to template_versions and workspace_builds (#19285,5e4aa79) (@kacpersaw)
  • Server: Add support for external agents to API's and provisioner (#19286,9edceef) (@kacpersaw)
  • Dashboard: Add support for external agents in the UI and extend CodeExample (#19288,7f72067) (@kacpersaw)
• ☑ Coder Tasks UI improvements:
  • Show workspace build and startup script logs during tasks creation (#19413,8aafbcb) (@BrunoQuaresma)

    Improved tasks creation UI:
    

  • Filter tasks that are waiting for user input (#19377,d77c3d0) (@BrunoQuaresma)
  • Display the number of idle tasks in the navbar (#19471,cde5b62) (@BrunoQuaresma)

    Improved visibility when tasks are waiting for user input.
    

• Show workspace health error alert above agents in workspace page for better visibility (#19400,9a872f9) (@aqandrew)
• CLI: Add filtering options toprovisioners list CLI command (#19378,ad5e678) (@rafrdz)
• CLI: Prevent coder schedule command on prebuilt workspaces (#19259,92d505c) (@ssncferreira)
• CLI: Addcoder exp tasks list command (#19496,836324e) (@mafredri)
• CLI: Addexp task create command (#19492,63c1325) (@DanielleMaywood)
• CLI: Implementexp task status command (#19533,5baaf27) (@johnstcn)
• Server: Generate task names based on their prompt (#19335,6553771) (@DanielleMaywood)
• Server: Add tasks/list and/get endpoints (#19468,427b23f) (@mafredri)
• Add workspace-sharing experiment (#19106,ed62ddc) (@aslilac)

  We're testing out shared workspaces in an early and unstable experiment. If you are interested or have feedback please join thediscussion in our Github.

Bug fixes

• Use system context for querying workspaces when deleting users to prevent deletion of users with workspaces(#19211,99d75cc) (@ethanndickson)
• Upgrade Go to 1.24.6 to fix race in lib/pq queries (#19214,91780db) (@spikecurtis)
• Prevent horizontal form section info from overlapping form fields (#19189,b8851f0) (@aqandrew)
• Upload the slim binaries from the build directory to the GCS bucket (#19281,5d42b18) (@jdomeracki-coder)
• Generalize password invalid message (#19307,b8c9192) (@aqandrew)
• Prevent activity bump for prebuilt workspaces (#19263,560cf84) (@ssncferreira)
• Set prebuilds lifecycle parameters on creation and claim (#19252,8567ecb) (@ssncferreira)
• Disallow lifecycle endpoints for prebuilt workspaces (#19264,734299d) (@ssncferreira)

  The two PRs above ensure a user's scheduling settings are correctly applied when claiming a prebuilt workspace.

• Correct scrolling overflow behavior for workspace history (#19340,5b5fbbe) (@brettkolodny)
• Ensure deployment banner is always on the bottom (#19361,362c78a) (@brettkolodny)
• Don't create autostart workspace builds with no available provisioners (#19067,6c902a7) (@cstyan)
• Exclude prebuilt workspaces from template-level lifecycle updates (#19265,d79a779) (@ssncferreira)
• Fix jetbrains toolbox connection tracking (#19348,dd867bd) (@f0ssel)
• Support oidc group allowlist in oss (#19430,5b1e809) (@rafrdz)
• Redirect users to/login if their oauth token is invalid (#19429,ee789da) (@brettkolodny)
• Add database constraint to enforce minimum username length (#19453,bcdade7) (@cstyan)
• Support 'me' as the username for template author (#19204,3024bde) (@Emyrk)
• Fix workspaces pagination (#19448,54440af) (@BrunoQuaresma)

  Users were previously unable to page through workspaces if they owned many (hundreds). This has been resolved.

• CLI: Display workspace created at time instead of current time (#19553,c19f430) (@DanielleMaywood)
• CLI: Attach org option totask create (#19554,8083d9d) (@johnstcn)
• Enterprise: Update external agent instructions in CLI (#19411,c429020) (@kacpersaw)
• Dashboard: Remove redundant alt text to prevent duplicated accessible names (#19087,44d9356) (@ssncferreira)
• Dashboard: Ensure notification settings page follows RBAC correctly (#19097,a185d3a) (@DanielleMaywood)
• Dashboard: Display tasks link when no templates contain an AI task (#19184,cc609cb) (@DanielleMaywood)
• Dashboard: Hide "Show parent apps" when no running or starting devcontainers (#19200,1c70d32) (@DanielleMaywood)
• Dashboard: Fix render crash when no embedded apps are defined for task (#19215,ffbd583) (@DanielleMaywood)
• Dashboard: Add preset combobox to dynamic parameters page (#19100,96e32d6) (@ssncferreira)
• Provisioner: Workaround lack ofcoder_ai_task resource on stop transition (#19560,bd139f3) (@johnstcn)
• Server: Filter out non-task workspaces inapi.tasksList (#19559,dbc6c98) (@johnstcn)

