You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A discussion dedicated to the code-server module. Share your thoughts, questions, and feedback here.
Module Scorecard
Presentation & Onboarding
IDE Integration
Credential Hygiene
Restricted-Environment Readiness
Engineering Quality
Overall
25 / 25
22 / 25
20 / 20
7.5 / 20
9 / 10
84 / 100
Drilldown
Presentation & Onboarding — 25 / 25
Criterion
Max
Score
Notes
Configuration-mode examples
12
12
Multiple major modes documented: pin versions, pre-install extensions, pre-configure settings, workspace files, additional args, offline/cached modes. Each has clear examples with sensible defaults.
Coder-context framing
8
8
README names both Coder and code-server, explains it "Automatically install code-server in a workspace, create an app to access it via the dashboard", and shows Coder fits in the flow via the dashboard app integration.
Visual preview
5
5
README includes screenshot: 
IDE Integration — 22 / 25
Criterion
Max
Score
Notes
Dashboard entry point
7
7
coder_app resource with proper healthcheck, URL construction, and configurable display_name, slug, share, subdomain, open_in.
Managed configuration
6
6
Documented support for managed settings via settings variable (User settings.json) and machine_settings variable (Machine settings.json), with merge logic. Examples show theme configuration.
Configurable folder or workdir
6
6
Documented folder and workspace variables with examples. URL construction includes query params. Validation ensures mutual exclusivity.
Pre-installed extensions
6
3
Extensions documented via extensions variable with examples. However, auto_install_extensions feature for workspace recommendations is documented but requires jq and only works with workspace files, making it partial/awkward.
Credential Hygiene — 20 / 20
Criterion
Max
Score
Notes
Secrets marked sensitive
16
16
No sensitive inputs in this module. No API keys or secrets required. README examples contain no inline secrets.
Non-hardcoded auth path
4
4
code-server runs with --auth none and relies on Coder's built-in authentication via the dashboard app proxy. No raw keys needed.
Restricted-Environment Readiness — 7.5 / 20
Criterion
Max
Score
Notes
Mirrorable artifact source
10
0
No variable overrides the download URL. The install script hardcodes https://code-server.dev/install.sh. install_version pins version but doesn't change the source URL. install_prefix only changes install location, not download source.
Bring-your-own binary
5
5
offline = true mode documented: "Just run code-server in the background, don't fetch it from GitHub". Example shows usage. Script checks for existing binary at $CODE_SERVER path.
Egress transparency
3
1.5
"Offline and Use Cached Modes" section describes offline behavior and mentions "download from GitHub", but does not enumerate actual endpoints/domains contacted (e.g., code-server.dev, github.com, open-vsx.org). Partial credit for scattered mentions.
Runs without sudo
2
1
Script in run.sh uses curl ... | sh -s to run the code-server install script, which may require sudo depending on install prefix. The default /tmp/code-server likely works without sudo, but the external install script's behavior is not guaranteed. No explicit documentation of no-sudo path. Partial credit for likely working in common cases.
Engineering Quality — 9 / 10
Criterion
Max
Score
Notes
Input quality
6
6
Inputs have clear descriptions, sensible defaults (port=13337, install_prefix=/tmp/code-server). Validation on workspace (must end in .code-workspace), folder/workspace mutual exclusivity, share, open_in.
Test coverage
4
3
.tftest.hcl covers business logic: required vars, conflicts, URL construction, validation. TypeScript tests in main.test.ts cover end-to-end: settings merge, installation, health checks. However, some edge cases like sudo behavior or network failures not explicitly tested.
Overall — 84 / 100
Scored against SCORECARD.md on 2026-07-15 with claude-sonnet-4-5.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
A discussion dedicated to the code-server module. Share your thoughts, questions, and feedback here.
Module Scorecard
Drilldown
Presentation & Onboarding — 25 / 25
IDE Integration — 22 / 25
coder_appresource with proper healthcheck, URL construction, and configurable display_name, slug, share, subdomain, open_in.settingsvariable (User settings.json) andmachine_settingsvariable (Machine settings.json), with merge logic. Examples show theme configuration.folderandworkspacevariables with examples. URL construction includes query params. Validation ensures mutual exclusivity.extensionsvariable with examples. However,auto_install_extensionsfeature for workspace recommendations is documented but requires jq and only works with workspace files, making it partial/awkward.Credential Hygiene — 20 / 20
--auth noneand relies on Coder's built-in authentication via the dashboard app proxy. No raw keys needed.Restricted-Environment Readiness — 7.5 / 20
https://code-server.dev/install.sh.install_versionpins version but doesn't change the source URL.install_prefixonly changes install location, not download source.offline = truemode documented: "Just run code-server in the background, don't fetch it from GitHub". Example shows usage. Script checks for existing binary at$CODE_SERVERpath.curl ... | sh -sto run the code-server install script, which may require sudo depending on install prefix. The default/tmp/code-serverlikely works without sudo, but the external install script's behavior is not guaranteed. No explicit documentation of no-sudo path. Partial credit for likely working in common cases.Engineering Quality — 9 / 10
workspace(must end in .code-workspace),folder/workspacemutual exclusivity,share,open_in..tftest.hclcovers business logic: required vars, conflicts, URL construction, validation. TypeScript tests inmain.test.tscover end-to-end: settings merge, installation, health checks. However, some edge cases like sudo behavior or network failures not explicitly tested.Overall — 84 / 100
Scored against SCORECARD.md on 2026-07-15 with
claude-sonnet-4-5.Beta Was this translation helpful? Give feedback.
All reactions