fix(site): apply stream parts during pending and clear synchronously

shouldApplyMessagePart dropped parts when chatStatus was "pending", causing early LLM response content to disappear when pubsub status delivery was slower than message_part delivery. Remove the "pending" guard since stream state is already cleared on transition to pending. Replace RAF-deferred stream reset with synchronous clearStreamState on durable message arrival. The RAF approach allowed stale tool calls to persist when new parts canceled the scheduled reset.
test(site): assert correct stream state behavior during pending and step transitions
2026-03-13 23:30:54 +00:00 · 2026-03-13 22:36:25 +00:00 · 2026-03-13 16:26:12 -05:00 · 2026-03-13 21:41:24 +02:00 · 2026-03-13 19:01:50 +00:00 · 2026-03-13 18:59:14 +00:00
1310 changed files with 140773 additions and 19917 deletions
@@ -189,8 +189,8 @@ func (q *sqlQuerier) UpdateUser(ctx context.Context, arg UpdateUserParams) (User
 ### Common Debug Commands

 ```bash
-# Check database connection
-make test-postgres
+# Run tests (starts Postgres automatically if needed)
+make test

 # Run specific database tests
 go test ./coderd/database/... -run TestSpecificFunction
@@ -0,0 +1,249 @@
+# Modern Go (1.18–1.26)
+
+Reference for writing idiomatic Go. Covers what changed, what it
+replaced, and what to reach for. Respect the project's `go.mod` `go`
+line: don't emit features from a version newer than what the module
+declares. Check `go.mod` before writing code.
+
+## How modern Go thinks differently
+
+**Generics** (1.18): Design reusable code with type parameters instead
+of `interface{}` casts, code generation, or the `sort.Interface`
+pattern. Use `any` for unconstrained types, `comparable` for map keys
+and equality, `cmp.Ordered` for sortable types. Type inference usually
+makes explicit type arguments unnecessary (improved in 1.21).
+
+**Per-iteration loop variables** (1.22): Each loop iteration gets its
+own variable copy. Closures inside loops capture the correct value. The
+`v := v` shadow trick is dead. Remove it when you see it.
+
+**Iterators** (1.23): `iter.Seq[V]` and `iter.Seq2[K,V]` are the
+standard iterator types. Containers expose `.All()` methods returning
+these. Combined with `slices.Collect`, `slices.Sorted`, `maps.Keys`,
+etc., they replace ad-hoc "loop and append" code with composable,
+lazy pipelines. When a sequence is consumed only once, prefer an
+iterator over materializing a slice.
+
+**Error trees** (1.20–1.26): Errors compose as trees, not chains.
+`errors.Join` aggregates multiple errors. `fmt.Errorf` accepts multiple
+`%w` verbs. `errors.Is`/`As` traverse the full tree. Custom error
+types that wrap multiple causes must implement `Unwrap() []error` (the
+slice form), not `Unwrap() error`, or tree traversal won't find the
+children. `errors.AsType[T]` (1.26) is the type-safe way to match
+error types. Propagate cancellation reasons with
+`context.WithCancelCause`.
+
+**Structured logging** (1.21): `log/slog` is the standard structured
+logger. This project uses `cdr.dev/slog/v3` instead, which has a
+different API. Do not use `log/slog` directly.
+
+## Replace these patterns
+
+The left column reflects common patterns from pre-1.22 Go. Write the
+right column instead. The "Since" column tells you the minimum `go`
+directive version required in `go.mod`.
+
+| Old pattern | Modern replacement | Since |
+|---|---|---|
+| `interface{}` | `any` | 1.18 |
+| `v := v` inside loops | remove it | 1.22 |
+| `for i := 0; i < n; i++` | `for i := range n` | 1.22 |
+| `for i := 0; i < b.N; i++` (benchmarks) | `for b.Loop()` (correct timing, future-proof) | 1.24 |
+| `sort.Slice(s, func(i,j int) bool{…})` | `slices.SortFunc(s, cmpFn)` | 1.21 |
+| `wg.Add(1); go func(){ defer wg.Done(); … }()` | `wg.Go(func(){…})` | 1.25 |
+| `func ptr[T any](v T) *T { return &v }` | `new(expr)` e.g. `new(time.Now())` | 1.26 |
+| `var target *E; errors.As(err, &target)` | `t, ok := errors.AsType[*E](err)` | 1.26 |
+| Custom multi-error type | `errors.Join(err1, err2, …)` | 1.20 |
+| Single `%w` for multiple causes | `fmt.Errorf("…: %w, %w", e1, e2)` | 1.20 |
+| `rand.Seed(time.Now().UnixNano())` | delete it (auto-seeded); prefer `math/rand/v2` | 1.20/1.22 |
+| `sync.Once` + captured variable | `sync.OnceValue(func() T {…})` / `OnceValues` | 1.21 |
+| Custom `min`/`max` helpers | `min(a, b)` / `max(a, b)` builtins (any ordered type) | 1.21 |
+| `for k := range m { delete(m, k) }` | `clear(m)` (also zeroes slices) | 1.21 |
+| Index+slice or `SplitN(s, sep, 2)` | `strings.Cut(s, sep)` / `bytes.Cut` | 1.18 |
+| `TrimPrefix` + check if anything was trimmed | `strings.CutPrefix` / `CutSuffix` (returns ok bool) | 1.20 |
+| `strings.Split` + loop when no slice is needed | `strings.SplitSeq` / `Lines` / `FieldsSeq` (iterator, no alloc) | 1.24 |
+| `"2006-01-02"` / `"2006-01-02 15:04:05"` / `"15:04:05"` | `time.DateOnly` / `time.DateTime` / `time.TimeOnly` | 1.20 |
+| Manual `Before`/`After`/`Equal` chains for comparison | `time.Time.Compare` (returns -1/0/+1; works with `slices.SortFunc`) | 1.20 |
+| Loop collecting map keys into slice | `slices.Sorted(maps.Keys(m))` | 1.23 |
+| `fmt.Sprintf` + append to `[]byte` | `fmt.Appendf(buf, …)` (also `Append`, `Appendln`) | 1.18 |
+| `reflect.TypeOf((*T)(nil)).Elem()` | `reflect.TypeFor[T]()` | 1.22 |
+| `*(*[4]byte)(slice)` unsafe cast | `[4]byte(slice)` direct conversion | 1.20 |
+| `atomic.LoadInt64` / `StoreInt64` | `atomic.Int64` (also `Bool`, `Uint64`, `Pointer[T]`) | 1.19 |
+| `crypto/rand.Read(buf)` + hex/base64 encode | `crypto/rand.Text()` (one call) | 1.24 |
+| Checking `crypto/rand.Read` error | don't: return is always nil | 1.24 |
+| `time.Sleep` in tests | `testing/synctest` (deterministic fake clock) | 1.24/1.25 |
+| `json:",omitempty"` on zero-value structs like `time.Time{}` | `json:",omitzero"` (uses `IsZero()` method) | 1.24 |
+| `strings.Title` | `golang.org/x/text/cases` | 1.18 |
+| `net.IP` in new code | `net/netip.Addr` (immutable, comparable, lighter) | 1.18 |
+| `tools.go` with blank imports | `tool` directive in `go.mod` | 1.24 |
+| `runtime.SetFinalizer` | `runtime.AddCleanup` (multiple per object, no pointer cycles) | 1.24 |
+| `httputil.ReverseProxy.Director` | `.Rewrite` hook + `ProxyRequest` (Director deprecated in 1.26) | 1.20 |
+| `sql.NullString`, `sql.NullInt64`, etc. | `sql.Null[T]` | 1.22 |
+| Manual `ctx, cancel := context.WithCancel(…)` + `t.Cleanup(cancel)` | `t.Context()` (auto-canceled when test ends) | 1.24 |
+| `if d < 0 { d = -d }` on durations | `d.Abs()` (handles `math.MinInt64`) | 1.19 |
+| Implement only `TextMarshaler` | also implement `TextAppender` for alloc-free marshaling | 1.24 |
+| Custom `Unwrap() error` on multi-cause errors | `Unwrap() []error` (slice form; required for tree traversal) | 1.20 |
+
+## New capabilities
+
+These enable things that weren't practical before. Reach for them in the
+described situations.
+
+| What | Since | When to use it |
+|---|---|---|
+| `cmp.Or(a, b, c)` | 1.22 | Defaults/fallback chains: returns first non-zero value. Replaces verbose `if a != "" { return a }` cascades. |
+| `context.WithoutCancel(ctx)` | 1.21 | Background work that must outlive the request (e.g. async cleanup after HTTP response). Derived context keeps parent's values but ignores cancellation. |
+| `context.AfterFunc(ctx, fn)` | 1.21 | Register cleanup that fires on context cancellation without spawning a goroutine that blocks on `<-ctx.Done()`. |
+| `context.WithCancelCause` / `Cause` | 1.20 | When callers need to know WHY a context was canceled, not just that it was. Retrieve cause with `context.Cause(ctx)`. |
+| `context.WithDeadlineCause` / `WithTimeoutCause` | 1.21 | Attach a domain-specific error to deadline/timeout expiry (e.g. distinguish "DB query timed out" from "HTTP request timed out"). |
+| `errors.ErrUnsupported` | 1.21 | Standard sentinel for "not supported." Use instead of per-package custom sentinels. Check with `errors.Is`. |
+| `http.ResponseController` | 1.20 | Per-request flush, hijack, and deadline control without type-asserting `ResponseWriter` to `http.Flusher` or `http.Hijacker`. |
+| Enhanced `ServeMux` routing | 1.22 | `"GET /items/{id}"` patterns in `http.ServeMux`. Access with `r.PathValue("id")`. Wildcards: `{name}`, catch-all: `{path...}`, exact: `{$}`. Eliminates many third-party router dependencies. |
+| `os.Root` / `OpenRoot` | 1.24 | Confined directory access that prevents symlink escape. 1.25 adds `MkdirAll`, `ReadFile`, `WriteFile` for real use. |
+| `os.CopyFS` | 1.23 | Copy an entire `fs.FS` to local filesystem in one call. |
+| `os/signal.NotifyContext` with cause | 1.26 | Cancellation cause identifies which signal (SIGTERM vs SIGINT) triggered shutdown. |
+| `io/fs.SkipAll` / `filepath.SkipAll` | 1.20 | Return from `WalkDir` callback to stop walking entirely. Cleaner than a sentinel error. |
+| `GOMEMLIMIT` env / `debug.SetMemoryLimit` | 1.19 | Soft memory limit for GC. Use alongside or instead of `GOGC` in memory-constrained containers. |
+| `net/url.JoinPath` | 1.19 | Join URL path segments correctly. Replaces error-prone string concatenation. |
+| `go test -skip` | 1.20 | Skip tests matching a pattern. Useful when running a subset of a large test suite. |
+
+## Key packages
+
+### `slices` (1.21, iterators added 1.23)
+
+Replaces `sort.Slice`, manual search loops, and manual contains checks.
+
+Search: `Contains`, `ContainsFunc`, `Index`, `IndexFunc`,
+`BinarySearch`, `BinarySearchFunc`.
+
+Sort: `Sort`, `SortFunc`, `SortStableFunc`, `IsSorted`, `IsSortedFunc`,
+`Min`, `MinFunc`, `Max`, `MaxFunc`.
+
+Transform: `Clone`, `Compact`, `CompactFunc`, `Grow`, `Clip`,
+`Concat` (1.22), `Repeat` (1.23), `Reverse`, `Insert`, `Delete`,
+`Replace`.
+
+Compare: `Equal`, `EqualFunc`, `Compare`.
+
+Iterators (1.23): `All`, `Values`, `Backward`, `Collect`, `AppendSeq`,
+`Sorted`, `SortedFunc`, `SortedStableFunc`, `Chunk`.
+
+### `maps` (1.21, iterators added 1.23)
+
+Core: `Clone`, `Copy`, `Equal`, `EqualFunc`, `DeleteFunc`.
+
+Iterators (1.23): `All`, `Keys`, `Values`, `Insert`, `Collect`.
+
+### `cmp` (1.21, `Or` added 1.22)
+
+`Ordered` constraint for any ordered type. `Compare(a, b)` returns
+-1/0/+1. `Less(a, b)` returns bool. `Or(vals...)` returns first
+non-zero value.
+
+### `iter` (1.23)
+
+`Seq[V]` is `func(yield func(V) bool)`. `Seq2[K,V]` is
+`func(yield func(K, V) bool)`. Return these from your container's
+`.All()` methods. Consume with `for v := range seq` or pass to
+`slices.Collect`, `slices.Sorted`, `maps.Collect`, etc.
+
+### `math/rand/v2` (1.22)
+
+Replaces `math/rand`. `IntN` not `Intn`. Generic `N[T]()` for any
+integer type. Default source is `ChaCha8` (crypto-quality). No global
+`Seed`. Use `rand.New(source)` for reproducible sequences.
+
+### `log/slog` (1.21)
+
+`slog.Info`, `slog.Warn`, `slog.Error`, `slog.Debug` with key-value
+pairs. `slog.With(attrs...)` for logger with preset fields.
+`slog.GroupAttrs` (1.25) for clean group creation. Implement
+`slog.Handler` for custom backends.
+
+**Note:** This project uses `cdr.dev/slog/v3`, not `log/slog`. The
+API is different. Read existing code for usage patterns.
+
+## Pitfalls
+
+Things that are easy to get wrong, even when you know the modern API
+exists. Check your output against these.
+
+**Version misuse.** The replacement table has a "Since" column. If the
+project's `go.mod` says `go 1.22`, you cannot use `wg.Go` (1.25),
+`errors.AsType` (1.26), `new(expr)` (1.26), `b.Loop()` (1.24), or
+`testing/synctest` (1.24). Fall back to the older pattern. Always
+check before reaching for a replacement.
+
+**`slices.Sort` vs `slices.SortFunc`.** `slices.Sort` requires
+`cmp.Ordered` types (int, string, float64, etc.). For structs, custom
+types, or multi-field sorting, use `slices.SortFunc` with a comparator
+function. Using `slices.Sort` on a non-ordered type is a compile error.
+
+**`for range n` still binds the index.** `for range n` discards the
+index. If you need it, write `for i := range n`. Writing
+`for range n` and then trying to use `i` inside the loop is a compile
+error.
+
+**Don't hand-roll iterators when the stdlib returns one.** Functions
+like `maps.Keys`, `slices.Values`, `strings.SplitSeq`, and
+`strings.Lines` already return `iter.Seq` or `iter.Seq2`. Don't
+reimplement them. Compose with `slices.Collect`, `slices.Sorted`, etc.
+
+**Don't mix `math/rand` and `math/rand/v2`.** They have different
+function names (`Intn` vs `IntN`) and different default sources. Pick
+one per package. Prefer v2 for new code. The v1 global source is
+auto-seeded since 1.20, so delete `rand.Seed` calls either way.
+
+**Iterator protocol.** When implementing `iter.Seq`, you must respect
+the `yield` return value. If `yield` returns `false`, stop iteration
+immediately and return. Ignoring it violates the contract and causes
+panics when consumers break out of `for range` loops early.
+
+**`errors.Join` with nil.** `errors.Join` skips nil arguments. This is
+intentional and useful for aggregating optional errors, but don't
+assume the result is always non-nil. `errors.Join(nil, nil)` returns
+nil.
+
+**`cmp.Or` evaluates all arguments.** Unlike a chain of `if`
+statements, `cmp.Or(a(), b(), c())` calls all three functions. If any
+have side effects or are expensive, use `if`/`else` instead.
+
+**Timer channel semantics changed in 1.23.** Code that checks
+`len(timer.C)` to see if a value is pending no longer works (channel
+capacity is 0). Use a non-blocking `select` receive instead:
+`select { case <-timer.C: default: }`.
+
+**`context.WithoutCancel` still propagates values.** The derived
+context inherits all values from the parent. If any middleware stores
+request-scoped state (deadlines, trace IDs) via `context.WithValue`,
+the background work sees it. This is usually desired but can be
+surprising if the values hold references that should not outlive the
+request.
+
+## Behavioral changes that affect code
+
+- **Timers** (1.23): unstopped `Timer`/`Ticker` are GC'd immediately.
+  Channels are unbuffered: no stale values after `Reset`/`Stop`. You no
+  longer need `defer t.Stop()` to prevent leaks.
+- **Error tree traversal** (1.20): `errors.Is`/`As` follow
+  `Unwrap() []error`, not just `Unwrap() error`. Multi-error types must
+  expose the slice form for child errors to be found.
+- **`math/rand` auto-seeded** (1.20): the global RNG is auto-seeded.
+  `rand.Seed` is a no-op in 1.24+. Don't call it.
+- **GODEBUG compat** (1.21): behavioral changes are gated by `go.mod`'s
+  `go` line. Upgrading the version opts into new defaults.
+- **Build tags** (1.18): `//go:build` is the only syntax. `// +build`
+  is gone.
+- **Tool install** (1.18): `go get` no longer builds. Use
+  `go install pkg@version`.
+- **Doc comments** (1.19): support `[links]`, lists, and headings.
+- **`go test -skip`** (1.20): skip tests by name pattern from the
+  command line.
+- **`go fix ./...` modernizers** (1.26): auto-rewrites code to use
+  newer idioms. Run after Go version upgrades.
+
+## Transparent improvements (no code changes)
+
+Swiss Tables maps, Green Tea GC, PGO, faster `io.ReadAll`,
+stack-allocated slices, reduced cgo overhead, container-aware
+GOMAXPROCS. Free on upgrade.
@@ -67,7 +67,6 @@ coderd/
 | `make test` | Run all Go tests |
 | `make test RUN=TestFunctionName` | Run specific test |
 | `go test -v ./path/to/package -run TestFunctionName` | Run test with verbose output |
-| `make test-postgres` | Run tests with Postgres database |
 | `make test-race` | Run tests with Go race detector |
 | `make test-e2e` | Run end-to-end tests |

@@ -109,7 +109,6 @@

 - Run full test suite: `make test`
 - Run specific test: `make test RUN=TestFunctionName`
- Run with Postgres: `make test-postgres`
 - Run with race detector: `make test-race`
 - Run end-to-end tests: `make test-e2e`

@@ -0,0 +1,4 @@
+# All artifacts of the build processed are dumped here.
+# Ignore it for docker context, as all Dockerfiles should build their own
+# binaries.
+build
@@ -1,7 +1,6 @@
 name: "🐞 Bug"
 description: "File a bug report."
 title: "bug: "
-labels: ["needs-triage"]
 type: "Bug"
 body:
  - type: checkboxes
@@ -4,10 +4,7 @@ description: |
 inputs:
  version:
    description: "The Go version to use."
-    default: "1.25.6"
-  use-preinstalled-go:
-    description: "Whether to use preinstalled Go."
-    default: "false"
+    default: "1.25.7"
  use-cache:
    description: "Whether to use the cache."
    default: "true"
@@ -15,9 +12,9 @@ runs:
  using: "composite"
  steps:
    - name: Setup Go
-      uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+      uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0
      with:
-        go-version: ${{ inputs.use-preinstalled-go == 'false' && inputs.version || '' }}
+        go-version: ${{ inputs.version }}
        cache: ${{ inputs.use-cache }}

    - name: Install gotestsum
@@ -7,5 +7,5 @@ runs:
    - name: Install Terraform
      uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
      with:
-        terraform_version: 1.14.1
+        terraform_version: 1.14.5
        terraform_wrapper: false
@@ -64,17 +64,14 @@ runs:
        TEST_PACKAGES: ${{ inputs.test-packages }}
        RACE_DETECTION: ${{ inputs.race-detection }}
        TS_DEBUG_DISCO: "true"
+        TS_DEBUG_DERP: "true"
        LC_CTYPE: "en_US.UTF-8"
        LC_ALL: "en_US.UTF-8"
      run: |
        set -euo pipefail

        if [[ ${RACE_DETECTION} == true ]]; then
-          gotestsum --junitfile="gotests.xml" --packages="${TEST_PACKAGES}" -- \
-            -tags=testsmallbatch \
-            -race \
-            -parallel "${TEST_NUM_PARALLEL_TESTS}" \
-            -p "${TEST_NUM_PARALLEL_PACKAGES}"
+          make test-race
        else
          make test
        fi
@@ -35,7 +35,7 @@ jobs:
      tailnet-integration: ${{ steps.filter.outputs.tailnet-integration }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -157,7 +157,7 @@ jobs:
    runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -247,7 +247,7 @@ jobs:
    runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -272,7 +272,7 @@ jobs:
    if: ${{ !cancelled() }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -315,9 +315,7 @@ jobs:
          # Notifications require DB, we could start a DB instance here but
          # let's just restore for now.
          git checkout -- coderd/notifications/testdata/rendered-templates
-          # no `-j` flag as `make` fails with:
-          # coderd/rbac/object_gen.go:1:1: syntax error: package statement must be first
-          make --output-sync -B gen
+          make -j --output-sync -B gen

      - name: Check for unstaged files
        run: ./scripts/check_unstaged.sh
@@ -329,7 +327,7 @@ jobs:
    timeout-minutes: 20
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -368,9 +366,9 @@ jobs:
    needs: changes
    if: needs.changes.outputs.go == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
    # This timeout must be greater than the timeout set by `go test` in
-    # `make test-postgres` to ensure we receive a trace of running
-    # goroutines. Setting this to the timeout +5m should work quite well
-    # even if some of the preceding steps are slow.
+    # `make test` to ensure we receive a trace of running goroutines.
+    # Setting this to the timeout +5m should work quite well even if
+    # some of the preceding steps are slow.
    timeout-minutes: 25
    strategy:
      fail-fast: false
@@ -381,7 +379,7 @@ jobs:
          - windows-2022
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -422,10 +420,6 @@ jobs:
      - name: Setup Go
        uses: ./.github/actions/setup-go
        with:
-          # Runners have Go baked-in and Go will automatically
-          # download the toolchain configured in go.mod, so we don't
-          # need to reinstall it. It's faster on Windows runners.
-          use-preinstalled-go: ${{ runner.os == 'Windows' }}
          use-cache: true

      - name: Setup Terraform
@@ -481,14 +475,17 @@ jobs:
          mkdir -p /tmp/tmpfs
          sudo mount_tmpfs -o noowners -s 8g /tmp/tmpfs

-          # Install google-chrome for scaletests.
-          # As another concern, should we really have this kind of external dependency
-          # requirement on standard CI?
-          brew install google-chrome
-
          # macOS will output "The default interactive shell is now zsh" intermittently in CI.
          touch ~/.bash_profile && echo "export BASH_SILENCE_DEPRECATION_WARNING=1" >> ~/.bash_profile

+      - name: Increase PTY limit (macOS)
+        if: runner.os == 'macOS'
+        shell: bash
+        run: |
+          # Increase PTY limit to avoid exhaustion during tests.
+          # Default is 511; 999 is the maximum value on CI runner.
+          sudo sysctl -w kern.tty.ptmx_max=999
+
      - name: Test with PostgreSQL Database (Linux)
        if: runner.os == 'Linux'
        uses: ./.github/actions/test-go-pg
@@ -572,13 +569,13 @@ jobs:
      - changes
    if: needs.changes.outputs.go == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
    # This timeout must be greater than the timeout set by `go test` in
-    # `make test-postgres` to ensure we receive a trace of running
-    # goroutines. Setting this to the timeout +5m should work quite well
-    # even if some of the preceding steps are slow.
+    # `make test` to ensure we receive a trace of running goroutines.
+    # Setting this to the timeout +5m should work quite well even if
+    # some of the preceding steps are slow.
    timeout-minutes: 25
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -640,7 +637,7 @@ jobs:
    timeout-minutes: 25
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -712,7 +709,7 @@ jobs:
    timeout-minutes: 20
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -739,7 +736,7 @@ jobs:
    timeout-minutes: 20
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -772,7 +769,7 @@ jobs:
    name: ${{ matrix.variant.name }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -852,7 +849,7 @@ jobs:
    if: needs.changes.outputs.site == 'true' || needs.changes.outputs.ci == 'true'
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -933,7 +930,7 @@ jobs:

    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -984,6 +981,9 @@ jobs:
        run: |
          make build/coder_docs_"$(./scripts/version.sh)".tgz

+      - name: Check for unstaged files
+        run: ./scripts/check_unstaged.sh
+
  required:
    runs-on: ubuntu-latest
    needs:
@@ -1005,7 +1005,7 @@ jobs:
    if: always()
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -1034,83 +1034,6 @@ jobs:

          echo "Required checks have passed"

-  # Builds the dylibs and upload it as an artifact so it can be embedded in the main build
-  build-dylib:
-    needs: changes
-    # We always build the dylibs on Go changes to verify we're not merging unbuildable code,
-    # but they need only be signed and uploaded on coder/coder main.
-    if: needs.changes.outputs.go == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')
-    runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest' }}
-    steps:
-      # Harden Runner doesn't work on macOS
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          fetch-depth: 0
-          persist-credentials: false
-
-      - name: Setup GNU tools (macOS)
-        uses: ./.github/actions/setup-gnu-tools
-
-      - name: Switch XCode Version
-        uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
-        with:
-          xcode-version: "16.1.0"
-
-      - name: Setup Go
-        uses: ./.github/actions/setup-go
-
-      - name: Install rcodesign
-        if: ${{ github.repository_owner == 'coder' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')) }}
-        run: |
-          set -euo pipefail
-          wget -O /tmp/rcodesign.tar.gz https://github.com/indygreg/apple-platform-rs/releases/download/apple-codesign%2F0.22.0/apple-codesign-0.22.0-macos-universal.tar.gz
-          sudo tar -xzf /tmp/rcodesign.tar.gz \
-            -C /usr/local/bin \
-            --strip-components=1 \
-            apple-codesign-0.22.0-macos-universal/rcodesign
-          rm /tmp/rcodesign.tar.gz
-
-      - name: Setup Apple Developer certificate and API key
-        if: ${{ github.repository_owner == 'coder' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')) }}
-        run: |
-          set -euo pipefail
-          touch /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
-          chmod 600 /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
-          echo "$AC_CERTIFICATE_P12_BASE64" | base64 -d > /tmp/apple_cert.p12
-          echo "$AC_CERTIFICATE_PASSWORD" > /tmp/apple_cert_password.txt
-          echo "$AC_APIKEY_P8_BASE64" | base64 -d > /tmp/apple_apikey.p8
-        env:
-          AC_CERTIFICATE_P12_BASE64: ${{ secrets.AC_CERTIFICATE_P12_BASE64 }}
-          AC_CERTIFICATE_PASSWORD: ${{ secrets.AC_CERTIFICATE_PASSWORD }}
-          AC_APIKEY_P8_BASE64: ${{ secrets.AC_APIKEY_P8_BASE64 }}
-
-      - name: Build dylibs
-        run: |
-          set -euxo pipefail
-          ./.github/scripts/retry.sh -- go mod download
-
-          make gen/mark-fresh
-          make build/coder-dylib
-        env:
-          CODER_SIGN_DARWIN: ${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')) && '1' || '0' }}
-          AC_CERTIFICATE_FILE: /tmp/apple_cert.p12
-          AC_CERTIFICATE_PASSWORD_FILE: /tmp/apple_cert_password.txt
-
-      - name: Upload build artifacts
-        if: ${{ github.repository_owner == 'coder' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')) }}
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
-        with:
-          name: dylibs
-          path: |
-            ./build/*.h
-            ./build/*.dylib
-          retention-days: 7
-
-      - name: Delete Apple Developer certificate and API key
-        if: ${{ github.repository_owner == 'coder' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')) }}
-        run: rm -f /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
-
  check-build:
    # This job runs make build to verify compilation on PRs.
    # The build doesn't get signed, and is not suitable for usage, unlike the
@@ -1120,7 +1043,7 @@ jobs:
    runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -1157,7 +1080,6 @@ jobs:
    # to main branch.
    needs:
      - changes
-      - build-dylib
    if: (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')) && needs.changes.outputs.docs-only == 'false' && !github.event.pull_request.head.repo.fork
    runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-22.04' }}
    permissions:
@@ -1175,7 +1097,7 @@ jobs:
      IMAGE: ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -1263,18 +1185,6 @@ jobs:
      - name: Setup GCloud SDK
        uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1

-      - name: Download dylibs
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
-        with:
-          name: dylibs
-          path: ./build
-
-      - name: Insert dylibs
-        run: |
-          mv ./build/*amd64.dylib ./site/out/bin/coder-vpn-darwin-amd64.dylib
-          mv ./build/*arm64.dylib ./site/out/bin/coder-vpn-darwin-arm64.dylib
-          mv ./build/*arm64.h     ./site/out/bin/coder-vpn-darwin-dylib.h
-
      - name: Build
        run: |
          set -euxo pipefail
@@ -1290,9 +1200,8 @@ jobs:
            build/coder_"$version"_windows_amd64.zip \
            build/coder_"$version"_linux_amd64.{tar.gz,deb}
        env:
-          # The Windows slim binary must be signed for Coder Desktop to accept
-          # it. The darwin executables don't need to be signed, but the dylibs
-          # do (see above).
+          # The Windows and Darwin slim binaries must be signed for Coder
+          # Desktop to accept them.
          CODER_SIGN_WINDOWS: "1"
          CODER_WINDOWS_RESOURCES: "1"
          CODER_SIGN_GPG: "1"
@@ -1572,7 +1481,7 @@ jobs:
    if: needs.changes.outputs.db == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -19,6 +19,9 @@ on:
        default: ""
        type: string

+permissions:
+  contents: read
+
 jobs:
  classify-severity:
    name: AI Severity Classification
@@ -32,7 +35,6 @@ jobs:
    permissions:
      contents: read
      issues: write
-      actions: write

    steps:
      - name: Determine Issue Context
@@ -31,6 +31,9 @@ on:
        default: ""
        type: string

+permissions:
+  contents: read
+
 jobs:
  code-review:
    name: AI Code Review
@@ -51,7 +54,6 @@ jobs:
    permissions:
      contents: read
      pull-requests: write
-      actions: write

    steps:
      - name: Check if secrets are available
@@ -0,0 +1,23 @@
+# This workflow triggers a Vercel deploy hook which builds+deploys coder.com
+# (a Next.js app), to keep coder.com/docs URLs in sync with docs/manifest.json
+#
+# https://vercel.com/docs/deploy-hooks#triggering-a-deploy-hook
+
+name: Update coder.com/docs
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "docs/manifest.json"
+
+permissions: {}
+
+jobs:
+  deploy-docs:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Deploy docs site
+        run: |
+          curl -X POST "${{ secrets.DEPLOY_DOCS_VERCEL_WEBHOOK }}"
@@ -36,7 +36,7 @@ jobs:
      verdict: ${{ steps.check.outputs.verdict }} # DEPLOY or NOOP
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -65,7 +65,7 @@ jobs:
      packages: write # to retag image as dogfood
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -146,7 +146,7 @@ jobs:
    needs: deploy
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -34,6 +34,9 @@ on:
        default: ""
        type: string

+permissions:
+  contents: read
+
 jobs:
  doc-check:
    name: Analyze PR for Documentation Updates Needed
@@ -56,7 +59,6 @@ jobs:
    permissions:
      contents: read
      pull-requests: write
-      actions: write

    steps:
      - name: Check if secrets are available
@@ -38,7 +38,7 @@ jobs:
    if: github.repository_owner == 'coder'
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -58,11 +58,11 @@ jobs:
        run: mkdir base-build-context

      - name: Install depot.dev CLI
-        uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
+        uses: depot/setup-action@15c09a5f77a0840ad4bce955686522a257853461 # v1.7.1

      # This uses OIDC authentication, so no auth variables are required.
      - name: Build base Docker image via depot.dev
-        uses: depot/build-push-action@9785b135c3c76c33db102e45be96a25ab55cd507 # v1.16.2
+        uses: depot/build-push-action@5f3b3c2e5a00f0093de47f657aeaefcedff27d18 # v1.17.0
        with:
          project: wl5hnrrkns
          context: base-build-context
@@ -26,7 +26,7 @@ jobs:
    runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-4' || 'ubuntu-latest' }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -75,7 +75,7 @@ jobs:
          BRANCH_NAME: ${{ steps.branch-name.outputs.current_branch }}

      - name: Set up Depot CLI
-        uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
+        uses: depot/setup-action@15c09a5f77a0840ad4bce955686522a257853461 # v1.7.1

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
@@ -88,7 +88,7 @@ jobs:
          password: ${{ secrets.DOCKERHUB_PASSWORD }}

      - name: Build and push Non-Nix image
-        uses: depot/build-push-action@9785b135c3c76c33db102e45be96a25ab55cd507 # v1.16.2
+        uses: depot/build-push-action@5f3b3c2e5a00f0093de47f657aeaefcedff27d18 # v1.17.0
        with:
          project: b4q6ltmpzh
          token: ${{ secrets.DEPOT_TOKEN }}
@@ -125,7 +125,7 @@ jobs:
      id-token: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -0,0 +1,65 @@
+name: Linear Release
+
+on:
+  push:
+    branches:
+      - main
+  # This event reads the workflow from the default branch (main), not the
+  # release branch. No cherry-pick needed.
+  # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  sync:
+    name: Sync issues to Linear release
+    if: github.event_name == 'push'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Sync issues
+        id: sync
+        uses: linear/linear-release-action@f64cdc603e6eb7a7ef934bc5492ae929f88c8d1a # v0
+        with:
+          access_key: ${{ secrets.LINEAR_ACCESS_KEY }}
+          command: sync
+
+      - name: Print release URL
+        if: steps.sync.outputs.release-url
+        run: echo "Synced to $RELEASE_URL"
+        env:
+          RELEASE_URL: ${{ steps.sync.outputs.release-url }}
+
+  complete:
+    name: Complete Linear release
+    if: github.event_name == 'release'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Complete release
+        id: complete
+        uses: linear/linear-release-action@f64cdc603e6eb7a7ef934bc5492ae929f88c8d1a # v0
+        with:
+          access_key: ${{ secrets.LINEAR_ACCESS_KEY }}
+          command: complete
+          version: ${{ github.event.release.tag_name }}
+
+      - name: Print release URL
+        if: steps.complete.outputs.release-url
+        run: echo "Completed $RELEASE_URL"
+        env:
+          RELEASE_URL: ${{ steps.complete.outputs.release-url }}
@@ -16,9 +16,9 @@ jobs:
    # when changing runner sizes
    runs-on: ${{ matrix.os == 'macos-latest' && github.repository_owner == 'coder' && 'depot-macos-latest' || matrix.os == 'windows-2022' && github.repository_owner == 'coder' && 'depot-windows-2022-16' || matrix.os }}
    # This timeout must be greater than the timeout set by `go test` in
-    # `make test-postgres` to ensure we receive a trace of running
-    # goroutines. Setting this to the timeout +5m should work quite well
-    # even if some of the preceding steps are slow.
+    # `make test` to ensure we receive a trace of running goroutines.
+    # Setting this to the timeout +5m should work quite well even if
+    # some of the preceding steps are slow.
    timeout-minutes: 25
    strategy:
      fail-fast: false
@@ -28,7 +28,7 @@ jobs:
          - windows-2022
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -64,11 +64,6 @@ jobs:

      - name: Setup Go
        uses: ./.github/actions/setup-go
-        with:
-          # Runners have Go baked-in and Go will automatically
-          # download the toolchain configured in go.mod, so we don't
-          # need to reinstall it. It's faster on Windows runners.
-          use-preinstalled-go: ${{ runner.os == 'Windows' }}

      - name: Setup Terraform
        uses: ./.github/actions/setup-tf
@@ -15,7 +15,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -19,7 +19,7 @@ jobs:
      packages: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -39,7 +39,7 @@ jobs:
      PR_OPEN: ${{ steps.check_pr.outputs.pr_open }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -76,7 +76,7 @@ jobs:
    runs-on: "ubuntu-latest"
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -184,7 +184,7 @@ jobs:
      pull-requests: write # needed for commenting on PRs
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -228,7 +228,7 @@ jobs:
      CODER_IMAGE_TAG: ${{ needs.get_info.outputs.CODER_IMAGE_TAG }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -288,7 +288,7 @@ jobs:
      PR_HOSTNAME: "pr${{ needs.get_info.outputs.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}"
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -14,7 +14,7 @@ jobs:

    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -58,87 +58,9 @@ jobs:

            if (!allowed) core.setFailed('Denied: requires maintain or admin');

-  # build-dylib is a separate job to build the dylib on macOS.
-  build-dylib:
-    runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest' }}
-    needs: check-perms
-    steps:
-      # Harden Runner doesn't work on macOS.
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          fetch-depth: 0
-          persist-credentials: false
-
-      # If the event that triggered the build was an annotated tag (which our
-      # tags are supposed to be), actions/checkout has a bug where the tag in
-      # question is only a lightweight tag and not a full annotated tag. This
-      # command seems to fix it.
-      # https://github.com/actions/checkout/issues/290
-      - name: Fetch git tags
-        run: git fetch --tags --force
-
-      - name: Setup GNU tools (macOS)
-        uses: ./.github/actions/setup-gnu-tools
-
-      - name: Switch XCode Version
-        uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
-        with:
-          xcode-version: "16.1.0"
-
-      - name: Setup Go
-        uses: ./.github/actions/setup-go
-
-      - name: Install rcodesign
-        run: |
-          set -euo pipefail
-          wget -O /tmp/rcodesign.tar.gz https://github.com/indygreg/apple-platform-rs/releases/download/apple-codesign%2F0.22.0/apple-codesign-0.22.0-macos-universal.tar.gz
-          sudo tar -xzf /tmp/rcodesign.tar.gz \
-            -C /usr/local/bin \
-            --strip-components=1 \
-            apple-codesign-0.22.0-macos-universal/rcodesign
-          rm /tmp/rcodesign.tar.gz
-
-      - name: Setup Apple Developer certificate and API key
-        run: |
-          set -euo pipefail
-          touch /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
-          chmod 600 /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
-          echo "$AC_CERTIFICATE_P12_BASE64" | base64 -d > /tmp/apple_cert.p12
-          echo "$AC_CERTIFICATE_PASSWORD" > /tmp/apple_cert_password.txt
-          echo "$AC_APIKEY_P8_BASE64" | base64 -d > /tmp/apple_apikey.p8
-        env:
-          AC_CERTIFICATE_P12_BASE64: ${{ secrets.AC_CERTIFICATE_P12_BASE64 }}
-          AC_CERTIFICATE_PASSWORD: ${{ secrets.AC_CERTIFICATE_PASSWORD }}
-          AC_APIKEY_P8_BASE64: ${{ secrets.AC_APIKEY_P8_BASE64 }}
-
-      - name: Build dylibs
-        run: |
-          set -euxo pipefail
-          ./.github/scripts/retry.sh -- go mod download
-
-          make gen/mark-fresh
-          make build/coder-dylib
-        env:
-          CODER_SIGN_DARWIN: 1
-          AC_CERTIFICATE_FILE: /tmp/apple_cert.p12
-          AC_CERTIFICATE_PASSWORD_FILE: /tmp/apple_cert_password.txt
-
-      - name: Upload build artifacts
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
-        with:
-          name: dylibs
-          path: |
-            ./build/*.h
-            ./build/*.dylib
-          retention-days: 7
-
-      - name: Delete Apple Developer certificate and API key
-        run: rm -f /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
-
  release:
    name: Build and publish
-    needs: [build-dylib, check-perms]
+    needs: [check-perms]
    runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
    permissions:
      # Required to publish a release
@@ -158,7 +80,7 @@ jobs:
      version: ${{ steps.version.outputs.version }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -320,18 +242,6 @@ jobs:
      - name: Setup GCloud SDK
        uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1

-      - name: Download dylibs
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
-        with:
-          name: dylibs
-          path: ./build
-
-      - name: Insert dylibs
-        run: |
-          mv ./build/*amd64.dylib ./site/out/bin/coder-vpn-darwin-amd64.dylib
-          mv ./build/*arm64.dylib ./site/out/bin/coder-vpn-darwin-arm64.dylib
-          mv ./build/*arm64.h     ./site/out/bin/coder-vpn-darwin-dylib.h
-
      - name: Build binaries
        run: |
          set -euo pipefail
@@ -386,12 +296,12 @@ jobs:

      - name: Install depot.dev CLI
        if: steps.image-base-tag.outputs.tag != ''
-        uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
+        uses: depot/setup-action@15c09a5f77a0840ad4bce955686522a257853461 # v1.7.1

      # This uses OIDC authentication, so no auth variables are required.
      - name: Build base Docker image via depot.dev
        if: steps.image-base-tag.outputs.tag != ''
-        uses: depot/build-push-action@9785b135c3c76c33db102e45be96a25ab55cd507 # v1.16.2
+        uses: depot/build-push-action@5f3b3c2e5a00f0093de47f657aeaefcedff27d18 # v1.17.0
        with:
          project: wl5hnrrkns
          context: base-build-context
@@ -796,7 +706,7 @@ jobs:
      # TODO: skip this if it's not a new release (i.e. a backport). This is
      #       fine right now because it just makes a PR that we can close.
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -872,7 +782,7 @@ jobs:

    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -955,35 +865,3 @@ jobs:
          # different repo.
          GH_TOKEN: ${{ secrets.CDRCI_GITHUB_TOKEN }}
          VERSION: ${{ needs.release.outputs.version }}
-
-  # publish-sqlc pushes the latest schema to sqlc cloud.
-  # At present these pushes cannot be tagged, so the last push is always the latest.
-  publish-sqlc:
-    name: "Publish to schema sqlc cloud"
-    runs-on: "ubuntu-latest"
-    needs: release
-    if: ${{ !inputs.dry_run }}
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
-        with:
-          egress-policy: audit
-
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          fetch-depth: 1
-          persist-credentials: false
-
-      # We need golang to run the migration main.go
-      - name: Setup Go
-        uses: ./.github/actions/setup-go
-
-      - name: Setup sqlc
-        uses: ./.github/actions/setup-sqlc
-
-      - name: Push schema to sqlc cloud
-        # Don't block a release on this
-        continue-on-error: true
-        run: |
-          make sqlc-push
@@ -20,7 +20,7 @@ jobs:

    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -27,7 +27,7 @@ jobs:
    runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -69,7 +69,7 @@ jobs:
    runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -146,7 +146,7 @@ jobs:
          echo "image=$(cat "$image_job")" >> "$GITHUB_OUTPUT"

      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
+        uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # v0.34.0
        with:
          image-ref: ${{ steps.build.outputs.image }}
          format: sarif
@@ -18,12 +18,12 @@ jobs:
      pull-requests: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

      - name: stale
-        uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1
+        uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
        with:
          stale-issue-label: "stale"
          stale-pr-label: "stale"
@@ -96,7 +96,7 @@ jobs:
      contents: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -120,7 +120,7 @@ jobs:
      actions: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -26,6 +26,9 @@ on:
        default: "traiage"
        type: string

+permissions:
+  contents: read
+
 jobs:
  traiage:
    name: Triage GitHub Issue with Claude Code
@@ -38,7 +41,6 @@ jobs:
    permissions:
      contents: read
      issues: write
-      actions: write

    steps:
      # This is only required for testing locally using nektos/act, so leaving commented out.
@@ -30,6 +30,9 @@ HELO = "HELO"
 LKE = "LKE"
 byt = "byt"
 typ = "typ"
+# file extensions used in seti icon theme
+styl = "styl"
+edn = "edn"
 Inferrable = "Inferrable"

 [files]
@@ -21,7 +21,7 @@ jobs:
      pull-requests: write # required to post PR review comments by the action
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit

@@ -30,6 +30,22 @@ jobs:
        with:
          persist-credentials: false

+      - name: Rewrite same-repo links for PR branch
+        if: github.event_name == 'pull_request'
+        env:
+          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+        run: |
+          # Rewrite same-repo blob/tree main links to the PR head SHA
+          # so that files or directories introduced in the PR are
+          # reachable during link checking.
+          {
+            echo 'replacementPatterns:'
+            echo "  - pattern: \"https://github.com/coder/coder/blob/main/\""
+            echo "    replacement: \"https://github.com/coder/coder/blob/${HEAD_SHA}/\""
+            echo "  - pattern: \"https://github.com/coder/coder/tree/main/\""
+            echo "    replacement: \"https://github.com/coder/coder/tree/${HEAD_SHA}/\""
+          } >> .github/.linkspector.yml
+
      - name: Check Markdown links
        uses: umbrelladocs/action-linkspector@652f85bc57bb1e7d4327260decc10aa68f7694c3 # v1.4.0
        id: markdown-link-check
@@ -38,6 +38,7 @@ site/.swc

 # Make target for updating generated/golden files (any dir).
 .gen
+/_gen/
 .gen-golden

 # Build
@@ -98,3 +99,6 @@ AGENTS.local.md

 # Ignore plans written by AI agents.
 PLAN.md
+
+# Ignore any dev licenses
+license.txt
@@ -37,19 +37,20 @@ Only pause to ask for confirmation when:

 ## Essential Commands

-| Task              | Command                  | Notes                            |
-|-------------------|--------------------------|----------------------------------|
-| **Development**   | `./scripts/develop.sh`   | ⚠️ Don't use manual build        |
-| **Build**         | `make build`             | Fat binaries (includes server)   |
-| **Build Slim**    | `make build-slim`        | Slim binaries                    |
-| **Test**          | `make test`              | Full test suite                  |
-| **Test Single**   | `make test RUN=TestName` | Faster than full suite           |
-| **Test Postgres** | `make test-postgres`     | Run tests with Postgres database |
-| **Test Race**     | `make test-race`         | Run tests with Go race detector  |
-| **Lint**          | `make lint`              | Always run after changes         |
-| **Generate**      | `make gen`               | After database changes           |
-| **Format**        | `make fmt`               | Auto-format code                 |
-| **Clean**         | `make clean`             | Clean build artifacts            |
+| Task            | Command                  | Notes                               |
+|-----------------|--------------------------|-------------------------------------|
+| **Development** | `./scripts/develop.sh`   | ⚠️ Don't use manual build           |
+| **Build**       | `make build`             | Fat binaries (includes server)      |
+| **Build Slim**  | `make build-slim`        | Slim binaries                       |
+| **Test**        | `make test`              | Full test suite                     |
+| **Test Single** | `make test RUN=TestName` | Faster than full suite              |
+| **Test Race**   | `make test-race`         | Run tests with Go race detector     |
+| **Lint**        | `make lint`              | Always run after changes            |
+| **Generate**    | `make gen`               | After database changes              |
+| **Format**      | `make fmt`               | Auto-format code                    |
+| **Clean**       | `make clean`             | Clean build artifacts               |
+| **Pre-commit**  | `make pre-commit`        | Fast CI checks (gen/fmt/lint/build) |
+| **Pre-push**    | `make pre-push`          | Heavier CI checks (allowlisted)     |

 ### Documentation Commands

@@ -99,10 +100,66 @@ app, err := api.Database.GetOAuth2ProviderAppByClientID(dbauthz.AsSystemRestrict
 app, err := api.Database.GetOAuth2ProviderAppByClientID(ctx, clientID)
 ```

+### API Design
+
+- Add swagger annotations when introducing new HTTP endpoints. Do this in
+  the same change as the handler so the docs do not get missed before
+  release.
+- For user-scoped or resource-scoped routes, prefer path parameters over
+  query parameters when that matches existing route patterns.
+- For experimental or unstable API paths, skip public doc generation with
+  `// @x-apidocgen {"skip": true}` after the `@Router` annotation. This
+  keeps them out of the published API reference until they stabilize.
+
+### Database Query Naming
+
+- Use `ByX` when `X` is the lookup or filter column.
+- Use `PerX` or `GroupedByX` when `X` is the aggregation or grouping
+  dimension.
+- Avoid `ByX` names for grouped queries.
+
+### Database-to-SDK Conversions
+
+- Extract explicit db-to-SDK conversion helpers instead of inlining large
+  conversion blocks inside handlers.
+- Keep nullable-field handling, type coercion, and response shaping in the
+  converter so handlers stay focused on request flow and authorization.
+
 ## Quick Reference

 ### Full workflows available in imported WORKFLOWS.md

+### Git Hooks (MANDATORY - DO NOT SKIP)
+
+**You MUST install and use the git hooks. NEVER bypass them with
+`--no-verify`. Skipping hooks wastes CI cycles and is unacceptable.**
+
+The first run will be slow as caches warm up. Consecutive runs are
+**significantly faster** (often 10x) thanks to Go build cache,
+generated file timestamps, and warm node_modules. This is NOT a
+reason to skip them. Wait for hooks to complete before proceeding,
+no matter how long they take.
+
+```sh
+git config core.hooksPath scripts/githooks
+```
+
+Two hooks run automatically:
+
+- **pre-commit**: `make pre-commit` (gen, fmt, lint, typos, build).
+  Fast checks that catch most CI failures. Allow at least 5 minutes.
+- **pre-push**: `make pre-push` (heavier checks including tests).
+  Allowlisted in `scripts/githooks/pre-push`. Runs only for developers
+  who opt in. Allow at least 15 minutes.
+
+`git commit` and `git push` will appear to hang while hooks run.
+This is normal. Do not interrupt, retry, or reduce the timeout.
+
+NEVER run `git config core.hooksPath` to change or disable hooks.
+
+If a hook fails, fix the issue and retry. Do not work around the
+failure by skipping the hook.
+
 ### Git Workflow

 When working on existing PRs, check out the branch first:
@@ -152,6 +209,21 @@ seems like it should use `time.Sleep`, read through https://github.com/coder/qua
 - Follow [Uber Go Style Guide](https://github.com/uber-go/guide/blob/master/style.md)
 - Commit format: `type(scope): message`

+### Frontend Patterns
+
+- Prefer existing shared UI components and utilities over custom
+  implementations. Reuse common primitives such as loading, table, and error
+  handling components when they fit the use case.
+- Use Storybook stories for all component and page testing, including
+  visual presentation, user interactions, keyboard navigation, focus
+  management, and accessibility behavior. Do not create standalone
+  vitest/RTL test files for components or pages. Stories double as living
+  documentation, visual regression coverage, and interaction test suites
+  via `play` functions. Reserve plain vitest files for pure logic only:
+  utility functions, data transformations, hooks tested via
+  `renderHook()` that do not require DOM assertions, and query/cache
+  operations with no rendered output.
+
 ### Writing Comments

 Code comments should be clear, well-formatted, and add meaningful context.
@@ -198,13 +270,12 @@ reviewer time and clutters the diff.
 **Don't delete existing comments** that explain non-obvious behavior. These
 comments preserve important context about why code works a certain way.

-**When adding tests for new behavior**, add new test cases instead of modifying
-existing ones. This preserves coverage for the original behavior and makes it
-clear what the new test covers.
+**When adding tests for new behavior**, read existing tests first to understand what's covered. Add new cases for uncovered behavior. Edit existing tests as needed, but don't change what they verify.

 ## Detailed Development Guides

@.claude/docs/ARCHITECTURE.md
+@.claude/docs/GO.md
@.claude/docs/OAUTH2.md
@.claude/docs/TESTING.md
@.claude/docs/TROUBLESHOOTING.md
@@ -19,10 +19,84 @@ SHELL := bash
 .SHELLFLAGS := -ceu
 .ONESHELL:

+# When MAKE_TIMED=1, replace SHELL with a wrapper that prints
+# elapsed wall-clock time for each recipe. pre-commit and pre-push
+# set this on their sub-makes so every parallel job reports its
+# duration. Ad-hoc usage: make MAKE_TIMED=1 test
+ifdef MAKE_TIMED
+SHELL := $(CURDIR)/scripts/lib/timed-shell.sh
+.SHELLFLAGS = $@ -ceu
+export MAKE_TIMED
+export MAKE_LOGDIR
+endif
+
 # This doesn't work on directories.
 # See https://stackoverflow.com/questions/25752543/make-delete-on-error-for-directory-targets
 .DELETE_ON_ERROR:

+# Protect git-tracked generated files from deletion on interrupt.
+# .DELETE_ON_ERROR is desirable for most targets but for files that
+# are committed to git and serve as inputs to other rules, deletion
+# is worse than a stale file — `git restore` is the recovery path.
+.PRECIOUS: \
+	coderd/database/dump.sql \
+	coderd/database/querier.go \
+	coderd/database/unique_constraint.go \
+	coderd/database/dbmetrics/querymetrics.go \
+	coderd/database/dbauthz/dbauthz.go \
+	coderd/database/dbmock/dbmock.go \
+	coderd/database/pubsub/psmock/psmock.go \
+	agent/agentcontainers/acmock/acmock.go \
+	coderd/httpmw/loggermw/loggermock/loggermock.go \
+	codersdk/workspacesdk/agentconnmock/agentconnmock.go \
+	tailnet/tailnettest/coordinatormock.go \
+	tailnet/tailnettest/coordinateemock.go \
+	tailnet/tailnettest/workspaceupdatesprovidermock.go \
+	tailnet/tailnettest/subscriptionmock.go \
+	enterprise/aibridged/aibridgedmock/clientmock.go \
+	enterprise/aibridged/aibridgedmock/poolmock.go \
+	tailnet/proto/tailnet.pb.go \
+	agent/proto/agent.pb.go \
+	agent/agentsocket/proto/agentsocket.pb.go \
+	agent/boundarylogproxy/codec/boundary.pb.go \
+	provisionersdk/proto/provisioner.pb.go \
+	provisionerd/proto/provisionerd.pb.go \
+	vpn/vpn.pb.go \
+	enterprise/aibridged/proto/aibridged.pb.go \
+	site/src/api/typesGenerated.ts \
+	site/e2e/provisionerGenerated.ts \
+	site/src/api/chatModelOptionsGenerated.json \
+	site/src/api/rbacresourcesGenerated.ts \
+	site/src/api/countriesGenerated.ts \
+	site/src/theme/icons.json \
+	examples/examples.gen.json \
+	docs/manifest.json \
+	docs/admin/integrations/prometheus.md \
+	docs/admin/security/audit-logs.md \
+	docs/reference/cli/index.md \
+	coderd/apidoc/swagger.json \
+	coderd/rbac/object_gen.go \
+	coderd/rbac/scopes_constants_gen.go \
+	codersdk/rbacresources_gen.go \
+	codersdk/apikey_scopes_gen.go
+
+# atomic_write runs a command, captures stdout into a temp file, and
+# atomically replaces $@. An optional second argument is a formatting
+# command that receives the temp file path as its argument.
+# Usage: $(call atomic_write,GENERATE_CMD[,FORMAT_CMD])
+define atomic_write
+	tmpdir=$$(mktemp -d -p _gen) && tmpfile=$$(realpath "$$tmpdir")/$(notdir $@) && \
+		$(1) > "$$tmpfile" && \
+		$(if $(2),$(2) "$$tmpfile" &&) \
+		mv "$$tmpfile" "$@" && rm -rf "$$tmpdir"
+endef
+
+# Shared temp directory for atomic writes. Lives at the project root
+# so all targets share the same filesystem, and is gitignored.
+# Order-only prerequisite: recipes that need it depend on | _gen
+_gen:
+	mkdir -p _gen
+
 # Don't print the commands in the file unless you specify VERBOSE. This is
 # essentially the same as putting "@" at the start of each line.
 ifndef VERBOSE
@@ -40,11 +114,19 @@ VERSION      := $(shell ./scripts/version.sh)
 POSTGRES_VERSION ?= 17
 POSTGRES_IMAGE   ?= us-docker.pkg.dev/coder-v2-images-public/public/postgres:$(POSTGRES_VERSION)

-# Use the highest ZSTD compression level in CI.
-ifdef CI
+# Limit parallel Make jobs in pre-commit/pre-push. Defaults to
+# nproc/4 (min 2) since test, lint, and build targets have internal
+# parallelism. Override: make pre-push PARALLEL_JOBS=8
+PARALLEL_JOBS ?= $(shell n=$$(nproc 2>/dev/null || sysctl -n hw.ncpu 2>/dev/null || echo 8); echo $$(( n / 4 > 2 ? n / 4 : 2 )))
+
+# Use the highest ZSTD compression level in release builds to
+# minimize artifact size. For non-release CI builds (e.g. main
+# branch preview), use multithreaded level 6 which is ~99% faster
+# at the cost of ~30% larger archives.
+ifeq ($(CODER_RELEASE),true)
 ZSTDFLAGS := -22 --ultra
 else
-ZSTDFLAGS := -6
+ZSTDFLAGS := -6 -T0
 endif

 # Common paths to exclude from find commands, this rule is written so
@@ -53,7 +135,7 @@ endif
 # Note, all find statements should be written with `.` or `./path` as
 # the search path so that these exclusions match.
 FIND_EXCLUSIONS= \
-	-not \( \( -path '*/.git/*' -o -path './build/*' -o -path './vendor/*' -o -path './.coderv2/*' -o -path '*/node_modules/*' -o -path '*/out/*' -o -path './coderd/apidoc/*' -o -path '*/.next/*' -o -path '*/.terraform/*' \) -prune \)
+	-not \( \( -path '*/.git/*' -o -path './build/*' -o -path './vendor/*' -o -path './.coderv2/*' -o -path '*/node_modules/*' -o -path '*/out/*' -o -path './coderd/apidoc/*' -o -path '*/.next/*' -o -path '*/.terraform/*' -o -path './_gen/*' \) -prune \)
 # Source files used for make targets, evaluated on use.
 GO_SRC_FILES := $(shell find . $(FIND_EXCLUSIONS) -type f -name '*.go' -not -name '*_test.go')
 # Same as GO_SRC_FILES but excluding certain files that have problematic
@@ -94,12 +176,8 @@ PACKAGE_OS_ARCHES := linux_amd64 linux_armv7 linux_arm64
 # All architectures we build Docker images for (Linux only).
 DOCKER_ARCHES := amd64 arm64 armv7

-# All ${OS}_${ARCH} combos we build the desktop dylib for.
-DYLIB_ARCHES := darwin_amd64 darwin_arm64
-
 # Computed variables based on the above.
 CODER_SLIM_BINARIES      := $(addprefix build/coder-slim_$(VERSION)_,$(OS_ARCHES))
-CODER_DYLIBS             := $(foreach os_arch, $(DYLIB_ARCHES), build/coder-vpn_$(VERSION)_$(os_arch).dylib)
 CODER_FAT_BINARIES       := $(addprefix build/coder_$(VERSION)_,$(OS_ARCHES))
 CODER_ALL_BINARIES       := $(CODER_SLIM_BINARIES) $(CODER_FAT_BINARIES)
 CODER_TAR_GZ_ARCHIVES    := $(foreach os_arch, $(ARCHIVE_TAR_GZ), build/coder_$(VERSION)_$(os_arch).tar.gz)
@@ -261,26 +339,6 @@ $(CODER_ALL_BINARIES): go.mod go.sum \
 		fi
 	fi

-# This task builds Coder Desktop dylibs
-$(CODER_DYLIBS): go.mod go.sum $(MOST_GO_SRC_FILES)
-	@if [ "$(shell uname)" = "Darwin" ]; then
-		$(get-mode-os-arch-ext)
-		./scripts/build_go.sh \
-			--os "$$os" \
-			--arch "$$arch" \
-			--version "$(VERSION)" \
-			--output "$@" \
-			--dylib
-
-	else
-		echo "ERROR: Can't build dylib on non-Darwin OS" 1>&2
-		exit 1
-	fi
-
-# This task builds both dylibs
-build/coder-dylib: $(CODER_DYLIBS)
-.PHONY: build/coder-dylib
-
 # This task builds all archives. It parses the target name to get the metadata
 # for the build, so it must be specified in this format:
 #     build/coder_${version}_${os}_${arch}.${format}
@@ -427,6 +485,7 @@ SITE_GEN_FILES := \
 	site/src/api/typesGenerated.ts \
 	site/src/api/rbacresourcesGenerated.ts \
 	site/src/api/countriesGenerated.ts \
+	site/src/api/chatModelOptionsGenerated.json \
 	site/src/theme/icons.json

 site/out/index.html: \
@@ -457,6 +516,9 @@ install: build/coder_$(VERSION)_$(GOOS)_$(GOARCH)$(GOOS_BIN_EXT)

 BOLD := $(shell tput bold 2>/dev/null)
 GREEN := $(shell tput setaf 2 2>/dev/null)
+RED := $(shell tput setaf 1 2>/dev/null)
+YELLOW := $(shell tput setaf 3 2>/dev/null)
+DIM := $(shell tput dim 2>/dev/null || tput setaf 8 2>/dev/null)
 RESET := $(shell tput sgr0 2>/dev/null)

 fmt: fmt/ts fmt/go fmt/terraform fmt/shfmt fmt/biome fmt/markdown
@@ -566,7 +628,7 @@ endif
 # GitHub Actions linters are run in a separate CI job (lint-actions) that only
 # triggers when workflow files change, so we skip them here when CI=true.
 LINT_ACTIONS_TARGETS := $(if $(CI),,lint/actions/actionlint)
-lint: lint/shellcheck lint/go lint/ts lint/examples lint/helm lint/site-icons lint/markdown lint/check-scopes lint/migrations $(LINT_ACTIONS_TARGETS)
+lint: lint/shellcheck lint/go lint/ts lint/examples lint/helm lint/site-icons lint/markdown lint/check-scopes lint/migrations lint/bootstrap $(LINT_ACTIONS_TARGETS)
 .PHONY: lint

 lint/site-icons:
@@ -581,7 +643,7 @@ lint/ts: site/node_modules/.installed
 lint/go:
 	./scripts/check_enterprise_imports.sh
 	./scripts/check_codersdk_imports.sh
-	linter_ver=$(shell egrep -o 'GOLANGCI_LINT_VERSION=\S+' dogfood/coder/Dockerfile | cut -d '=' -f 2)
+	linter_ver=$$(grep -oE 'GOLANGCI_LINT_VERSION=\S+' dogfood/coder/Dockerfile | cut -d '=' -f 2)
 	go run github.com/golangci/golangci-lint/cmd/golangci-lint@v$$linter_ver run
 	go tool github.com/coder/paralleltestctx/cmd/paralleltestctx -custom-funcs="testutil.Context" ./...
 .PHONY: lint/go
@@ -596,6 +658,11 @@ lint/shellcheck: $(SHELL_SRC_FILES)
 	shellcheck --external-sources $(SHELL_SRC_FILES)
 .PHONY: lint/shellcheck

+lint/bootstrap:
+	bash scripts/check_bootstrap_quotes.sh
+.PHONY: lint/bootstrap
+
+
 lint/helm:
 	cd helm/
 	make lint
@@ -630,13 +697,109 @@ lint/migrations:
 	./scripts/check_pg_schema.sh "Fixtures" $(FIXTURE_FILES)
 .PHONY: lint/migrations

+TYPOS_VERSION := $(shell grep -oP 'crate-ci/typos@\S+\s+\#\s+v\K[0-9.]+' .github/workflows/ci.yaml)
+
+# Map uname values to typos release asset names.
+TYPOS_ARCH := $(shell uname -m)
+ifeq ($(shell uname -s),Darwin)
+TYPOS_OS := apple-darwin
+else
+TYPOS_OS := unknown-linux-musl
+endif
+
+build/typos-$(TYPOS_VERSION):
+	mkdir -p build/
+	curl -sSfL "https://github.com/crate-ci/typos/releases/download/v$(TYPOS_VERSION)/typos-v$(TYPOS_VERSION)-$(TYPOS_ARCH)-$(TYPOS_OS).tar.gz" \
+		| tar -xzf - -C build/ ./typos
+	mv build/typos "$@"
+
+lint/typos: build/typos-$(TYPOS_VERSION)
+	build/typos-$(TYPOS_VERSION) --config .github/workflows/typos.toml
+.PHONY: lint/typos
+
+# pre-commit and pre-push mirror CI checks locally.
+#
+# pre-commit runs checks that don't need external services (Docker,
+# Playwright). This is the git pre-commit hook default since Docker
+# and browser issues in the local environment would otherwise block
+# all commits.
+#
+# pre-push adds heavier checks: Go tests, JS tests, and site build.
+# The pre-push hook is allowlisted, see scripts/githooks/pre-push.
+#
+# pre-commit uses two phases: gen+fmt first, then lint+build. This
+# avoids races where gen's `go run` creates temporary .go files that
+# lint's find-based checks pick up. Within each phase, targets run in
+# parallel via -j. It fails if any tracked files have unstaged
+# changes afterward.
+
+define check-unstaged
+	unstaged="$$(git diff --name-only)"
+	if [[ -n $$unstaged ]]; then
+		echo "$(RED)✗ check unstaged changes$(RESET)"
+		echo "$$unstaged" | sed 's/^/  - /'
+		echo ""
+		echo "$(DIM)  Verify generated changes are correct before staging:$(RESET)"
+		echo "$(DIM)    git diff$(RESET)"
+		echo "$(DIM)    git add -u && git commit$(RESET)"
+		exit 1
+	fi
+endef
+define check-untracked
+	untracked=$$(git ls-files --other --exclude-standard)
+	if [[ -n $$untracked ]]; then
+		echo "$(YELLOW)? check untracked files$(RESET)"
+		echo "$$untracked" | sed 's/^/  - /'
+		echo ""
+		echo "$(DIM)  Review if these should be committed or added to .gitignore.$(RESET)"
+	fi
+endef
+
+pre-commit:
+	start=$$(date +%s)
+	logdir=$$(mktemp -d "$${TMPDIR:-/tmp}/coder-pre-commit.XXXXXX")
+	echo "$(BOLD)pre-commit$(RESET) ($$logdir)"
+	echo "gen + fmt:"
+	$(MAKE) --no-print-directory -j$(PARALLEL_JOBS) MAKE_TIMED=1 MAKE_LOGDIR=$$logdir gen fmt
+	$(check-unstaged)
+	echo "lint + build:"
+	$(MAKE) --no-print-directory -j$(PARALLEL_JOBS) MAKE_TIMED=1 MAKE_LOGDIR=$$logdir \
+		lint \
+		lint/typos \
+		build/coder-slim_$(GOOS)_$(GOARCH)$(GOOS_BIN_EXT)
+	$(check-unstaged)
+	$(check-untracked)
+	rm -rf $$logdir
+	echo "$(GREEN)✓ pre-commit passed$(RESET) ($$(( $$(date +%s) - $$start ))s)"
+.PHONY: pre-commit
+
+pre-push:
+	start=$$(date +%s)
+	logdir=$$(mktemp -d "$${TMPDIR:-/tmp}/coder-pre-push.XXXXXX")
+	echo "$(BOLD)pre-push$(RESET) ($$logdir)"
+	echo "test + build site:"
+	$(MAKE) --no-print-directory -j$(PARALLEL_JOBS) MAKE_TIMED=1 MAKE_LOGDIR=$$logdir \
+		test \
+		test-js \
+		site/out/index.html
+	rm -rf $$logdir
+	echo "$(GREEN)✓ pre-push passed$(RESET) ($$(( $$(date +%s) - $$start ))s)"
+.PHONY: pre-push
+
+offlinedocs/check: offlinedocs/node_modules/.installed
+	cd offlinedocs/
+	pnpm format:check
+	pnpm lint
+	pnpm export
+.PHONY: offlinedocs/check
+
 # All files generated by the database should be added here, and this can be used
 # as a target for jobs that need to run after the database is generated.
 DB_GEN_FILES := \
 	coderd/database/dump.sql \
 	coderd/database/querier.go \
 	coderd/database/unique_constraint.go \
-	coderd/database/dbmetrics/dbmetrics.go \
+	coderd/database/dbmetrics/querymetrics.go \
 	coderd/database/dbauthz/dbauthz.go \
 	coderd/database/dbmock/dbmock.go

@@ -654,6 +817,7 @@ GEN_FILES := \
 	tailnet/proto/tailnet.pb.go \
 	agent/proto/agent.pb.go \
 	agent/agentsocket/proto/agentsocket.pb.go \
+	agent/boundarylogproxy/codec/boundary.pb.go \
 	provisionersdk/proto/provisioner.pb.go \
 	provisionerd/proto/provisionerd.pb.go \
 	vpn/vpn.pb.go \
@@ -670,6 +834,7 @@ GEN_FILES := \
 	coderd/apidoc/swagger.json \
 	docs/manifest.json \
 	provisioner/terraform/testdata/version \
+	scripts/metricsdocgen/generated_metrics \
 	site/e2e/provisionerGenerated.ts \
 	examples/examples.gen.json \
 	$(TAILNETTEST_MOCKS) \
@@ -709,16 +874,24 @@ gen/mark-fresh:
 		provisionersdk/proto/provisioner.pb.go \
 		provisionerd/proto/provisionerd.pb.go \
 		agent/agentsocket/proto/agentsocket.pb.go \
+		agent/boundarylogproxy/codec/boundary.pb.go \
 		vpn/vpn.pb.go \
 		enterprise/aibridged/proto/aibridged.pb.go \
 		coderd/database/dump.sql \
-		$(DB_GEN_FILES) \
+		coderd/database/querier.go \
+		coderd/database/unique_constraint.go \
+		coderd/database/dbmetrics/querymetrics.go \
+		coderd/database/dbauthz/dbauthz.go \
+		coderd/database/dbmock/dbmock.go \
+		coderd/database/pubsub/psmock/psmock.go \
 		site/src/api/typesGenerated.ts \
 		coderd/rbac/object_gen.go \
 		codersdk/rbacresources_gen.go \
 		coderd/rbac/scopes_constants_gen.go \
+		codersdk/apikey_scopes_gen.go \
 		site/src/api/rbacresourcesGenerated.ts \
 		site/src/api/countriesGenerated.ts \
+		site/src/api/chatModelOptionsGenerated.json \
 		docs/admin/integrations/prometheus.md \
 		docs/reference/cli/index.md \
 		docs/admin/security/audit-logs.md \
@@ -727,8 +900,8 @@ gen/mark-fresh:
 		site/e2e/provisionerGenerated.ts \
 		site/src/theme/icons.json \
 		examples/examples.gen.json \
+		scripts/metricsdocgen/generated_metrics \
 		$(TAILNETTEST_MOCKS) \
-		coderd/database/pubsub/psmock/psmock.go \
 		agent/agentcontainers/acmock/acmock.go \
 		agent/agentcontainers/dcspec/dcspec_gen.go \
 		coderd/httpmw/loggermw/loggermock/loggermock.go \
@@ -757,9 +930,19 @@ coderd/database/dump.sql: coderd/database/gen/dump/main.go $(wildcard coderd/dat
 # Generates Go code for querying the database.
 # coderd/database/queries.sql.go
 # coderd/database/models.go
-coderd/database/querier.go: coderd/database/sqlc.yaml coderd/database/dump.sql $(wildcard coderd/database/queries/*.sql)
-	./coderd/database/generate.sh
-	touch "$@"
+#
+# NOTE: grouped target (&:) ensures generate.sh runs only once even
+# with -j and all outputs are considered produced together. These
+# files are all written by generate.sh (via sqlc and scripts/dbgen).
+coderd/database/querier.go \
+coderd/database/unique_constraint.go \
+coderd/database/dbmetrics/querymetrics.go \
+coderd/database/dbauthz/dbauthz.go &: \
+	coderd/database/sqlc.yaml \
+	coderd/database/dump.sql \
+	$(wildcard coderd/database/queries/*.sql)
+	SKIP_DUMP_SQL=1 ./coderd/database/generate.sh
+	touch coderd/database/querier.go coderd/database/unique_constraint.go coderd/database/dbmetrics/querymetrics.go coderd/database/dbauthz/dbauthz.go

 coderd/database/dbmock/dbmock.go: coderd/database/db.go coderd/database/querier.go
 	go generate ./coderd/database/dbmock/
@@ -798,7 +981,7 @@ $(TAILNETTEST_MOCKS): tailnet/coordinator.go tailnet/service.go
 	touch "$@"

 tailnet/proto/tailnet.pb.go: tailnet/proto/tailnet.proto
-	protoc \
+	./scripts/atomic_protoc.sh \
 		--go_out=. \
 		--go_opt=paths=source_relative \
 		--go-drpc_out=. \
@@ -806,15 +989,15 @@ tailnet/proto/tailnet.pb.go: tailnet/proto/tailnet.proto
 		./tailnet/proto/tailnet.proto

 agent/proto/agent.pb.go: agent/proto/agent.proto
-	protoc \
+	./scripts/atomic_protoc.sh \
 		--go_out=. \
 		--go_opt=paths=source_relative \
 		--go-drpc_out=. \
 		--go-drpc_opt=paths=source_relative \
 		./agent/proto/agent.proto

-agent/agentsocket/proto/agentsocket.pb.go: agent/agentsocket/proto/agentsocket.proto
-	protoc \
+agent/agentsocket/proto/agentsocket.pb.go: agent/agentsocket/proto/agentsocket.proto agent/proto/agent.proto
+	./scripts/atomic_protoc.sh \
 		--go_out=. \
 		--go_opt=paths=source_relative \
 		--go-drpc_out=. \
@@ -822,7 +1005,7 @@ agent/agentsocket/proto/agentsocket.pb.go: agent/agentsocket/proto/agentsocket.p
 		./agent/agentsocket/proto/agentsocket.proto

 provisionersdk/proto/provisioner.pb.go: provisionersdk/proto/provisioner.proto
-	protoc \
+	./scripts/atomic_protoc.sh \
 		--go_out=. \
 		--go_opt=paths=source_relative \
 		--go-drpc_out=. \
@@ -830,7 +1013,7 @@ provisionersdk/proto/provisioner.pb.go: provisionersdk/proto/provisioner.proto
 		./provisionersdk/proto/provisioner.proto

 provisionerd/proto/provisionerd.pb.go: provisionerd/proto/provisionerd.proto
-	protoc \
+	./scripts/atomic_protoc.sh \
 		--go_out=. \
 		--go_opt=paths=source_relative \
 		--go-drpc_out=. \
@@ -838,94 +1021,110 @@ provisionerd/proto/provisionerd.pb.go: provisionerd/proto/provisionerd.proto
 		./provisionerd/proto/provisionerd.proto

 vpn/vpn.pb.go: vpn/vpn.proto
-	protoc \
+	./scripts/atomic_protoc.sh \
 		--go_out=. \
 		--go_opt=paths=source_relative \
 		./vpn/vpn.proto

+agent/boundarylogproxy/codec/boundary.pb.go: agent/boundarylogproxy/codec/boundary.proto agent/proto/agent.proto
+	./scripts/atomic_protoc.sh \
+		--go_out=. \
+		--go_opt=paths=source_relative \
+		./agent/boundarylogproxy/codec/boundary.proto
+
 enterprise/aibridged/proto/aibridged.pb.go: enterprise/aibridged/proto/aibridged.proto
-	protoc \
+	./scripts/atomic_protoc.sh \
 		--go_out=. \
 		--go_opt=paths=source_relative \
 		--go-drpc_out=. \
 		--go-drpc_opt=paths=source_relative \
 		./enterprise/aibridged/proto/aibridged.proto

-site/src/api/typesGenerated.ts: site/node_modules/.installed $(wildcard scripts/apitypings/*) $(shell find ./codersdk $(FIND_EXCLUSIONS) -type f -name '*.go')
-	# -C sets the directory for the go run command
-	go run -C ./scripts/apitypings main.go > $@
-	(cd site/ && pnpm exec biome format --write src/api/typesGenerated.ts)
-	touch "$@"
+site/src/api/typesGenerated.ts: site/node_modules/.installed $(wildcard scripts/apitypings/*) $(shell find ./codersdk $(FIND_EXCLUSIONS) -type f -name '*.go') | _gen
+	$(call atomic_write,go run -C ./scripts/apitypings main.go,./scripts/biome_format.sh)

 site/e2e/provisionerGenerated.ts: site/node_modules/.installed provisionerd/proto/provisionerd.pb.go provisionersdk/proto/provisioner.pb.go
 	(cd site/ && pnpm run gen:provisioner)
 	touch "$@"

