chore: add managed_agent_limit licensing feature #18876
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ibetitsmike
reviewed
Jul 15, 2025
| // Temporary: If the license doesn't have a managed agent limit, | ||
| // we add a default of 800 managed agents per user. | ||
| // This only applies to "Premium" licenses. | ||
| if claims.FeatureSet == codersdk.FeatureSetPremium { |
There was a problem hiding this comment.
shouldn't there be some sort of validation of whether the license was issued before that July 1st cutoff?
There was a problem hiding this comment.
The cut off date isn't very accurate intentionally to give some buffer.
I don't think we need to check the license issuance date here, because any licenses generated by the new license generator form will always have the correct entitlements included, and will always trump the default limit as they were issued later.
dannykopping
approved these changes
Jul 16, 2025
enterprise/coderd/license/license.go
Outdated
| // Unfortunately, managed agent count is not a simple count of the current | ||
| // state of the world, but a count between two points in time determined by | ||
| // the licenses. | ||
| ManagedAgentCountFn func(ctx context.Context, from time.Time, to time.Time) (int64, error) |
There was a problem hiding this comment.
IMO we should be always using interfaces for callbacks like these, that way your LSP can list you all the implementations. (A typealias doesn't work either, I couldn't use the LSP to find all the instances of the reportConnectionFunc when I was working on the connection log 😕)
There was a problem hiding this comment.
There's only ever gonna be one implementation in the non-test codebase so I don't think this is worth changing all the tests over.
Comment on lines
+215
to
+234
| if _, ok := featureGrouping[featureName]; ok { | ||
| // These features need very special handling due to merging | ||
| // multiple feature values into a single SDK feature. | ||
| continue | ||
| } | ||
| if featureName == codersdk.FeatureUserLimit || featureName.UsesUsagePeriod() { |
There was a problem hiding this comment.
Anything that UsesUsagePeriod would already be skipped by having a featureGrouping (above)
There was a problem hiding this comment.
I think I might keep this for defense in depth.
Note that enforcement and checking usage will come in a future PR.
This feature is implemented differently than existing features in a few
ways.
Firstly, the feature is represented as a single feature in the codersdk
world, but is represented with multiple features in the license.
E.g. in the license you may have:
{
"features": {
"managed_agent_limit_soft": 100,
"managed_agent_limit_hard": 200
}
}
But the entitlements endpoint will return a single feature:
{
"features": {
"managed_agent_limit": {
"limit": 200,
"soft_limit": 100
}
}
}
This is required because of our rigid parsing that uses a
`map[string]int64` for features in the license. To avoid requiring all
customers to upgrade to use new licenses, the decision was made to just
use two features and merge them into one. Older Coder deployments will
parse this feature (from new licenses) as two separate features, but
it's not a problem because they don't get used anywhere obviously.
The reason we want to differentiate between a "soft" and "hard" limit is
so we can show admins how much of the usage is "included" vs. how much
they can use before they get hard cut-off.
The second major difference to other features is that "usage period"
features such as `managed_agent_limit` will now be primarily compared by
the `iat` (issued at) claim of the license they come from. This differs
from previous features. The reason this was done was so we could reduce
limits with newer licenses, which the current comparison code does not
allow for.
This effectively means if you have two active licenses:
- `iat`: 2025-07-14, `managed_agent_limit_soft`: 100,
`managed_agent_limit_hard`: 200
- `iat`: 2025-07-15, `managed_agent_limit_soft`: 50,
`managed_agent_limit_hard`: 100
Then the resulting `managed_agent_limit` entitlement will come from the
second license, even though the values are smaller than another valid
license. The existing comparison code would prefer the first license
even though it was issued earlier.
Existing limit features, like the user limit, just measure the current
usage value of the feature. The active user count is a gauge that goes
up and down, whereas agent usage can only be incremented, so it doesn't
make sense to use a continually incrementing counter forever and ever
for managed agents.
For managed agent limit, we count the usage between `nbf` (not before)
and `exp` (expires at) of the license that the entitlement comes from.
In the example above, we'd use the issued at date and expiry of the
second license as this date range.
This essentially means, when you get a new license, the usage resets to
zero.
The actual usage counting code will be implemented in a follow-up PR.
Temporarily (until further notice), we will be providing licenses with
`feature_set` set to `premium` a default limit.
- Soft limit: `800 * user_limit`
- Hard limit: `1000 * user_limit`
"Enterprise" licenses do not get any default limit and are not entitled
to use the feature.
Unlicensed customers (e.g. OSS) will be permitted to use the feature as
much as they want without limits. This will be implemented when the
counting code is implemented in a follow-up PR.
deansheather
force-pushed
the
dean/usage-licensing
branch
from
657b390 to
c7d0a84
Compare
ethanndickson
approved these changes
Jul 17, 2025
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note that enforcement and checking usage will come in a future PR.
This feature is implemented differently than existing features in a few ways.
It's highly recommended that reviewers read:
Multiple features in the license, a single feature in codersdk
Firstly, the feature is represented as a single feature in the codersdk world, but is represented with multiple features in the license.
E.g. in the license you may have:
But the entitlements endpoint will return a single feature:
This is required because of our rigid parsing that uses a
map[string]int64for features in the license. To avoid requiring all customers to upgrade to use new licenses, the decision was made to just use two features and merge them into one. Older Coder deployments will parse this feature (from new licenses) as two separate features, but it's not a problem because they don't get used anywhere obviously.The reason we want to differentiate between a "soft" and "hard" limit is so we can show admins how much of the usage is "included" vs. how much they can use before they get hard cut-off.
Usage period features will be compared and trump based on license issuance time
The second major difference to other features is that "usage period" features such as
managed_agent_limitwill now be primarily compared by theiat(issued at) claim of the license they come from. This differs from previous features. The reason this was done was so we could reduce limits with newer licenses, which the current comparison code does not allow for.This effectively means if you have two active licenses:
iat: 2025-07-14,managed_agent_limit_soft: 100,managed_agent_limit_hard: 200iat: 2025-07-15,managed_agent_limit_soft: 50,managed_agent_limit_hard: 100Then the resulting
managed_agent_limitentitlement will come from the second license, even though the values are smaller than another valid license. The existing comparison code would prefer the first license even though it was issued earlier.Usage period features will count usage between the start and end dates of the license
Existing limit features, like the user limit, just measure the current usage value of the feature. The active user count is a gauge that goes up and down, whereas agent usage can only be incremented, so it doesn't make sense to use a continually incrementing counter forever and ever for managed agents.
For managed agent limit, we count the usage between
nbf(not before) andexp(expires at) of the license that the entitlement comes from. In the example above, we'd use the issued at date and expiry of the second license as this date range.This essentially means, when you get a new license, the usage resets to zero.
The actual usage counting code will be implemented in a follow-up PR.
Managed agent limit has a default entitlement value
Temporarily (until further notice), we will be providing licenses with
feature_setset topremiuma default limit.800 * user_limit1000 * user_limit"Enterprise" licenses do not get any default limit and are not entitled to use the feature.
Unlicensed customers (e.g. OSS) will be permitted to use the feature as much as they want without limits. This will be implemented when the counting code is implemented in a follow-up PR.
Closes coder/internal#760