feat: add support for external agents to API's and provisioner

coder · kacpersaw · Aug 11, 2025 · Aug 11, 2025 · Aug 11, 2025 · Aug 11, 2025
commit 71a653c3d67ac8e59efba2bb4148044561183c3b
diff --git a/cli/testdata/coder_list_--output_json.golden b/cli/testdata/coder_list_--output_json.golden
@@ -70,7 +70,8 @@
         "most_recently_seen": null
       },
       "template_version_preset_id": null,
-      "has_ai_task": false
+      "has_ai_task": false,
+      "has_external_agent": false
     },
     "latest_app_status": null,
     "outdated": false,

diff --git a/cli/testdata/coder_provisioner_list_--output_json.golden b/cli/testdata/coder_provisioner_list_--output_json.golden
@@ -7,7 +7,7 @@
     "last_seen_at": "====[timestamp]=====",
     "name": "test-daemon",
     "version": "v0.0.0-devel",
-    "api_version": "1.8",
+    "api_version": "1.9",
     "provisioners": [
       "echo"
     ],

diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go
diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -1430,6 +1430,9 @@ func New(options *Options) *API {
 					r.Post("/", api.postWorkspaceAgentPortShare)
 					r.Delete("/", api.deleteWorkspaceAgentPortShare)
 				})
+				r.Route("/external-agent", func(r chi.Router) {
+					r.Get("/{agent}/credentials", api.workspaceExternalAgentCredentials)
+				})
 				r.Get("/timings", api.workspaceTimings)
 				r.Route("/acl", func(r chi.Router) {
 					r.Use(
@@ -1566,6 +1569,9 @@ func New(options *Options) *API {
 			r.Use(apiKeyMiddleware)
 			r.Get("/", api.tailnetRPCConn)
 		})
+		r.Route("/init-script", func(r chi.Router) {
+			r.Get("/{os}/{arch}", api.initScript)
+		})
 	})
 
 	if options.SwaggerEndpoint {

diff --git a/coderd/coderdtest/swaggerparser.go b/coderd/coderdtest/swaggerparser.go
@@ -310,7 +310,8 @@ func assertSecurityDefined(t *testing.T, comment SwaggerComment) {
 		comment.router == "/" ||
 		comment.router == "/users/login" ||
 		comment.router == "/users/otp/request" ||
-		comment.router == "/users/otp/change-password" {
+		comment.router == "/users/otp/change-password" ||
+		comment.router == "/init-script/{os}/{arch}" {
 		return // endpoints do not require authorization
 	}
 	assert.Containsf(t, authorizedSecurityTags, comment.security, "@Security must be either of these options: %v", authorizedSecurityTags)
@@ -361,7 +362,8 @@ func assertProduce(t *testing.T, comment SwaggerComment) {
 			(comment.router == "/licenses/{id}" && comment.method == "delete") ||
 			(comment.router == "/debug/coordinator" && comment.method == "get") ||
 			(comment.router == "/debug/tailnet" && comment.method == "get") ||
-			(comment.router == "/workspaces/{workspace}/acl" && comment.method == "patch") {
+			(comment.router == "/workspaces/{workspace}/acl" && comment.method == "patch") ||
+			(comment.router == "/init-script/{os}/{arch}" && comment.method == "get") {
 			return // Exception: HTTP 200 is returned without response entity
 		}
 

diff --git a/coderd/initscript.go b/coderd/initscript.go
@@ -0,0 +1,40 @@
+package coderd
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/go-chi/chi/v5"
+
+	"github.com/coder/coder/v2/coderd/httpapi"
+	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/provisionersdk"
+)
+
+// @Summary Get agent init script
+// @ID get-agent-init-script
+// @Produce text/plain
+// @Tags InitScript
+// @Param os path string true "Operating system"
+// @Param arch path string true "Architecture"
+// @Success 200 "Success"
+// @Router /init-script/{os}/{arch} [get]
+func (api *API) initScript(rw http.ResponseWriter, r *http.Request) {
+	os := strings.ToLower(chi.URLParam(r, "os"))
+	arch := strings.ToLower(chi.URLParam(r, "arch"))
+
+	script, exists := provisionersdk.AgentScriptEnv()[fmt.Sprintf("CODER_AGENT_SCRIPT_%s_%s", os, arch)]
+	if !exists {
+		httpapi.Write(r.Context(), rw, http.StatusBadRequest, codersdk.Response{
+			Message: fmt.Sprintf("Unknown os/arch: %s/%s", os, arch),
+		})
+		return
+	}
+	script = strings.ReplaceAll(script, "${ACCESS_URL}", api.AccessURL.String()+"/")
+	script = strings.ReplaceAll(script, "${AUTH_TYPE}", "token")
+
+	rw.Header().Set("Content-Type", "text/plain; charset=utf-8")
+	rw.WriteHeader(http.StatusOK)
+	_, _ = rw.Write([]byte(script))
+}
diff --git a/coderd/initscript_test.go b/coderd/initscript_test.go
@@ -0,0 +1,45 @@
+package coderd_test
+
+import (
+	"context"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/v2/coderd/coderdtest"
+	"github.com/coder/coder/v2/codersdk"
+)
+
+func TestInitScript(t *testing.T) {
+	t.Parallel()
+
+	t.Run("OK Windows", func(t *testing.T) {
+		t.Parallel()
+		client := coderdtest.New(t, nil)
+		script, err := client.InitScript(context.Background(), "windows", "amd64")
+		require.NoError(t, err)
+		require.NotEmpty(t, script)
+		require.Contains(t, script, "$env:CODER_AGENT_AUTH = \"token\"")
+	})
+
+	t.Run("OK Linux", func(t *testing.T) {
+		t.Parallel()
+		client := coderdtest.New(t, nil)
+		script, err := client.InitScript(context.Background(), "linux", "amd64")
+		require.NoError(t, err)
+		require.NotEmpty(t, script)
+		require.Contains(t, script, "export CODER_AGENT_AUTH=\"token\"")
+	})
+
+	t.Run("BadRequest", func(t *testing.T) {
+		t.Parallel()
+		client := coderdtest.New(t, nil)
+		_, err := client.InitScript(context.Background(), "darwin", "armv7")
+		require.Error(t, err)
+		var apiErr *codersdk.Error
+		require.ErrorAs(t, err, &apiErr)
+		require.Equal(t, http.StatusBadRequest, apiErr.StatusCode())
+		require.Equal(t, "Unknown os/arch: darwin/armv7", apiErr.Message)
+	})
+}