Documentation

• Addcode-server vsVSCode Webcomparison table (#19104,428ec35) (@EdwardAngert)
• Document how tostart a remote MCP Coder server (#19150,a02d1c1) (@hugodutka)
• AddOAuth2 provider experimental feature documentation (#19165,247efc0) (@ThomasK33)
• Update status ofCoder Desktop + corporate VPN issue (#19350,1ffc5a0) (@ethanndickson)
• Addgenerative AI contribution guidelines (#19427,a19dfa9) (@Emyrk)
• Add dev containers and scheduling to prebuilt workspaces known issues (#18816,49f32d1) (@EdwardAngert)
• AddGoogle OIDC provider-specific guide (#19309,ea7025b) (@DevelopmentCats)

Performance improvements

• Don't callGetUserByID unnecessarily for Agents metrics loops (#19395,014a2d5) (@cstyan)
• Speed upGetTailnetTunnelPeerBindings query (#19444,229d051) (@spikecurtis)

Chores

• Update to node 20.19.4 (#19188,5c88d93) (@aslilac)
• Update coder/preview tov1.0.4 (#19205,a2e8aa9) (@Emyrk)
• Upgrade to pnpm 10 (#19327,2180d17) (@aslilac)
• Update terraform to 1.13.0 (#19509,9b7d41d) (@app/blink-so)
• Helm: Make coder pprof endpoint available externally (#19185,4ba9382) (@Emyrk)

Compare:v2.25.1...v2.26.0

Container image...

Contributors

Stable (since September 02, 2025)

Changelog

Bug fixes

• Upgrade to 1.24.6 to fix race in lib/pq queries (#19214) (#19218,079328d)

  ⚠ Resolves CVE-2025-47907, details can be foundhere in golang/go. Additionally, seeour blog about this vulnerability.

Compare:v2.25.0...v2.25.1

Container image

• docker pull ghcr.io/coder/coder:v2.25.1

Install/upgrade

Refer to our docs toinstall orupgrade Coder, or use a release asset below.

Stable (since August 07, 2025)

Changelog

Bug fixes

• Pin Nix version to 2.28.4 to avoid JSON type error (#19223,9df4992)
• Upgrade to 1.24.6 to fix race in lib/pq queries (#19214) (#19219,7f6cefd)

  ⚠ Resolves CVE-2025-47907, details can be foundhere in golang/go. Additionally, seeour blog about this vulnerability.

• Use system context for querying workspaces when deleting users (#19211) (#19227,c219a9a)
• Backport coder desktop + corporate vpn fixes for 2.24 (#19177,bc502b5)

Chores

• Publish CLI binaries and detached signatures to releases.coder.com (#18901,3e0645c)
• Database: Optimize AuditLogs queries (#19193,5ff7496) (@kacpersaw)

Compare:v2.24.2...v2.24.3

Container image

• docker pull ghcr.io/coder/coder:v2.24.3

Install/upgrade

Refer to our docs toinstall orupgrade Coder, or use a release asset below.

Contributors

Stable (since August 07, 2025)

Changelog

• Upgrade to 1.24.6 to fix race in lib/pq queries (#19214) (#19219,7f6cefd)

  ⚠ Resolves CVE-2025-47907, details can be foundhere in golang/go. Additionally, seeour blog about this vulnerability.

• Publish CLI binaries and detached signatures to releases.coder.com (#18901,3e0645c)

Compare:v2.23.4...v2.23.5

Container image

• docker pull ghcr.io/coder/coder:v2.23.5

Install/upgrade

Refer to our docs toinstall orupgrade Coder, or use a release asset below.

Changelog

BREAKING CHANGES

• Route connection logs to Connection log instead of Audit log (#18340,08e17a0) (@ethanndickson)

  Connections to workspaces (via SSH, workspace apps, or browser port-forwarding) will no longer create entries in the audit log. Those events will now be included in the 'Connection Log'.
  Please see the 'Connection Log' page in the dashboard, and the Connection Log documentation for details. Those with permission to view the Audit Log will also be able to view the Connection Log. The new Connection Log has the same licensing restrictions as the Audit Log, and requires a Premium Coder deployment.

