Skip to content

feat: add workspace SSH execution tool for AI SDK #18924

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 21, 2025

Conversation

ThomasK33
Copy link
Member

@ThomasK33 ThomasK33 commented Jul 20, 2025

Add SSH Command Execution Tool for Coder Workspaces

This PR adds a new AI tool coder_workspace_ssh_exec that allows executing commands in Coder workspaces via SSH. The tool provides functionality similar to the coder ssh <workspace> <command> CLI command.

Key features:

  • Executes commands in workspaces via SSH and returns the output and exit code
  • Automatically starts workspaces if they're stopped
  • Waits for the agent to be ready before executing commands
  • Trims leading and trailing whitespace from command output
  • Supports various workspace identifier formats:
    • workspace (uses current user)
    • owner/workspace
    • owner--workspace
    • workspace.agent (specific agent)
    • owner/workspace.agent

The implementation includes:

  • A new tool definition with schema and handler
  • Helper functions for workspace and agent discovery
  • Workspace name normalization to handle different input formats
  • Comprehensive test coverage including integration tests

This tool enables AI assistants to execute commands in user workspaces, making it possible to automate tasks and provide more interactive assistance.

Summary by CodeRabbit

  • New Features
    • Introduced the ability to execute bash commands inside a Coder workspace via SSH, supporting multiple workspace identification formats.
  • Tests
    • Added comprehensive unit and integration tests for executing bash commands in workspaces, including input validation, output handling, and error scenarios.
  • Chores
    • Registered the new bash execution tool in the global tools list.

Copy link
Member Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

@bpmct
Copy link
Member

bpmct commented Jul 20, 2025

It works! Seeing some weird errors though
image

@ThomasK33 ThomasK33 force-pushed the thomask33/07-20-feat_toolsdk_add_ssh_exec_tool branch 2 times, most recently from e976eea to 678cabc Compare July 21, 2025 11:57
@ThomasK33 ThomasK33 marked this pull request as ready for review July 21, 2025 12:26
@ThomasK33 ThomasK33 linked an issue Jul 21, 2025 that may be closed by this pull request
Change-Id: I61f694a89e33c60ab6e5a68b6773755bff1840a4
Signed-off-by: Thomas Kosiewski <tk@coder.com>
@ThomasK33 ThomasK33 force-pushed the thomask33/07-20-feat_toolsdk_add_ssh_exec_tool branch from 678cabc to 3970946 Compare July 21, 2025 17:09
Copy link

coderabbitai bot commented Jul 21, 2025

📝 Walkthrough

Walkthrough

A new tool, WorkspaceBash, is introduced to the toolsdk package, enabling execution of bash commands within Coder workspaces via SSH. The implementation includes input normalization, workspace and agent resolution, SSH execution, and comprehensive error handling. Associated tests validate input handling, normalization, tool registration, and command execution. The tool is also registered in the global tools list.

Changes

File(s) Change Summary
codersdk/toolsdk/bash.go Added WorkspaceBash tool for executing bash commands in workspaces, with input normalization, workspace/agent resolution, SSH execution, and error handling. Introduced supporting types and functions.
codersdk/toolsdk/bash_test.go Added unit tests for WorkspaceBash tool: input validation, normalization, tool registration, and error scenarios.
codersdk/toolsdk/toolsdk.go Added ToolNameWorkspaceBash constant and registered WorkspaceBash in the exported All tools slice.
codersdk/toolsdk/toolsdk_test.go Added helper for workspace/agent setup and new subtests for WorkspaceBash tool execution, including command output and error scenarios. Modified helper to use test context.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant ToolHandler as WorkspaceBash Handler
    participant SDK as codersdk.Client
    participant Workspace
    participant Agent
    participant SSH

    User->>ToolHandler: Provide workspace name & command
    ToolHandler->>ToolHandler: Normalize workspace input
    ToolHandler->>SDK: Find workspace & agent
    alt Workspace stopped
        ToolHandler->>SDK: Start workspace and wait for build
    end
    ToolHandler->>Agent: Wait for agent to be ready
    ToolHandler->>SSH: Establish SSH connection
    ToolHandler->>SSH: Execute command
    SSH-->>ToolHandler: Return output & exit code
    ToolHandler-->>User: Return trimmed output & exit code
Loading

Estimated code review effort

4 (~90 minutes)

✨ Finishing Touches
  • 📝 Generate Docstrings

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@ThomasK33
Copy link
Member Author

@CodeRabbit review

Copy link

coderabbitai bot commented Jul 21, 2025

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

1 similar comment
Copy link

coderabbitai bot commented Jul 21, 2025

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
codersdk/toolsdk/bash.go (1)

96-108: Consider adding timeout configuration for SSH operations.