-site/src/theme/icons.json: site/node_modules/.installed $(wildcard scripts/gensite/*) $(wildcard site/static/icon/*)
-	go run ./scripts/gensite/ -icons "$@"
-	(cd site/ && pnpm exec biome format --write src/theme/icons.json)
+site/src/theme/icons.json: site/node_modules/.installed $(wildcard scripts/gensite/*) $(wildcard site/static/icon/*) | _gen
+	tmpdir=$$(mktemp -d -p _gen) && tmpfile=$$(realpath "$$tmpdir")/$(notdir $@) && \
+		go run ./scripts/gensite/ -icons "$$tmpfile" && \
+		./scripts/biome_format.sh "$$tmpfile" && \
+		mv "$$tmpfile" "$@" && rm -rf "$$tmpdir"
+
+examples/examples.gen.json: scripts/examplegen/main.go examples/examples.go $(shell find ./examples/templates) | _gen
+	$(call atomic_write,go run ./scripts/examplegen/main.go)
+
+coderd/rbac/object_gen.go: scripts/typegen/rbacobject.gotmpl scripts/typegen/main.go coderd/rbac/object.go coderd/rbac/policy/policy.go | _gen
+	$(call atomic_write,go run ./scripts/typegen/main.go rbac object)
 	touch "$@"

-examples/examples.gen.json: scripts/examplegen/main.go examples/examples.go $(shell find ./examples/templates)
-	go run ./scripts/examplegen/main.go > examples/examples.gen.json
+# NOTE: depends on object_gen.go because `go run` compiles
+# coderd/rbac which includes it.
+coderd/rbac/scopes_constants_gen.go: scripts/typegen/scopenames.gotmpl scripts/typegen/main.go coderd/rbac/policy/policy.go \
+	coderd/rbac/object_gen.go | _gen
+	# Write to a temp file first to avoid truncating the package
+	# during build since the generator imports the rbac package.
+	$(call atomic_write,go run ./scripts/typegen/main.go rbac scopenames)
 	touch "$@"

-coderd/rbac/object_gen.go: scripts/typegen/rbacobject.gotmpl scripts/typegen/main.go coderd/rbac/object.go coderd/rbac/policy/policy.go
-	tempdir=$(shell mktemp -d /tmp/typegen_rbac_object.XXXXXX)
-	go run ./scripts/typegen/main.go rbac object > "$$tempdir/object_gen.go"
-	mv -v "$$tempdir/object_gen.go" coderd/rbac/object_gen.go
-	rmdir -v "$$tempdir"
+# NOTE: depends on object_gen.go and scopes_constants_gen.go because
+# `go run` compiles coderd/rbac which includes both.
+codersdk/rbacresources_gen.go: scripts/typegen/codersdk.gotmpl scripts/typegen/main.go coderd/rbac/object.go coderd/rbac/policy/policy.go \
+	coderd/rbac/object_gen.go coderd/rbac/scopes_constants_gen.go | _gen
+	# Write to a temp file to avoid truncating the target, which
+	# would break the codersdk package and any parallel build targets.
+	$(call atomic_write,go run scripts/typegen/main.go rbac codersdk)
 	touch "$@"

-coderd/rbac/scopes_constants_gen.go: scripts/typegen/scopenames.gotmpl scripts/typegen/main.go coderd/rbac/policy/policy.go
-	# Generate typed low-level ScopeName constants from RBACPermissions
-	# Write to a temp file first to avoid truncating the package during build
-	# since the generator imports the rbac package.
-	tempfile=$(shell mktemp /tmp/scopes_constants_gen.XXXXXX)
-	go run ./scripts/typegen/main.go rbac scopenames > "$$tempfile"
-	mv -v "$$tempfile" coderd/rbac/scopes_constants_gen.go
-	touch "$@"
-
-codersdk/rbacresources_gen.go: scripts/typegen/codersdk.gotmpl scripts/typegen/main.go coderd/rbac/object.go coderd/rbac/policy/policy.go
-	# Do no overwrite codersdk/rbacresources_gen.go directly, as it would make the file empty, breaking
- 	# the `codersdk` package and any parallel build targets.
-	go run scripts/typegen/main.go rbac codersdk > /tmp/rbacresources_gen.go
-	mv /tmp/rbacresources_gen.go codersdk/rbacresources_gen.go
-	touch "$@"
-
-codersdk/apikey_scopes_gen.go: scripts/apikeyscopesgen/main.go coderd/rbac/scopes_catalog.go coderd/rbac/scopes.go
+# NOTE: depends on object_gen.go and scopes_constants_gen.go because
+# `go run` compiles coderd/rbac which includes both.
+codersdk/apikey_scopes_gen.go: scripts/apikeyscopesgen/main.go coderd/rbac/scopes_catalog.go coderd/rbac/scopes.go \
+	coderd/rbac/object_gen.go coderd/rbac/scopes_constants_gen.go | _gen
 	# Generate SDK constants for external API key scopes.
-	go run ./scripts/apikeyscopesgen > /tmp/apikey_scopes_gen.go
-	mv /tmp/apikey_scopes_gen.go codersdk/apikey_scopes_gen.go
+	$(call atomic_write,go run ./scripts/apikeyscopesgen)
 	touch "$@"

-site/src/api/rbacresourcesGenerated.ts: site/node_modules/.installed scripts/typegen/codersdk.gotmpl scripts/typegen/main.go coderd/rbac/object.go coderd/rbac/policy/policy.go
-	go run scripts/typegen/main.go rbac typescript > "$@"
-	(cd site/ && pnpm exec biome format --write src/api/rbacresourcesGenerated.ts)
-	touch "$@"
+# NOTE: depends on object_gen.go and scopes_constants_gen.go because
+# `go run` compiles coderd/rbac which includes both.
+site/src/api/rbacresourcesGenerated.ts: site/node_modules/.installed scripts/typegen/codersdk.gotmpl scripts/typegen/main.go coderd/rbac/object.go coderd/rbac/policy/policy.go \
+	coderd/rbac/object_gen.go coderd/rbac/scopes_constants_gen.go | _gen
+	$(call atomic_write,go run scripts/typegen/main.go rbac typescript,./scripts/biome_format.sh)

-site/src/api/countriesGenerated.ts: site/node_modules/.installed scripts/typegen/countries.tstmpl scripts/typegen/main.go codersdk/countries.go
-	go run scripts/typegen/main.go countries > "$@"
-	(cd site/ && pnpm exec biome format --write src/api/countriesGenerated.ts)
-	touch "$@"
+site/src/api/countriesGenerated.ts: site/node_modules/.installed scripts/typegen/countries.tstmpl scripts/typegen/main.go codersdk/countries.go | _gen
+	$(call atomic_write,go run scripts/typegen/main.go countries,./scripts/biome_format.sh)

-docs/admin/integrations/prometheus.md: node_modules/.installed scripts/metricsdocgen/main.go scripts/metricsdocgen/metrics
-	go run scripts/metricsdocgen/main.go
-	pnpm exec markdownlint-cli2 --fix ./docs/admin/integrations/prometheus.md
-	pnpm exec markdown-table-formatter ./docs/admin/integrations/prometheus.md
-	touch "$@"
+site/src/api/chatModelOptionsGenerated.json: scripts/modeloptionsgen/main.go codersdk/chats.go | _gen
+	$(call atomic_write,go run ./scripts/modeloptionsgen/main.go | tail -n +2,./scripts/biome_format.sh)

-docs/reference/cli/index.md: node_modules/.installed scripts/clidocgen/main.go examples/examples.gen.json $(GO_SRC_FILES)
-	CI=true BASE_PATH="." go run ./scripts/clidocgen
-	pnpm exec markdownlint-cli2 --fix ./docs/reference/cli/*.md
-	pnpm exec markdown-table-formatter ./docs/reference/cli/*.md
-	touch "$@"
+scripts/metricsdocgen/generated_metrics: $(GO_SRC_FILES) | _gen
+	$(call atomic_write,go run ./scripts/metricsdocgen/scanner)

-docs/admin/security/audit-logs.md: node_modules/.installed coderd/database/querier.go scripts/auditdocgen/main.go enterprise/audit/table.go coderd/rbac/object_gen.go
-	go run scripts/auditdocgen/main.go
-	pnpm exec markdownlint-cli2 --fix ./docs/admin/security/audit-logs.md
-	pnpm exec markdown-table-formatter ./docs/admin/security/audit-logs.md
-	touch "$@"
+docs/admin/integrations/prometheus.md: node_modules/.installed scripts/metricsdocgen/main.go scripts/metricsdocgen/metrics scripts/metricsdocgen/generated_metrics | _gen
+	tmpdir=$$(mktemp -d -p _gen) && tmpfile=$$(realpath "$$tmpdir")/$(notdir $@) && cp "$@" "$$tmpfile" && \
+		go run scripts/metricsdocgen/main.go --prometheus-doc-file="$$tmpfile" && \
+		pnpm exec markdownlint-cli2 --fix "$$tmpfile" && \
+		pnpm exec markdown-table-formatter "$$tmpfile" && \
+		mv "$$tmpfile" "$@" && rm -rf "$$tmpdir"
+
+docs/reference/cli/index.md: node_modules/.installed scripts/clidocgen/main.go examples/examples.gen.json $(GO_SRC_FILES) | _gen
+	tmpdir=$$(mktemp -d -p _gen) && \
+		tmpdir=$$(realpath "$$tmpdir") && \
+		mkdir -p "$$tmpdir/docs/reference/cli" && \
+		cp docs/manifest.json "$$tmpdir/docs/manifest.json" && \
+		CI=true DOCS_DIR="$$tmpdir/docs" go run ./scripts/clidocgen && \
+		pnpm exec markdownlint-cli2 --fix "$$tmpdir/docs/reference/cli/*.md" && \
+		pnpm exec markdown-table-formatter "$$tmpdir/docs/reference/cli/*.md" && \
+		for f in "$$tmpdir/docs/reference/cli/"*.md; do mv "$$f" "docs/reference/cli/$$(basename "$$f")"; done && \
+		rm -rf "$$tmpdir"
+
+docs/admin/security/audit-logs.md: node_modules/.installed coderd/database/querier.go scripts/auditdocgen/main.go enterprise/audit/table.go coderd/rbac/object_gen.go | _gen
+	tmpdir=$$(mktemp -d -p _gen) && tmpfile=$$(realpath "$$tmpdir")/$(notdir $@) && cp "$@" "$$tmpfile" && \
+		go run scripts/auditdocgen/main.go --audit-doc-file="$$tmpfile" && \
+		pnpm exec markdownlint-cli2 --fix "$$tmpfile" && \
+		pnpm exec markdown-table-formatter "$$tmpfile" && \
+		mv "$$tmpfile" "$@" && rm -rf "$$tmpdir"

 coderd/apidoc/.gen: \
 	node_modules/.installed \
@@ -940,18 +1139,29 @@ coderd/apidoc/.gen: \
 	scripts/apidocgen/generate.sh \
 	scripts/apidocgen/swaginit/main.go \
 	$(wildcard scripts/apidocgen/postprocess/*) \
-	$(wildcard scripts/apidocgen/markdown-template/*)
-	./scripts/apidocgen/generate.sh
-	pnpm exec markdownlint-cli2 --fix ./docs/reference/api/*.md
-	pnpm exec markdown-table-formatter ./docs/reference/api/*.md
+	$(wildcard scripts/apidocgen/markdown-template/*) | _gen
+	tmpdir=$$(mktemp -d -p _gen) && swagtmp=$$(mktemp -d -p _gen) && \
+		tmpdir=$$(realpath "$$tmpdir") && swagtmp=$$(realpath "$$swagtmp") && \
+		mkdir -p "$$tmpdir/reference/api" && \
+		cp docs/manifest.json "$$tmpdir/manifest.json" && \
+		SWAG_OUTPUT_DIR="$$swagtmp" APIDOCGEN_DOCS_DIR="$$tmpdir" ./scripts/apidocgen/generate.sh && \
+		pnpm exec markdownlint-cli2 --fix "$$tmpdir/reference/api/*.md" && \
+		pnpm exec markdown-table-formatter "$$tmpdir/reference/api/*.md" && \
+		./scripts/biome_format.sh "$$swagtmp/swagger.json" && \
+		for f in "$$tmpdir/reference/api/"*.md; do mv "$$f" "docs/reference/api/$$(basename "$$f")"; done && \
+		mv "$$tmpdir/manifest.json" _gen/manifest-staging.json && \
+		mv "$$swagtmp/docs.go" coderd/apidoc/docs.go && \
+		mv "$$swagtmp/swagger.json" coderd/apidoc/swagger.json && \
+		rm -rf "$$tmpdir" "$$swagtmp"
 	touch "$@"

-docs/manifest.json: site/node_modules/.installed coderd/apidoc/.gen docs/reference/cli/index.md
-	(cd site/ && pnpm exec biome format --write ../docs/manifest.json)
-	touch "$@"
+docs/manifest.json: site/node_modules/.installed coderd/apidoc/.gen docs/reference/cli/index.md | _gen
+	tmpdir=$$(mktemp -d -p _gen) && tmpfile=$$(realpath "$$tmpdir")/$(notdir $@) && \
+		cp _gen/manifest-staging.json "$$tmpfile" && \
+		./scripts/biome_format.sh "$$tmpfile" && \
+		mv "$$tmpfile" "$@" && rm -rf "$$tmpdir"

 coderd/apidoc/swagger.json: site/node_modules/.installed coderd/apidoc/.gen
-	(cd site/ && pnpm exec biome format --write ../coderd/apidoc/swagger.json)
 	touch "$@"

 update-golden-files:
@@ -996,11 +1206,19 @@ enterprise/tailnet/testdata/.gen-golden: $(wildcard enterprise/tailnet/testdata/
 	touch "$@"

 helm/coder/tests/testdata/.gen-golden: $(wildcard helm/coder/tests/testdata/*.yaml) $(wildcard helm/coder/tests/testdata/*.golden) $(GO_SRC_FILES) $(wildcard helm/coder/tests/*_test.go)
-	TZ=UTC go test ./helm/coder/tests -run=TestUpdateGoldenFiles -update
+	if command -v helm >/dev/null 2>&1; then
+		TZ=UTC go test ./helm/coder/tests -run=TestUpdateGoldenFiles -update
+	else
+		echo "WARNING: helm not found; skipping helm/coder golden generation" >&2
+	fi
 	touch "$@"

 helm/provisioner/tests/testdata/.gen-golden: $(wildcard helm/provisioner/tests/testdata/*.yaml) $(wildcard helm/provisioner/tests/testdata/*.golden) $(GO_SRC_FILES) $(wildcard helm/provisioner/tests/*_test.go)
-	TZ=UTC go test ./helm/provisioner/tests -run=TestUpdateGoldenFiles -update
+	if command -v helm >/dev/null 2>&1; then
+		TZ=UTC go test ./helm/provisioner/tests -run=TestUpdateGoldenFiles -update
+	else
+		echo "WARNING: helm not found; skipping helm/provisioner golden generation" >&2
+	fi
 	touch "$@"

 coderd/.gen-golden: $(wildcard coderd/testdata/*/*.golden) $(GO_SRC_FILES) $(wildcard coderd/*_test.go)
@@ -1028,10 +1246,22 @@ else
 GOTESTSUM_RETRY_FLAGS :=
 endif

-# default to 8x8 parallelism to avoid overwhelming our workspaces. Hopefully we can remove these defaults
-# when we get our test suite's resource utilization under control.
-# Use testsmallbatch tag to reduce wireguard memory allocation in tests (from ~18GB to negligible).
-GOTEST_FLAGS := -tags=testsmallbatch -v -p $(or $(TEST_NUM_PARALLEL_PACKAGES),"8") -parallel=$(or $(TEST_NUM_PARALLEL_TESTS),"8")
+# Default to 8x8 parallelism to avoid overwhelming our workspaces.
+# Race detection defaults to 4x4 because the detector adds significant
+# CPU overhead. Override via TEST_NUM_PARALLEL_PACKAGES /
+# TEST_NUM_PARALLEL_TESTS.
+TEST_PARALLEL_PACKAGES := $(or $(TEST_NUM_PARALLEL_PACKAGES),8)
+TEST_PARALLEL_TESTS := $(or $(TEST_NUM_PARALLEL_TESTS),8)
+RACE_PARALLEL_PACKAGES := $(or $(TEST_NUM_PARALLEL_PACKAGES),4)
+RACE_PARALLEL_TESTS := $(or $(TEST_NUM_PARALLEL_TESTS),4)
+
+# Use testsmallbatch tag to reduce wireguard memory allocation in tests
+# (from ~18GB to negligible). Recursively expanded so target-specific
+# overrides of TEST_PARALLEL_* take effect (e.g. test-race lowers
+# parallelism). CI job timeout is 25m (see test-go-pg in ci.yaml),
+# keep the Go timeout 5m shorter so tests produce goroutine dumps
+# instead of the CI runner killing the process with no output.
+GOTEST_FLAGS = -tags=testsmallbatch -v -timeout 20m -p $(TEST_PARALLEL_PACKAGES) -parallel=$(TEST_PARALLEL_TESTS)

 # The most common use is to set TEST_COUNT=1 to avoid Go's test cache.
 ifdef TEST_COUNT
@@ -1057,13 +1287,34 @@ endif
 TEST_PACKAGES ?= ./...

 test:
-	$(GIT_FLAGS) gotestsum --format standard-quiet $(GOTESTSUM_RETRY_FLAGS) --packages="$(TEST_PACKAGES)" -- $(GOTEST_FLAGS)
+	$(GIT_FLAGS) gotestsum --format standard-quiet \
+		$(GOTESTSUM_RETRY_FLAGS) \
+		--packages="$(TEST_PACKAGES)" \
+		-- \
+		$(GOTEST_FLAGS)
 .PHONY: test

+test-race: TEST_PARALLEL_PACKAGES := $(RACE_PARALLEL_PACKAGES)
+test-race: TEST_PARALLEL_TESTS := $(RACE_PARALLEL_TESTS)
+test-race:
+	$(GIT_FLAGS) gotestsum --format standard-quiet \
+		--junitfile="gotests.xml" \
+		$(GOTESTSUM_RETRY_FLAGS) \
+		--packages="$(TEST_PACKAGES)" \
+		-- \
+		-race \
+		$(GOTEST_FLAGS)
+.PHONY: test-race
+
 test-cli:
 	$(MAKE) test TEST_PACKAGES="./cli..."
 .PHONY: test-cli

+test-js: site/node_modules/.installed
+	cd site/
+	pnpm test:ci
+.PHONY: test-js
+
 # sqlc-cloud-is-setup will fail if no SQLc auth token is set. Use this as a
 # dependency for any sqlc-cloud related targets.
 sqlc-cloud-is-setup:
@@ -1075,37 +1326,22 @@ sqlc-cloud-is-setup:

 sqlc-push: sqlc-cloud-is-setup test-postgres-docker
 	echo "--- sqlc push"
-	SQLC_DATABASE_URL="postgresql://postgres:postgres@localhost:5432/$(shell go run scripts/migrate-ci/main.go)" \
+	SQLC_DATABASE_URL="postgresql://postgres:postgres@localhost:5432/$$(go run scripts/migrate-ci/main.go)" \
 	sqlc push -f coderd/database/sqlc.yaml && echo "Passed sqlc push"
 .PHONY: sqlc-push

 sqlc-verify: sqlc-cloud-is-setup test-postgres-docker
 	echo "--- sqlc verify"
-	SQLC_DATABASE_URL="postgresql://postgres:postgres@localhost:5432/$(shell go run scripts/migrate-ci/main.go)" \
+	SQLC_DATABASE_URL="postgresql://postgres:postgres@localhost:5432/$$(go run scripts/migrate-ci/main.go)" \
 	sqlc verify -f coderd/database/sqlc.yaml && echo "Passed sqlc verify"
 .PHONY: sqlc-verify

 sqlc-vet: test-postgres-docker
 	echo "--- sqlc vet"
-	SQLC_DATABASE_URL="postgresql://postgres:postgres@localhost:5432/$(shell go run scripts/migrate-ci/main.go)" \
+	SQLC_DATABASE_URL="postgresql://postgres:postgres@localhost:5432/$$(go run scripts/migrate-ci/main.go)" \
 	sqlc vet -f coderd/database/sqlc.yaml && echo "Passed sqlc vet"
 .PHONY: sqlc-vet

-# When updating -timeout for this test, keep in sync with
-# test-go-postgres (.github/workflows/coder.yaml).
-# Do add coverage flags so that test caching works.
-test-postgres: test-postgres-docker
-	# The postgres test is prone to failure, so we limit parallelism for
-	# more consistent execution.
-	$(GIT_FLAGS)  gotestsum \
-		--junitfile="gotests.xml" \
-		--jsonfile="gotests.json" \
-		$(GOTESTSUM_RETRY_FLAGS) \
-		--packages="./..." -- \
-		-tags=testsmallbatch \
-		-timeout=20m \
-		-count=1
-.PHONY: test-postgres

 test-migrations: test-postgres-docker
 	echo "--- test migrations"
@@ -1121,13 +1357,24 @@ test-migrations: test-postgres-docker

 # NOTE: we set --memory to the same size as a GitHub runner.
 test-postgres-docker:
+	# If our container is already running, nothing to do.
+	if docker ps --filter "name=test-postgres-docker-${POSTGRES_VERSION}" --format '{{.Names}}' | grep -q .; then \
+		echo "test-postgres-docker-${POSTGRES_VERSION} is already running."; \
+		exit 0; \
+	fi
+	# If something else is on 5432, warn but don't fail.
+	if pg_isready -h 127.0.0.1 -q 2>/dev/null; then \
+		echo "WARNING: PostgreSQL is already running on 127.0.0.1:5432 (not our container)."; \
+		echo "Tests will use this instance. To use the Makefile's container, stop it first."; \
+		exit 0; \
+	fi
 	docker rm -f test-postgres-docker-${POSTGRES_VERSION} || true

 	# Try pulling up to three times to avoid CI flakes.
 	docker pull ${POSTGRES_IMAGE} || {
 		retries=2
-		for try in $(seq 1 ${retries}); do
-			echo "Failed to pull image, retrying (${try}/${retries})..."
+		for try in $$(seq 1 $${retries}); do
+			echo "Failed to pull image, retrying ($${try}/$${retries})..."
 			sleep 1
 			if docker pull ${POSTGRES_IMAGE}; then
 				break
@@ -1168,16 +1415,11 @@ test-postgres-docker:
 		-c log_statement=all
 	while ! pg_isready -h 127.0.0.1
 	do
-		echo "$(date) - waiting for database to start"
+		echo "$$(date) - waiting for database to start"
 		sleep 0.5
 	done
 .PHONY: test-postgres-docker

-# Make sure to keep this in sync with test-go-race from .github/workflows/ci.yaml.
-test-race:
-	$(GIT_FLAGS) gotestsum --junitfile="gotests.xml" -- -tags=testsmallbatch -race -count=1 -parallel 4 -p 4 ./...
-.PHONY: test-race
-
 test-tailnet-integration:
 	env \
 		CODER_TAILNET_TESTS=true \
@@ -1206,6 +1448,7 @@ site/e2e/bin/coder: go.mod go.sum $(GO_SRC_FILES)

 test-e2e: site/e2e/bin/coder site/node_modules/.installed site/out/index.html
 	cd site/
+	pnpm playwright:install
 ifdef CI
 	DEBUG=pw:api pnpm playwright:test --forbid-only --workers 1
 else
@@ -1220,3 +1463,5 @@ dogfood/coder/nix.hash: flake.nix flake.lock
 count-test-databases:
 	PGPASSWORD=postgres psql -h localhost -U postgres -d coder_testing -P pager=off -c 'SELECT test_package, count(*) as count from test_databases GROUP BY test_package ORDER BY count DESC'
 .PHONY: count-test-databases
+
+.PHONY: count-test-databases
@@ -39,15 +39,17 @@ import (
 	"cdr.dev/slog/v3"
 	"github.com/coder/clistat"
 	"github.com/coder/coder/v2/agent/agentcontainers"
+	"github.com/coder/coder/v2/agent/agentdesktop"
 	"github.com/coder/coder/v2/agent/agentexec"
 	"github.com/coder/coder/v2/agent/agentfiles"
+	"github.com/coder/coder/v2/agent/agentgit"
+	"github.com/coder/coder/v2/agent/agentproc"
 	"github.com/coder/coder/v2/agent/agentscripts"
 	"github.com/coder/coder/v2/agent/agentsocket"
 	"github.com/coder/coder/v2/agent/agentssh"
 	"github.com/coder/coder/v2/agent/boundarylogproxy"
 	"github.com/coder/coder/v2/agent/proto"
 	"github.com/coder/coder/v2/agent/proto/resourcesmonitor"
-	"github.com/coder/coder/v2/agent/reaper"
 	"github.com/coder/coder/v2/agent/reconnectingpty"
 	"github.com/coder/coder/v2/buildinfo"
 	"github.com/coder/coder/v2/cli/gitauth"
@@ -76,32 +78,6 @@ const (

 var ErrAgentClosing = xerrors.New("agent is closing")

-// readStartCount reads the start count from the well-known file.
-// Returns 0 if the file doesn't exist or can't be parsed.
-func readStartCount() int {
-	data, err := os.ReadFile(reaper.StartCountFile)
-	if err != nil {
-		return 0
-	}
-	n, err := strconv.Atoi(strings.TrimSpace(string(data)))
-	if err != nil {
-		return 0
-	}
-	return n
-}
-
-// IncrementStartCount reads the current start count, increments it,
-// writes it back, and returns the new value. This is used in the
-// systemd supervised path where the agent manages its own file
-// (as opposed to the PID 1 reaper path where the reaper does it).
-func IncrementStartCount() int {
-	count := readStartCount() + 1
-	// Best-effort write; if it fails we still return the count
-	// so the agent can report the restart.
-	_ = reaper.WriteStartCount(count)
-	return count
-}
-
 type Options struct {
 	Filesystem             afero.Fs
 	LogDir                 string
@@ -128,6 +104,7 @@ type Options struct {
 	Execer                       agentexec.Execer
 	Devcontainers                bool
 	DevcontainerAPIOptions       []agentcontainers.Option // Enable Devcontainers for these to be effective.
+	GitAPIOptions                []agentgit.Option
 	Clock                        quartz.Clock
 	SocketServerEnabled          bool
 	SocketPath                   string // Path for the agent socket server socket
@@ -135,8 +112,14 @@ type Options struct {
 }

 type Client interface {
-	ConnectRPC29(ctx context.Context) (
-		proto.DRPCAgentClient29, tailnetproto.DRPCTailnetClient28, error,
+	ConnectRPC28(ctx context.Context) (
+		proto.DRPCAgentClient28, tailnetproto.DRPCTailnetClient28, error,
+	)
+	// ConnectRPC28WithRole is like ConnectRPC28 but sends an explicit
+	// role query parameter to the server. The workspace agent should
+	// use role "agent" to enable connection monitoring.
+	ConnectRPC28WithRole(ctx context.Context, role string) (
+		proto.DRPCAgentClient28, tailnetproto.DRPCTailnetClient28, error,
 	)
 	tailnet.DERPMapRewriter
 	agentsdk.RefreshableSessionTokenProvider
@@ -237,6 +220,7 @@ func New(options Options) Agent {

 		devcontainers:              options.Devcontainers,
 		containerAPIOptions:        options.DevcontainerAPIOptions,
+		gitAPIOptions:              options.GitAPIOptions,
 		socketPath:                 options.SocketPath,
 		socketServerEnabled:        options.SocketServerEnabled,
 		boundaryLogProxySocketPath: options.BoundaryLogProxySocketPath,
@@ -306,8 +290,6 @@ type agent struct {
 	reportConnectionsMu     sync.Mutex
 	reportConnections       []*proto.ReportConnectionRequest

-	restartReported atomic.Bool
-
 	logSender *agentsdk.LogSender

 	// boundaryLogProxy is a socket server that forwards boundary audit logs to coderd.
@@ -324,8 +306,12 @@ type agent struct {
 	devcontainers       bool
 	containerAPIOptions []agentcontainers.Option
 	containerAPI        *agentcontainers.API
+	gitAPIOptions       []agentgit.Option

-	filesAPI *agentfiles.API
+	filesAPI   *agentfiles.API
+	gitAPI     *agentgit.API
+	processAPI *agentproc.API
+	desktopAPI *agentdesktop.API

 	socketServerEnabled bool
 	socketPath          string
@@ -397,8 +383,15 @@ func (a *agent) init() {

 	a.containerAPI = agentcontainers.NewAPI(a.logger.Named("containers"), containerAPIOpts...)

-	a.filesAPI = agentfiles.NewAPI(a.logger.Named("files"), a.filesystem)
-
+	pathStore := agentgit.NewPathStore()
+	a.filesAPI = agentfiles.NewAPI(a.logger.Named("files"), a.filesystem, pathStore)
+	a.processAPI = agentproc.NewAPI(a.logger.Named("processes"), a.execer, a.updateCommandEnv, pathStore)
+	gitOpts := append([]agentgit.Option{agentgit.WithClock(a.clock)}, a.gitAPIOptions...)
+	a.gitAPI = agentgit.NewAPI(a.logger.Named("git"), pathStore, gitOpts...)
+	desktop := agentdesktop.NewPortableDesktop(
+		a.logger.Named("desktop"), a.execer, a.scriptDataDir,
+	)
+	a.desktopAPI = agentdesktop.NewAPI(a.logger.Named("desktop"), desktop, a.clock)
 	a.reconnectingPTYServer = reconnectingpty.NewServer(
 		a.logger.Named("reconnecting-pty"),
 		a.sshServer,
@@ -430,7 +423,7 @@ func (a *agent) initSocketServer() {
 		agentsocket.WithPath(a.socketPath),
 	)
 	if err != nil {
-		a.logger.Warn(a.hardCtx, "failed to create socket server", slog.Error(err), slog.F("path", a.socketPath))
+		a.logger.Error(a.hardCtx, "failed to create socket server", slog.Error(err), slog.F("path", a.socketPath))
 		return
 	}

@@ -440,7 +433,12 @@ func (a *agent) initSocketServer() {

 // startBoundaryLogProxyServer starts the boundary log proxy socket server.
 func (a *agent) startBoundaryLogProxyServer() {
-	proxy := boundarylogproxy.NewServer(a.logger, a.boundaryLogProxySocketPath)
+	if a.boundaryLogProxySocketPath == "" {
+		a.logger.Warn(a.hardCtx, "boundary log proxy socket path not defined; not starting proxy")
+		return
+	}
+
+	proxy := boundarylogproxy.NewServer(a.logger, a.boundaryLogProxySocketPath, a.prometheusRegistry)
 	if err := proxy.Start(); err != nil {
 		a.logger.Warn(a.hardCtx, "failed to start boundary log proxy", slog.Error(err))
 		return
@@ -562,7 +560,7 @@ func (t *trySingleflight) Do(key string, fn func()) {
 	fn()
 }

-func (a *agent) reportMetadata(ctx context.Context, aAPI proto.DRPCAgentClient29) error {
+func (a *agent) reportMetadata(ctx context.Context, aAPI proto.DRPCAgentClient28) error {
 	tickerDone := make(chan struct{})
 	collectDone := make(chan struct{})
 	ctx, cancel := context.WithCancel(ctx)
@@ -777,7 +775,7 @@ func (a *agent) reportMetadata(ctx context.Context, aAPI proto.DRPCAgentClient29

 // reportLifecycle reports the current lifecycle state once. All state
 // changes are reported in order.
-func (a *agent) reportLifecycle(ctx context.Context, aAPI proto.DRPCAgentClient29) error {
+func (a *agent) reportLifecycle(ctx context.Context, aAPI proto.DRPCAgentClient28) error {
 	for {
 		select {
 		case <-a.lifecycleUpdate:
@@ -857,7 +855,7 @@ func (a *agent) setLifecycle(state codersdk.WorkspaceAgentLifecycle) {
 }

 // reportConnectionsLoop reports connections to the agent for auditing.
-func (a *agent) reportConnectionsLoop(ctx context.Context, aAPI proto.DRPCAgentClient29) error {
+func (a *agent) reportConnectionsLoop(ctx context.Context, aAPI proto.DRPCAgentClient28) error {
 	for {
 		select {
 		case <-a.reportConnectionsUpdate:
@@ -992,7 +990,7 @@ func (a *agent) reportConnection(id uuid.UUID, connectionType proto.Connection_T
 // fetchServiceBannerLoop fetches the service banner on an interval.  It will
 // not be fetched immediately; the expectation is that it is primed elsewhere
 // (and must be done before the session actually starts).
-func (a *agent) fetchServiceBannerLoop(ctx context.Context, aAPI proto.DRPCAgentClient29) error {
+func (a *agent) fetchServiceBannerLoop(ctx context.Context, aAPI proto.DRPCAgentClient28) error {
 	ticker := time.NewTicker(a.announcementBannersRefreshInterval)
 	defer ticker.Stop()
 	for {
@@ -1026,8 +1024,10 @@ func (a *agent) run() (retErr error) {
 		return xerrors.Errorf("refresh token: %w", err)
 	}

-	// ConnectRPC returns the dRPC connection we use for the Agent and Tailnet v2+ APIs
-	aAPI, tAPI, err := a.client.ConnectRPC29(a.hardCtx)
+	// ConnectRPC returns the dRPC connection we use for the Agent and Tailnet v2+ APIs.
+	// We pass role "agent" to enable connection monitoring on the server, which tracks
+	// the agent's connectivity state (first_connected_at, last_connected_at, disconnected_at).
+	aAPI, tAPI, err := a.client.ConnectRPC28WithRole(a.hardCtx, "agent")
 	if err != nil {
 		return err
 	}
@@ -1038,49 +1038,20 @@ func (a *agent) run() (retErr error) {
 		}
 	}()

+	// The socket server accepts requests from processes running inside the workspace and forwards
+	// some of the requests to Coderd over the DRPC connection.
+	if a.socketServer != nil {
+		a.socketServer.SetAgentAPI(aAPI)
+		defer a.socketServer.ClearAgentAPI()
+	}
+
 	// A lot of routines need the agent API / tailnet API connection.  We run them in their own
 	// goroutines in parallel, but errors in any routine will cause them all to exit so we can
 	// redial the coder server and retry.
 	connMan := newAPIConnRoutineManager(a.gracefulCtx, a.hardCtx, a.logger, aAPI, tAPI)

-	// Report restart to coderd if this agent was restarted by the
-	// reaper or systemd after an OOM kill or other SIGKILL event.
-	// In the reaper path, the reaper writes the start count before
-	// forking. In the systemd path, the agent increments it itself
-	// on startup. A start count > 1 means we've been restarted.
-	// We use an atomic flag to ensure we only report once per
-	// process lifetime, even if run() is called multiple times
-	// due to reconnects.
-	startCount := readStartCount()
-	if startCount > 1 && !a.restartReported.Load() {
-		// #nosec G115 - restart count is always small (< max restarts).
-		restartCount := int32(startCount - 1)
-		killSignalRaw := reaper.ReadKillSignal()
-		reason, killSignal := reaper.ParseKillSignal(killSignalRaw)
-		_, err := aAPI.ReportRestart(a.hardCtx, &proto.ReportRestartRequest{
-			RestartCount: restartCount,
-			KillSignal:   killSignal,
-			Reason:       reason,
-		})
-		if err != nil {
-			a.logger.Error(a.hardCtx, "failed to report restart to coderd",
-				slog.F("start_count", startCount),
-				slog.F("reason", reason),
-				slog.F("kill_signal", killSignal),
-				slog.Error(err),
-			)
-		} else {
-			a.restartReported.Store(true)
-			a.logger.Info(a.hardCtx, "reported restart to coderd",
-				slog.F("start_count", startCount),
-				slog.F("reason", reason),
-				slog.F("kill_signal", killSignal),
-			)
-		}
-	}
-
 	connMan.startAgentAPI("init notification banners", gracefulShutdownBehaviorStop,
-		func(ctx context.Context, aAPI proto.DRPCAgentClient29) error {
+		func(ctx context.Context, aAPI proto.DRPCAgentClient28) error {
 			bannersProto, err := aAPI.GetAnnouncementBanners(ctx, &proto.GetAnnouncementBannersRequest{})
 			if err != nil {
 				return xerrors.Errorf("fetch service banner: %w", err)
@@ -1097,7 +1068,7 @@ func (a *agent) run() (retErr error) {
 	// sending logs gets gracefulShutdownBehaviorRemain because we want to send logs generated by
 	// shutdown scripts.
 	connMan.startAgentAPI("send logs", gracefulShutdownBehaviorRemain,
-		func(ctx context.Context, aAPI proto.DRPCAgentClient29) error {
+		func(ctx context.Context, aAPI proto.DRPCAgentClient28) error {
 			err := a.logSender.SendLoop(ctx, aAPI)
 			if xerrors.Is(err, agentsdk.ErrLogLimitExceeded) {
 				// we don't want this error to tear down the API connection and propagate to the
@@ -1111,7 +1082,7 @@ func (a *agent) run() (retErr error) {
 	// Forward boundary audit logs to coderd if boundary log forwarding is enabled.
 	// These are audit logs so they should continue during graceful shutdown.
 	if a.boundaryLogProxy != nil {
-		proxyFunc := func(ctx context.Context, aAPI proto.DRPCAgentClient29) error {
+		proxyFunc := func(ctx context.Context, aAPI proto.DRPCAgentClient28) error {
 			return a.boundaryLogProxy.RunForwarder(ctx, aAPI)
 		}
 		connMan.startAgentAPI("boundary log proxy", gracefulShutdownBehaviorRemain, proxyFunc)
@@ -1125,7 +1096,7 @@ func (a *agent) run() (retErr error) {
 	connMan.startAgentAPI("report metadata", gracefulShutdownBehaviorStop, a.reportMetadata)

 	// resources monitor can cease as soon as we start gracefully shutting down.
-	connMan.startAgentAPI("resources monitor", gracefulShutdownBehaviorStop, func(ctx context.Context, aAPI proto.DRPCAgentClient29) error {
+	connMan.startAgentAPI("resources monitor", gracefulShutdownBehaviorStop, func(ctx context.Context, aAPI proto.DRPCAgentClient28) error {
 		logger := a.logger.Named("resources_monitor")
 		clk := quartz.NewReal()
 		config, err := aAPI.GetResourcesMonitoringConfiguration(ctx, &proto.GetResourcesMonitoringConfigurationRequest{})
@@ -1172,7 +1143,7 @@ func (a *agent) run() (retErr error) {
 	connMan.startAgentAPI("handle manifest", gracefulShutdownBehaviorStop, a.handleManifest(manifestOK))

 	connMan.startAgentAPI("app health reporter", gracefulShutdownBehaviorStop,
-		func(ctx context.Context, aAPI proto.DRPCAgentClient29) error {
+		func(ctx context.Context, aAPI proto.DRPCAgentClient28) error {
 			if err := manifestOK.wait(ctx); err != nil {
 				return xerrors.Errorf("no manifest: %w", err)
 			}
@@ -1205,7 +1176,7 @@ func (a *agent) run() (retErr error) {

 	connMan.startAgentAPI("fetch service banner loop", gracefulShutdownBehaviorStop, a.fetchServiceBannerLoop)

-	connMan.startAgentAPI("stats report loop", gracefulShutdownBehaviorStop, func(ctx context.Context, aAPI proto.DRPCAgentClient29) error {
+	connMan.startAgentAPI("stats report loop", gracefulShutdownBehaviorStop, func(ctx context.Context, aAPI proto.DRPCAgentClient28) error {
 		if err := networkOK.wait(ctx); err != nil {
 			return xerrors.Errorf("no network: %w", err)
 		}
@@ -1220,8 +1191,8 @@ func (a *agent) run() (retErr error) {
 }

 // handleManifest returns a function that fetches and processes the manifest
-func (a *agent) handleManifest(manifestOK *checkpoint) func(ctx context.Context, aAPI proto.DRPCAgentClient29) error {
-	return func(ctx context.Context, aAPI proto.DRPCAgentClient29) error {
+func (a *agent) handleManifest(manifestOK *checkpoint) func(ctx context.Context, aAPI proto.DRPCAgentClient28) error {
+	return func(ctx context.Context, aAPI proto.DRPCAgentClient28) error {
 		var (
 			sentResult = false
 			err        error
@@ -1288,19 +1259,7 @@ func (a *agent) handleManifest(manifestOK *checkpoint) func(ctx context.Context,
 		sentResult = true

 		// The startup script should only execute on the first run!
-		//nolint:nestif
 		if oldManifest == nil {
-			// If this is a restart after OOM kill, skip startup
-			// scripts since they already ran on the initial start.
-			// We still initialize the script runner for cron jobs
-			// and set the lifecycle to ready.
-			startCount := readStartCount()
-			if startCount > 1 {
-				a.logger.Warn(ctx, "agent was restarted, skipping startup scripts",
-					slog.F("start_count", startCount),
-				)
-			}
-
 			a.setLifecycle(codersdk.WorkspaceAgentLifecycleStarting)

 			// Perform overrides early so that Git auth can work even if users
@@ -1342,62 +1301,52 @@ func (a *agent) handleManifest(manifestOK *checkpoint) func(ctx context.Context,
 			if err != nil {
 				return xerrors.Errorf("init script runner: %w", err)
 			}
-			if startCount > 1 {
-				// On restart, skip startup script execution but
-				// still start the cron scheduler for ongoing tasks.
-				a.setLifecycle(codersdk.WorkspaceAgentLifecycleReady)
+			err = a.trackGoroutine(func() {
+				start := time.Now()
+				// Here we use the graceful context because the script runner is
+				// not directly tied to the agent API.
+				//
+				// First we run the start scripts to ensure the workspace has
+				// been initialized and then the post start scripts which may
+				// depend on the workspace start scripts.
+				//
+				// Measure the time immediately after the start scripts have
+				// finished (both start and post start). For instance, an
+				// autostarted devcontainer will be included in this time.
+				err := a.scriptRunner.Execute(a.gracefulCtx, agentscripts.ExecuteStartScripts)
+
 				if a.devcontainers {
+					// Start the container API after the startup scripts have
+					// been executed to ensure that the required tools can be
+					// installed.
 					a.containerAPI.Start()
+					for _, dc := range manifest.Devcontainers {
+						cErr := a.createDevcontainer(ctx, aAPI, dc, devcontainerScripts[dc.ID])
+						err = errors.Join(err, cErr)
+					}
 				}
-				a.scriptRunner.StartCron()
-			} else {
-				err = a.trackGoroutine(func() {
-					start := time.Now()
-					// Here we use the graceful context because the script runner is
-					// not directly tied to the agent API.
-					//
-					// First we run the start scripts to ensure the workspace has
-					// been initialized and then the post start scripts which may
-					// depend on the workspace start scripts.
-					//
-					// Measure the time immediately after the start scripts have
-					// finished (both start and post start). For instance, an
-					// autostarted devcontainer will be included in this time.
-					err := a.scriptRunner.Execute(a.gracefulCtx, agentscripts.ExecuteStartScripts)

-					if a.devcontainers {
-						// Start the container API after the startup scripts have
-						// been executed to ensure that the required tools can be
-						// installed.
-						a.containerAPI.Start()
-						for _, dc := range manifest.Devcontainers {
-							cErr := a.createDevcontainer(ctx, aAPI, dc, devcontainerScripts[dc.ID])
-							err = errors.Join(err, cErr)
-						}
-					}
-
-					dur := time.Since(start).Seconds()
-					if err != nil {
-						a.logger.Warn(ctx, "startup script(s) failed", slog.Error(err))
-						if errors.Is(err, agentscripts.ErrTimeout) {
-							a.setLifecycle(codersdk.WorkspaceAgentLifecycleStartTimeout)
-						} else {
-							a.setLifecycle(codersdk.WorkspaceAgentLifecycleStartError)
-						}
-					} else {
-						a.setLifecycle(codersdk.WorkspaceAgentLifecycleReady)
-					}
-
-					label := "false"
-					if err == nil {
-						label = "true"
-					}
-					a.metrics.startupScriptSeconds.WithLabelValues(label).Set(dur)
-					a.scriptRunner.StartCron()
-				})
+				dur := time.Since(start).Seconds()
 				if err != nil {
-					return xerrors.Errorf("track conn goroutine: %w", err)
+					a.logger.Warn(ctx, "startup script(s) failed", slog.Error(err))
+					if errors.Is(err, agentscripts.ErrTimeout) {
+						a.setLifecycle(codersdk.WorkspaceAgentLifecycleStartTimeout)
+					} else {
+						a.setLifecycle(codersdk.WorkspaceAgentLifecycleStartError)
+					}
+				} else {
+					a.setLifecycle(codersdk.WorkspaceAgentLifecycleReady)
 				}
+
+				label := "false"
+				if err == nil {
+					label = "true"
+				}
+				a.metrics.startupScriptSeconds.WithLabelValues(label).Set(dur)
+				a.scriptRunner.StartCron()
+			})
+			if err != nil {
+				return xerrors.Errorf("track conn goroutine: %w", err)
 			}
 		}
 		return nil
@@ -1406,7 +1355,7 @@ func (a *agent) handleManifest(manifestOK *checkpoint) func(ctx context.Context,

 func (a *agent) createDevcontainer(
 	ctx context.Context,
-	aAPI proto.DRPCAgentClient29,
+	aAPI proto.DRPCAgentClient28,
 	dc codersdk.WorkspaceAgentDevcontainer,
 	script codersdk.WorkspaceAgentScript,
 ) (err error) {
@@ -1438,8 +1387,8 @@ func (a *agent) createDevcontainer(

 // createOrUpdateNetwork waits for the manifest to be set using manifestOK, then creates or updates
 // the tailnet using the information in the manifest
-func (a *agent) createOrUpdateNetwork(manifestOK, networkOK *checkpoint) func(context.Context, proto.DRPCAgentClient29) error {
-	return func(ctx context.Context, aAPI proto.DRPCAgentClient29) (retErr error) {
+func (a *agent) createOrUpdateNetwork(manifestOK, networkOK *checkpoint) func(context.Context, proto.DRPCAgentClient28) error {
+	return func(ctx context.Context, aAPI proto.DRPCAgentClient28) (retErr error) {
 		if err := manifestOK.wait(ctx); err != nil {
 			return xerrors.Errorf("no manifest: %w", err)
 		}
@@ -2058,11 +2007,6 @@ func (a *agent) Close() error {
 	a.logger.Info(a.hardCtx, "shutting down agent")
 	a.setLifecycle(codersdk.WorkspaceAgentLifecycleShuttingDown)

-	// Clear restart state files on graceful shutdown so the next
-	// start doesn't incorrectly think it's a restart after a
-	// crash.
-	reaper.ClearRestartState()
-
 	// Attempt to gracefully shut down all active SSH connections and
 	// stop accepting new ones. If all processes have not exited after 5
 	// seconds, we just log it and move on as it's more important to run
@@ -2114,6 +2058,14 @@ func (a *agent) Close() error {
 		a.logger.Error(a.hardCtx, "container API close", slog.Error(err))
 	}

+	if err := a.processAPI.Close(); err != nil {
+		a.logger.Error(a.hardCtx, "process API close", slog.Error(err))
+	}
+
+	if err := a.desktopAPI.Close(); err != nil {
+		a.logger.Error(a.hardCtx, "desktop API close", slog.Error(err))
+	}
+
 	if a.boundaryLogProxy != nil {
 		err = a.boundaryLogProxy.Close()
 		if err != nil {
@@ -2238,7 +2190,7 @@ const (

 type apiConnRoutineManager struct {
 	logger    slog.Logger
-	aAPI      proto.DRPCAgentClient29
+	aAPI      proto.DRPCAgentClient28
 	tAPI      tailnetproto.DRPCTailnetClient28
 	eg        *errgroup.Group
 	stopCtx   context.Context
@@ -2247,7 +2199,7 @@ type apiConnRoutineManager struct {

 func newAPIConnRoutineManager(
 	gracefulCtx, hardCtx context.Context, logger slog.Logger,
-	aAPI proto.DRPCAgentClient29, tAPI tailnetproto.DRPCTailnetClient28,
+	aAPI proto.DRPCAgentClient28, tAPI tailnetproto.DRPCTailnetClient28,
 ) *apiConnRoutineManager {
 	// routines that remain in operation during graceful shutdown use the remainCtx.  They'll still
 	// exit if the errgroup hits an error, which usually means a problem with the conn.
@@ -2280,7 +2232,7 @@ func newAPIConnRoutineManager(
 // but for Tailnet.
 func (a *apiConnRoutineManager) startAgentAPI(
 	name string, behavior gracefulShutdownBehavior,
-	f func(context.Context, proto.DRPCAgentClient29) error,
+	f func(context.Context, proto.DRPCAgentClient28) error,
 ) {
 	logger := a.logger.With(slog.F("name", name))
 	var ctx context.Context
@@ -3040,6 +3040,62 @@ func TestAgent_Reconnect(t *testing.T) {
 	closer.Close()
 }

+func TestAgent_ReconnectNoLifecycleReemit(t *testing.T) {
+	t.Parallel()
+	ctx := testutil.Context(t, testutil.WaitLong)
+	logger := testutil.Logger(t)
+
+	fCoordinator := tailnettest.NewFakeCoordinator()
+	agentID := uuid.New()
+	statsCh := make(chan *proto.Stats, 50)
+	derpMap, _ := tailnettest.RunDERPAndSTUN(t)
+
+	client := agenttest.NewClient(t,
+		logger,
+		agentID,
+		agentsdk.Manifest{
+			DERPMap: derpMap,
+			Scripts: []codersdk.WorkspaceAgentScript{{
+				Script:     "echo hello",
+				Timeout:    30 * time.Second,
+				RunOnStart: true,
+			}},
+		},
+		statsCh,
+		fCoordinator,
+	)
+	defer client.Close()
+
+	closer := agent.New(agent.Options{
+		Client: client,
+		Logger: logger.Named("agent"),
+	})
+	defer closer.Close()
+
+	// Wait for the agent to reach Ready state.
+	require.Eventually(t, func() bool {
+		return slices.Contains(client.GetLifecycleStates(), codersdk.WorkspaceAgentLifecycleReady)
+	}, testutil.WaitShort, testutil.IntervalFast)
+
+	statesBefore := slices.Clone(client.GetLifecycleStates())
+
+	// Disconnect by closing the coordinator response channel.
+	call1 := testutil.RequireReceive(ctx, t, fCoordinator.CoordinateCalls)
+	close(call1.Resps)
+
+	// Wait for reconnect.
+	testutil.RequireReceive(ctx, t, fCoordinator.CoordinateCalls)
+
+	// Wait for a stats report as a deterministic steady-state proof.
+	testutil.RequireReceive(ctx, t, statsCh)
+
+	statesAfter := client.GetLifecycleStates()
+	require.Equal(t, statesBefore, statesAfter,
+		"lifecycle states should not be re-reported after reconnect")
+
+	closer.Close()
+}
+
 func TestAgent_WriteVSCodeConfigs(t *testing.T) {
 	t.Parallel()
 	logger := testutil.Logger(t)
@@ -81,7 +81,7 @@ func TestSubAgentClient_CreateWithDisplayApps(t *testing.T) {

 				agentAPI := agenttest.NewClient(t, logger, uuid.New(), agentsdk.Manifest{}, statsCh, tailnet.NewCoordinator(logger))

-				agentClient, _, err := agentAPI.ConnectRPC29(ctx)
+				agentClient, _, err := agentAPI.ConnectRPC28(ctx)
 				require.NoError(t, err)

 				subAgentClient := agentcontainers.NewSubAgentClientFromAPI(logger, agentClient)
@@ -245,7 +245,7 @@ func TestSubAgentClient_CreateWithDisplayApps(t *testing.T) {

 				agentAPI := agenttest.NewClient(t, logger, uuid.New(), agentsdk.Manifest{}, statsCh, tailnet.NewCoordinator(logger))

-				agentClient, _, err := agentAPI.ConnectRPC29(ctx)
+				agentClient, _, err := agentAPI.ConnectRPC28(ctx)
 				require.NoError(t, err)

