You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A discussion dedicated to the Coder Login module. Share your thoughts, questions, and feedback here.
Module Scorecard
Presentation & Onboarding
Credential Hygiene
Restricted-Environment Readiness
Engineering Quality
Overall
17 / 25
20 / 20
N/A
8 / 10
82 / 100
Drilldown
Presentation & Onboarding — 17 / 25
Criterion
Max
Score
Notes
Configuration-mode examples
12
12
Single clear example with sensible defaults. Module is simple with only one required input (agent_id), no major modes to document.
Coder-context framing
8
0
README does not explain what the module adds on top of Coder or how Coder fits in the flow. It states what it does ("logs the user into Coder") but lacks context about why this is needed or what problem it solves in the Coder ecosystem.
Visual preview
5
5
README includes an embedded image: 
Credential Hygiene — 20 / 20
Criterion
Max
Score
Notes
Secrets marked sensitive
16
16
The module uses data.coder_workspace_owner.me.session_token which is a Coder-provided data source. No user-provided secrets are required as inputs. README example shows no inline secrets.
Non-hardcoded auth path
4
4
Module uses Coder's native session token mechanism via data sources, avoiding any need for users to paste raw keys. This is a ServiceAccount-equivalent pattern.
Restricted-Environment Readiness — N/A
Criterion
Max
Score
Notes
Mirrorable artifact source
10
N/A
Module downloads nothing; it only sets environment variables using Coder data sources.
Bring-your-own binary
5
N/A
Module installs nothing; no binary involved.
Egress transparency
3
N/A
Module makes no external network calls of its own; it only configures environment variables.
Runs without sudo
2
N/A
Module contains no scripts to execute.
Engineering Quality — 8 / 10
Criterion
Max
Score
Notes
Input quality
6
6
Single input agent_id has clear description ("The ID of a Coder agent"), sensible type (string), and is appropriately required. No validation needed for this simple case.
Test coverage
4
2
.tftest.hcl covers basic business logic with two test runs including mock data overrides. TypeScript test in main.test.ts only verifies required variables and runs init, lacking end-to-end behavior coverage.
Overall — 82 / 100
Raw 45 / 55 → round(45 / 55 × 100) = 82
Scored against SCORECARD.md on 2026-07-15 with claude-sonnet-4-5.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
A discussion dedicated to the Coder Login module. Share your thoughts, questions, and feedback here.
Module Scorecard
Drilldown
Presentation & Onboarding — 17 / 25
Credential Hygiene — 20 / 20
data.coder_workspace_owner.me.session_tokenwhich is a Coder-provided data source. No user-provided secrets are required as inputs. README example shows no inline secrets.Restricted-Environment Readiness — N/A
Engineering Quality — 8 / 10
agent_idhas clear description ("The ID of a Coder agent"), sensible type (string), and is appropriately required. No validation needed for this simple case..tftest.hclcovers basic business logic with two test runs including mock data overrides. TypeScript test inmain.test.tsonly verifies required variables and runs init, lacking end-to-end behavior coverage.Overall — 82 / 100
Raw 45 / 55 → round(45 / 55 × 100) = 82
Scored against SCORECARD.md on 2026-07-15 with
claude-sonnet-4-5.Beta Was this translation helpful? Give feedback.
All reactions