The SSH dial and connection operations don't have explicit timeouts, which could cause the tool to hang indefinitely if the agent is unresponsive.

Consider adding a timeout to the dial options:

 	// Dial agent
 	conn, err := wsClient.DialAgent(ctx, workspaceAgent.ID, &workspacesdk.DialAgentOptions{
 		BlockEndpoints: false,
+		// Add a reasonable timeout if the context doesn't already have one
 	})

You might also want to ensure the context has a deadline if it doesn't already:

// At the beginning of the handler, after validation
if _, ok := ctx.Deadline(); !ok {
    var cancel context.CancelFunc
    ctx, cancel = context.WithTimeout(ctx, 5*time.Minute)
    defer cancel()
}
codersdk/toolsdk/toolsdk_test.go (1)

31-50: Helper function follows established patterns but consider test isolation.

The setupWorkspaceForAgent function replicates the SSH test setup pattern correctly. However, there are a few observations:

  1. The function creates a hardcoded username "myuser" which could potentially cause issues in concurrent tests
  2. The function properly uses t.Helper() to improve error reporting
  3. The nolint comments are appropriate for test code

Consider using a unique username to avoid potential conflicts:

-	userClient, user := coderdtest.CreateAnotherUserMutators(t, client, first.OrganizationID, nil, func(r *codersdk.CreateUserRequestWithOrgs) {
-		r.Username = "myuser"
-	})
+	userClient, user := coderdtest.CreateAnotherUserMutators(t, client, first.OrganizationID, nil, func(r *codersdk.CreateUserRequestWithOrgs) {
+		r.Username = fmt.Sprintf("myuser-%d", time.Now().UnixNano())
+	})

However, based on the retrieved learnings, unique identifiers should be used in concurrent tests to prevent race conditions.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 40a6367 and 3970946.

📒 Files selected for processing (4)
  • codersdk/toolsdk/bash.go (1 hunks)
  • codersdk/toolsdk/bash_test.go (1 hunks)
  • codersdk/toolsdk/toolsdk.go (2 hunks)
  • codersdk/toolsdk/toolsdk_test.go (4 hunks)
🧰 Additional context used
🧠 Learnings (3)
codersdk/toolsdk/toolsdk.go (1)

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.035Z
Learning: Applies to coderd/coderdtest/**/* : The coderdtest package in coderd/coderdtest/ provides utilities for creating test instances of the Coder server, setting up test users and workspaces, and mocking external components.

codersdk/toolsdk/toolsdk_test.go (10)

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.035Z
Learning: Applies to coderd/coderdtest/**/* : The coderdtest package in coderd/coderdtest/ provides utilities for creating test instances of the Coder server, setting up test users and workspaces, and mocking external components.

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.034Z
Learning: Applies to coderd/coderd.go : The REST API is defined in coderd/coderd.go and uses Chi for HTTP routing.

Learnt from: CR
PR: coder/coder#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-21T14:32:56.474Z
Learning: Applies to **/*_test.go : Never use hardcoded names in concurrent Go tests

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.035Z
Learning: Applies to **/*.go : Coder emphasizes clear error handling, with specific patterns required: Concise error messages that avoid phrases like "failed to"; Wrapping errors with %w to maintain error chains; Using sentinel errors with the "err" prefix (e.g., errNotFound).

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.035Z
Learning: Applies to coderd/dbauthz/*.go : The database authorization (dbauthz) system enforces fine-grained access control across all database operations. All database operations must pass through this layer to ensure security.