 				subAgentClient := agentcontainers.NewSubAgentClientFromAPI(logger, agentClient)
@@ -0,0 +1,536 @@
+package agentdesktop
+
+import (
+	"encoding/json"
+	"math"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/go-chi/chi/v5"
+
+	"cdr.dev/slog/v3"
+	"github.com/coder/coder/v2/agent/agentssh"
+	"github.com/coder/coder/v2/coderd/httpapi"
+	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/quartz"
+	"github.com/coder/websocket"
+)
+
+// DesktopAction is the request body for the desktop action endpoint.
+type DesktopAction struct {
+	Action          string  `json:"action"`
+	Coordinate      *[2]int `json:"coordinate,omitempty"`
+	StartCoordinate *[2]int `json:"start_coordinate,omitempty"`
+	Text            *string `json:"text,omitempty"`
+	Duration        *int    `json:"duration,omitempty"`
+	ScrollAmount    *int    `json:"scroll_amount,omitempty"`
+	ScrollDirection *string `json:"scroll_direction,omitempty"`
+	// ScaledWidth and ScaledHeight are the coordinate space the
+	// model is using. When provided, coordinates are linearly
+	// mapped from scaled → native before dispatching.
+	ScaledWidth  *int `json:"scaled_width,omitempty"`
+	ScaledHeight *int `json:"scaled_height,omitempty"`
+}
+
+// DesktopActionResponse is the response from the desktop action
+// endpoint.
+type DesktopActionResponse struct {
+	Output           string `json:"output,omitempty"`
+	ScreenshotData   string `json:"screenshot_data,omitempty"`
+	ScreenshotWidth  int    `json:"screenshot_width,omitempty"`
+	ScreenshotHeight int    `json:"screenshot_height,omitempty"`
+}
+
+// API exposes the desktop streaming HTTP routes for the agent.
+type API struct {
+	logger  slog.Logger
+	desktop Desktop
+	clock   quartz.Clock
+}
+
+// NewAPI creates a new desktop streaming API.
+func NewAPI(logger slog.Logger, desktop Desktop, clock quartz.Clock) *API {
+	if clock == nil {
+		clock = quartz.NewReal()
+	}
+	return &API{
+		logger:  logger,
+		desktop: desktop,
+		clock:   clock,
+	}
+}
+
+// Routes returns the chi router for mounting at /api/v0/desktop.
+func (a *API) Routes() http.Handler {
+	r := chi.NewRouter()
+	r.Get("/vnc", a.handleDesktopVNC)
+	r.Post("/action", a.handleAction)
+	return r
+}
+
+func (a *API) handleDesktopVNC(rw http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	// Start the desktop session (idempotent).
+	_, err := a.desktop.Start(ctx)
+	if err != nil {
+		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+			Message: "Failed to start desktop session.",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
+	// Get a VNC connection.
+	vncConn, err := a.desktop.VNCConn(ctx)
+	if err != nil {
+		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+			Message: "Failed to connect to VNC server.",
+			Detail:  err.Error(),
+		})
+		return
+	}
+	defer vncConn.Close()
+
+	// Accept WebSocket from coderd.
+	conn, err := websocket.Accept(rw, r, &websocket.AcceptOptions{
+		CompressionMode: websocket.CompressionDisabled,
+	})
+	if err != nil {
+		a.logger.Error(ctx, "failed to accept websocket", slog.Error(err))
+		return
+	}
+
+	// No read limit — RFB framebuffer updates can be large.
+	conn.SetReadLimit(-1)
+
+	wsCtx, wsNetConn := codersdk.WebsocketNetConn(ctx, conn, websocket.MessageBinary)
+	defer wsNetConn.Close()
+
+	// Bicopy raw bytes between WebSocket and VNC TCP.
+	agentssh.Bicopy(wsCtx, wsNetConn, vncConn)
+}
+
+func (a *API) handleAction(rw http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	handlerStart := a.clock.Now()
+
+	// Ensure the desktop is running and grab native dimensions.
+	cfg, err := a.desktop.Start(ctx)
+	if err != nil {
+		a.logger.Warn(ctx, "handleAction: desktop.Start failed",
+			slog.Error(err),
+			slog.F("elapsed_ms", a.clock.Since(handlerStart).Milliseconds()),
+		)
+		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+			Message: "Failed to start desktop session.",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
+	var action DesktopAction
+	if err := json.NewDecoder(r.Body).Decode(&action); err != nil {
+		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			Message: "Failed to decode request body.",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
+	a.logger.Info(ctx, "handleAction: started",
+		slog.F("action", action.Action),
+		slog.F("elapsed_ms", a.clock.Since(handlerStart).Milliseconds()),
+	)
+
+	// Helper to scale a coordinate pair from the model's space to
+	// native display pixels.
+	scaleXY := func(x, y int) (int, int) {
+		if action.ScaledWidth != nil && *action.ScaledWidth > 0 {
+			x = scaleCoordinate(x, *action.ScaledWidth, cfg.Width)
+		}
+		if action.ScaledHeight != nil && *action.ScaledHeight > 0 {
+			y = scaleCoordinate(y, *action.ScaledHeight, cfg.Height)
+		}
+		return x, y
+	}
+
+	var resp DesktopActionResponse
+
+	switch action.Action {
+	case "key":
+		if action.Text == nil {
+			httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+				Message: "Missing \"text\" for key action.",
+			})
+			return
+		}
+		if err := a.desktop.KeyPress(ctx, *action.Text); err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Key press failed.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+		resp.Output = "key action performed"
+
+	case "type":
+		if action.Text == nil {
+			httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+				Message: "Missing \"text\" for type action.",
+			})
+			return
+		}
+		if err := a.desktop.Type(ctx, *action.Text); err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Type action failed.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+		resp.Output = "type action performed"
+
+	case "cursor_position":
+		x, y, err := a.desktop.CursorPosition(ctx)
+		if err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Cursor position failed.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+		resp.Output = "x=" + strconv.Itoa(x) + ",y=" + strconv.Itoa(y)
+
+	case "mouse_move":
+		x, y, err := coordFromAction(action)
+		if err != nil {
+			httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+				Message: err.Error(),
+			})
+			return
+		}
+		x, y = scaleXY(x, y)
+		if err := a.desktop.Move(ctx, x, y); err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Mouse move failed.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+		resp.Output = "mouse_move action performed"
+
+	case "left_click":
+		x, y, err := coordFromAction(action)
+		if err != nil {
+			httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+				Message: err.Error(),
+			})
+			return
+		}
+		x, y = scaleXY(x, y)
+		stepStart := a.clock.Now()
+		if err := a.desktop.Click(ctx, x, y, MouseButtonLeft); err != nil {
+			a.logger.Warn(ctx, "handleAction: Click failed",
+				slog.F("action", "left_click"),
+				slog.F("step", "click"),
+				slog.F("step_ms", time.Since(stepStart).Milliseconds()),
+				slog.F("elapsed_ms", a.clock.Since(handlerStart).Milliseconds()),
+				slog.Error(err),
+			)
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Left click failed.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+		a.logger.Debug(ctx, "handleAction: Click completed",
+			slog.F("action", "left_click"),
+			slog.F("step_ms", time.Since(stepStart).Milliseconds()),
+			slog.F("elapsed_ms", a.clock.Since(handlerStart).Milliseconds()),
+		)
+		resp.Output = "left_click action performed"
+
+	case "left_click_drag":
+		if action.Coordinate == nil || action.StartCoordinate == nil {
+			httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+				Message: "Missing \"coordinate\" or \"start_coordinate\" for left_click_drag.",
+			})
+			return
+		}
+		sx, sy := scaleXY(action.StartCoordinate[0], action.StartCoordinate[1])
+		ex, ey := scaleXY(action.Coordinate[0], action.Coordinate[1])
+		if err := a.desktop.Drag(ctx, sx, sy, ex, ey); err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Left click drag failed.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+		resp.Output = "left_click_drag action performed"
+
+	case "left_mouse_down":
+		if err := a.desktop.ButtonDown(ctx, MouseButtonLeft); err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Left mouse down failed.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+		resp.Output = "left_mouse_down action performed"
+
+	case "left_mouse_up":
+		if err := a.desktop.ButtonUp(ctx, MouseButtonLeft); err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Left mouse up failed.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+		resp.Output = "left_mouse_up action performed"
+
+	case "right_click":
+		x, y, err := coordFromAction(action)
+		if err != nil {
+			httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+				Message: err.Error(),
+			})
+			return
+		}
+		x, y = scaleXY(x, y)
+		if err := a.desktop.Click(ctx, x, y, MouseButtonRight); err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Right click failed.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+		resp.Output = "right_click action performed"
+
+	case "middle_click":
+		x, y, err := coordFromAction(action)
+		if err != nil {
+			httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+				Message: err.Error(),
+			})
+			return
+		}
+		x, y = scaleXY(x, y)
+		if err := a.desktop.Click(ctx, x, y, MouseButtonMiddle); err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Middle click failed.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+		resp.Output = "middle_click action performed"
+
+	case "double_click":
+		x, y, err := coordFromAction(action)
+		if err != nil {
+			httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+				Message: err.Error(),
+			})
+			return
+		}
+		x, y = scaleXY(x, y)
+		if err := a.desktop.DoubleClick(ctx, x, y, MouseButtonLeft); err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Double click failed.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+		resp.Output = "double_click action performed"
+
+	case "triple_click":
+		x, y, err := coordFromAction(action)
+		if err != nil {
+			httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+				Message: err.Error(),
+			})
+			return
+		}
+		x, y = scaleXY(x, y)
+		for range 3 {
+			if err := a.desktop.Click(ctx, x, y, MouseButtonLeft); err != nil {
+				httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+					Message: "Triple click failed.",
+					Detail:  err.Error(),
+				})
+				return
+			}
+		}
+		resp.Output = "triple_click action performed"
+
+	case "scroll":
+		x, y, err := coordFromAction(action)
+		if err != nil {
+			httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+				Message: err.Error(),
+			})
+			return
+		}
+		x, y = scaleXY(x, y)
+
+		amount := 3
+		if action.ScrollAmount != nil {
+			amount = *action.ScrollAmount
+		}
+		direction := "down"
+		if action.ScrollDirection != nil {
+			direction = *action.ScrollDirection
+		}
+
+		var dx, dy int
+		switch direction {
+		case "up":
+			dy = -amount
+		case "down":
+			dy = amount
+		case "left":
+			dx = -amount
+		case "right":
+			dx = amount
+		default:
+			httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+				Message: "Invalid scroll direction: " + direction,
+			})
+			return
+		}
+
+		if err := a.desktop.Scroll(ctx, x, y, dx, dy); err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Scroll failed.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+		resp.Output = "scroll action performed"
+
+	case "hold_key":
+		if action.Text == nil {
+			httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+				Message: "Missing \"text\" for hold_key action.",
+			})
+			return
+		}
+		dur := 1000
+		if action.Duration != nil {
+			dur = *action.Duration
+		}
+		if err := a.desktop.KeyDown(ctx, *action.Text); err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Key down failed.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+		timer := a.clock.NewTimer(time.Duration(dur)*time.Millisecond, "agentdesktop", "hold_key")
+		defer timer.Stop()
+		select {
+		case <-ctx.Done():
+			// Context canceled; release the key immediately.
+			if err := a.desktop.KeyUp(ctx, *action.Text); err != nil {
+				a.logger.Warn(ctx, "handleAction: KeyUp after context cancel", slog.Error(err))
+			}
+			return
+		case <-timer.C:
+		}
+		if err := a.desktop.KeyUp(ctx, *action.Text); err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Key up failed.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+		resp.Output = "hold_key action performed"
+
+	case "screenshot":
+		var opts ScreenshotOptions
+		if action.ScaledWidth != nil && *action.ScaledWidth > 0 {
+			opts.TargetWidth = *action.ScaledWidth
+		}
+		if action.ScaledHeight != nil && *action.ScaledHeight > 0 {
+			opts.TargetHeight = *action.ScaledHeight
+		}
+		result, err := a.desktop.Screenshot(ctx, opts)
+		if err != nil {
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Screenshot failed.",
+				Detail:  err.Error(),
+			})
+			return
+		}
+		resp.Output = "screenshot"
+		resp.ScreenshotData = result.Data
+		if action.ScaledWidth != nil && *action.ScaledWidth > 0 && *action.ScaledWidth != cfg.Width {
+			resp.ScreenshotWidth = *action.ScaledWidth
+		} else {
+			resp.ScreenshotWidth = cfg.Width
+		}
+		if action.ScaledHeight != nil && *action.ScaledHeight > 0 && *action.ScaledHeight != cfg.Height {
+			resp.ScreenshotHeight = *action.ScaledHeight
+		} else {
+			resp.ScreenshotHeight = cfg.Height
+		}
+
+	default:
+		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			Message: "Unknown action: " + action.Action,
+		})
+		return
+	}
+
+	elapsedMs := a.clock.Since(handlerStart).Milliseconds()
+	if ctx.Err() != nil {
+		a.logger.Error(ctx, "handleAction: context canceled before writing response",
+			slog.F("action", action.Action),
+			slog.F("elapsed_ms", elapsedMs),
+			slog.Error(ctx.Err()),
+		)
+		return
+	}
+	a.logger.Info(ctx, "handleAction: writing response",
+		slog.F("action", action.Action),
+		slog.F("elapsed_ms", elapsedMs),
+	)
+	httpapi.Write(ctx, rw, http.StatusOK, resp)
+}
+
+// Close shuts down the desktop session if one is running.
+func (a *API) Close() error {
+	return a.desktop.Close()
+}
+
+// coordFromAction extracts the coordinate pair from a DesktopAction,
+// returning an error if the coordinate field is missing.
+func coordFromAction(action DesktopAction) (x, y int, err error) {
+	if action.Coordinate == nil {
+		return 0, 0, &missingFieldError{field: "coordinate", action: action.Action}
+	}
+	return action.Coordinate[0], action.Coordinate[1], nil
+}
+
+// missingFieldError is returned when a required field is absent from
+// a DesktopAction.
+type missingFieldError struct {
+	field  string
+	action string
+}
+
+func (e *missingFieldError) Error() string {
+	return "Missing \"" + e.field + "\" for " + e.action + " action."
+}
+
+// scaleCoordinate maps a coordinate from scaled → native space.
+func scaleCoordinate(scaled, scaledDim, nativeDim int) int {
+	if scaledDim == 0 || scaledDim == nativeDim {
+		return scaled
+	}
+	native := (float64(scaled)+0.5)*float64(nativeDim)/float64(scaledDim) - 0.5
+	// Clamp to valid range.
+	native = math.Max(native, 0)
+	native = math.Min(native, float64(nativeDim-1))
+	return int(native)
+}
@@ -0,0 +1,467 @@
+package agentdesktop_test
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"golang.org/x/xerrors"
+
+	"cdr.dev/slog/v3/sloggers/slogtest"
+	"github.com/coder/coder/v2/agent/agentdesktop"
+	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/workspacesdk"
+	"github.com/coder/quartz"
+)
+
+// Ensure fakeDesktop satisfies the Desktop interface at compile time.
+var _ agentdesktop.Desktop = (*fakeDesktop)(nil)
+
+// fakeDesktop is a minimal Desktop implementation for unit tests.
+type fakeDesktop struct {
+	startErr      error
+	startCfg      agentdesktop.DisplayConfig
+	vncConnErr    error
+	screenshotErr error
+	screenshotRes agentdesktop.ScreenshotResult
+	closed        bool
+
+	// Track calls for assertions.
+	lastMove    [2]int
+	lastClick   [3]int // x, y, button
+	lastScroll  [4]int // x, y, dx, dy
+	lastKey     string
+	lastTyped   string
+	lastKeyDown string
+	lastKeyUp   string
+}
+
+func (f *fakeDesktop) Start(context.Context) (agentdesktop.DisplayConfig, error) {
+	return f.startCfg, f.startErr
+}
+
+func (f *fakeDesktop) VNCConn(context.Context) (net.Conn, error) {
+	return nil, f.vncConnErr
+}
+
+func (f *fakeDesktop) Screenshot(_ context.Context, _ agentdesktop.ScreenshotOptions) (agentdesktop.ScreenshotResult, error) {
+	return f.screenshotRes, f.screenshotErr
+}
+
+func (f *fakeDesktop) Move(_ context.Context, x, y int) error {
+	f.lastMove = [2]int{x, y}
+	return nil
+}
+
+func (f *fakeDesktop) Click(_ context.Context, x, y int, _ agentdesktop.MouseButton) error {
+	f.lastClick = [3]int{x, y, 1}
+	return nil
+}
+
+func (f *fakeDesktop) DoubleClick(_ context.Context, x, y int, _ agentdesktop.MouseButton) error {
+	f.lastClick = [3]int{x, y, 2}
+	return nil
+}
+
+func (*fakeDesktop) ButtonDown(context.Context, agentdesktop.MouseButton) error { return nil }
+func (*fakeDesktop) ButtonUp(context.Context, agentdesktop.MouseButton) error   { return nil }
+
+func (f *fakeDesktop) Scroll(_ context.Context, x, y, dx, dy int) error {
+	f.lastScroll = [4]int{x, y, dx, dy}
+	return nil
+}
+
+func (*fakeDesktop) Drag(context.Context, int, int, int, int) error { return nil }
+
+func (f *fakeDesktop) KeyPress(_ context.Context, key string) error {
+	f.lastKey = key
+	return nil
+}
+
+func (f *fakeDesktop) KeyDown(_ context.Context, key string) error {
+	f.lastKeyDown = key
+	return nil
+}
+
+func (f *fakeDesktop) KeyUp(_ context.Context, key string) error {
+	f.lastKeyUp = key
+	return nil
+}
+
+func (f *fakeDesktop) Type(_ context.Context, text string) error {
+	f.lastTyped = text
+	return nil
+}
+
+func (*fakeDesktop) CursorPosition(context.Context) (x int, y int, err error) {
+	return 10, 20, nil
+}
+
+func (f *fakeDesktop) Close() error {
+	f.closed = true
+	return nil
+}
+
+func TestHandleDesktopVNC_StartError(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	fake := &fakeDesktop{startErr: xerrors.New("no desktop")}
+	api := agentdesktop.NewAPI(logger, fake, nil)
+	defer api.Close()
+
+	rr := httptest.NewRecorder()
+	req := httptest.NewRequest(http.MethodGet, "/vnc", nil)
+
+	handler := api.Routes()
+	handler.ServeHTTP(rr, req)
+
+	assert.Equal(t, http.StatusInternalServerError, rr.Code)
+
+	var resp codersdk.Response
+	err := json.NewDecoder(rr.Body).Decode(&resp)
+	require.NoError(t, err)
+	assert.Equal(t, "Failed to start desktop session.", resp.Message)
+}
+
+func TestHandleAction_Screenshot(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	fake := &fakeDesktop{
+		startCfg:      agentdesktop.DisplayConfig{Width: workspacesdk.DesktopDisplayWidth, Height: workspacesdk.DesktopDisplayHeight},
+		screenshotRes: agentdesktop.ScreenshotResult{Data: "base64data"},
+	}
+	api := agentdesktop.NewAPI(logger, fake, nil)
+	defer api.Close()
+
+	body := agentdesktop.DesktopAction{Action: "screenshot"}
+	b, err := json.Marshal(body)
+	require.NoError(t, err)
+
+	rr := httptest.NewRecorder()
+	req := httptest.NewRequest(http.MethodPost, "/action", bytes.NewReader(b))
+	req.Header.Set("Content-Type", "application/json")
+
+	handler := api.Routes()
+	handler.ServeHTTP(rr, req)
+
+	assert.Equal(t, http.StatusOK, rr.Code)
+
+	var result agentdesktop.DesktopActionResponse
+	err = json.NewDecoder(rr.Body).Decode(&result)
+	require.NoError(t, err)
+	// Dimensions come from DisplayConfig, not the screenshot CLI.
+	assert.Equal(t, "screenshot", result.Output)
+	assert.Equal(t, "base64data", result.ScreenshotData)
+	assert.Equal(t, workspacesdk.DesktopDisplayWidth, result.ScreenshotWidth)
+	assert.Equal(t, workspacesdk.DesktopDisplayHeight, result.ScreenshotHeight)
+}
+
+func TestHandleAction_LeftClick(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	fake := &fakeDesktop{
+		startCfg: agentdesktop.DisplayConfig{Width: 1920, Height: 1080},
+	}
+	api := agentdesktop.NewAPI(logger, fake, nil)
+	defer api.Close()
+
+	body := agentdesktop.DesktopAction{
+		Action:     "left_click",
+		Coordinate: &[2]int{100, 200},
+	}
+	b, err := json.Marshal(body)
+	require.NoError(t, err)
+
+	rr := httptest.NewRecorder()
+	req := httptest.NewRequest(http.MethodPost, "/action", bytes.NewReader(b))
+	req.Header.Set("Content-Type", "application/json")
+
+	handler := api.Routes()
+	handler.ServeHTTP(rr, req)
+
+	assert.Equal(t, http.StatusOK, rr.Code)
+
+	var resp agentdesktop.DesktopActionResponse
+	err = json.NewDecoder(rr.Body).Decode(&resp)
+	require.NoError(t, err)
+	assert.Equal(t, "left_click action performed", resp.Output)
+	assert.Equal(t, [3]int{100, 200, 1}, fake.lastClick)
+}
+
+func TestHandleAction_UnknownAction(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	fake := &fakeDesktop{
+		startCfg: agentdesktop.DisplayConfig{Width: 1920, Height: 1080},
+	}
+	api := agentdesktop.NewAPI(logger, fake, nil)
+	defer api.Close()
+
+	body := agentdesktop.DesktopAction{Action: "explode"}
+	b, err := json.Marshal(body)
+	require.NoError(t, err)
+
+	rr := httptest.NewRecorder()
+	req := httptest.NewRequest(http.MethodPost, "/action", bytes.NewReader(b))
+	req.Header.Set("Content-Type", "application/json")
+
+	handler := api.Routes()
+	handler.ServeHTTP(rr, req)
+
+	assert.Equal(t, http.StatusBadRequest, rr.Code)
+}
+
+func TestHandleAction_KeyAction(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	fake := &fakeDesktop{
+		startCfg: agentdesktop.DisplayConfig{Width: 1920, Height: 1080},
+	}
+	api := agentdesktop.NewAPI(logger, fake, nil)
+	defer api.Close()
+
+	text := "Return"
+	body := agentdesktop.DesktopAction{
+		Action: "key",
+		Text:   &text,
+	}
+	b, err := json.Marshal(body)
+	require.NoError(t, err)
+
+	rr := httptest.NewRecorder()
+	req := httptest.NewRequest(http.MethodPost, "/action", bytes.NewReader(b))
+	req.Header.Set("Content-Type", "application/json")
+
+	handler := api.Routes()
+	handler.ServeHTTP(rr, req)
+
+	assert.Equal(t, http.StatusOK, rr.Code)
+	assert.Equal(t, "Return", fake.lastKey)
+}
+
+func TestHandleAction_TypeAction(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	fake := &fakeDesktop{
+		startCfg: agentdesktop.DisplayConfig{Width: 1920, Height: 1080},
+	}
+	api := agentdesktop.NewAPI(logger, fake, nil)
+	defer api.Close()
+
+	text := "hello world"
+	body := agentdesktop.DesktopAction{
+		Action: "type",
+		Text:   &text,
+	}
+	b, err := json.Marshal(body)
+	require.NoError(t, err)
+
+	rr := httptest.NewRecorder()
+	req := httptest.NewRequest(http.MethodPost, "/action", bytes.NewReader(b))
+	req.Header.Set("Content-Type", "application/json")
+
+	handler := api.Routes()
+	handler.ServeHTTP(rr, req)
+
+	assert.Equal(t, http.StatusOK, rr.Code)
+	assert.Equal(t, "hello world", fake.lastTyped)
+}
+
+func TestHandleAction_HoldKey(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	fake := &fakeDesktop{
+		startCfg: agentdesktop.DisplayConfig{Width: 1920, Height: 1080},
+	}
+	mClk := quartz.NewMock(t)
+	trap := mClk.Trap().NewTimer("agentdesktop", "hold_key")
+	defer trap.Close()
+	api := agentdesktop.NewAPI(logger, fake, mClk)
+	defer api.Close()
+
+	text := "Shift_L"
+	dur := 100
+	body := agentdesktop.DesktopAction{
+		Action:   "hold_key",
+		Text:     &text,
+		Duration: &dur,
+	}
+	b, err := json.Marshal(body)
+	require.NoError(t, err)
+
+	rr := httptest.NewRecorder()
+	req := httptest.NewRequest(http.MethodPost, "/action", bytes.NewReader(b))
+	req.Header.Set("Content-Type", "application/json")
+
+	handler := api.Routes()
+
+	done := make(chan struct{})
+	go func() {
+		defer close(done)
+		handler.ServeHTTP(rr, req)
+	}()
+
+	// Wait for the timer to be created, then advance past it.
+	trap.MustWait(req.Context()).MustRelease(req.Context())
+	mClk.Advance(time.Duration(dur) * time.Millisecond).MustWait(req.Context())
+
+	<-done
+
+	assert.Equal(t, http.StatusOK, rr.Code)
+
+	var resp agentdesktop.DesktopActionResponse
+	err = json.NewDecoder(rr.Body).Decode(&resp)
+	require.NoError(t, err)
+	assert.Equal(t, "hold_key action performed", resp.Output)
+	assert.Equal(t, "Shift_L", fake.lastKeyDown)
+	assert.Equal(t, "Shift_L", fake.lastKeyUp)
+}
+
+func TestHandleAction_HoldKeyMissingText(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	fake := &fakeDesktop{
+		startCfg: agentdesktop.DisplayConfig{Width: 1920, Height: 1080},
+	}
+	api := agentdesktop.NewAPI(logger, fake, nil)
+	defer api.Close()
+
+	body := agentdesktop.DesktopAction{Action: "hold_key"}
+	b, err := json.Marshal(body)
+	require.NoError(t, err)
+
+	rr := httptest.NewRecorder()
+	req := httptest.NewRequest(http.MethodPost, "/action", bytes.NewReader(b))
+	req.Header.Set("Content-Type", "application/json")
+
+	handler := api.Routes()
+	handler.ServeHTTP(rr, req)
+
+	assert.Equal(t, http.StatusBadRequest, rr.Code)
+
+	var resp codersdk.Response
+	err = json.NewDecoder(rr.Body).Decode(&resp)
+	require.NoError(t, err)
+	assert.Equal(t, "Missing \"text\" for hold_key action.", resp.Message)
+}
+
+func TestHandleAction_ScrollDown(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	fake := &fakeDesktop{
+		startCfg: agentdesktop.DisplayConfig{Width: 1920, Height: 1080},
+	}
+	api := agentdesktop.NewAPI(logger, fake, nil)
+	defer api.Close()
+
+	dir := "down"
+	amount := 5
+	body := agentdesktop.DesktopAction{
+		Action:          "scroll",
+		Coordinate:      &[2]int{500, 400},
+		ScrollDirection: &dir,
+		ScrollAmount:    &amount,
+	}
+	b, err := json.Marshal(body)
+	require.NoError(t, err)
+
+	rr := httptest.NewRecorder()
+	req := httptest.NewRequest(http.MethodPost, "/action", bytes.NewReader(b))
+	req.Header.Set("Content-Type", "application/json")
+
+	handler := api.Routes()
+	handler.ServeHTTP(rr, req)
+
+	assert.Equal(t, http.StatusOK, rr.Code)
+	// dy should be positive 5 for "down".
+	assert.Equal(t, [4]int{500, 400, 0, 5}, fake.lastScroll)
+}
+
+func TestHandleAction_CoordinateScaling(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	fake := &fakeDesktop{
+		// Native display is 1920x1080.
+		startCfg: agentdesktop.DisplayConfig{Width: 1920, Height: 1080},
+	}
+	api := agentdesktop.NewAPI(logger, fake, nil)
+	defer api.Close()
+
+	// Model is working in a 1280x720 coordinate space.
+	sw := 1280
+	sh := 720
+	body := agentdesktop.DesktopAction{
+		Action:       "mouse_move",
+		Coordinate:   &[2]int{640, 360},
+		ScaledWidth:  &sw,
+		ScaledHeight: &sh,
+	}
+	b, err := json.Marshal(body)
+	require.NoError(t, err)
+
+	rr := httptest.NewRecorder()
+	req := httptest.NewRequest(http.MethodPost, "/action", bytes.NewReader(b))
+	req.Header.Set("Content-Type", "application/json")
+
+	handler := api.Routes()
+	handler.ServeHTTP(rr, req)
+
+	assert.Equal(t, http.StatusOK, rr.Code)
+	// 640 in 1280-space → 960 in 1920-space (midpoint maps to
+	// midpoint).
+	assert.Equal(t, 960, fake.lastMove[0])
+	assert.Equal(t, 540, fake.lastMove[1])
+}
+
+func TestClose_DelegatesToDesktop(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	fake := &fakeDesktop{}
+	api := agentdesktop.NewAPI(logger, fake, nil)
+
+	err := api.Close()
+	require.NoError(t, err)
+	assert.True(t, fake.closed)
+}
+
+func TestClose_PreventsNewSessions(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	// After Close(), Start() will return an error because the
+	// underlying Desktop is closed.
+	fake := &fakeDesktop{}
+	api := agentdesktop.NewAPI(logger, fake, nil)
+
+	err := api.Close()
+	require.NoError(t, err)
+
+	// Simulate the closed desktop returning an error on Start().
+	fake.startErr = xerrors.New("desktop is closed")
+
+	rr := httptest.NewRecorder()
+	req := httptest.NewRequest(http.MethodGet, "/vnc", nil)
+
+	handler := api.Routes()
+	handler.ServeHTTP(rr, req)
+
+	assert.Equal(t, http.StatusInternalServerError, rr.Code)
+}
@@ -0,0 +1,91 @@
+package agentdesktop
+
+import (
+	"context"
+	"net"
+)
+
+// Desktop abstracts a virtual desktop session running inside a workspace.
+type Desktop interface {
+	// Start launches the desktop session. It is idempotent — calling
+	// Start on an already-running session returns the existing
+	// config. The returned DisplayConfig describes the running
+	// session.
+	Start(ctx context.Context) (DisplayConfig, error)
+
+	// VNCConn dials the desktop's VNC server and returns a raw
+	// net.Conn carrying RFB binary frames. Each call returns a new
+	// connection; multiple clients can connect simultaneously.
+	// Start must be called before VNCConn.
+	VNCConn(ctx context.Context) (net.Conn, error)
+
+	// Screenshot captures the current framebuffer as a PNG and
+	// returns it base64-encoded. TargetWidth/TargetHeight in opts
+	// are the desired output dimensions (the implementation
+	// rescales); pass 0 to use native resolution.
+	Screenshot(ctx context.Context, opts ScreenshotOptions) (ScreenshotResult, error)
+
+	// Mouse operations.
+
+	// Move moves the mouse cursor to absolute coordinates.
+	Move(ctx context.Context, x, y int) error
+	// Click performs a mouse button click at the given coordinates.
+	Click(ctx context.Context, x, y int, button MouseButton) error
+	// DoubleClick performs a double-click at the given coordinates.
+	DoubleClick(ctx context.Context, x, y int, button MouseButton) error
+	// ButtonDown presses and holds a mouse button.
+	ButtonDown(ctx context.Context, button MouseButton) error
+	// ButtonUp releases a mouse button.
+	ButtonUp(ctx context.Context, button MouseButton) error
+	// Scroll scrolls by (dx, dy) clicks at the given coordinates.
+	Scroll(ctx context.Context, x, y, dx, dy int) error
+	// Drag moves from (startX,startY) to (endX,endY) while holding
+	// the left mouse button.
+	Drag(ctx context.Context, startX, startY, endX, endY int) error
+
+	// Keyboard operations.
+
+	// KeyPress sends a key-down then key-up for a key combo string
+	// (e.g. "Return", "ctrl+c").
+	KeyPress(ctx context.Context, keys string) error
+	// KeyDown presses and holds a key.
+	KeyDown(ctx context.Context, key string) error
+	// KeyUp releases a key.
+	KeyUp(ctx context.Context, key string) error
+	// Type types a string of text character-by-character.
+	Type(ctx context.Context, text string) error
+
+	// CursorPosition returns the current cursor coordinates.
+	CursorPosition(ctx context.Context) (x, y int, err error)
+
+	// Close shuts down the desktop session and cleans up resources.
+	Close() error
+}
+
+// DisplayConfig describes a running desktop session.
+type DisplayConfig struct {
+	Width   int // native width in pixels
+	Height  int // native height in pixels
+	VNCPort int // local TCP port for the VNC server
+	Display int // X11 display number (e.g. 1 for :1), -1 if N/A
+}
+
+// MouseButton identifies a mouse button.
+type MouseButton string
+
+const (
+	MouseButtonLeft   MouseButton = "left"
+	MouseButtonRight  MouseButton = "right"
+	MouseButtonMiddle MouseButton = "middle"
+)
+
+// ScreenshotOptions configures a screenshot capture.
+type ScreenshotOptions struct {
+	TargetWidth  int // 0 = native
+	TargetHeight int // 0 = native
+}
+
+// ScreenshotResult is a captured screenshot.
+type ScreenshotResult struct {
+	Data string // base64-encoded PNG
+}
@@ -0,0 +1,544 @@
+package agentdesktop
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strconv"
+	"sync"
+	"time"
+
+	"golang.org/x/xerrors"
+
+	"cdr.dev/slog/v3"
+	"github.com/coder/coder/v2/agent/agentexec"
+	"github.com/coder/coder/v2/codersdk/workspacesdk"
+)
+
+const (
+	portableDesktopVersion = "v0.0.4"
+	downloadRetries        = 3
+	downloadRetryDelay     = time.Second
+)
+
+// platformBinaries maps GOARCH to download URL and expected SHA-256
+// digest for each supported platform.
+var platformBinaries = map[string]struct {
+	URL    string
+	SHA256 string
+}{
+	"amd64": {
+		URL:    "https://github.com/coder/portabledesktop/releases/download/" + portableDesktopVersion + "/portabledesktop-linux-x64",
+		SHA256: "a04e05e6c7d6f2e6b3acbf1729a7b21271276300b4fee321f4ffee6136538317",
+	},
+	"arm64": {
+		URL:    "https://github.com/coder/portabledesktop/releases/download/" + portableDesktopVersion + "/portabledesktop-linux-arm64",
+		SHA256: "b8cb9142dc32d46a608f25229cbe8168ff2a3aadc54253c74ff54cd347e16ca6",
+	},
+}
+
+// portableDesktopOutput is the JSON output from
+// `portabledesktop up --json`.
+type portableDesktopOutput struct {
+	VNCPort  int    `json:"vncPort"`
+	Geometry string `json:"geometry"` // e.g. "1920x1080"
+}
+
+// desktopSession tracks a running portabledesktop process.
+type desktopSession struct {
+	cmd     *exec.Cmd
+	vncPort int
+	width   int // native width, parsed from geometry
+	height  int // native height, parsed from geometry
+	display int // X11 display number, -1 if not available
+	cancel  context.CancelFunc
+}
+
+// cursorOutput is the JSON output from `portabledesktop cursor --json`.
+type cursorOutput struct {
+	X int `json:"x"`
+	Y int `json:"y"`
+}
+
+// screenshotOutput is the JSON output from
+// `portabledesktop screenshot --json`.
+type screenshotOutput struct {
+	Data string `json:"data"`
+}
+
+// portableDesktop implements Desktop by shelling out to the
+// portabledesktop CLI via agentexec.Execer.
+type portableDesktop struct {
+	logger  slog.Logger
+	execer  agentexec.Execer
+	dataDir string // agent's ScriptDataDir, used for binary caching
+
+	mu      sync.Mutex
+	session *desktopSession // nil until started
+	binPath string          // resolved path to binary, cached
+	closed  bool
+
+	// httpClient is used for downloading the binary. If nil,
+	// http.DefaultClient is used.
+	httpClient *http.Client
+}
+
+// NewPortableDesktop creates a Desktop backed by the portabledesktop
+// CLI binary, using execer to spawn child processes. dataDir is used
+// to cache the downloaded binary.
+func NewPortableDesktop(
+	logger slog.Logger,
+	execer agentexec.Execer,
+	dataDir string,
+) Desktop {
+	return &portableDesktop{
+		logger:  logger,
+		execer:  execer,
+		dataDir: dataDir,
+	}
+}
+
+// httpDo returns the HTTP client to use for downloads.
+func (p *portableDesktop) httpDo() *http.Client {
+	if p.httpClient != nil {
+		return p.httpClient
+	}
+	return http.DefaultClient
+}
+
+// Start launches the desktop session (idempotent).
+func (p *portableDesktop) Start(ctx context.Context) (DisplayConfig, error) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	if p.closed {
+		return DisplayConfig{}, xerrors.New("desktop is closed")
+	}
+
+	if err := p.ensureBinary(ctx); err != nil {
+		return DisplayConfig{}, xerrors.Errorf("ensure portabledesktop binary: %w", err)
+	}
+
+	// If we have an existing session, check if it's still alive.
+	if p.session != nil {
+		if !(p.session.cmd.ProcessState != nil && p.session.cmd.ProcessState.Exited()) {
+			return DisplayConfig{
+				Width:   p.session.width,
+				Height:  p.session.height,
+				VNCPort: p.session.vncPort,
+				Display: p.session.display,
+			}, nil
+		}
+		// Process died — clean up and recreate.
+		p.logger.Warn(ctx, "portabledesktop process died, recreating session")
+		p.session.cancel()
+		p.session = nil
+	}
+
+	// Spawn portabledesktop up --json.
+	sessionCtx, sessionCancel := context.WithCancel(context.Background())
+
+	//nolint:gosec // portabledesktop is a trusted binary resolved via ensureBinary.
+	cmd := p.execer.CommandContext(sessionCtx, p.binPath, "up", "--json",
+		"--geometry", fmt.Sprintf("%dx%d", workspacesdk.DesktopDisplayWidth, workspacesdk.DesktopDisplayHeight))
+	stdout, err := cmd.StdoutPipe()
+	if err != nil {
+		sessionCancel()
+		return DisplayConfig{}, xerrors.Errorf("create stdout pipe: %w", err)
+	}
+
+	if err := cmd.Start(); err != nil {
+		sessionCancel()
+		return DisplayConfig{}, xerrors.Errorf("start portabledesktop: %w", err)
+	}
+
+	// Parse the JSON output to get VNC port and geometry.
+	var output portableDesktopOutput
+	if err := json.NewDecoder(stdout).Decode(&output); err != nil {
+		sessionCancel()
+		_ = cmd.Process.Kill()
+		_ = cmd.Wait()
+		return DisplayConfig{}, xerrors.Errorf("parse portabledesktop output: %w", err)
+	}
+
+	if output.VNCPort == 0 {
+		sessionCancel()
+		_ = cmd.Process.Kill()
+		_ = cmd.Wait()
+		return DisplayConfig{}, xerrors.New("portabledesktop returned port 0")
+	}
+
+	var w, h int
+	if output.Geometry != "" {
+		if _, err := fmt.Sscanf(output.Geometry, "%dx%d", &w, &h); err != nil {
+			p.logger.Warn(ctx, "failed to parse geometry, using defaults",
+				slog.F("geometry", output.Geometry),
+				slog.Error(err),
+			)
+		}
+	}
+
+	p.logger.Info(ctx, "started portabledesktop session",
+		slog.F("vnc_port", output.VNCPort),
+		slog.F("width", w),
+		slog.F("height", h),
+		slog.F("pid", cmd.Process.Pid),
+	)
+
+	p.session = &desktopSession{
+		cmd:     cmd,
+		vncPort: output.VNCPort,
+		width:   w,
+		height:  h,
+		display: -1,
+		cancel:  sessionCancel,
+	}
+
+	return DisplayConfig{
+		Width:   w,
+		Height:  h,
+		VNCPort: output.VNCPort,
+		Display: -1,
+	}, nil
+}
+
+// VNCConn dials the desktop's VNC server and returns a raw
+// net.Conn carrying RFB binary frames.
+func (p *portableDesktop) VNCConn(_ context.Context) (net.Conn, error) {
+	p.mu.Lock()
+	session := p.session
+	p.mu.Unlock()
+
+	if session == nil {
+		return nil, xerrors.New("desktop session not started")
+	}
+
+	return net.Dial("tcp", fmt.Sprintf("127.0.0.1:%d", session.vncPort))
+}
+
+// Screenshot captures the current framebuffer as a base64-encoded PNG.
+func (p *portableDesktop) Screenshot(ctx context.Context, opts ScreenshotOptions) (ScreenshotResult, error) {
+	args := []string{"screenshot", "--json"}
+	if opts.TargetWidth > 0 {
+		args = append(args, "--target-width", strconv.Itoa(opts.TargetWidth))
+	}
+	if opts.TargetHeight > 0 {
+		args = append(args, "--target-height", strconv.Itoa(opts.TargetHeight))
+	}
+
+	out, err := p.runCmd(ctx, args...)
+	if err != nil {
+		return ScreenshotResult{}, err
+	}
+
+	var result screenshotOutput
+	if err := json.Unmarshal([]byte(out), &result); err != nil {
+		return ScreenshotResult{}, xerrors.Errorf("parse screenshot output: %w", err)
+	}
+
+	return ScreenshotResult(result), nil
+}
+
+// Move moves the mouse cursor to absolute coordinates.
+func (p *portableDesktop) Move(ctx context.Context, x, y int) error {
+	_, err := p.runCmd(ctx, "mouse", "move", strconv.Itoa(x), strconv.Itoa(y))
+	return err
+}
+
+// Click performs a mouse button click at the given coordinates.
+func (p *portableDesktop) Click(ctx context.Context, x, y int, button MouseButton) error {
+	if _, err := p.runCmd(ctx, "mouse", "move", strconv.Itoa(x), strconv.Itoa(y)); err != nil {
+		return err
+	}
+	_, err := p.runCmd(ctx, "mouse", "click", string(button))
+	return err
+}
+
+// DoubleClick performs a double-click at the given coordinates.
+func (p *portableDesktop) DoubleClick(ctx context.Context, x, y int, button MouseButton) error {
+	if _, err := p.runCmd(ctx, "mouse", "move", strconv.Itoa(x), strconv.Itoa(y)); err != nil {
+		return err
+	}
+	if _, err := p.runCmd(ctx, "mouse", "click", string(button)); err != nil {
+		return err
+	}
+	_, err := p.runCmd(ctx, "mouse", "click", string(button))
+	return err
+}
+
+// ButtonDown presses and holds a mouse button.
+func (p *portableDesktop) ButtonDown(ctx context.Context, button MouseButton) error {
+	_, err := p.runCmd(ctx, "mouse", "down", string(button))
+	return err
+}
+
+// ButtonUp releases a mouse button.
+func (p *portableDesktop) ButtonUp(ctx context.Context, button MouseButton) error {
+	_, err := p.runCmd(ctx, "mouse", "up", string(button))
+	return err
+}
+
+// Scroll scrolls by (dx, dy) clicks at the given coordinates.
+func (p *portableDesktop) Scroll(ctx context.Context, x, y, dx, dy int) error {
+	if _, err := p.runCmd(ctx, "mouse", "move", strconv.Itoa(x), strconv.Itoa(y)); err != nil {
+		return err
+	}
+	_, err := p.runCmd(ctx, "mouse", "scroll", strconv.Itoa(dx), strconv.Itoa(dy))
+	return err
+}
+
+// Drag moves from (startX,startY) to (endX,endY) while holding the
+// left mouse button.
+func (p *portableDesktop) Drag(ctx context.Context, startX, startY, endX, endY int) error {
+	if _, err := p.runCmd(ctx, "mouse", "move", strconv.Itoa(startX), strconv.Itoa(startY)); err != nil {
+		return err
+	}
+	if _, err := p.runCmd(ctx, "mouse", "down", string(MouseButtonLeft)); err != nil {
+		return err
+	}
+	if _, err := p.runCmd(ctx, "mouse", "move", strconv.Itoa(endX), strconv.Itoa(endY)); err != nil {
+		return err
+	}
+	_, err := p.runCmd(ctx, "mouse", "up", string(MouseButtonLeft))
+	return err
+}
+
+// KeyPress sends a key-down then key-up for a key combo string.
+func (p *portableDesktop) KeyPress(ctx context.Context, keys string) error {
+	_, err := p.runCmd(ctx, "keyboard", "key", keys)
+	return err
+}
+
+// KeyDown presses and holds a key.
+func (p *portableDesktop) KeyDown(ctx context.Context, key string) error {
+	_, err := p.runCmd(ctx, "keyboard", "down", key)
+	return err
+}
+
+// KeyUp releases a key.
+func (p *portableDesktop) KeyUp(ctx context.Context, key string) error {
+	_, err := p.runCmd(ctx, "keyboard", "up", key)
+	return err
+}
+
+// Type types a string of text character-by-character.
+func (p *portableDesktop) Type(ctx context.Context, text string) error {
+	_, err := p.runCmd(ctx, "keyboard", "type", text)
+	return err
+}
+
+// CursorPosition returns the current cursor coordinates.
+func (p *portableDesktop) CursorPosition(ctx context.Context) (x int, y int, err error) {
+	out, err := p.runCmd(ctx, "cursor", "--json")
+	if err != nil {
+		return 0, 0, err
+	}
+
+	var result cursorOutput
+	if err := json.Unmarshal([]byte(out), &result); err != nil {
+		return 0, 0, xerrors.Errorf("parse cursor output: %w", err)
+	}
+
+	return result.X, result.Y, nil
+}
+
+// Close shuts down the desktop session and cleans up resources.
+func (p *portableDesktop) Close() error {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	p.closed = true
+	if p.session != nil {
+		p.session.cancel()
+		// Xvnc is a child process — killing it cleans up the X
+		// session.
+		_ = p.session.cmd.Process.Kill()
+		_ = p.session.cmd.Wait()
+		p.session = nil
+	}
+	return nil
+}
+
+// runCmd executes a portabledesktop subcommand and returns combined
+// output. The caller must have previously called ensureBinary.
+func (p *portableDesktop) runCmd(ctx context.Context, args ...string) (string, error) {
+	start := time.Now()
+	//nolint:gosec // args are constructed by the caller, not user input.
+	cmd := p.execer.CommandContext(ctx, p.binPath, args...)
+	out, err := cmd.CombinedOutput()
+	elapsed := time.Since(start)
+	if err != nil {
+		p.logger.Warn(ctx, "portabledesktop command failed",
+			slog.F("args", args),
+			slog.F("elapsed_ms", elapsed.Milliseconds()),
+			slog.Error(err),
+			slog.F("output", string(out)),
+		)
+		return "", xerrors.Errorf("portabledesktop %s: %w: %s", args[0], err, string(out))
+	}
+	if elapsed > 5*time.Second {
+		p.logger.Warn(ctx, "portabledesktop command slow",
+			slog.F("args", args),
+			slog.F("elapsed_ms", elapsed.Milliseconds()),
+		)
+	} else {
+		p.logger.Debug(ctx, "portabledesktop command completed",
+			slog.F("args", args),
+			slog.F("elapsed_ms", elapsed.Milliseconds()),
+		)
+	}
+	return string(out), nil
+}
+
+// ensureBinary resolves or downloads the portabledesktop binary. It
+// must be called while p.mu is held.
+func (p *portableDesktop) ensureBinary(ctx context.Context) error {
+	if p.binPath != "" {
+		return nil
+	}
+
+	// 1. Check PATH.
+	if path, err := exec.LookPath("portabledesktop"); err == nil {
+		p.logger.Info(ctx, "found portabledesktop in PATH",
+			slog.F("path", path),
+		)
+		p.binPath = path
+		return nil
+	}
+
+	// 2. Platform checks.
+	if runtime.GOOS != "linux" {
+		return xerrors.New("portabledesktop is only supported on Linux")
+	}
+	bin, ok := platformBinaries[runtime.GOARCH]
+	if !ok {
+		return xerrors.Errorf("unsupported architecture for portabledesktop: %s", runtime.GOARCH)
+	}
+
+	// 3. Check cache.
+	cacheDir := filepath.Join(p.dataDir, "portabledesktop", bin.SHA256)
+	cachedPath := filepath.Join(cacheDir, "portabledesktop")
+
+	if info, err := os.Stat(cachedPath); err == nil && !info.IsDir() {
+		// Verify it is executable.
+		if info.Mode()&0o100 != 0 {
+			p.logger.Info(ctx, "using cached portabledesktop binary",
+				slog.F("path", cachedPath),
+			)
+			p.binPath = cachedPath
+			return nil
+		}
+	}
+
+	// 4. Download with retry.
+	p.logger.Info(ctx, "downloading portabledesktop binary",
+		slog.F("url", bin.URL),
+		slog.F("version", portableDesktopVersion),
+		slog.F("arch", runtime.GOARCH),
+	)
+
+	var lastErr error
+	for attempt := range downloadRetries {
+		if err := downloadBinary(ctx, p.httpDo(), bin.URL, bin.SHA256, cachedPath); err != nil {
+			lastErr = err
+			p.logger.Warn(ctx, "download attempt failed",
+				slog.F("attempt", attempt+1),
+				slog.F("max_attempts", downloadRetries),
+				slog.Error(err),
+			)
+			if attempt < downloadRetries-1 {
+				select {
+				case <-ctx.Done():
+					return ctx.Err()
+				case <-time.After(downloadRetryDelay):
+				}
+			}
+			continue
+		}
+		p.binPath = cachedPath
+		p.logger.Info(ctx, "downloaded portabledesktop binary",
+			slog.F("path", cachedPath),
+		)
+		return nil
+	}
+
+	return xerrors.Errorf("download portabledesktop after %d attempts: %w", downloadRetries, lastErr)
+}
+
+// downloadBinary fetches a binary from url, verifies its SHA-256
+// digest matches expectedSHA256, and atomically writes it to destPath.
+func downloadBinary(ctx context.Context, client *http.Client, url, expectedSHA256, destPath string) error {
+	if err := os.MkdirAll(filepath.Dir(destPath), 0o700); err != nil {
+		return xerrors.Errorf("create cache directory: %w", err)
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
+	if err != nil {
+		return xerrors.Errorf("create HTTP request: %w", err)
+	}
+	resp, err := client.Do(req)
+	if err != nil {
+		return xerrors.Errorf("HTTP GET %s: %w", url, err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return xerrors.Errorf("HTTP GET %s: status %d", url, resp.StatusCode)
+	}
+
+	// Write to a temp file in the same directory so the final rename
+	// is atomic on the same filesystem.
+	tmpFile, err := os.CreateTemp(filepath.Dir(destPath), "portabledesktop-download-*")
+	if err != nil {
+		return xerrors.Errorf("create temp file: %w", err)
+	}
+	tmpPath := tmpFile.Name()
+
+	// Clean up the temp file on any error path.
+	success := false
+	defer func() {
+		if !success {
+			_ = tmpFile.Close()
+			_ = os.Remove(tmpPath)
+		}
+	}()
+
+	// Stream the response body while computing SHA-256.
+	hasher := sha256.New()
+	if _, err := io.Copy(tmpFile, io.TeeReader(resp.Body, hasher)); err != nil {
+		return xerrors.Errorf("download body: %w", err)
+	}
+
+	if err := tmpFile.Close(); err != nil {
+		return xerrors.Errorf("close temp file: %w", err)
+	}
+
+	// Verify digest.
+	actualSHA256 := hex.EncodeToString(hasher.Sum(nil))
+	if actualSHA256 != expectedSHA256 {
+		return xerrors.Errorf(
+			"SHA-256 mismatch: expected %s, got %s",
+			expectedSHA256, actualSHA256,
+		)
+	}
+
+	if err := os.Chmod(tmpPath, 0o700); err != nil {
+		return xerrors.Errorf("chmod: %w", err)
+	}
+
+	if err := os.Rename(tmpPath, destPath); err != nil {
+		return xerrors.Errorf("rename to final path: %w", err)
+	}
+
+	success = true
+	return nil
+}
@@ -0,0 +1,713 @@
+package agentdesktop
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"sync"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"cdr.dev/slog/v3/sloggers/slogtest"
+	"github.com/coder/coder/v2/agent/agentexec"
+	"github.com/coder/coder/v2/pty"
+)
+
+// recordedExecer implements agentexec.Execer by recording every
+// invocation and delegating to a real shell command built from a
+// caller-supplied mapping of subcommand → shell script body.
+type recordedExecer struct {
+	mu       sync.Mutex
+	commands [][]string
+	// scripts maps a subcommand keyword (e.g. "up", "screenshot")
+	// to a shell snippet whose stdout will be the command output.
+	scripts map[string]string
+}
+
+func (r *recordedExecer) record(cmd string, args ...string) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	r.commands = append(r.commands, append([]string{cmd}, args...))
+}
+
+func (r *recordedExecer) allCommands() [][]string {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	out := make([][]string, len(r.commands))
+	copy(out, r.commands)
+	return out
+}
+
+// scriptFor finds the first matching script key present in args.
+func (r *recordedExecer) scriptFor(args []string) string {
+	for _, a := range args {
+		if s, ok := r.scripts[a]; ok {
+			return s
+		}
+	}
+	// Fallback: succeed silently.
+	return "true"
+}
+
+func (r *recordedExecer) CommandContext(ctx context.Context, cmd string, args ...string) *exec.Cmd {
+	r.record(cmd, args...)
+	script := r.scriptFor(args)
+	//nolint:gosec // Test helper — script content is controlled by the test.
+	return exec.CommandContext(ctx, "sh", "-c", script)
+}
+
+func (r *recordedExecer) PTYCommandContext(ctx context.Context, cmd string, args ...string) *pty.Cmd {
+	r.record(cmd, args...)
+	return pty.CommandContext(ctx, "sh", "-c", r.scriptFor(args))
+}
+
+// --- portableDesktop tests ---
+
+func TestPortableDesktop_Start_ParsesOutput(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	dataDir := t.TempDir()
+
+	// The "up" script prints the JSON line then sleeps until
+	// the context is canceled (simulating a long-running process).
+	rec := &recordedExecer{
+		scripts: map[string]string{
+			"up": `printf '{"vncPort":5901,"geometry":"1920x1080"}\n' && sleep 120`,
+		},
+	}
+
+	pd := &portableDesktop{
+		logger:  logger,
+		execer:  rec,
+		dataDir: dataDir,
+		binPath: "portabledesktop", // pre-set so ensureBinary is a no-op
+	}
+
+	ctx := context.Background()
+	cfg, err := pd.Start(ctx)
+	require.NoError(t, err)
+
+	assert.Equal(t, 1920, cfg.Width)
+	assert.Equal(t, 1080, cfg.Height)
+	assert.Equal(t, 5901, cfg.VNCPort)
+	assert.Equal(t, -1, cfg.Display)
+
+	// Clean up the long-running process.
+	require.NoError(t, pd.Close())
+}
+
+func TestPortableDesktop_Start_Idempotent(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	dataDir := t.TempDir()
+
+	rec := &recordedExecer{
+		scripts: map[string]string{
+			"up": `printf '{"vncPort":5901,"geometry":"1920x1080"}\n' && sleep 120`,
+		},
+	}
+
+	pd := &portableDesktop{
+		logger:  logger,
+		execer:  rec,
+		dataDir: dataDir,
+		binPath: "portabledesktop",
+	}
+
+	ctx := context.Background()
+	cfg1, err := pd.Start(ctx)
+	require.NoError(t, err)
+
+	cfg2, err := pd.Start(ctx)
+	require.NoError(t, err)
+
+	assert.Equal(t, cfg1, cfg2, "second Start should return the same config")
+
+	// The execer should have been called exactly once for "up".
+	cmds := rec.allCommands()
+	upCalls := 0
+	for _, c := range cmds {
+		for _, a := range c {
+			if a == "up" {
+				upCalls++
+			}
+		}
+	}
+	assert.Equal(t, 1, upCalls, "expected exactly one 'up' invocation")
+
+	require.NoError(t, pd.Close())
+}
+
+func TestPortableDesktop_Screenshot(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	dataDir := t.TempDir()
+
+	rec := &recordedExecer{
+		scripts: map[string]string{
+			"screenshot": `echo '{"data":"abc123"}'`,
+		},
+	}
+
+	pd := &portableDesktop{
+		logger:  logger,
+		execer:  rec,
+		dataDir: dataDir,
+		binPath: "portabledesktop",
+	}
+
+	ctx := context.Background()
+	result, err := pd.Screenshot(ctx, ScreenshotOptions{})
+	require.NoError(t, err)
+
+	assert.Equal(t, "abc123", result.Data)
+}
+
+func TestPortableDesktop_Screenshot_WithTargetDimensions(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	dataDir := t.TempDir()
+
+	rec := &recordedExecer{
+		scripts: map[string]string{
+			"screenshot": `echo '{"data":"x"}'`,
+		},
+	}
+
+	pd := &portableDesktop{
+		logger:  logger,
+		execer:  rec,
+		dataDir: dataDir,
+		binPath: "portabledesktop",
+	}
+
+	ctx := context.Background()
+	_, err := pd.Screenshot(ctx, ScreenshotOptions{
+		TargetWidth:  800,
+		TargetHeight: 600,
+	})
+	require.NoError(t, err)
+
+	cmds := rec.allCommands()
+	require.NotEmpty(t, cmds)
+
+	// The last command should contain the target dimension flags.
+	last := cmds[len(cmds)-1]
+	joined := strings.Join(last, " ")
+	assert.Contains(t, joined, "--target-width 800")
+	assert.Contains(t, joined, "--target-height 600")
+}
+
+func TestPortableDesktop_MouseMethods(t *testing.T) {
+	t.Parallel()
+
+	// Each sub-test verifies a single mouse method dispatches the
+	// correct CLI arguments.
+	tests := []struct {
+		name     string
+		invoke   func(context.Context, *portableDesktop) error
+		wantArgs []string // substrings expected in a recorded command
+	}{
+		{
+			name: "Move",
+			invoke: func(ctx context.Context, pd *portableDesktop) error {
+				return pd.Move(ctx, 42, 99)
+			},
+			wantArgs: []string{"mouse", "move", "42", "99"},
+		},
+		{
+			name: "Click",
+			invoke: func(ctx context.Context, pd *portableDesktop) error {
+				return pd.Click(ctx, 10, 20, MouseButtonLeft)
+			},
+			// Click does move then click.
+			wantArgs: []string{"mouse", "click", "left"},
+		},
+		{
+			name: "DoubleClick",
+			invoke: func(ctx context.Context, pd *portableDesktop) error {
+				return pd.DoubleClick(ctx, 5, 6, MouseButtonRight)
+			},
+			wantArgs: []string{"mouse", "click", "right"},
+		},
+		{
+			name: "ButtonDown",
+			invoke: func(ctx context.Context, pd *portableDesktop) error {
+				return pd.ButtonDown(ctx, MouseButtonMiddle)
+			},
+			wantArgs: []string{"mouse", "down", "middle"},
+		},
+		{
+			name: "ButtonUp",
+			invoke: func(ctx context.Context, pd *portableDesktop) error {
+				return pd.ButtonUp(ctx, MouseButtonLeft)
+			},
+			wantArgs: []string{"mouse", "up", "left"},
+		},
+		{
+			name: "Scroll",
+			invoke: func(ctx context.Context, pd *portableDesktop) error {
+				return pd.Scroll(ctx, 50, 60, 3, 4)
+			},
+			wantArgs: []string{"mouse", "scroll", "3", "4"},
+		},
+		{
+			name: "Drag",
+			invoke: func(ctx context.Context, pd *portableDesktop) error {
+				return pd.Drag(ctx, 10, 20, 30, 40)
+			},
+			// Drag ends with mouse up left.
+			wantArgs: []string{"mouse", "up", "left"},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			logger := slogtest.Make(t, nil)
+			rec := &recordedExecer{
+				scripts: map[string]string{
+					"mouse": `echo ok`,
+				},
+			}
+
+			pd := &portableDesktop{
+				logger:  logger,
+				execer:  rec,
+				dataDir: t.TempDir(),
+				binPath: "portabledesktop",
+			}
+
+			err := tt.invoke(context.Background(), pd)
+			require.NoError(t, err)
+
+			cmds := rec.allCommands()
+			require.NotEmpty(t, cmds, "expected at least one command")
+
+			// Find at least one recorded command that contains
+			// all expected argument substrings.
+			found := false
+			for _, cmd := range cmds {
+				joined := strings.Join(cmd, " ")
+				match := true
+				for _, want := range tt.wantArgs {
+					if !strings.Contains(joined, want) {
+						match = false
+						break
+					}
+				}
+				if match {
+					found = true
+					break
+				}
+			}
+			assert.True(t, found,
+				"no recorded command matched %v; got %v", tt.wantArgs, cmds)
+		})
+	}
+}
+
+func TestPortableDesktop_KeyboardMethods(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name     string
+		invoke   func(context.Context, *portableDesktop) error
+		wantArgs []string
+	}{
+		{
+			name: "KeyPress",
+			invoke: func(ctx context.Context, pd *portableDesktop) error {
+				return pd.KeyPress(ctx, "Return")
+			},
+			wantArgs: []string{"keyboard", "key", "Return"},
+		},
+		{
+			name: "KeyDown",
+			invoke: func(ctx context.Context, pd *portableDesktop) error {
+				return pd.KeyDown(ctx, "shift")
+			},
+			wantArgs: []string{"keyboard", "down", "shift"},
+		},
+		{
+			name: "KeyUp",
+			invoke: func(ctx context.Context, pd *portableDesktop) error {
+				return pd.KeyUp(ctx, "shift")
+			},
+			wantArgs: []string{"keyboard", "up", "shift"},
+		},
+		{
+			name: "Type",
+			invoke: func(ctx context.Context, pd *portableDesktop) error {
+				return pd.Type(ctx, "hello world")
+			},
+			wantArgs: []string{"keyboard", "type", "hello world"},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			logger := slogtest.Make(t, nil)
+			rec := &recordedExecer{
+				scripts: map[string]string{
+					"keyboard": `echo ok`,
+				},
+			}
+
+			pd := &portableDesktop{
+				logger:  logger,
+				execer:  rec,
+				dataDir: t.TempDir(),
+				binPath: "portabledesktop",
+			}
+
+			err := tt.invoke(context.Background(), pd)
+			require.NoError(t, err)
+
+			cmds := rec.allCommands()
+			require.NotEmpty(t, cmds)
+
+			last := cmds[len(cmds)-1]
+			joined := strings.Join(last, " ")
+			for _, want := range tt.wantArgs {
+				assert.Contains(t, joined, want)
+			}
+		})
+	}
+}
+
+func TestPortableDesktop_CursorPosition(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+	rec := &recordedExecer{
+		scripts: map[string]string{
+			"cursor": `echo '{"x":100,"y":200}'`,
+		},
+	}
+
+	pd := &portableDesktop{
+		logger:  logger,
+		execer:  rec,
+		dataDir: t.TempDir(),
+		binPath: "portabledesktop",
+	}
+
+	x, y, err := pd.CursorPosition(context.Background())
+	require.NoError(t, err)
+	assert.Equal(t, 100, x)
+	assert.Equal(t, 200, y)
+}
+
+func TestPortableDesktop_Close(t *testing.T) {
+	t.Parallel()
+
+	logger := slogtest.Make(t, nil)
+
+	rec := &recordedExecer{
+		scripts: map[string]string{
+			"up": `printf '{"vncPort":5901,"geometry":"1024x768"}\n' && sleep 120`,
+		},
+	}
+
+	pd := &portableDesktop{
+		logger:  logger,
+		execer:  rec,
+		dataDir: t.TempDir(),
+		binPath: "portabledesktop",
+	}
+
+	ctx := context.Background()
+	_, err := pd.Start(ctx)
+	require.NoError(t, err)
+
+	// Session should exist.
+	pd.mu.Lock()
+	require.NotNil(t, pd.session)
+	pd.mu.Unlock()
+
+	require.NoError(t, pd.Close())
+
+	// Session should be cleaned up.
+	pd.mu.Lock()
+	assert.Nil(t, pd.session)
+	assert.True(t, pd.closed)
+	pd.mu.Unlock()
+
+	// Subsequent Start must fail.
+	_, err = pd.Start(ctx)
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "desktop is closed")
+}
+
+// --- downloadBinary tests ---
+
+func TestDownloadBinary_Success(t *testing.T) {
+	t.Parallel()
+
+	binaryContent := []byte("#!/bin/sh\necho portable\n")
+	hash := sha256.Sum256(binaryContent)
+	expectedSHA := hex.EncodeToString(hash[:])
+
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write(binaryContent)
+	}))
+	defer srv.Close()
+
+	destDir := t.TempDir()
+	destPath := filepath.Join(destDir, "portabledesktop")
+
+	err := downloadBinary(context.Background(), srv.Client(), srv.URL, expectedSHA, destPath)
+	require.NoError(t, err)
+
+	// Verify the file exists and has correct content.
+	got, err := os.ReadFile(destPath)
+	require.NoError(t, err)
+	assert.Equal(t, binaryContent, got)
+
+	// Verify executable permissions.
+	info, err := os.Stat(destPath)
+	require.NoError(t, err)
+	assert.NotZero(t, info.Mode()&0o700, "binary should be executable")
+}
+
+func TestDownloadBinary_ChecksumMismatch(t *testing.T) {
+	t.Parallel()
+
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write([]byte("real binary content"))
+	}))
+	defer srv.Close()
+
+	destDir := t.TempDir()
+	destPath := filepath.Join(destDir, "portabledesktop")
+
+	wrongSHA := "0000000000000000000000000000000000000000000000000000000000000000"
+	err := downloadBinary(context.Background(), srv.Client(), srv.URL, wrongSHA, destPath)
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "SHA-256 mismatch")
+
+	// The destination file should not exist (temp file cleaned up).
+	_, statErr := os.Stat(destPath)
+	assert.True(t, os.IsNotExist(statErr), "dest file should not exist after checksum failure")
+
+	// No leftover temp files in the directory.
+	entries, err := os.ReadDir(destDir)
+	require.NoError(t, err)
+	assert.Empty(t, entries, "no leftover temp files should remain")
+}
+
+func TestDownloadBinary_HTTPError(t *testing.T) {
+	t.Parallel()
+
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		w.WriteHeader(http.StatusNotFound)
+	}))
+	defer srv.Close()
+
+	destDir := t.TempDir()
+	destPath := filepath.Join(destDir, "portabledesktop")
+
+	err := downloadBinary(context.Background(), srv.Client(), srv.URL, "irrelevant", destPath)
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "status 404")
+}
+
+// --- ensureBinary tests ---
+
+func TestEnsureBinary_UsesCachedBinPath(t *testing.T) {
+	t.Parallel()
+
+	// When binPath is already set, ensureBinary should return
+	// immediately without doing any work.
+	logger := slogtest.Make(t, nil)
+	pd := &portableDesktop{
+		logger:  logger,
+		execer:  agentexec.DefaultExecer,
+		dataDir: t.TempDir(),
+		binPath: "/already/set",
+	}
+
+	err := pd.ensureBinary(context.Background())
+	require.NoError(t, err)
+	assert.Equal(t, "/already/set", pd.binPath)
+}
+
+func TestEnsureBinary_UsesCachedBinary(t *testing.T) {
+	// Cannot use t.Parallel because t.Setenv modifies the process
+	// environment.
+	if runtime.GOOS != "linux" {
+		t.Skip("portabledesktop is only supported on Linux")
+	}
+
+	bin, ok := platformBinaries[runtime.GOARCH]
+	if !ok {
+		t.Skipf("no platformBinary entry for %s", runtime.GOARCH)
+	}
+
+	dataDir := t.TempDir()
+	cacheDir := filepath.Join(dataDir, "portabledesktop", bin.SHA256)
+	require.NoError(t, os.MkdirAll(cacheDir, 0o700))
+
+	cachedPath := filepath.Join(cacheDir, "portabledesktop")
+	require.NoError(t, os.WriteFile(cachedPath, []byte("#!/bin/sh\n"), 0o600))
+
+	logger := slogtest.Make(t, nil)
+	pd := &portableDesktop{
+		logger:  logger,
+		execer:  agentexec.DefaultExecer,
+		dataDir: dataDir,
+	}
+
+	// Clear PATH so LookPath won't find a real binary.
+	t.Setenv("PATH", "")
+
+	err := pd.ensureBinary(context.Background())
+	require.NoError(t, err)
+	assert.Equal(t, cachedPath, pd.binPath)
+}
+
+func TestEnsureBinary_Downloads(t *testing.T) {
+	// Cannot use t.Parallel because t.Setenv modifies the process
+	// environment and we override the package-level platformBinaries.
+	if runtime.GOOS != "linux" {
+		t.Skip("portabledesktop is only supported on Linux")
+	}
+
+	binaryContent := []byte("#!/bin/sh\necho downloaded\n")
+	hash := sha256.Sum256(binaryContent)
+	expectedSHA := hex.EncodeToString(hash[:])
+
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write(binaryContent)
+	}))
+	defer srv.Close()
+
+	// Save and restore platformBinaries for this test.
+	origBinaries := platformBinaries
+	platformBinaries = map[string]struct {
+		URL    string
+		SHA256 string
+	}{
+		runtime.GOARCH: {
+			URL:    srv.URL + "/portabledesktop",
+			SHA256: expectedSHA,
+		},
+	}
+	t.Cleanup(func() { platformBinaries = origBinaries })
+
+	dataDir := t.TempDir()
+	logger := slogtest.Make(t, nil)
+	pd := &portableDesktop{
+		logger:     logger,
+		execer:     agentexec.DefaultExecer,
+		dataDir:    dataDir,
+		httpClient: srv.Client(),
+	}
+
+	// Ensure PATH doesn't contain a real portabledesktop binary.
+	t.Setenv("PATH", "")
+
+	err := pd.ensureBinary(context.Background())
+	require.NoError(t, err)
+
+	expectedPath := filepath.Join(dataDir, "portabledesktop", expectedSHA, "portabledesktop")
+	assert.Equal(t, expectedPath, pd.binPath)
+
+	// Verify the downloaded file has correct content.
+	got, err := os.ReadFile(expectedPath)
+	require.NoError(t, err)
+	assert.Equal(t, binaryContent, got)
+}
+
+func TestEnsureBinary_RetriesOnFailure(t *testing.T) {
+	t.Parallel()
+
+	if runtime.GOOS != "linux" {
+		t.Skip("portabledesktop is only supported on Linux")
+	}
+
+	binaryContent := []byte("#!/bin/sh\necho retried\n")
+	hash := sha256.Sum256(binaryContent)
+	expectedSHA := hex.EncodeToString(hash[:])
+
+	var mu sync.Mutex
+	attempt := 0
+
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		mu.Lock()
+		current := attempt
+		attempt++
+		mu.Unlock()
+
+		// Fail the first 2 attempts, succeed on the third.
+		if current < 2 {
+			w.WriteHeader(http.StatusServiceUnavailable)
+			return
+		}
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write(binaryContent)
+	}))
+	defer srv.Close()
+
+	// Test downloadBinary directly to avoid time.Sleep in
+	// ensureBinary's retry loop. We call it 3 times to simulate
+	// what ensureBinary would do.
+	destDir := t.TempDir()
+	destPath := filepath.Join(destDir, "portabledesktop")
+
+	var lastErr error
+	for i := range 3 {
+		lastErr = downloadBinary(context.Background(), srv.Client(), srv.URL, expectedSHA, destPath)
+		if lastErr == nil {
+			break
+		}
+		if i < 2 {
+			// In the real code, ensureBinary sleeps here.
+			// We skip the sleep in tests.
+			continue
+		}
+	}
+	require.NoError(t, lastErr, "download should succeed on the third attempt")
+
+	got, err := os.ReadFile(destPath)
+	require.NoError(t, err)
+	assert.Equal(t, binaryContent, got)
+
+	mu.Lock()
+	assert.Equal(t, 3, attempt, "server should have been hit 3 times")
+	mu.Unlock()
+}
+
+// Ensure that portableDesktop satisfies the Desktop interface at
+// compile time. This uses the unexported type so it lives in the
+// internal test package.
+var _ Desktop = (*portableDesktop)(nil)
+
+// Silence the linter about unused imports — agentexec.DefaultExecer
+// is used in TestEnsureBinary_UsesCachedBinPath and others, and
+// fmt.Sscanf is used indirectly via the implementation.
+var (
+	_ = agentexec.DefaultExecer
+	_ = fmt.Sprintf
+)
@@ -7,18 +7,21 @@ import (
 	"github.com/spf13/afero"

 	"cdr.dev/slog/v3"
+	"github.com/coder/coder/v2/agent/agentgit"
 )

 // API exposes file-related operations performed through the agent.
 type API struct {
 	logger     slog.Logger
 	filesystem afero.Fs
+	pathStore  *agentgit.PathStore
 }

-func NewAPI(logger slog.Logger, filesystem afero.Fs) *API {
+func NewAPI(logger slog.Logger, filesystem afero.Fs, pathStore *agentgit.PathStore) *API {
 	api := &API{
 		logger:     logger,
 		filesystem: filesystem,
+		pathStore:  pathStore,
 	}
 	return api
 }
@@ -29,6 +32,7 @@ func (api *API) Routes() http.Handler {

 	r.Post("/list-directory", api.HandleLS)
 	r.Get("/read-file", api.HandleReadFile)
+	r.Get("/read-file-lines", api.HandleReadFileLines)
 	r.Post("/write-file", api.HandleWriteFile)
 	r.Post("/edit-files", api.HandleEditFiles)

@@ -10,19 +10,36 @@ import (
 	"os"
 	"path/filepath"
 	"strconv"
+	"strings"
 	"syscall"

-	"github.com/icholy/replace"
+	"github.com/google/uuid"
 	"github.com/spf13/afero"
-	"golang.org/x/text/transform"
 	"golang.org/x/xerrors"

 	"cdr.dev/slog/v3"
+	"github.com/coder/coder/v2/agent/agentgit"
 	"github.com/coder/coder/v2/coderd/httpapi"
 	"github.com/coder/coder/v2/codersdk"
 	"github.com/coder/coder/v2/codersdk/workspacesdk"
 )

+// ReadFileLinesResponse is the JSON response for the line-based file reader.
+type ReadFileLinesResponse struct {
+	// Success indicates whether the read was successful.
+	Success bool `json:"success"`
+	// FileSize is the original file size in bytes.
+	FileSize int64 `json:"file_size,omitempty"`
+	// TotalLines is the total number of lines in the file.
+	TotalLines int `json:"total_lines,omitempty"`
+	// LinesRead is the count of lines returned in this response.
+	LinesRead int `json:"lines_read,omitempty"`
+	// Content is the line-numbered file content.
+	Content string `json:"content,omitempty"`
+	// Error is the error message when success is false.
+	Error string `json:"error,omitempty"`
+}
+
 type HTTPResponseCode = int

 func (api *API) HandleReadFile(rw http.ResponseWriter, r *http.Request) {
@@ -103,6 +120,166 @@ func (api *API) streamFile(ctx context.Context, rw http.ResponseWriter, path str
 	return 0, nil
 }

+func (api *API) HandleReadFileLines(rw http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	query := r.URL.Query()
+	parser := httpapi.NewQueryParamParser().RequiredNotEmpty("path")
+	path := parser.String(query, "", "path")
+	offset := parser.PositiveInt64(query, 1, "offset")
+	limit := parser.PositiveInt64(query, 0, "limit")
+	maxFileSize := parser.PositiveInt64(query, workspacesdk.DefaultMaxFileSize, "max_file_size")
+	maxLineBytes := parser.PositiveInt64(query, workspacesdk.DefaultMaxLineBytes, "max_line_bytes")
+	maxResponseLines := parser.PositiveInt64(query, workspacesdk.DefaultMaxResponseLines, "max_response_lines")
+	maxResponseBytes := parser.PositiveInt64(query, workspacesdk.DefaultMaxResponseBytes, "max_response_bytes")
+	parser.ErrorExcessParams(query)
+	if len(parser.Errors) > 0 {
+		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			Message:     "Query parameters have invalid values.",
+			Validations: parser.Errors,
+		})
+		return
+	}
+
+	resp := api.readFileLines(ctx, path, offset, limit, workspacesdk.ReadFileLinesLimits{
+		MaxFileSize:      maxFileSize,
+		MaxLineBytes:     int(maxLineBytes),
+		MaxResponseLines: int(maxResponseLines),
+		MaxResponseBytes: int(maxResponseBytes),
+	})
+	httpapi.Write(ctx, rw, http.StatusOK, resp)
+}
+
+func (api *API) readFileLines(_ context.Context, path string, offset, limit int64, limits workspacesdk.ReadFileLinesLimits) ReadFileLinesResponse {
+	errResp := func(msg string) ReadFileLinesResponse {
+		return ReadFileLinesResponse{Success: false, Error: msg}
+	}
+
+	if !filepath.IsAbs(path) {
+		return errResp(fmt.Sprintf("file path must be absolute: %q", path))
+	}
+
+	f, err := api.filesystem.Open(path)
+	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			return errResp(fmt.Sprintf("file does not exist: %s", path))
+		}
+		if errors.Is(err, os.ErrPermission) {
+			return errResp(fmt.Sprintf("permission denied: %s", path))
+		}
+		return errResp(fmt.Sprintf("open file: %s", err))
+	}
+	defer f.Close()
+
+	stat, err := f.Stat()
+	if err != nil {
+		return errResp(fmt.Sprintf("stat file: %s", err))
+	}
+
+	if stat.IsDir() {
+		return errResp(fmt.Sprintf("not a file: %s", path))
+	}
+
+	fileSize := stat.Size()
+	if fileSize > limits.MaxFileSize {
+		return errResp(fmt.Sprintf(
+			"file is %d bytes which exceeds the maximum of %d bytes. Use grep, sed, or awk to extract the content you need, or use offset and limit to read a portion.",
+			fileSize, limits.MaxFileSize,
+		))
+	}
+
+	// Read the entire file (up to MaxFileSize).
+	data, err := io.ReadAll(f)
+	if err != nil {
+		return errResp(fmt.Sprintf("read file: %s", err))
+	}
+
+	// Split into lines.
+	content := string(data)
+	// Handle empty file.
+	if content == "" {
+		return ReadFileLinesResponse{
+			Success:    true,
+			FileSize:   fileSize,
+			TotalLines: 0,
+			LinesRead:  0,
+			Content:    "",
+		}
+	}
+
+	lines := strings.Split(content, "\n")
+	totalLines := len(lines)
+
+	// offset is 1-based line number.
+	if offset < 1 {
+		offset = 1
+	}
+	if offset > int64(totalLines) {
+		return errResp(fmt.Sprintf(
+			"offset %d is beyond the file length of %d lines",
+			offset, totalLines,
+		))
+	}
+
+	// Default limit.
+	if limit <= 0 {
+		limit = int64(limits.MaxResponseLines)
+	}
+
+	startIdx := int(offset - 1) // convert to 0-based
+	endIdx := startIdx + int(limit)
+	if endIdx > totalLines {
+		endIdx = totalLines
+	}
+
+	var numbered []string
+	totalBytesAccumulated := 0
+
+	for i := startIdx; i < endIdx; i++ {
+		line := lines[i]
+
+		// Per-line truncation.
+		if len(line) > limits.MaxLineBytes {
+			line = line[:limits.MaxLineBytes] + "... [truncated]"
+		}
+
+		// Format with 1-based line number.
+		numberedLine := fmt.Sprintf("%d\t%s", i+1, line)
+		lineBytes := len(numberedLine)
+
+		// Check total byte budget.
+		newTotal := totalBytesAccumulated + lineBytes
+		if len(numbered) > 0 {
+			newTotal++ // account for \n joiner
+		}
+		if newTotal > limits.MaxResponseBytes {
+			return errResp(fmt.Sprintf(
+				"output would exceed %d bytes. Read less at a time using offset and limit parameters.",
+				limits.MaxResponseBytes,
+			))
+		}
+
+		// Check line count.
+		if len(numbered) >= limits.MaxResponseLines {
+			return errResp(fmt.Sprintf(
+				"output would exceed %d lines. Read less at a time using offset and limit parameters.",
+				limits.MaxResponseLines,
+			))
+		}
+
+		numbered = append(numbered, numberedLine)
+		totalBytesAccumulated = newTotal
+	}
+
+	return ReadFileLinesResponse{
+		Success:    true,
+		FileSize:   fileSize,
+		TotalLines: totalLines,
+		LinesRead:  len(numbered),
+		Content:    strings.Join(numbered, "\n"),
+	}
+}
+
 func (api *API) HandleWriteFile(rw http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()

@@ -126,6 +303,13 @@ func (api *API) HandleWriteFile(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

+	// Track edited path for git watch.
+	if api.pathStore != nil {
+		if chatID, ancestorIDs, ok := agentgit.ExtractChatContext(r); ok {
+			api.pathStore.AddPaths(append([]uuid.UUID{chatID}, ancestorIDs...), []string{path})
+		}
+	}
+
 	httpapi.Write(ctx, rw, http.StatusOK, codersdk.Response{
 		Message: fmt.Sprintf("Successfully wrote to %q", path),
 	})
@@ -205,6 +389,17 @@ func (api *API) HandleEditFiles(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

+	// Track edited paths for git watch.
+	if api.pathStore != nil {
+		if chatID, ancestorIDs, ok := agentgit.ExtractChatContext(r); ok {
+			filePaths := make([]string, 0, len(req.Files))
+			for _, f := range req.Files {
+				filePaths = append(filePaths, f.Path)
+			}
+			api.pathStore.AddPaths(append([]uuid.UUID{chatID}, ancestorIDs...), filePaths)
+		}
+	}
+
 	httpapi.Write(ctx, rw, http.StatusOK, codersdk.Response{
 		Message: "Successfully edited file(s)",
 	})
@@ -245,9 +440,21 @@ func (api *API) editFile(ctx context.Context, path string, edits []workspacesdk.
 		return http.StatusBadRequest, xerrors.Errorf("open %s: not a file", path)
 	}

-	transforms := make([]transform.Transformer, len(edits))
-	for i, edit := range edits {
-		transforms[i] = replace.String(edit.Search, edit.Replace)
+	data, err := io.ReadAll(f)
+	if err != nil {
+		return http.StatusInternalServerError, xerrors.Errorf("read %s: %w", path, err)
+	}
+	content := string(data)
+
+	for _, edit := range edits {
+		var ok bool
+		content, ok = fuzzyReplace(content, edit.Search, edit.Replace)
+		if !ok {
+			api.logger.Warn(ctx, "edit search string not found, skipping",
+				slog.F("path", path),
+				slog.F("search_preview", truncate(edit.Search, 64)),
+			)
+		}
 	}

 	// Create an adjacent file to ensure it will be on the same device and can be
@@ -258,8 +465,7 @@ func (api *API) editFile(ctx context.Context, path string, edits []workspacesdk.
 	}
 	defer tmpfile.Close()

-	_, err = io.Copy(tmpfile, replace.Chain(f, transforms...))
-	if err != nil {
+	if _, err := tmpfile.Write([]byte(content)); err != nil {
 		if rerr := api.filesystem.Remove(tmpfile.Name()); rerr != nil {
 			api.logger.Warn(ctx, "unable to clean up temp file", slog.Error(rerr))
 		}
@@ -273,3 +479,93 @@ func (api *API) editFile(ctx context.Context, path string, edits []workspacesdk.

 	return 0, nil
 }
+
+// fuzzyReplace attempts to find `search` inside `content` and replace its first
+// occurrence with `replace`. It uses a cascading match strategy inspired by
+// openai/codex's apply_patch:
+//
+//  1. Exact substring match (byte-for-byte).
+//  2. Line-by-line match ignoring trailing whitespace on each line.
+//  3. Line-by-line match ignoring all leading/trailing whitespace (indentation-tolerant).
+//
+// When a fuzzy match is found (passes 2 or 3), the replacement is still applied
+// at the byte offsets of the original content so that surrounding text (including
+// indentation of untouched lines) is preserved.
+//
+// Returns the (possibly modified) content and a bool indicating whether a match
+// was found.
+func fuzzyReplace(content, search, replace string) (string, bool) {
+	// Pass 1 – exact substring (replace all occurrences).
+	if strings.Contains(content, search) {
+		return strings.ReplaceAll(content, search, replace), true
+	}
+
+	// For line-level fuzzy matching we split both content and search into lines.
+	contentLines := strings.SplitAfter(content, "\n")
+	searchLines := strings.SplitAfter(search, "\n")
+
+	// A trailing newline in the search produces an empty final element from
+	// SplitAfter.  Drop it so it doesn't interfere with line matching.
+	if len(searchLines) > 0 && searchLines[len(searchLines)-1] == "" {
+		searchLines = searchLines[:len(searchLines)-1]
+	}
+
+	// Pass 2 – trim trailing whitespace on each line.
+	if start, end, ok := seekLines(contentLines, searchLines, func(a, b string) bool {
+		return strings.TrimRight(a, " \t\r\n") == strings.TrimRight(b, " \t\r\n")
+	}); ok {
+		return spliceLines(contentLines, start, end, replace), true
+	}
+
+	// Pass 3 – trim all leading and trailing whitespace (indentation-tolerant).
+	if start, end, ok := seekLines(contentLines, searchLines, func(a, b string) bool {
+		return strings.TrimSpace(a) == strings.TrimSpace(b)
+	}); ok {
+		return spliceLines(contentLines, start, end, replace), true
+	}
+
+	return content, false
+}
+
+// seekLines scans contentLines looking for a contiguous subsequence that matches
+// searchLines according to the provided `eq` function. It returns the start and
+// end (exclusive) indices into contentLines of the match.
+func seekLines(contentLines, searchLines []string, eq func(a, b string) bool) (start, end int, ok bool) {
+	if len(searchLines) == 0 {
+		return 0, 0, true
+	}
+	if len(searchLines) > len(contentLines) {
+		return 0, 0, false
+	}
+outer:
+	for i := 0; i <= len(contentLines)-len(searchLines); i++ {
+		for j, sLine := range searchLines {
+			if !eq(contentLines[i+j], sLine) {
+				continue outer
+			}
+		}
+		return i, i + len(searchLines), true
+	}
+	return 0, 0, false
+}
+
+// spliceLines replaces contentLines[start:end] with replacement text, returning
+// the full content as a single string.
+func spliceLines(contentLines []string, start, end int, replacement string) string {
+	var b strings.Builder
+	for _, l := range contentLines[:start] {
+		_, _ = b.WriteString(l)
+	}
+	_, _ = b.WriteString(replacement)
+	for _, l := range contentLines[end:] {
+		_, _ = b.WriteString(l)
+	}
+	return b.String()
+}
+
+func truncate(s string, n int) string {
+	if len(s) <= n {
+		return s
+	}
+	return s[:n] + "..."
+}
@@ -11,9 +11,12 @@ import (
 	"os"
 	"path/filepath"
 	"runtime"
+	"strings"
 	"syscall"
 	"testing"

+	"github.com/go-chi/chi/v5"
+	"github.com/google/uuid"
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/xerrors"
@@ -21,6 +24,7 @@ import (
 	"cdr.dev/slog/v3"
 	"cdr.dev/slog/v3/sloggers/slogtest"
 	"github.com/coder/coder/v2/agent/agentfiles"
+	"github.com/coder/coder/v2/agent/agentgit"
 	"github.com/coder/coder/v2/codersdk"
 	"github.com/coder/coder/v2/codersdk/workspacesdk"
 	"github.com/coder/coder/v2/testutil"
@@ -116,7 +120,7 @@ func TestReadFile(t *testing.T) {
 		}
 		return nil
 	})
-	api := agentfiles.NewAPI(logger, fs)
+	api := agentfiles.NewAPI(logger, fs, nil)

 	dirPath := filepath.Join(tmpdir, "a-directory")
 	err := fs.MkdirAll(dirPath, 0o755)
@@ -296,7 +300,7 @@ func TestWriteFile(t *testing.T) {
 		}
 		return nil
 	})
-	api := agentfiles.NewAPI(logger, fs)
+	api := agentfiles.NewAPI(logger, fs, nil)

 	dirPath := filepath.Join(tmpdir, "directory")
 	err := fs.MkdirAll(dirPath, 0o755)
@@ -414,7 +418,7 @@ func TestEditFiles(t *testing.T) {
 		}
 		return nil
 	})
-	api := agentfiles.NewAPI(logger, fs)
+	api := agentfiles.NewAPI(logger, fs, nil)

