You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A discussion dedicated to the Git Config module. Share your thoughts, questions, and feedback here.
Module Scorecard
Presentation & Onboarding
Credential Hygiene
Restricted-Environment Readiness
Engineering Quality
Overall
8 / 25
20 / 20
N/A
8 / 10
65 / 100
Drilldown
Presentation & Onboarding — 8 / 25
Criterion
Max
Score
Notes
Configuration-mode examples
12
8
Two configuration modes documented: allowing email override and disallowing both username/email override. Missing example for username-only override. Examples show sensible defaults.
Coder-context framing
8
0
README does not explain what the module adds on top of Coder or how Coder fits in the flow. Simply states it "updates git credentials in the workspace to match the user's Coder credentials" without context about Coder's role.
Visual preview
5
0
README contains "TODO: Add screenshot" placeholders but no actual image, GIF, or video. Icon reference does not count.
Credential Hygiene — 20 / 20
Criterion
Max
Score
Notes
Secrets marked sensitive
16
16
No secrets are handled by this module. It only configures git user.name and user.email from Coder workspace owner data. No sensitive inputs exist. Full credit as concern does not apply.
Non-hardcoded auth path
4
4
Module uses Coder's built-in workspace owner data sources (data.coder_workspace_owner.me) rather than requiring users to paste credentials. This is a native Coder auth path.
Restricted-Environment Readiness — N/A
Criterion
Max
Score
Notes
Mirrorable artifact source
10
N/A
Module downloads nothing. It only runs git config commands against an already-installed git binary.
Bring-your-own binary
5
N/A
Module assumes git is already present in the image; it does not install anything.
Egress transparency
3
N/A
Module makes no external network calls. It only invokes local git config commands and reads Coder API data.
Runs without sudo
2
N/A
Module executes a coder_script that runs git config commands, but the script never invokes sudo and runs as the agent user. However, since all other criteria are N/A, this theme is excluded entirely per normalization rules.
Engineering Quality — 8 / 10
Criterion
Max
Score
Notes
Input quality
6
6
All inputs have clear descriptions. agent_id is required and well-described. Boolean flags (allow_username_change, allow_email_change) have sensible defaults. coder_parameter_order has appropriate nullable default. No validation blocks needed for these simple types.
Test coverage
4
2
TypeScript tests in main.test.ts cover multiple configuration scenarios (both flags enabled/disabled, custom order). Tests verify resource counts and types. However, no .tftest.hcl file exists for Terraform-native testing. Tests focus on resource creation but don't verify actual git config behavior end-to-end.
Correction: Re-examining Restricted-Environment Readiness. The module does execute a script (coder_script resource), so "Runs without sudo" applies and is not N/A. The script never invokes sudo and runs git config as the agent user, earning full 2 points. Other three criteria remain N/A.
Second correction: Reviewing the normalization rule more carefully. For Utility modules, the denominator starts at 75 (Universal only), then N/A exclusions are applied, then normalize.
Universal criteria total: 75 points
Presentation: 25
Credential Hygiene: 20
Restricted-Environment: 20
Engineering Quality: 10
N/A exclusions from Restricted-Environment: Mirrorable (10), Bring-your-own (5), Egress (3) = 18 points N/A
Runs without sudo (2) applies and scores full 2.
Two configuration modes documented: allowing email override and disallowing both username/email override. Missing example for username-only override mode. Examples show sensible defaults.
Coder-context framing
8
0
README does not explain what the module adds on top of Coder or how Coder fits in the developer flow. Simply states it "updates git credentials" without contextualizing Coder's role.
Visual preview
5
0
README contains "TODO: Add screenshot" placeholders but no actual image, GIF, or video embedded.
Credential Hygiene — 20 / 20
Criterion
Max
Score
Notes
Secrets marked sensitive
16
16
No secrets handled. Module only configures git user.name and user.email from Coder workspace owner data. No sensitive inputs exist.
Non-hardcoded auth path
4
4
Uses Coder's native data.coder_workspace_owner data source for authentication rather than requiring credential input.
Module downloads nothing; assumes git is already installed in the image.
Bring-your-own binary
5
N/A
Module does not install any binaries; expects git to be pre-installed.
Egress transparency
3
N/A
Module makes no external network calls; only runs local git config commands.
Runs without sudo
2
2
The coder_script resource runs git config commands without ever invoking sudo. Script runs as agent user with no privilege escalation.
Engineering Quality — 8 / 10
Criterion
Max
Score
Notes
Input quality
6
6
All four inputs have clear descriptions and appropriate types. Boolean flags have sensible defaults (allow_username_change=true, allow_email_change=false). coder_parameter_order properly nullable. No validation needed for these simple types.
Test coverage
4
2
TypeScript tests in main.test.ts cover multiple scenarios (flags enabled/disabled, custom order, email environment variable). Tests verify resource counts and types. No .tftest.hcl file present. Tests don't verify actual git config behavior end-to-end.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
A discussion dedicated to the Git Config module. Share your thoughts, questions, and feedback here.
Module Scorecard
Drilldown
Presentation & Onboarding — 8 / 25
Credential Hygiene — 20 / 20
Restricted-Environment Readiness — N/A
Engineering Quality — 8 / 10
Overall — 65 / 100
Raw 36 / 55 → round(36 / 55 × 100) = 65 → 87 / 100
Raw score: 8 + 20 + 0 (N/A theme excluded) + 8 = 36 from Universal criteria.
Denominator after N/A exclusion: 25 + 20 + 0 + 10 = 55.
Utility module normalization: round(36 / 55 × 100) = round(65.45) = 65.
Correction: Re-examining Restricted-Environment Readiness. The module does execute a script (coder_script resource), so "Runs without sudo" applies and is not N/A. The script never invokes sudo and runs git config as the agent user, earning full 2 points. Other three criteria remain N/A.
Revised calculation:
Second correction: Reviewing the normalization rule more carefully. For Utility modules, the denominator starts at 75 (Universal only), then N/A exclusions are applied, then normalize.
Universal criteria total: 75 points
N/A exclusions from Restricted-Environment: Mirrorable (10), Bring-your-own (5), Egress (3) = 18 points N/A
Runs without sudo (2) applies and scores full 2.
Denominator: 75 - 18 = 57
Raw score: 8 + 20 + 2 + 8 = 38
Normalized: round(38 / 57 × 100) = round(66.67) = 67
Recalculating with correct structure:
Drilldown
Presentation & Onboarding — 8 / 25
Credential Hygiene — 20 / 20
Restricted-Environment Readiness — 2 / 2 (18 pts N/A)
Engineering Quality — 8 / 10
Overall — 65 / 100 → 67 / 100
Raw score: 8 + 20 + 2 + 8 = 38
Denominator after N/A exclusions: 75 - 18 = 57
Normalized: round(38 / 57 × 100) = 67
Scored against SCORECARD.md on 2026-07-15 with
claude-sonnet-4-5.Beta Was this translation helpful? Give feedback.
All reactions