Learnt from: ThomasK33
PR: #18809
File: coderd/apidoc/swagger.json:2160-2186
Timestamp: 2025-07-21T14:30:40.568Z
Learning: For the Coder repository, API specification or standards compliance issues should be raised in the Go source files (e.g., handler annotations or swaggo comments), not in auto-generated files like coderd/apidoc/swagger.json.

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.035Z
Learning: Applies to coderdenttest/**/* : Enterprise features have dedicated test utilities in the coderdenttest package.

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.035Z
Learning: Applies to **/*_test.go : All tests should run in parallel using t.Parallel() to ensure efficient testing and expose potential race conditions.

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.035Z
Learning: Applies to **/*_test.go : All tests must use t.Parallel() to run concurrently, which improves test suite performance and helps identify race conditions.

Learnt from: CR
PR: coder/coder#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-21T14:32:56.474Z
Learning: Applies to **/*_test.go : Use unique identifiers in concurrent Go tests to prevent race conditions (e.g., fmt.Sprintf with t.Name() and time.Now().UnixNano())

codersdk/toolsdk/bash_test.go (5)

Learnt from: CR
PR: coder/coder#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-21T14:32:56.474Z
Learning: Applies to **/*_test.go : Never use hardcoded names in concurrent Go tests

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.035Z
Learning: Applies to coderd/coderdtest/**/* : The coderdtest package in coderd/coderdtest/ provides utilities for creating test instances of the Coder server, setting up test users and workspaces, and mocking external components.

Learnt from: CR
PR: coder/coder#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-21T14:32:56.474Z
Learning: Applies to **/*_test.go : Use unique identifiers in concurrent Go tests to prevent race conditions (e.g., fmt.Sprintf with t.Name() and time.Now().UnixNano())

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.035Z
Learning: Applies to **/*_test.go : All tests should run in parallel using t.Parallel() to ensure efficient testing and expose potential race conditions.

Learnt from: CR
PR: coder/coder#0
File: .cursorrules:0-0
Timestamp: 2025-07-21T14:32:43.035Z
Learning: Applies to **/*_test.go : All tests must use t.Parallel() to run concurrently, which improves test suite performance and helps identify race conditions.

🔇 Additional comments (6)
codersdk/toolsdk/toolsdk.go (1)

36-36: LGTM!

The new tool constant and registration follow the established patterns in the codebase.

Also applies to: 187-187

codersdk/toolsdk/bash_test.go (1)

1-162: Excellent test coverage!

The test file follows all best practices:

  • All tests use t.Parallel() as required
  • Comprehensive coverage of input validation, error scenarios, and normalization
  • Well-structured test cases with clear naming
  • Good use of table-driven tests for normalization
codersdk/toolsdk/bash.go (1)

1-296: Well-implemented SSH execution tool!

The implementation is thorough and handles various edge cases well:

  • Comprehensive workspace name format support
  • Auto-start functionality for stopped workspaces
  • Proper error handling and exit code extraction
  • Good separation of concerns with helper functions
  • Clear documentation and examples
codersdk/toolsdk/toolsdk_test.go (3)

19-19: Import addition looks correct.

The import for agenttest is properly added and will be used in the new SSH execution test.


462-462: Good improvement: using test context instead of background context.

The change from context.Background() to t.Context() is a proper improvement that:

  • Ensures test timeout compliance
  • Allows for proper cancellation when tests are stopped
  • Follows Go testing best practices

399-448: No parallel execution in toolsdk_test.go—hardcoded “myuser” is safe

TestTools (func TestTools at line 55) and its “WorkspaceSSHExec” subtest (around line 399) do not invoke t.Parallel(), so all steps—including the hardcoded “myuser” in setupWorkspaceForAgent—run sequentially. There’s no concurrent test execution here, so no race condition risk.

Likely an incorrect or invalid review comment.

@ThomasK33 ThomasK33 merged commit 326c024 into main Jul 21, 2025
36 checks passed
@ThomasK33 ThomasK33 deleted the thomask33/07-20-feat_toolsdk_add_ssh_exec_tool branch July 21, 2025 19:24
@github-actions github-actions bot locked and limited conversation to collaborators Jul 21, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

MCP: Add exec tool to run commands in workspaces
3 participants