• Delete old connection events from audit log (#18735,f42de9f) (@ethanndickson)

  With new connection events appearing in the Connection Log, connection events older than 90 days will now be deleted from the Audit Log. If you require this legacy data, we recommend querying it from the REST API or making a backup of the database/these events before upgrading your Coder deployment. Please see the PR for details on what exactly will be deleted.
  Note: There are currently no plans to delete connection events from the Connection Log.

• Add ability to cancel pending workspace build (#18713,8202514) (@kacpersaw)

  CancelWorkspaceBuild method in codersdk now accepts anoptionalrequest parameter.

• Use devcontainer ID when rebuilding a devcontainer (#18604,f2d229e) (@DanielleMaywood)

  Minor breaking change for workspaces enabled by our devcontainer integration.
  Allows rebuilding a devcontainer without a valid devcontainer ID.

• CLI: Add CLI support for creating workspace with presets (#18912,b975d6d) (@ssncferreira)

  This breaking change impacts thecoder create CLI command only for templates which contain presets.

  It introduces a--preset flag to the create command, which modifies the behavior when no preset is explicitly provided:

  • If the template includes presets and a default preset, the default will be automatically applied. The user will be notified, but not prompted.
  • If the template includes presets without a default, the user will be prompted to choose a preset.

  This breaks existing workflows for templates with presets that:

  • Expect the create command to proceed without applying a preset
  • Rely on non-interactive scripts or automated workflows, which will now fail or hang due to unexpected prompts

Features

• Dynamic Parameters is now generally available:

  

  • Remove beta labels for dynamic parameters (#18976,d7b1253) (@jaaydenh)
  • Allow new immutable parameters for existing workspaces (#18579,e396b06) (@Emyrk)
  • Allow masking workspace parameter inputs (#18595,0b82f41) (@aslilac)
  • Support dynamic parameters on create template request (#18636,4072d22) (@Emyrk)
  • Display descriptions in multi-select component (#18730,61b6562) (@jaaydenh)
  • Add search to parameter dropdowns (#18729,52c4b61) (@aslilac)
  • Include template variables in dynamic parameter rendering (#18819,aedc019) (@Emyrk)
  • Improve workspace upgrade flow when template parameters change (#18917,19afeda) (@aslilac)
  • Make dynamic parameters opt-in by default for new templates (#19006,1320b8d) (@jaaydenh)
• Coder may now be used as anOAuth2 provider (experimental):
  • Add authorization server metadata endpoint, PKCE support (#18548,6f2834f) (@ThomasK33)
  • Add RFC 8707 resource indicators, audience validation (#18575,f0c9c4d) (@ThomasK33)
  • Add protected resource metadata endpoint for RFC 9728 (#18643,33bbf18) (@ThomasK33)
  • Implement OAuth2 dynamic client registration (RFC 7591/7592) (#18645,74e1d5c) (@ThomasK33)
  • Add experimental OAuth2 provider functionality (#18692,1555154) (@ThomasK33)
  • Implement RFC 6750 Bearer token authentication (#18644,09c5055) (@ThomasK33)
  • Add RFC 9728 OAuth2 resource metadata support (#18920,071383b) (@ThomasK33)
• The external Coder MCP server is now available as an experiment:

  Use any agent to create coder workspaces.

  • Implement MCP HTTP server endpoint with authentication (#18670,494dccc) (@ThomasK33)
  • Add MCP HTTP server experiment and improve experiment middleware (#18712,7fbb3ce) (@ThomasK33)
  • Add workspace SSH execution tool for AI SDK (#18924,326c024) (@ThomasK33)
  • SDK: Add MCP workspace bash background parameter (#19034,b666d52) (@hugodutka)
• Added new connection logs as a separate entity from audit logs

  

  • Dashboard: Add connection log page (#18708,b5260d5) (@ethanndickson)
  • Addconnectionlogs API (#18628,7a339a1) (@ethanndickson)
• Improvements to Coder Tasks:

  

  • Add task link in the workspace page when it is running a task (#18591,2d44add) (@BrunoQuaresma)
  • Redirect to the task page after creation (#18626,29ef3a8) (@BrunoQuaresma)
  • Make task panels resizable (#18590,8eebb4f) (@BrunoQuaresma)
  • Add preset selector in TasksPage (#19012,9a05a8a) (@johnstcn)
• Improvements to ourDevcontainers integration:
  • Agent: Automaticall detect dev containers (#18950,f41275e) (@DanielleMaywood)
  • Agent: Allow auto start for discovered containers (#19040,66cf90c) (@DanielleMaywood)
  • CLI: Improve devcontainer support forcoder show (#18793,5f50dcc) (@mafredri)
  • CLI: Replace open vscode container with devcontainer subagent (#18765,6c4db7a) (@mafredri)
  • Install dotfiles if present (#18606,872aef3) (@mafredri)
• Administrators can now track usage of agentic AI workspaces:

  Premium licensed customers have a default of 800 agentic workspaces per user. This limit will likely never be hit.

