coder
diff --git a/‎cli/server.go
+4 b/‎cli/server.go
+4
diff --git a/‎cli/testdata/coder_scaletest_--help.golden
-16 b/‎cli/testdata/coder_scaletest_--help.golden
-16
diff --git a/‎cli/testdata/coder_scaletest_cleanup_--help.golden
-19 b/‎cli/testdata/coder_scaletest_cleanup_--help.golden
-19
diff --git a/‎cli/testdata/coder_scaletest_create-workspaces_--help.golden
-114 b/‎cli/testdata/coder_scaletest_create-workspaces_--help.golden
-114
diff --git a/‎cli/testdata/coder_scaletest_workspace-traffic_--help.golden
-62 b/‎cli/testdata/coder_scaletest_workspace-traffic_--help.golden
-62
diff --git a/‎cli/testdata/coder_users_list_--output_json.golden
+1-1 b/‎cli/testdata/coder_users_list_--output_json.golden
+1-1
diff --git a/‎cli/userstatus_test.go
+11-7 b/‎cli/userstatus_test.go
+11-7
diff --git a/‎coderd/apidoc/docs.go
+2 b/‎coderd/apidoc/docs.go
+2
diff --git a/‎coderd/apidoc/swagger.json
+6-2 b/‎coderd/apidoc/swagger.json
+6-2
diff --git a/‎coderd/coderdtest/coderdtest.go
+8 b/‎coderd/coderdtest/coderdtest.go
+8
diff --git a/‎coderd/database/dbauthz/dbauthz.go
+7 b/‎coderd/database/dbauthz/dbauthz.go
+7
diff --git a/‎coderd/database/dbfake/dbfake.go
+24-1 b/‎coderd/database/dbfake/dbfake.go
+24-1
diff --git a/‎coderd/database/dbgen/dbgen.go
+7 b/‎coderd/database/dbgen/dbgen.go
+7
@@ -70,6 +70,7 @@ import (
 	"github.com/coder/coder/coderd/database/migrations"
 	"github.com/coder/coder/coderd/database/pubsub"
 	"github.com/coder/coder/coderd/devtunnel"
+	"github.com/coder/coder/coderd/dormancy"
 	"github.com/coder/coder/coderd/gitauth"
 	"github.com/coder/coder/coderd/gitsshkey"
 	"github.com/coder/coder/coderd/httpapi"
@@ -812,6 +813,9 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
 				options.SwaggerEndpoint = cfg.Swagger.Enable.Value()
 			}
 
+			closeCheckInactiveUsersFunc := dormancy.CheckInactiveUsers(ctx, logger, options.Database)
+			defer closeCheckInactiveUsersFunc()
+
 			// We use a separate coderAPICloser so the Enterprise API
 			// can have it's own close functions. This is cleaner
 			// than abstracting the Coder API itself.
 
@@ -24,7 +24,7 @@
     "email": "testuser2@coder.com",
     "created_at": "[timestamp]",
     "last_seen_at": "[timestamp]",
-    "status": "active",
+    "status": "dormant",
     "organization_ids": [
       "[first org ID]"
     ],
 
@@ -14,14 +14,13 @@ import (
 
 func TestUserStatus(t *testing.T) {
 	t.Parallel()
-	client := coderdtest.New(t, nil)
-	admin := coderdtest.CreateFirstUser(t, client)
-	other, _ := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID)
-	otherUser, err := other.User(context.Background(), codersdk.Me)
-	require.NoError(t, err, "fetch user")
 
 	t.Run("StatusSelf", func(t *testing.T) {
 		t.Parallel()
+
+		client := coderdtest.New(t, nil)
+		coderdtest.CreateFirstUser(t, client)
+
 		inv, root := clitest.New(t, "users", "suspend", "me")
 		clitest.SetupConfig(t, client, root)
 		// Yes to the prompt
@@ -34,13 +33,18 @@ func TestUserStatus(t *testing.T) {
 
 	t.Run("StatusOther", func(t *testing.T) {
 		t.Parallel()
-		require.Equal(t, codersdk.UserStatusActive, otherUser.Status, "start as active")
+
+		client := coderdtest.New(t, nil)
+		admin := coderdtest.CreateFirstUser(t, client)
+		other, _ := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID)
+		otherUser, err := other.User(context.Background(), codersdk.Me)
+		require.NoError(t, err, "fetch user")
 
 		inv, root := clitest.New(t, "users", "suspend", otherUser.Username)
 		clitest.SetupConfig(t, client, root)
 		// Yes to the prompt
 		inv.Stdin = bytes.NewReader([]byte("yes\n"))
-		err := inv.Run()
+		err = inv.Run()
 		require.NoError(t, err, "suspend user")
 