 	dirPath := filepath.Join(tmpdir, "directory")
 	err := fs.MkdirAll(dirPath, 0o755)
@@ -649,6 +653,106 @@ func TestEditFiles(t *testing.T) {
 				filepath.Join(tmpdir, "file3"): "edited3 3",
 			},
 		},
+		{
+			name:     "TrailingWhitespace",
+			contents: map[string]string{filepath.Join(tmpdir, "trailing-ws"): "foo   \nbar\t\t\nbaz"},
+			edits: []workspacesdk.FileEdits{
+				{
+					Path: filepath.Join(tmpdir, "trailing-ws"),
+					Edits: []workspacesdk.FileEdit{
+						{
+							Search:  "foo\nbar\nbaz",
+							Replace: "replaced",
+						},
+					},
+				},
+			},
+			expected: map[string]string{filepath.Join(tmpdir, "trailing-ws"): "replaced"},
+		},
+		{
+			name:     "TabsVsSpaces",
+			contents: map[string]string{filepath.Join(tmpdir, "tabs-vs-spaces"): "\tif true {\n\t\tfoo()\n\t}"},
+			edits: []workspacesdk.FileEdits{
+				{
+					Path: filepath.Join(tmpdir, "tabs-vs-spaces"),
+					Edits: []workspacesdk.FileEdit{
+						{
+							// Search uses spaces but file uses tabs.
+							Search:  "    if true {\n        foo()\n    }",
+							Replace: "\tif true {\n\t\tbar()\n\t}",
+						},
+					},
+				},
+			},
+			expected: map[string]string{filepath.Join(tmpdir, "tabs-vs-spaces"): "\tif true {\n\t\tbar()\n\t}"},
+		},
+		{
+			name:     "DifferentIndentDepth",
+			contents: map[string]string{filepath.Join(tmpdir, "indent-depth"): "\t\t\tdeep()\n\t\t\tnested()"},
+			edits: []workspacesdk.FileEdits{
+				{
+					Path: filepath.Join(tmpdir, "indent-depth"),
+					Edits: []workspacesdk.FileEdit{
+						{
+							// Search has wrong indent depth (1 tab instead of 3).
+							Search:  "\tdeep()\n\tnested()",
+							Replace: "\t\t\tdeep()\n\t\t\tchanged()",
+						},
+					},
+				},
+			},
+			expected: map[string]string{filepath.Join(tmpdir, "indent-depth"): "\t\t\tdeep()\n\t\t\tchanged()"},
+		},
+		{
+			name:     "ExactMatchPreferred",
+			contents: map[string]string{filepath.Join(tmpdir, "exact-preferred"): "hello world"},
+			edits: []workspacesdk.FileEdits{
+				{
+					Path: filepath.Join(tmpdir, "exact-preferred"),
+					Edits: []workspacesdk.FileEdit{
+						{
+							Search:  "hello world",
+							Replace: "goodbye world",
+						},
+					},
+				},
+			},
+			expected: map[string]string{filepath.Join(tmpdir, "exact-preferred"): "goodbye world"},
+		},
+		{
+			name:     "NoMatchStillSucceeds",
+			contents: map[string]string{filepath.Join(tmpdir, "no-match"): "original content"},
+			edits: []workspacesdk.FileEdits{
+				{
+					Path: filepath.Join(tmpdir, "no-match"),
+					Edits: []workspacesdk.FileEdit{
+						{
+							Search:  "this does not exist in the file",
+							Replace: "whatever",
+						},
+					},
+				},
+			},
+			// File should remain unchanged.
+			expected: map[string]string{filepath.Join(tmpdir, "no-match"): "original content"},
+		},
+		{
+			name:     "MixedWhitespaceMultiline",
+			contents: map[string]string{filepath.Join(tmpdir, "mixed-ws"): "func main() {\n\tresult := compute()\n\tfmt.Println(result)\n}"},
+			edits: []workspacesdk.FileEdits{
+				{
+					Path: filepath.Join(tmpdir, "mixed-ws"),
+					Edits: []workspacesdk.FileEdit{
+						{
+							// Search uses spaces, file uses tabs.
+							Search:  "  result := compute()\n  fmt.Println(result)\n",
+							Replace: "\tresult := compute()\n\tlog.Println(result)\n",
+						},
+					},
+				},
+			},
+			expected: map[string]string{filepath.Join(tmpdir, "mixed-ws"): "func main() {\n\tresult := compute()\n\tlog.Println(result)\n}"},
+		},
 		{
 			name: "MultiError",
 			contents: map[string]string{
@@ -737,3 +841,351 @@ func TestEditFiles(t *testing.T) {
 		})
 	}
 }
+
+func TestHandleWriteFile_ChatHeaders_UpdatesPathStore(t *testing.T) {
+	t.Parallel()
+
+	pathStore := agentgit.NewPathStore()
+	logger := slogtest.Make(t, nil)
+	fs := afero.NewMemMapFs()
+	api := agentfiles.NewAPI(logger, fs, pathStore)
+
+	testPath := filepath.Join(os.TempDir(), "test.txt")
+
+	chatID := uuid.New()
+	ancestorID := uuid.New()
+	ancestorJSON, _ := json.Marshal([]string{ancestorID.String()})
+
+	body := strings.NewReader("hello world")
+	req := httptest.NewRequest(http.MethodPost, "/write-file?path="+testPath, body)
+	req.Header.Set(workspacesdk.CoderChatIDHeader, chatID.String())
+	req.Header.Set(workspacesdk.CoderAncestorChatIDsHeader, string(ancestorJSON))
+
+	rr := httptest.NewRecorder()
+	r := chi.NewRouter()
+	r.Post("/write-file", api.HandleWriteFile)
+	r.ServeHTTP(rr, req)
+
+	require.Equal(t, http.StatusOK, rr.Code)
+
+	// Verify PathStore was updated for both chat and ancestor.
+	paths := pathStore.GetPaths(chatID)
+	require.Equal(t, []string{testPath}, paths)
+
+	ancestorPaths := pathStore.GetPaths(ancestorID)
+	require.Equal(t, []string{testPath}, ancestorPaths)
+}
+
+func TestHandleWriteFile_NoChatHeaders_NoPathStoreUpdate(t *testing.T) {
+	t.Parallel()
+
+	pathStore := agentgit.NewPathStore()
+	logger := slogtest.Make(t, nil)
+	fs := afero.NewMemMapFs()
+	api := agentfiles.NewAPI(logger, fs, pathStore)
+
+	testPath := filepath.Join(os.TempDir(), "test.txt")
+
+	body := strings.NewReader("hello world")
+	req := httptest.NewRequest(http.MethodPost, "/write-file?path="+testPath, body)
+
+	rr := httptest.NewRecorder()
+	r := chi.NewRouter()
+	r.Post("/write-file", api.HandleWriteFile)
+	r.ServeHTTP(rr, req)
+
+	require.Equal(t, http.StatusOK, rr.Code)
+
+	// PathStore should be globally empty since no chat headers were set.
+	require.Equal(t, 0, pathStore.Len())
+}
+
+func TestHandleWriteFile_Failure_NoPathStoreUpdate(t *testing.T) {
+	t.Parallel()
+
+	pathStore := agentgit.NewPathStore()
+	logger := slogtest.Make(t, nil)
+	fs := afero.NewMemMapFs()
+	api := agentfiles.NewAPI(logger, fs, pathStore)
+
+	chatID := uuid.New()
+
+	// Write to a relative path (should fail with 400).
+	body := strings.NewReader("hello world")
+	req := httptest.NewRequest(http.MethodPost, "/write-file?path=relative/path.txt", body)
+	req.Header.Set(workspacesdk.CoderChatIDHeader, chatID.String())
+
+	rr := httptest.NewRecorder()
+	r := chi.NewRouter()
+	r.Post("/write-file", api.HandleWriteFile)
+	r.ServeHTTP(rr, req)
+
+	require.Equal(t, http.StatusBadRequest, rr.Code)
+
+	// PathStore should NOT be updated on failure.
+	paths := pathStore.GetPaths(chatID)
+	require.Empty(t, paths)
+}
+
+func TestHandleEditFiles_ChatHeaders_UpdatesPathStore(t *testing.T) {
+	t.Parallel()
+
+	pathStore := agentgit.NewPathStore()
+	logger := slogtest.Make(t, nil)
+	fs := afero.NewMemMapFs()
+	api := agentfiles.NewAPI(logger, fs, pathStore)
+
+	testPath := filepath.Join(os.TempDir(), "test.txt")
+
+	// Create the file first.
+	require.NoError(t, afero.WriteFile(fs, testPath, []byte("hello"), 0o644))
+
+	chatID := uuid.New()
+	editReq := workspacesdk.FileEditRequest{
+		Files: []workspacesdk.FileEdits{
+			{
+				Path: testPath,
+				Edits: []workspacesdk.FileEdit{
+					{Search: "hello", Replace: "world"},
+				},
+			},
+		},
+	}
+	body, _ := json.Marshal(editReq)
+	req := httptest.NewRequest(http.MethodPost, "/edit-files", bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set(workspacesdk.CoderChatIDHeader, chatID.String())
+
+	rr := httptest.NewRecorder()
+	r := chi.NewRouter()
+	r.Post("/edit-files", api.HandleEditFiles)
+	r.ServeHTTP(rr, req)
+
+	require.Equal(t, http.StatusOK, rr.Code)
+
+	paths := pathStore.GetPaths(chatID)
+	require.Equal(t, []string{testPath}, paths)
+}
+
+func TestHandleEditFiles_Failure_NoPathStoreUpdate(t *testing.T) {
+	t.Parallel()
+
+	pathStore := agentgit.NewPathStore()
+	logger := slogtest.Make(t, nil)
+	fs := afero.NewMemMapFs()
+	api := agentfiles.NewAPI(logger, fs, pathStore)
+
+	chatID := uuid.New()
+
+	// Edit a non-existent file (should fail with 404).
+	editReq := workspacesdk.FileEditRequest{
+		Files: []workspacesdk.FileEdits{
+			{
+				Path: "/nonexistent/file.txt",
+				Edits: []workspacesdk.FileEdit{
+					{Search: "hello", Replace: "world"},
+				},
+			},
+		},
+	}
+	body, _ := json.Marshal(editReq)
+	req := httptest.NewRequest(http.MethodPost, "/edit-files", bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set(workspacesdk.CoderChatIDHeader, chatID.String())
+
+	rr := httptest.NewRecorder()
+	r := chi.NewRouter()
+	r.Post("/edit-files", api.HandleEditFiles)
+	r.ServeHTTP(rr, req)
+
+	require.NotEqual(t, http.StatusOK, rr.Code)
+
+	// PathStore should NOT be updated on failure.
+	paths := pathStore.GetPaths(chatID)
+	require.Empty(t, paths)
+}
+
+func TestReadFileLines(t *testing.T) {
+	t.Parallel()
+
+	tmpdir := os.TempDir()
+	noPermsFilePath := filepath.Join(tmpdir, "no-perms-lines")
+
+	logger := slogtest.Make(t, &slogtest.Options{IgnoreErrors: true}).Leveled(slog.LevelDebug)
+	fs := newTestFs(afero.NewMemMapFs(), func(call, file string) error {
+		if file == noPermsFilePath {
+			return os.ErrPermission
+		}
+		return nil
+	})
+	api := agentfiles.NewAPI(logger, fs, nil)
+
+	dirPath := filepath.Join(tmpdir, "a-directory-lines")
+	err := fs.MkdirAll(dirPath, 0o755)
+	require.NoError(t, err)
+
+	emptyFilePath := filepath.Join(tmpdir, "empty-file")
+	err = afero.WriteFile(fs, emptyFilePath, []byte(""), 0o644)
+	require.NoError(t, err)
+
+	basicFilePath := filepath.Join(tmpdir, "basic-file")
+	err = afero.WriteFile(fs, basicFilePath, []byte("line1\nline2\nline3"), 0o644)
+	require.NoError(t, err)
+
+	longLine := string(bytes.Repeat([]byte("x"), 1025))
+	longLineFilePath := filepath.Join(tmpdir, "long-line-file")
+	err = afero.WriteFile(fs, longLineFilePath, []byte(longLine), 0o644)
+	require.NoError(t, err)
+
+	largeFilePath := filepath.Join(tmpdir, "large-file")
+	err = afero.WriteFile(fs, largeFilePath, bytes.Repeat([]byte("x"), 1<<20+1), 0o644)
+	require.NoError(t, err)
+
+	tests := []struct {
+		name       string
+		path       string
+		offset     int64
+		limit      int64
+		expSuccess bool
+		expError   string
+		expContent string
+		expTotal   int
+		expRead    int
+		expSize    int64
+		// useCodersdk is set for cases where the handler returns
+		// codersdk.Response (query param validation) instead of ReadFileLinesResponse.
+		useCodersdk bool
+	}{
+		{
+			name:        "NoPath",
+			path:        "",
+			useCodersdk: true,
+			expError:    "is required",
+		},
+		{
+			name:     "RelativePath",
+			path:     "relative/path",
+			expError: "file path must be absolute",
+		},
+		{
+			name:     "NonExistent",
+			path:     filepath.Join(tmpdir, "does-not-exist"),
+			expError: "file does not exist",
+		},
+		{
+			name:     "IsDir",
+			path:     dirPath,
+			expError: "not a file",
+		},
+		{
+			name:     "NoPermissions",
+			path:     noPermsFilePath,
+			expError: "permission denied",
+		},
+		{
+			name:       "EmptyFile",
+			path:       emptyFilePath,
+			expSuccess: true,
+			expTotal:   0,
+			expRead:    0,
+			expSize:    0,
+		},
+		{
+			name:       "BasicRead",
+			path:       basicFilePath,
+			expSuccess: true,
+			expContent: "1\tline1\n2\tline2\n3\tline3",
+			expTotal:   3,
+			expRead:    3,
+			expSize:    int64(len("line1\nline2\nline3")),
+		},
+		{
+			name:       "Offset2",
+			path:       basicFilePath,
+			offset:     2,
+			expSuccess: true,
+			expContent: "2\tline2\n3\tline3",
+			expTotal:   3,
+			expRead:    2,
+			expSize:    int64(len("line1\nline2\nline3")),
+		},
+		{
+			name:       "Limit1",
+			path:       basicFilePath,
+			limit:      1,
+			expSuccess: true,
+			expContent: "1\tline1",
+			expTotal:   3,
+			expRead:    1,
+			expSize:    int64(len("line1\nline2\nline3")),
+		},
+		{
+			name:       "Offset2Limit1",
+			path:       basicFilePath,
+			offset:     2,
+			limit:      1,
+			expSuccess: true,
+			expContent: "2\tline2",
+			expTotal:   3,
+			expRead:    1,
+			expSize:    int64(len("line1\nline2\nline3")),
+		},
+		{
+			name:     "OffsetBeyondFile",
+			path:     basicFilePath,
+			offset:   100,
+			expError: "offset 100 is beyond the file length of 3 lines",
+		},
+		{
+			name:       "LongLineTruncation",
+			path:       longLineFilePath,
+			expSuccess: true,
+			expContent: "1\t" + string(bytes.Repeat([]byte("x"), 1024)) + "... [truncated]",
+			expTotal:   1,
+			expRead:    1,
+			expSize:    1025,
+		},
+		{
+			name:     "LargeFile",
+			path:     largeFilePath,
+			expError: "exceeds the maximum",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+			defer cancel()
+
+			w := httptest.NewRecorder()
+			r := httptest.NewRequestWithContext(ctx, http.MethodGet, fmt.Sprintf("/read-file-lines?path=%s&offset=%d&limit=%d", tt.path, tt.offset, tt.limit), nil)
+			api.Routes().ServeHTTP(w, r)
+
+			if tt.useCodersdk {
+				// Query param validation errors return codersdk.Response.
+				require.Equal(t, http.StatusBadRequest, w.Code)
+				require.Contains(t, w.Body.String(), tt.expError)
+				return
+			}
+
+			var resp agentfiles.ReadFileLinesResponse
+			err := json.NewDecoder(w.Body).Decode(&resp)
+			require.NoError(t, err)
+
+			if tt.expSuccess {
+				require.Equal(t, http.StatusOK, w.Code)
+				require.True(t, resp.Success)
+				require.Equal(t, tt.expContent, resp.Content)
+				require.Equal(t, tt.expTotal, resp.TotalLines)
+				require.Equal(t, tt.expRead, resp.LinesRead)
+				require.Equal(t, tt.expSize, resp.FileSize)
+			} else {
+				require.Equal(t, http.StatusOK, w.Code)
+				require.False(t, resp.Success)
+				require.Contains(t, resp.Error, tt.expError)
+			}
+		})
+	}
+}
@@ -0,0 +1,441 @@
+// Package agentgit provides a WebSocket-based service for watching git
+// repository changes on the agent. It is mounted at /api/v0/git/watch
+// and allows clients to subscribe to file paths, triggering scans of
+// the corresponding git repositories.
+package agentgit
+
+import (
+	"bytes"
+	"context"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/dustin/go-humanize"
+	"golang.org/x/xerrors"
+
+	"cdr.dev/slog/v3"
+	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/quartz"
+)
+
+// Option configures the git watch service.
+type Option func(*Handler)
+
+// WithClock sets a controllable clock for testing. Defaults to
+// quartz.NewReal().
+func WithClock(c quartz.Clock) Option {
+	return func(h *Handler) {
+		h.clock = c
+	}
+}
+
+// WithGitBinary overrides the git binary path (for testing).
+func WithGitBinary(path string) Option {
+	return func(h *Handler) {
+		h.gitBin = path
+	}
+}
+
+const (
+	// scanCooldown is the minimum interval between successive scans.
+	scanCooldown = 1 * time.Second
+	// fallbackPollInterval is the safety-net poll period used when no
+	// filesystem events arrive.
+	fallbackPollInterval = 30 * time.Second
+	// maxTotalDiffSize is the maximum size of the combined
+	// unified diff for an entire repository sent over the wire.
+	// This must stay under the WebSocket message size limit.
+	maxTotalDiffSize = 3 * 1024 * 1024 // 3 MiB
+)
+
+// Handler manages per-connection git watch state.
+type Handler struct {
+	logger slog.Logger
+	clock  quartz.Clock
+	gitBin string // path to git binary; empty means "git" (from PATH)
+
+	mu            sync.Mutex
+	repoRoots     map[string]struct{}     // watched repo roots
+	lastSnapshots map[string]repoSnapshot // last emitted snapshot per repo
+	lastScanAt    time.Time               // when the last scan completed
+	scanTrigger   chan struct{}           // buffered(1), poked by triggers
+}
+
+// repoSnapshot captures the last emitted state for delta comparison.
+type repoSnapshot struct {
+	branch       string
+	remoteOrigin string
+	unifiedDiff  string
+}
+
+// NewHandler creates a new git watch handler.
+func NewHandler(logger slog.Logger, opts ...Option) *Handler {
+	h := &Handler{
+		logger:        logger,
+		clock:         quartz.NewReal(),
+		gitBin:        "git",
+		repoRoots:     make(map[string]struct{}),
+		lastSnapshots: make(map[string]repoSnapshot),
+		scanTrigger:   make(chan struct{}, 1),
+	}
+	for _, opt := range opts {
+		opt(h)
+	}
+
+	// Check if git is available.
+	if _, err := exec.LookPath(h.gitBin); err != nil {
+		h.logger.Warn(context.Background(), "git binary not found, git scanning disabled")
+	}
+
+	return h
+}
+
+// gitAvailable returns true if the configured git binary can be found
+// in PATH.
+func (h *Handler) gitAvailable() bool {
+	_, err := exec.LookPath(h.gitBin)
+	return err == nil
+}
+
+// Subscribe processes a subscribe message, resolving paths to git repo
+// roots and adding new repos to the watch set. Returns true if any new
+// repo roots were added.
+func (h *Handler) Subscribe(paths []string) bool {
+	if !h.gitAvailable() {
+		return false
+	}
+
+	h.mu.Lock()
+	defer h.mu.Unlock()
+
+	added := false
+	for _, p := range paths {
+		if !filepath.IsAbs(p) {
+			continue
+		}
+		p = filepath.Clean(p)
+
+		root, err := findRepoRoot(h.gitBin, p)
+		if err != nil {
+			// Not a git path — silently ignore.
+			continue
+		}
+		if _, ok := h.repoRoots[root]; ok {
+			continue
+		}
+		h.repoRoots[root] = struct{}{}
+		added = true
+	}
+	return added
+}
+
+// RequestScan pokes the scan trigger so the run loop performs a scan.
+func (h *Handler) RequestScan() {
+	select {
+	case h.scanTrigger <- struct{}{}:
+	default:
+		// Already pending.
+	}
+}
+
+// Scan performs a scan of all subscribed repos and computes deltas
+// against the previously emitted snapshots.
+func (h *Handler) Scan(ctx context.Context) *codersdk.WorkspaceAgentGitServerMessage {
+	if !h.gitAvailable() {
+		return nil
+	}
+
+	h.mu.Lock()
+	roots := make([]string, 0, len(h.repoRoots))
+	for r := range h.repoRoots {
+		roots = append(roots, r)
+	}
+	h.mu.Unlock()
+
+	if len(roots) == 0 {
+		return nil
+	}
+
+	now := h.clock.Now().UTC()
+	var repos []codersdk.WorkspaceAgentRepoChanges
+
+	// Perform all I/O outside the lock to avoid blocking
+	// AddPaths/GetPaths/Subscribe callers during disk-heavy scans.
+	type scanResult struct {
+		root    string
+		changes codersdk.WorkspaceAgentRepoChanges
+		err     error
+	}
+	results := make([]scanResult, 0, len(roots))
+	for _, root := range roots {
+		changes, err := getRepoChanges(ctx, h.logger, h.gitBin, root)
+		results = append(results, scanResult{root: root, changes: changes, err: err})
+	}
+
+	// Re-acquire the lock only to commit snapshot updates.
+	h.mu.Lock()
+	defer h.mu.Unlock()
+
+	for _, res := range results {
+		if res.err != nil {
+			if isRepoDeleted(h.gitBin, res.root) {
+				// Repo root or .git directory was removed.
+				// Emit a removal entry, then evict from watch set.
+				removal := codersdk.WorkspaceAgentRepoChanges{
+					RepoRoot: res.root,
+					Removed:  true,
+				}
+				delete(h.repoRoots, res.root)
+				delete(h.lastSnapshots, res.root)
+				repos = append(repos, removal)
+			} else {
+				// Transient error — log and skip without
+				// removing the repo from the watch set.
+				h.logger.Warn(ctx, "scan repo failed",
+					slog.F("root", res.root),
+					slog.Error(res.err),
+				)
+			}
+			continue
+		}
+
+		prev, hasPrev := h.lastSnapshots[res.root]
+		if hasPrev &&
+			prev.branch == res.changes.Branch &&
+			prev.remoteOrigin == res.changes.RemoteOrigin &&
+			prev.unifiedDiff == res.changes.UnifiedDiff {
+			// No change in this repo since last emit.
+			continue
+		}
+
+		// Update snapshot.
+		h.lastSnapshots[res.root] = repoSnapshot{
+			branch:       res.changes.Branch,
+			remoteOrigin: res.changes.RemoteOrigin,
+			unifiedDiff:  res.changes.UnifiedDiff,
+		}
+
+		repos = append(repos, res.changes)
+	}
+
+	h.lastScanAt = now
+
+	if len(repos) == 0 {
+		return nil
+	}
+
+	return &codersdk.WorkspaceAgentGitServerMessage{
+		Type:         codersdk.WorkspaceAgentGitServerMessageTypeChanges,
+		ScannedAt:    &now,
+		Repositories: repos,
+	}
+}
+
+// RunLoop runs the main event loop that listens for refresh requests
+// and fallback poll ticks. It calls scanFn whenever a scan should
+// happen (rate-limited to scanCooldown). It blocks until ctx is
+// canceled.
+func (h *Handler) RunLoop(ctx context.Context, scanFn func()) {
+	fallbackTicker := h.clock.NewTicker(fallbackPollInterval)
+	defer fallbackTicker.Stop()
+
+	for {
+		select {
+		case <-ctx.Done():
+			return
+
+		case <-h.scanTrigger:
+			h.rateLimitedScan(ctx, scanFn)
+
+		case <-fallbackTicker.C:
+			h.rateLimitedScan(ctx, scanFn)
+		}
+	}
+}
+
+func (h *Handler) rateLimitedScan(ctx context.Context, scanFn func()) {
+	h.mu.Lock()
+	elapsed := h.clock.Since(h.lastScanAt)
+	if elapsed < scanCooldown {
+		h.mu.Unlock()
+
+		// Wait for cooldown then scan.
+		remaining := scanCooldown - elapsed
+		timer := h.clock.NewTimer(remaining)
+		defer timer.Stop()
+		select {
+		case <-ctx.Done():
+			return
+		case <-timer.C:
+		}
+
+		scanFn()
+		return
+	}
+	h.mu.Unlock()
+	scanFn()
+}
+
+// isRepoDeleted returns true when the repo root directory or its .git
+// entry no longer represents a valid git repository. This
+// distinguishes a genuine repo deletion from a transient scan error
+// (e.g. lock contention).
+//
+// It handles three deletion cases:
+//  1. The repo root directory itself was removed.
+//  2. The .git entry (directory or file) was removed.
+//  3. The .git entry is a file (worktree/submodule) whose target
+//     gitdir was removed. In this case .git exists on disk but
+//     `git rev-parse --git-dir` fails because the referenced
+//     directory is gone.
+func isRepoDeleted(gitBin string, repoRoot string) bool {
+	if _, err := os.Stat(repoRoot); os.IsNotExist(err) {
+		return true
+	}
+	gitPath := filepath.Join(repoRoot, ".git")
+	fi, err := os.Stat(gitPath)
+	if os.IsNotExist(err) {
+		return true
+	}
+	// If .git is a regular file (worktree or submodule), the actual
+	// git object store lives elsewhere. Validate that the target is
+	// still reachable by running git rev-parse.
+	if err == nil && !fi.IsDir() {
+		cmd := exec.CommandContext(context.Background(), gitBin, "-C", repoRoot, "rev-parse", "--git-dir")
+		if err := cmd.Run(); err != nil {
+			return true
+		}
+	}
+	return false
+}
+
+// findRepoRoot uses `git rev-parse --show-toplevel` to find the
+// repository root for the given path.
+func findRepoRoot(gitBin string, p string) (string, error) {
+	// If p is a file, start from its parent directory.
+	dir := p
+	if info, err := os.Stat(dir); err != nil || !info.IsDir() {
+		dir = filepath.Dir(dir)
+	}
+	cmd := exec.CommandContext(context.Background(), gitBin, "rev-parse", "--show-toplevel")
+	cmd.Dir = dir
+	out, err := cmd.Output()
+	if err != nil {
+		return "", xerrors.Errorf("no git repo found for %s", p)
+	}
+	root := filepath.FromSlash(strings.TrimSpace(string(out)))
+	// Resolve symlinks and short (8.3) names on Windows so the
+	// returned root matches paths produced by Go's filepath APIs.
+	if resolved, evalErr := filepath.EvalSymlinks(root); evalErr == nil {
+		root = resolved
+	}
+	return root, nil
+}
+
+// getRepoChanges reads the current state of a git repository using
+// the git CLI. It returns branch, remote origin, and a unified diff.
+func getRepoChanges(ctx context.Context, logger slog.Logger, gitBin string, repoRoot string) (codersdk.WorkspaceAgentRepoChanges, error) {
+	result := codersdk.WorkspaceAgentRepoChanges{
+		RepoRoot: repoRoot,
+	}
+
+	// Verify this is still a valid git repository before doing
+	// anything else. This catches deleted repos early.
+	verifyCmd := exec.CommandContext(ctx, gitBin, "-C", repoRoot, "rev-parse", "--git-dir")
+	if err := verifyCmd.Run(); err != nil {
+		return result, xerrors.Errorf("not a git repository: %w", err)
+	}
+
+	// Read branch name.
+	branchCmd := exec.CommandContext(ctx, gitBin, "-C", repoRoot, "symbolic-ref", "--short", "HEAD")
+	if out, err := branchCmd.Output(); err == nil {
+		result.Branch = strings.TrimSpace(string(out))
+	} else {
+		logger.Debug(ctx, "failed to read HEAD", slog.F("root", repoRoot), slog.Error(err))
+	}
+
+	// Read remote origin URL.
+	remoteCmd := exec.CommandContext(ctx, gitBin, "-C", repoRoot, "config", "--get", "remote.origin.url")
+	if out, err := remoteCmd.Output(); err == nil {
+		result.RemoteOrigin = strings.TrimSpace(string(out))
+	}
+
+	// Compute unified diff.
+	// `git diff HEAD` shows both staged and unstaged changes vs HEAD.
+	// For repos with no commits yet, fall back to showing untracked
+	// files only.
+	diff, err := computeGitDiff(ctx, logger, gitBin, repoRoot)
+	if err != nil {
+		return result, xerrors.Errorf("compute diff: %w", err)
+	}
+
+	result.UnifiedDiff = diff
+	if len(result.UnifiedDiff) > maxTotalDiffSize {
+		result.UnifiedDiff = "Total diff too large to show. Size: " + humanize.IBytes(uint64(len(result.UnifiedDiff))) + ". Showing branch and remote only."
+	}
+
+	return result, nil
+}
+
+// computeGitDiff produces a unified diff string for the repository by
+// combining `git diff HEAD` (staged + unstaged changes) with diffs
+// for untracked files.
+func computeGitDiff(ctx context.Context, logger slog.Logger, gitBin string, repoRoot string) (string, error) {
+	var diffParts []string
+
+	// Check if the repo has any commits.
+	hasCommits := true
+	checkCmd := exec.CommandContext(ctx, gitBin, "-C", repoRoot, "rev-parse", "HEAD")
+	if err := checkCmd.Run(); err != nil {
+		hasCommits = false
+	}
+
+	if hasCommits {
+		// `git diff HEAD` captures both staged and unstaged changes
+		// relative to HEAD in a single unified diff.
+		cmd := exec.CommandContext(ctx, gitBin, "-C", repoRoot, "diff", "HEAD")
+		out, err := cmd.Output()
+		if err != nil {
+			return "", xerrors.Errorf("git diff HEAD: %w", err)
+		}
+		if len(out) > 0 {
+			diffParts = append(diffParts, string(out))
+		}
+	}
+
+	// Show untracked files as diffs too.
+	// `git ls-files --others --exclude-standard` lists untracked,
+	// non-ignored files.
+	lsCmd := exec.CommandContext(ctx, gitBin, "-C", repoRoot, "ls-files", "--others", "--exclude-standard")
+	lsOut, err := lsCmd.Output()
+	if err != nil {
+		logger.Debug(ctx, "failed to list untracked files", slog.F("root", repoRoot), slog.Error(err))
+		return strings.Join(diffParts, ""), nil
+	}
+
+	untrackedFiles := strings.Split(strings.TrimSpace(string(lsOut)), "\n")
+	for _, f := range untrackedFiles {
+		f = strings.TrimSpace(f)
+		if f == "" {
+			continue
+		}
+		// Use `git diff --no-index /dev/null <file>` to generate
+		// a unified diff for untracked files.
+		var stdout bytes.Buffer
+		untrackedCmd := exec.CommandContext(ctx, gitBin, "-C", repoRoot, "diff", "--no-index", "--", "/dev/null", f)
+		untrackedCmd.Stdout = &stdout
+		// git diff --no-index exits with 1 when files differ,
+		// which is expected. We ignore the error and check for
+		// output instead.
+		_ = untrackedCmd.Run()
+		if stdout.Len() > 0 {
+			diffParts = append(diffParts, stdout.String())
+		}
+	}
+
+	return strings.Join(diffParts, ""), nil
+}
@@ -0,0 +1,147 @@
+package agentgit
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/google/uuid"
+
+	"cdr.dev/slog/v3"
+	"github.com/coder/coder/v2/coderd/httpapi"
+	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/wsjson"
+	"github.com/coder/websocket"
+)
+
+// API exposes the git watch HTTP routes for the agent.
+type API struct {
+	logger    slog.Logger
+	opts      []Option
+	pathStore *PathStore
+}
+
+// NewAPI creates a new git watch API.
+func NewAPI(logger slog.Logger, pathStore *PathStore, opts ...Option) *API {
+	return &API{
+		logger:    logger,
+		pathStore: pathStore,
+		opts:      opts,
+	}
+}
+
+// Routes returns the chi router for mounting at /api/v0/git.
+func (a *API) Routes() http.Handler {
+	r := chi.NewRouter()
+	r.Get("/watch", a.handleWatch)
+	return r
+}
+
+func (a *API) handleWatch(rw http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	conn, err := websocket.Accept(rw, r, &websocket.AcceptOptions{
+		CompressionMode: websocket.CompressionNoContextTakeover,
+	})
+	if err != nil {
+		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+			Message: "Failed to accept WebSocket.",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
+	// 4 MiB read limit — subscribe messages with many paths can exceed the
+	// default 32 KB limit. Matches the SDK/proxy side.
+	conn.SetReadLimit(1 << 22)
+
+	stream := wsjson.NewStream[
+		codersdk.WorkspaceAgentGitClientMessage,
+		codersdk.WorkspaceAgentGitServerMessage,
+	](conn, websocket.MessageText, websocket.MessageText, a.logger)
+
+	ctx, cancel := context.WithCancel(ctx)
+	defer cancel()
+
+	go httpapi.HeartbeatClose(ctx, a.logger, cancel, conn)
+
+	handler := NewHandler(a.logger, a.opts...)
+
+	// scanAndSend performs a scan and sends results if there are
+	// changes.
+	scanAndSend := func() {
+		msg := handler.Scan(ctx)
+		if msg != nil {
+			if err := stream.Send(*msg); err != nil {
+				a.logger.Debug(ctx, "failed to send changes", slog.Error(err))
+				cancel()
+			}
+		}
+	}
+
+	// If a chat_id query parameter is provided and the PathStore is
+	// available, subscribe to path updates for this chat.
+	chatIDStr := r.URL.Query().Get("chat_id")
+	if chatIDStr != "" && a.pathStore != nil {
+		chatID, parseErr := uuid.Parse(chatIDStr)
+		if parseErr == nil {
+			// Subscribe to future path updates BEFORE reading
+			// existing paths. This ordering guarantees no
+			// notification from AddPaths is lost: any call that
+			// lands before Subscribe is picked up by GetPaths
+			// below, and any call after Subscribe delivers a
+			// notification on the channel.
+			notifyCh, unsubscribe := a.pathStore.Subscribe(chatID)
+			defer unsubscribe()
+
+			// Load any paths that are already tracked for this chat.
+			existingPaths := a.pathStore.GetPaths(chatID)
+			if len(existingPaths) > 0 {
+				handler.Subscribe(existingPaths)
+				handler.RequestScan()
+			}
+
+			go func() {
+				for {
+					select {
+					case <-ctx.Done():
+						return
+					case <-notifyCh:
+						paths := a.pathStore.GetPaths(chatID)
+						handler.Subscribe(paths)
+						handler.RequestScan()
+					}
+				}
+			}()
+		}
+	}
+
+	// Start the main run loop in a goroutine.
+	go handler.RunLoop(ctx, scanAndSend)
+
+	// Read client messages.
+	updates := stream.Chan()
+	for {
+		select {
+		case <-ctx.Done():
+			_ = stream.Close(websocket.StatusGoingAway)
+			return
+		case msg, ok := <-updates:
+			if !ok {
+				return
+			}
+
+			switch msg.Type {
+			case codersdk.WorkspaceAgentGitClientMessageTypeRefresh:
+				handler.RequestScan()
+			default:
+				if err := stream.Send(codersdk.WorkspaceAgentGitServerMessage{
+					Type:    codersdk.WorkspaceAgentGitServerMessageTypeError,
+					Message: "unknown message type",
+				}); err != nil {
+					return
+				}
+			}
+		}
+	}
+}
@@ -0,0 +1,35 @@
+package agentgit
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/google/uuid"
+
+	"github.com/coder/coder/v2/codersdk/workspacesdk"
+)
+
+// ExtractChatContext reads chat identity headers from the request.
+// Returns zero values if headers are absent (non-chat request).
+func ExtractChatContext(r *http.Request) (chatID uuid.UUID, ancestorIDs []uuid.UUID, ok bool) {
+	raw := r.Header.Get(workspacesdk.CoderChatIDHeader)
+	if raw == "" {
+		return uuid.Nil, nil, false
+	}
+	chatID, err := uuid.Parse(raw)
+	if err != nil {
+		return uuid.Nil, nil, false
+	}
+	rawAncestors := r.Header.Get(workspacesdk.CoderAncestorChatIDsHeader)
+	if rawAncestors != "" {
+		var ids []string
+		if err := json.Unmarshal([]byte(rawAncestors), &ids); err == nil {
+			for _, s := range ids {
+				if id, err := uuid.Parse(s); err == nil {
+					ancestorIDs = append(ancestorIDs, id)
+				}
+			}
+		}
+	}
+	return chatID, ancestorIDs, true
+}
@@ -0,0 +1,148 @@
+package agentgit_test
+
+import (
+	"encoding/json"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/v2/agent/agentgit"
+	"github.com/coder/coder/v2/codersdk/workspacesdk"
+)
+
+func TestExtractChatContext(t *testing.T) {
+	t.Parallel()
+
+	validID := uuid.MustParse("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee")
+	ancestor1 := uuid.MustParse("11111111-2222-3333-4444-555555555555")
+	ancestor2 := uuid.MustParse("66666666-7777-8888-9999-aaaaaaaaaaaa")
+
+	tests := []struct {
+		name            string
+		chatID          string // empty means header not set
+		setChatID       bool   // whether to set the chat ID header at all
+		ancestors       string // empty means header not set
+		setAncestors    bool   // whether to set the ancestor header at all
+		wantChatID      uuid.UUID
+		wantAncestorIDs []uuid.UUID
+		wantOK          bool
+	}{
+		{
+			name:            "NoHeadersPresent",
+			setChatID:       false,
+			setAncestors:    false,
+			wantChatID:      uuid.Nil,
+			wantAncestorIDs: nil,
+			wantOK:          false,
+		},
+		{
+			name:            "ValidChatID_NoAncestors",
+			chatID:          validID.String(),
+			setChatID:       true,
+			setAncestors:    false,
+			wantChatID:      validID,
+			wantAncestorIDs: nil,
+			wantOK:          true,
+		},
+		{
+			name:      "ValidChatID_ValidAncestors",
+			chatID:    validID.String(),
+			setChatID: true,
+			ancestors: mustMarshalJSON(t, []string{
+				ancestor1.String(),
+				ancestor2.String(),
+			}),
+			setAncestors:    true,
+			wantChatID:      validID,
+			wantAncestorIDs: []uuid.UUID{ancestor1, ancestor2},
+			wantOK:          true,
+		},
+		{
+			name:            "MalformedChatID",
+			chatID:          "not-a-uuid",
+			setChatID:       true,
+			setAncestors:    false,
+			wantChatID:      uuid.Nil,
+			wantAncestorIDs: nil,
+			wantOK:          false,
+		},
+		{
+			name:            "ValidChatID_MalformedAncestorJSON",
+			chatID:          validID.String(),
+			setChatID:       true,
+			ancestors:       `{this is not json}`,
+			setAncestors:    true,
+			wantChatID:      validID,
+			wantAncestorIDs: nil,
+			wantOK:          true,
+		},
+		{
+			// Only valid UUIDs in the array are returned; invalid
+			// entries are silently skipped.
+			name:      "ValidChatID_PartialValidAncestorUUIDs",
+			chatID:    validID.String(),
+			setChatID: true,
+			ancestors: mustMarshalJSON(t, []string{
+				ancestor1.String(),
+				"bad-uuid",
+				ancestor2.String(),
+			}),
+			setAncestors:    true,
+			wantChatID:      validID,
+			wantAncestorIDs: []uuid.UUID{ancestor1, ancestor2},
+			wantOK:          true,
+		},
+		{
+			// Header is explicitly set to an empty string, which
+			// Header.Get returns as "".
+			name:            "EmptyChatIDHeader",
+			chatID:          "",
+			setChatID:       true,
+			setAncestors:    false,
+			wantChatID:      uuid.Nil,
+			wantAncestorIDs: nil,
+			wantOK:          false,
+		},
+		{
+			name:            "ValidChatID_EmptyAncestorHeader",
+			chatID:          validID.String(),
+			setChatID:       true,
+			ancestors:       "",
+			setAncestors:    true,
+			wantChatID:      validID,
+			wantAncestorIDs: nil,
+			wantOK:          true,
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			r := httptest.NewRequest("GET", "/", nil)
+			if tt.setChatID {
+				r.Header.Set(workspacesdk.CoderChatIDHeader, tt.chatID)
+			}
+			if tt.setAncestors {
+				r.Header.Set(workspacesdk.CoderAncestorChatIDsHeader, tt.ancestors)
+			}
+
+			chatID, ancestorIDs, ok := agentgit.ExtractChatContext(r)
+
+			require.Equal(t, tt.wantOK, ok, "ok mismatch")
+			require.Equal(t, tt.wantChatID, chatID, "chatID mismatch")
+			require.Equal(t, tt.wantAncestorIDs, ancestorIDs, "ancestorIDs mismatch")
+		})
+	}
+}
+
+// mustMarshalJSON marshals v to a JSON string, failing the test on error.
+func mustMarshalJSON(t *testing.T, v any) string {
+	t.Helper()
+	b, err := json.Marshal(v)
+	require.NoError(t, err)
+	return string(b)
+}
@@ -0,0 +1,136 @@
+package agentgit
+
+import (
+	"sort"
+	"sync"
+
+	"github.com/google/uuid"
+)
+
+// PathStore tracks which file paths each chat has touched.
+// It is safe for concurrent use.
+type PathStore struct {
+	mu          sync.RWMutex
+	chatPaths   map[uuid.UUID]map[string]struct{}
+	subscribers map[uuid.UUID][]chan<- struct{}
+}
+
+// NewPathStore creates a new PathStore.
+func NewPathStore() *PathStore {
+	return &PathStore{
+		chatPaths:   make(map[uuid.UUID]map[string]struct{}),
+		subscribers: make(map[uuid.UUID][]chan<- struct{}),
+	}
+}
+
+// AddPaths adds paths to every chat in chatIDs and notifies
+// their subscribers. Zero-value UUIDs are silently skipped.
+func (ps *PathStore) AddPaths(chatIDs []uuid.UUID, paths []string) {
+	affected := make([]uuid.UUID, 0, len(chatIDs))
+	for _, id := range chatIDs {
+		if id != uuid.Nil {
+			affected = append(affected, id)
+		}
+	}
+	if len(affected) == 0 {
+		return
+	}
+
+	ps.mu.Lock()
+	for _, id := range affected {
+		m, ok := ps.chatPaths[id]
+		if !ok {
+			m = make(map[string]struct{})
+			ps.chatPaths[id] = m
+		}
+		for _, p := range paths {
+			m[p] = struct{}{}
+		}
+	}
+	ps.mu.Unlock()
+
+	ps.notifySubscribers(affected)
+}
+
+// Notify sends a signal to all subscribers of the given chat IDs
+// without adding any paths. Zero-value UUIDs are silently skipped.
+func (ps *PathStore) Notify(chatIDs []uuid.UUID) {
+	affected := make([]uuid.UUID, 0, len(chatIDs))
+	for _, id := range chatIDs {
+		if id != uuid.Nil {
+			affected = append(affected, id)
+		}
+	}
+	if len(affected) == 0 {
+		return
+	}
+	ps.notifySubscribers(affected)
+}
+
+// notifySubscribers sends a non-blocking signal to all subscriber
+// channels for the given chat IDs.
+func (ps *PathStore) notifySubscribers(chatIDs []uuid.UUID) {
+	ps.mu.RLock()
+	toNotify := make([]chan<- struct{}, 0)
+	for _, id := range chatIDs {
+		toNotify = append(toNotify, ps.subscribers[id]...)
+	}
+	ps.mu.RUnlock()
+
+	for _, ch := range toNotify {
+		select {
+		case ch <- struct{}{}:
+		default:
+		}
+	}
+}
+
+// GetPaths returns all paths tracked for a chat, deduplicated
+// and sorted lexicographically.
+func (ps *PathStore) GetPaths(chatID uuid.UUID) []string {
+	ps.mu.RLock()
+	defer ps.mu.RUnlock()
+
+	m := ps.chatPaths[chatID]
+	if len(m) == 0 {
+		return nil
+	}
+	out := make([]string, 0, len(m))
+	for p := range m {
+		out = append(out, p)
+	}
+	sort.Strings(out)
+	return out
+}
+
+// Len returns the number of chat IDs that have tracked paths.
+func (ps *PathStore) Len() int {
+	ps.mu.RLock()
+	defer ps.mu.RUnlock()
+	return len(ps.chatPaths)
+}
+
+// Subscribe returns a channel that receives a signal whenever
+// paths change for chatID, along with an unsubscribe function
+// that removes the channel.
+func (ps *PathStore) Subscribe(chatID uuid.UUID) (<-chan struct{}, func()) {
+	ch := make(chan struct{}, 1)
+
+	ps.mu.Lock()
+	ps.subscribers[chatID] = append(ps.subscribers[chatID], ch)
+	ps.mu.Unlock()
+
+	unsub := func() {
+		ps.mu.Lock()
+		defer ps.mu.Unlock()
+		subs := ps.subscribers[chatID]
+		for i, s := range subs {
+			if s == ch {
+				ps.subscribers[chatID] = append(subs[:i], subs[i+1:]...)
+				break
+			}
+		}
+	}
+
+	return ch, unsub
+}
@@ -0,0 +1,268 @@
+package agentgit_test
+
+import (
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/v2/agent/agentgit"
+	"github.com/coder/coder/v2/testutil"
+)
+
+func TestPathStore_AddPaths_StoresForChatAndAncestors(t *testing.T) {
+	t.Parallel()
+
+	ps := agentgit.NewPathStore()
+	chatID := uuid.New()
+	ancestor1 := uuid.New()
+	ancestor2 := uuid.New()
+
+	ps.AddPaths([]uuid.UUID{chatID, ancestor1, ancestor2}, []string{"/a", "/b"})
+
+	// All three IDs should see the paths.
+	require.Equal(t, []string{"/a", "/b"}, ps.GetPaths(chatID))
+	require.Equal(t, []string{"/a", "/b"}, ps.GetPaths(ancestor1))
+	require.Equal(t, []string{"/a", "/b"}, ps.GetPaths(ancestor2))
+
+	// An unrelated chat should see nothing.
+	require.Nil(t, ps.GetPaths(uuid.New()))
+}
+
+func TestPathStore_AddPaths_SkipsNilUUIDs(t *testing.T) {
+	t.Parallel()
+
+	ps := agentgit.NewPathStore()
+
+	// A nil chatID should be a no-op.
+	ps.AddPaths([]uuid.UUID{uuid.Nil}, []string{"/x"})
+	require.Nil(t, ps.GetPaths(uuid.Nil))
+
+	// A nil ancestor should be silently skipped.
+	chatID := uuid.New()
+	ps.AddPaths([]uuid.UUID{chatID, uuid.Nil}, []string{"/y"})
+	require.Equal(t, []string{"/y"}, ps.GetPaths(chatID))
+	require.Nil(t, ps.GetPaths(uuid.Nil))
+}
+
+func TestPathStore_GetPaths_DeduplicatedSorted(t *testing.T) {
+	t.Parallel()
+
+	ps := agentgit.NewPathStore()
+	chatID := uuid.New()
+
+	ps.AddPaths([]uuid.UUID{chatID}, []string{"/z", "/a", "/m", "/a", "/z"})
+	ps.AddPaths([]uuid.UUID{chatID}, []string{"/a", "/b"})
+
+	got := ps.GetPaths(chatID)
+	require.Equal(t, []string{"/a", "/b", "/m", "/z"}, got)
+}
+
+func TestPathStore_Subscribe_ReceivesNotification(t *testing.T) {
+	t.Parallel()
+
+	ps := agentgit.NewPathStore()
+	chatID := uuid.New()
+
+	ch, unsub := ps.Subscribe(chatID)
+	defer unsub()
+
+	ps.AddPaths([]uuid.UUID{chatID}, []string{"/file"})
+
+	ctx := testutil.Context(t, testutil.WaitShort)
+	select {
+	case <-ch:
+		// Success.
+	case <-ctx.Done():
+		t.Fatal("timed out waiting for notification")
+	}
+}
+
+func TestPathStore_Subscribe_MultipleSubscribers(t *testing.T) {
+	t.Parallel()
+
+	ps := agentgit.NewPathStore()
+	chatID := uuid.New()
+
+	ch1, unsub1 := ps.Subscribe(chatID)
+	defer unsub1()
+	ch2, unsub2 := ps.Subscribe(chatID)
+	defer unsub2()
+
+	ps.AddPaths([]uuid.UUID{chatID}, []string{"/file"})
+
+	ctx := testutil.Context(t, testutil.WaitShort)
+	for i, ch := range []<-chan struct{}{ch1, ch2} {
+		select {
+		case <-ch:
+			// OK
+		case <-ctx.Done():
+			t.Fatalf("subscriber %d did not receive notification", i)
+		}
+	}
+}
+
+func TestPathStore_Unsubscribe_StopsNotifications(t *testing.T) {
+	t.Parallel()
+
+	ps := agentgit.NewPathStore()
+	chatID := uuid.New()
+
+	ch, unsub := ps.Subscribe(chatID)
+	unsub()
+
+	ps.AddPaths([]uuid.UUID{chatID}, []string{"/file"})
+
+	// AddPaths sends synchronously via a non-blocking send to the
+	// buffered channel, so if a notification were going to arrive
+	// it would already be in the channel by now.
+	select {
+	case <-ch:
+		t.Fatal("received notification after unsubscribe")
+	default:
+		// Expected: no notification.
+	}
+}
+
+func TestPathStore_Subscribe_AncestorNotification(t *testing.T) {
+	t.Parallel()
+
+	ps := agentgit.NewPathStore()
+	chatID := uuid.New()
+	ancestor := uuid.New()
+
+	// Subscribe to the ancestor, then add paths via the child.
+	ch, unsub := ps.Subscribe(ancestor)
+	defer unsub()
+
+	ps.AddPaths([]uuid.UUID{chatID, ancestor}, []string{"/file"})
+
+	ctx := testutil.Context(t, testutil.WaitShort)
+	select {
+	case <-ch:
+		// Success.
+	case <-ctx.Done():
+		t.Fatal("ancestor subscriber did not receive notification")
+	}
+}
+
+func TestPathStore_Notify_NotifiesWithoutAddingPaths(t *testing.T) {
+	t.Parallel()
+
+	ps := agentgit.NewPathStore()
+	chatID := uuid.New()
+
+	ch, unsub := ps.Subscribe(chatID)
+	defer unsub()
+
+	ps.Notify([]uuid.UUID{chatID})
+
+	ctx := testutil.Context(t, testutil.WaitShort)
+	select {
+	case <-ch:
+		// Success.
+	case <-ctx.Done():
+		t.Fatal("timed out waiting for notification")
+	}
+
+	require.Nil(t, ps.GetPaths(chatID))
+}
+
+func TestPathStore_Notify_SkipsNilUUIDs(t *testing.T) {
+	t.Parallel()
+
+	ps := agentgit.NewPathStore()
+	chatID := uuid.New()
+
+	ch, unsub := ps.Subscribe(chatID)
+	defer unsub()
+
+	ps.Notify([]uuid.UUID{uuid.Nil})
+
+	// Notify sends synchronously via a non-blocking send to the
+	// buffered channel, so if a notification were going to arrive
+	// it would already be in the channel by now.
+	select {
+	case <-ch:
+		t.Fatal("received notification for nil UUID")
+	default:
+		// Expected: no notification.
+	}
+
+	require.Nil(t, ps.GetPaths(chatID))
+}
+
+func TestPathStore_Notify_AncestorNotification(t *testing.T) {
+	t.Parallel()
+
+	ps := agentgit.NewPathStore()
+	chatID := uuid.New()
+	ancestorID := uuid.New()
+
+	// Subscribe to the ancestor, then notify via the child.
+	ch, unsub := ps.Subscribe(ancestorID)
+	defer unsub()
+
+	ps.Notify([]uuid.UUID{chatID, ancestorID})
+
+	ctx := testutil.Context(t, testutil.WaitShort)
+	select {
+	case <-ch:
+		// Success.
+	case <-ctx.Done():
+		t.Fatal("ancestor subscriber did not receive notification")
+	}
+
+	require.Nil(t, ps.GetPaths(ancestorID))
+}
+
+func TestPathStore_ConcurrentSafety(t *testing.T) {
+	t.Parallel()
+
+	ps := agentgit.NewPathStore()
+	const goroutines = 20
+	const iterations = 50
+
+	chatIDs := make([]uuid.UUID, goroutines)
+	for i := range chatIDs {
+		chatIDs[i] = uuid.New()
+	}
+
+	var wg sync.WaitGroup
+	wg.Add(goroutines * 2) // writers + readers
+
+	// Writers.
+	for i := range goroutines {
+		go func(idx int) {
+			defer wg.Done()
+			for j := range iterations {
+				ancestors := []uuid.UUID{chatIDs[(idx+1)%goroutines]}
+				path := []string{
+					"/file-" + chatIDs[idx].String() + "-" + time.Now().Format(time.RFC3339Nano),
+					"/iter-" + string(rune('0'+j%10)),
+				}
+				ps.AddPaths(append([]uuid.UUID{chatIDs[idx]}, ancestors...), path)
+			}
+		}(i)
+	}
+
+	// Readers.
+	for i := range goroutines {
+		go func(idx int) {
+			defer wg.Done()
+			for range iterations {
+				_ = ps.GetPaths(chatIDs[idx])
+			}
+		}(i)
+	}
+
+	wg.Wait()
+
+	// Verify every chat has at least the paths it wrote.
+	for _, id := range chatIDs {
+		paths := ps.GetPaths(id)
+		require.NotEmpty(t, paths, "chat %s should have paths", id)
+	}
+}
@@ -0,0 +1,223 @@
+package agentproc
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"sort"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/google/uuid"
+
+	"cdr.dev/slog/v3"
+	"github.com/coder/coder/v2/agent/agentexec"
+	"github.com/coder/coder/v2/agent/agentgit"
+	"github.com/coder/coder/v2/coderd/httpapi"
+	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/workspacesdk"
+)
+
+// API exposes process-related operations through the agent.
+type API struct {
+	logger    slog.Logger
+	manager   *manager
+	pathStore *agentgit.PathStore
+}
+
+// NewAPI creates a new process API handler.
+func NewAPI(logger slog.Logger, execer agentexec.Execer, updateEnv func(current []string) (updated []string, err error), pathStore *agentgit.PathStore) *API {
+	return &API{
+		logger:    logger,
+		manager:   newManager(logger, execer, updateEnv),
+		pathStore: pathStore,
+	}
+}
+
+// Close shuts down the process manager, killing all running
+// processes.
+func (api *API) Close() error {
+	return api.manager.Close()
+}
+
+// Routes returns the HTTP handler for process-related routes.
+func (api *API) Routes() http.Handler {
+	r := chi.NewRouter()
+	r.Post("/start", api.handleStartProcess)
+	r.Get("/list", api.handleListProcesses)
+	r.Get("/{id}/output", api.handleProcessOutput)
+	r.Post("/{id}/signal", api.handleSignalProcess)
+	return r
+}
+
+// handleStartProcess starts a new process.
+func (api *API) handleStartProcess(rw http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	var req workspacesdk.StartProcessRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			Message: "Request body must be valid JSON.",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
+	if req.Command == "" {
+		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			Message: "Command is required.",
+		})
+		return
+	}
+
+	var chatID string
+	if id, _, ok := agentgit.ExtractChatContext(r); ok {
+		chatID = id.String()
+	}
+
+	proc, err := api.manager.start(req, chatID)
+	if err != nil {
+		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+			Message: "Failed to start process.",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
+	// Notify git watchers after the process finishes so that
+	// file changes made by the command are visible in the scan.
+	// If a workdir is provided, track it as a path as well.
+	if api.pathStore != nil {
+		if chatID, ancestorIDs, ok := agentgit.ExtractChatContext(r); ok {
+			allIDs := append([]uuid.UUID{chatID}, ancestorIDs...)
+			go func() {
+				<-proc.done
+				if req.WorkDir != "" {
+					api.pathStore.AddPaths(allIDs, []string{req.WorkDir})
+				} else {
+					api.pathStore.Notify(allIDs)
+				}
+			}()
+		}
+	}
+
+	httpapi.Write(ctx, rw, http.StatusOK, workspacesdk.StartProcessResponse{
+		ID:      proc.id,
+		Started: true,
+	})
+}
+
+// handleListProcesses lists all tracked processes.
+func (api *API) handleListProcesses(rw http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	var chatID string
+	if id, _, ok := agentgit.ExtractChatContext(r); ok {
+		chatID = id.String()
+	}
+
+	infos := api.manager.list(chatID)
+
+	// Sort by running state (running first), then by started_at
+	// descending so the most recent processes appear first.
+	sort.Slice(infos, func(i, j int) bool {
+		if infos[i].Running != infos[j].Running {
+			return infos[i].Running
+		}
+		return infos[i].StartedAt > infos[j].StartedAt
+	})
+
+	// Cap the response to avoid bloating LLM context.
+	const maxListProcesses = 10
+	if len(infos) > maxListProcesses {
+		infos = infos[:maxListProcesses]
+	}
+
+	httpapi.Write(ctx, rw, http.StatusOK, workspacesdk.ListProcessesResponse{
+		Processes: infos,
+	})
+}
+
+// handleProcessOutput returns the output of a process.
+func (api *API) handleProcessOutput(rw http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	id := chi.URLParam(r, "id")
+	proc, ok := api.manager.get(id)
+	if !ok {
+		httpapi.Write(ctx, rw, http.StatusNotFound, codersdk.Response{
+			Message: fmt.Sprintf("Process %q not found.", id),
+		})
+		return
+	}
+
+	output, truncated := proc.output()
+	info := proc.info()
+
+	httpapi.Write(ctx, rw, http.StatusOK, workspacesdk.ProcessOutputResponse{
+		Output:    output,
+		Truncated: truncated,
+		Running:   info.Running,
+		ExitCode:  info.ExitCode,
+	})
+}
+
+// handleSignalProcess sends a signal to a running process.
+func (api *API) handleSignalProcess(rw http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	id := chi.URLParam(r, "id")
+
+	var req workspacesdk.SignalProcessRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			Message: "Request body must be valid JSON.",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
+	if req.Signal == "" {
+		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			Message: "Signal is required.",
+		})
+		return
+	}
+
+	if req.Signal != "kill" && req.Signal != "terminate" {
+		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			Message: fmt.Sprintf(
+				"Unsupported signal %q. Use \"kill\" or \"terminate\".",
+				req.Signal,
+			),
+		})
+		return
+	}
+
+	if err := api.manager.signal(id, req.Signal); err != nil {
+		switch {
+		case errors.Is(err, errProcessNotFound):
+			httpapi.Write(ctx, rw, http.StatusNotFound, codersdk.Response{
+				Message: fmt.Sprintf("Process %q not found.", id),
+			})
+		case errors.Is(err, errProcessNotRunning):
+			httpapi.Write(ctx, rw, http.StatusConflict, codersdk.Response{
+				Message: fmt.Sprintf(
+					"Process %q is not running.", id,
+				),
+			})
+		default:
+			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+				Message: "Failed to signal process.",
+				Detail:  err.Error(),
+			})
+		}
+		return
+	}
+
+	httpapi.Write(ctx, rw, http.StatusOK, codersdk.Response{
+		Message: fmt.Sprintf(
+			"Signal %q sent to process %q.", req.Signal, id,
+		),
+	})
+}
@@ -0,0 +1,931 @@
+package agentproc_test
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"runtime"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"cdr.dev/slog/v3"
+	"cdr.dev/slog/v3/sloggers/slogtest"
+	"github.com/coder/coder/v2/agent/agentexec"
+	"github.com/coder/coder/v2/agent/agentgit"
+	"github.com/coder/coder/v2/agent/agentproc"
+	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/workspacesdk"
+	"github.com/coder/coder/v2/testutil"
+)
+
+// postStart sends a POST /start request and returns the recorder.
+func postStart(t *testing.T, handler http.Handler, req workspacesdk.StartProcessRequest, headers ...http.Header) *httptest.ResponseRecorder {
+	t.Helper()
+
+	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+	defer cancel()
+
+	body, err := json.Marshal(req)
+	require.NoError(t, err)
+
+	w := httptest.NewRecorder()
+	r := httptest.NewRequestWithContext(ctx, http.MethodPost, "/start", bytes.NewReader(body))
+	for _, h := range headers {
+		for k, vals := range h {
+			for _, v := range vals {
+				r.Header.Add(k, v)
+			}
+		}
+	}
+	handler.ServeHTTP(w, r)
+	return w
+}
+
+// getList sends a GET /list request and returns the recorder.
+func getList(t *testing.T, handler http.Handler) *httptest.ResponseRecorder {
+	t.Helper()
+
+	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+	defer cancel()
+
+	w := httptest.NewRecorder()
+	r := httptest.NewRequestWithContext(ctx, http.MethodGet, "/list", nil)
+	handler.ServeHTTP(w, r)
+	return w
+}
+
+// getOutput sends a GET /{id}/output request and returns the
+// recorder.
+func getOutput(t *testing.T, handler http.Handler, id string) *httptest.ResponseRecorder {
+	t.Helper()
+
+	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+	defer cancel()
+
+	w := httptest.NewRecorder()
+	r := httptest.NewRequestWithContext(ctx, http.MethodGet, fmt.Sprintf("/%s/output", id), nil)
+	handler.ServeHTTP(w, r)
+	return w
+}
+
+// postSignal sends a POST /{id}/signal request and returns
+// the recorder.
+func postSignal(t *testing.T, handler http.Handler, id string, req workspacesdk.SignalProcessRequest) *httptest.ResponseRecorder {
+	t.Helper()
+
+	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+	defer cancel()
+
+	body, err := json.Marshal(req)
+	require.NoError(t, err)
+
+	w := httptest.NewRecorder()
+	r := httptest.NewRequestWithContext(ctx, http.MethodPost, fmt.Sprintf("/%s/signal", id), bytes.NewReader(body))
+	handler.ServeHTTP(w, r)
+	return w
+}
+
+// newTestAPI creates a new API with a test logger and default
+// execer, returning the handler and API.
+func newTestAPI(t *testing.T) http.Handler {
+	t.Helper()
+	return newTestAPIWithUpdateEnv(t, nil)
+}
+
+// newTestAPIWithUpdateEnv creates a new API with an optional
+// updateEnv hook for testing environment injection.
+func newTestAPIWithUpdateEnv(t *testing.T, updateEnv func([]string) ([]string, error)) http.Handler {
+	t.Helper()
+
+	logger := slogtest.Make(t, &slogtest.Options{
+		IgnoreErrors: true,
+	}).Leveled(slog.LevelDebug)
+	api := agentproc.NewAPI(logger, agentexec.DefaultExecer, updateEnv, nil)
+	t.Cleanup(func() {
+		_ = api.Close()
+	})
+	return api.Routes()
+}
+
+// waitForExit polls the output endpoint until the process is
+// no longer running or the context expires.
+func waitForExit(t *testing.T, handler http.Handler, id string) workspacesdk.ProcessOutputResponse {
+	t.Helper()
+
+	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+	defer cancel()
+
+	ticker := time.NewTicker(50 * time.Millisecond)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ctx.Done():
+			t.Fatal("timed out waiting for process to exit")
+		case <-ticker.C:
+			w := getOutput(t, handler, id)
+			require.Equal(t, http.StatusOK, w.Code)
+
+			var resp workspacesdk.ProcessOutputResponse
+			err := json.NewDecoder(w.Body).Decode(&resp)
+			require.NoError(t, err)
+
+			if !resp.Running {
+				return resp
+			}
+		}
+	}
+}
+
+// startAndGetID is a helper that starts a process and returns
+// the process ID.
+func startAndGetID(t *testing.T, handler http.Handler, req workspacesdk.StartProcessRequest, headers ...http.Header) string {
+	t.Helper()
+
+	w := postStart(t, handler, req, headers...)
+	require.Equal(t, http.StatusOK, w.Code)
+
+	var resp workspacesdk.StartProcessResponse
+	err := json.NewDecoder(w.Body).Decode(&resp)
+	require.NoError(t, err)
+	require.True(t, resp.Started)
+	require.NotEmpty(t, resp.ID)
+	return resp.ID
+}
+
+func TestStartProcess(t *testing.T) {
+	t.Parallel()
+
+	t.Run("ForegroundCommand", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+		w := postStart(t, handler, workspacesdk.StartProcessRequest{
+			Command: "echo hello",
+		})
+		require.Equal(t, http.StatusOK, w.Code)
+
+		var resp workspacesdk.StartProcessResponse
+		err := json.NewDecoder(w.Body).Decode(&resp)
+		require.NoError(t, err)
+		require.True(t, resp.Started)
+		require.NotEmpty(t, resp.ID)
+	})
+
+	t.Run("BackgroundCommand", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+		w := postStart(t, handler, workspacesdk.StartProcessRequest{
+			Command:    "echo background",
+			Background: true,
+		})
+		require.Equal(t, http.StatusOK, w.Code)
+
+		var resp workspacesdk.StartProcessResponse
+		err := json.NewDecoder(w.Body).Decode(&resp)
+		require.NoError(t, err)
+		require.True(t, resp.Started)
+		require.NotEmpty(t, resp.ID)
+	})
+
+	t.Run("EmptyCommand", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+		w := postStart(t, handler, workspacesdk.StartProcessRequest{
+			Command: "",
+		})
+		require.Equal(t, http.StatusBadRequest, w.Code)
+
+		var resp codersdk.Response
+		err := json.NewDecoder(w.Body).Decode(&resp)
+		require.NoError(t, err)
+		require.Contains(t, resp.Message, "Command is required")
+	})
+
+	t.Run("MalformedJSON", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+		defer cancel()
+
+		w := httptest.NewRecorder()
+		r := httptest.NewRequestWithContext(ctx, http.MethodPost, "/start", strings.NewReader("{invalid json"))
+		handler.ServeHTTP(w, r)
+
+		require.Equal(t, http.StatusBadRequest, w.Code)
+
+		var resp codersdk.Response
+		err := json.NewDecoder(w.Body).Decode(&resp)
+		require.NoError(t, err)
+		require.Contains(t, resp.Message, "valid JSON")
+	})
+
+	t.Run("CustomWorkDir", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+		tmpDir := t.TempDir()
+
+		// Write a marker file to verify the command ran in
+		// the correct directory. Comparing pwd output is
+		// unreliable on Windows where Git Bash returns POSIX
+		// paths.
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command: "touch marker.txt && ls marker.txt",
+			WorkDir: tmpDir,
+		})
+
+		resp := waitForExit(t, handler, id)
+		require.NotNil(t, resp.ExitCode)
+		require.Equal(t, 0, *resp.ExitCode)
+		require.Contains(t, resp.Output, "marker.txt")
+	})
+
+	t.Run("CustomEnv", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		// Use a unique env var name to avoid collisions in
+		// parallel tests.
+		envKey := fmt.Sprintf("TEST_PROC_ENV_%d", time.Now().UnixNano())
+		envVal := "custom_value_12345"
+
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command: fmt.Sprintf("printenv %s", envKey),
+			Env:     map[string]string{envKey: envVal},
+		})
+
+		resp := waitForExit(t, handler, id)
+		require.NotNil(t, resp.ExitCode)
+		require.Equal(t, 0, *resp.ExitCode)
+		require.Contains(t, strings.TrimSpace(resp.Output), envVal)
+	})
+
+	t.Run("UpdateEnvHook", func(t *testing.T) {
+		t.Parallel()
+
+		envKey := fmt.Sprintf("TEST_UPDATE_ENV_%d", time.Now().UnixNano())
+		envVal := "injected_by_hook"
+
+		handler := newTestAPIWithUpdateEnv(t, func(current []string) ([]string, error) {
+			return append(current, fmt.Sprintf("%s=%s", envKey, envVal)), nil
+		})
+
+		// The process should see the variable even though it
+		// was not passed in req.Env.
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command: fmt.Sprintf("printenv %s", envKey),
+		})
+
+		resp := waitForExit(t, handler, id)
+		require.NotNil(t, resp.ExitCode)
+		require.Equal(t, 0, *resp.ExitCode)
+		require.Contains(t, strings.TrimSpace(resp.Output), envVal)
+	})
+
+	t.Run("UpdateEnvHookOverriddenByReqEnv", func(t *testing.T) {
+		t.Parallel()
+
+		envKey := fmt.Sprintf("TEST_OVERRIDE_%d", time.Now().UnixNano())
+		hookVal := "from_hook"
+		reqVal := "from_request"
+
+		handler := newTestAPIWithUpdateEnv(t, func(current []string) ([]string, error) {
+			return append(current, fmt.Sprintf("%s=%s", envKey, hookVal)), nil
+		})
+
+		// req.Env should take precedence over the hook.
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command: fmt.Sprintf("printenv %s", envKey),
+			Env:     map[string]string{envKey: reqVal},
+		})
+
+		resp := waitForExit(t, handler, id)
+		require.NotNil(t, resp.ExitCode)
+		require.Equal(t, 0, *resp.ExitCode)
+		// When duplicate env vars exist, shells use the last
+		// value. Since req.Env is appended after the hook,
+		// the request value wins.
+		require.Contains(t, strings.TrimSpace(resp.Output), reqVal)
+	})
+}
+
+func TestListProcesses(t *testing.T) {
+	t.Parallel()
+
+	t.Run("NoProcesses", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+		w := getList(t, handler)
+		require.Equal(t, http.StatusOK, w.Code)
+
+		var resp workspacesdk.ListProcessesResponse
+		err := json.NewDecoder(w.Body).Decode(&resp)
+		require.NoError(t, err)
+		require.NotNil(t, resp.Processes)
+		require.Empty(t, resp.Processes)
+	})
+
+	t.Run("FilterByChatID", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		chatA := uuid.New().String()
+		chatB := uuid.New().String()
+		headersA := http.Header{workspacesdk.CoderChatIDHeader: {chatA}}
+		headersB := http.Header{workspacesdk.CoderChatIDHeader: {chatB}}
+
+		// Start processes with different chat IDs.
+		id1 := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command: "echo chat-a",
+		}, headersA)
+		waitForExit(t, handler, id1)
+
+		id2 := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command: "echo chat-b",
+		}, headersB)
+		waitForExit(t, handler, id2)
+
+		id3 := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command: "echo chat-a-2",
+		}, headersA)
+		waitForExit(t, handler, id3)
+
+		// List with chat A header should return 2 processes.
+		w := getListWithChatHeader(t, handler, chatA)
+		require.Equal(t, http.StatusOK, w.Code)
+
+		var resp workspacesdk.ListProcessesResponse
+		err := json.NewDecoder(w.Body).Decode(&resp)
+		require.NoError(t, err)
+		require.Len(t, resp.Processes, 2)
+
+		ids := make(map[string]bool)
+		for _, p := range resp.Processes {
+			ids[p.ID] = true
+		}
+		require.True(t, ids[id1])
+		require.True(t, ids[id3])
+
+		// List with chat B header should return 1 process.
+		w2 := getListWithChatHeader(t, handler, chatB)
+		require.Equal(t, http.StatusOK, w2.Code)
+
+		var resp2 workspacesdk.ListProcessesResponse
+		err = json.NewDecoder(w2.Body).Decode(&resp2)
+		require.NoError(t, err)
+		require.Len(t, resp2.Processes, 1)
+		require.Equal(t, id2, resp2.Processes[0].ID)
+
+		// List without chat header should return all 3.
+		w3 := getList(t, handler)
+		require.Equal(t, http.StatusOK, w3.Code)
+
+		var resp3 workspacesdk.ListProcessesResponse
+		err = json.NewDecoder(w3.Body).Decode(&resp3)
+		require.NoError(t, err)
+		require.Len(t, resp3.Processes, 3)
+	})
+
+	t.Run("ChatIDFiltering", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+		chatID := uuid.New().String()
+		headers := http.Header{workspacesdk.CoderChatIDHeader: {chatID}}
+
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command: "echo with-chat",
+		}, headers)
+		waitForExit(t, handler, id)
+
+		// Listing with the same chat header should return
+		// the process.
+		w := getListWithChatHeader(t, handler, chatID)
+		require.Equal(t, http.StatusOK, w.Code)
+
+		var resp workspacesdk.ListProcessesResponse
+		err := json.NewDecoder(w.Body).Decode(&resp)
+		require.NoError(t, err)
+		require.Len(t, resp.Processes, 1)
+		require.Equal(t, id, resp.Processes[0].ID)
+
+		// Listing with a different chat header should not
+		// return the process.
+		w2 := getListWithChatHeader(t, handler, uuid.New().String())
+		require.Equal(t, http.StatusOK, w2.Code)
+
+		var resp2 workspacesdk.ListProcessesResponse
+		err = json.NewDecoder(w2.Body).Decode(&resp2)
+		require.NoError(t, err)
+		require.Empty(t, resp2.Processes)
+
+		// Listing without a chat header should return the
+		// process (no filtering).
+		w3 := getList(t, handler)
+		require.Equal(t, http.StatusOK, w3.Code)
+
+		var resp3 workspacesdk.ListProcessesResponse
+		err = json.NewDecoder(w3.Body).Decode(&resp3)
+		require.NoError(t, err)
+		require.Len(t, resp3.Processes, 1)
+	})
+
+	t.Run("SortAndLimit", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		// Start 12 short-lived processes so we exceed the
+		// limit of 10.
+		for i := 0; i < 12; i++ {
+			id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+				Command: fmt.Sprintf("echo proc-%d", i),
+			})
+			waitForExit(t, handler, id)
+		}
+
+		w := getList(t, handler)
+		require.Equal(t, http.StatusOK, w.Code)
+
+		var resp workspacesdk.ListProcessesResponse
+		err := json.NewDecoder(w.Body).Decode(&resp)
+		require.NoError(t, err)
+		require.Len(t, resp.Processes, 10, "should be capped at 10")
+
+		// All returned processes are exited, so they should
+		// be sorted by StartedAt descending (newest first).
+		for i := 1; i < len(resp.Processes); i++ {
+			require.GreaterOrEqual(t, resp.Processes[i-1].StartedAt, resp.Processes[i].StartedAt,
+				"processes should be sorted by started_at descending")
+		}
+	})
+
+	t.Run("RunningProcessesSortedFirst", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		// Start an exited process first.
+		exitedID := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command: "echo done",
+		})
+		waitForExit(t, handler, exitedID)
+
+		// Start a running process after.
+		runningID := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command:    "sleep 300",
+			Background: true,
+		})
+
+		w := getList(t, handler)
+		require.Equal(t, http.StatusOK, w.Code)
+
+		var resp workspacesdk.ListProcessesResponse
+		err := json.NewDecoder(w.Body).Decode(&resp)
+		require.NoError(t, err)
+		require.Len(t, resp.Processes, 2)
+
+		// Running process should come first regardless of
+		// start order.
+		require.Equal(t, runningID, resp.Processes[0].ID)
+		require.True(t, resp.Processes[0].Running)
+		require.Equal(t, exitedID, resp.Processes[1].ID)
+		require.False(t, resp.Processes[1].Running)
+
+		// Clean up.
+		postSignal(t, handler, runningID, workspacesdk.SignalProcessRequest{
+			Signal: "kill",
+		})
+	})
+
+	t.Run("MixedRunningAndExited", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		// Start a process that exits quickly.
+		exitedID := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command: "echo done",
+		})
+		waitForExit(t, handler, exitedID)
+
+		// Start a long-running process.
+		runningID := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command:    "sleep 300",
+			Background: true,
+		})
+
+		// List should contain both.
+		w := getList(t, handler)
+		require.Equal(t, http.StatusOK, w.Code)
+
+		var resp workspacesdk.ListProcessesResponse
+		err := json.NewDecoder(w.Body).Decode(&resp)
+		require.NoError(t, err)
+		require.Len(t, resp.Processes, 2)
+
+		procMap := make(map[string]workspacesdk.ProcessInfo)
+		for _, p := range resp.Processes {
+			procMap[p.ID] = p
+		}
+
+		exited, ok := procMap[exitedID]
+		require.True(t, ok, "exited process should be in list")
+		require.False(t, exited.Running)
+		require.NotNil(t, exited.ExitCode)
+
+		running, ok := procMap[runningID]
+		require.True(t, ok, "running process should be in list")
+		require.True(t, running.Running)
+
+		// Clean up the long-running process.
+		sw := postSignal(t, handler, runningID, workspacesdk.SignalProcessRequest{
+			Signal: "kill",
+		})
+		require.Equal(t, http.StatusOK, sw.Code)
+	})
+}
+
+// getListWithChatHeader sends a GET /list request with the
+// Coder-Chat-Id header set and returns the recorder.
+func getListWithChatHeader(t *testing.T, handler http.Handler, chatID string) *httptest.ResponseRecorder {
+	t.Helper()
+
+	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+	defer cancel()
+
+	w := httptest.NewRecorder()
+	r := httptest.NewRequestWithContext(ctx, http.MethodGet, "/list", nil)
+	if chatID != "" {
+		r.Header.Set(workspacesdk.CoderChatIDHeader, chatID)
+	}
+	handler.ServeHTTP(w, r)
+	return w
+}
+
+func TestProcessOutput(t *testing.T) {
+	t.Parallel()
+
+	t.Run("ExitedProcess", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command: "echo hello-output",
+		})
+
+		resp := waitForExit(t, handler, id)
+		require.False(t, resp.Running)
+		require.NotNil(t, resp.ExitCode)
+		require.Equal(t, 0, *resp.ExitCode)
+		require.Contains(t, resp.Output, "hello-output")
+	})
+
+	t.Run("RunningProcess", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command:    "sleep 300",
+			Background: true,
+		})
+
+		w := getOutput(t, handler, id)
+		require.Equal(t, http.StatusOK, w.Code)
+
+		var resp workspacesdk.ProcessOutputResponse
+		err := json.NewDecoder(w.Body).Decode(&resp)
+		require.NoError(t, err)
+		require.True(t, resp.Running)
+
+		// Kill and wait for the process so cleanup does
+		// not hang.
+		postSignal(
+			t, handler, id,
+			workspacesdk.SignalProcessRequest{Signal: "kill"},
+		)
+		waitForExit(t, handler, id)
+	})
+
+	t.Run("NonexistentProcess", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+		w := getOutput(t, handler, "nonexistent-id-12345")
+		require.Equal(t, http.StatusNotFound, w.Code)
+
+		var resp codersdk.Response
+		err := json.NewDecoder(w.Body).Decode(&resp)
+		require.NoError(t, err)
+		require.Contains(t, resp.Message, "not found")
+	})
+}
+
+func TestSignalProcess(t *testing.T) {
+	t.Parallel()
+
+	t.Run("KillRunning", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command:    "sleep 300",
+			Background: true,
+		})
+
+		w := postSignal(t, handler, id, workspacesdk.SignalProcessRequest{
+			Signal: "kill",
+		})
+		require.Equal(t, http.StatusOK, w.Code)
+
+		// Verify the process exits.
+		resp := waitForExit(t, handler, id)
+		require.False(t, resp.Running)
+	})
+
+	t.Run("TerminateRunning", func(t *testing.T) {
+		t.Parallel()
+
+		if runtime.GOOS == "windows" {
+			t.Skip("SIGTERM is not supported on Windows")
+		}
+
+		handler := newTestAPI(t)
+
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command:    "sleep 300",
+			Background: true,
+		})
+
+		w := postSignal(t, handler, id, workspacesdk.SignalProcessRequest{
+			Signal: "terminate",
+		})
+		require.Equal(t, http.StatusOK, w.Code)
+
+		// Verify the process exits.
+		resp := waitForExit(t, handler, id)
+		require.False(t, resp.Running)
+	})
+
+	t.Run("NonexistentProcess", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+		w := postSignal(t, handler, "nonexistent-id-12345", workspacesdk.SignalProcessRequest{
+			Signal: "kill",
+		})
+		require.Equal(t, http.StatusNotFound, w.Code)
+	})
+
+	t.Run("AlreadyExitedProcess", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command: "echo done",
+		})
+
+		// Wait for exit first.
+		waitForExit(t, handler, id)
+
+		// Signaling an exited process should return 409
+		// Conflict via the errProcessNotRunning sentinel.
+		w := postSignal(t, handler, id, workspacesdk.SignalProcessRequest{
+			Signal: "kill",
+		})
+		assert.Equal(t, http.StatusConflict, w.Code,
+			"expected 409 for signaling exited process, got %d", w.Code)
+	})
+
+	t.Run("EmptySignal", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command:    "sleep 300",
+			Background: true,
+		})
+
+		w := postSignal(t, handler, id, workspacesdk.SignalProcessRequest{
+			Signal: "",
+		})
+		require.Equal(t, http.StatusBadRequest, w.Code)
+
+		var resp codersdk.Response
+		err := json.NewDecoder(w.Body).Decode(&resp)
+		require.NoError(t, err)
+		require.Contains(t, resp.Message, "Signal is required")
+
+		// Clean up.
+		postSignal(t, handler, id, workspacesdk.SignalProcessRequest{
+			Signal: "kill",
+		})
+	})
+
+	t.Run("InvalidSignal", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command:    "sleep 300",
+			Background: true,
+		})
+
+		w := postSignal(t, handler, id, workspacesdk.SignalProcessRequest{
+			Signal: "SIGFOO",
+		})
+		require.Equal(t, http.StatusBadRequest, w.Code)
+
+		var resp codersdk.Response
+		err := json.NewDecoder(w.Body).Decode(&resp)
+		require.NoError(t, err)
+		require.Contains(t, resp.Message, "Unsupported signal")
+
+		// Clean up.
+		postSignal(t, handler, id, workspacesdk.SignalProcessRequest{
+			Signal: "kill",
+		})
+	})
+}
+
+func TestHandleStartProcess_ChatHeaders_EmptyWorkDir_StillNotifies(t *testing.T) {
+	t.Parallel()
+
+	pathStore := agentgit.NewPathStore()
+	chatID := uuid.New()
+	ch, unsub := pathStore.Subscribe(chatID)
+	defer unsub()
+
+	logger := slogtest.Make(t, nil).Leveled(slog.LevelDebug)
+	api := agentproc.NewAPI(logger, agentexec.DefaultExecer, func(current []string) ([]string, error) {
+		return current, nil
+	}, pathStore)
+	defer api.Close()
+
+	routes := api.Routes()
+
+	body, err := json.Marshal(workspacesdk.StartProcessRequest{
+		Command: "echo hello",
+	})
+	require.NoError(t, err)
+
+	req := httptest.NewRequest(http.MethodPost, "/start", bytes.NewReader(body))
+	req.Header.Set(workspacesdk.CoderChatIDHeader, chatID.String())
+	rw := httptest.NewRecorder()
+	routes.ServeHTTP(rw, req)
+
+	require.Equal(t, http.StatusOK, rw.Code)
+
+	// The subscriber should be notified even though no paths
+	// were added.
+	select {
+	case <-ch:
+	case <-time.After(testutil.WaitShort):
+		t.Fatal("timed out waiting for path store notification")
+	}
+
+	// No paths should have been stored for this chat.
+	require.Nil(t, pathStore.GetPaths(chatID))
+}
+
+func TestProcessLifecycle(t *testing.T) {
+	t.Parallel()
+
+	t.Run("StartWaitCheckOutput", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command: "echo lifecycle-test && echo second-line",
+		})
+
+		resp := waitForExit(t, handler, id)
+		require.False(t, resp.Running)
+		require.NotNil(t, resp.ExitCode)
+		require.Equal(t, 0, *resp.ExitCode)
+		require.Contains(t, resp.Output, "lifecycle-test")
+		require.Contains(t, resp.Output, "second-line")
+	})
+
+	t.Run("NonZeroExitCode", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command: "exit 42",
+		})
+
+		resp := waitForExit(t, handler, id)
+		require.False(t, resp.Running)
+		require.NotNil(t, resp.ExitCode)
+		require.Equal(t, 42, *resp.ExitCode)
+	})
+
+	t.Run("StartSignalVerifyExit", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		// Start a long-running background process.
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command:    "sleep 300",
+			Background: true,
+		})
+
+		// Verify it's running.
+		w := getOutput(t, handler, id)
+		require.Equal(t, http.StatusOK, w.Code)
+		var running workspacesdk.ProcessOutputResponse
+		err := json.NewDecoder(w.Body).Decode(&running)
+		require.NoError(t, err)
+		require.True(t, running.Running)
+
+		// Signal it.
+		sw := postSignal(t, handler, id, workspacesdk.SignalProcessRequest{
+			Signal: "kill",
+		})
+		require.Equal(t, http.StatusOK, sw.Code)
+
+		// Verify it exits.
+		resp := waitForExit(t, handler, id)
+		require.False(t, resp.Running)
+		require.NotNil(t, resp.ExitCode)
+	})
+
+	t.Run("OutputExceedsBuffer", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		// Generate output that exceeds MaxHeadBytes +
+		// MaxTailBytes. Each line is ~100 chars, and we
+		// need more than 32KB total (16KB head + 16KB
+		// tail).
+		lineCount := (agentproc.MaxHeadBytes+agentproc.MaxTailBytes)/50 + 500
+		cmd := fmt.Sprintf(
+			"for i in $(seq 1 %d); do echo \"line-$i-padding-to-make-this-longer-than-fifty-characters-total\"; done",
+			lineCount,
+		)
+
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command: cmd,
+		})
+
+		resp := waitForExit(t, handler, id)
+		require.False(t, resp.Running)
+		require.NotNil(t, resp.ExitCode)
+		require.Equal(t, 0, *resp.ExitCode)
+
+		// The output should be truncated with head/tail
+		// strategy metadata.
+		require.NotNil(t, resp.Truncated, "large output should be truncated")
+		require.Equal(t, "head_tail", resp.Truncated.Strategy)
+		require.Greater(t, resp.Truncated.OmittedBytes, 0)
+		require.Greater(t, resp.Truncated.OriginalBytes, resp.Truncated.RetainedBytes)
+
+		// Verify the output contains the omission marker.
+		require.Contains(t, resp.Output, "... [omitted")
+	})
+
+	t.Run("StderrCaptured", func(t *testing.T) {
+		t.Parallel()
+
+		handler := newTestAPI(t)
+
+		id := startAndGetID(t, handler, workspacesdk.StartProcessRequest{
+			Command: "echo stdout-msg && echo stderr-msg >&2",
+		})
+
+		resp := waitForExit(t, handler, id)
+		require.False(t, resp.Running)
+		require.NotNil(t, resp.ExitCode)
+		require.Equal(t, 0, *resp.ExitCode)
+		// Both stdout and stderr should be captured.
+		require.Contains(t, resp.Output, "stdout-msg")
+		require.Contains(t, resp.Output, "stderr-msg")
+	})
+}
@@ -0,0 +1,309 @@
+package agentproc
+
+import (
+	"fmt"
+	"strings"
+	"sync"
+
+	"github.com/coder/coder/v2/codersdk/workspacesdk"
+)
+
+const (
+	// MaxHeadBytes is the number of bytes retained from the
+	// beginning of the output for LLM consumption.
+	MaxHeadBytes = 16 << 10 // 16KB
+
+	// MaxTailBytes is the number of bytes retained from the
+	// end of the output for LLM consumption.
+	MaxTailBytes = 16 << 10 // 16KB
+
+	// MaxLineLength is the maximum length of a single line
+	// before it is truncated. This prevents minified files
+	// or other long single-line output from consuming the
+	// entire buffer.
+	MaxLineLength = 2048
+
+	// lineTruncationSuffix is appended to lines that exceed
+	// MaxLineLength.
+	lineTruncationSuffix = " ... [truncated]"
+)
+
+// HeadTailBuffer is a thread-safe buffer that captures process
+// output and provides head+tail truncation for LLM consumption.
+// It implements io.Writer so it can be used directly as
+// cmd.Stdout or cmd.Stderr.
+//
+// The buffer stores up to MaxHeadBytes from the beginning of
+// the output and up to MaxTailBytes from the end in a ring
+// buffer, keeping total memory usage bounded regardless of
+// how much output is written.
+type HeadTailBuffer struct {
+	mu         sync.Mutex
+	head       []byte
+	tail       []byte
+	tailPos    int
+	tailFull   bool
+	headFull   bool
+	totalBytes int
+	maxHead    int
+	maxTail    int
+}
+
+// NewHeadTailBuffer creates a new HeadTailBuffer with the
+// default head and tail sizes.
+func NewHeadTailBuffer() *HeadTailBuffer {
+	return &HeadTailBuffer{
+		maxHead: MaxHeadBytes,
+		maxTail: MaxTailBytes,
+	}
+}
+
+// NewHeadTailBufferSized creates a HeadTailBuffer with custom
+// head and tail sizes. This is useful for testing truncation
+// logic with smaller buffers.
+func NewHeadTailBufferSized(maxHead, maxTail int) *HeadTailBuffer {
+	return &HeadTailBuffer{
+		maxHead: maxHead,
+		maxTail: maxTail,
+	}
+}
+
+// Write implements io.Writer. It is safe for concurrent use.
+// All bytes are accepted; the return value always equals
+// len(p) with a nil error.
+func (b *HeadTailBuffer) Write(p []byte) (int, error) {
+	if len(p) == 0 {
+		return 0, nil
+	}
+
+	b.mu.Lock()
+	defer b.mu.Unlock()
+
+	n := len(p)
+	b.totalBytes += n
+
+	// Fill head buffer if it is not yet full.
+	if !b.headFull {
+		remaining := b.maxHead - len(b.head)
+		if remaining > 0 {
+			take := remaining
+			if take > len(p) {
+				take = len(p)
+			}
+			b.head = append(b.head, p[:take]...)
+			p = p[take:]
+			if len(b.head) >= b.maxHead {
+				b.headFull = true
+			}
+		}
+		if len(p) == 0 {
+			return n, nil
+		}
+	}
+
+	// Write remaining bytes into the tail ring buffer.
+	b.writeTail(p)
+	return n, nil
+}
+
+// writeTail appends data to the tail ring buffer. The caller
+// must hold b.mu.
+func (b *HeadTailBuffer) writeTail(p []byte) {
+	if b.maxTail <= 0 {
+		return
+	}
+
+	// Lazily allocate the tail buffer on first use.
+	if b.tail == nil {
+		b.tail = make([]byte, b.maxTail)
+	}
+
+	for len(p) > 0 {
+		// Write as many bytes as fit starting at tailPos.
+		space := b.maxTail - b.tailPos
+		take := space
+		if take > len(p) {
+			take = len(p)
+		}
+		copy(b.tail[b.tailPos:b.tailPos+take], p[:take])
+		p = p[take:]
+		b.tailPos += take
+		if b.tailPos >= b.maxTail {
+			b.tailPos = 0
+			b.tailFull = true
+		}
+	}
+}
+
+// tailBytes returns the current tail contents in order. The
+// caller must hold b.mu.
+func (b *HeadTailBuffer) tailBytes() []byte {
+	if b.tail == nil {
+		return nil
+	}
+	if !b.tailFull {
+		// Haven't wrapped yet; data is [0, tailPos).
+		return b.tail[:b.tailPos]
+	}
+	// Wrapped: data is [tailPos, maxTail) + [0, tailPos).
+	out := make([]byte, b.maxTail)
+	n := copy(out, b.tail[b.tailPos:])
+	copy(out[n:], b.tail[:b.tailPos])
+	return out
+}
+
+// Bytes returns a copy of the raw buffer contents. If no
+// truncation has occurred the full output is returned;
+// otherwise the head and tail portions are concatenated.
+func (b *HeadTailBuffer) Bytes() []byte {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+
+	tail := b.tailBytes()
+	if len(tail) == 0 {
+		out := make([]byte, len(b.head))
+		copy(out, b.head)
+		return out
+	}
+	out := make([]byte, len(b.head)+len(tail))
+	copy(out, b.head)
+	copy(out[len(b.head):], tail)
+	return out
+}
+
+// Len returns the number of bytes currently stored in the
+// buffer.
+func (b *HeadTailBuffer) Len() int {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+
+	tailLen := 0
+	if b.tailFull {
+		tailLen = b.maxTail
+	} else if b.tail != nil {
+		tailLen = b.tailPos
+	}
+	return len(b.head) + tailLen
+}
+
+// TotalWritten returns the total number of bytes written to
+// the buffer, which may exceed the stored capacity.
+func (b *HeadTailBuffer) TotalWritten() int {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+	return b.totalBytes
+}
+
+// Output returns the truncated output suitable for LLM
+// consumption, along with truncation metadata. If the total
+// output fits within the head buffer alone, the full output is
+// returned with nil truncation info. Otherwise the head and
+// tail are joined with an omission marker and long lines are
+// truncated.
+func (b *HeadTailBuffer) Output() (string, *workspacesdk.ProcessTruncation) {
+	b.mu.Lock()
+	head := make([]byte, len(b.head))
+	copy(head, b.head)
+	tail := b.tailBytes()
+	total := b.totalBytes
+	headFull := b.headFull
+	b.mu.Unlock()
+
+	storedLen := len(head) + len(tail)
+
+	// If everything fits, no head/tail split is needed.
+	if !headFull || len(tail) == 0 {
+		out := truncateLines(string(head))
+		if total == 0 {
+			return "", nil
+		}
+		return out, nil
+	}
+
+	// We have both head and tail data, meaning the total
+	// output exceeded the head capacity. Build the
+	// combined output with an omission marker.
+	omitted := total - storedLen
+	headStr := truncateLines(string(head))
+	tailStr := truncateLines(string(tail))
+
+	var sb strings.Builder
+	_, _ = sb.WriteString(headStr)
+	if omitted > 0 {
+		_, _ = sb.WriteString(fmt.Sprintf(
+			"\n\n... [omitted %d bytes] ...\n\n",
+			omitted,
+		))
+	} else {
+		// Head and tail are contiguous but were stored
+		// separately because the head filled up.
+		_, _ = sb.WriteString("\n")
+	}
+	_, _ = sb.WriteString(tailStr)
+	result := sb.String()
+
+	return result, &workspacesdk.ProcessTruncation{
+		OriginalBytes: total,
+		RetainedBytes: len(result),
+		OmittedBytes:  omitted,
+		Strategy:      "head_tail",
+	}
+}
+
+// truncateLines scans the input line by line and truncates
+// any line longer than MaxLineLength.
+func truncateLines(s string) string {
+	if len(s) <= MaxLineLength {
+		// Fast path: if the entire string is shorter than
+		// the max line length, no line can exceed it.
+		return s
+	}
+
+	var b strings.Builder
+	b.Grow(len(s))
+
+	for len(s) > 0 {
+		idx := strings.IndexByte(s, '\n')
+		var line string
+		if idx == -1 {
+			line = s
+			s = ""
+		} else {
+			line = s[:idx]
+			s = s[idx+1:]
+		}
+
+		if len(line) > MaxLineLength {
+			// Truncate preserving the suffix length so the
+			// total does not exceed a reasonable size.
+			cut := MaxLineLength - len(lineTruncationSuffix)
+			if cut < 0 {
+				cut = 0
+			}
+			_, _ = b.WriteString(line[:cut])
+			_, _ = b.WriteString(lineTruncationSuffix)
+		} else {
+			_, _ = b.WriteString(line)
+		}
+
+		// Re-add the newline unless this was the final
+		// segment without a trailing newline.
+		if idx != -1 {
+			_ = b.WriteByte('\n')
+		}
+	}
+
+	return b.String()
+}
+
+// Reset clears the buffer, discarding all data.
+func (b *HeadTailBuffer) Reset() {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+	b.head = nil
+	b.tail = nil
+	b.tailPos = 0
+	b.tailFull = false
+	b.headFull = false
+	b.totalBytes = 0
+}
@@ -0,0 +1,338 @@
+package agentproc_test
+
+import (
+	"fmt"
+	"strings"
+	"sync"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/v2/agent/agentproc"
+)
+
+func TestHeadTailBuffer_EmptyBuffer(t *testing.T) {
+	t.Parallel()
+
+	buf := agentproc.NewHeadTailBuffer()
+	out, info := buf.Output()
+	require.Empty(t, out)
+	require.Nil(t, info)
+	require.Equal(t, 0, buf.Len())
+	require.Equal(t, 0, buf.TotalWritten())
+	require.Empty(t, buf.Bytes())
+}
+
+func TestHeadTailBuffer_SmallOutput(t *testing.T) {
+	t.Parallel()
+
+	buf := agentproc.NewHeadTailBuffer()
+	data := "hello world\n"
+	n, err := buf.Write([]byte(data))
+	require.NoError(t, err)
+	require.Equal(t, len(data), n)
+
+	out, info := buf.Output()
+	require.Equal(t, data, out)
+	require.Nil(t, info, "small output should not be truncated")
+	require.Equal(t, len(data), buf.Len())
+	require.Equal(t, len(data), buf.TotalWritten())
+}
+
+func TestHeadTailBuffer_ExactlyHeadSize(t *testing.T) {
+	t.Parallel()
+
+	buf := agentproc.NewHeadTailBuffer()
+
+	// Build data that is exactly MaxHeadBytes using short
+	// lines so that line truncation does not apply.
+	line := strings.Repeat("x", 79) + "\n" // 80 bytes per line
+	count := agentproc.MaxHeadBytes / len(line)
+	pad := agentproc.MaxHeadBytes - (count * len(line))
+	data := strings.Repeat(line, count) + strings.Repeat("y", pad)
+	require.Equal(t, agentproc.MaxHeadBytes, len(data),
+		"test data must be exactly MaxHeadBytes")
+
+	n, err := buf.Write([]byte(data))
+	require.NoError(t, err)
+	require.Equal(t, agentproc.MaxHeadBytes, n)
+
+	out, info := buf.Output()
+	require.Equal(t, data, out)
+	require.Nil(t, info, "output fitting in head should not be truncated")
+	require.Equal(t, agentproc.MaxHeadBytes, buf.Len())
+}
+
+func TestHeadTailBuffer_HeadPlusTailNoOmission(t *testing.T) {
+	t.Parallel()
+
+	// Use a small buffer so we can test the boundary where
+	// head fills and tail starts but nothing is omitted.
+	// With maxHead=10, maxTail=10, writing exactly 20 bytes
+	// means head gets 10, tail gets 10, omitted = 0.
+	buf := agentproc.NewHeadTailBufferSized(10, 10)
+
+	data := "0123456789abcdefghij" // 20 bytes
+	n, err := buf.Write([]byte(data))
+	require.NoError(t, err)
+	require.Equal(t, 20, n)
+
+	out, info := buf.Output()
+	require.NotNil(t, info)
+	require.Equal(t, 0, info.OmittedBytes)
+	require.Equal(t, "head_tail", info.Strategy)
+	// The output should contain both head and tail.
+	require.Contains(t, out, "0123456789")
+	require.Contains(t, out, "abcdefghij")
+}
+
+func TestHeadTailBuffer_LargeOutputTruncation(t *testing.T) {
+	t.Parallel()
+
+	// Use small head/tail so truncation is easy to verify.
+	buf := agentproc.NewHeadTailBufferSized(10, 10)
+
+	// Write 100 bytes: head=10, tail=10, omitted=80.
+	data := strings.Repeat("A", 50) + strings.Repeat("Z", 50)
+	n, err := buf.Write([]byte(data))
+	require.NoError(t, err)
+	require.Equal(t, 100, n)
+
+	out, info := buf.Output()
+	require.NotNil(t, info)
+	require.Equal(t, 100, info.OriginalBytes)
+	require.Equal(t, 80, info.OmittedBytes)
+	require.Equal(t, "head_tail", info.Strategy)
+
+	// Head should be first 10 bytes (all A's).
+	require.True(t, strings.HasPrefix(out, "AAAAAAAAAA"))
+	// Tail should be last 10 bytes (all Z's).
+	require.True(t, strings.HasSuffix(out, "ZZZZZZZZZZ"))
+	// Omission marker should be present.
+	require.Contains(t, out, "... [omitted 80 bytes] ...")
+
+	require.Equal(t, 20, buf.Len())
+	require.Equal(t, 100, buf.TotalWritten())
+}
+
+func TestHeadTailBuffer_MultiMBStaysBounded(t *testing.T) {
+	t.Parallel()
+
+	buf := agentproc.NewHeadTailBuffer()
+
+	// Write 5MB of data in chunks.
+	chunk := []byte(strings.Repeat("x", 4096) + "\n")
+	totalWritten := 0
+	for totalWritten < 5*1024*1024 {
+		n, err := buf.Write(chunk)
+		require.NoError(t, err)
+		require.Equal(t, len(chunk), n)
+		totalWritten += n
+	}
+
+	// Memory should be bounded to head+tail.
+	require.LessOrEqual(t, buf.Len(),
+		agentproc.MaxHeadBytes+agentproc.MaxTailBytes)
+	require.Equal(t, totalWritten, buf.TotalWritten())
+
+	out, info := buf.Output()
+	require.NotNil(t, info)
+	require.Equal(t, totalWritten, info.OriginalBytes)
+	require.Greater(t, info.OmittedBytes, 0)
+	require.NotEmpty(t, out)
+}
+
+func TestHeadTailBuffer_LongLineTruncation(t *testing.T) {
+	t.Parallel()
+
+	buf := agentproc.NewHeadTailBuffer()
+
+	// Write a line longer than MaxLineLength.
+	longLine := strings.Repeat("m", agentproc.MaxLineLength+500)
+	_, err := buf.Write([]byte(longLine + "\n"))
+	require.NoError(t, err)
+
+	out, _ := buf.Output()
+	lines := strings.Split(strings.TrimRight(out, "\n"), "\n")
+	require.Len(t, lines, 1)
+	require.LessOrEqual(t, len(lines[0]), agentproc.MaxLineLength)
+	require.True(t, strings.HasSuffix(lines[0], "... [truncated]"))
+}
+
+func TestHeadTailBuffer_LongLineInTail(t *testing.T) {
+	t.Parallel()
+
+	// Use small buffers so we can force data into the tail.
+	buf := agentproc.NewHeadTailBufferSized(20, 5000)
+
+	// Fill head with short data.
+	_, err := buf.Write([]byte("head data goes here\n"))
+	require.NoError(t, err)
+
+	// Now write a very long line into the tail.
+	longLine := strings.Repeat("T", agentproc.MaxLineLength+100)
+	_, err = buf.Write([]byte(longLine + "\n"))
+	require.NoError(t, err)
+
+	out, info := buf.Output()
+	require.NotNil(t, info)
+	// The long line in the tail should be truncated.
+	require.Contains(t, out, "... [truncated]")
+}
+
+func TestHeadTailBuffer_ConcurrentWrites(t *testing.T) {
+	t.Parallel()
+
+	buf := agentproc.NewHeadTailBuffer()
+
+	const goroutines = 10
+	const writes = 1000
+	var wg sync.WaitGroup
+	wg.Add(goroutines)
+
+	for g := range goroutines {
+		go func() {
+			defer wg.Done()
+			line := fmt.Sprintf("goroutine-%d: data\n", g)
+			for range writes {
+				_, err := buf.Write([]byte(line))
+				assert.NoError(t, err)
+			}
+		}()
+	}
+
+	wg.Wait()
+
+	// Verify totals are consistent.
+	require.Greater(t, buf.TotalWritten(), 0)
+	require.Greater(t, buf.Len(), 0)
+
+	out, _ := buf.Output()
+	require.NotEmpty(t, out)
+}
+
+func TestHeadTailBuffer_TruncationInfoFields(t *testing.T) {
+	t.Parallel()
+
+	buf := agentproc.NewHeadTailBufferSized(10, 10)
+
+	// Write enough to cause omission.
+	data := strings.Repeat("D", 50)
+	_, err := buf.Write([]byte(data))
+	require.NoError(t, err)
+
+	_, info := buf.Output()
+	require.NotNil(t, info)
+	require.Equal(t, 50, info.OriginalBytes)
+	require.Equal(t, 30, info.OmittedBytes)
+	require.Equal(t, "head_tail", info.Strategy)
+	// RetainedBytes is the length of the formatted output
+	// string including the omission marker.
+	require.Greater(t, info.RetainedBytes, 0)
+}
+
+func TestHeadTailBuffer_MultipleSmallWrites(t *testing.T) {
+	t.Parallel()
+
+	buf := agentproc.NewHeadTailBuffer()
+
+	// Write one byte at a time.
+	expected := "hello world"
+	for i := range len(expected) {
+		n, err := buf.Write([]byte{expected[i]})
+		require.NoError(t, err)
+		require.Equal(t, 1, n)
+	}
+
+	out, info := buf.Output()
+	require.Equal(t, expected, out)
+	require.Nil(t, info)
+}
+
+func TestHeadTailBuffer_WriteEmptySlice(t *testing.T) {
+	t.Parallel()
+
+	buf := agentproc.NewHeadTailBuffer()
+	n, err := buf.Write([]byte{})
+	require.NoError(t, err)
+	require.Equal(t, 0, n)
+	require.Equal(t, 0, buf.TotalWritten())
+}
+
+func TestHeadTailBuffer_Reset(t *testing.T) {
+	t.Parallel()
+
+	buf := agentproc.NewHeadTailBuffer()
+	_, err := buf.Write([]byte("some data"))
+	require.NoError(t, err)
+	require.Greater(t, buf.Len(), 0)
+
+	buf.Reset()
+
+	require.Equal(t, 0, buf.Len())
+	require.Equal(t, 0, buf.TotalWritten())
+	out, info := buf.Output()
+	require.Empty(t, out)
+	require.Nil(t, info)
+}
+
+func TestHeadTailBuffer_BytesReturnsCopy(t *testing.T) {
+	t.Parallel()
+
+	buf := agentproc.NewHeadTailBuffer()
+	_, err := buf.Write([]byte("original"))
+	require.NoError(t, err)
+
+	b := buf.Bytes()
+	require.Equal(t, []byte("original"), b)
+
+	// Mutating the returned slice should not affect the
+	// buffer.
+	b[0] = 'X'
+	require.Equal(t, []byte("original"), buf.Bytes())
+}
+
+func TestHeadTailBuffer_RingBufferWraparound(t *testing.T) {
+	t.Parallel()
+
+	// Use a tail of 10 bytes and write enough to wrap
+	// around multiple times.
+	buf := agentproc.NewHeadTailBufferSized(5, 10)
+
+	// Fill head (5 bytes).
+	_, err := buf.Write([]byte("HEADD"))
+	require.NoError(t, err)
+
+	// Write 25 bytes into tail, wrapping 2.5 times.
+	_, err = buf.Write([]byte("0123456789"))
+	require.NoError(t, err)
+	_, err = buf.Write([]byte("abcdefghij"))
+	require.NoError(t, err)
+	_, err = buf.Write([]byte("ABCDE"))
+	require.NoError(t, err)
+
+	out, info := buf.Output()
+	require.NotNil(t, info)
+	// Tail should contain the last 10 bytes: "fghijABCDE".
+	require.True(t, strings.HasSuffix(out, "fghijABCDE"),
+		"expected tail to be last 10 bytes, got: %q", out)
+}
+
+func TestHeadTailBuffer_MultipleLinesTruncated(t *testing.T) {
+	t.Parallel()
+
+	buf := agentproc.NewHeadTailBuffer()
+
+	short := "short line\n"
+	long := strings.Repeat("L", agentproc.MaxLineLength+100) + "\n"
+	_, err := buf.Write([]byte(short + long + short))
+	require.NoError(t, err)
+
+	out, _ := buf.Output()
+	lines := strings.Split(strings.TrimRight(out, "\n"), "\n")
+	require.Len(t, lines, 3)
+	require.Equal(t, "short line", lines[0])
+	require.True(t, strings.HasSuffix(lines[1], "... [truncated]"))
+	require.Equal(t, "short line", lines[2])
+}
@@ -0,0 +1,318 @@
+package agentproc
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"os/exec"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/google/uuid"
+	"golang.org/x/xerrors"
+
+	"cdr.dev/slog/v3"
+	"github.com/coder/coder/v2/agent/agentexec"
+	"github.com/coder/coder/v2/codersdk/workspacesdk"
+	"github.com/coder/quartz"
+)
+
+var (
+	errProcessNotFound   = xerrors.New("process not found")
+	errProcessNotRunning = xerrors.New("process is not running")
+
+	// exitedProcessReapAge is how long an exited process is
+	// kept before being automatically removed from the map.
+	exitedProcessReapAge = 5 * time.Minute
+)
+
+// process represents a running or completed process.
+type process struct {
+	mu         sync.Mutex
+	id         string
+	command    string
+	workDir    string
+	background bool
+	chatID     string
+	cmd        *exec.Cmd
+	cancel     context.CancelFunc
+	buf        *HeadTailBuffer
+	running    bool
+	exitCode   *int
+	startedAt  int64
+	exitedAt   *int64
+	done       chan struct{} // closed when process exits
+}
+
+// info returns a snapshot of the process state.
+func (p *process) info() workspacesdk.ProcessInfo {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	return workspacesdk.ProcessInfo{
+		ID:         p.id,
+		Command:    p.command,
+		WorkDir:    p.workDir,
+		Background: p.background,
+		Running:    p.running,
+		ExitCode:   p.exitCode,
+		StartedAt:  p.startedAt,
+		ExitedAt:   p.exitedAt,
+	}
+}
+
+// output returns the truncated output from the process buffer
+// along with optional truncation metadata.
+func (p *process) output() (string, *workspacesdk.ProcessTruncation) {
+	return p.buf.Output()
+}
+
+// manager tracks processes spawned by the agent.
+type manager struct {
+	mu        sync.Mutex
+	logger    slog.Logger
+	execer    agentexec.Execer
+	clock     quartz.Clock
+	procs     map[string]*process
+	closed    bool
+	updateEnv func(current []string) (updated []string, err error)
+}
+
+// newManager creates a new process manager.
+func newManager(logger slog.Logger, execer agentexec.Execer, updateEnv func(current []string) (updated []string, err error)) *manager {
+	return &manager{
+		logger:    logger,
+		execer:    execer,
+		clock:     quartz.NewReal(),
+		procs:     make(map[string]*process),
+		updateEnv: updateEnv,
+	}
+}
+
+// start spawns a new process. Both foreground and background
+// processes use a long-lived context so the process survives
+// the HTTP request lifecycle. The background flag only affects
+// client-side polling behavior.
+func (m *manager) start(req workspacesdk.StartProcessRequest, chatID string) (*process, error) {
+	m.mu.Lock()
+	if m.closed {
+		m.mu.Unlock()
+		return nil, xerrors.New("manager is closed")
+	}
+	m.mu.Unlock()
+
+	id := uuid.New().String()
+
+	// Use a cancellable context so Close() can terminate
+	// all processes. context.Background() is the parent so
+	// the process is not tied to any HTTP request.
+	ctx, cancel := context.WithCancel(context.Background())
+	cmd := m.execer.CommandContext(ctx, "sh", "-c", req.Command)
+	if req.WorkDir != "" {
+		cmd.Dir = req.WorkDir
+	}
+	cmd.Stdin = nil
+
+	// WaitDelay ensures cmd.Wait returns promptly after
+	// the process is killed, even if child processes are
+	// still holding the stdout/stderr pipes open.
+	cmd.WaitDelay = 5 * time.Second
+
+	buf := NewHeadTailBuffer()
+	cmd.Stdout = buf
+	cmd.Stderr = buf
+
+	// Build the process environment. If the manager has an
+	// updateEnv hook (provided by the agent), use it to get the
+	// full agent environment including GIT_ASKPASS, CODER_* vars,
+	// etc. Otherwise fall back to the current process env.
+	baseEnv := os.Environ()
+	if m.updateEnv != nil {
+		updated, err := m.updateEnv(baseEnv)
+		if err != nil {
+			m.logger.Warn(
+				context.Background(),
+				"failed to update command environment, falling back to os env",
+				slog.Error(err),
+			)
+		} else {
+			baseEnv = updated
+		}
+	}
+
+	// Always set cmd.Env explicitly so that req.Env overrides
+	// are applied on top of the full agent environment.
+	cmd.Env = baseEnv
+	for k, v := range req.Env {
+		cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", k, v))
+	}
+
+	if err := cmd.Start(); err != nil {
+		cancel()
+		return nil, xerrors.Errorf("start process: %w", err)
+	}
+
+	now := m.clock.Now().Unix()
+	proc := &process{
+		id:         id,
+		command:    req.Command,
+		workDir:    req.WorkDir,
+		background: req.Background,
+		chatID:     chatID,
+		cmd:        cmd,
+		cancel:     cancel,
+		buf:        buf,
+		running:    true,
+		startedAt:  now,
+		done:       make(chan struct{}),
+	}
+
+	m.mu.Lock()
+	if m.closed {
+		m.mu.Unlock()
+		// Manager closed between our check and now. Kill the
+		// process we just started.
+		cancel()
+		_ = cmd.Wait()
+		return nil, xerrors.New("manager is closed")
+	}
+	m.procs[id] = proc
+	m.mu.Unlock()
+
+	go func() {
+		err := cmd.Wait()
+		exitedAt := m.clock.Now().Unix()
+
+		proc.mu.Lock()
+		proc.running = false
+		proc.exitedAt = &exitedAt
+		code := 0
+		if err != nil {
+			// Extract the exit code from the error.
+			var exitErr *exec.ExitError
+			if xerrors.As(err, &exitErr) {
+				code = exitErr.ExitCode()
+			} else {
+				// Unknown error; use -1 as a sentinel.
+				code = -1
+				m.logger.Warn(
+					context.Background(),
+					"process wait returned non-exit error",
+					slog.F("id", id),
+					slog.Error(err),
+				)
+			}
+		}
+		proc.exitCode = &code
+		proc.mu.Unlock()
+
+		close(proc.done)
+	}()
+
+	return proc, nil
+}
+
+// get returns a process by ID.
+func (m *manager) get(id string) (*process, bool) {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	proc, ok := m.procs[id]
+	return proc, ok
+}
+
+// list returns info about all tracked processes. Exited
+// processes older than exitedProcessReapAge are removed.
+// If chatID is non-empty, only processes belonging to that
+// chat are returned.
+func (m *manager) list(chatID string) []workspacesdk.ProcessInfo {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+
+	now := m.clock.Now()
+	infos := make([]workspacesdk.ProcessInfo, 0, len(m.procs))
+	for id, proc := range m.procs {
+		info := proc.info()
+		// Reap processes that exited more than 5 minutes ago
+		// to prevent unbounded map growth.
+		if !info.Running && info.ExitedAt != nil {
+			exitedAt := time.Unix(*info.ExitedAt, 0)
+			if now.Sub(exitedAt) > exitedProcessReapAge {
+				delete(m.procs, id)
+				continue
+			}
+		}
+		// Filter by chatID if provided.
+		if chatID != "" && proc.chatID != chatID {
+			continue
+		}
+		infos = append(infos, info)
+	}
+	return infos
+}
+
+// signal sends a signal to a running process. It returns
+// sentinel errors errProcessNotFound and errProcessNotRunning
+// so callers can distinguish failure modes.
+func (m *manager) signal(id string, sig string) error {
+	m.mu.Lock()
+	proc, ok := m.procs[id]
+	m.mu.Unlock()
+
+	if !ok {
+		return errProcessNotFound
+	}
+
+	proc.mu.Lock()
+	defer proc.mu.Unlock()
+
+	if !proc.running {
+		return errProcessNotRunning
+	}
+
+	switch sig {
+	case "kill":
+		if err := proc.cmd.Process.Kill(); err != nil {
+			return xerrors.Errorf("kill process: %w", err)
+		}
+	case "terminate":
+		//nolint:revive // syscall.SIGTERM is portable enough
+		// for our supported platforms.
+		if err := proc.cmd.Process.Signal(syscall.SIGTERM); err != nil {
+			return xerrors.Errorf("terminate process: %w", err)
+		}
+	default:
+		return xerrors.Errorf("unsupported signal %q", sig)
+	}
+
+	return nil
+}
+
+// Close kills all running processes and prevents new ones from
+// starting. It cancels each process's context, which causes
+// CommandContext to kill the process and its pipe goroutines to
+// drain.
+func (m *manager) Close() error {
+	m.mu.Lock()
+	if m.closed {
+		m.mu.Unlock()
+		return nil
+	}
+	m.closed = true
+	procs := make([]*process, 0, len(m.procs))
+	for _, p := range m.procs {
+		procs = append(procs, p)
+	}
+	m.mu.Unlock()
+
+	for _, p := range procs {
+		p.cancel()
+	}
+
+	// Wait for all processes to exit.
+	for _, p := range procs {
+		<-p.done
+	}
+
+	return nil
+}
@@ -8,6 +8,7 @@ import (
 	"storj.io/drpc/drpcconn"