  • Addmanaged_agent_limit licensing feature (#18876,183a6eb) (@deansheather)
  • Add managed ai usage consumption to license view (#18934,36d2e01) (@ibetitsmike)
• Allow users to pause prebuilt workspace reconciliation (#18700,01163ea) (@SasSwart)
• Use parameterpreview engine to compute workspace tags from terraform (#18720,a099a8a) (@Emyrk)
• Add publishing of helm charts to ghcr registry (#18316,10c1e36) (@a1994sc)
• Automatically reconnect the terminal (#18796,5a8a19b) (@BrunoQuaresma)
• Publish CLI binaries and detached signatures to releases.coder.com (#18874,e4d3453) (@jdomeracki-coder)
• Add managed agent license limit checks (#18937,9a6dd73) (@deansheather)
• Extend workspace build reasons to track connection types (#18827,482463c) (@kacpersaw)
• Add View Source button for template administrators in workspace creation (#18951,28789d7) (@app/blink-so)
• Add timeout support to workspace bash tool (#19035,398e80f) (@ThomasK33)
• Support icon and description in preset (#18977,0672bf5) (@ssncferreira)
• Support shift+enter in terminal (#19021,558e25d) (@code-asher)
• CLI: Add CLI support for listing presets (#18910,931b97c) (@ssncferreira)
• CLI: Support description in create and presets list CLI commands (#19079,4e7331a) (@ssncferreira)
• Helm: Add pod-level securityContext support for certificate mounting (#19041,faac753) (@ausbru87)
• Dashboard: Support icon and description in preset (#19063,71738f6) (@ssncferreira)

Bug fixes

• Hide the preset parameter visibility switch when it has no effect (#18574,634144f) (@SasSwart)
• Pin Nix version to 2.28.4 to avoid JSON type error (#18612,1b1d091) (@ThomasK33)
• Cap max X11 forwarding ports and evict old (#18561,9e1cf16) (@spikecurtis)
• Use memmap file system for TestServer_X11 (#18562,6bebfd0) (@spikecurtis)
• Use default preset when creating a workspace for task (#18623,6d305df) (@BrunoQuaresma)
• Use only template version ID to create task workspace (#18642,4095330) (@BrunoQuaresma)
• Display error message when delete workspace fails (#18654,ad67733) (@jaaydenh)
• Use client preferred URL for the default DERP (#18911,a1b87a6) (@deansheather)
• Prioritise human-initiated builds over prebuilds in provisioner queue (#18933,c4b69bb) (@johnstcn)
• Debounce parameter slider to avoid laggy behavior (#18980,dd2fb89) (@jaaydenh)
• Avoid duplicating logs on Coder Connect Windows (#19052,2a430ab) (@deansheather)
• Sanitize app status summary to resolve confusing errors in coder tasks (#19075,812d72c) (@johnstcn)
• Agent: Delay containerAPI init to ensure startup scripts run before (#18630,7e99fb7) (@mafredri)
• Agent: Fix script filtering for devcontainers (#18635,8ee2668) (@mafredri)
• Agent: Disable dev container integration inside sub agents (#18781,0118e75) (@DanielleMaywood)
• Agent: Stop logging empty lines (#18605,98c77fe) (@DanielleMaywood)
• Agent: Respect ignore files (#19016,25d70ce) (@DanielleMaywood)
• CLI: Calculatecoder ping max correctly (#18734,7500aa4) (@ethanndickson)
• fix(.devcontainer): add home volume and fix code-server and filebrowser (#18648,d814fdf) (@mafredri)
• Dashboard: Update vscode.dev container button URLs (#18696,8b6d70b) (@mafredri)
• Dashboard: Only attempt to watch containers when agent connected (#18873,089f960) (@DanielleMaywood)
• Dashboard: Exclude workspace schedule settings for prebuilt workspaces (#18826,dad033e) (@ssncferreira)
• Dashboard: Only attempt to watch when dev containers enabled (#18892,bfb9aa4) (@DanielleMaywood)
• Dashboard: Speed up state syncs and valid...

Contributors