 		// Check the user status
 
@@ -587,6 +587,14 @@ func createAnotherUserRetry(t *testing.T, client *codersdk.Client, organizationI
 		sessionToken = token.Key
 	}
 
+	if user.Status == codersdk.UserStatusDormant {
+		// Use admin client so that user's LastSeenAt is not updated.
+		// In general we need to refresh the user status, which should
+		// transition from "dormant" to "active".
+		user, err = client.User(context.Background(), user.Username)
+		require.NoError(t, err)
+	}
+
 	other := codersdk.New(client.URL)
 	other.SetSessionToken(sessionToken)
 	t.Cleanup(func() {
 
@@ -2099,6 +2099,13 @@ func (q *querier) UpdateGroupByID(ctx context.Context, arg database.UpdateGroupB
 	return updateWithReturn(q.log, q.auth, fetch, q.db.UpdateGroupByID)(ctx, arg)
 }
 
+func (q *querier) UpdateInactiveUsersToDormant(ctx context.Context, lastSeenAfter database.UpdateInactiveUsersToDormantParams) ([]database.UpdateInactiveUsersToDormantRow, error) {
+	if err := q.authorizeContext(ctx, rbac.ActionCreate, rbac.ResourceSystem); err != nil {
+		return nil, err
+	}
+	return q.db.UpdateInactiveUsersToDormant(ctx, lastSeenAfter)
+}
+
 func (q *querier) UpdateMemberRoles(ctx context.Context, arg database.UpdateMemberRolesParams) (database.OrganizationMember, error) {
 	// Authorized fetch will check that the actor has read access to the org member since the org member is returned.
 	member, err := q.GetOrganizationMemberByUserID(ctx, database.GetOrganizationMemberByUserIDParams{
 
@@ -3862,7 +3862,7 @@ func (q *FakeQuerier) InsertUser(_ context.Context, arg database.InsertUserParam
 		CreatedAt:      arg.CreatedAt,
 		UpdatedAt:      arg.UpdatedAt,
 		Username:       arg.Username,
-		Status:         database.UserStatusActive,
+		Status:         database.UserStatusDormant,
 		RBACRoles:      arg.RBACRoles,
 		LoginType:      arg.LoginType,
 	}
@@ -4337,6 +4337,29 @@ func (q *FakeQuerier) UpdateGroupByID(_ context.Context, arg database.UpdateGrou
 	return database.Group{}, sql.ErrNoRows
 }
 
+func (q *FakeQuerier) UpdateInactiveUsersToDormant(_ context.Context, params database.UpdateInactiveUsersToDormantParams) ([]database.UpdateInactiveUsersToDormantRow, error) {
+	q.mutex.Lock()
+	defer q.mutex.Unlock()
+
+	var updated []database.UpdateInactiveUsersToDormantRow
+	for index, user := range q.users {
+		if user.Status == database.UserStatusActive && user.LastSeenAt.Before(params.LastSeenAfter) {
+			q.users[index].Status = database.UserStatusDormant
+			q.users[index].UpdatedAt = params.UpdatedAt
+			updated = append(updated, database.UpdateInactiveUsersToDormantRow{
+				ID:         user.ID,
+				Email:      user.Email,
+				LastSeenAt: user.LastSeenAt,
+			})
+		}
+	}
+
+	if len(updated) == 0 {
+		return nil, sql.ErrNoRows
+	}
+	return updated, nil
+}
+
 func (q *FakeQuerier) UpdateMemberRoles(_ context.Context, arg database.UpdateMemberRolesParams) (database.OrganizationMember, error) {
 	if err := validateDatabaseType(arg); err != nil {
 		return database.OrganizationMember{}, err
 
@@ -224,6 +224,13 @@ func User(t testing.TB, db database.Store, orig database.User) database.User {
 	})
 	require.NoError(t, err, "insert user")
 
+	user, err = db.UpdateUserStatus(genCtx, database.UpdateUserStatusParams{
+		ID:        user.ID,
+		Status:    database.UserStatusActive,
+		UpdatedAt: database.Now(),
+	})
+	require.NoError(t, err, "insert user")
+
 	if !orig.LastSeenAt.IsZero() {
 		user, err = db.UpdateUserLastSeenAt(genCtx, database.UpdateUserLastSeenAtParams{
 			ID:         user.ID,