 	"github.com/coder/coder/v2/agent/agentsocket/proto"
+	agentproto "github.com/coder/coder/v2/agent/proto"
 	"github.com/coder/coder/v2/agent/unit"
 )

@@ -132,6 +133,11 @@ func (c *Client) SyncStatus(ctx context.Context, unitName unit.ID) (SyncStatusRe
 	}, nil
 }

+// UpdateAppStatus forwards an app status update to coderd via the agent.
+func (c *Client) UpdateAppStatus(ctx context.Context, req *agentproto.UpdateAppStatusRequest) (*agentproto.UpdateAppStatusResponse, error) {
+	return c.client.UpdateAppStatus(ctx, req)
+}
+
 // SyncStatusResponse contains the status information for a unit.
 type SyncStatusResponse struct {
 	UnitName     unit.ID          `table:"unit,default_sort" json:"unit_name"`
@@ -7,6 +7,7 @@
 package proto

 import (
+	proto "github.com/coder/coder/v2/agent/proto"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	reflect "reflect"
@@ -649,90 +650,98 @@ var file_agent_agentsocket_proto_agentsocket_proto_rawDesc = []byte{
 	0x6b, 0x65, 0x74, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73,
 	0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x14, 0x63, 0x6f, 0x64,
 	0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x76,
-	0x31, 0x22, 0x0d, 0x0a, 0x0b, 0x50, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x22, 0x0e, 0x0a, 0x0c, 0x50, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x22, 0x26, 0x0a, 0x10, 0x53, 0x79, 0x6e, 0x63, 0x53, 0x74, 0x61, 0x72, 0x74, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x22, 0x13, 0x0a, 0x11, 0x53, 0x79, 0x6e, 0x63,
-	0x53, 0x74, 0x61, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x44, 0x0a,
-	0x0f, 0x53, 0x79, 0x6e, 0x63, 0x57, 0x61, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x12, 0x12, 0x0a, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x75, 0x6e, 0x69, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x73, 0x5f,
-	0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x64, 0x65, 0x70, 0x65, 0x6e, 0x64,
-	0x73, 0x4f, 0x6e, 0x22, 0x12, 0x0a, 0x10, 0x53, 0x79, 0x6e, 0x63, 0x57, 0x61, 0x6e, 0x74, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x29, 0x0a, 0x13, 0x53, 0x79, 0x6e, 0x63, 0x43,
-	0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12,
-	0x0a, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x6e,
-	0x69, 0x74, 0x22, 0x16, 0x0a, 0x14, 0x53, 0x79, 0x6e, 0x63, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65,
-	0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x26, 0x0a, 0x10, 0x53, 0x79,
-	0x6e, 0x63, 0x52, 0x65, 0x61, 0x64, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12,
-	0x0a, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x6e,
-	0x69, 0x74, 0x22, 0x29, 0x0a, 0x11, 0x53, 0x79, 0x6e, 0x63, 0x52, 0x65, 0x61, 0x64, 0x79, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x65, 0x61, 0x64, 0x79,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x05, 0x72, 0x65, 0x61, 0x64, 0x79, 0x22, 0x27, 0x0a,
-	0x11, 0x53, 0x79, 0x6e, 0x63, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x22, 0xb6, 0x01, 0x0a, 0x0e, 0x44, 0x65, 0x70, 0x65, 0x6e,
-	0x64, 0x65, 0x6e, 0x63, 0x79, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x6e, 0x69,
+	0x31, 0x1a, 0x17, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x61,
+	0x67, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x0d, 0x0a, 0x0b, 0x50, 0x69,
+	0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0e, 0x0a, 0x0c, 0x50, 0x69, 0x6e,
+	0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x26, 0x0a, 0x10, 0x53, 0x79, 0x6e,
+	0x63, 0x53, 0x74, 0x61, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a,
+	0x04, 0x75, 0x6e, 0x69, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x6e, 0x69,
+	0x74, 0x22, 0x13, 0x0a, 0x11, 0x53, 0x79, 0x6e, 0x63, 0x53, 0x74, 0x61, 0x72, 0x74, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x44, 0x0a, 0x0f, 0x53, 0x79, 0x6e, 0x63, 0x57, 0x61,
+	0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x6e, 0x69,
 	0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x12, 0x1d, 0x0a,
 	0x0a, 0x64, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x73, 0x5f, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x09, 0x64, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x73, 0x4f, 0x6e, 0x12, 0x27, 0x0a, 0x0f,
-	0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x53,
-	0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74,
-	0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63,
-	0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x21, 0x0a, 0x0c,
-	0x69, 0x73, 0x5f, 0x73, 0x61, 0x74, 0x69, 0x73, 0x66, 0x69, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01,
-	0x28, 0x08, 0x52, 0x0b, 0x69, 0x73, 0x53, 0x61, 0x74, 0x69, 0x73, 0x66, 0x69, 0x65, 0x64, 0x22,
-	0x91, 0x01, 0x0a, 0x12, 0x53, 0x79, 0x6e, 0x63, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x19,
-	0x0a, 0x08, 0x69, 0x73, 0x5f, 0x72, 0x65, 0x61, 0x64, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08,
-	0x52, 0x07, 0x69, 0x73, 0x52, 0x65, 0x61, 0x64, 0x79, 0x12, 0x48, 0x0a, 0x0c, 0x64, 0x65, 0x70,
-	0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x69, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x24, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63,
-	0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63,
-	0x79, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0c, 0x64, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63,
-	0x69, 0x65, 0x73, 0x32, 0xbb, 0x04, 0x0a, 0x0b, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x53, 0x6f, 0x63,
-	0x6b, 0x65, 0x74, 0x12, 0x4d, 0x0a, 0x04, 0x50, 0x69, 0x6e, 0x67, 0x12, 0x21, 0x2e, 0x63, 0x6f,
-	0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e,
-	0x76, 0x31, 0x2e, 0x50, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22,
-	0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b,
-	0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x12, 0x5c, 0x0a, 0x09, 0x53, 0x79, 0x6e, 0x63, 0x53, 0x74, 0x61, 0x72, 0x74, 0x12,
-	0x26, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63,
-	0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x53, 0x74, 0x61, 0x72, 0x74,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e,
-	0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53,
-	0x79, 0x6e, 0x63, 0x53, 0x74, 0x61, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x12, 0x59, 0x0a, 0x08, 0x53, 0x79, 0x6e, 0x63, 0x57, 0x61, 0x6e, 0x74, 0x12, 0x25, 0x2e, 0x63,
-	0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74,
-	0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x57, 0x61, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e,
-	0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x57,
-	0x61, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x65, 0x0a, 0x0c, 0x53,
-	0x79, 0x6e, 0x63, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x29, 0x2e, 0x63, 0x6f,
-	0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e,
-	0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2a, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61,
-	0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79,
-	0x6e, 0x63, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x12, 0x5c, 0x0a, 0x09, 0x53, 0x79, 0x6e, 0x63, 0x52, 0x65, 0x61, 0x64, 0x79, 0x12,
-	0x26, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63,
-	0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x52, 0x65, 0x61, 0x64, 0x79,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e,
-	0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53,
+	0x09, 0x52, 0x09, 0x64, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x73, 0x4f, 0x6e, 0x22, 0x12, 0x0a, 0x10,
+	0x53, 0x79, 0x6e, 0x63, 0x57, 0x61, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x22, 0x29, 0x0a, 0x13, 0x53, 0x79, 0x6e, 0x63, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x22, 0x16, 0x0a, 0x14, 0x53,
+	0x79, 0x6e, 0x63, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0x26, 0x0a, 0x10, 0x53, 0x79, 0x6e, 0x63, 0x52, 0x65, 0x61, 0x64, 0x79,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x22, 0x29, 0x0a, 0x11, 0x53,
 	0x79, 0x6e, 0x63, 0x52, 0x65, 0x61, 0x64, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x12, 0x5f, 0x0a, 0x0a, 0x53, 0x79, 0x6e, 0x63, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x27,
-	0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b,
-	0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e,
+	0x12, 0x14, 0x0a, 0x05, 0x72, 0x65, 0x61, 0x64, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x05, 0x72, 0x65, 0x61, 0x64, 0x79, 0x22, 0x27, 0x0a, 0x11, 0x53, 0x79, 0x6e, 0x63, 0x53, 0x74,
+	0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x75,
+	0x6e, 0x69, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x22,
+	0xb6, 0x01, 0x0a, 0x0e, 0x44, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x49, 0x6e,
+	0x66, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x65, 0x6e, 0x64,
+	0x73, 0x5f, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x64, 0x65, 0x70, 0x65,
+	0x6e, 0x64, 0x73, 0x4f, 0x6e, 0x12, 0x27, 0x0a, 0x0f, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65,
+	0x64, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e,
+	0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x25,
+	0x0a, 0x0e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x53,
+	0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x73, 0x5f, 0x73, 0x61, 0x74, 0x69,
+	0x73, 0x66, 0x69, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x73, 0x53,
+	0x61, 0x74, 0x69, 0x73, 0x66, 0x69, 0x65, 0x64, 0x22, 0x91, 0x01, 0x0a, 0x12, 0x53, 0x79, 0x6e,
+	0x63, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
+	0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x73, 0x5f, 0x72, 0x65,
+	0x61, 0x64, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x69, 0x73, 0x52, 0x65, 0x61,
+	0x64, 0x79, 0x12, 0x48, 0x0a, 0x0c, 0x64, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x69,
+	0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72,
+	0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e,
+	0x44, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0c,
+	0x64, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x69, 0x65, 0x73, 0x32, 0x9f, 0x05, 0x0a,
+	0x0b, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x4d, 0x0a, 0x04,
+	0x50, 0x69, 0x6e, 0x67, 0x12, 0x21, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65,
+	0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x69, 0x6e, 0x67,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e,
+	0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x50,
+	0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5c, 0x0a, 0x09, 0x53,
+	0x79, 0x6e, 0x63, 0x53, 0x74, 0x61, 0x72, 0x74, 0x12, 0x26, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72,
+	0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e,
+	0x53, 0x79, 0x6e, 0x63, 0x53, 0x74, 0x61, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x27, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f,
+	0x63, 0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x53, 0x74, 0x61, 0x72,
+	0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x59, 0x0a, 0x08, 0x53, 0x79, 0x6e,
+	0x63, 0x57, 0x61, 0x6e, 0x74, 0x12, 0x25, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67,
+	0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e,
+	0x63, 0x57, 0x61, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x63,
+	0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74,
+	0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x57, 0x61, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x65, 0x0a, 0x0c, 0x53, 0x79, 0x6e, 0x63, 0x43, 0x6f, 0x6d, 0x70,
+	0x6c, 0x65, 0x74, 0x65, 0x12, 0x29, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65,
+	0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63,
+	0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x2a, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63,
+	0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x43, 0x6f, 0x6d, 0x70, 0x6c,
+	0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5c, 0x0a, 0x09, 0x53,
+	0x79, 0x6e, 0x63, 0x52, 0x65, 0x61, 0x64, 0x79, 0x12, 0x26, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72,
+	0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e,
+	0x53, 0x79, 0x6e, 0x63, 0x52, 0x65, 0x61, 0x64, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x27, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f,
+	0x63, 0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x52, 0x65, 0x61, 0x64,
+	0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f, 0x0a, 0x0a, 0x53, 0x79, 0x6e,
+	0x63, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x27, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e,
 	0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53,
-	0x79, 0x6e, 0x63, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x65, 0x42, 0x33, 0x5a, 0x31, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
-	0x63, 0x6f, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x61,
-	0x67, 0x65, 0x6e, 0x74, 0x2f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74,
-	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x79, 0x6e, 0x63, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x28, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f,
+	0x63, 0x6b, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x53, 0x74, 0x61, 0x74,
+	0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x62, 0x0a, 0x0f, 0x55, 0x70,
+	0x64, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x26, 0x2e,
+	0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x55,
+	0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67,
+	0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70,
+	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x33,
+	0x5a, 0x31, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x64,
+	0x65, 0x72, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x67, 0x65, 0x6e,
+	0x74, 0x2f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }

 var (
@@ -749,19 +758,21 @@ func file_agent_agentsocket_proto_agentsocket_proto_rawDescGZIP() []byte {

 var file_agent_agentsocket_proto_agentsocket_proto_msgTypes = make([]protoimpl.MessageInfo, 13)
 var file_agent_agentsocket_proto_agentsocket_proto_goTypes = []interface{}{
-	(*PingRequest)(nil),          // 0: coder.agentsocket.v1.PingRequest
-	(*PingResponse)(nil),         // 1: coder.agentsocket.v1.PingResponse
-	(*SyncStartRequest)(nil),     // 2: coder.agentsocket.v1.SyncStartRequest
-	(*SyncStartResponse)(nil),    // 3: coder.agentsocket.v1.SyncStartResponse
-	(*SyncWantRequest)(nil),      // 4: coder.agentsocket.v1.SyncWantRequest
-	(*SyncWantResponse)(nil),     // 5: coder.agentsocket.v1.SyncWantResponse
-	(*SyncCompleteRequest)(nil),  // 6: coder.agentsocket.v1.SyncCompleteRequest
-	(*SyncCompleteResponse)(nil), // 7: coder.agentsocket.v1.SyncCompleteResponse
-	(*SyncReadyRequest)(nil),     // 8: coder.agentsocket.v1.SyncReadyRequest
-	(*SyncReadyResponse)(nil),    // 9: coder.agentsocket.v1.SyncReadyResponse
-	(*SyncStatusRequest)(nil),    // 10: coder.agentsocket.v1.SyncStatusRequest
-	(*DependencyInfo)(nil),       // 11: coder.agentsocket.v1.DependencyInfo
-	(*SyncStatusResponse)(nil),   // 12: coder.agentsocket.v1.SyncStatusResponse
+	(*PingRequest)(nil),                   // 0: coder.agentsocket.v1.PingRequest
+	(*PingResponse)(nil),                  // 1: coder.agentsocket.v1.PingResponse
+	(*SyncStartRequest)(nil),              // 2: coder.agentsocket.v1.SyncStartRequest
+	(*SyncStartResponse)(nil),             // 3: coder.agentsocket.v1.SyncStartResponse
+	(*SyncWantRequest)(nil),               // 4: coder.agentsocket.v1.SyncWantRequest
+	(*SyncWantResponse)(nil),              // 5: coder.agentsocket.v1.SyncWantResponse
+	(*SyncCompleteRequest)(nil),           // 6: coder.agentsocket.v1.SyncCompleteRequest
+	(*SyncCompleteResponse)(nil),          // 7: coder.agentsocket.v1.SyncCompleteResponse
+	(*SyncReadyRequest)(nil),              // 8: coder.agentsocket.v1.SyncReadyRequest
+	(*SyncReadyResponse)(nil),             // 9: coder.agentsocket.v1.SyncReadyResponse
+	(*SyncStatusRequest)(nil),             // 10: coder.agentsocket.v1.SyncStatusRequest
+	(*DependencyInfo)(nil),                // 11: coder.agentsocket.v1.DependencyInfo
+	(*SyncStatusResponse)(nil),            // 12: coder.agentsocket.v1.SyncStatusResponse
+	(*proto.UpdateAppStatusRequest)(nil),  // 13: coder.agent.v2.UpdateAppStatusRequest
+	(*proto.UpdateAppStatusResponse)(nil), // 14: coder.agent.v2.UpdateAppStatusResponse
 }
 var file_agent_agentsocket_proto_agentsocket_proto_depIdxs = []int32{
 	11, // 0: coder.agentsocket.v1.SyncStatusResponse.dependencies:type_name -> coder.agentsocket.v1.DependencyInfo
@@ -771,14 +782,16 @@ var file_agent_agentsocket_proto_agentsocket_proto_depIdxs = []int32{
 	6,  // 4: coder.agentsocket.v1.AgentSocket.SyncComplete:input_type -> coder.agentsocket.v1.SyncCompleteRequest
 	8,  // 5: coder.agentsocket.v1.AgentSocket.SyncReady:input_type -> coder.agentsocket.v1.SyncReadyRequest
 	10, // 6: coder.agentsocket.v1.AgentSocket.SyncStatus:input_type -> coder.agentsocket.v1.SyncStatusRequest
-	1,  // 7: coder.agentsocket.v1.AgentSocket.Ping:output_type -> coder.agentsocket.v1.PingResponse
-	3,  // 8: coder.agentsocket.v1.AgentSocket.SyncStart:output_type -> coder.agentsocket.v1.SyncStartResponse
-	5,  // 9: coder.agentsocket.v1.AgentSocket.SyncWant:output_type -> coder.agentsocket.v1.SyncWantResponse
-	7,  // 10: coder.agentsocket.v1.AgentSocket.SyncComplete:output_type -> coder.agentsocket.v1.SyncCompleteResponse
-	9,  // 11: coder.agentsocket.v1.AgentSocket.SyncReady:output_type -> coder.agentsocket.v1.SyncReadyResponse
-	12, // 12: coder.agentsocket.v1.AgentSocket.SyncStatus:output_type -> coder.agentsocket.v1.SyncStatusResponse
-	7,  // [7:13] is the sub-list for method output_type
-	1,  // [1:7] is the sub-list for method input_type
+	13, // 7: coder.agentsocket.v1.AgentSocket.UpdateAppStatus:input_type -> coder.agent.v2.UpdateAppStatusRequest
+	1,  // 8: coder.agentsocket.v1.AgentSocket.Ping:output_type -> coder.agentsocket.v1.PingResponse
+	3,  // 9: coder.agentsocket.v1.AgentSocket.SyncStart:output_type -> coder.agentsocket.v1.SyncStartResponse
+	5,  // 10: coder.agentsocket.v1.AgentSocket.SyncWant:output_type -> coder.agentsocket.v1.SyncWantResponse
+	7,  // 11: coder.agentsocket.v1.AgentSocket.SyncComplete:output_type -> coder.agentsocket.v1.SyncCompleteResponse
+	9,  // 12: coder.agentsocket.v1.AgentSocket.SyncReady:output_type -> coder.agentsocket.v1.SyncReadyResponse
+	12, // 13: coder.agentsocket.v1.AgentSocket.SyncStatus:output_type -> coder.agentsocket.v1.SyncStatusResponse
+	14, // 14: coder.agentsocket.v1.AgentSocket.UpdateAppStatus:output_type -> coder.agent.v2.UpdateAppStatusResponse
+	8,  // [8:15] is the sub-list for method output_type
+	1,  // [1:8] is the sub-list for method input_type
 	1,  // [1:1] is the sub-list for extension type_name
 	1,  // [1:1] is the sub-list for extension extendee
 	0,  // [0:1] is the sub-list for field type_name
@@ -3,6 +3,8 @@ option go_package = "github.com/coder/coder/v2/agent/agentsocket/proto";

 package coder.agentsocket.v1;

+import "agent/proto/agent.proto";
+
 message PingRequest {}

 message PingResponse {}
@@ -66,4 +68,6 @@ service AgentSocket {
  rpc SyncReady(SyncReadyRequest) returns (SyncReadyResponse);
  // Get the status of a unit and list its dependencies.
  rpc SyncStatus(SyncStatusRequest) returns (SyncStatusResponse);
+  // Update app status, forwarded to coderd.
+  rpc UpdateAppStatus(coder.agent.v2.UpdateAppStatusRequest) returns (coder.agent.v2.UpdateAppStatusResponse);
 }
@@ -7,6 +7,7 @@ package proto
 import (
 	context "context"
 	errors "errors"
+	proto1 "github.com/coder/coder/v2/agent/proto"
 	protojson "google.golang.org/protobuf/encoding/protojson"
 	proto "google.golang.org/protobuf/proto"
 	drpc "storj.io/drpc"
@@ -44,6 +45,7 @@ type DRPCAgentSocketClient interface {
 	SyncComplete(ctx context.Context, in *SyncCompleteRequest) (*SyncCompleteResponse, error)
 	SyncReady(ctx context.Context, in *SyncReadyRequest) (*SyncReadyResponse, error)
 	SyncStatus(ctx context.Context, in *SyncStatusRequest) (*SyncStatusResponse, error)
+	UpdateAppStatus(ctx context.Context, in *proto1.UpdateAppStatusRequest) (*proto1.UpdateAppStatusResponse, error)
 }

 type drpcAgentSocketClient struct {
@@ -110,6 +112,15 @@ func (c *drpcAgentSocketClient) SyncStatus(ctx context.Context, in *SyncStatusRe
 	return out, nil
 }

+func (c *drpcAgentSocketClient) UpdateAppStatus(ctx context.Context, in *proto1.UpdateAppStatusRequest) (*proto1.UpdateAppStatusResponse, error) {
+	out := new(proto1.UpdateAppStatusResponse)
+	err := c.cc.Invoke(ctx, "/coder.agentsocket.v1.AgentSocket/UpdateAppStatus", drpcEncoding_File_agent_agentsocket_proto_agentsocket_proto{}, in, out)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 type DRPCAgentSocketServer interface {
 	Ping(context.Context, *PingRequest) (*PingResponse, error)
 	SyncStart(context.Context, *SyncStartRequest) (*SyncStartResponse, error)
@@ -117,6 +128,7 @@ type DRPCAgentSocketServer interface {
 	SyncComplete(context.Context, *SyncCompleteRequest) (*SyncCompleteResponse, error)
 	SyncReady(context.Context, *SyncReadyRequest) (*SyncReadyResponse, error)
 	SyncStatus(context.Context, *SyncStatusRequest) (*SyncStatusResponse, error)
+	UpdateAppStatus(context.Context, *proto1.UpdateAppStatusRequest) (*proto1.UpdateAppStatusResponse, error)
 }

 type DRPCAgentSocketUnimplementedServer struct{}
@@ -145,9 +157,13 @@ func (s *DRPCAgentSocketUnimplementedServer) SyncStatus(context.Context, *SyncSt
 	return nil, drpcerr.WithCode(errors.New("Unimplemented"), drpcerr.Unimplemented)
 }

+func (s *DRPCAgentSocketUnimplementedServer) UpdateAppStatus(context.Context, *proto1.UpdateAppStatusRequest) (*proto1.UpdateAppStatusResponse, error) {
+	return nil, drpcerr.WithCode(errors.New("Unimplemented"), drpcerr.Unimplemented)
+}
+
 type DRPCAgentSocketDescription struct{}

-func (DRPCAgentSocketDescription) NumMethods() int { return 6 }
+func (DRPCAgentSocketDescription) NumMethods() int { return 7 }

 func (DRPCAgentSocketDescription) Method(n int) (string, drpc.Encoding, drpc.Receiver, interface{}, bool) {
 	switch n {
@@ -205,6 +221,15 @@ func (DRPCAgentSocketDescription) Method(n int) (string, drpc.Encoding, drpc.Rec
 						in1.(*SyncStatusRequest),
 					)
 			}, DRPCAgentSocketServer.SyncStatus, true
+	case 6:
+		return "/coder.agentsocket.v1.AgentSocket/UpdateAppStatus", drpcEncoding_File_agent_agentsocket_proto_agentsocket_proto{},
+			func(srv interface{}, ctx context.Context, in1, in2 interface{}) (drpc.Message, error) {
+				return srv.(DRPCAgentSocketServer).
+					UpdateAppStatus(
+						ctx,
+						in1.(*proto1.UpdateAppStatusRequest),
+					)
+			}, DRPCAgentSocketServer.UpdateAppStatus, true
 	default:
 		return "", nil, nil, nil, false
 	}
@@ -309,3 +334,19 @@ func (x *drpcAgentSocket_SyncStatusStream) SendAndClose(m *SyncStatusResponse) e
 	}
 	return x.CloseSend()
 }
+
+type DRPCAgentSocket_UpdateAppStatusStream interface {
+	drpc.Stream
+	SendAndClose(*proto1.UpdateAppStatusResponse) error
+}
+
+type drpcAgentSocket_UpdateAppStatusStream struct {
+	drpc.Stream
+}
+
+func (x *drpcAgentSocket_UpdateAppStatusStream) SendAndClose(m *proto1.UpdateAppStatusResponse) error {
+	if err := x.MsgSend(m, drpcEncoding_File_agent_agentsocket_proto_agentsocket_proto{}); err != nil {
+		return err
+	}
+	return x.CloseSend()
+}
@@ -8,10 +8,13 @@ import "github.com/coder/coder/v2/apiversion"
 //   - Initial release
 //   - Ping
 //   - Sync operations: SyncStart, SyncWant, SyncComplete, SyncWait, SyncStatus
+//
+// API v1.1:
+//   - UpdateAppStatus RPC (forwarded to coderd)

 const (
 	CurrentMajor = 1
-	CurrentMinor = 0
+	CurrentMinor = 1
 )

 var CurrentVersion = apiversion.New(CurrentMajor, CurrentMinor)
@@ -12,6 +12,7 @@ import (

 	"cdr.dev/slog/v3"
 	"github.com/coder/coder/v2/agent/agentsocket/proto"
+	agentproto "github.com/coder/coder/v2/agent/proto"
 	"github.com/coder/coder/v2/agent/unit"
 	"github.com/coder/coder/v2/codersdk/drpcsdk"
 )
@@ -120,6 +121,17 @@ func (s *Server) Close() error {
 	return nil
 }

+// SetAgentAPI sets the agent API client used to forward requests
+// to coderd.
+func (s *Server) SetAgentAPI(api agentproto.DRPCAgentClient28) {
+	s.service.SetAgentAPI(api)
+}
+
+// ClearAgentAPI clears the agent API client.
+func (s *Server) ClearAgentAPI() {
+	s.service.ClearAgentAPI()
+}
+
 func (s *Server) acceptConnections() {
 	// In an edge case, Close() might race with acceptConnections() and set s.listener to nil.
 	// Therefore, we grab a copy of the listener under a lock. We might still get a nil listener,
@@ -1,37 +1,22 @@
 package agentsocket_test

 import (
-	"context"
-	"path/filepath"
-	"runtime"
 	"testing"

-	"github.com/google/uuid"
-	"github.com/spf13/afero"
 	"github.com/stretchr/testify/require"

 	"cdr.dev/slog/v3"
-	"github.com/coder/coder/v2/agent"
 	"github.com/coder/coder/v2/agent/agentsocket"
-	"github.com/coder/coder/v2/agent/agenttest"
-	agentproto "github.com/coder/coder/v2/agent/proto"
-	"github.com/coder/coder/v2/codersdk/agentsdk"
-	"github.com/coder/coder/v2/tailnet"
-	"github.com/coder/coder/v2/tailnet/tailnettest"
 	"github.com/coder/coder/v2/testutil"
 )

 func TestServer(t *testing.T) {
 	t.Parallel()

-	if runtime.GOOS == "windows" {
-		t.Skip("agentsocket is not supported on Windows")
-	}
-
 	t.Run("StartStop", func(t *testing.T) {
 		t.Parallel()

-		socketPath := filepath.Join(t.TempDir(), "test.sock")
+		socketPath := testutil.AgentSocketPath(t)
 		logger := slog.Make().Leveled(slog.LevelDebug)
 		server, err := agentsocket.NewServer(logger, agentsocket.WithPath(socketPath))
 		require.NoError(t, err)
@@ -41,7 +26,7 @@ func TestServer(t *testing.T) {
 	t.Run("AlreadyStarted", func(t *testing.T) {
 		t.Parallel()

-		socketPath := filepath.Join(t.TempDir(), "test.sock")
+		socketPath := testutil.AgentSocketPath(t)
 		logger := slog.Make().Leveled(slog.LevelDebug)
 		server1, err := agentsocket.NewServer(logger, agentsocket.WithPath(socketPath))
 		require.NoError(t, err)
@@ -49,90 +34,4 @@ func TestServer(t *testing.T) {
 		_, err = agentsocket.NewServer(logger, agentsocket.WithPath(socketPath))
 		require.ErrorContains(t, err, "create socket")
 	})
-
-	t.Run("AutoSocketPath", func(t *testing.T) {
-		t.Parallel()
-
-		socketPath := filepath.Join(t.TempDir(), "test.sock")
-		logger := slog.Make().Leveled(slog.LevelDebug)
-		server, err := agentsocket.NewServer(logger, agentsocket.WithPath(socketPath))
-		require.NoError(t, err)
-		require.NoError(t, server.Close())
-	})
-}
-
-func TestServerWindowsNotSupported(t *testing.T) {
-	t.Parallel()
-
-	if runtime.GOOS != "windows" {
-		t.Skip("this test only runs on Windows")
-	}
-
-	t.Run("NewServer", func(t *testing.T) {
-		t.Parallel()
-
-		socketPath := filepath.Join(t.TempDir(), "test.sock")
-		logger := slog.Make().Leveled(slog.LevelDebug)
-		_, err := agentsocket.NewServer(logger, agentsocket.WithPath(socketPath))
-		require.ErrorContains(t, err, "agentsocket is not supported on Windows")
-	})
-
-	t.Run("NewClient", func(t *testing.T) {
-		t.Parallel()
-
-		_, err := agentsocket.NewClient(context.Background(), agentsocket.WithPath("test.sock"))
-		require.ErrorContains(t, err, "agentsocket is not supported on Windows")
-	})
-}
-
-func TestAgentInitializesOnWindowsWithoutSocketServer(t *testing.T) {
-	t.Parallel()
-
-	if runtime.GOOS != "windows" {
-		t.Skip("this test only runs on Windows")
-	}
-
-	ctx := testutil.Context(t, testutil.WaitShort)
-	logger := testutil.Logger(t).Named("agent")
-
-	derpMap, _ := tailnettest.RunDERPAndSTUN(t)
-
-	coordinator := tailnet.NewCoordinator(logger)
-	t.Cleanup(func() {
-		_ = coordinator.Close()
-	})
-
-	statsCh := make(chan *agentproto.Stats, 50)
-	agentID := uuid.New()
-	manifest := agentsdk.Manifest{
-		AgentID:       agentID,
-		AgentName:     "test-agent",
-		WorkspaceName: "test-workspace",
-		OwnerName:     "test-user",
-		WorkspaceID:   uuid.New(),
-		DERPMap:       derpMap,
-	}
-
-	client := agenttest.NewClient(t, logger.Named("agenttest"), agentID, manifest, statsCh, coordinator)
-	t.Cleanup(client.Close)
-
-	options := agent.Options{
-		Client:                 client,
-		Filesystem:             afero.NewMemMapFs(),
-		Logger:                 logger.Named("agent"),
-		ReconnectingPTYTimeout: testutil.WaitShort,
-		EnvironmentVariables:   map[string]string{},
-		SocketPath:             "",
-	}
-
-	agnt := agent.New(options)
-	t.Cleanup(func() {
-		_ = agnt.Close()
-	})
-
-	startup := testutil.TryReceive(ctx, t, client.GetStartup())
-	require.NotNil(t, startup, "agent should send startup message")
-
-	err := agnt.Close()
-	require.NoError(t, err, "agent should close cleanly")
 }
@@ -3,22 +3,46 @@ package agentsocket
 import (
 	"context"
 	"errors"
+	"sync"

 	"golang.org/x/xerrors"

 	"cdr.dev/slog/v3"
 	"github.com/coder/coder/v2/agent/agentsocket/proto"
+	agentproto "github.com/coder/coder/v2/agent/proto"
 	"github.com/coder/coder/v2/agent/unit"
 )

 var _ proto.DRPCAgentSocketServer = (*DRPCAgentSocketService)(nil)

-var ErrUnitManagerNotAvailable = xerrors.New("unit manager not available")
+var (
+	ErrUnitManagerNotAvailable = xerrors.New("unit manager not available")
+	ErrAgentAPINotConnected    = xerrors.New("agent not connected to coderd")
+)

 // DRPCAgentSocketService implements the DRPC agent socket service.
 type DRPCAgentSocketService struct {
 	unitManager *unit.Manager
 	logger      slog.Logger
+
+	mu       sync.Mutex
+	agentAPI agentproto.DRPCAgentClient28
+}
+
+// SetAgentAPI sets the agent API client used to forward requests
+// to coderd. This is called when the agent connects to coderd.
+func (s *DRPCAgentSocketService) SetAgentAPI(api agentproto.DRPCAgentClient28) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	s.agentAPI = api
+}
+
+// ClearAgentAPI clears the agent API client. This is called when
+// the agent disconnects from coderd.
+func (s *DRPCAgentSocketService) ClearAgentAPI() {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	s.agentAPI = nil
 }

 // Ping responds to a ping request to check if the service is alive.
@@ -150,3 +174,16 @@ func (s *DRPCAgentSocketService) SyncStatus(_ context.Context, req *proto.SyncSt
 		Dependencies: depInfos,
 	}, nil
 }
+
+// UpdateAppStatus forwards an app status update to coderd via the
+// agent API. Returns an error if the agent is not connected.
+func (s *DRPCAgentSocketService) UpdateAppStatus(ctx context.Context, req *agentproto.UpdateAppStatusRequest) (*agentproto.UpdateAppStatusResponse, error) {
+	s.mu.Lock()
+	api := s.agentAPI
+	s.mu.Unlock()
+
+	if api == nil {
+		return nil, ErrAgentAPINotConnected
+	}
+	return api.UpdateAppStatus(ctx, req)
+}
@@ -2,18 +2,29 @@ package agentsocket_test

 import (
 	"context"
-	"path/filepath"
-	"runtime"
 	"testing"

 	"github.com/stretchr/testify/require"
+	"golang.org/x/xerrors"

 	"cdr.dev/slog/v3"
 	"github.com/coder/coder/v2/agent/agentsocket"
+	agentproto "github.com/coder/coder/v2/agent/proto"
 	"github.com/coder/coder/v2/agent/unit"
 	"github.com/coder/coder/v2/testutil"
 )

+// fakeAgentAPI implements just the UpdateAppStatus method of
+// DRPCAgentClient28 for testing. Calling any other method will panic.
+type fakeAgentAPI struct {
+	agentproto.DRPCAgentClient28
+	updateAppStatus func(context.Context, *agentproto.UpdateAppStatusRequest) (*agentproto.UpdateAppStatusResponse, error)
+}
+
+func (m *fakeAgentAPI) UpdateAppStatus(ctx context.Context, req *agentproto.UpdateAppStatusRequest) (*agentproto.UpdateAppStatusResponse, error) {
+	return m.updateAppStatus(ctx, req)
+}
+
 // newSocketClient creates a DRPC client connected to the Unix socket at the given path.
 func newSocketClient(ctx context.Context, t *testing.T, socketPath string) *agentsocket.Client {
 	t.Helper()
@@ -30,14 +41,10 @@ func newSocketClient(ctx context.Context, t *testing.T, socketPath string) *agen
 func TestDRPCAgentSocketService(t *testing.T) {
 	t.Parallel()

-	if runtime.GOOS == "windows" {
-		t.Skip("agentsocket is not supported on Windows")
-	}
-
 	t.Run("Ping", func(t *testing.T) {
 		t.Parallel()

-		socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "test.sock")
+		socketPath := testutil.AgentSocketPath(t)
 		ctx := testutil.Context(t, testutil.WaitShort)
 		server, err := agentsocket.NewServer(
 			slog.Make().Leveled(slog.LevelDebug),
@@ -57,7 +64,7 @@ func TestDRPCAgentSocketService(t *testing.T) {

 		t.Run("NewUnit", func(t *testing.T) {
 			t.Parallel()
-			socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "test.sock")
+			socketPath := testutil.AgentSocketPath(t)
 			ctx := testutil.Context(t, testutil.WaitShort)
 			server, err := agentsocket.NewServer(
 				slog.Make().Leveled(slog.LevelDebug),
@@ -79,7 +86,7 @@ func TestDRPCAgentSocketService(t *testing.T) {
 		t.Run("UnitAlreadyStarted", func(t *testing.T) {
 			t.Parallel()

-			socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "test.sock")
+			socketPath := testutil.AgentSocketPath(t)
 			ctx := testutil.Context(t, testutil.WaitShort)
 			server, err := agentsocket.NewServer(
 				slog.Make().Leveled(slog.LevelDebug),
@@ -109,7 +116,7 @@ func TestDRPCAgentSocketService(t *testing.T) {
 		t.Run("UnitAlreadyCompleted", func(t *testing.T) {
 			t.Parallel()

-			socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "test.sock")
+			socketPath := testutil.AgentSocketPath(t)
 			ctx := testutil.Context(t, testutil.WaitShort)
 			server, err := agentsocket.NewServer(
 				slog.Make().Leveled(slog.LevelDebug),
@@ -148,7 +155,7 @@ func TestDRPCAgentSocketService(t *testing.T) {
 		t.Run("UnitNotReady", func(t *testing.T) {
 			t.Parallel()

-			socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "test.sock")
+			socketPath := testutil.AgentSocketPath(t)
 			ctx := testutil.Context(t, testutil.WaitShort)
 			server, err := agentsocket.NewServer(
 				slog.Make().Leveled(slog.LevelDebug),
@@ -178,7 +185,7 @@ func TestDRPCAgentSocketService(t *testing.T) {
 		t.Run("NewUnits", func(t *testing.T) {
 			t.Parallel()

-			socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "test.sock")
+			socketPath := testutil.AgentSocketPath(t)
 			ctx := testutil.Context(t, testutil.WaitShort)
 			server, err := agentsocket.NewServer(
 				slog.Make().Leveled(slog.LevelDebug),
@@ -203,7 +210,7 @@ func TestDRPCAgentSocketService(t *testing.T) {
 		t.Run("DependencyAlreadyRegistered", func(t *testing.T) {
 			t.Parallel()

-			socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "test.sock")
+			socketPath := testutil.AgentSocketPath(t)
 			ctx := testutil.Context(t, testutil.WaitShort)
 			server, err := agentsocket.NewServer(
 				slog.Make().Leveled(slog.LevelDebug),
@@ -238,7 +245,7 @@ func TestDRPCAgentSocketService(t *testing.T) {
 		t.Run("DependencyAddedAfterDependentStarted", func(t *testing.T) {
 			t.Parallel()

-			socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "test.sock")
+			socketPath := testutil.AgentSocketPath(t)
 			ctx := testutil.Context(t, testutil.WaitShort)
 			server, err := agentsocket.NewServer(
 				slog.Make().Leveled(slog.LevelDebug),
@@ -280,7 +287,7 @@ func TestDRPCAgentSocketService(t *testing.T) {
 		t.Run("UnregisteredUnit", func(t *testing.T) {
 			t.Parallel()

-			socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "test.sock")
+			socketPath := testutil.AgentSocketPath(t)
 			ctx := testutil.Context(t, testutil.WaitShort)
 			server, err := agentsocket.NewServer(
 				slog.Make().Leveled(slog.LevelDebug),
@@ -299,7 +306,7 @@ func TestDRPCAgentSocketService(t *testing.T) {
 		t.Run("UnitNotReady", func(t *testing.T) {
 			t.Parallel()

-			socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "test.sock")
+			socketPath := testutil.AgentSocketPath(t)
 			ctx := testutil.Context(t, testutil.WaitShort)
 			server, err := agentsocket.NewServer(
 				slog.Make().Leveled(slog.LevelDebug),
@@ -323,7 +330,7 @@ func TestDRPCAgentSocketService(t *testing.T) {
 		t.Run("UnitReady", func(t *testing.T) {
 			t.Parallel()

-			socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "test.sock")
+			socketPath := testutil.AgentSocketPath(t)
 			ctx := testutil.Context(t, testutil.WaitShort)
 			server, err := agentsocket.NewServer(
 				slog.Make().Leveled(slog.LevelDebug),
@@ -357,4 +364,128 @@ func TestDRPCAgentSocketService(t *testing.T) {
 			require.True(t, ready)
 		})
 	})
+
+	t.Run("UpdateAppStatus", func(t *testing.T) {
+		t.Parallel()
+
+		t.Run("NotConnected", func(t *testing.T) {
+			t.Parallel()
+
+			socketPath := testutil.AgentSocketPath(t)
+			ctx := testutil.Context(t, testutil.WaitShort)
+			server, err := agentsocket.NewServer(
+				slog.Make().Leveled(slog.LevelDebug),
+				agentsocket.WithPath(socketPath),
+			)
+			require.NoError(t, err)
+			defer server.Close()
+
+			client := newSocketClient(ctx, t, socketPath)
+
+			_, err = client.UpdateAppStatus(ctx, &agentproto.UpdateAppStatusRequest{
+				Slug:    "test-app",
+				State:   agentproto.UpdateAppStatusRequest_WORKING,
+				Message: "doing stuff",
+			})
+			require.ErrorContains(t, err, "not connected")
+		})
+
+		t.Run("ForwardsToAgentAPI", func(t *testing.T) {
+			t.Parallel()
+
+			socketPath := testutil.AgentSocketPath(t)
+			ctx := testutil.Context(t, testutil.WaitShort)
+			server, err := agentsocket.NewServer(
+				slog.Make().Leveled(slog.LevelDebug),
+				agentsocket.WithPath(socketPath),
+			)
+			require.NoError(t, err)
+			defer server.Close()
+
+			var gotReq *agentproto.UpdateAppStatusRequest
+			mock := &fakeAgentAPI{
+				updateAppStatus: func(_ context.Context, req *agentproto.UpdateAppStatusRequest) (*agentproto.UpdateAppStatusResponse, error) {
+					gotReq = req
+					return &agentproto.UpdateAppStatusResponse{}, nil
+				},
+			}
+			server.SetAgentAPI(mock)
+
+			client := newSocketClient(ctx, t, socketPath)
+
+			resp, err := client.UpdateAppStatus(ctx, &agentproto.UpdateAppStatusRequest{
+				Slug:    "test-app",
+				State:   agentproto.UpdateAppStatusRequest_IDLE,
+				Message: "all done",
+				Uri:     "https://example.com",
+			})
+			require.NoError(t, err)
+			require.NotNil(t, resp)
+
+			require.NotNil(t, gotReq)
+			require.Equal(t, "test-app", gotReq.Slug)
+			require.Equal(t, agentproto.UpdateAppStatusRequest_IDLE, gotReq.State)
+			require.Equal(t, "all done", gotReq.Message)
+			require.Equal(t, "https://example.com", gotReq.Uri)
+		})
+
+		t.Run("ForwardsError", func(t *testing.T) {
+			t.Parallel()
+
+			socketPath := testutil.AgentSocketPath(t)
+			ctx := testutil.Context(t, testutil.WaitShort)
+			server, err := agentsocket.NewServer(
+				slog.Make().Leveled(slog.LevelDebug),
+				agentsocket.WithPath(socketPath),
+			)
+			require.NoError(t, err)
+			defer server.Close()
+
+			mock := &fakeAgentAPI{
+				updateAppStatus: func(context.Context, *agentproto.UpdateAppStatusRequest) (*agentproto.UpdateAppStatusResponse, error) {
+					return nil, xerrors.New("app not found")
+				},
+			}
+			server.SetAgentAPI(mock)
+
+			client := newSocketClient(ctx, t, socketPath)
+
+			_, err = client.UpdateAppStatus(ctx, &agentproto.UpdateAppStatusRequest{
+				Slug:    "nonexistent",
+				State:   agentproto.UpdateAppStatusRequest_WORKING,
+				Message: "testing",
+			})
+			require.ErrorContains(t, err, "app not found")
+		})
+
+		t.Run("ClearAgentAPI", func(t *testing.T) {
+			t.Parallel()
+
+			socketPath := testutil.AgentSocketPath(t)
+			ctx := testutil.Context(t, testutil.WaitShort)
+			server, err := agentsocket.NewServer(
+				slog.Make().Leveled(slog.LevelDebug),
+				agentsocket.WithPath(socketPath),
+			)
+			require.NoError(t, err)
+			defer server.Close()
+
+			mock := &fakeAgentAPI{
+				updateAppStatus: func(context.Context, *agentproto.UpdateAppStatusRequest) (*agentproto.UpdateAppStatusResponse, error) {
+					return &agentproto.UpdateAppStatusResponse{}, nil
+				},
+			}
+			server.SetAgentAPI(mock)
+			server.ClearAgentAPI()
+
+			client := newSocketClient(ctx, t, socketPath)
+
+			_, err = client.UpdateAppStatus(ctx, &agentproto.UpdateAppStatusRequest{
+				Slug:    "test-app",
+				State:   agentproto.UpdateAppStatusRequest_WORKING,
+				Message: "should fail",
+			})
+			require.ErrorContains(t, err, "not connected")
+		})
+	})
 }
@@ -4,19 +4,60 @@ package agentsocket

 import (
 	"context"
+	"fmt"
 	"net"
+	"os"
+	"os/user"
+	"strings"

+	"github.com/Microsoft/go-winio"
 	"golang.org/x/xerrors"
 )

-func createSocket(_ string) (net.Listener, error) {
-	return nil, xerrors.New("agentsocket is not supported on Windows")
+const defaultSocketPath = `\\.\pipe\com.coder.agentsocket`
+
+func createSocket(path string) (net.Listener, error) {
+	if path == "" {
+		path = defaultSocketPath
+	}
+	if !strings.HasPrefix(path, `\\.\pipe\`) {
+		return nil, xerrors.Errorf("%q is not a valid local socket path", path)
+	}
+
+	user, err := user.Current()
+	if err != nil {
+		return nil, fmt.Errorf("unable to look up current user: %w", err)
+	}
+	sid := user.Uid
+
+	// SecurityDescriptor is in SDDL format. c.f.
+	// https://learn.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-string-format for full details.
+	// D: indicates this is a Discretionary Access Control List (DACL), which is Windows-speak for ACLs that allow or
+	// deny access (as opposed to SACL which controls audit logging).
+	// P indicates that this DACL is "protected" from being modified thru inheritance
+	// () delimit access control entries (ACEs), here we only have one, which, allows (A) generic all (GA) access to our
+	// specific user's security ID (SID).
+	//
+	// Note that although Microsoft docs at https://learn.microsoft.com/en-us/windows/win32/ipc/named-pipes warns that
+	// named pipes are accessible from remote machines in the general case, the `winio` package sets the flag
+	// windows.FILE_PIPE_REJECT_REMOTE_CLIENTS when creating pipes, so connections from remote machines are always
+	// denied. This is important because we sort of expect customers to run the Coder agent under a generic user
+	// account unless they are very sophisticated. We don't want this socket to cross the boundary of the local machine.
+	configuration := &winio.PipeConfig{
+		SecurityDescriptor: fmt.Sprintf("D:P(A;;GA;;;%s)", sid),
+	}
+
+	listener, err := winio.ListenPipe(path, configuration)
+	if err != nil {
+		return nil, xerrors.Errorf("failed to open named pipe: %w", err)
+	}
+	return listener, nil
 }

-func cleanupSocket(_ string) error {
-	return nil
+func cleanupSocket(path string) error {
+	return os.Remove(path)
 }

-func dialSocket(_ context.Context, _ string) (net.Conn, error) {
-	return nil, xerrors.New("agentsocket is not supported on Windows")
+func dialSocket(ctx context.Context, path string) (net.Conn, error) {
+	return winio.DialPipeContext(ctx, path)
 }
@@ -110,6 +110,11 @@ type Config struct {
 	// X11DisplayOffset is the offset to add to the X11 display number.
 	// Default is 10.
 	X11DisplayOffset *int
+	// X11MaxPort overrides the highest port used for X11 forwarding
+	// listeners. Defaults to X11MaxPort (6200). Useful in tests
+	// to shrink the port range and reduce the number of sessions
+	// required.
+	X11MaxPort *int
 	// BlockFileTransfer restricts use of file transfer applications.
 	BlockFileTransfer bool
 	// ReportConnection.
@@ -158,6 +163,10 @@ func NewServer(ctx context.Context, logger slog.Logger, prometheusRegistry *prom
 		offset := X11DefaultDisplayOffset
 		config.X11DisplayOffset = &offset
 	}
+	if config.X11MaxPort == nil {
+		maxPort := X11MaxPort
+		config.X11MaxPort = &maxPort
+	}
 	if config.UpdateEnv == nil {
 		config.UpdateEnv = func(current []string) ([]string, error) { return current, nil }
 	}
@@ -201,6 +210,7 @@ func NewServer(ctx context.Context, logger slog.Logger, prometheusRegistry *prom
 			x11HandlerErrors: metrics.x11HandlerErrors,
 			fs:               fs,
 			displayOffset:    *config.X11DisplayOffset,
+			maxPort:          *config.X11MaxPort,
 			sessions:         make(map[*x11Session]struct{}),
 			connections:      make(map[net.Conn]struct{}),
 			network: func() X11Network {
@@ -57,6 +57,7 @@ type x11Forwarder struct {
 	x11HandlerErrors *prometheus.CounterVec
 	fs               afero.Fs
 	displayOffset    int
+	maxPort          int

 	// network creates X11 listener sockets. Defaults to osNet{}.
 	network X11Network
@@ -314,7 +315,7 @@ func (x *x11Forwarder) evictLeastRecentlyUsedSession() {
 // the next available port starting from X11StartPort and displayOffset.
 func (x *x11Forwarder) createX11Listener(ctx context.Context) (ln net.Listener, display int, err error) {
 	// Look for an open port to listen on.
-	for port := X11StartPort + x.displayOffset; port <= X11MaxPort; port++ {
+	for port := X11StartPort + x.displayOffset; port <= x.maxPort; port++ {
 		if ctx.Err() != nil {
 			return nil, -1, ctx.Err()
 		}
@@ -142,8 +142,13 @@ func TestServer_X11_EvictionLRU(t *testing.T) {
 	// Use in-process networking for X11 forwarding.
 	inproc := testutil.NewInProcNet()

+	// Limit port range so we only need a handful of sessions to fill it
+	// (the default 190 ports may easily timeout or conflict with other
+	// ports on the system).
+	maxPort := agentssh.X11StartPort + agentssh.X11DefaultDisplayOffset + 5
 	cfg := &agentssh.Config{
-		X11Net: inproc,
+		X11Net:     inproc,
+		X11MaxPort: &maxPort,
 	}

 	s, err := agentssh.NewServer(ctx, logger, prometheus.NewRegistry(), fs, agentexec.DefaultExecer, cfg)
@@ -172,7 +177,7 @@ func TestServer_X11_EvictionLRU(t *testing.T) {
 	// configured port range.

 	startPort := agentssh.X11StartPort + agentssh.X11DefaultDisplayOffset
-	maxSessions := agentssh.X11MaxPort - startPort + 1 - 1 // -1 for the blocked port
+	maxSessions := maxPort - startPort + 1 - 1 // -1 for the blocked port
 	require.Greater(t, maxSessions, 0, "expected a positive maxSessions value")

 	// shellSession holds references to the session and its standard streams so
@@ -24,6 +24,7 @@ func New(t testing.TB, coderURL *url.URL, agentToken string, opts ...func(*agent
 	var o agent.Options
 	log := testutil.Logger(t).Named("agent")
 	o.Logger = log
+	o.SocketPath = testutil.AgentSocketPath(t)

 	for _, opt := range opts {
 		opt(&o)
@@ -124,8 +124,14 @@ func (c *Client) Close() {
 	c.derpMapOnce.Do(func() { close(c.derpMapUpdates) })
 }

-func (c *Client) ConnectRPC29(ctx context.Context) (
-	agentproto.DRPCAgentClient29, proto.DRPCTailnetClient28, error,
+func (c *Client) ConnectRPC28WithRole(ctx context.Context, _ string) (
+	agentproto.DRPCAgentClient28, proto.DRPCTailnetClient28, error,
+) {
+	return c.ConnectRPC28(ctx)
+}
+
+func (c *Client) ConnectRPC28(ctx context.Context) (
+	agentproto.DRPCAgentClient28, proto.DRPCTailnetClient28, error,
 ) {
 	conn, lis := drpcsdk.MemTransportPipe()
 	c.LastWorkspaceAgent = func() {
@@ -229,6 +235,10 @@ type FakeAgentAPI struct {
 	pushResourcesMonitoringUsageFunc        func(*agentproto.PushResourcesMonitoringUsageRequest) (*agentproto.PushResourcesMonitoringUsageResponse, error)
 }

+func (*FakeAgentAPI) UpdateAppStatus(context.Context, *agentproto.UpdateAppStatusRequest) (*agentproto.UpdateAppStatusResponse, error) {
+	panic("unimplemented")
+}
+
 func (f *FakeAgentAPI) GetManifest(context.Context, *agentproto.GetManifestRequest) (*agentproto.Manifest, error) {
 	return f.manifest, nil
 }
@@ -408,9 +418,6 @@ func (f *FakeAgentAPI) ReportConnection(_ context.Context, req *agentproto.Repor
 func (*FakeAgentAPI) ReportBoundaryLogs(_ context.Context, _ *agentproto.ReportBoundaryLogsRequest) (*agentproto.ReportBoundaryLogsResponse, error) {
 	return &agentproto.ReportBoundaryLogsResponse{}, nil
 }
-func (*FakeAgentAPI) ReportRestart(_ context.Context, _ *agentproto.ReportRestartRequest) (*agentproto.ReportRestartResponse, error) {
-	return &agentproto.ReportRestartResponse{}, nil
-}

 func (f *FakeAgentAPI) GetConnectionReports() []*agentproto.ReportConnectionRequest {
 	f.Lock()
@@ -28,6 +28,9 @@ func (a *agent) apiHandler() http.Handler {
 	})

 	r.Mount("/api/v0", a.filesAPI.Routes())
+	r.Mount("/api/v0/git", a.gitAPI.Routes())
+	r.Mount("/api/v0/processes", a.processAPI.Routes())
+	r.Mount("/api/v0/desktop", a.desktopAPI.Routes())

 	if a.devcontainers {
 		r.Mount("/api/v0/containers", a.containerAPI.Routes())
@@ -10,6 +10,7 @@ import (
 	"testing"

 	"github.com/google/uuid"
+	"github.com/prometheus/client_golang/prometheus"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/timestamppb"
@@ -69,7 +70,7 @@ func TestBoundaryLogs_EndToEnd(t *testing.T) {
 	t.Parallel()

 	socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "boundary.sock")
-	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath)
+	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath, prometheus.NewRegistry())

 	err := srv.Start()
 	require.NoError(t, err)
@@ -0,0 +1,286 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        v4.23.4
+// source: agent/boundarylogproxy/codec/boundary.proto
+
+package codec
+
+import (
+	proto "github.com/coder/coder/v2/agent/proto"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// BoundaryMessage is the envelope for all TagV2 messages sent over the
+// boundary <-> agent unix socket. TagV1 carries a bare
+// ReportBoundaryLogsRequest for backwards compatibility; TagV2 wraps
+// everything in this envelope so the protocol can be extended with new
+// message types without adding more tags.
+type BoundaryMessage struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Msg:
+	//
+	//	*BoundaryMessage_Logs
+	//	*BoundaryMessage_Status
+	Msg isBoundaryMessage_Msg `protobuf_oneof:"msg"`
+}
+
+func (x *BoundaryMessage) Reset() {
+	*x = BoundaryMessage{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_agent_boundarylogproxy_codec_boundary_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *BoundaryMessage) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*BoundaryMessage) ProtoMessage() {}
+
+func (x *BoundaryMessage) ProtoReflect() protoreflect.Message {
+	mi := &file_agent_boundarylogproxy_codec_boundary_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use BoundaryMessage.ProtoReflect.Descriptor instead.
+func (*BoundaryMessage) Descriptor() ([]byte, []int) {
+	return file_agent_boundarylogproxy_codec_boundary_proto_rawDescGZIP(), []int{0}
+}
+
+func (m *BoundaryMessage) GetMsg() isBoundaryMessage_Msg {
+	if m != nil {
+		return m.Msg
+	}
+	return nil
+}
+
+func (x *BoundaryMessage) GetLogs() *proto.ReportBoundaryLogsRequest {
+	if x, ok := x.GetMsg().(*BoundaryMessage_Logs); ok {
+		return x.Logs
+	}
+	return nil
+}
+
+func (x *BoundaryMessage) GetStatus() *BoundaryStatus {
+	if x, ok := x.GetMsg().(*BoundaryMessage_Status); ok {
+		return x.Status
+	}
+	return nil
+}
+
+type isBoundaryMessage_Msg interface {
+	isBoundaryMessage_Msg()
+}
+
+type BoundaryMessage_Logs struct {
+	Logs *proto.ReportBoundaryLogsRequest `protobuf:"bytes,1,opt,name=logs,proto3,oneof"`
+}
+
+type BoundaryMessage_Status struct {
+	Status *BoundaryStatus `protobuf:"bytes,2,opt,name=status,proto3,oneof"`
+}
+
+func (*BoundaryMessage_Logs) isBoundaryMessage_Msg() {}
+
+func (*BoundaryMessage_Status) isBoundaryMessage_Msg() {}
+
+// BoundaryStatus carries operational metadata from boundary to the agent.
+// The agent records these values as Prometheus metrics. This message is
+// never forwarded to coderd.
+type BoundaryStatus struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Logs dropped because boundary's internal channel buffer was full.
+	DroppedChannelFull int64 `protobuf:"varint,1,opt,name=dropped_channel_full,json=droppedChannelFull,proto3" json:"dropped_channel_full,omitempty"`
+	// Logs dropped because boundary's batch buffer was full after a
+	// failed flush attempt.
+	DroppedBatchFull int64 `protobuf:"varint,2,opt,name=dropped_batch_full,json=droppedBatchFull,proto3" json:"dropped_batch_full,omitempty"`
+}
+
+func (x *BoundaryStatus) Reset() {
+	*x = BoundaryStatus{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_agent_boundarylogproxy_codec_boundary_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *BoundaryStatus) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*BoundaryStatus) ProtoMessage() {}
+
+func (x *BoundaryStatus) ProtoReflect() protoreflect.Message {
+	mi := &file_agent_boundarylogproxy_codec_boundary_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use BoundaryStatus.ProtoReflect.Descriptor instead.
+func (*BoundaryStatus) Descriptor() ([]byte, []int) {
+	return file_agent_boundarylogproxy_codec_boundary_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *BoundaryStatus) GetDroppedChannelFull() int64 {
+	if x != nil {
+		return x.DroppedChannelFull
+	}
+	return 0
+}
+
+func (x *BoundaryStatus) GetDroppedBatchFull() int64 {
+	if x != nil {
+		return x.DroppedBatchFull
+	}
+	return 0
+}
+
+var File_agent_boundarylogproxy_codec_boundary_proto protoreflect.FileDescriptor
+
+var file_agent_boundarylogproxy_codec_boundary_proto_rawDesc = []byte{
+	0x0a, 0x2b, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79,
+	0x6c, 0x6f, 0x67, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x63, 0x2f, 0x62,
+	0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1f, 0x63,
+	0x6f, 0x64, 0x65, 0x72, 0x2e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x63, 0x2e, 0x76, 0x31, 0x1a, 0x17,
+	0x61, 0x67, 0x65, 0x6e, 0x74, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x61, 0x67, 0x65, 0x6e,
+	0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa4, 0x01, 0x0a, 0x0f, 0x42, 0x6f, 0x75, 0x6e,
+	0x64, 0x61, 0x72, 0x79, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x3f, 0x0a, 0x04, 0x6c,
+	0x6f, 0x67, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x63, 0x6f, 0x64, 0x65,
+	0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x65, 0x70, 0x6f, 0x72,
+	0x74, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x4c, 0x6f, 0x67, 0x73, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x04, 0x6c, 0x6f, 0x67, 0x73, 0x12, 0x49, 0x0a, 0x06,
+	0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x63,
+	0x6f, 0x64, 0x65, 0x72, 0x2e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x63, 0x2e, 0x76, 0x31, 0x2e, 0x42,
+	0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x48, 0x00, 0x52,
+	0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x42, 0x05, 0x0a, 0x03, 0x6d, 0x73, 0x67, 0x22, 0x70,
+	0x0a, 0x0e, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
+	0x12, 0x30, 0x0a, 0x14, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x63, 0x68, 0x61, 0x6e,
+	0x6e, 0x65, 0x6c, 0x5f, 0x66, 0x75, 0x6c, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x12,
+	0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x43, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x46, 0x75,
+	0x6c, 0x6c, 0x12, 0x2c, 0x0a, 0x12, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x62, 0x61,
+	0x74, 0x63, 0x68, 0x5f, 0x66, 0x75, 0x6c, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10,
+	0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x42, 0x61, 0x74, 0x63, 0x68, 0x46, 0x75, 0x6c, 0x6c,
+	0x42, 0x38, 0x5a, 0x36, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63,
+	0x6f, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x67,
+	0x65, 0x6e, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, 0x70,
+	0x72, 0x6f, 0x78, 0x79, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x63, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
+}
+
+var (
+	file_agent_boundarylogproxy_codec_boundary_proto_rawDescOnce sync.Once
+	file_agent_boundarylogproxy_codec_boundary_proto_rawDescData = file_agent_boundarylogproxy_codec_boundary_proto_rawDesc
+)
+
+func file_agent_boundarylogproxy_codec_boundary_proto_rawDescGZIP() []byte {
+	file_agent_boundarylogproxy_codec_boundary_proto_rawDescOnce.Do(func() {
+		file_agent_boundarylogproxy_codec_boundary_proto_rawDescData = protoimpl.X.CompressGZIP(file_agent_boundarylogproxy_codec_boundary_proto_rawDescData)
+	})
+	return file_agent_boundarylogproxy_codec_boundary_proto_rawDescData
+}
+
+var file_agent_boundarylogproxy_codec_boundary_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_agent_boundarylogproxy_codec_boundary_proto_goTypes = []interface{}{
+	(*BoundaryMessage)(nil),                 // 0: coder.boundarylogproxy.codec.v1.BoundaryMessage
+	(*BoundaryStatus)(nil),                  // 1: coder.boundarylogproxy.codec.v1.BoundaryStatus
+	(*proto.ReportBoundaryLogsRequest)(nil), // 2: coder.agent.v2.ReportBoundaryLogsRequest
+}
+var file_agent_boundarylogproxy_codec_boundary_proto_depIdxs = []int32{
+	2, // 0: coder.boundarylogproxy.codec.v1.BoundaryMessage.logs:type_name -> coder.agent.v2.ReportBoundaryLogsRequest
+	1, // 1: coder.boundarylogproxy.codec.v1.BoundaryMessage.status:type_name -> coder.boundarylogproxy.codec.v1.BoundaryStatus
+	2, // [2:2] is the sub-list for method output_type
+	2, // [2:2] is the sub-list for method input_type
+	2, // [2:2] is the sub-list for extension type_name
+	2, // [2:2] is the sub-list for extension extendee
+	0, // [0:2] is the sub-list for field type_name
+}
+
+func init() { file_agent_boundarylogproxy_codec_boundary_proto_init() }
+func file_agent_boundarylogproxy_codec_boundary_proto_init() {
+	if File_agent_boundarylogproxy_codec_boundary_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_agent_boundarylogproxy_codec_boundary_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*BoundaryMessage); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_agent_boundarylogproxy_codec_boundary_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*BoundaryStatus); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_agent_boundarylogproxy_codec_boundary_proto_msgTypes[0].OneofWrappers = []interface{}{
+		(*BoundaryMessage_Logs)(nil),
+		(*BoundaryMessage_Status)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_agent_boundarylogproxy_codec_boundary_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_agent_boundarylogproxy_codec_boundary_proto_goTypes,
+		DependencyIndexes: file_agent_boundarylogproxy_codec_boundary_proto_depIdxs,
+		MessageInfos:      file_agent_boundarylogproxy_codec_boundary_proto_msgTypes,
+	}.Build()
+	File_agent_boundarylogproxy_codec_boundary_proto = out.File
+	file_agent_boundarylogproxy_codec_boundary_proto_rawDesc = nil
+	file_agent_boundarylogproxy_codec_boundary_proto_goTypes = nil
+	file_agent_boundarylogproxy_codec_boundary_proto_depIdxs = nil
+}
@@ -0,0 +1,29 @@
+syntax = "proto3";
+option go_package = "github.com/coder/coder/v2/agent/boundarylogproxy/codec";
+
+package coder.boundarylogproxy.codec.v1;
+
+import "agent/proto/agent.proto";
+
+// BoundaryMessage is the envelope for all TagV2 messages sent over the
+// boundary <-> agent unix socket. TagV1 carries a bare
+// ReportBoundaryLogsRequest for backwards compatibility; TagV2 wraps
+// everything in this envelope so the protocol can be extended with new
+// message types without adding more tags.
+message BoundaryMessage {
+	oneof msg {
+		coder.agent.v2.ReportBoundaryLogsRequest logs = 1;
+		BoundaryStatus status = 2;
+	}
+}
+
+// BoundaryStatus carries operational metadata from boundary to the agent.
+// The agent records these values as Prometheus metrics. This message is
+// never forwarded to coderd.
+message BoundaryStatus {
+	// Logs dropped because boundary's internal channel buffer was full.
+	int64 dropped_channel_full = 1;
+	// Logs dropped because boundary's batch buffer was full after a
+	// failed flush attempt.
+	int64 dropped_batch_full = 2;
+}
@@ -14,14 +14,23 @@ import (
 	"io"

 	"golang.org/x/xerrors"
+	"google.golang.org/protobuf/proto"
+
+	agentproto "github.com/coder/coder/v2/agent/proto"
 )

 type Tag uint8

 const (
-	// TagV1 identifies the first revision of the protocol. This version has a maximum
-	// data length of MaxMessageSizeV1.
+	// TagV1 identifies the first revision of the protocol. The payload is a
+	// bare ReportBoundaryLogsRequest. This version has a maximum data length
+	// of MaxMessageSizeV1.
 	TagV1 Tag = 1
+
+	// TagV2 identifies the second revision of the protocol. The payload is
+	// a BoundaryMessage envelope. This version has a maximum data length of
+	// MaxMessageSizeV2.
+	TagV2 Tag = 2
 )

 const (
@@ -35,6 +44,9 @@ const (
 	// over the wire for the TagV1 tag. While the wire format allows 24 bits for
 	// length, TagV1 only uses 15 bits.
 	MaxMessageSizeV1 uint32 = 1 << 15
+
+	// MaxMessageSizeV2 is the maximum data length for TagV2.
+	MaxMessageSizeV2 = MaxMessageSizeV1
 )

 var (
@@ -48,12 +60,9 @@ var (
 // WriteFrame writes a framed message with the given tag and data. The data
 // must not exceed 2^DataLength in length.
 func WriteFrame(w io.Writer, tag Tag, data []byte) error {
-	var maxSize uint32
-	switch tag {
-	case TagV1:
-		maxSize = MaxMessageSizeV1
-	default:
-		return xerrors.Errorf("%w: %d", ErrUnsupportedTag, tag)
+	maxSize, err := maxSizeForTag(tag)
+	if err != nil {
+		return err
 	}

 	if len(data) > int(maxSize) {
@@ -101,12 +110,9 @@ func ReadFrame(r io.Reader, buf []byte) (Tag, []byte, error) {
 	}
 	tag := Tag(shifted)

-	var maxSize uint32
-	switch tag {
-	case TagV1:
-		maxSize = MaxMessageSizeV1
-	default:
-		return 0, nil, xerrors.Errorf("%w: %d", ErrUnsupportedTag, tag)
+	maxSize, err := maxSizeForTag(tag)
+	if err != nil {
+		return 0, nil, err
 	}

 	if length > maxSize {
@@ -125,3 +131,56 @@ func ReadFrame(r io.Reader, buf []byte) (Tag, []byte, error) {

 	return tag, buf[:length], nil
 }
+
+// maxSizeForTag returns the maximum payload size for the given tag.
+func maxSizeForTag(tag Tag) (uint32, error) {
+	switch tag {
+	case TagV1:
+		return MaxMessageSizeV1, nil
+	case TagV2:
+		return MaxMessageSizeV2, nil
+	default:
+		return 0, xerrors.Errorf("%w: %d", ErrUnsupportedTag, tag)
+	}
+}
+
+// ReadMessage reads a framed message and unmarshals it based on tag. The
+// returned buf should be passed back on the next call for buffer reuse.
+func ReadMessage(r io.Reader, buf []byte) (proto.Message, []byte, error) {
+	tag, data, err := ReadFrame(r, buf)
+	if err != nil {
+		return nil, data, err
+	}
+
+	var msg proto.Message
+	switch tag {
+	case TagV1:
+		var req agentproto.ReportBoundaryLogsRequest
+		if err := proto.Unmarshal(data, &req); err != nil {
+			return nil, data, xerrors.Errorf("unmarshal TagV1: %w", err)
+		}
+		msg = &req
+	case TagV2:
+		var envelope BoundaryMessage
+		if err := proto.Unmarshal(data, &envelope); err != nil {
+			return nil, data, xerrors.Errorf("unmarshal TagV2: %w", err)
+		}
+		msg = &envelope
+	default:
+		// maxSizeForTag already rejects unknown tags during ReadFrame,
+		// but handle it here for safety.
+		return nil, data, xerrors.Errorf("%w: %d", ErrUnsupportedTag, tag)
+	}
+
+	return msg, data, nil
+}
+
+// WriteMessage marshals a proto message and writes it as a framed message
+// with the given tag.
+func WriteMessage(w io.Writer, tag Tag, msg proto.Message) error {
+	data, err := proto.Marshal(msg)
+	if err != nil {
+		return xerrors.Errorf("marshal: %w", err)
+	}
+	return WriteFrame(w, tag, data)
+}
@@ -89,7 +89,7 @@ func TestReadFrameInvalidTag(t *testing.T) {
 	// reading the invalid tag.
 	const (
 		dataLength uint32 = 10
-		bogusTag   uint32 = 2
+		bogusTag   uint32 = 222
 	)
 	header := bogusTag<<codec.DataLength | dataLength
 	data := make([]byte, 4)
@@ -139,7 +139,7 @@ func TestWriteFrameInvalidTag(t *testing.T) {

 	var buf bytes.Buffer
 	data := make([]byte, 1)
-	const bogusTag = 2
+	const bogusTag = 222
 	err := codec.WriteFrame(&buf, codec.Tag(bogusTag), data)
 	require.ErrorIs(t, err, codec.ErrUnsupportedTag)
 }
@@ -0,0 +1,77 @@
+package boundarylogproxy
+
+import "github.com/prometheus/client_golang/prometheus"
+
+// Metrics tracks observability for the boundary -> agent -> coderd audit log
+// pipeline.
+//
+// Audit logs from boundary workspaces pass through several async buffers
+// before reaching coderd, and any stage can silently drop data. These
+// metrics make that loss visible so operators/devs can:
+//
+//   - Bubble up data loss: a non-zero drop rate means audit logs are being
+//     lost, which may have auditing implications.
+//   - Identify the bottleneck: the reason label pinpoints where drops
+//     occur: boundary's internal buffers, the agent's channel, or the
+//     RPC to coderd.
+//   - Tune buffer sizes: sustained "buffer_full" drops indicate the
+//     agent's channel (or boundary's batch buffer) is too small for the
+//     workload. Combined with batches_forwarded_total you can compute a
+//     drop rate: drops / (drops + forwards).
+//   - Detect batch forwarding issues: "forward_failed" drops increase when
+//     the agent cannot reach coderd.
+//
+// Drops are captured at two stages:
+//   - Agent-side: the agent's channel buffer overflows (reason
+//     "buffer_full") or the RPC forward to coderd fails (reason
+//     "forward_failed").
+//   - Boundary-reported: boundary self-reports drops via BoundaryStatus
+//     messages (reasons "boundary_channel_full", "boundary_batch_full").
+//     These arrive on the next successful flush from boundary.
+//
+// There are circumstances where metrics could be lost e.g., agent restarts,
+// boundary crashes, or the agent shuts down when the DRPC connection is down.
+type Metrics struct {
+	batchesDropped   *prometheus.CounterVec
+	logsDropped      *prometheus.CounterVec
+	batchesForwarded prometheus.Counter
+}
+
+func newMetrics(registerer prometheus.Registerer) *Metrics {
+	batchesDropped := prometheus.NewCounterVec(prometheus.CounterOpts{
+		Namespace: "agent",
+		Subsystem: "boundary_log_proxy",
+		Name:      "batches_dropped_total",
+		Help: "Total number of boundary log batches dropped before reaching coderd. " +
+			"Reason: buffer_full = the agent's internal buffer is full, meaning boundary is producing logs faster than the agent can forward them to coderd; " +
+			"forward_failed = the agent failed to send the batch to coderd, potentially because coderd is unreachable or the connection was interrupted.",
+	}, []string{"reason"})
+	registerer.MustRegister(batchesDropped)
+
+	logsDropped := prometheus.NewCounterVec(prometheus.CounterOpts{
+		Namespace: "agent",
+		Subsystem: "boundary_log_proxy",
+		Name:      "logs_dropped_total",
+		Help: "Total number of individual boundary log entries dropped before reaching coderd. " +
+			"Reason: buffer_full = the agent's internal buffer is full; " +
+			"forward_failed = the agent failed to send the batch to coderd; " +
+			"boundary_channel_full = boundary's internal send channel overflowed, meaning boundary is generating logs faster than it can batch and send them; " +
+			"boundary_batch_full = boundary's outgoing batch buffer overflowed after a failed flush, meaning boundary could not write to the agent's socket.",
+	}, []string{"reason"})
+	registerer.MustRegister(logsDropped)
+
+	batchesForwarded := prometheus.NewCounter(prometheus.CounterOpts{
+		Namespace: "agent",
+		Subsystem: "boundary_log_proxy",
+		Name:      "batches_forwarded_total",
+		Help: "Total number of boundary log batches successfully forwarded to coderd. " +
+			"Compare with batches_dropped_total to compute a drop rate.",
+	})
+	registerer.MustRegister(batchesForwarded)
+
+	return &Metrics{
+		batchesDropped:   batchesDropped,
+		logsDropped:      logsDropped,
+		batchesForwarded: batchesForwarded,
+	}
+}
@@ -11,6 +11,7 @@ import (
 	"path/filepath"
 	"sync"

+	"github.com/prometheus/client_golang/prometheus"
 	"golang.org/x/xerrors"
 	"google.golang.org/protobuf/proto"

@@ -26,6 +27,13 @@ const (
 	logBufferSize = 100
 )

+const (
+	droppedReasonBoundaryChannelFull = "boundary_channel_full"
+	droppedReasonBoundaryBatchFull   = "boundary_batch_full"
+	droppedReasonBufferFull          = "buffer_full"
+	droppedReasonForwardFailed       = "forward_failed"
+)
+
 // DefaultSocketPath returns the default path for the boundary audit log socket.
 func DefaultSocketPath() string {
 	return filepath.Join(os.TempDir(), "boundary-audit.sock")
@@ -43,6 +51,7 @@ type Reporter interface {
 type Server struct {
 	logger     slog.Logger
 	socketPath string
+	metrics    *Metrics

 	listener net.Listener
 	cancel   context.CancelFunc
@@ -53,10 +62,11 @@ type Server struct {
 }

 // NewServer creates a new boundary log proxy server.
-func NewServer(logger slog.Logger, socketPath string) *Server {
+func NewServer(logger slog.Logger, socketPath string, registerer prometheus.Registerer) *Server {
 	return &Server{
 		logger:     logger.Named("boundary-log-proxy"),
 		socketPath: socketPath,
+		metrics:    newMetrics(registerer),
 		logs:       make(chan *agentproto.ReportBoundaryLogsRequest, logBufferSize),
 	}
 }
@@ -100,9 +110,13 @@ func (s *Server) RunForwarder(ctx context.Context, sender Reporter) error {
 				s.logger.Warn(ctx, "failed to forward boundary logs",
 					slog.Error(err),
 					slog.F("log_count", len(req.Logs)))
+				s.metrics.batchesDropped.WithLabelValues(droppedReasonForwardFailed).Inc()
+				s.metrics.logsDropped.WithLabelValues(droppedReasonForwardFailed).Add(float64(len(req.Logs)))
 				// Continue forwarding other logs. The current batch is lost,
 				// but the socket stays alive.
+				continue
 			}
+			s.metrics.batchesForwarded.Inc()
 		}
 	}
 }
@@ -139,8 +153,8 @@ func (s *Server) handleConnection(ctx context.Context, conn net.Conn) {
 		_ = conn.Close()
 	}()

-	// This is intended to be a sane starting point for the read buffer size. It may be
-	// grown by codec.ReadFrame if necessary.
+	// This is intended to be a sane starting point for the read buffer size.
+	// It may be grown by codec.ReadMessage if necessary.
 	const initBufSize = 1 << 10
 	buf := make([]byte, initBufSize)

@@ -151,36 +165,59 @@ func (s *Server) handleConnection(ctx context.Context, conn net.Conn) {
 		default:
 		}

-		var (
-			tag codec.Tag
-			err error
-		)
-		tag, buf, err = codec.ReadFrame(conn, buf)
+		var err error
+		var msg proto.Message
+		msg, buf, err = codec.ReadMessage(conn, buf)
 		switch {
 		case errors.Is(err, io.EOF) || errors.Is(err, net.ErrClosed):
 			return
-		case err != nil:
+		case errors.Is(err, codec.ErrUnsupportedTag) || errors.Is(err, codec.ErrMessageTooLarge):
 			s.logger.Warn(ctx, "read frame error", slog.Error(err))
 			return
-		}
-
-		if tag != codec.TagV1 {
-			s.logger.Warn(ctx, "invalid tag value", slog.F("tag", tag))
-			return
-		}
-
-		var req agentproto.ReportBoundaryLogsRequest
-		if err := proto.Unmarshal(buf, &req); err != nil {
-			s.logger.Warn(ctx, "proto unmarshal error", slog.Error(err))
+		case err != nil:
+			s.logger.Warn(ctx, "read message error", slog.Error(err))
 			continue
 		}

-		select {
-		case s.logs <- &req:
+		s.handleMessage(ctx, msg)
+	}
+}
+
+func (s *Server) handleMessage(ctx context.Context, msg proto.Message) {
+	switch m := msg.(type) {
+	case *agentproto.ReportBoundaryLogsRequest:
+		s.bufferLogs(ctx, m)
+	case *codec.BoundaryMessage:
+		switch inner := m.Msg.(type) {
+		case *codec.BoundaryMessage_Logs:
+			s.bufferLogs(ctx, inner.Logs)
+		case *codec.BoundaryMessage_Status:
+			s.recordBoundaryStatus(inner.Status)
 		default:
-			s.logger.Warn(ctx, "dropping boundary logs, buffer full",
-				slog.F("log_count", len(req.Logs)))
+			s.logger.Warn(ctx, "unknown BoundaryMessage variant")
 		}
+	default:
+		s.logger.Warn(ctx, "unexpected message type")
+	}
+}
+
+func (s *Server) recordBoundaryStatus(status *codec.BoundaryStatus) {
+	if n := status.DroppedChannelFull; n > 0 {
+		s.metrics.logsDropped.WithLabelValues(droppedReasonBoundaryChannelFull).Add(float64(n))
+	}
+	if n := status.DroppedBatchFull; n > 0 {
+		s.metrics.logsDropped.WithLabelValues(droppedReasonBoundaryBatchFull).Add(float64(n))
+	}
+}
+
+func (s *Server) bufferLogs(ctx context.Context, req *agentproto.ReportBoundaryLogsRequest) {
+	select {
+	case s.logs <- req:
+	default:
+		s.logger.Warn(ctx, "dropping boundary logs, buffer full",
+			slog.F("log_count", len(req.Logs)))
+		s.metrics.batchesDropped.WithLabelValues(droppedReasonBufferFull).Inc()
+		s.metrics.logsDropped.WithLabelValues(droppedReasonBufferFull).Add(float64(len(req.Logs)))
 	}
 }

@@ -11,8 +11,8 @@ import (
 	"testing"
 	"time"

+	"github.com/prometheus/client_golang/prometheus"
 	"github.com/stretchr/testify/require"
-	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/timestamppb"

 	"github.com/coder/coder/v2/agent/boundarylogproxy"
@@ -21,20 +21,42 @@ import (
 	"github.com/coder/coder/v2/testutil"
 )

-// sendMessage writes a framed protobuf message to the connection.
-func sendMessage(t *testing.T, conn net.Conn, req *agentproto.ReportBoundaryLogsRequest) {
+// sendLogsV1 writes a bare ReportBoundaryLogsRequest using TagV1, the
+// legacy framing that existing boundary deployments use.
+func sendLogsV1(t *testing.T, conn net.Conn, req *agentproto.ReportBoundaryLogsRequest) {
 	t.Helper()

-	data, err := proto.Marshal(req)
+	err := codec.WriteMessage(conn, codec.TagV1, req)
 	if err != nil {
-		//nolint:gocritic // In tests we're not worried about conn being nil.
-		t.Errorf("%s marshal req: %s", conn.LocalAddr().String(), err)
+		t.Errorf("write v1 logs: %s", err)
 	}
+}

-	err = codec.WriteFrame(conn, codec.TagV1, data)
+// sendLogs writes a BoundaryMessage envelope containing logs to the
+// connection using TagV2.
+func sendLogs(t *testing.T, conn net.Conn, req *agentproto.ReportBoundaryLogsRequest) {
+	t.Helper()
+
+	msg := &codec.BoundaryMessage{
+		Msg: &codec.BoundaryMessage_Logs{Logs: req},
+	}
+	err := codec.WriteMessage(conn, codec.TagV2, msg)
 	if err != nil {
-		//nolint:gocritic // In tests we're not worried about conn being nil.
-		t.Errorf("%s write frame: %s", conn.LocalAddr().String(), err)
+		t.Errorf("write logs: %s", err)
+	}
+}
+
+// sendStatus writes a BoundaryMessage envelope containing a BoundaryStatus
+// to the connection using TagV2.
+func sendStatus(t *testing.T, conn net.Conn, status *codec.BoundaryStatus) {
+	t.Helper()
+
+	msg := &codec.BoundaryMessage{
+		Msg: &codec.BoundaryMessage_Status{Status: status},
+	}
+	err := codec.WriteMessage(conn, codec.TagV2, msg)
+	if err != nil {
+		t.Errorf("write status: %s", err)
 	}
 }

@@ -80,7 +102,7 @@ func TestServer_StartAndClose(t *testing.T) {
 	t.Parallel()

 	socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "boundary.sock")
-	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath)
+	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath, prometheus.NewRegistry())

 	err := srv.Start()
 	require.NoError(t, err)
@@ -99,7 +121,7 @@ func TestServer_ReceiveAndForwardLogs(t *testing.T) {
 	t.Parallel()

 	socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "boundary.sock")
-	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath)
+	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath, prometheus.NewRegistry())

 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
@@ -136,7 +158,7 @@ func TestServer_ReceiveAndForwardLogs(t *testing.T) {
 		},
 	}

-	sendMessage(t, conn, req)
+	sendLogs(t, conn, req)

 	// Wait for the reporter to receive the log.
 	require.Eventually(t, func() bool {
@@ -159,7 +181,7 @@ func TestServer_MultipleMessages(t *testing.T) {
 	t.Parallel()

 	socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "boundary.sock")
-	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath)
+	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath, prometheus.NewRegistry())

 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
@@ -195,7 +217,7 @@ func TestServer_MultipleMessages(t *testing.T) {
 				},
 			},
 		}
-		sendMessage(t, conn, req)
+		sendLogs(t, conn, req)
 	}

 	require.Eventually(t, func() bool {
@@ -211,7 +233,7 @@ func TestServer_MultipleConnections(t *testing.T) {
 	t.Parallel()

 	socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "boundary.sock")
-	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath)
+	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath, prometheus.NewRegistry())

 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
@@ -254,7 +276,7 @@ func TestServer_MultipleConnections(t *testing.T) {
 					},
 				},
 			}
-			sendMessage(t, conn, req)
+			sendLogs(t, conn, req)
 		}(i)
 	}
 	wg.Wait()
@@ -272,7 +294,7 @@ func TestServer_MessageTooLarge(t *testing.T) {
 	t.Parallel()

 	socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "boundary.sock")
-	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath)
+	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath, prometheus.NewRegistry())

 	err := srv.Start()
 	require.NoError(t, err)
@@ -300,7 +322,7 @@ func TestServer_ForwarderContinuesAfterError(t *testing.T) {
 	t.Parallel()

 	socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "boundary.sock")
-	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath)
+	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath, prometheus.NewRegistry())

 	err := srv.Start()
 	require.NoError(t, err)
@@ -342,7 +364,7 @@ func TestServer_ForwarderContinuesAfterError(t *testing.T) {
 			},
 		},
 	}
-	sendMessage(t, conn, req1)
+	sendLogs(t, conn, req1)

 	select {
 	case <-reportNotify:
@@ -365,7 +387,7 @@ func TestServer_ForwarderContinuesAfterError(t *testing.T) {
 			},
 		},
 	}
-	sendMessage(t, conn, req2)
+	sendLogs(t, conn, req2)

 	// Only the second message should be recorded.
 	require.Eventually(t, func() bool {
@@ -385,7 +407,7 @@ func TestServer_CloseStopsForwarder(t *testing.T) {
 	t.Parallel()

 	socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "boundary.sock")
-	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath)
+	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath, prometheus.NewRegistry())

 	err := srv.Start()
 	require.NoError(t, err)
@@ -414,7 +436,7 @@ func TestServer_InvalidProtobuf(t *testing.T) {
 	t.Parallel()

 	socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "boundary.sock")
-	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath)
+	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath, prometheus.NewRegistry())

 	err := srv.Start()
 	require.NoError(t, err)
@@ -458,7 +480,7 @@ func TestServer_InvalidProtobuf(t *testing.T) {
 			},
 		},
 	}
-	sendMessage(t, conn, req)
+	sendLogs(t, conn, req)

 	require.Eventually(t, func() bool {
 		logs := reporter.getLogs()
@@ -473,7 +495,7 @@ func TestServer_InvalidHeader(t *testing.T) {
 	t.Parallel()

 	socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "boundary.sock")
-	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath)
+	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath, prometheus.NewRegistry())

 	err := srv.Start()
 	require.NoError(t, err)
@@ -523,7 +545,7 @@ func TestServer_AllowRequest(t *testing.T) {
 	t.Parallel()

 	socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "boundary.sock")
-	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath)
+	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath, prometheus.NewRegistry())

 	err := srv.Start()
 	require.NoError(t, err)
@@ -559,7 +581,7 @@ func TestServer_AllowRequest(t *testing.T) {
 			},
 		},
 	}
-	sendMessage(t, conn, req)
+	sendLogs(t, conn, req)

 	require.Eventually(t, func() bool {
 		logs := reporter.getLogs()
@@ -576,3 +598,258 @@ func TestServer_AllowRequest(t *testing.T) {
 	cancel()
 	<-forwarderDone
 }
+
+func TestServer_TagV1BackwardsCompatibility(t *testing.T) {
+	t.Parallel()
+
+	socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "boundary.sock")
+	srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath, prometheus.NewRegistry())
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	err := srv.Start()
+	require.NoError(t, err)
+	t.Cleanup(func() { require.NoError(t, srv.Close()) })
+
+	reporter := &fakeReporter{}
+
+	forwarderDone := make(chan error, 1)
+	go func() {
+		forwarderDone <- srv.RunForwarder(ctx, reporter)
+	}()
+
+	conn, err := net.Dial("unix", socketPath)
+	require.NoError(t, err)
+	defer conn.Close()
+
+	// Send a TagV1 message (bare ReportBoundaryLogsRequest) to verify
+	// the server still handles the legacy framing used by existing
+	// boundary deployments.
+	v1Req := &agentproto.ReportBoundaryLogsRequest{
+		Logs: []*agentproto.BoundaryLog{
+			{
+				Allowed: true,
+				Time:    timestamppb.Now(),
+				Resource: &agentproto.BoundaryLog_HttpRequest_{
+					HttpRequest: &agentproto.BoundaryLog_HttpRequest{
+						Method: "GET",
+						Url:    "https://example.com/v1",
+					},
+				},
+			},
+		},
+	}
+	sendLogsV1(t, conn, v1Req)
+
+	require.Eventually(t, func() bool {
+		return len(reporter.getLogs()) == 1
+	}, testutil.WaitShort, testutil.IntervalFast)
+
+	// Now send a TagV2 message on the same connection to verify both
+	// tag versions work interleaved.
+	v2Req := &agentproto.ReportBoundaryLogsRequest{
+		Logs: []*agentproto.BoundaryLog{
+			{
+				Allowed: false,
+				Time:    timestamppb.Now(),
+				Resource: &agentproto.BoundaryLog_HttpRequest_{
+					HttpRequest: &agentproto.BoundaryLog_HttpRequest{
+						Method: "POST",
+						Url:    "https://example.com/v2",
+					},
+				},
+			},
+		},
+	}
+	sendLogs(t, conn, v2Req)
+
+	require.Eventually(t, func() bool {
+		return len(reporter.getLogs()) == 2
+	}, testutil.WaitShort, testutil.IntervalFast)
+
+	logs := reporter.getLogs()
+	require.Equal(t, "https://example.com/v1", logs[0].Logs[0].GetHttpRequest().Url)
+	require.Equal(t, "https://example.com/v2", logs[1].Logs[0].GetHttpRequest().Url)
+
+	cancel()
+	<-forwarderDone
+}
+
+func TestServer_Metrics(t *testing.T) {
+	t.Parallel()
+
+	makeReq := func(n int) *agentproto.ReportBoundaryLogsRequest {
+		logs := make([]*agentproto.BoundaryLog, n)
+		for i := range n {
+			logs[i] = &agentproto.BoundaryLog{
+				Allowed: true,
+				Time:    timestamppb.Now(),
+				Resource: &agentproto.BoundaryLog_HttpRequest_{
+					HttpRequest: &agentproto.BoundaryLog_HttpRequest{
+						Method: "GET",
+						Url:    "https://example.com",
+					},
+				},
+			}
+		}
+		return &agentproto.ReportBoundaryLogsRequest{Logs: logs}
+	}
+
+	// BufferFull needs its own setup because it intentionally does not run
+	// a forwarder so the channel fills up.
+	t.Run("BufferFull", func(t *testing.T) {
+		t.Parallel()
+
+		reg := prometheus.NewRegistry()
+		socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "boundary.sock")
+		srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath, reg)
+
+		err := srv.Start()
+		require.NoError(t, err)
+		t.Cleanup(func() { require.NoError(t, srv.Close()) })
+
+		conn, err := net.Dial("unix", socketPath)
+		require.NoError(t, err)
+		defer conn.Close()
+
+		// Fill the buffer (size 100) without running a forwarder so nothing
+		// drains. Then send one more to trigger the drop path.
+		for range 101 {
+			sendLogs(t, conn, makeReq(1))
+		}
+
+		require.Eventually(t, func() bool {
+			return getCounterVecValue(t, reg, "agent_boundary_log_proxy_batches_dropped_total", "buffer_full") >= 1
+		}, testutil.WaitShort, testutil.IntervalFast)
+		require.GreaterOrEqual(t,
+			getCounterVecValue(t, reg, "agent_boundary_log_proxy_logs_dropped_total", "buffer_full"),
+			float64(1))
+	})
+
+	// The remaining metrics share one server, forwarder, and connection. The
+	// phases run sequentially so metrics accumulate.
+	t.Run("Forwarding", func(t *testing.T) {
+		t.Parallel()
+
+		reg := prometheus.NewRegistry()
+		socketPath := filepath.Join(testutil.TempDirUnixSocket(t), "boundary.sock")
+		srv := boundarylogproxy.NewServer(testutil.Logger(t), socketPath, reg)
+
+		err := srv.Start()
+		require.NoError(t, err)
+		t.Cleanup(func() { require.NoError(t, srv.Close()) })
+
+		reportNotify := make(chan struct{}, 4)
+		reporter := &fakeReporter{
+			err:     context.DeadlineExceeded,
+			errOnce: true,
+			reportCb: func() {
+				select {
+				case reportNotify <- struct{}{}:
+				default:
+				}
+			},
+		}
+
+		ctx, cancel := context.WithCancel(context.Background())
+		defer cancel()
+		forwarderDone := make(chan error, 1)
+		go func() {
+			forwarderDone <- srv.RunForwarder(ctx, reporter)
+		}()
+
+		conn, err := net.Dial("unix", socketPath)
+		require.NoError(t, err)
+		defer conn.Close()
+
+		// Phase 1: the first forward errors
+		sendLogs(t, conn, makeReq(2))
+
+		select {
+		case <-reportNotify:
+		case <-time.After(testutil.WaitShort):
+			t.Fatal("timed out waiting for forward attempt")
+		}
+
+		// The metric is incremented after ReportBoundaryLogs returns, so we
+		// need to poll briefly.
+		require.Eventually(t, func() bool {
+			return getCounterVecValue(t, reg, "agent_boundary_log_proxy_batches_dropped_total", "forward_failed") >= 1
+		}, testutil.WaitShort, testutil.IntervalFast)
+		require.Equal(t, float64(2),
+			getCounterVecValue(t, reg, "agent_boundary_log_proxy_logs_dropped_total", "forward_failed"))
+
+		// Phase 2: forward succeeds.
+		sendLogs(t, conn, makeReq(1))
+
+		require.Eventually(t, func() bool {
+			return len(reporter.getLogs()) >= 1
+		}, testutil.WaitShort, testutil.IntervalFast)
+		require.Equal(t, float64(1),
+			getCounterValue(t, reg, "agent_boundary_log_proxy_batches_forwarded_total"))
+
+		// Phase 3: boundary-reported drop counts arrive as a separate BoundaryStatus
+		// message, not piggybacked on log batches.
+		sendStatus(t, conn, &codec.BoundaryStatus{
+			DroppedChannelFull: 5,
+			DroppedBatchFull:   3,
+		})
+
+		// Status is handled immediately by the reader goroutine, not by the
+		// forwarder, so poll metrics directly.
+		require.Eventually(t, func() bool {
+			return getCounterVecValue(t, reg, "agent_boundary_log_proxy_logs_dropped_total", "boundary_channel_full") >= 5
+		}, testutil.WaitShort, testutil.IntervalFast)
+		require.Equal(t, float64(5),
+			getCounterVecValue(t, reg, "agent_boundary_log_proxy_logs_dropped_total", "boundary_channel_full"))
+		require.Equal(t, float64(3),
+			getCounterVecValue(t, reg, "agent_boundary_log_proxy_logs_dropped_total", "boundary_batch_full"))
+
+		cancel()
+		<-forwarderDone
+	})
+}
+
+// getCounterVecValue returns the current value of a CounterVec metric filtered
+// by the given reason label.
+func getCounterVecValue(t *testing.T, reg *prometheus.Registry, name, reason string) float64 {
+	t.Helper()
+
+	metrics, err := reg.Gather()
+	require.NoError(t, err)
+
+	for _, mf := range metrics {
+		if mf.GetName() != name {
+			continue
+		}
+		for _, m := range mf.GetMetric() {
+			for _, lp := range m.GetLabel() {
+				if lp.GetName() == "reason" && lp.GetValue() == reason {
+					return m.GetCounter().GetValue()
+				}
+			}
+		}
+	}
+
+	return 0
+}
+
+// getCounterValue returns the current value of a Counter metric.
+func getCounterValue(t *testing.T, reg *prometheus.Registry, name string) float64 {
+	t.Helper()
+
+	metrics, err := reg.Gather()
+	require.NoError(t, err)
+
+	for _, mf := range metrics {
+		if mf.GetName() != name {
+			continue
+		}
+		for _, m := range mf.GetMetric() {
+			return m.GetCounter().GetValue()
+		}
+	}
+
+	return 0
+}
@@ -0,0 +1,316 @@
+package filefinder_test
+
+import (
+	"context"
+	"fmt"
+	"math/rand"
+	"os"
+	"path/filepath"
+	"runtime"
+	"sync"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"cdr.dev/slog/v3"
+	"cdr.dev/slog/v3/sloggers/slogtest"
+	"github.com/coder/coder/v2/agent/filefinder"
+)
+
+var (
+	dirNames = []string{
+		"cmd", "internal", "pkg", "api", "auth", "database", "server", "client", "middleware",
+		"handler", "config", "utils", "models", "service", "worker", "scheduler", "notification",
+		"provisioner", "template", "workspace", "agent", "proxy", "crypto", "telemetry", "billing",
+	}
+	fileExts = []string{
+		".go", ".ts", ".tsx", ".js", ".py", ".sql", ".yaml", ".json", ".md", ".proto", ".sh",
+	}
+	fileStems = []string{
+		"main", "handler", "middleware", "service", "model", "query", "config", "utils", "helpers",
+		"types", "interface", "test", "mock", "factory", "builder", "adapter", "observer", "provider",
+		"resolver", "schema", "migration", "fixture", "snapshot", "checkpoint",
+	}
+)
+
+// generateFileTree creates n files under root in a realistic nested directory structure.
+func generateFileTree(t testing.TB, root string, n int, seed int64) {
+	t.Helper()
+	rng := rand.New(rand.NewSource(seed)) //nolint:gosec // deterministic benchmarks
+
+	numDirs := n / 5
+	if numDirs < 10 {
+		numDirs = 10
+	}
+	dirs := make([]string, 0, numDirs)
+	for i := 0; i < numDirs; i++ {
+		depth := rng.Intn(6) + 1
+		parts := make([]string, depth)
+		for d := 0; d < depth; d++ {
+			parts[d] = dirNames[rng.Intn(len(dirNames))]
+		}
+		dirs = append(dirs, filepath.Join(parts...))
+	}
+
+	created := make(map[string]struct{})
+	for _, d := range dirs {
+		full := filepath.Join(root, d)
+		if _, ok := created[full]; ok {
+			continue
+		}
+		require.NoError(t, os.MkdirAll(full, 0o755))
+		created[full] = struct{}{}
+	}
+
+	for i := 0; i < n; i++ {
+		dir := dirs[rng.Intn(len(dirs))]
+		stem := fileStems[rng.Intn(len(fileStems))]
+		ext := fileExts[rng.Intn(len(fileExts))]
+		name := fmt.Sprintf("%s_%d%s", stem, i, ext)
+		full := filepath.Join(root, dir, name)
+		f, err := os.Create(full)
+		require.NoError(t, err)
+		_ = f.Close()
+	}
+}
+
+// buildIndex walks root and returns a populated Index, the same
+// way Engine.AddRoot does but without starting a watcher.
+func buildIndex(t testing.TB, root string) *filefinder.Index {
+	t.Helper()
+	absRoot, err := filepath.Abs(root)
+	require.NoError(t, err)
+	idx, err := filefinder.BuildTestIndex(absRoot)
+	require.NoError(t, err)
+	return idx
+}
+
+func BenchmarkBuildIndex(b *testing.B) {
+	scales := []struct {
+		name string
+		n    int
+	}{
+		{"1K", 1_000},
+		{"10K", 10_000},
+		{"100K", 100_000},
+	}
+
+	for _, sc := range scales {
+		b.Run(sc.name, func(b *testing.B) {
+			if sc.n >= 100_000 && testing.Short() {
+				b.Skip("skipping large-scale benchmark")
+			}
+			dir := b.TempDir()
+			generateFileTree(b, dir, sc.n, 42)
+
+			b.ResetTimer()
+			for i := 0; i < b.N; i++ {
+				idx := buildIndex(b, dir)
+				if idx.Len() == 0 {
+					b.Fatal("expected non-empty index")
+				}
+			}
+			b.StopTimer()
+
+			idx := buildIndex(b, dir)
+			b.ReportMetric(float64(idx.Len())/b.Elapsed().Seconds(), "files/sec")
+		})
+	}
+}
+
+func BenchmarkSearch_ByScale(b *testing.B) {
+	queries := []struct {
+		name  string
+		query string
+	}{
+		{"exact_basename", "handler.go"},
+		{"short_query", "ha"},
+		{"fuzzy_basename", "hndlr"},
+		{"path_structured", "internal/handler"},
+		{"multi_token", "api handler"},
+	}
+	scales := []struct {
+		name string
+		n    int
+	}{
+		{"1K", 1_000},
+		{"10K", 10_000},
+		{"100K", 100_000},
+	}
+
+	for _, sc := range scales {
+		b.Run(sc.name, func(b *testing.B) {
+			if sc.n >= 100_000 && testing.Short() {
+				b.Skip("skipping large-scale benchmark")
+			}
+			dir := b.TempDir()
+			generateFileTree(b, dir, sc.n, 42)
+			idx := buildIndex(b, dir)
+			snap := idx.Snapshot()
+			opts := filefinder.DefaultSearchOptions()
+
+			for _, q := range queries {
+				b.Run(q.name, func(b *testing.B) {
+					p := filefinder.NewQueryPlanForTest(q.query)
+					b.ResetTimer()
+					for i := 0; i < b.N; i++ {
+						_ = filefinder.SearchSnapshotForTest(p, snap, opts.MaxCandidates)
+					}
+				})
+			}
+		})
+	}
+}
+
+func BenchmarkSearch_ConcurrentReads(b *testing.B) {
+	dir := b.TempDir()
+	generateFileTree(b, dir, 10_000, 42)
+
+	logger := slogtest.Make(b, &slogtest.Options{IgnoreErrors: true}).Leveled(slog.LevelError)
+	ctx := context.Background()
+	eng := filefinder.NewEngine(logger)
+	require.NoError(b, eng.AddRoot(ctx, dir))
+	b.Cleanup(func() { _ = eng.Close() })
+
+	opts := filefinder.DefaultSearchOptions()
+	goroutines := []int{1, 4, 16, 64}
+
+	for _, g := range goroutines {
+		b.Run(fmt.Sprintf("goroutines_%d", g), func(b *testing.B) {
+			b.SetParallelism(g)
+			b.ResetTimer()
+			b.RunParallel(func(pb *testing.PB) {
+				for pb.Next() {
+					results, err := eng.Search(ctx, "handler", opts)
+					if err != nil {
+						b.Fatal(err)
+					}
+					_ = results
+				}
+			})
+		})
+	}
+}
+
+func BenchmarkDeltaUpdate(b *testing.B) {
+	dir := b.TempDir()
+	generateFileTree(b, dir, 10_000, 42)
+
+	addCounts := []int{1, 10, 100}
+
+	for _, count := range addCounts {
+		b.Run(fmt.Sprintf("add_%d_files", count), func(b *testing.B) {
+			paths := make([]string, count)
+			for i := range paths {
+				paths[i] = fmt.Sprintf("injected/dir_%d/newfile_%d.go", i%10, i)
+			}
+			b.ResetTimer()
+			for i := 0; i < b.N; i++ {
+				b.StopTimer()
+				idx := buildIndex(b, dir)
+				b.StartTimer()
+				for _, p := range paths {
+					idx.Add(p, 0)
+				}
+			}
+			b.ReportMetric(float64(count), "files_added/op")
+		})
+	}
+
+	b.Run("search_after_100_additions", func(b *testing.B) {
+		idx := buildIndex(b, dir)
+		for i := 0; i < 100; i++ {
+			idx.Add(fmt.Sprintf("injected/extra/file_%d.go", i), 0)
+		}
+		snap := idx.Snapshot()
+		plan := filefinder.NewQueryPlanForTest("handler")
+		opts := filefinder.DefaultSearchOptions()
+
+		b.ResetTimer()
+		for i := 0; i < b.N; i++ {
+			_ = filefinder.SearchSnapshotForTest(plan, snap, opts.MaxCandidates)
+		}
+	})
+}
+
+func BenchmarkMemoryProfile(b *testing.B) {
+	scales := []struct {
+		name string
+		n    int
+	}{
+		{"10K", 10_000},
+		{"100K", 100_000},
+	}
+
+	for _, sc := range scales {
+		b.Run(sc.name, func(b *testing.B) {
+			if sc.n >= 100_000 && testing.Short() {
+				b.Skip("skipping large-scale memory profile")
+			}
+			dir := b.TempDir()
+			generateFileTree(b, dir, sc.n, 42)
+
+			b.ResetTimer()
+			for i := 0; i < b.N; i++ {
+				idx := buildIndex(b, dir)
+				_ = idx.Snapshot()
+			}
+			b.StopTimer()
+
+			// Report memory stats on the last iteration.
+			runtime.GC()
+			var before runtime.MemStats
+			runtime.ReadMemStats(&before)
+			idx := buildIndex(b, dir)
+			var after runtime.MemStats
+			runtime.ReadMemStats(&after)
+
+			allocDelta := after.TotalAlloc - before.TotalAlloc
+			b.ReportMetric(float64(allocDelta)/float64(idx.Len()), "bytes/file")
+
+			runtime.GC()
+			runtime.ReadMemStats(&before)
+			snap := idx.Snapshot()
+			_ = snap
+			runtime.GC()
+			runtime.ReadMemStats(&after)
+
+			snapAlloc := after.TotalAlloc - before.TotalAlloc
+			b.ReportMetric(float64(snapAlloc)/float64(idx.Len()), "snap-bytes/file")
+		})
+	}
+}
+
+func BenchmarkSearch_ConcurrentReads_Throughput(b *testing.B) {
+	dir := b.TempDir()
+	generateFileTree(b, dir, 10_000, 42)
+	idx := buildIndex(b, dir)
+	snap := idx.Snapshot()
+
+	goroutines := []int{1, 4, 16, 64}
+	plan := filefinder.NewQueryPlanForTest("handler.go")
+	maxCands := filefinder.DefaultSearchOptions().MaxCandidates
+
+	for _, g := range goroutines {
+		b.Run(fmt.Sprintf("goroutines_%d", g), func(b *testing.B) {
+			b.ResetTimer()
+			var wg sync.WaitGroup
+			perGoroutine := b.N / g
+			if perGoroutine < 1 {
+				perGoroutine = 1
+			}
+			for gi := 0; gi < g; gi++ {
+				wg.Add(1)
+				go func() {
+					defer wg.Done()
+					for j := 0; j < perGoroutine; j++ {
+						_ = filefinder.SearchSnapshotForTest(plan, snap, maxCands)
+					}
+				}()
+			}
+			wg.Wait()
+			totalOps := float64(g * perGoroutine)
+			b.ReportMetric(totalOps/b.Elapsed().Seconds(), "searches/sec")
+		})
+	}
+}
@@ -0,0 +1,125 @@
+package filefinder
+
+import "strings"
+
+// FileFlag represents the type of filesystem entry.
+type FileFlag uint16
+
+const (
+	FlagFile    FileFlag = 0
+	FlagDir     FileFlag = 1
+	FlagSymlink FileFlag = 2
+)
+
+type doc struct {
+	path    string
+	baseOff int
+	baseLen int
+	depth   int
+	flags   uint16
+}
+
+// Index is an append-only in-memory file index with snapshot support.
+type Index struct {
+	docs      []doc
+	byGram    map[uint32][]uint32
+	byPrefix1 [256][]uint32
+	byPrefix2 map[uint16][]uint32
+	byPath    map[string]uint32
+	deleted   map[uint32]bool
+}
+
+// Snapshot is a frozen, read-only view of the index at a point in time.
+type Snapshot struct {
+	docs      []doc
+	deleted   map[uint32]bool
+	byGram    map[uint32][]uint32
+	byPrefix1 [256][]uint32
+	byPrefix2 map[uint16][]uint32
+}
+
+// NewIndex creates an empty Index.
+func NewIndex() *Index {
+	return &Index{
+		byGram:    make(map[uint32][]uint32),
+		byPrefix2: make(map[uint16][]uint32),
+		byPath:    make(map[string]uint32),
+		deleted:   make(map[uint32]bool),
+	}
+}
+
+// Add inserts a path into the index, tombstoning any previous entry.
+func (idx *Index) Add(path string, flags uint16) uint32 {
+	norm := string(normalizePathBytes([]byte(path)))
+	if oldID, ok := idx.byPath[norm]; ok {
+		idx.deleted[oldID] = true
+	}
+	id := uint32(len(idx.docs)) //nolint:gosec // Index will never exceed 2^32 docs.
+	baseOff, baseLen := extractBasename([]byte(norm))
+	idx.docs = append(idx.docs, doc{
+		path: norm, baseOff: baseOff, baseLen: baseLen,
+		depth: strings.Count(norm, "/"), flags: flags,
+	})
+	idx.byPath[norm] = id
+	for _, g := range extractTrigrams([]byte(norm)) {
+		idx.byGram[g] = append(idx.byGram[g], id)
+	}
+	if baseLen > 0 {
+		basename := []byte(norm[baseOff : baseOff+baseLen])
+		p1 := prefix1(basename)
+		idx.byPrefix1[p1] = append(idx.byPrefix1[p1], id)
+		p2 := prefix2(basename)
+		idx.byPrefix2[p2] = append(idx.byPrefix2[p2], id)
+	}
+	return id
+}
+
+// Remove marks the entry for path as deleted.
+func (idx *Index) Remove(path string) bool {
+	norm := string(normalizePathBytes([]byte(path)))
+	id, ok := idx.byPath[norm]
+	if !ok {
+		return false
+	}
+	idx.deleted[id] = true
+	delete(idx.byPath, norm)
+	return true
+}
+
+// Has reports whether path exists (not deleted) in the index.
+func (idx *Index) Has(path string) bool {
+	_, ok := idx.byPath[string(normalizePathBytes([]byte(path)))]
+	return ok
+}
+
+// Len returns the number of live (non-deleted) documents.
+func (idx *Index) Len() int { return len(idx.byPath) }
+
+func copyPostings[K comparable](m map[K][]uint32) map[K][]uint32 {
+	cp := make(map[K][]uint32, len(m))
+	for k, v := range m {
+		cp[k] = v[:len(v):len(v)]
+	}
+	return cp
+}
+
+// Snapshot returns a frozen read-only view of the index.
+func (idx *Index) Snapshot() *Snapshot {
+	del := make(map[uint32]bool, len(idx.deleted))
+	for id := range idx.deleted {
+		del[id] = true
+	}
+	var p1Copy [256][]uint32
+	for i, ids := range idx.byPrefix1 {
+		if len(ids) > 0 {
+			p1Copy[i] = ids[:len(ids):len(ids)]
+		}
+	}
+	return &Snapshot{
+		docs:      idx.docs[:len(idx.docs):len(idx.docs)],
+		deleted:   del,
+		byGram:    copyPostings(idx.byGram),
+		byPrefix1: p1Copy,
+		byPrefix2: copyPostings(idx.byPrefix2),
+	}
+}
@@ -0,0 +1,120 @@
+package filefinder_test
+
+import (
+	"testing"
+
+	"github.com/coder/coder/v2/agent/filefinder"
+)
+
+func TestIndex_AddAndLen(t *testing.T) {
+	t.Parallel()
+	idx := filefinder.NewIndex()
+	idx.Add("foo/bar.go", 0)
+	idx.Add("foo/baz.go", 0)
+	if idx.Len() != 2 {
+		t.Fatalf("expected 2, got %d", idx.Len())
+	}
+}
+
+func TestIndex_Has(t *testing.T) {
+	t.Parallel()
+	idx := filefinder.NewIndex()
+	idx.Add("foo/bar.go", 0)
+	if !idx.Has("foo/bar.go") {
+		t.Fatal("expected Has to return true")
+	}
+	if idx.Has("foo/missing.go") {
+		t.Fatal("expected Has to return false for missing path")
+	}
+}
+
+func TestIndex_Remove(t *testing.T) {
+	t.Parallel()
+	idx := filefinder.NewIndex()
+	idx.Add("foo/bar.go", 0)
+	if !idx.Remove("foo/bar.go") {
+		t.Fatal("expected Remove to return true")
+	}
+	if idx.Has("foo/bar.go") {
+		t.Fatal("expected Has to return false after Remove")
+	}
+	if idx.Len() != 0 {
+		t.Fatalf("expected Len 0 after Remove, got %d", idx.Len())
+	}
+}
+
+func TestIndex_AddOverwrite(t *testing.T) {
+	t.Parallel()
+	idx := filefinder.NewIndex()
+	idx.Add("foo/bar.go", uint16(filefinder.FlagFile))
+	idx.Add("foo/bar.go", uint16(filefinder.FlagDir)) // overwrite
+	if idx.Len() != 1 {
+		t.Fatalf("expected 1 after overwrite, got %d", idx.Len())
+	}
+	// The old entry should be tombstoned.
+	if !filefinder.IndexIsDeleted(idx, 0) {
+		t.Fatal("expected old entry to be deleted")
+	}
+	if filefinder.IndexIsDeleted(idx, 1) {
+		t.Fatal("expected new entry to be live")
+	}
+}
+
+func TestIndex_Snapshot(t *testing.T) {
+	t.Parallel()
+	idx := filefinder.NewIndex()
+	idx.Add("foo/bar.go", 0)
+	idx.Add("foo/baz.go", 0)
+
+	snap := idx.Snapshot()
+	if filefinder.SnapshotCount(snap) != 2 {
+		t.Fatalf("expected snapshot count 2, got %d", filefinder.SnapshotCount(snap))
+	}
+
+	// Adding more docs after snapshot doesn't affect it.
+	idx.Add("foo/qux.go", 0)
+	if filefinder.SnapshotCount(snap) != 2 {
+		t.Fatal("snapshot count should not change after new adds")
+	}
+}
+
+func TestIndex_TrigramIndex(t *testing.T) {
+	t.Parallel()
+	idx := filefinder.NewIndex()
+	idx.Add("handler.go", 0)
+
+	// "handler.go" should produce trigrams for "handler.go".
+	// Check that at least one trigram exists.
+	if filefinder.IndexByGramLen(idx) == 0 {
+		t.Fatal("expected non-empty trigram index")
+	}
+}
+
+func TestIndex_PrefixIndex(t *testing.T) {
+	t.Parallel()
+	idx := filefinder.NewIndex()
+	idx.Add("handler.go", 0)
+
+	// basename is "handler.go", first byte is 'h'
+	if filefinder.IndexByPrefix1Len(idx, 'h') == 0 {
+		t.Fatal("expected prefix1['h'] to be non-empty")
+	}
+}
+
+func TestIndex_RemoveNonexistent(t *testing.T) {
+	t.Parallel()
+	idx := filefinder.NewIndex()
+	if idx.Remove("nonexistent.go") {
+		t.Fatal("expected Remove to return false for missing path")
+	}
+}
+
+func TestIndex_PathNormalization(t *testing.T) {
+	t.Parallel()
+	idx := filefinder.NewIndex()
+	idx.Add("Foo/Bar.go", 0)
+	// Should be findable with lowercase.
+	if !idx.Has("foo/bar.go") {
+		t.Fatal("expected case-insensitive Has")
+	}
+}
@@ -0,0 +1,364 @@
+// Package filefinder provides an in-memory file index with trigram
+// matching, fuzzy search, and filesystem watching. It is designed
+// to power file-finding features on workspace agents.
+package filefinder
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+	"slices"
+	"strings"
+	"sync"
+	"sync/atomic"
+
+	"golang.org/x/xerrors"
+
+	"cdr.dev/slog/v3"
+)
+
+// SearchOptions controls search behavior.
+type SearchOptions struct {
+	Limit         int
+	MaxCandidates int
+}
+
+// DefaultSearchOptions returns sensible default search options.
+func DefaultSearchOptions() SearchOptions {
+	return SearchOptions{Limit: 100, MaxCandidates: 10000}
+}
+
+type rootSnapshot struct {
+	root string
+	snap *Snapshot
+}
+
+// Engine is the main file finder. Safe for concurrent use.
+type Engine struct {
+	snap    atomic.Pointer[[]*rootSnapshot]
+	logger  slog.Logger
+	mu      sync.Mutex
+	roots   map[string]*rootState
+	eventCh chan rootEvent
+	closeCh chan struct{}
+	closed  atomic.Bool
+	wg      sync.WaitGroup
+}
+type rootState struct {
+	root    string
+	index   *Index
+	watcher *fsWatcher
+	cancel  context.CancelFunc
+}
+type rootEvent struct {
+	root   string
+	events []FSEvent
+}
+
+// walkRoot performs a full filesystem walk of absRoot and returns
+// a populated Index containing all discovered files and directories.
+func walkRoot(absRoot string) (*Index, error) {
+	idx := NewIndex()
+	err := filepath.Walk(absRoot, func(path string, info os.FileInfo, walkErr error) error {
+		if walkErr != nil {
+			return nil //nolint:nilerr
+		}
+		base := filepath.Base(path)
+		if _, skip := skipDirs[base]; skip && info.IsDir() {
+			return filepath.SkipDir
+		}
+		if path == absRoot {
+			return nil
+		}
+		relPath, relErr := filepath.Rel(absRoot, path)
+		if relErr != nil {
+			return nil //nolint:nilerr
+		}
+		relPath = filepath.ToSlash(relPath)
+		var flags uint16
+		if info.IsDir() {
+			flags = uint16(FlagDir)
+		} else if info.Mode()&os.ModeSymlink != 0 {
+			flags = uint16(FlagSymlink)
+		}
+		idx.Add(relPath, flags)
+		return nil
+	})
+	return idx, err
+}
+
+// NewEngine creates a new Engine.
+func NewEngine(logger slog.Logger) *Engine {
+	e := &Engine{
+		logger:  logger,
+		roots:   make(map[string]*rootState),
+		eventCh: make(chan rootEvent, 256),
+		closeCh: make(chan struct{}),
+	}
+	empty := make([]*rootSnapshot, 0)
+	e.snap.Store(&empty)
+	e.wg.Add(1)
+	go e.start()
+	return e
+}
+
+// ErrClosed is returned when operations are attempted on a
+// closed engine.
+var ErrClosed = xerrors.New("engine is closed")
+
+// AddRoot adds a directory root to the engine.
+func (e *Engine) AddRoot(ctx context.Context, root string) error {
+	absRoot, err := filepath.Abs(root)
+	if err != nil {
+		return xerrors.Errorf("resolve root: %w", err)
+	}
+	e.mu.Lock()
+	if e.closed.Load() {
+		e.mu.Unlock()
+		return ErrClosed
+	}
+	if _, exists := e.roots[absRoot]; exists {
+		e.mu.Unlock()
+		return nil
+	}
+	e.mu.Unlock()
+
+	// Walk and create the watcher outside the lock to avoid
+	// blocking the event pipeline on filesystem I/O.
+	idx, walkErr := walkRoot(absRoot)
+	if walkErr != nil {
+		return xerrors.Errorf("walk root: %w", walkErr)
+	}
+	wCtx, wCancel := context.WithCancel(context.Background())
+	w, wErr := newFSWatcher(absRoot, e.logger)
+	if wErr != nil {
+		wCancel()
+		return xerrors.Errorf("create watcher: %w", wErr)
+	}
+
+	e.mu.Lock()
+	// Re-check after re-acquiring the lock: another goroutine
+	// may have added this root or closed the engine while we
+	// were walking.
+	if e.closed.Load() {
+		e.mu.Unlock()
+		wCancel()
+		_ = w.Close()
+		return ErrClosed
+	}
+	if _, exists := e.roots[absRoot]; exists {
+		e.mu.Unlock()
+		wCancel()
+		_ = w.Close()
+		return nil
+	}
+	rs := &rootState{root: absRoot, index: idx, watcher: w, cancel: wCancel}
+	e.roots[absRoot] = rs
+	w.Start(wCtx)
+	e.wg.Add(1)
+	go e.forwardEvents(wCtx, absRoot, w)
+	e.publishSnapshot()
+	fileCount := idx.Len()
+	e.mu.Unlock()
+	e.logger.Info(ctx, "added root to engine",
+		slog.F("root", absRoot),
+		slog.F("files", fileCount),
+	)
+	return nil
+}
+
+// RemoveRoot stops watching a root and removes it.
+func (e *Engine) RemoveRoot(root string) error {
+	absRoot, err := filepath.Abs(root)
+	if err != nil {
+		return xerrors.Errorf("resolve root: %w", err)
+	}
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	rs, exists := e.roots[absRoot]
+	if !exists {
+		return xerrors.Errorf("root %q not found", absRoot)
+	}
+	rs.cancel()
+	_ = rs.watcher.Close()
+	delete(e.roots, absRoot)
+	e.publishSnapshot()
+	return nil
+}
+
+// Search performs a fuzzy file search across all roots.
+func (e *Engine) Search(_ context.Context, query string, opts SearchOptions) ([]Result, error) {
+	if e.closed.Load() {
+		return nil, ErrClosed
+	}
+	snapPtr := e.snap.Load()
+	if snapPtr == nil || len(*snapPtr) == 0 {
+		return nil, nil
+	}
+	roots := *snapPtr
+	plan := newQueryPlan(query)
+	if len(plan.Normalized) == 0 {
+		return nil, nil
+	}
+	if opts.Limit <= 0 {
+		opts.Limit = 100
+	}
+	if opts.MaxCandidates <= 0 {
+		opts.MaxCandidates = 10000
+	}
+	params := defaultScoreParams()
+	var allCands []candidate
+	for _, rs := range roots {
+		allCands = append(allCands, searchSnapshot(plan, rs.snap, opts.MaxCandidates)...)
+	}
+	results := mergeAndScore(allCands, plan, params, opts.Limit)
+	return results, nil
+}
+
+// Close shuts down the engine.
+func (e *Engine) Close() error {
+	if e.closed.Swap(true) {
+		return nil
+	}
+	close(e.closeCh)
+	e.mu.Lock()
+	for _, rs := range e.roots {
+		rs.cancel()
+		_ = rs.watcher.Close()
+	}
+	e.roots = make(map[string]*rootState)
+	e.mu.Unlock()
+	e.wg.Wait()
+	return nil
+}
+
+// Rebuild forces a complete re-walk and re-index of a root.
+func (e *Engine) Rebuild(ctx context.Context, root string) error {
+	absRoot, err := filepath.Abs(root)
+	if err != nil {
+		return xerrors.Errorf("resolve root: %w", err)
+	}
+
+	// Walk outside the lock to avoid blocking the event
+	// pipeline on potentially slow filesystem I/O.
+	idx, walkErr := walkRoot(absRoot)
+	if walkErr != nil {
+		return xerrors.Errorf("rebuild walk: %w", walkErr)
+	}
+
+	e.mu.Lock()
+	rs, exists := e.roots[absRoot]
+	if !exists {
+		e.mu.Unlock()
+		return xerrors.Errorf("root %q not found", absRoot)
+	}
+	rs.index = idx
+	e.publishSnapshot()
+	fileCount := idx.Len()
+	e.mu.Unlock()
+	e.logger.Info(ctx, "rebuilt root in engine",
+		slog.F("root", absRoot),
+		slog.F("files", fileCount),
+	)
+	return nil
+}
+
+func (e *Engine) start() {
+	defer e.wg.Done()
+	for {
+		select {
+		case <-e.closeCh:
+			return
+		case re, ok := <-e.eventCh:
+			if !ok {
+				return
+			}
+			e.applyEvents(re)
+		}
+	}
+}
+
+func (e *Engine) forwardEvents(ctx context.Context, root string, w *fsWatcher) {
+	defer e.wg.Done()
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		case <-e.closeCh:
+			return
+		case evts, ok := <-w.Events():
+			if !ok {
+				return
+			}
+			select {
+			case e.eventCh <- rootEvent{root: root, events: evts}:
+			case <-ctx.Done():
+				return
+			case <-e.closeCh:
+				return
+			}
+		}
+	}
+}
+
+func (e *Engine) applyEvents(re rootEvent) {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	rs, exists := e.roots[re.root]
+	if !exists {
+		return
+	}
+	changed := false
+	for _, ev := range re.events {
+		relPath, err := filepath.Rel(rs.root, ev.Path)
+		if err != nil {
+			continue
+		}
+		relPath = filepath.ToSlash(relPath)
+		switch ev.Op {
+		case OpCreate:
+			if rs.index.Has(relPath) {
+				continue
+			}
+			var flags uint16
+			if ev.IsDir {
+				flags = uint16(FlagDir)
+			}
+			rs.index.Add(relPath, flags)
+			changed = true
+		case OpRemove, OpRename:
+			if rs.index.Remove(relPath) {
+				changed = true
+			}
+			if ev.IsDir || ev.Op == OpRename {
+				prefix := strings.ToLower(filepath.ToSlash(relPath)) + "/"
+				for path := range rs.index.byPath {
+					if strings.HasPrefix(path, prefix) {
+						rs.index.Remove(path)
+						changed = true
+					}
+				}
+			}
+		case OpModify:
+		}
+	}
+	if changed {
+		e.publishSnapshot()
+	}
+}
+
+// publishSnapshot builds and atomically publishes a new snapshot.
+// Must be called with e.mu held.
+func (e *Engine) publishSnapshot() {
+	roots := make([]*rootSnapshot, 0, len(e.roots))
+	for _, rs := range e.roots {
+		roots = append(roots, &rootSnapshot{
+			root: rs.root,
+			snap: rs.index.Snapshot(),
+		})
+	}
+	slices.SortFunc(roots, func(a, b *rootSnapshot) int {
+		return strings.Compare(a.root, b.root)
+	})
+	e.snap.Store(&roots)
+}
@@ -0,0 +1,233 @@
+package filefinder_test
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+	"sort"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"cdr.dev/slog/v3"
+	"cdr.dev/slog/v3/sloggers/slogtest"
+	"github.com/coder/coder/v2/agent/filefinder"
+	"github.com/coder/coder/v2/testutil"
+)
+
+func newTestEngine(t *testing.T) (*filefinder.Engine, context.Context) {
+	t.Helper()
+	logger := slogtest.Make(t, &slogtest.Options{IgnoreErrors: true}).Leveled(slog.LevelDebug)
+	eng := filefinder.NewEngine(logger)
+	t.Cleanup(func() { _ = eng.Close() })
+	return eng, context.Background()
+}
+
+func requireResultHasPath(t *testing.T, results []filefinder.Result, path string) {
+	t.Helper()
+	for _, r := range results {
+		if r.Path == path {
+			return
+		}
+	}
+	t.Errorf("expected %q in results, got %v", path, resultPaths(results))
+}
+
+func TestEngine_SearchFindsKnownFile(t *testing.T) {
+	t.Parallel()
+	dir := t.TempDir()
+	createFile(t, dir, "src/main.go", "package main")
+	createFile(t, dir, "src/handler.go", "package main")
+	createFile(t, dir, "README.md", "# hello")
+
+	eng, ctx := newTestEngine(t)
+	require.NoError(t, eng.AddRoot(ctx, dir))
+
+	results, err := eng.Search(ctx, "main.go", filefinder.DefaultSearchOptions())
+	require.NoError(t, err)
+	require.NotEmpty(t, results, "expected to find main.go")
+	requireResultHasPath(t, results, "src/main.go")
+}
+
+func TestEngine_SearchFuzzyMatch(t *testing.T) {
+	t.Parallel()
+	dir := t.TempDir()
+	createFile(t, dir, "src/controllers/user_handler.go", "package controllers")
+	createFile(t, dir, "src/models/user.go", "package models")
+	createFile(t, dir, "docs/api.md", "# API")
+
+	eng, ctx := newTestEngine(t)
+	require.NoError(t, eng.AddRoot(ctx, dir))
+
+	// "handler" should match "user_handler.go".
+	results, err := eng.Search(ctx, "handler", filefinder.DefaultSearchOptions())
+	require.NoError(t, err)
+	// The query is a subsequence of "user_handler.go" so it
+	// should appear somewhere in the results.
+	requireResultHasPath(t, results, "src/controllers/user_handler.go")
+}
+
+func TestEngine_IndexPicksUpNewFile(t *testing.T) {
+	t.Parallel()
+	dir := t.TempDir()
+	createFile(t, dir, "existing.txt", "hello")
+
+	eng, ctx := newTestEngine(t)
+	require.NoError(t, eng.AddRoot(ctx, dir))
+	createFile(t, dir, "newfile_unique.txt", "world")
+
+	require.Eventually(t, func() bool {
+		results, sErr := eng.Search(ctx, "newfile_unique", filefinder.DefaultSearchOptions())
+		if sErr != nil {
+			return false
+		}
+		for _, r := range results {
+			if r.Path == "newfile_unique.txt" {
+				return true
+			}
+		}
+		return false
+	}, testutil.WaitShort, testutil.IntervalFast, "expected newfile_unique.txt to appear via watcher")
+}
+
+func TestEngine_IndexRemovesDeletedFile(t *testing.T) {
+	t.Parallel()
+	dir := t.TempDir()
+	createFile(t, dir, "deleteme_unique.txt", "goodbye")
+	createFile(t, dir, "keeper.txt", "stay")
+
+	eng, ctx := newTestEngine(t)
+	require.NoError(t, eng.AddRoot(ctx, dir))
+
+	results, err := eng.Search(ctx, "deleteme_unique", filefinder.DefaultSearchOptions())
+	require.NoError(t, err)
+	require.NotEmpty(t, results, "expected to find deleteme_unique.txt initially")
+
+	require.NoError(t, os.Remove(filepath.Join(dir, "deleteme_unique.txt")))
+
+	require.Eventually(t, func() bool {
+		results, sErr := eng.Search(ctx, "deleteme_unique", filefinder.DefaultSearchOptions())
+		if sErr != nil {
+			return false
+		}
+		for _, r := range results {
+			if r.Path == "deleteme_unique.txt" {
+				return false // still found
+			}
+		}
+		return true
+	}, testutil.WaitShort, testutil.IntervalFast, "expected deleteme_unique.txt to disappear after removal")
+}
+
+func TestEngine_MultipleRoots(t *testing.T) {
+	t.Parallel()
+	dir1 := t.TempDir()
+	dir2 := t.TempDir()
+	createFile(t, dir1, "alpha_unique.go", "package alpha")
+	createFile(t, dir2, "beta_unique.go", "package beta")
+
+	eng, ctx := newTestEngine(t)
+	require.NoError(t, eng.AddRoot(ctx, dir1))
+	require.NoError(t, eng.AddRoot(ctx, dir2))
+
+	results, err := eng.Search(ctx, "alpha_unique", filefinder.DefaultSearchOptions())
+	require.NoError(t, err)
+	requireResultHasPath(t, results, "alpha_unique.go")
+
+	results, err = eng.Search(ctx, "beta_unique", filefinder.DefaultSearchOptions())
+	require.NoError(t, err)
+	requireResultHasPath(t, results, "beta_unique.go")
+}
+
+func TestEngine_EmptyQueryReturnsEmpty(t *testing.T) {
+	t.Parallel()
+	dir := t.TempDir()
+	createFile(t, dir, "something.txt", "data")
+
+	eng, ctx := newTestEngine(t)
+	require.NoError(t, eng.AddRoot(ctx, dir))
+
+	results, err := eng.Search(ctx, "", filefinder.DefaultSearchOptions())
+	require.NoError(t, err)
+	require.Empty(t, results, "empty query should return no results")
+}
+
+func TestEngine_CloseIsClean(t *testing.T) {
+	t.Parallel()
+	dir := t.TempDir()
+	createFile(t, dir, "file.txt", "data")
+
+	logger := slogtest.Make(t, &slogtest.Options{IgnoreErrors: true}).Leveled(slog.LevelDebug)
+	ctx := context.Background()
+	eng := filefinder.NewEngine(logger)
+	require.NoError(t, eng.AddRoot(ctx, dir))
+	require.NoError(t, eng.Close())
+
+	_, err := eng.Search(ctx, "file", filefinder.DefaultSearchOptions())
+	require.Error(t, err)
+}
+
+func TestEngine_AddRootIdempotent(t *testing.T) {
+	t.Parallel()
+	dir := t.TempDir()
+	createFile(t, dir, "file.txt", "data")
+
+	eng, ctx := newTestEngine(t)
+	require.NoError(t, eng.AddRoot(ctx, dir))
+	require.NoError(t, eng.AddRoot(ctx, dir))
+
+	snapLen := filefinder.EngineSnapLen(eng)
+	require.Equal(t, 1, snapLen, "expected exactly one root after duplicate add")
+}
+
+func TestEngine_RemoveRoot(t *testing.T) {
+	t.Parallel()
+	dir := t.TempDir()
+	createFile(t, dir, "file.txt", "data")
+
+	eng, ctx := newTestEngine(t)
+	require.NoError(t, eng.AddRoot(ctx, dir))
+
+	results, err := eng.Search(ctx, "file", filefinder.DefaultSearchOptions())
+	require.NoError(t, err)
+	require.NotEmpty(t, results)
+
+	require.NoError(t, eng.RemoveRoot(dir))
+
+	results, err = eng.Search(ctx, "file", filefinder.DefaultSearchOptions())
+	require.NoError(t, err)
+	require.Empty(t, results)
+}
+
+func TestEngine_Rebuild(t *testing.T) {
+	t.Parallel()
+	dir := t.TempDir()
+	createFile(t, dir, "original.txt", "data")
+
+	eng, ctx := newTestEngine(t)
+	require.NoError(t, eng.AddRoot(ctx, dir))
+
+	createFile(t, dir, "sneaky_rebuild.txt", "hidden")
+	require.NoError(t, eng.Rebuild(ctx, dir))
+
+	results, err := eng.Search(ctx, "sneaky_rebuild", filefinder.DefaultSearchOptions())
+	require.NoError(t, err)
+	requireResultHasPath(t, results, "sneaky_rebuild.txt")
+}
+
+// createFile creates a file (and parent dirs) at relPath under dir.
+func createFile(t *testing.T, dir, relPath, content string) {
+	t.Helper()
+	full := filepath.Join(dir, relPath)
+	require.NoError(t, os.MkdirAll(filepath.Dir(full), 0o755))
+	require.NoError(t, os.WriteFile(full, []byte(content), 0o600))
+}
+
+func resultPaths(results []filefinder.Result) []string {
+	paths := make([]string, len(results))
+	for i, r := range results {
+		paths[i] = r.Path
+	}
+	sort.Strings(paths)
+	return paths
+}
@@ -0,0 +1,85 @@
+package filefinder
+
+// Test helpers that need internal access.
+
+// MakeTestSnapshot builds a Snapshot from a list of paths. Useful for
+// query-level tests that don't need a real filesystem.
+func MakeTestSnapshot(paths []string) *Snapshot {
+	idx := NewIndex()
+	for _, p := range paths {
+		idx.Add(p, 0)
+	}
+	return idx.Snapshot()
+}
+
+// BuildTestIndex walks root and returns a populated Index, the same
+// way Engine.AddRoot does but without starting a watcher.
+func BuildTestIndex(root string) (*Index, error) {
+	return walkRoot(root)
+}
+
+// IndexIsDeleted reports whether the document at id is tombstoned.
+func IndexIsDeleted(idx *Index, id uint32) bool {
+	return idx.deleted[id]
+}
+
+// IndexByGramLen returns the number of entries in the trigram index.
+func IndexByGramLen(idx *Index) int {
+	return len(idx.byGram)
+}
+
+// IndexByPrefix1Len returns the number of posting-list entries for
+// the given single-byte prefix.
+func IndexByPrefix1Len(idx *Index, b byte) int {
+	return len(idx.byPrefix1[b])
+}
+
+// SnapshotCount returns the number of documents in a Snapshot.
+func SnapshotCount(snap *Snapshot) int {
+	return len(snap.docs)
+}
+
+// EngineSnapLen returns the number of root snapshots currently held
+// by the engine, or -1 if the pointer is nil.
+func EngineSnapLen(eng *Engine) int {
+	p := eng.snap.Load()
+	if p == nil {
+		return -1
+	}
+	return len(*p)
+}
+
+// DefaultScoreParamsForTest exposes defaultScoreParams for tests.
+var DefaultScoreParamsForTest = defaultScoreParams
+
+// ScoreParamsForTest is a type alias for scoreParams.
+type ScoreParamsForTest = scoreParams
+
+// Exported aliases for internal functions used in tests.
+var (
+	NewQueryPlanForTest           = newQueryPlan
+	SearchSnapshotForTest         = searchSnapshot
+	IntersectSortedForTest        = intersectSorted
+	IntersectAllForTest           = intersectAll
+	MergeAndScoreForTest          = mergeAndScore
+	NormalizeQueryForTest         = normalizeQuery
+	NormalizePathBytesForTest     = normalizePathBytes
+	ExtractTrigramsForTest        = extractTrigrams
+	ExtractBasenameForTest        = extractBasename
+	ExtractSegmentsForTest        = extractSegments
+	Prefix1ForTest                = prefix1
+	Prefix2ForTest                = prefix2
+	IsSubsequenceForTest          = isSubsequence
+	LongestContiguousMatchForTest = longestContiguousMatch
+	IsBoundaryForTest             = isBoundary
+	CountBoundaryHitsForTest      = countBoundaryHits
+	EqualFoldASCIIForTest         = equalFoldASCII
+	ScorePathForTest              = scorePath
+	PackTrigramForTest            = packTrigram
+)
+
+// Type aliases for internal types used in tests.
+type (
+	CandidateForTest = candidate
+	QueryPlanForTest = queryPlan
+)
@@ -0,0 +1,299 @@
+package filefinder
+
+import (
+	"container/heap"
+	"slices"
+	"strings"
+)
+
+type candidate struct {
+	DocID   uint32
+	Path    string
+	BaseOff int
+	BaseLen int
+	Depth   int
+	Flags   uint16
+}
+
+// Result is a scored search result returned to callers.
+type Result struct {
+	Path  string
+	Score float32
+	IsDir bool
+}
+
+type queryPlan struct {
+	Original   string
+	Normalized string
+	Tokens     [][]byte
+	Trigrams   []uint32
+	IsShort    bool
+	HasSlash   bool
+	BasenameQ  []byte
+	DirTokens  [][]byte
+}
+
+func newQueryPlan(q string) *queryPlan {
+	norm := normalizeQuery(q)
+	p := &queryPlan{Original: q, Normalized: norm}
+	if len(norm) == 0 {
+		p.IsShort = true
+		return p
+	}
+	raw := strings.ReplaceAll(norm, "/", " ")
+	parts := strings.Fields(raw)
+	p.HasSlash = strings.ContainsRune(norm, '/')
+	for _, part := range parts {
+		p.Tokens = append(p.Tokens, []byte(part))
+	}
+	if len(p.Tokens) > 0 {
+		p.BasenameQ = p.Tokens[len(p.Tokens)-1]
+		if len(p.Tokens) > 1 {
+			p.DirTokens = p.Tokens[:len(p.Tokens)-1]
+		}
+	}
+	p.IsShort = true
+	for _, tok := range p.Tokens {
+		if len(tok) >= 3 {
+			p.IsShort = false
+			break
+		}
+	}
+	if !p.IsShort {
+		p.Trigrams = extractQueryTrigrams(p.Tokens)
+	}
+	return p
+}
+
+func extractQueryTrigrams(tokens [][]byte) []uint32 {
+	seen := make(map[uint32]struct{})
+	for _, tok := range tokens {
+		if len(tok) < 3 {
+			continue
+		}
+		for i := 0; i <= len(tok)-3; i++ {
+			seen[packTrigram(tok[i], tok[i+1], tok[i+2])] = struct{}{}
+		}
+	}
+	if len(seen) == 0 {
+		return nil
+	}
+	result := make([]uint32, 0, len(seen))
+	for g := range seen {
+		result = append(result, g)
+	}
+	return result
+}
+
+func packTrigram(a, b, c byte) uint32 {
+	return uint32(toLowerASCII(a))<<16 | uint32(toLowerASCII(b))<<8 | uint32(toLowerASCII(c))
+}
+
+// searchSnapshot runs the full search pipeline against a single
+// root snapshot: it selects a strategy (prefix, trigram, or
+// fuzzy fallback) based on query length, retrieves candidate
+// doc IDs, and converts them into candidate structs.
+func searchSnapshot(plan *queryPlan, snap *Snapshot, limit int) []candidate {
+	if snap == nil || len(snap.docs) == 0 || len(plan.Normalized) == 0 {
+		return nil
+	}
+	var ids []uint32
+	if plan.IsShort {
+		ids = searchShort(plan, snap)
+	} else {
+		ids = searchTrigrams(plan, snap)
+		if len(ids) == 0 && len(plan.BasenameQ) > 0 {
+			ids = searchFuzzyFallback(plan, snap)
+		}
+	}
+	if len(ids) == 0 {
+		return nil
+	}
+	cands := make([]candidate, 0, min(len(ids), limit))
+	for _, id := range ids {
+		if snap.deleted[id] || int(id) >= len(snap.docs) {
+			continue
+		}
+		d := snap.docs[id]
+		cands = append(cands, candidate{
+			DocID: id, Path: d.path, BaseOff: d.baseOff,
+			BaseLen: d.baseLen, Depth: d.depth, Flags: d.flags,
+		})
+		if len(cands) >= limit {
+			break
+		}
+	}
+	return cands
+}
+
+func searchShort(plan *queryPlan, snap *Snapshot) []uint32 {
+	if len(plan.BasenameQ) == 0 {
+		return nil
+	}
+	if len(plan.BasenameQ) >= 2 {
+		if ids := snap.byPrefix2[prefix2(plan.BasenameQ)]; len(ids) > 0 {
+			return ids
+		}
+	}
+	return snap.byPrefix1[prefix1(plan.BasenameQ)]
+}
+
+func searchTrigrams(plan *queryPlan, snap *Snapshot) []uint32 {
+	if len(plan.Trigrams) == 0 {
+		return nil
+	}
+	lists := make([][]uint32, 0, len(plan.Trigrams))
+	for _, g := range plan.Trigrams {
+		ids, ok := snap.byGram[g]
+		if !ok || len(ids) == 0 {
+			return nil
+		}
+		lists = append(lists, ids)
+	}
+	return intersectAll(lists)
+}
+
+func searchFuzzyFallback(plan *queryPlan, snap *Snapshot) []uint32 {
+	if len(plan.BasenameQ) == 0 {
+		return nil
+	}
+	bucket := snap.byPrefix1[prefix1(plan.BasenameQ)]
+	if len(bucket) == 0 {
+		return searchSubsequenceScan(plan, snap, 5000)
+	}
+	var ids []uint32
+	for _, id := range bucket {
+		if snap.deleted[id] || int(id) >= len(snap.docs) {
+			continue
+		}
+		if isSubsequence([]byte(snap.docs[id].path), plan.BasenameQ) {
+			ids = append(ids, id)
+		}
+	}
+	if len(ids) == 0 {
+		return searchSubsequenceScan(plan, snap, 5000)
+	}
+	return ids
+}
+
+func searchSubsequenceScan(plan *queryPlan, snap *Snapshot, maxCheck int) []uint32 {
+	if len(plan.BasenameQ) == 0 {
+		return nil
+	}
+	var ids []uint32
+	checked := 0
+	for id := 0; id < len(snap.docs) && checked < maxCheck; id++ {
+		uid := uint32(id) //nolint:gosec // Snapshot count is bounded well below 2^32.
+		if snap.deleted[uid] {
+			continue
+		}
+		checked++
+		if isSubsequence([]byte(snap.docs[id].path), plan.BasenameQ) {
+			ids = append(ids, uid)
+		}
+	}
+	return ids
+}
+
+func intersectSorted(a, b []uint32) []uint32 {
+	if len(a) == 0 || len(b) == 0 {
+		return nil
+	}
+	var result []uint32
+	ai, bi := 0, 0
+	for ai < len(a) && bi < len(b) {
+		switch {
+		case a[ai] < b[bi]:
+			ai++
+		case a[ai] > b[bi]:
+			bi++
+		default:
+			result = append(result, a[ai])
+			ai++
+			bi++
+		}
+	}
+	return result
+}
+
+func intersectAll(lists [][]uint32) []uint32 {
+	if len(lists) == 0 {
+		return nil
+	}
+	if len(lists) == 1 {
+		return lists[0]
+	}
+	slices.SortFunc(lists, func(a, b []uint32) int { return len(a) - len(b) })
+	result := lists[0]
+	for i := 1; i < len(lists) && len(result) > 0; i++ {
+		result = intersectSorted(result, lists[i])
+	}
+	return result
+}
+
+func mergeAndScore(cands []candidate, plan *queryPlan, params scoreParams, topK int) []Result {
+	if topK <= 0 || len(cands) == 0 {
+		return nil
+	}
+	query := []byte(plan.Normalized)
+	h := &resultHeap{}
+	heap.Init(h)
+	for i := range cands {
+		c := &cands[i]
+		s := scorePath([]byte(c.Path), c.BaseOff, c.BaseLen, c.Depth, query, plan.Tokens, params)
+		if s <= 0 {
+			continue
+		}
+		// DirTokenHit is applied here rather than in scorePath because
+		// it depends on the query plan's directory tokens, which are
+		// split from the full query during planning. scorePath operates
+		// on raw query bytes without knowledge of token boundaries.
+		if len(plan.DirTokens) > 0 {
+			segments := extractSegments([]byte(c.Path))
+			for _, dt := range plan.DirTokens {
+				for _, seg := range segments {
+					if equalFoldASCII(seg, dt) {
+						s += params.DirTokenHit
+						break
+					}
+				}
+			}
+		}
+		r := Result{Path: c.Path, Score: s, IsDir: c.Flags == uint16(FlagDir)}
+		if h.Len() < topK {
+			heap.Push(h, r)
+		} else if s > (*h)[0].Score {
+			(*h)[0] = r
+			heap.Fix(h, 0)
+		}
+	}
+	n := h.Len()
+	results := make([]Result, n)
+	for i := n - 1; i >= 0; i-- {
+		v := heap.Pop(h)
+		if r, ok := v.(Result); ok {
+			results[i] = r
+		}
+	}
+	return results
+}
+
+type resultHeap []Result
+
+func (h resultHeap) Len() int           { return len(h) }
+func (h resultHeap) Less(i, j int) bool { return h[i].Score < h[j].Score }
+func (h resultHeap) Swap(i, j int)      { h[i], h[j] = h[j], h[i] }
+func (h *resultHeap) Push(x interface{}) {
+	r, ok := x.(Result)
+	if ok {
+		*h = append(*h, r)
+	}
+}
+
+func (h *resultHeap) Pop() interface{} {
+	old := *h
+	n := len(old)
+	x := old[n-1]
+	*h = old[:n-1]
+	return x
+}
@@ -0,0 +1,343 @@
+package filefinder_test
+
+import (
+	"slices"
+	"testing"
+
+	"github.com/coder/coder/v2/agent/filefinder"
+)
+
+func TestNewQueryPlan(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name       string
+		query      string
+		wantNorm   string
+		wantShort  bool
+		wantSlash  bool
+		wantBase   string
+		wantTokens []string
+		wantDirTok []string
+		wantTriCnt int // -1 to skip check
+	}{
+		{"Simple", "foo", "foo", false, false, "foo", []string{"foo"}, nil, 1},
+		{"MultiToken", "foo bar", "foo bar", false, false, "bar", []string{"foo", "bar"}, []string{"foo"}, -1},
+		{"Slash", "internal/foo", "internal/foo", false, true, "foo", []string{"internal", "foo"}, []string{"internal"}, -1},
+		{"SingleChar", "a", "a", true, false, "a", []string{"a"}, nil, 0},
+		{"TwoChars", "ab", "ab", true, false, "ab", []string{"ab"}, nil, -1},
+		{"ThreeChars", "abc", "abc", false, false, "abc", []string{"abc"}, nil, 1},
+		{"DotPrefix", ".go", ".go", false, false, ".go", []string{".go"}, nil, -1},
+		{"UpperCase", "FOO", "foo", false, false, "foo", []string{"foo"}, nil, -1},
+		{"Empty", "", "", true, false, "", nil, nil, -1},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			plan := filefinder.NewQueryPlanForTest(tt.query)
+			if plan.Normalized != tt.wantNorm {
+				t.Errorf("normalized = %q, want %q", plan.Normalized, tt.wantNorm)
+			}
+			if plan.IsShort != tt.wantShort {
+				t.Errorf("isShort = %v, want %v", plan.IsShort, tt.wantShort)
+			}
+			if plan.HasSlash != tt.wantSlash {
+				t.Errorf("hasSlash = %v, want %v", plan.HasSlash, tt.wantSlash)
+			}
+			if string(plan.BasenameQ) != tt.wantBase {
+				t.Errorf("basenameQ = %q, want %q", plan.BasenameQ, tt.wantBase)
+			}
+			if tt.wantTokens == nil {
+				if len(plan.Tokens) != 0 {
+					t.Errorf("expected 0 tokens, got %d", len(plan.Tokens))
+				}
+			} else {
+				if len(plan.Tokens) != len(tt.wantTokens) {
+					t.Fatalf("tokens len = %d, want %d", len(plan.Tokens), len(tt.wantTokens))
+				}
+				for i, tok := range plan.Tokens {
+					if string(tok) != tt.wantTokens[i] {
+						t.Errorf("tokens[%d] = %q, want %q", i, tok, tt.wantTokens[i])
+					}
+				}
+			}
+			if tt.wantDirTok != nil {
+				if len(plan.DirTokens) != len(tt.wantDirTok) {
+					t.Fatalf("dirTokens len = %d, want %d", len(plan.DirTokens), len(tt.wantDirTok))
+				}
+				for i, tok := range plan.DirTokens {
+					if string(tok) != tt.wantDirTok[i] {
+						t.Errorf("dirTokens[%d] = %q, want %q", i, tok, tt.wantDirTok[i])
+					}
+				}
+			}
+			if tt.wantTriCnt >= 0 && len(plan.Trigrams) != tt.wantTriCnt {
+				t.Errorf("trigram count = %d, want %d", len(plan.Trigrams), tt.wantTriCnt)
+			}
+		})
+	}
+
+	// ThreeChars: verify the actual trigram value.
+	plan := filefinder.NewQueryPlanForTest("abc")
+	if want := filefinder.PackTrigramForTest('a', 'b', 'c'); plan.Trigrams[0] != want {
+		t.Errorf("trigram = %x, want %x", plan.Trigrams[0], want)
+	}
+
+	// ShortMultiToken: both tokens < 3 chars so isShort should be true.
+	plan = filefinder.NewQueryPlanForTest("ab cd")
+	if !plan.IsShort {
+		t.Error("expected isShort=true when all tokens < 3 chars")
+	}
+	// One token >= 3 chars, so isShort should be false.
+	plan = filefinder.NewQueryPlanForTest("ab cde")
+	if plan.IsShort {
+		t.Error("expected isShort=false when any token >= 3 chars")
+	}
+}
+
+func requireCandHasPath(t *testing.T, cands []filefinder.CandidateForTest, path string) {
+	t.Helper()
+	for _, c := range cands {
+		if c.Path == path {
+			return
+		}
+	}
+	t.Errorf("expected to find %q in candidates", path)
+}
+
+func TestSearchSnapshot_TrigramMatch(t *testing.T) {
+	t.Parallel()
+	snap := filefinder.MakeTestSnapshot([]string{"src/handler.go", "src/router.go", "lib/utils.go"})
+	cands := filefinder.SearchSnapshotForTest(filefinder.NewQueryPlanForTest("handler"), snap, 100)
+	if len(cands) == 0 {
+		t.Fatal("expected at least 1 candidate for 'handler'")
+	}
+	requireCandHasPath(t, cands, "src/handler.go")
+}
+
+func TestSearchSnapshot_ShortQuery(t *testing.T) {
+	t.Parallel()
+	snap := filefinder.MakeTestSnapshot([]string{"foo.go", "bar.go", "fab.go"})
+	cands := filefinder.SearchSnapshotForTest(filefinder.NewQueryPlanForTest("fo"), snap, 100)
+	if len(cands) == 0 {
+		t.Fatal("expected at least 1 candidate for 'fo'")
+	}
+	requireCandHasPath(t, cands, "foo.go")
+}
+
+func TestSearchSnapshot_FuzzyFallback(t *testing.T) {
+	t.Parallel()
+	snap := filefinder.MakeTestSnapshot([]string{"src/handler.go", "src/router.go", "lib/utils.go"})
+	cands := filefinder.SearchSnapshotForTest(filefinder.NewQueryPlanForTest("hndlr"), snap, 100)
+	if len(cands) == 0 {
+		t.Fatal("expected fuzzy fallback to find 'handler.go' for query 'hndlr'")
+	}
+	requireCandHasPath(t, cands, "src/handler.go")
+}
+
+func TestSearchSnapshot_FuzzyFallbackNoFirstCharMatch(t *testing.T) {
+	t.Parallel()
+	snap := filefinder.MakeTestSnapshot([]string{"src/xylophone.go", "lib/extra.go"})
+	cands := filefinder.SearchSnapshotForTest(filefinder.NewQueryPlanForTest("xylo"), snap, 100)
+	if len(cands) == 0 {
+		t.Fatal("expected at least 1 candidate for 'xylo'")
+	}
+	requireCandHasPath(t, cands, "src/xylophone.go")
+}
+
+func TestSearchSnapshot_NilSnapshot(t *testing.T) {
+	t.Parallel()
+	cands := filefinder.SearchSnapshotForTest(filefinder.NewQueryPlanForTest("foo"), nil, 100)
+	if cands != nil {
+		t.Errorf("expected nil for nil snapshot, got %v", cands)
+	}
+}
+
+func TestSearchSnapshot_EmptyQuery(t *testing.T) {
+	t.Parallel()
+	snap := filefinder.MakeTestSnapshot([]string{"foo.go"})
+	cands := filefinder.SearchSnapshotForTest(filefinder.NewQueryPlanForTest(""), snap, 100)
+	if cands != nil {
+		t.Errorf("expected nil for empty query, got %v", cands)
+	}
+}
+
+func TestSearchSnapshot_DeletedDocsExcluded(t *testing.T) {
+	t.Parallel()
+	idx := filefinder.NewIndex()
+	idx.Add("handler.go", 0)
+	idx.Remove("handler.go")
+	snap := idx.Snapshot()
+	cands := filefinder.SearchSnapshotForTest(filefinder.NewQueryPlanForTest("handler"), snap, 100)
+	for _, c := range cands {
+		if c.Path == "handler.go" {
+			t.Error("deleted doc should not appear in results")
+		}
+	}
+}
+
+func TestSearchSnapshot_Limit(t *testing.T) {
+	t.Parallel()
+	paths := make([]string, 50)
+	for i := range paths {
+		paths[i] = "handler" + string(rune('a'+i%26)) + ".go"
+	}
+	snap := filefinder.MakeTestSnapshot(paths)
+	cands := filefinder.SearchSnapshotForTest(filefinder.NewQueryPlanForTest("handler"), snap, 3)
+	if len(cands) > 3 {
+		t.Errorf("expected at most 3 candidates, got %d", len(cands))
+	}
+}
+
+func TestIntersectSorted(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name string
+		a, b []uint32
+		want []uint32
+	}{
+		{"both empty", nil, nil, nil},
+		{"a empty", nil, []uint32{1, 2}, nil},
+		{"b empty", []uint32{1, 2}, nil, nil},
+		{"no overlap", []uint32{1, 3, 5}, []uint32{2, 4, 6}, nil},
+		{"full overlap", []uint32{1, 2, 3}, []uint32{1, 2, 3}, []uint32{1, 2, 3}},
+		{"partial overlap", []uint32{1, 2, 3, 5}, []uint32{2, 4, 5}, []uint32{2, 5}},
+		{"single match", []uint32{1, 2, 3}, []uint32{2}, []uint32{2}},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			got := filefinder.IntersectSortedForTest(tt.a, tt.b)
+			if len(tt.want) == 0 {
+				if len(got) != 0 {
+					t.Errorf("got %v, want empty/nil", got)
+				}
+				return
+			}
+			if !slices.Equal(got, tt.want) {
+				t.Errorf("got %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestIntersectAll(t *testing.T) {
+	t.Parallel()
+	t.Run("empty", func(t *testing.T) {
+		t.Parallel()
+		if got := filefinder.IntersectAllForTest(nil); got != nil {
+			t.Errorf("got %v, want nil", got)
+		}
+	})
+	t.Run("single", func(t *testing.T) {
+		t.Parallel()
+		if got := filefinder.IntersectAllForTest([][]uint32{{1, 2, 3}}); len(got) != 3 {
+			t.Fatalf("len = %d, want 3", len(got))
+		}
+	})
+	t.Run("multiple", func(t *testing.T) {
+		t.Parallel()
+		got := filefinder.IntersectAllForTest([][]uint32{{1, 2, 3, 4, 5}, {2, 3, 5}, {3, 5, 7}})
+		if !slices.Equal(got, []uint32{3, 5}) {
+			t.Errorf("got %v, want [3 5]", got)
+		}
+	})
+	t.Run("no overlap", func(t *testing.T) {
+		t.Parallel()
+		if got := filefinder.IntersectAllForTest([][]uint32{{1, 2}, {3, 4}}); got != nil {
+			t.Errorf("got %v, want nil", got)
+		}
+	})
+}
+
+func TestMergeAndScore_SortedDescending(t *testing.T) {
+	t.Parallel()
+	plan := filefinder.NewQueryPlanForTest("foo")
+	params := filefinder.DefaultScoreParamsForTest()
+	cands := []filefinder.CandidateForTest{
+		{DocID: 0, Path: "a/b/c/d/e/foo", BaseOff: 10, BaseLen: 3, Depth: 5},
+		{DocID: 1, Path: "src/foo", BaseOff: 4, BaseLen: 3, Depth: 1},
+		{DocID: 2, Path: "foo", BaseOff: 0, BaseLen: 3, Depth: 0},
+	}
+	results := filefinder.MergeAndScoreForTest(cands, plan, params, 10)
+	if len(results) == 0 {
+		t.Fatal("expected non-empty results")
+	}
+	for i := 1; i < len(results); i++ {
+		if results[i].Score > results[i-1].Score {
+			t.Errorf("results not sorted: [%d].Score=%f > [%d].Score=%f",
+				i, results[i].Score, i-1, results[i-1].Score)
+		}
+	}
+}
+
+func TestMergeAndScore_TopKLimit(t *testing.T) {
+	t.Parallel()
+	plan := filefinder.NewQueryPlanForTest("f")
+	params := filefinder.DefaultScoreParamsForTest()
+	var cands []filefinder.CandidateForTest
+	for i := range 20 {
+		p := "f" + string(rune('a'+i))
+		cands = append(cands, filefinder.CandidateForTest{DocID: uint32(i), Path: p, BaseOff: 0, BaseLen: len(p), Depth: 0}) //nolint:gosec // test index is tiny
+	}
+	if results := filefinder.MergeAndScoreForTest(cands, plan, params, 5); len(results) != 5 {
+		t.Errorf("expected 5 results, got %d", len(results))
+	}
+}
+
+func TestMergeAndScore_ZeroTopK(t *testing.T) {
+	t.Parallel()
+	plan := filefinder.NewQueryPlanForTest("foo")
+	cands := []filefinder.CandidateForTest{{DocID: 0, Path: "foo", BaseOff: 0, BaseLen: 3, Depth: 0}}
+	if results := filefinder.MergeAndScoreForTest(cands, plan, filefinder.DefaultScoreParamsForTest(), 0); len(results) != 0 {
+		t.Errorf("expected 0 results for topK=0, got %d", len(results))
+	}
+}
+
+func TestMergeAndScore_NoMatchCandidatesDropped(t *testing.T) {
+	t.Parallel()
+	plan := filefinder.NewQueryPlanForTest("xyz")
+	cands := []filefinder.CandidateForTest{
+		{DocID: 0, Path: "abc", BaseOff: 0, BaseLen: 3, Depth: 0},
+		{DocID: 1, Path: "def", BaseOff: 0, BaseLen: 3, Depth: 0},
+	}
+	if results := filefinder.MergeAndScoreForTest(cands, plan, filefinder.DefaultScoreParamsForTest(), 10); len(results) != 0 {
+		t.Errorf("expected 0 results for non-matching candidates, got %d", len(results))
+	}
+}
+
+func TestMergeAndScore_IsDirFlag(t *testing.T) {
+	t.Parallel()
+	plan := filefinder.NewQueryPlanForTest("foo")
+	cands := []filefinder.CandidateForTest{
+		{DocID: 0, Path: "foo", BaseOff: 0, BaseLen: 3, Depth: 0, Flags: uint16(filefinder.FlagDir)},
+	}
+	results := filefinder.MergeAndScoreForTest(cands, plan, filefinder.DefaultScoreParamsForTest(), 10)
+	if len(results) != 1 {
+		t.Fatalf("expected 1 result, got %d", len(results))
+	}
+	if !results[0].IsDir {
+		t.Error("expected IsDir=true for FlagDir candidate")
+	}
+}
+
+func TestMergeAndScore_EmptyCandidates(t *testing.T) {
+	t.Parallel()
+	if results := filefinder.MergeAndScoreForTest(nil, filefinder.NewQueryPlanForTest("foo"), filefinder.DefaultScoreParamsForTest(), 10); len(results) != 0 {
+		t.Errorf("expected 0 results for nil candidates, got %d", len(results))
+	}
+}
+
+func TestSearchSnapshot_FuzzyFallbackEndToEnd(t *testing.T) {
+	t.Parallel()
+	snap := filefinder.MakeTestSnapshot([]string{"src/handler.go", "src/middleware.go", "pkg/config.go"})
+	plan := filefinder.NewQueryPlanForTest("hndlr")
+	results := filefinder.MergeAndScoreForTest(filefinder.SearchSnapshotForTest(plan, snap, 100), plan, filefinder.DefaultScoreParamsForTest(), 10)
+	if len(results) == 0 {
+		t.Fatal("expected fuzzy fallback to produce scored results for 'hndlr'")
+	}
+	if results[0].Path != "src/handler.go" {
+		t.Errorf("expected top result 'src/handler.go', got %q", results[0].Path)
+	}
+}
@@ -0,0 +1,288 @@
+package filefinder
+
+import "slices"
+
+func toLowerASCII(b byte) byte {
+	if b >= 'A' && b <= 'Z' {
+		return b + ('a' - 'A')
+	}
+	return b
+}
+
+func normalizeQuery(q string) string {
+	b := make([]byte, 0, len(q))
+	prevSpace := true
+	for i := 0; i < len(q); i++ {
+		c := q[i]
+		if c == '\\' {
+			c = '/'
+		}
+		c = toLowerASCII(c)
+		if c == ' ' {
+			if prevSpace {
+				continue
+			}
+			prevSpace = true
+		} else {
+			prevSpace = false
+		}
+		b = append(b, c)
+	}
+	if len(b) > 0 && b[len(b)-1] == ' ' {
+		b = b[:len(b)-1]
+	}
+	return string(b)
+}
+
+func normalizePathBytes(p []byte) []byte {
+	j := 0
+	prevSlash := false
+	for i := 0; i < len(p); i++ {
+		c := p[i]
+		if c == '\\' {
+			c = '/'
+		}
+		c = toLowerASCII(c)
+		if c == '/' {
+			if prevSlash {
+				continue
+			}
+			prevSlash = true
+		} else {
+			prevSlash = false
+		}
+		p[j] = c
+		j++
+	}
+	return p[:j]
+}
+
+// extractTrigrams returns deduplicated, sorted trigrams (three-byte
+// subsequences) from s. Trigrams are the primary index key: a
+// document matches a query only if every query trigram appears in
+// the document, giving O(1) candidate filtering per trigram.
+func extractTrigrams(s []byte) []uint32 {
+	if len(s) < 3 {
+		return nil
+	}
+	seen := make(map[uint32]struct{}, len(s))
+	for i := 0; i <= len(s)-3; i++ {
+		b0 := toLowerASCII(s[i])
+		b1 := toLowerASCII(s[i+1])
+		b2 := toLowerASCII(s[i+2])
+		gram := uint32(b0)<<16 | uint32(b1)<<8 | uint32(b2)
+		seen[gram] = struct{}{}
+	}
+	result := make([]uint32, 0, len(seen))
+	for g := range seen {
+		result = append(result, g)
+	}
+	slices.Sort(result)
+	return result
+}
+
+func extractBasename(path []byte) (offset int, length int) {
+	end := len(path)
+	if end > 0 && path[end-1] == '/' {
+		end--
+	}
+	if end == 0 {
+		return 0, 0
+	}
+	i := end - 1
+	for i >= 0 && path[i] != '/' {
+		i--
+	}
+	start := i + 1
+	return start, end - start
+}
+
+func extractSegments(path []byte) [][]byte {
+	var segments [][]byte
+	start := 0
+	for i := 0; i <= len(path); i++ {
+		if i == len(path) || path[i] == '/' {
+			if i > start {
+				segments = append(segments, path[start:i])
+			}
+			start = i + 1
+		}
+	}
+	return segments
+}
+
+func prefix1(name []byte) byte {
+	if len(name) == 0 {
+		return 0
+	}
+	return toLowerASCII(name[0])
+}
+
+func prefix2(name []byte) uint16 {
+	if len(name) == 0 {
+		return 0
+	}
+	hi := uint16(toLowerASCII(name[0])) << 8
+	if len(name) < 2 {
+		return hi
+	}
+	return hi | uint16(toLowerASCII(name[1]))
+}
+
+// scoreParams controls the weights for each scoring signal.
+type scoreParams struct {
+	BasenameMatch  float32
+	BasenamePrefix float32
+	ExactSegment   float32
+	BoundaryHit    float32
+	ContiguousRun  float32
+	DirTokenHit    float32
+	DepthPenalty   float32
+	LengthPenalty  float32
+}
+
+func defaultScoreParams() scoreParams {
+	return scoreParams{
+		BasenameMatch:  6.0,
+		BasenamePrefix: 3.5,
+		ExactSegment:   2.5,
+		BoundaryHit:    1.8,
+		ContiguousRun:  1.2,
+		DirTokenHit:    0.4,
+		DepthPenalty:   0.08,
+		LengthPenalty:  0.01,
+	}
+}
+
+func isSubsequence(haystack, needle []byte) bool {
+	if len(needle) == 0 {
+		return true
+	}
+	ni := 0
+	for _, hb := range haystack {
+		if toLowerASCII(hb) == toLowerASCII(needle[ni]) {
+			ni++
+			if ni == len(needle) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func longestContiguousMatch(haystack, needle []byte) int {
+	if len(needle) == 0 || len(haystack) == 0 {
+		return 0
+	}
+	best := 0
+	ni := 0
+	run := 0
+	for _, hb := range haystack {
+		if ni < len(needle) && toLowerASCII(hb) == toLowerASCII(needle[ni]) {
+			run++
+			ni++
+			if run > best {
+				best = run
+			}
+		} else {
+			run = 0
+			ni = 0
+			if ni < len(needle) && toLowerASCII(hb) == toLowerASCII(needle[ni]) {
+				run = 1
+				ni = 1
+				if run > best {
+					best = run
+				}
+			}
+		}
+	}
+	return best
+}
+
+func isBoundary(b byte) bool {
+	return b == '/' || b == '.' || b == '_' || b == '-'
+}
+
+func countBoundaryHits(path []byte, query []byte) int {
+	if len(query) == 0 || len(path) == 0 {
+		return 0
+	}
+	hits := 0
+	qi := 0
+	for pi := 0; pi < len(path) && qi < len(query); pi++ {
+		atBoundary := pi == 0 || isBoundary(path[pi-1])
+		if atBoundary && toLowerASCII(path[pi]) == toLowerASCII(query[qi]) {
+			hits++
+			qi++
+		}
+	}
+	return hits
+}
+
+func equalFoldASCII(a, b []byte) bool {
+	if len(a) != len(b) {
+		return false
+	}
+	for i := range a {
+		if toLowerASCII(a[i]) != toLowerASCII(b[i]) {
+			return false
+		}
+	}
+	return true
+}
+
+func hasPrefixFoldASCII(haystack, prefix []byte) bool {
+	if len(prefix) > len(haystack) {
+		return false
+	}
+	for i := range prefix {
+		if toLowerASCII(haystack[i]) != toLowerASCII(prefix[i]) {
+			return false
+		}
+	}
+	return true
+}
+
+// scorePath computes a relevance score for a candidate path
+// against a query. The score combines several signals:
+// basename match, basename prefix, exact segment match,
+// word-boundary hits, longest contiguous run, and penalties
+// for depth and length. A return value of 0 means no match
+// (the query is not a subsequence of the path).
+func scorePath(
+	path []byte,
+	baseOff int,
+	baseLen int,
+	depth int,
+	query []byte,
+	queryTokens [][]byte,
+	params scoreParams,
+) float32 {
+	if !isSubsequence(path, query) {
+		return 0
+	}
+	var score float32
+	basename := path[baseOff : baseOff+baseLen]
+	if isSubsequence(basename, query) {
+		score += params.BasenameMatch
+	}
+	if hasPrefixFoldASCII(basename, query) {
+		score += params.BasenamePrefix
+	}
+	segments := extractSegments(path)
+	for _, token := range queryTokens {
+		for _, seg := range segments {
+			if equalFoldASCII(seg, token) {
+				score += params.ExactSegment
+				break
+			}
+		}
+	}
+	bh := countBoundaryHits(path, query)
+	score += float32(bh) * params.BoundaryHit
+	lcm := longestContiguousMatch(path, query)
+	score += float32(lcm) * params.ContiguousRun
+	score -= float32(depth) * params.DepthPenalty
+	score -= float32(len(path)) * params.LengthPenalty
+	return score
+}
@@ -0,0 +1,388 @@
+package filefinder_test
+
+import (
+	"slices"
+	"testing"
+
+	"github.com/coder/coder/v2/agent/filefinder"
+)
+
+func TestNormalizeQuery(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name  string
+		input string
+		want  string
+	}{
+		{"empty", "", ""},
+		{"leading and trailing spaces", "  hello  ", "hello"},
+		{"multiple internal spaces", "foo   bar   baz", "foo bar baz"},
+		{"uppercase to lower", "FooBar", "foobar"},
+		{"backslash to slash", `foo\bar\baz`, "foo/bar/baz"},
+		{"mixed case and spaces", "  Hello   World  ", "hello world"},
+		{"unicode passthrough", "héllo wörld", "héllo wörld"},
+		{"only spaces", "     ", ""},
+		{"single char", "A", "a"},
+		{"slashes preserved", "/foo/bar/", "/foo/bar/"},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			got := filefinder.NormalizeQueryForTest(tt.input)
+			if got != tt.want {
+				t.Errorf("normalizeQuery(%q) = %q, want %q", tt.input, got, tt.want)
+			}
+		})
+	}
+}
+
+func TestExtractTrigrams(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name  string
+		input string
+		want  []uint32
+	}{
+		{"too short", "ab", nil},
+		{"exactly three bytes", "abc", []uint32{uint32('a')<<16 | uint32('b')<<8 | uint32('c')}},
+		{"case insensitive", "ABC", []uint32{uint32('a')<<16 | uint32('b')<<8 | uint32('c')}},
+		{"deduplication", "aaaa", []uint32{uint32('a')<<16 | uint32('a')<<8 | uint32('a')}},
+		{"four bytes produces two trigrams", "abcd", []uint32{
+			uint32('a')<<16 | uint32('b')<<8 | uint32('c'),
+			uint32('b')<<16 | uint32('c')<<8 | uint32('d'),
+		}},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			got := filefinder.ExtractTrigramsForTest([]byte(tt.input))
+			if !slices.Equal(got, tt.want) {
+				t.Errorf("extractTrigrams(%q) = %v, want %v", tt.input, got, tt.want)
+			}
+		})
+	}
+}
+
+func TestExtractBasename(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name     string
+		path     string
+		wantOff  int
+		wantName string
+	}{
+		{"full path", "/foo/bar/baz.go", 9, "baz.go"},
+		{"bare filename", "baz.go", 0, "baz.go"},
+		{"trailing slash", "/a/b/", 3, "b"},
+		{"root slash", "/", 0, ""},
+		{"empty", "", 0, ""},
+		{"single dir with slash", "/foo", 1, "foo"},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			off, length := filefinder.ExtractBasenameForTest([]byte(tt.path))
+			if off != tt.wantOff {
+				t.Errorf("extractBasename(%q) offset = %d, want %d", tt.path, off, tt.wantOff)
+			}
+			gotName := string([]byte(tt.path)[off : off+length])
+			if gotName != tt.wantName {
+				t.Errorf("extractBasename(%q) name = %q, want %q", tt.path, gotName, tt.wantName)
+			}
+		})
+	}
+}
+
+func TestExtractSegments(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name string
+		path string
+		want []string
+	}{
+		{"absolute path", "/foo/bar/baz", []string{"foo", "bar", "baz"}},
+		{"relative path", "foo/bar", []string{"foo", "bar"}},
+		{"trailing slash", "/a/b/", []string{"a", "b"}},
+		{"multiple slashes", "//a///b//", []string{"a", "b"}},
+		{"empty", "", nil},
+		{"single segment", "foo", []string{"foo"}},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			got := filefinder.ExtractSegmentsForTest([]byte(tt.path))
+			if len(got) != len(tt.want) {
+				t.Fatalf("extractSegments(%q) got %d segments, want %d", tt.path, len(got), len(tt.want))
+			}
+			for i := range got {
+				if string(got[i]) != tt.want[i] {
+					t.Errorf("extractSegments(%q)[%d] = %q, want %q", tt.path, i, got[i], tt.want[i])
+				}
+			}
+		})
+	}
+}
+
+func TestPrefix1(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name string
+		in   string
+		want byte
+	}{
+		{"lowercase", "foo", 'f'},
+		{"uppercase", "Foo", 'f'},
+		{"empty", "", 0},
+		{"digit", "1abc", '1'},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			got := filefinder.Prefix1ForTest([]byte(tt.in))
+			if got != tt.want {
+				t.Errorf("prefix1(%q) = %d (%c), want %d (%c)", tt.in, got, got, tt.want, tt.want)
+			}
+		})
+	}
+}
+
+func TestPrefix2(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name string
+		in   string
+		want uint16
+	}{
+		{"two chars", "ab", uint16('a')<<8 | uint16('b')},
+		{"uppercase", "AB", uint16('a')<<8 | uint16('b')},
+		{"single char", "A", uint16('a') << 8},
+		{"empty", "", 0},
+		{"longer string", "Hello", uint16('h')<<8 | uint16('e')},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			got := filefinder.Prefix2ForTest([]byte(tt.in))
+			if got != tt.want {
+				t.Errorf("prefix2(%q) = %d, want %d", tt.in, got, tt.want)
+			}
+		})
+	}
+}
+
+func TestNormalizePathBytes(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name  string
+		input string
+		want  string
+	}{
+		{"backslash to slash", `C:\Users\test`, "c:/users/test"},
+		{"collapse slashes", "//foo///bar//", "/foo/bar/"},
+		{"lowercase", "FooBar", "foobar"},
+		{"empty", "", ""},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			buf := []byte(tt.input)
+			got := string(filefinder.NormalizePathBytesForTest(buf))
+			if got != tt.want {
+				t.Errorf("normalizePathBytes(%q) = %q, want %q", tt.input, got, tt.want)
+			}
+		})
+	}
+}
+
+func TestIsSubsequence(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name     string
+		haystack string
+		needle   string
+		want     bool
+	}{
+		{"empty needle", "anything", "", true},
+		{"empty both", "", "", true},
+		{"empty haystack", "", "a", false},
+		{"exact match", "abc", "abc", true},
+		{"scattered", "axbycz", "abc", true},
+		{"prefix", "abcdef", "abc", true},
+		{"suffix", "xyzabc", "abc", true},
+		{"case insensitive", "AbCdEf", "ace", true},
+		{"case insensitive reverse", "abcdef", "ACE", true},
+		{"no match", "abcdef", "xyz", false},
+		{"partial match", "abcdef", "abz", false},
+		{"longer needle", "ab", "abc", false},
+		{"single char match", "hello", "l", true},
+		{"single char no match", "hello", "z", false},
+		{"path like", "src/internal/foo.go", "sif", true},
+		{"path like no match", "src/internal/foo.go", "zzz", false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			got := filefinder.IsSubsequenceForTest([]byte(tt.haystack), []byte(tt.needle))
+			if got != tt.want {
+				t.Errorf("isSubsequence(%q, %q) = %v, want %v", tt.haystack, tt.needle, got, tt.want)
+			}
+		})
+	}
+}
+
+func TestLongestContiguousMatch(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name     string
+		haystack string
+		needle   string
+		want     int
+	}{
+		{"empty needle", "abc", "", 0},
+		{"empty haystack", "", "abc", 0},
+		{"full match", "abc", "abc", 3},
+		{"prefix match", "abcdef", "abc", 3},
+		{"middle match", "xxabcyy", "abc", 3},
+		{"suffix match", "xxabc", "abc", 3},
+		{"partial", "axbc", "abc", 1},
+		{"scattered no contiguous", "axbxcx", "abc", 1},
+		{"case insensitive", "ABCdef", "abc", 3},
+		{"no match", "xyz", "abc", 0},
+		{"single char", "abc", "b", 1},
+		{"repeated", "aababc", "abc", 3},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			got := filefinder.LongestContiguousMatchForTest([]byte(tt.haystack), []byte(tt.needle))
+			if got != tt.want {
+				t.Errorf("longestContiguousMatch(%q, %q) = %d, want %d", tt.haystack, tt.needle, got, tt.want)
+			}
+		})
+	}
+}
+
+func TestIsBoundary(t *testing.T) {
+	t.Parallel()
+	for _, b := range []byte{'/', '.', '_', '-'} {
+		if !filefinder.IsBoundaryForTest(b) {
+			t.Errorf("isBoundary(%q) = false, want true", b)
+		}
+	}
+	for _, b := range []byte{'a', 'Z', '0', ' ', '('} {
+		if filefinder.IsBoundaryForTest(b) {
+			t.Errorf("isBoundary(%q) = true, want false", b)
+		}
+	}
+}
+
+func TestCountBoundaryHits(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name  string
+		path  string
+		query string
+		want  int
+	}{
+		{"start of string", "foo/bar", "f", 1},
+		{"after slash", "foo/bar", "fb", 2},
+		{"after dot", "foo.bar", "fb", 2},
+		{"after underscore", "foo_bar", "fb", 2},
+		{"no hits", "xxxx", "y", 0},
+		{"empty query", "foo", "", 0},
+		{"empty path", "", "f", 0},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			got := filefinder.CountBoundaryHitsForTest([]byte(tt.path), []byte(tt.query))
+			if got != tt.want {
+				t.Errorf("countBoundaryHits(%q, %q) = %d, want %d", tt.path, tt.query, got, tt.want)
+			}
+		})
+	}
+}
+
+func TestScorePath_NoSubsequenceReturnsZero(t *testing.T) {
+	t.Parallel()
+	path := []byte("src/internal/handler.go")
+	query := []byte("zzz")
+	tokens := [][]byte{[]byte("zzz")}
+	params := filefinder.DefaultScoreParamsForTest()
+	s := filefinder.ScorePathForTest(path, 13, 10, 2, query, tokens, params)
+	if s != 0 {
+		t.Errorf("expected 0 for no subsequence match, got %f", s)
+	}
+}
+
+func TestScorePath_ExactBasenameOverPartial(t *testing.T) {
+	t.Parallel()
+	params := filefinder.DefaultScoreParamsForTest()
+	query := []byte("main")
+	tokens := [][]byte{query}
+	pathExact := []byte("src/main")
+	scoreExact := filefinder.ScorePathForTest(pathExact, 4, 4, 1, query, tokens, params)
+	pathPartial := []byte("module/amazing")
+	scorePartial := filefinder.ScorePathForTest(pathPartial, 7, 7, 1, query, tokens, params)
+	if scoreExact <= scorePartial {
+		t.Errorf("exact basename (%f) should score higher than partial (%f)", scoreExact, scorePartial)
+	}
+}
+
+func TestScorePath_BasenamePrefixOverScattered(t *testing.T) {
+	t.Parallel()
+	params := filefinder.DefaultScoreParamsForTest()
+	query := []byte("han")
+	tokens := [][]byte{query}
+	pathPrefix := []byte("src/handler.go")
+	scorePrefix := filefinder.ScorePathForTest(pathPrefix, 4, 10, 1, query, tokens, params)
+	pathScattered := []byte("has/another/thing")
+	scoreScattered := filefinder.ScorePathForTest(pathScattered, 12, 5, 2, query, tokens, params)
+	if scorePrefix <= scoreScattered {
+		t.Errorf("basename prefix (%f) should score higher than scattered (%f)", scorePrefix, scoreScattered)
+	}
+}
+
+func TestScorePath_ShallowOverDeep(t *testing.T) {
+	t.Parallel()
+	params := filefinder.DefaultScoreParamsForTest()
+	query := []byte("foo")
+	tokens := [][]byte{query}
+	pathShallow := []byte("src/foo.go")
+	scoreShallow := filefinder.ScorePathForTest(pathShallow, 4, 6, 1, query, tokens, params)
+	pathDeep := []byte("a/b/c/d/e/foo.go")
+	scoreDeep := filefinder.ScorePathForTest(pathDeep, 10, 6, 5, query, tokens, params)
+	if scoreShallow <= scoreDeep {
+		t.Errorf("shallow path (%f) should score higher than deep (%f)", scoreShallow, scoreDeep)
+	}
+}
+
+func TestScorePath_ShorterOverLongerSameMatch(t *testing.T) {
+	t.Parallel()
+	params := filefinder.DefaultScoreParamsForTest()
+	query := []byte("foo")
+	tokens := [][]byte{query}
+	pathShort := []byte("x/foo")
+	scoreShort := filefinder.ScorePathForTest(pathShort, 2, 3, 1, query, tokens, params)
+	pathLong := []byte("x/foo_extremely_long_suffix_name")
+	scoreLong := filefinder.ScorePathForTest(pathLong, 2, 29, 1, query, tokens, params)
+	if scoreShort <= scoreLong {
+		t.Errorf("shorter path (%f) should score higher than longer (%f)", scoreShort, scoreLong)
+	}
+}
+
+func BenchmarkScorePath(b *testing.B) {
+	path := []byte("src/internal/coderd/database/queries/workspaces.sql")
+	query := []byte("workspace")
+	tokens := [][]byte{query}
+	params := filefinder.DefaultScoreParamsForTest()
+	baseOff, baseLen := filefinder.ExtractBasenameForTest(path)
+	s := filefinder.ScorePathForTest(path, baseOff, baseLen, 4, query, tokens, params)
+	if s == 0 {
+		b.Fatal("expected non-zero score for benchmark path")
+	}
+	b.ResetTimer()
+	for b.Loop() {
+		filefinder.ScorePathForTest(path, baseOff, baseLen, 4, query, tokens, params)
+	}
+}
@@ -0,0 +1,213 @@
+package filefinder
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+	"sync"
+	"time"
+
+	"github.com/fsnotify/fsnotify"
+
+	"cdr.dev/slog/v3"
+)
+
+// FSEvent represents a filesystem change event.
+type FSEvent struct {
+	Op    FSEventOp
+	Path  string
+	IsDir bool
+}
+
+// FSEventOp represents the type of filesystem operation.
+type FSEventOp uint8
+
+// Filesystem operations reported by the watcher.
+const (
+	OpCreate FSEventOp = iota
+	OpRemove
+	OpRename
+	OpModify
+)
+
+var skipDirs = map[string]struct{}{
+	".git": {}, "node_modules": {}, ".hg": {}, ".svn": {},
+	"__pycache__": {}, ".cache": {}, ".venv": {}, "vendor": {}, ".terraform": {},
+}
+
+type fsWatcher struct {
+	w      *fsnotify.Watcher
+	root   string
+	events chan []FSEvent
+	logger slog.Logger
+	mu     sync.Mutex
+	closed bool
+	done   chan struct{}
+}
+
+func newFSWatcher(root string, logger slog.Logger) (*fsWatcher, error) {
+	w, err := fsnotify.NewWatcher()
+	if err != nil {
+		return nil, err
+	}
+	return &fsWatcher{
+		w:      w,
+		root:   root,
+		events: make(chan []FSEvent, 64),
+		logger: logger,
+		done:   make(chan struct{}),
+	}, nil
+}
+
+func (fw *fsWatcher) Start(ctx context.Context) {
+	initEvents := fw.addRecursive(fw.root)
+	if len(initEvents) > 0 {
+		select {
+		case fw.events <- initEvents:
+		case <-ctx.Done():
+			return
+		}
+	}
+	fw.logger.Debug(ctx, "fs watcher started", slog.F("root", fw.root))
+	go fw.loop(ctx)
+}
+func (fw *fsWatcher) Events() <-chan []FSEvent { return fw.events }
+func (fw *fsWatcher) Close() error {
+	fw.mu.Lock()
+	if fw.closed {
+		fw.mu.Unlock()
+		return nil
+	}
+	fw.closed = true
+	fw.mu.Unlock()
+	err := fw.w.Close()
+	<-fw.done
+	return err
+}
+
+func (fw *fsWatcher) loop(ctx context.Context) {
+	defer close(fw.done)
+	const batchWindow = 50 * time.Millisecond
+	var (
+		batch  []FSEvent
+		seen   = make(map[string]struct{})
+		timer  *time.Timer
+		timerC <-chan time.Time
+	)
+	flush := func() {
+		if len(batch) == 0 {
+			return
+		}
+		select {
+		case fw.events <- batch:
+		default:
+			fw.logger.Warn(ctx, "fs watcher dropping batch", slog.F("count", len(batch)))
+		}
+		batch = nil
+		seen = make(map[string]struct{})
+		if timer != nil {
+			timer.Stop()
+		}
+		timer = nil
+		timerC = nil
+	}
+	addToBatch := func(ev FSEvent) {
+		if _, dup := seen[ev.Path]; dup {
+			return
+		}
+		seen[ev.Path] = struct{}{}
+		batch = append(batch, ev)
+		if timer == nil {
+			timer = time.NewTimer(batchWindow)
+			timerC = timer.C
+		}
+	}
+	for {
+		select {
+		case <-ctx.Done():
+			flush()
+			return
+		case ev, ok := <-fw.w.Events:
+			if !ok {
+				flush()
+				return
+			}
+			fsev := translateEvent(ev)
+			if fsev == nil {
+				continue
+			}
+			if fsev.IsDir && fsev.Op == OpCreate {
+				for _, s := range fw.addRecursive(fsev.Path) {
+					addToBatch(s)
+				}
+			}
+			addToBatch(*fsev)
+		case err, ok := <-fw.w.Errors:
+			if !ok {
+				flush()
+				return
+			}
+			fw.logger.Warn(ctx, "fsnotify watcher error", slog.Error(err))
+		case <-timerC:
+			flush()
+		}
+	}
+}
+
+func (fw *fsWatcher) addRecursive(dir string) []FSEvent {
+	var events []FSEvent
+	if walkErr := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return nil //nolint:nilerr // best-effort
+		}
+		base := filepath.Base(path)
+		if _, skip := skipDirs[base]; skip && info.IsDir() {
+			return filepath.SkipDir
+		}
+		if info.IsDir() {
+			if addErr := fw.w.Add(path); addErr != nil {
+				fw.logger.Debug(context.Background(), "failed to add watch",
+					slog.F("path", path), slog.Error(addErr))
+			}
+			if path != dir {
+				events = append(events, FSEvent{Op: OpCreate, Path: path, IsDir: true})
+			}
+			return nil
+		}
+		events = append(events, FSEvent{Op: OpCreate, Path: path, IsDir: false})
+		return nil
+	}); walkErr != nil {
+		fw.logger.Warn(context.Background(), "failed to walk directory",
+			slog.F("dir", dir), slog.Error(walkErr))
+	}
+	return events
+}
+
+func translateEvent(ev fsnotify.Event) *FSEvent {
+	var op FSEventOp
+	switch {
+	case ev.Op&fsnotify.Create != 0:
+		op = OpCreate
+	case ev.Op&fsnotify.Remove != 0:
+		op = OpRemove
+	case ev.Op&fsnotify.Rename != 0:
+		op = OpRename
+	case ev.Op&fsnotify.Write != 0:
+		op = OpModify
+	default:
+		return nil
+	}
+	isDir := false
+	if op == OpCreate || op == OpModify {
+		fi, err := os.Lstat(ev.Name)
+		if err == nil {
+			isDir = fi.IsDir()
+		}
+	}
+	if isDir {
+		if _, skip := skipDirs[filepath.Base(ev.Name)]; skip {
+			return nil
+		}
+	}
+	return &FSEvent{Op: op, Path: ev.Name, IsDir: isDir}
+}
@@ -776,6 +776,58 @@ func (CreateSubAgentRequest_App_SharingLevel) EnumDescriptor() ([]byte, []int) {
 	return file_agent_proto_agent_proto_rawDescGZIP(), []int{36, 0, 1}
 }

+type UpdateAppStatusRequest_AppStatusState int32
+
+const (
+	UpdateAppStatusRequest_WORKING  UpdateAppStatusRequest_AppStatusState = 0
+	UpdateAppStatusRequest_IDLE     UpdateAppStatusRequest_AppStatusState = 1
+	UpdateAppStatusRequest_COMPLETE UpdateAppStatusRequest_AppStatusState = 2
+	UpdateAppStatusRequest_FAILURE  UpdateAppStatusRequest_AppStatusState = 3
+)
+
+// Enum value maps for UpdateAppStatusRequest_AppStatusState.
+var (
+	UpdateAppStatusRequest_AppStatusState_name = map[int32]string{
+		0: "WORKING",
+		1: "IDLE",
+		2: "COMPLETE",
+		3: "FAILURE",
+	}
+	UpdateAppStatusRequest_AppStatusState_value = map[string]int32{
+		"WORKING":  0,
+		"IDLE":     1,
+		"COMPLETE": 2,
+		"FAILURE":  3,
+	}
+)
+
+func (x UpdateAppStatusRequest_AppStatusState) Enum() *UpdateAppStatusRequest_AppStatusState {
+	p := new(UpdateAppStatusRequest_AppStatusState)
+	*p = x
+	return p
+}
+
+func (x UpdateAppStatusRequest_AppStatusState) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (UpdateAppStatusRequest_AppStatusState) Descriptor() protoreflect.EnumDescriptor {
+	return file_agent_proto_agent_proto_enumTypes[14].Descriptor()
+}
+
+func (UpdateAppStatusRequest_AppStatusState) Type() protoreflect.EnumType {
+	return &file_agent_proto_agent_proto_enumTypes[14]
+}
+
+func (x UpdateAppStatusRequest_AppStatusState) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use UpdateAppStatusRequest_AppStatusState.Descriptor instead.
+func (UpdateAppStatusRequest_AppStatusState) EnumDescriptor() ([]byte, []int) {
+	return file_agent_proto_agent_proto_rawDescGZIP(), []int{45, 0}
+}
+
 type WorkspaceApp struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -3546,22 +3598,20 @@ func (*ReportBoundaryLogsResponse) Descriptor() ([]byte, []int) {
 	return file_agent_proto_agent_proto_rawDescGZIP(), []int{44}
 }

-type ReportRestartRequest struct {
+// UpdateAppStatusRequest updates the given Workspace App's status. c.f. agentsdk.PatchAppStatus
+type UpdateAppStatusRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields

-	RestartCount int32  `protobuf:"varint,1,opt,name=restart_count,json=restartCount,proto3" json:"restart_count,omitempty"`
-	KillSignal   string `protobuf:"bytes,2,opt,name=kill_signal,json=killSignal,proto3" json:"kill_signal,omitempty"`
-	// reason describes how the previous agent process exited.
-	// In the reaper (PID 1) path this is always "signal". In
-	// the systemd path it mirrors $SERVICE_RESULT and can be
-	// "signal", "exit-code", or another systemd result string.
-	Reason string `protobuf:"bytes,3,opt,name=reason,proto3" json:"reason,omitempty"`
+	Slug    string                                `protobuf:"bytes,1,opt,name=slug,proto3" json:"slug,omitempty"`
+	State   UpdateAppStatusRequest_AppStatusState `protobuf:"varint,2,opt,name=state,proto3,enum=coder.agent.v2.UpdateAppStatusRequest_AppStatusState" json:"state,omitempty"`
+	Message string                                `protobuf:"bytes,3,opt,name=message,proto3" json:"message,omitempty"`
+	Uri     string                                `protobuf:"bytes,4,opt,name=uri,proto3" json:"uri,omitempty"`
 }

-func (x *ReportRestartRequest) Reset() {
-	*x = ReportRestartRequest{}
+func (x *UpdateAppStatusRequest) Reset() {
+	*x = UpdateAppStatusRequest{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_agent_proto_agent_proto_msgTypes[45]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -3569,13 +3619,13 @@ func (x *ReportRestartRequest) Reset() {
 	}
 }

-func (x *ReportRestartRequest) String() string {
+func (x *UpdateAppStatusRequest) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }

-func (*ReportRestartRequest) ProtoMessage() {}
+func (*UpdateAppStatusRequest) ProtoMessage() {}

-func (x *ReportRestartRequest) ProtoReflect() protoreflect.Message {
+func (x *UpdateAppStatusRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_agent_proto_agent_proto_msgTypes[45]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -3587,40 +3637,47 @@ func (x *ReportRestartRequest) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }

-// Deprecated: Use ReportRestartRequest.ProtoReflect.Descriptor instead.
-func (*ReportRestartRequest) Descriptor() ([]byte, []int) {
+// Deprecated: Use UpdateAppStatusRequest.ProtoReflect.Descriptor instead.
+func (*UpdateAppStatusRequest) Descriptor() ([]byte, []int) {
 	return file_agent_proto_agent_proto_rawDescGZIP(), []int{45}
 }

-func (x *ReportRestartRequest) GetRestartCount() int32 {
+func (x *UpdateAppStatusRequest) GetSlug() string {
 	if x != nil {
-		return x.RestartCount
-	}
-	return 0
-}
-
-func (x *ReportRestartRequest) GetKillSignal() string {
-	if x != nil {
-		return x.KillSignal
+		return x.Slug
 	}
 	return ""
 }

-func (x *ReportRestartRequest) GetReason() string {
+func (x *UpdateAppStatusRequest) GetState() UpdateAppStatusRequest_AppStatusState {
 	if x != nil {
-		return x.Reason
+		return x.State
+	}
+	return UpdateAppStatusRequest_WORKING
+}
+
+func (x *UpdateAppStatusRequest) GetMessage() string {
+	if x != nil {
+		return x.Message
 	}
 	return ""
 }

-type ReportRestartResponse struct {
+func (x *UpdateAppStatusRequest) GetUri() string {
+	if x != nil {
+		return x.Uri
+	}
+	return ""
+}
+
+type UpdateAppStatusResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 }

-func (x *ReportRestartResponse) Reset() {
-	*x = ReportRestartResponse{}
+func (x *UpdateAppStatusResponse) Reset() {
+	*x = UpdateAppStatusResponse{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_agent_proto_agent_proto_msgTypes[46]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -3628,13 +3685,13 @@ func (x *ReportRestartResponse) Reset() {
 	}
 }

-func (x *ReportRestartResponse) String() string {
+func (x *UpdateAppStatusResponse) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }

-func (*ReportRestartResponse) ProtoMessage() {}
+func (*UpdateAppStatusResponse) ProtoMessage() {}

-func (x *ReportRestartResponse) ProtoReflect() protoreflect.Message {
+func (x *UpdateAppStatusResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_agent_proto_agent_proto_msgTypes[46]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -3646,8 +3703,8 @@ func (x *ReportRestartResponse) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }

-// Deprecated: Use ReportRestartResponse.ProtoReflect.Descriptor instead.
-func (*ReportRestartResponse) Descriptor() ([]byte, []int) {
+// Deprecated: Use UpdateAppStatusResponse.ProtoReflect.Descriptor instead.
+func (*UpdateAppStatusResponse) Descriptor() ([]byte, []int) {
 	return file_agent_proto_agent_proto_rawDescGZIP(), []int{46}
 }

@@ -5383,144 +5440,151 @@ var file_agent_proto_agent_proto_rawDesc = []byte{
 	0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x42,
 	0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x4c, 0x6f, 0x67, 0x52, 0x04, 0x6c, 0x6f, 0x67, 0x73,
 	0x22, 0x1c, 0x0a, 0x1a, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x61,
-	0x72, 0x79, 0x4c, 0x6f, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x74,
-	0x0a, 0x14, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x74, 0x61, 0x72,
-	0x74, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x72,
-	0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x6b,
-	0x69, 0x6c, 0x6c, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0a, 0x6b, 0x69, 0x6c, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06,
-	0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65,
-	0x61, 0x73, 0x6f, 0x6e, 0x22, 0x17, 0x0a, 0x15, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65,
-	0x73, 0x74, 0x61, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2a, 0x63, 0x0a,
-	0x09, 0x41, 0x70, 0x70, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x12, 0x1a, 0x0a, 0x16, 0x41, 0x50,
-	0x50, 0x5f, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49,
-	0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c,
-	0x45, 0x44, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x4e, 0x49, 0x54, 0x49, 0x41, 0x4c, 0x49,
-	0x5a, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48,
-	0x59, 0x10, 0x03, 0x12, 0x0d, 0x0a, 0x09, 0x55, 0x4e, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x59,
-	0x10, 0x04, 0x32, 0xdc, 0x0e, 0x0a, 0x05, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x12, 0x4b, 0x0a, 0x0b,
-	0x47, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, 0x12, 0x22, 0x2e, 0x63, 0x6f,
-	0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74,
-	0x4d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x18, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32,
-	0x2e, 0x4d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, 0x12, 0x5a, 0x0a, 0x10, 0x47, 0x65, 0x74,
-	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x12, 0x27, 0x2e,
-	0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x47,
-	0x65, 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61,
-	0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42,
-	0x61, 0x6e, 0x6e, 0x65, 0x72, 0x12, 0x56, 0x0a, 0x0b, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
-	0x74, 0x61, 0x74, 0x73, 0x12, 0x22, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65,
-	0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74,
-	0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x23, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72,
-	0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
-	0x53, 0x74, 0x61, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x54, 0x0a,
-	0x0f, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x66, 0x65, 0x63, 0x79, 0x63, 0x6c, 0x65,
-	0x12, 0x26, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76,
-	0x32, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x66, 0x65, 0x63, 0x79, 0x63, 0x6c,
-	0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72,
-	0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x4c, 0x69, 0x66, 0x65, 0x63, 0x79,
-	0x63, 0x6c, 0x65, 0x12, 0x72, 0x0a, 0x15, 0x42, 0x61, 0x74, 0x63, 0x68, 0x55, 0x70, 0x64, 0x61,
-	0x74, 0x65, 0x41, 0x70, 0x70, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x73, 0x12, 0x2b, 0x2e, 0x63,
-	0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x42, 0x61,
-	0x74, 0x63, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x48, 0x65, 0x61, 0x6c,
-	0x74, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x63, 0x6f, 0x64, 0x65,
-	0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x42, 0x61, 0x74, 0x63, 0x68,
-	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4e, 0x0a, 0x0d, 0x55, 0x70, 0x64, 0x61, 0x74,
-	0x65, 0x53, 0x74, 0x61, 0x72, 0x74, 0x75, 0x70, 0x12, 0x24, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72,
-	0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
-	0x53, 0x74, 0x61, 0x72, 0x74, 0x75, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17,
+	0x72, 0x79, 0x4c, 0x6f, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xe9,
+	0x01, 0x0a, 0x16, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x53, 0x74, 0x61, 0x74,
+	0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x6c, 0x75,
+	0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x73, 0x6c, 0x75, 0x67, 0x12, 0x4b, 0x0a,
+	0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x35, 0x2e, 0x63,
+	0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x55, 0x70,
+	0x64, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x2e, 0x41, 0x70, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x74,
+	0x61, 0x74, 0x65, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65,
+	0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73,
+	0x73, 0x61, 0x67, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x03, 0x75, 0x72, 0x69, 0x22, 0x42, 0x0a, 0x0e, 0x41, 0x70, 0x70, 0x53, 0x74, 0x61,
+	0x74, 0x75, 0x73, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x57, 0x4f, 0x52, 0x4b,
+	0x49, 0x4e, 0x47, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x49, 0x44, 0x4c, 0x45, 0x10, 0x01, 0x12,
+	0x0c, 0x0a, 0x08, 0x43, 0x4f, 0x4d, 0x50, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x02, 0x12, 0x0b, 0x0a,
+	0x07, 0x46, 0x41, 0x49, 0x4c, 0x55, 0x52, 0x45, 0x10, 0x03, 0x22, 0x19, 0x0a, 0x17, 0x55, 0x70,
+	0x64, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2a, 0x63, 0x0a, 0x09, 0x41, 0x70, 0x70, 0x48, 0x65, 0x61, 0x6c,
+	0x74, 0x68, 0x12, 0x1a, 0x0a, 0x16, 0x41, 0x50, 0x50, 0x5f, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48,
+	0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0c,
+	0x0a, 0x08, 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c,
+	0x49, 0x4e, 0x49, 0x54, 0x49, 0x41, 0x4c, 0x49, 0x5a, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x0b,
+	0x0a, 0x07, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x59, 0x10, 0x03, 0x12, 0x0d, 0x0a, 0x09, 0x55,
+	0x4e, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x59, 0x10, 0x04, 0x32, 0xe2, 0x0e, 0x0a, 0x05, 0x41,
+	0x67, 0x65, 0x6e, 0x74, 0x12, 0x4b, 0x0a, 0x0b, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x69, 0x66,
+	0x65, 0x73, 0x74, 0x12, 0x22, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e,
+	0x74, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e,
+	0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x4d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73,
+	0x74, 0x12, 0x5a, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42,
+	0x61, 0x6e, 0x6e, 0x65, 0x72, 0x12, 0x27, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67,
+	0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x42, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d,
 	0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e,
-	0x53, 0x74, 0x61, 0x72, 0x74, 0x75, 0x70, 0x12, 0x6e, 0x0a, 0x13, 0x42, 0x61, 0x74, 0x63, 0x68,
-	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x2a,
-	0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e,
-	0x42, 0x61, 0x74, 0x63, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x64,
-	0x61, 0x74, 0x61, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x63, 0x6f, 0x64,
-	0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x42, 0x61, 0x74, 0x63,
-	0x68, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x62, 0x0a, 0x0f, 0x42, 0x61, 0x74, 0x63, 0x68,
-	0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x26, 0x2e, 0x63, 0x6f, 0x64,
-	0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x42, 0x61, 0x74, 0x63,
-	0x68, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4c, 0x6f, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x27, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74,
+	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x42, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x12, 0x56, 0x0a,
+	0x0b, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x73, 0x12, 0x22, 0x2e, 0x63,
+	0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x55, 0x70,
+	0x64, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x23, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76,
+	0x32, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x73, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x54, 0x0a, 0x0f, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4c,
+	0x69, 0x66, 0x65, 0x63, 0x79, 0x63, 0x6c, 0x65, 0x12, 0x26, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72,
+	0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
+	0x4c, 0x69, 0x66, 0x65, 0x63, 0x79, 0x63, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x19, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76,
+	0x32, 0x2e, 0x4c, 0x69, 0x66, 0x65, 0x63, 0x79, 0x63, 0x6c, 0x65, 0x12, 0x72, 0x0a, 0x15, 0x42,
+	0x61, 0x74, 0x63, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x48, 0x65, 0x61,
+	0x6c, 0x74, 0x68, 0x73, 0x12, 0x2b, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65,
+	0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x42, 0x61, 0x74, 0x63, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74,
+	0x65, 0x41, 0x70, 0x70, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x1a, 0x2c, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e,
+	0x76, 0x32, 0x2e, 0x42, 0x61, 0x74, 0x63, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x70,
+	0x70, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
+	0x4e, 0x0a, 0x0d, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x72, 0x74, 0x75, 0x70,
+	0x12, 0x24, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76,
+	0x32, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x72, 0x74, 0x75, 0x70, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61,
+	0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x75, 0x70, 0x12,
+	0x6e, 0x0a, 0x13, 0x42, 0x61, 0x74, 0x63, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4d, 0x65,
+	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x2a, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61,
+	0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x42, 0x61, 0x74, 0x63, 0x68, 0x55, 0x70, 0x64,
+	0x61, 0x74, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74,
+	0x2e, 0x76, 0x32, 0x2e, 0x42, 0x61, 0x74, 0x63, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4d,
+	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
+	0x62, 0x0a, 0x0f, 0x42, 0x61, 0x74, 0x63, 0x68, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4c, 0x6f,
+	0x67, 0x73, 0x12, 0x26, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74,
 	0x2e, 0x76, 0x32, 0x2e, 0x42, 0x61, 0x74, 0x63, 0x68, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4c,
-	0x6f, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x77, 0x0a, 0x16, 0x47,
+	0x6f, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x63, 0x6f, 0x64,
+	0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x42, 0x61, 0x74, 0x63,
+	0x68, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4c, 0x6f, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x12, 0x77, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x41, 0x6e, 0x6e, 0x6f, 0x75, 0x6e,
+	0x63, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x42, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x73, 0x12, 0x2d, 0x2e,
+	0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x47,
 	0x65, 0x74, 0x41, 0x6e, 0x6e, 0x6f, 0x75, 0x6e, 0x63, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x42, 0x61,
-	0x6e, 0x6e, 0x65, 0x72, 0x73, 0x12, 0x2d, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67,
-	0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x6e, 0x6e, 0x6f, 0x75, 0x6e,
-	0x63, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x42, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65,
-	0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x6e, 0x6e, 0x6f, 0x75, 0x6e, 0x63,
-	0x65, 0x6d, 0x65, 0x6e, 0x74, 0x42, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7e, 0x0a, 0x0f, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x43, 0x6f,
-	0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x12, 0x34, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e,
-	0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61,
-	0x63, 0x65, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x43, 0x6f, 0x6d,
-	0x70, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x35, 0x2e,
-	0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x57,
-	0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x53, 0x63, 0x72,
-	0x69, 0x70, 0x74, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x9e, 0x01, 0x0a, 0x23, 0x47, 0x65, 0x74, 0x52, 0x65, 0x73, 0x6f,
-	0x75, 0x72, 0x63, 0x65, 0x73, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3a, 0x2e, 0x63,
+	0x6e, 0x6e, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x63,
 	0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65,
-	0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f,
-	0x72, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3b, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72,
-	0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x52, 0x65, 0x73,
-	0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x89, 0x01, 0x0a, 0x1c, 0x50, 0x75, 0x73, 0x68, 0x52, 0x65,
-	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e,
-	0x67, 0x55, 0x73, 0x61, 0x67, 0x65, 0x12, 0x33, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61,
-	0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x75, 0x73, 0x68, 0x52, 0x65, 0x73, 0x6f,
-	0x75, 0x72, 0x63, 0x65, 0x73, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x55,
-	0x73, 0x61, 0x67, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x34, 0x2e, 0x63, 0x6f,
-	0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x75, 0x73,
-	0x68, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f,
-	0x72, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x61, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x65, 0x12, 0x53, 0x0a, 0x10, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x27, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67,
-	0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x43, 0x6f, 0x6e,
-	0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x5f, 0x0a, 0x0e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65,
-	0x53, 0x75, 0x62, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x12, 0x25, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72,
-	0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65,
-	0x53, 0x75, 0x62, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x26, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32,
-	0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x75, 0x62, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f, 0x0a, 0x0e, 0x44, 0x65, 0x6c, 0x65, 0x74,
-	0x65, 0x53, 0x75, 0x62, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x12, 0x25, 0x2e, 0x63, 0x6f, 0x64, 0x65,
-	0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74,
-	0x65, 0x53, 0x75, 0x62, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x26, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76,
-	0x32, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x53, 0x75, 0x62, 0x41, 0x67, 0x65, 0x6e, 0x74,
-	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5c, 0x0a, 0x0d, 0x4c, 0x69, 0x73, 0x74,
-	0x53, 0x75, 0x62, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x24, 0x2e, 0x63, 0x6f, 0x64, 0x65,
-	0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53,
-	0x75, 0x62, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x25, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32,
-	0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x75, 0x62, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6b, 0x0a, 0x12, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74,
-	0x42, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x29, 0x2e, 0x63,
-	0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x65,
-	0x70, 0x6f, 0x72, 0x74, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x4c, 0x6f, 0x67, 0x73,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2a, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e,
-	0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x42,
-	0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x4c, 0x6f, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x12, 0x5c, 0x0a, 0x0d, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73,
-	0x74, 0x61, 0x72, 0x74, 0x12, 0x24, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65,
-	0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x74,
-	0x61, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x63, 0x6f, 0x64,
-	0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x65, 0x70, 0x6f,
-	0x72, 0x74, 0x52, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x65, 0x42, 0x27, 0x5a, 0x25, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
-	0x63, 0x6f, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x61,
-	0x67, 0x65, 0x6e, 0x74, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x33,
+	0x74, 0x41, 0x6e, 0x6e, 0x6f, 0x75, 0x6e, 0x63, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x42, 0x61, 0x6e,
+	0x6e, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7e, 0x0a, 0x0f,
+	0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x12,
+	0x34, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32,
+	0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x53,
+	0x63, 0x72, 0x69, 0x70, 0x74, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x35, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67,
+	0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65,
+	0x41, 0x67, 0x65, 0x6e, 0x74, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x43, 0x6f, 0x6d, 0x70, 0x6c,
+	0x65, 0x74, 0x65, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x9e, 0x01, 0x0a,
+	0x23, 0x47, 0x65, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x4d, 0x6f, 0x6e,
+	0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3a, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65,
+	0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+	0x65, 0x73, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x3b, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76,
+	0x32, 0x2e, 0x47, 0x65, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x4d, 0x6f,
+	0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x89, 0x01,
+	0x0a, 0x1c, 0x50, 0x75, 0x73, 0x68, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x4d,
+	0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x61, 0x67, 0x65, 0x12, 0x33,
+	0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e,
+	0x50, 0x75, 0x73, 0x68, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x4d, 0x6f, 0x6e,
+	0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x61, 0x67, 0x65, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x34, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e,
+	0x74, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x75, 0x73, 0x68, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+	0x65, 0x73, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x55, 0x73, 0x61, 0x67,
+	0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x53, 0x0a, 0x10, 0x52, 0x65, 0x70,
+	0x6f, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x27, 0x2e,
+	0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x52,
+	0x65, 0x70, 0x6f, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x5f,
+	0x0a, 0x0e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x75, 0x62, 0x41, 0x67, 0x65, 0x6e, 0x74,
+	0x12, 0x25, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76,
+	0x32, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x75, 0x62, 0x41, 0x67, 0x65, 0x6e, 0x74,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e,
+	0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53,
+	0x75, 0x62, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
+	0x5f, 0x0a, 0x0e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x53, 0x75, 0x62, 0x41, 0x67, 0x65, 0x6e,
+	0x74, 0x12, 0x25, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e,
+	0x76, 0x32, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x53, 0x75, 0x62, 0x41, 0x67, 0x65, 0x6e,
+	0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72,
+	0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65,
+	0x53, 0x75, 0x62, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x12, 0x5c, 0x0a, 0x0d, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x75, 0x62, 0x41, 0x67, 0x65, 0x6e, 0x74,
+	0x73, 0x12, 0x24, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e,
+	0x76, 0x32, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x75, 0x62, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x73,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e,
+	0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x75, 0x62,
+	0x41, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6b,
+	0x0a, 0x12, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79,
+	0x4c, 0x6f, 0x67, 0x73, 0x12, 0x29, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65,
+	0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x42, 0x6f, 0x75, 0x6e,
+	0x64, 0x61, 0x72, 0x79, 0x4c, 0x6f, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x2a, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32,
+	0x2e, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x4c,
+	0x6f, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x62, 0x0a, 0x0f, 0x55,
+	0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x26,
+	0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e,
+	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2e, 0x61,
+	0x67, 0x65, 0x6e, 0x74, 0x2e, 0x76, 0x32, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x70,
+	0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42,
+	0x27, 0x5a, 0x25, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f,
+	0x64, 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x67, 0x65,
+	0x6e, 0x74, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }

 var (
@@ -5535,7 +5599,7 @@ func file_agent_proto_agent_proto_rawDescGZIP() []byte {
 	return file_agent_proto_agent_proto_rawDescData
 }

-var file_agent_proto_agent_proto_enumTypes = make([]protoimpl.EnumInfo, 14)
+var file_agent_proto_agent_proto_enumTypes = make([]protoimpl.EnumInfo, 15)
 var file_agent_proto_agent_proto_msgTypes = make([]protoimpl.MessageInfo, 65)
 var file_agent_proto_agent_proto_goTypes = []interface{}{
 	(AppHealth)(0),                                      // 0: coder.agent.v2.AppHealth
@@ -5552,180 +5616,182 @@ var file_agent_proto_agent_proto_goTypes = []interface{}{
 	(CreateSubAgentRequest_DisplayApp)(0),               // 11: coder.agent.v2.CreateSubAgentRequest.DisplayApp
 	(CreateSubAgentRequest_App_OpenIn)(0),               // 12: coder.agent.v2.CreateSubAgentRequest.App.OpenIn
 	(CreateSubAgentRequest_App_SharingLevel)(0),         // 13: coder.agent.v2.CreateSubAgentRequest.App.SharingLevel
-	(*WorkspaceApp)(nil),                                // 14: coder.agent.v2.WorkspaceApp
-	(*WorkspaceAgentScript)(nil),                        // 15: coder.agent.v2.WorkspaceAgentScript
-	(*WorkspaceAgentMetadata)(nil),                      // 16: coder.agent.v2.WorkspaceAgentMetadata
-	(*Manifest)(nil),                                    // 17: coder.agent.v2.Manifest
-	(*WorkspaceAgentDevcontainer)(nil),                  // 18: coder.agent.v2.WorkspaceAgentDevcontainer
-	(*GetManifestRequest)(nil),                          // 19: coder.agent.v2.GetManifestRequest
-	(*ServiceBanner)(nil),                               // 20: coder.agent.v2.ServiceBanner
-	(*GetServiceBannerRequest)(nil),                     // 21: coder.agent.v2.GetServiceBannerRequest
-	(*Stats)(nil),                                       // 22: coder.agent.v2.Stats
-	(*UpdateStatsRequest)(nil),                          // 23: coder.agent.v2.UpdateStatsRequest
-	(*UpdateStatsResponse)(nil),                         // 24: coder.agent.v2.UpdateStatsResponse
-	(*Lifecycle)(nil),                                   // 25: coder.agent.v2.Lifecycle
-	(*UpdateLifecycleRequest)(nil),                      // 26: coder.agent.v2.UpdateLifecycleRequest
-	(*BatchUpdateAppHealthRequest)(nil),                 // 27: coder.agent.v2.BatchUpdateAppHealthRequest
-	(*BatchUpdateAppHealthResponse)(nil),                // 28: coder.agent.v2.BatchUpdateAppHealthResponse
-	(*Startup)(nil),                                     // 29: coder.agent.v2.Startup
-	(*UpdateStartupRequest)(nil),                        // 30: coder.agent.v2.UpdateStartupRequest
-	(*Metadata)(nil),                                    // 31: coder.agent.v2.Metadata
-	(*BatchUpdateMetadataRequest)(nil),                  // 32: coder.agent.v2.BatchUpdateMetadataRequest
-	(*BatchUpdateMetadataResponse)(nil),                 // 33: coder.agent.v2.BatchUpdateMetadataResponse
-	(*Log)(nil),                                         // 34: coder.agent.v2.Log
-	(*BatchCreateLogsRequest)(nil),                      // 35: coder.agent.v2.BatchCreateLogsRequest
-	(*BatchCreateLogsResponse)(nil),                     // 36: coder.agent.v2.BatchCreateLogsResponse
-	(*GetAnnouncementBannersRequest)(nil),               // 37: coder.agent.v2.GetAnnouncementBannersRequest
-	(*GetAnnouncementBannersResponse)(nil),              // 38: coder.agent.v2.GetAnnouncementBannersResponse
-	(*BannerConfig)(nil),                                // 39: coder.agent.v2.BannerConfig
-	(*WorkspaceAgentScriptCompletedRequest)(nil),        // 40: coder.agent.v2.WorkspaceAgentScriptCompletedRequest
-	(*WorkspaceAgentScriptCompletedResponse)(nil),       // 41: coder.agent.v2.WorkspaceAgentScriptCompletedResponse
-	(*Timing)(nil),                                      // 42: coder.agent.v2.Timing
-	(*GetResourcesMonitoringConfigurationRequest)(nil),  // 43: coder.agent.v2.GetResourcesMonitoringConfigurationRequest
-	(*GetResourcesMonitoringConfigurationResponse)(nil), // 44: coder.agent.v2.GetResourcesMonitoringConfigurationResponse
-	(*PushResourcesMonitoringUsageRequest)(nil),         // 45: coder.agent.v2.PushResourcesMonitoringUsageRequest
-	(*PushResourcesMonitoringUsageResponse)(nil),        // 46: coder.agent.v2.PushResourcesMonitoringUsageResponse
-	(*Connection)(nil),                                  // 47: coder.agent.v2.Connection
-	(*ReportConnectionRequest)(nil),                     // 48: coder.agent.v2.ReportConnectionRequest
-	(*SubAgent)(nil),                                    // 49: coder.agent.v2.SubAgent
-	(*CreateSubAgentRequest)(nil),                       // 50: coder.agent.v2.CreateSubAgentRequest
-	(*CreateSubAgentResponse)(nil),                      // 51: coder.agent.v2.CreateSubAgentResponse
-	(*DeleteSubAgentRequest)(nil),                       // 52: coder.agent.v2.DeleteSubAgentRequest
-	(*DeleteSubAgentResponse)(nil),                      // 53: coder.agent.v2.DeleteSubAgentResponse
-	(*ListSubAgentsRequest)(nil),                        // 54: coder.agent.v2.ListSubAgentsRequest
-	(*ListSubAgentsResponse)(nil),                       // 55: coder.agent.v2.ListSubAgentsResponse
-	(*BoundaryLog)(nil),                                 // 56: coder.agent.v2.BoundaryLog
-	(*ReportBoundaryLogsRequest)(nil),                   // 57: coder.agent.v2.ReportBoundaryLogsRequest
-	(*ReportBoundaryLogsResponse)(nil),                  // 58: coder.agent.v2.ReportBoundaryLogsResponse
-	(*ReportRestartRequest)(nil),                        // 59: coder.agent.v2.ReportRestartRequest
-	(*ReportRestartResponse)(nil),                       // 60: coder.agent.v2.ReportRestartResponse
-	(*WorkspaceApp_Healthcheck)(nil),                    // 61: coder.agent.v2.WorkspaceApp.Healthcheck
-	(*WorkspaceAgentMetadata_Result)(nil),               // 62: coder.agent.v2.WorkspaceAgentMetadata.Result
-	(*WorkspaceAgentMetadata_Description)(nil),          // 63: coder.agent.v2.WorkspaceAgentMetadata.Description
-	nil,                        // 64: coder.agent.v2.Manifest.EnvironmentVariablesEntry
-	nil,                        // 65: coder.agent.v2.Stats.ConnectionsByProtoEntry
-	(*Stats_Metric)(nil),       // 66: coder.agent.v2.Stats.Metric
-	(*Stats_Metric_Label)(nil), // 67: coder.agent.v2.Stats.Metric.Label
-	(*BatchUpdateAppHealthRequest_HealthUpdate)(nil),                  // 68: coder.agent.v2.BatchUpdateAppHealthRequest.HealthUpdate
-	(*GetResourcesMonitoringConfigurationResponse_Config)(nil),        // 69: coder.agent.v2.GetResourcesMonitoringConfigurationResponse.Config
-	(*GetResourcesMonitoringConfigurationResponse_Memory)(nil),        // 70: coder.agent.v2.GetResourcesMonitoringConfigurationResponse.Memory
-	(*GetResourcesMonitoringConfigurationResponse_Volume)(nil),        // 71: coder.agent.v2.GetResourcesMonitoringConfigurationResponse.Volume
-	(*PushResourcesMonitoringUsageRequest_Datapoint)(nil),             // 72: coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint
-	(*PushResourcesMonitoringUsageRequest_Datapoint_MemoryUsage)(nil), // 73: coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint.MemoryUsage
-	(*PushResourcesMonitoringUsageRequest_Datapoint_VolumeUsage)(nil), // 74: coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint.VolumeUsage
-	(*CreateSubAgentRequest_App)(nil),                                 // 75: coder.agent.v2.CreateSubAgentRequest.App
-	(*CreateSubAgentRequest_App_Healthcheck)(nil),                     // 76: coder.agent.v2.CreateSubAgentRequest.App.Healthcheck
-	(*CreateSubAgentResponse_AppCreationError)(nil),                   // 77: coder.agent.v2.CreateSubAgentResponse.AppCreationError
-	(*BoundaryLog_HttpRequest)(nil),                                   // 78: coder.agent.v2.BoundaryLog.HttpRequest
-	(*durationpb.Duration)(nil),                                       // 79: google.protobuf.Duration
-	(*proto.DERPMap)(nil),                                             // 80: coder.tailnet.v2.DERPMap
-	(*timestamppb.Timestamp)(nil),                                     // 81: google.protobuf.Timestamp
-	(*emptypb.Empty)(nil),                                             // 82: google.protobuf.Empty
+	(UpdateAppStatusRequest_AppStatusState)(0),          // 14: coder.agent.v2.UpdateAppStatusRequest.AppStatusState
+	(*WorkspaceApp)(nil),                                // 15: coder.agent.v2.WorkspaceApp
+	(*WorkspaceAgentScript)(nil),                        // 16: coder.agent.v2.WorkspaceAgentScript
+	(*WorkspaceAgentMetadata)(nil),                      // 17: coder.agent.v2.WorkspaceAgentMetadata
+	(*Manifest)(nil),                                    // 18: coder.agent.v2.Manifest
+	(*WorkspaceAgentDevcontainer)(nil),                  // 19: coder.agent.v2.WorkspaceAgentDevcontainer
+	(*GetManifestRequest)(nil),                          // 20: coder.agent.v2.GetManifestRequest
+	(*ServiceBanner)(nil),                               // 21: coder.agent.v2.ServiceBanner
+	(*GetServiceBannerRequest)(nil),                     // 22: coder.agent.v2.GetServiceBannerRequest
+	(*Stats)(nil),                                       // 23: coder.agent.v2.Stats
+	(*UpdateStatsRequest)(nil),                          // 24: coder.agent.v2.UpdateStatsRequest
+	(*UpdateStatsResponse)(nil),                         // 25: coder.agent.v2.UpdateStatsResponse
+	(*Lifecycle)(nil),                                   // 26: coder.agent.v2.Lifecycle
+	(*UpdateLifecycleRequest)(nil),                      // 27: coder.agent.v2.UpdateLifecycleRequest
+	(*BatchUpdateAppHealthRequest)(nil),                 // 28: coder.agent.v2.BatchUpdateAppHealthRequest
+	(*BatchUpdateAppHealthResponse)(nil),                // 29: coder.agent.v2.BatchUpdateAppHealthResponse
+	(*Startup)(nil),                                     // 30: coder.agent.v2.Startup
+	(*UpdateStartupRequest)(nil),                        // 31: coder.agent.v2.UpdateStartupRequest
+	(*Metadata)(nil),                                    // 32: coder.agent.v2.Metadata
+	(*BatchUpdateMetadataRequest)(nil),                  // 33: coder.agent.v2.BatchUpdateMetadataRequest
+	(*BatchUpdateMetadataResponse)(nil),                 // 34: coder.agent.v2.BatchUpdateMetadataResponse
+	(*Log)(nil),                                         // 35: coder.agent.v2.Log
+	(*BatchCreateLogsRequest)(nil),                      // 36: coder.agent.v2.BatchCreateLogsRequest
+	(*BatchCreateLogsResponse)(nil),                     // 37: coder.agent.v2.BatchCreateLogsResponse
+	(*GetAnnouncementBannersRequest)(nil),               // 38: coder.agent.v2.GetAnnouncementBannersRequest
+	(*GetAnnouncementBannersResponse)(nil),              // 39: coder.agent.v2.GetAnnouncementBannersResponse
+	(*BannerConfig)(nil),                                // 40: coder.agent.v2.BannerConfig
+	(*WorkspaceAgentScriptCompletedRequest)(nil),        // 41: coder.agent.v2.WorkspaceAgentScriptCompletedRequest
+	(*WorkspaceAgentScriptCompletedResponse)(nil),       // 42: coder.agent.v2.WorkspaceAgentScriptCompletedResponse
+	(*Timing)(nil),                                      // 43: coder.agent.v2.Timing
+	(*GetResourcesMonitoringConfigurationRequest)(nil),  // 44: coder.agent.v2.GetResourcesMonitoringConfigurationRequest
+	(*GetResourcesMonitoringConfigurationResponse)(nil), // 45: coder.agent.v2.GetResourcesMonitoringConfigurationResponse
+	(*PushResourcesMonitoringUsageRequest)(nil),         // 46: coder.agent.v2.PushResourcesMonitoringUsageRequest
+	(*PushResourcesMonitoringUsageResponse)(nil),        // 47: coder.agent.v2.PushResourcesMonitoringUsageResponse
+	(*Connection)(nil),                                  // 48: coder.agent.v2.Connection
+	(*ReportConnectionRequest)(nil),                     // 49: coder.agent.v2.ReportConnectionRequest
+	(*SubAgent)(nil),                                    // 50: coder.agent.v2.SubAgent
+	(*CreateSubAgentRequest)(nil),                       // 51: coder.agent.v2.CreateSubAgentRequest
+	(*CreateSubAgentResponse)(nil),                      // 52: coder.agent.v2.CreateSubAgentResponse
+	(*DeleteSubAgentRequest)(nil),                       // 53: coder.agent.v2.DeleteSubAgentRequest
+	(*DeleteSubAgentResponse)(nil),                      // 54: coder.agent.v2.DeleteSubAgentResponse
+	(*ListSubAgentsRequest)(nil),                        // 55: coder.agent.v2.ListSubAgentsRequest
+	(*ListSubAgentsResponse)(nil),                       // 56: coder.agent.v2.ListSubAgentsResponse
+	(*BoundaryLog)(nil),                                 // 57: coder.agent.v2.BoundaryLog
+	(*ReportBoundaryLogsRequest)(nil),                   // 58: coder.agent.v2.ReportBoundaryLogsRequest
+	(*ReportBoundaryLogsResponse)(nil),                  // 59: coder.agent.v2.ReportBoundaryLogsResponse
+	(*UpdateAppStatusRequest)(nil),                      // 60: coder.agent.v2.UpdateAppStatusRequest
+	(*UpdateAppStatusResponse)(nil),                     // 61: coder.agent.v2.UpdateAppStatusResponse
+	(*WorkspaceApp_Healthcheck)(nil),                    // 62: coder.agent.v2.WorkspaceApp.Healthcheck
+	(*WorkspaceAgentMetadata_Result)(nil),               // 63: coder.agent.v2.WorkspaceAgentMetadata.Result
+	(*WorkspaceAgentMetadata_Description)(nil),          // 64: coder.agent.v2.WorkspaceAgentMetadata.Description
+	nil,                        // 65: coder.agent.v2.Manifest.EnvironmentVariablesEntry
+	nil,                        // 66: coder.agent.v2.Stats.ConnectionsByProtoEntry
+	(*Stats_Metric)(nil),       // 67: coder.agent.v2.Stats.Metric
+	(*Stats_Metric_Label)(nil), // 68: coder.agent.v2.Stats.Metric.Label
+	(*BatchUpdateAppHealthRequest_HealthUpdate)(nil),                  // 69: coder.agent.v2.BatchUpdateAppHealthRequest.HealthUpdate
+	(*GetResourcesMonitoringConfigurationResponse_Config)(nil),        // 70: coder.agent.v2.GetResourcesMonitoringConfigurationResponse.Config
+	(*GetResourcesMonitoringConfigurationResponse_Memory)(nil),        // 71: coder.agent.v2.GetResourcesMonitoringConfigurationResponse.Memory
+	(*GetResourcesMonitoringConfigurationResponse_Volume)(nil),        // 72: coder.agent.v2.GetResourcesMonitoringConfigurationResponse.Volume
+	(*PushResourcesMonitoringUsageRequest_Datapoint)(nil),             // 73: coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint
+	(*PushResourcesMonitoringUsageRequest_Datapoint_MemoryUsage)(nil), // 74: coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint.MemoryUsage
+	(*PushResourcesMonitoringUsageRequest_Datapoint_VolumeUsage)(nil), // 75: coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint.VolumeUsage
+	(*CreateSubAgentRequest_App)(nil),                                 // 76: coder.agent.v2.CreateSubAgentRequest.App
+	(*CreateSubAgentRequest_App_Healthcheck)(nil),                     // 77: coder.agent.v2.CreateSubAgentRequest.App.Healthcheck
+	(*CreateSubAgentResponse_AppCreationError)(nil),                   // 78: coder.agent.v2.CreateSubAgentResponse.AppCreationError
+	(*BoundaryLog_HttpRequest)(nil),                                   // 79: coder.agent.v2.BoundaryLog.HttpRequest
+	(*durationpb.Duration)(nil),                                       // 80: google.protobuf.Duration
+	(*proto.DERPMap)(nil),                                             // 81: coder.tailnet.v2.DERPMap
+	(*timestamppb.Timestamp)(nil),                                     // 82: google.protobuf.Timestamp
+	(*emptypb.Empty)(nil),                                             // 83: google.protobuf.Empty
 }
 var file_agent_proto_agent_proto_depIdxs = []int32{
 	1,  // 0: coder.agent.v2.WorkspaceApp.sharing_level:type_name -> coder.agent.v2.WorkspaceApp.SharingLevel
-	61, // 1: coder.agent.v2.WorkspaceApp.healthcheck:type_name -> coder.agent.v2.WorkspaceApp.Healthcheck
+	62, // 1: coder.agent.v2.WorkspaceApp.healthcheck:type_name -> coder.agent.v2.WorkspaceApp.Healthcheck
 	2,  // 2: coder.agent.v2.WorkspaceApp.health:type_name -> coder.agent.v2.WorkspaceApp.Health
-	79, // 3: coder.agent.v2.WorkspaceAgentScript.timeout:type_name -> google.protobuf.Duration
-	62, // 4: coder.agent.v2.WorkspaceAgentMetadata.result:type_name -> coder.agent.v2.WorkspaceAgentMetadata.Result
-	63, // 5: coder.agent.v2.WorkspaceAgentMetadata.description:type_name -> coder.agent.v2.WorkspaceAgentMetadata.Description
-	64, // 6: coder.agent.v2.Manifest.environment_variables:type_name -> coder.agent.v2.Manifest.EnvironmentVariablesEntry
-	80, // 7: coder.agent.v2.Manifest.derp_map:type_name -> coder.tailnet.v2.DERPMap
-	15, // 8: coder.agent.v2.Manifest.scripts:type_name -> coder.agent.v2.WorkspaceAgentScript
-	14, // 9: coder.agent.v2.Manifest.apps:type_name -> coder.agent.v2.WorkspaceApp
-	63, // 10: coder.agent.v2.Manifest.metadata:type_name -> coder.agent.v2.WorkspaceAgentMetadata.Description
-	18, // 11: coder.agent.v2.Manifest.devcontainers:type_name -> coder.agent.v2.WorkspaceAgentDevcontainer
-	65, // 12: coder.agent.v2.Stats.connections_by_proto:type_name -> coder.agent.v2.Stats.ConnectionsByProtoEntry
-	66, // 13: coder.agent.v2.Stats.metrics:type_name -> coder.agent.v2.Stats.Metric
-	22, // 14: coder.agent.v2.UpdateStatsRequest.stats:type_name -> coder.agent.v2.Stats
-	79, // 15: coder.agent.v2.UpdateStatsResponse.report_interval:type_name -> google.protobuf.Duration
+	80, // 3: coder.agent.v2.WorkspaceAgentScript.timeout:type_name -> google.protobuf.Duration
+	63, // 4: coder.agent.v2.WorkspaceAgentMetadata.result:type_name -> coder.agent.v2.WorkspaceAgentMetadata.Result
+	64, // 5: coder.agent.v2.WorkspaceAgentMetadata.description:type_name -> coder.agent.v2.WorkspaceAgentMetadata.Description
+	65, // 6: coder.agent.v2.Manifest.environment_variables:type_name -> coder.agent.v2.Manifest.EnvironmentVariablesEntry
+	81, // 7: coder.agent.v2.Manifest.derp_map:type_name -> coder.tailnet.v2.DERPMap
+	16, // 8: coder.agent.v2.Manifest.scripts:type_name -> coder.agent.v2.WorkspaceAgentScript
+	15, // 9: coder.agent.v2.Manifest.apps:type_name -> coder.agent.v2.WorkspaceApp
+	64, // 10: coder.agent.v2.Manifest.metadata:type_name -> coder.agent.v2.WorkspaceAgentMetadata.Description
+	19, // 11: coder.agent.v2.Manifest.devcontainers:type_name -> coder.agent.v2.WorkspaceAgentDevcontainer
+	66, // 12: coder.agent.v2.Stats.connections_by_proto:type_name -> coder.agent.v2.Stats.ConnectionsByProtoEntry
+	67, // 13: coder.agent.v2.Stats.metrics:type_name -> coder.agent.v2.Stats.Metric
+	23, // 14: coder.agent.v2.UpdateStatsRequest.stats:type_name -> coder.agent.v2.Stats
+	80, // 15: coder.agent.v2.UpdateStatsResponse.report_interval:type_name -> google.protobuf.Duration
 	4,  // 16: coder.agent.v2.Lifecycle.state:type_name -> coder.agent.v2.Lifecycle.State
-	81, // 17: coder.agent.v2.Lifecycle.changed_at:type_name -> google.protobuf.Timestamp
-	25, // 18: coder.agent.v2.UpdateLifecycleRequest.lifecycle:type_name -> coder.agent.v2.Lifecycle
-	68, // 19: coder.agent.v2.BatchUpdateAppHealthRequest.updates:type_name -> coder.agent.v2.BatchUpdateAppHealthRequest.HealthUpdate
+	82, // 17: coder.agent.v2.Lifecycle.changed_at:type_name -> google.protobuf.Timestamp
+	26, // 18: coder.agent.v2.UpdateLifecycleRequest.lifecycle:type_name -> coder.agent.v2.Lifecycle
+	69, // 19: coder.agent.v2.BatchUpdateAppHealthRequest.updates:type_name -> coder.agent.v2.BatchUpdateAppHealthRequest.HealthUpdate
 	5,  // 20: coder.agent.v2.Startup.subsystems:type_name -> coder.agent.v2.Startup.Subsystem
-	29, // 21: coder.agent.v2.UpdateStartupRequest.startup:type_name -> coder.agent.v2.Startup
-	62, // 22: coder.agent.v2.Metadata.result:type_name -> coder.agent.v2.WorkspaceAgentMetadata.Result
-	31, // 23: coder.agent.v2.BatchUpdateMetadataRequest.metadata:type_name -> coder.agent.v2.Metadata
-	81, // 24: coder.agent.v2.Log.created_at:type_name -> google.protobuf.Timestamp
+	30, // 21: coder.agent.v2.UpdateStartupRequest.startup:type_name -> coder.agent.v2.Startup
+	63, // 22: coder.agent.v2.Metadata.result:type_name -> coder.agent.v2.WorkspaceAgentMetadata.Result
+	32, // 23: coder.agent.v2.BatchUpdateMetadataRequest.metadata:type_name -> coder.agent.v2.Metadata
+	82, // 24: coder.agent.v2.Log.created_at:type_name -> google.protobuf.Timestamp
 	6,  // 25: coder.agent.v2.Log.level:type_name -> coder.agent.v2.Log.Level
-	34, // 26: coder.agent.v2.BatchCreateLogsRequest.logs:type_name -> coder.agent.v2.Log
-	39, // 27: coder.agent.v2.GetAnnouncementBannersResponse.announcement_banners:type_name -> coder.agent.v2.BannerConfig
-	42, // 28: coder.agent.v2.WorkspaceAgentScriptCompletedRequest.timing:type_name -> coder.agent.v2.Timing
-	81, // 29: coder.agent.v2.Timing.start:type_name -> google.protobuf.Timestamp
-	81, // 30: coder.agent.v2.Timing.end:type_name -> google.protobuf.Timestamp
+	35, // 26: coder.agent.v2.BatchCreateLogsRequest.logs:type_name -> coder.agent.v2.Log
+	40, // 27: coder.agent.v2.GetAnnouncementBannersResponse.announcement_banners:type_name -> coder.agent.v2.BannerConfig
+	43, // 28: coder.agent.v2.WorkspaceAgentScriptCompletedRequest.timing:type_name -> coder.agent.v2.Timing
+	82, // 29: coder.agent.v2.Timing.start:type_name -> google.protobuf.Timestamp
+	82, // 30: coder.agent.v2.Timing.end:type_name -> google.protobuf.Timestamp
 	7,  // 31: coder.agent.v2.Timing.stage:type_name -> coder.agent.v2.Timing.Stage
 	8,  // 32: coder.agent.v2.Timing.status:type_name -> coder.agent.v2.Timing.Status
-	69, // 33: coder.agent.v2.GetResourcesMonitoringConfigurationResponse.config:type_name -> coder.agent.v2.GetResourcesMonitoringConfigurationResponse.Config
-	70, // 34: coder.agent.v2.GetResourcesMonitoringConfigurationResponse.memory:type_name -> coder.agent.v2.GetResourcesMonitoringConfigurationResponse.Memory
-	71, // 35: coder.agent.v2.GetResourcesMonitoringConfigurationResponse.volumes:type_name -> coder.agent.v2.GetResourcesMonitoringConfigurationResponse.Volume
-	72, // 36: coder.agent.v2.PushResourcesMonitoringUsageRequest.datapoints:type_name -> coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint
+	70, // 33: coder.agent.v2.GetResourcesMonitoringConfigurationResponse.config:type_name -> coder.agent.v2.GetResourcesMonitoringConfigurationResponse.Config
+	71, // 34: coder.agent.v2.GetResourcesMonitoringConfigurationResponse.memory:type_name -> coder.agent.v2.GetResourcesMonitoringConfigurationResponse.Memory
+	72, // 35: coder.agent.v2.GetResourcesMonitoringConfigurationResponse.volumes:type_name -> coder.agent.v2.GetResourcesMonitoringConfigurationResponse.Volume
+	73, // 36: coder.agent.v2.PushResourcesMonitoringUsageRequest.datapoints:type_name -> coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint
 	9,  // 37: coder.agent.v2.Connection.action:type_name -> coder.agent.v2.Connection.Action
 	10, // 38: coder.agent.v2.Connection.type:type_name -> coder.agent.v2.Connection.Type
-	81, // 39: coder.agent.v2.Connection.timestamp:type_name -> google.protobuf.Timestamp
-	47, // 40: coder.agent.v2.ReportConnectionRequest.connection:type_name -> coder.agent.v2.Connection
-	75, // 41: coder.agent.v2.CreateSubAgentRequest.apps:type_name -> coder.agent.v2.CreateSubAgentRequest.App
+	82, // 39: coder.agent.v2.Connection.timestamp:type_name -> google.protobuf.Timestamp
+	48, // 40: coder.agent.v2.ReportConnectionRequest.connection:type_name -> coder.agent.v2.Connection
+	76, // 41: coder.agent.v2.CreateSubAgentRequest.apps:type_name -> coder.agent.v2.CreateSubAgentRequest.App
 	11, // 42: coder.agent.v2.CreateSubAgentRequest.display_apps:type_name -> coder.agent.v2.CreateSubAgentRequest.DisplayApp
-	49, // 43: coder.agent.v2.CreateSubAgentResponse.agent:type_name -> coder.agent.v2.SubAgent
-	77, // 44: coder.agent.v2.CreateSubAgentResponse.app_creation_errors:type_name -> coder.agent.v2.CreateSubAgentResponse.AppCreationError
-	49, // 45: coder.agent.v2.ListSubAgentsResponse.agents:type_name -> coder.agent.v2.SubAgent
-	81, // 46: coder.agent.v2.BoundaryLog.time:type_name -> google.protobuf.Timestamp
-	78, // 47: coder.agent.v2.BoundaryLog.http_request:type_name -> coder.agent.v2.BoundaryLog.HttpRequest
-	56, // 48: coder.agent.v2.ReportBoundaryLogsRequest.logs:type_name -> coder.agent.v2.BoundaryLog
-	79, // 49: coder.agent.v2.WorkspaceApp.Healthcheck.interval:type_name -> google.protobuf.Duration
-	81, // 50: coder.agent.v2.WorkspaceAgentMetadata.Result.collected_at:type_name -> google.protobuf.Timestamp
-	79, // 51: coder.agent.v2.WorkspaceAgentMetadata.Description.interval:type_name -> google.protobuf.Duration
-	79, // 52: coder.agent.v2.WorkspaceAgentMetadata.Description.timeout:type_name -> google.protobuf.Duration
-	3,  // 53: coder.agent.v2.Stats.Metric.type:type_name -> coder.agent.v2.Stats.Metric.Type
-	67, // 54: coder.agent.v2.Stats.Metric.labels:type_name -> coder.agent.v2.Stats.Metric.Label
-	0,  // 55: coder.agent.v2.BatchUpdateAppHealthRequest.HealthUpdate.health:type_name -> coder.agent.v2.AppHealth
-	81, // 56: coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint.collected_at:type_name -> google.protobuf.Timestamp
-	73, // 57: coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint.memory:type_name -> coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint.MemoryUsage
-	74, // 58: coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint.volumes:type_name -> coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint.VolumeUsage
-	76, // 59: coder.agent.v2.CreateSubAgentRequest.App.healthcheck:type_name -> coder.agent.v2.CreateSubAgentRequest.App.Healthcheck
-	12, // 60: coder.agent.v2.CreateSubAgentRequest.App.open_in:type_name -> coder.agent.v2.CreateSubAgentRequest.App.OpenIn
-	13, // 61: coder.agent.v2.CreateSubAgentRequest.App.share:type_name -> coder.agent.v2.CreateSubAgentRequest.App.SharingLevel
-	19, // 62: coder.agent.v2.Agent.GetManifest:input_type -> coder.agent.v2.GetManifestRequest
-	21, // 63: coder.agent.v2.Agent.GetServiceBanner:input_type -> coder.agent.v2.GetServiceBannerRequest
-	23, // 64: coder.agent.v2.Agent.UpdateStats:input_type -> coder.agent.v2.UpdateStatsRequest
-	26, // 65: coder.agent.v2.Agent.UpdateLifecycle:input_type -> coder.agent.v2.UpdateLifecycleRequest
-	27, // 66: coder.agent.v2.Agent.BatchUpdateAppHealths:input_type -> coder.agent.v2.BatchUpdateAppHealthRequest
-	30, // 67: coder.agent.v2.Agent.UpdateStartup:input_type -> coder.agent.v2.UpdateStartupRequest
-	32, // 68: coder.agent.v2.Agent.BatchUpdateMetadata:input_type -> coder.agent.v2.BatchUpdateMetadataRequest
-	35, // 69: coder.agent.v2.Agent.BatchCreateLogs:input_type -> coder.agent.v2.BatchCreateLogsRequest
-	37, // 70: coder.agent.v2.Agent.GetAnnouncementBanners:input_type -> coder.agent.v2.GetAnnouncementBannersRequest
-	40, // 71: coder.agent.v2.Agent.ScriptCompleted:input_type -> coder.agent.v2.WorkspaceAgentScriptCompletedRequest
-	43, // 72: coder.agent.v2.Agent.GetResourcesMonitoringConfiguration:input_type -> coder.agent.v2.GetResourcesMonitoringConfigurationRequest
-	45, // 73: coder.agent.v2.Agent.PushResourcesMonitoringUsage:input_type -> coder.agent.v2.PushResourcesMonitoringUsageRequest
-	48, // 74: coder.agent.v2.Agent.ReportConnection:input_type -> coder.agent.v2.ReportConnectionRequest
-	50, // 75: coder.agent.v2.Agent.CreateSubAgent:input_type -> coder.agent.v2.CreateSubAgentRequest
-	52, // 76: coder.agent.v2.Agent.DeleteSubAgent:input_type -> coder.agent.v2.DeleteSubAgentRequest
-	54, // 77: coder.agent.v2.Agent.ListSubAgents:input_type -> coder.agent.v2.ListSubAgentsRequest
-	57, // 78: coder.agent.v2.Agent.ReportBoundaryLogs:input_type -> coder.agent.v2.ReportBoundaryLogsRequest
-	59, // 79: coder.agent.v2.Agent.ReportRestart:input_type -> coder.agent.v2.ReportRestartRequest
-	17, // 80: coder.agent.v2.Agent.GetManifest:output_type -> coder.agent.v2.Manifest
-	20, // 81: coder.agent.v2.Agent.GetServiceBanner:output_type -> coder.agent.v2.ServiceBanner
-	24, // 82: coder.agent.v2.Agent.UpdateStats:output_type -> coder.agent.v2.UpdateStatsResponse
-	25, // 83: coder.agent.v2.Agent.UpdateLifecycle:output_type -> coder.agent.v2.Lifecycle
-	28, // 84: coder.agent.v2.Agent.BatchUpdateAppHealths:output_type -> coder.agent.v2.BatchUpdateAppHealthResponse
-	29, // 85: coder.agent.v2.Agent.UpdateStartup:output_type -> coder.agent.v2.Startup
-	33, // 86: coder.agent.v2.Agent.BatchUpdateMetadata:output_type -> coder.agent.v2.BatchUpdateMetadataResponse
-	36, // 87: coder.agent.v2.Agent.BatchCreateLogs:output_type -> coder.agent.v2.BatchCreateLogsResponse
-	38, // 88: coder.agent.v2.Agent.GetAnnouncementBanners:output_type -> coder.agent.v2.GetAnnouncementBannersResponse
-	41, // 89: coder.agent.v2.Agent.ScriptCompleted:output_type -> coder.agent.v2.WorkspaceAgentScriptCompletedResponse
-	44, // 90: coder.agent.v2.Agent.GetResourcesMonitoringConfiguration:output_type -> coder.agent.v2.GetResourcesMonitoringConfigurationResponse
-	46, // 91: coder.agent.v2.Agent.PushResourcesMonitoringUsage:output_type -> coder.agent.v2.PushResourcesMonitoringUsageResponse
-	82, // 92: coder.agent.v2.Agent.ReportConnection:output_type -> google.protobuf.Empty
-	51, // 93: coder.agent.v2.Agent.CreateSubAgent:output_type -> coder.agent.v2.CreateSubAgentResponse
-	53, // 94: coder.agent.v2.Agent.DeleteSubAgent:output_type -> coder.agent.v2.DeleteSubAgentResponse
-	55, // 95: coder.agent.v2.Agent.ListSubAgents:output_type -> coder.agent.v2.ListSubAgentsResponse
-	58, // 96: coder.agent.v2.Agent.ReportBoundaryLogs:output_type -> coder.agent.v2.ReportBoundaryLogsResponse
-	60, // 97: coder.agent.v2.Agent.ReportRestart:output_type -> coder.agent.v2.ReportRestartResponse
-	80, // [80:98] is the sub-list for method output_type
-	62, // [62:80] is the sub-list for method input_type
-	62, // [62:62] is the sub-list for extension type_name
-	62, // [62:62] is the sub-list for extension extendee
-	0,  // [0:62] is the sub-list for field type_name
+	50, // 43: coder.agent.v2.CreateSubAgentResponse.agent:type_name -> coder.agent.v2.SubAgent
+	78, // 44: coder.agent.v2.CreateSubAgentResponse.app_creation_errors:type_name -> coder.agent.v2.CreateSubAgentResponse.AppCreationError
+	50, // 45: coder.agent.v2.ListSubAgentsResponse.agents:type_name -> coder.agent.v2.SubAgent
+	82, // 46: coder.agent.v2.BoundaryLog.time:type_name -> google.protobuf.Timestamp
+	79, // 47: coder.agent.v2.BoundaryLog.http_request:type_name -> coder.agent.v2.BoundaryLog.HttpRequest
+	57, // 48: coder.agent.v2.ReportBoundaryLogsRequest.logs:type_name -> coder.agent.v2.BoundaryLog
+	14, // 49: coder.agent.v2.UpdateAppStatusRequest.state:type_name -> coder.agent.v2.UpdateAppStatusRequest.AppStatusState
+	80, // 50: coder.agent.v2.WorkspaceApp.Healthcheck.interval:type_name -> google.protobuf.Duration
+	82, // 51: coder.agent.v2.WorkspaceAgentMetadata.Result.collected_at:type_name -> google.protobuf.Timestamp
+	80, // 52: coder.agent.v2.WorkspaceAgentMetadata.Description.interval:type_name -> google.protobuf.Duration
+	80, // 53: coder.agent.v2.WorkspaceAgentMetadata.Description.timeout:type_name -> google.protobuf.Duration
+	3,  // 54: coder.agent.v2.Stats.Metric.type:type_name -> coder.agent.v2.Stats.Metric.Type
+	68, // 55: coder.agent.v2.Stats.Metric.labels:type_name -> coder.agent.v2.Stats.Metric.Label
+	0,  // 56: coder.agent.v2.BatchUpdateAppHealthRequest.HealthUpdate.health:type_name -> coder.agent.v2.AppHealth
+	82, // 57: coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint.collected_at:type_name -> google.protobuf.Timestamp
+	74, // 58: coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint.memory:type_name -> coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint.MemoryUsage
+	75, // 59: coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint.volumes:type_name -> coder.agent.v2.PushResourcesMonitoringUsageRequest.Datapoint.VolumeUsage
+	77, // 60: coder.agent.v2.CreateSubAgentRequest.App.healthcheck:type_name -> coder.agent.v2.CreateSubAgentRequest.App.Healthcheck
+	12, // 61: coder.agent.v2.CreateSubAgentRequest.App.open_in:type_name -> coder.agent.v2.CreateSubAgentRequest.App.OpenIn
+	13, // 62: coder.agent.v2.CreateSubAgentRequest.App.share:type_name -> coder.agent.v2.CreateSubAgentRequest.App.SharingLevel
+	20, // 63: coder.agent.v2.Agent.GetManifest:input_type -> coder.agent.v2.GetManifestRequest
+	22, // 64: coder.agent.v2.Agent.GetServiceBanner:input_type -> coder.agent.v2.GetServiceBannerRequest
+	24, // 65: coder.agent.v2.Agent.UpdateStats:input_type -> coder.agent.v2.UpdateStatsRequest
+	27, // 66: coder.agent.v2.Agent.UpdateLifecycle:input_type -> coder.agent.v2.UpdateLifecycleRequest
+	28, // 67: coder.agent.v2.Agent.BatchUpdateAppHealths:input_type -> coder.agent.v2.BatchUpdateAppHealthRequest
+	31, // 68: coder.agent.v2.Agent.UpdateStartup:input_type -> coder.agent.v2.UpdateStartupRequest
+	33, // 69: coder.agent.v2.Agent.BatchUpdateMetadata:input_type -> coder.agent.v2.BatchUpdateMetadataRequest
+	36, // 70: coder.agent.v2.Agent.BatchCreateLogs:input_type -> coder.agent.v2.BatchCreateLogsRequest
+	38, // 71: coder.agent.v2.Agent.GetAnnouncementBanners:input_type -> coder.agent.v2.GetAnnouncementBannersRequest
+	41, // 72: coder.agent.v2.Agent.ScriptCompleted:input_type -> coder.agent.v2.WorkspaceAgentScriptCompletedRequest
+	44, // 73: coder.agent.v2.Agent.GetResourcesMonitoringConfiguration:input_type -> coder.agent.v2.GetResourcesMonitoringConfigurationRequest
+	46, // 74: coder.agent.v2.Agent.PushResourcesMonitoringUsage:input_type -> coder.agent.v2.PushResourcesMonitoringUsageRequest
+	49, // 75: coder.agent.v2.Agent.ReportConnection:input_type -> coder.agent.v2.ReportConnectionRequest
+	51, // 76: coder.agent.v2.Agent.CreateSubAgent:input_type -> coder.agent.v2.CreateSubAgentRequest
+	53, // 77: coder.agent.v2.Agent.DeleteSubAgent:input_type -> coder.agent.v2.DeleteSubAgentRequest
+	55, // 78: coder.agent.v2.Agent.ListSubAgents:input_type -> coder.agent.v2.ListSubAgentsRequest
+	58, // 79: coder.agent.v2.Agent.ReportBoundaryLogs:input_type -> coder.agent.v2.ReportBoundaryLogsRequest
+	60, // 80: coder.agent.v2.Agent.UpdateAppStatus:input_type -> coder.agent.v2.UpdateAppStatusRequest
+	18, // 81: coder.agent.v2.Agent.GetManifest:output_type -> coder.agent.v2.Manifest
+	21, // 82: coder.agent.v2.Agent.GetServiceBanner:output_type -> coder.agent.v2.ServiceBanner
+	25, // 83: coder.agent.v2.Agent.UpdateStats:output_type -> coder.agent.v2.UpdateStatsResponse
+	26, // 84: coder.agent.v2.Agent.UpdateLifecycle:output_type -> coder.agent.v2.Lifecycle
+	29, // 85: coder.agent.v2.Agent.BatchUpdateAppHealths:output_type -> coder.agent.v2.BatchUpdateAppHealthResponse
+	30, // 86: coder.agent.v2.Agent.UpdateStartup:output_type -> coder.agent.v2.Startup
+	34, // 87: coder.agent.v2.Agent.BatchUpdateMetadata:output_type -> coder.agent.v2.BatchUpdateMetadataResponse
+	37, // 88: coder.agent.v2.Agent.BatchCreateLogs:output_type -> coder.agent.v2.BatchCreateLogsResponse
+	39, // 89: coder.agent.v2.Agent.GetAnnouncementBanners:output_type -> coder.agent.v2.GetAnnouncementBannersResponse
+	42, // 90: coder.agent.v2.Agent.ScriptCompleted:output_type -> coder.agent.v2.WorkspaceAgentScriptCompletedResponse
+	45, // 91: coder.agent.v2.Agent.GetResourcesMonitoringConfiguration:output_type -> coder.agent.v2.GetResourcesMonitoringConfigurationResponse
+	47, // 92: coder.agent.v2.Agent.PushResourcesMonitoringUsage:output_type -> coder.agent.v2.PushResourcesMonitoringUsageResponse
+	83, // 93: coder.agent.v2.Agent.ReportConnection:output_type -> google.protobuf.Empty
+	52, // 94: coder.agent.v2.Agent.CreateSubAgent:output_type -> coder.agent.v2.CreateSubAgentResponse
+	54, // 95: coder.agent.v2.Agent.DeleteSubAgent:output_type -> coder.agent.v2.DeleteSubAgentResponse
+	56, // 96: coder.agent.v2.Agent.ListSubAgents:output_type -> coder.agent.v2.ListSubAgentsResponse
+	59, // 97: coder.agent.v2.Agent.ReportBoundaryLogs:output_type -> coder.agent.v2.ReportBoundaryLogsResponse
+	61, // 98: coder.agent.v2.Agent.UpdateAppStatus:output_type -> coder.agent.v2.UpdateAppStatusResponse
+	81, // [81:99] is the sub-list for method output_type
+	63, // [63:81] is the sub-list for method input_type
+	63, // [63:63] is the sub-list for extension type_name
+	63, // [63:63] is the sub-list for extension extendee
+	0,  // [0:63] is the sub-list for field type_name
 }

 func init() { file_agent_proto_agent_proto_init() }
@@ -6275,7 +6341,7 @@ func file_agent_proto_agent_proto_init() {
 			}
 		}
 		file_agent_proto_agent_proto_msgTypes[45].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ReportRestartRequest); i {
+			switch v := v.(*UpdateAppStatusRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -6287,7 +6353,7 @@ func file_agent_proto_agent_proto_init() {
 			}
 		}
 		file_agent_proto_agent_proto_msgTypes[46].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ReportRestartResponse); i {
+			switch v := v.(*UpdateAppStatusResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -6507,7 +6573,7 @@ func file_agent_proto_agent_proto_init() {
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_agent_proto_agent_proto_rawDesc,
-			NumEnums:      14,
+			NumEnums:      15,
 			NumMessages:   65,
 			NumExtensions: 0,
 			NumServices:   1,
@@ -436,7 +436,7 @@ message CreateSubAgentRequest {
 	}

 	repeated DisplayApp display_apps = 6;
-	
+
 	optional bytes id = 7;
 }

@@ -494,17 +494,23 @@ message ReportBoundaryLogsRequest {

 message ReportBoundaryLogsResponse {}

-message ReportRestartRequest {
-	int32 restart_count = 1;
-	string kill_signal = 2;
-	// reason describes how the previous agent process exited.
-	// In the reaper (PID 1) path this is always "signal". In
-	// the systemd path it mirrors $SERVICE_RESULT and can be
-	// "signal", "exit-code", or another systemd result string.
-	string reason = 3;
+// UpdateAppStatusRequest updates the given Workspace App's status. c.f. agentsdk.PatchAppStatus
+message UpdateAppStatusRequest {
+  string slug = 1;
+
+  enum AppStatusState {
+    WORKING = 0;
+    IDLE = 1;
+    COMPLETE = 2;
+    FAILURE = 3;
+  }
+  AppStatusState state = 2;
+
+  string message = 3;
+  string uri = 4;
 }

-message ReportRestartResponse {}
+message UpdateAppStatusResponse {}

 service Agent {
 	rpc GetManifest(GetManifestRequest) returns (Manifest);
@@ -524,5 +530,5 @@ service Agent {
 	rpc DeleteSubAgent(DeleteSubAgentRequest) returns (DeleteSubAgentResponse);
 	rpc ListSubAgents(ListSubAgentsRequest) returns (ListSubAgentsResponse);
 	rpc ReportBoundaryLogs(ReportBoundaryLogsRequest) returns (ReportBoundaryLogsResponse);
-	rpc ReportRestart(ReportRestartRequest) returns (ReportRestartResponse);
+	rpc UpdateAppStatus(UpdateAppStatusRequest) returns (UpdateAppStatusResponse);
 }
@@ -56,7 +56,7 @@ type DRPCAgentClient interface {
 	DeleteSubAgent(ctx context.Context, in *DeleteSubAgentRequest) (*DeleteSubAgentResponse, error)
 	ListSubAgents(ctx context.Context, in *ListSubAgentsRequest) (*ListSubAgentsResponse, error)
 	ReportBoundaryLogs(ctx context.Context, in *ReportBoundaryLogsRequest) (*ReportBoundaryLogsResponse, error)
-	ReportRestart(ctx context.Context, in *ReportRestartRequest) (*ReportRestartResponse, error)
+	UpdateAppStatus(ctx context.Context, in *UpdateAppStatusRequest) (*UpdateAppStatusResponse, error)
 }

 type drpcAgentClient struct {
@@ -222,9 +222,9 @@ func (c *drpcAgentClient) ReportBoundaryLogs(ctx context.Context, in *ReportBoun
 	return out, nil
 }

-func (c *drpcAgentClient) ReportRestart(ctx context.Context, in *ReportRestartRequest) (*ReportRestartResponse, error) {
-	out := new(ReportRestartResponse)
-	err := c.cc.Invoke(ctx, "/coder.agent.v2.Agent/ReportRestart", drpcEncoding_File_agent_proto_agent_proto{}, in, out)
+func (c *drpcAgentClient) UpdateAppStatus(ctx context.Context, in *UpdateAppStatusRequest) (*UpdateAppStatusResponse, error) {
+	out := new(UpdateAppStatusResponse)
+	err := c.cc.Invoke(ctx, "/coder.agent.v2.Agent/UpdateAppStatus", drpcEncoding_File_agent_proto_agent_proto{}, in, out)
 	if err != nil {
 		return nil, err
 	}
@@ -249,7 +249,7 @@ type DRPCAgentServer interface {
 	DeleteSubAgent(context.Context, *DeleteSubAgentRequest) (*DeleteSubAgentResponse, error)
 	ListSubAgents(context.Context, *ListSubAgentsRequest) (*ListSubAgentsResponse, error)
 	ReportBoundaryLogs(context.Context, *ReportBoundaryLogsRequest) (*ReportBoundaryLogsResponse, error)
-	ReportRestart(context.Context, *ReportRestartRequest) (*ReportRestartResponse, error)
+	UpdateAppStatus(context.Context, *UpdateAppStatusRequest) (*UpdateAppStatusResponse, error)
 }

 type DRPCAgentUnimplementedServer struct{}
@@ -322,7 +322,7 @@ func (s *DRPCAgentUnimplementedServer) ReportBoundaryLogs(context.Context, *Repo
 	return nil, drpcerr.WithCode(errors.New("Unimplemented"), drpcerr.Unimplemented)
 }

-func (s *DRPCAgentUnimplementedServer) ReportRestart(context.Context, *ReportRestartRequest) (*ReportRestartResponse, error) {
+func (s *DRPCAgentUnimplementedServer) UpdateAppStatus(context.Context, *UpdateAppStatusRequest) (*UpdateAppStatusResponse, error) {
 	return nil, drpcerr.WithCode(errors.New("Unimplemented"), drpcerr.Unimplemented)
 }

@@ -486,14 +486,14 @@ func (DRPCAgentDescription) Method(n int) (string, drpc.Encoding, drpc.Receiver,
 					)
 			}, DRPCAgentServer.ReportBoundaryLogs, true
 	case 17:
-		return "/coder.agent.v2.Agent/ReportRestart", drpcEncoding_File_agent_proto_agent_proto{},
+		return "/coder.agent.v2.Agent/UpdateAppStatus", drpcEncoding_File_agent_proto_agent_proto{},
 			func(srv interface{}, ctx context.Context, in1, in2 interface{}) (drpc.Message, error) {
 				return srv.(DRPCAgentServer).
-					ReportRestart(
+					UpdateAppStatus(
 						ctx,
-						in1.(*ReportRestartRequest),
+						in1.(*UpdateAppStatusRequest),
 					)
-			}, DRPCAgentServer.ReportRestart, true
+			}, DRPCAgentServer.UpdateAppStatus, true
 	default:
 		return "", nil, nil, nil, false
 	}
@@ -775,16 +775,16 @@ func (x *drpcAgent_ReportBoundaryLogsStream) SendAndClose(m *ReportBoundaryLogsR
 	return x.CloseSend()
 }

-type DRPCAgent_ReportRestartStream interface {
+type DRPCAgent_UpdateAppStatusStream interface {
 	drpc.Stream
-	SendAndClose(*ReportRestartResponse) error
+	SendAndClose(*UpdateAppStatusResponse) error
 }

-type drpcAgent_ReportRestartStream struct {
+type drpcAgent_UpdateAppStatusStream struct {
 	drpc.Stream
 }

-func (x *drpcAgent_ReportRestartStream) SendAndClose(m *ReportRestartResponse) error {
+func (x *drpcAgent_UpdateAppStatusStream) SendAndClose(m *UpdateAppStatusResponse) error {
 	if err := x.MsgSend(m, drpcEncoding_File_agent_proto_agent_proto{}); err != nil {
 		return err
 	}
@@ -73,16 +73,13 @@ type DRPCAgentClient27 interface {
 	ReportBoundaryLogs(ctx context.Context, in *ReportBoundaryLogsRequest) (*ReportBoundaryLogsResponse, error)
 }

-// DRPCAgentClient28 is the Agent API at v2.8. It adds a SubagentId field to the
-// WorkspaceAgentDevcontainer message, and a Id field to the CreateSubAgentRequest
-// message. Compatible with Coder v2.31+
+// DRPCAgentClient28 is the Agent API at v2.8. It adds
+//   - a SubagentId field to the WorkspaceAgentDevcontainer message
+//   - an Id field to the CreateSubAgentRequest message.
+//   - UpdateAppStatus RPC.
+//
+// Compatible with Coder v2.31+
 type DRPCAgentClient28 interface {
 	DRPCAgentClient27
-}
-
-// DRPCAgentClient29 is the Agent API at v2.9. It adds the ReportRestart RPC
-// for reporting agent restarts after OOM kills or other SIGKILL events.
-type DRPCAgentClient29 interface {
-	DRPCAgentClient28
-	ReportRestart(ctx context.Context, in *ReportRestartRequest) (*ReportRestartResponse, error)
+	UpdateAppStatus(ctx context.Context, in *UpdateAppStatusRequest) (*UpdateAppStatusResponse, error)
 }
@@ -2,7 +2,7 @@ package reaper

 import (
 	"os"
-	"time"
+	"sync"

 	"github.com/hashicorp/go-reap"

@@ -43,50 +43,42 @@ func WithLogger(logger slog.Logger) Option {
 	}
 }

-// WithMaxRestarts sets the maximum number of times the child process
-// will be restarted after being killed by SIGKILL within the restart
-// window. Default is 5.
-func WithMaxRestarts(n int) Option {
+// WithReaperStop sets a channel that, when closed, stops the reaper
+// goroutine. Callers that invoke ForkReap more than once in the
+// same process (e.g. tests) should use this to prevent goroutine
+// accumulation.
+func WithReaperStop(ch chan struct{}) Option {
 	return func(o *options) {
-		o.MaxRestarts = n
+		o.ReaperStop = ch
 	}
 }

-// WithRestartWindow sets the sliding time window within which restart
-// attempts are counted. If the max restarts are exhausted within this
-// window, the reaper gives up. Default is 10 minutes.
-func WithRestartWindow(d time.Duration) Option {
+// WithReaperStopped sets a channel that is closed after the
+// reaper goroutine has fully exited.
+func WithReaperStopped(ch chan struct{}) Option {
 	return func(o *options) {
-		o.RestartWindow = d
+		o.ReaperStopped = ch
 	}
 }

-// WithRestartBaseDelay sets the initial backoff delay before restarting
-// the child process. The delay doubles on each subsequent restart.
-// Default is 1 second.
-func WithRestartBaseDelay(d time.Duration) Option {
+// WithReapLock sets a mutex shared between the reaper and Wait4.
+// The reaper holds the write lock while reaping, and ForkReap
+// holds the read lock during Wait4, preventing the reaper from
+// stealing the child's exit status. This is only needed for
+// tests with instant-exit children where the race window is
+// large.
+func WithReapLock(mu *sync.RWMutex) Option {
 	return func(o *options) {
-		o.RestartBaseDelay = d
-	}
-}
-
-// WithRestartMaxDelay sets the maximum backoff delay before restarting
-// the child process. Default is 60 seconds.
-func WithRestartMaxDelay(d time.Duration) Option {
-	return func(o *options) {
-		o.RestartMaxDelay = d
+		o.ReapLock = mu
 	}
 }

 type options struct {
-	ExecArgs     []string
-	PIDs         reap.PidCh
-	CatchSignals []os.Signal
-	Logger       slog.Logger
-
-	// Restart options for crash-loop recovery (e.g. OOM kills).
-	MaxRestarts      int
-	RestartWindow    time.Duration
-	RestartBaseDelay time.Duration
-	RestartMaxDelay  time.Duration
+	ExecArgs      []string
+	PIDs          reap.PidCh
+	CatchSignals  []os.Signal
+	Logger        slog.Logger
+	ReaperStop    chan struct{}
+	ReaperStopped chan struct{}
+	ReapLock      *sync.RWMutex
 }
@@ -2,15 +2,6 @@

 package reaper

-const (
-	// StartCountFile tracks how many times the agent process has
-	// started. A value > 1 indicates the agent was restarted.
-	StartCountFile = "/tmp/coder-agent-start-count.txt"
-	// KillSignalFile records the signal that terminated the
-	// previous agent process.
-	KillSignalFile = "/tmp/coder-agent-kill-signal.txt"
-)
-
 // IsInitProcess returns true if the current process's PID is 1.
 func IsInitProcess() bool {
 	return false
@@ -19,27 +10,3 @@ func IsInitProcess() bool {
 func ForkReap(_ ...Option) (int, error) {
 	return 0, nil
 }
-
-// WriteStartCount is a no-op on non-Linux platforms.
-func WriteStartCount(_ int) error {
-	return nil
-}
-
-// WriteKillSignal is a no-op on non-Linux platforms.
-func WriteKillSignal(_ string) error {
-	return nil
-}
-
-// ReadKillSignal returns empty on non-Linux platforms.
-func ReadKillSignal() string {
-	return ""
-}
-
-// ParseKillSignal parses the kill signal file content on
-// non-Linux platforms. Always returns empty strings.
-func ParseKillSignal(_ string) (reason, value string) {
-	return "", ""
-}
-
-// ClearRestartState is a no-op on non-Linux platforms.
-func ClearRestartState() {}
@@ -7,6 +7,7 @@ import (
 	"os"
 	"os/exec"
 	"os/signal"
+	"sync"
 	"syscall"
 	"testing"
 	"time"
@@ -18,25 +19,79 @@ import (
 	"github.com/coder/coder/v2/testutil"
 )

-// TestReap checks that's the reaper is successfully reaping
-// exited processes and passing the PIDs through the shared
-// channel.
+// subprocessEnvKey is set when a test re-execs itself as an
+// isolated subprocess. Tests that call ForkReap or send signals
+// to their own process check this to decide whether to run real
+// test logic or launch the subprocess and wait for it.
+const subprocessEnvKey = "CODER_REAPER_TEST_SUBPROCESS"
+
+// runSubprocess re-execs the current test binary in a new process
+// running only the named test. This isolates ForkReap's
+// syscall.ForkExec and any process-directed signals (e.g. SIGINT)
+// from the parent test binary, making these tests safe to run in
+// CI and alongside other tests.
 //
-//nolint:paralleltest
+// Returns true inside the subprocess (caller should proceed with
+// the real test logic). Returns false in the parent after the
+// subprocess exits successfully (caller should return).
+func runSubprocess(t *testing.T) bool {
+	t.Helper()
+
+	if os.Getenv(subprocessEnvKey) == "1" {
+		return true
+	}
+
+	ctx := testutil.Context(t, testutil.WaitMedium)
+
+	//nolint:gosec // Test-controlled arguments.
+	cmd := exec.CommandContext(ctx, os.Args[0],
+		"-test.run=^"+t.Name()+"$",
+		"-test.v",
+	)
+	cmd.Env = append(os.Environ(), subprocessEnvKey+"=1")
+
+	out, err := cmd.CombinedOutput()
+	t.Logf("Subprocess output:\n%s", out)
+	require.NoError(t, err, "subprocess failed")
+
+	return false
+}
+
+// withDone returns options that stop the reaper goroutine when t
+// completes and wait for it to fully exit, preventing
+// overlapping reapers across sequential subtests.
+func withDone(t *testing.T) []reaper.Option {
+	t.Helper()
+	stop := make(chan struct{})
+	stopped := make(chan struct{})
+	t.Cleanup(func() {
+		close(stop)
+		<-stopped
+	})
+	return []reaper.Option{
+		reaper.WithReaperStop(stop),
+		reaper.WithReaperStopped(stopped),
+	}
+}
+
+// TestReap checks that the reaper successfully reaps exited
+// processes and passes their PIDs through the shared channel.
 func TestReap(t *testing.T) {
-	// Don't run the reaper test in CI. It does weird
-	// things like forkexecing which may have unintended
-	// consequences in CI.
-	if testutil.InCI() {
-		t.Skip("Detected CI, skipping reaper tests")
+	t.Parallel()
+	if !runSubprocess(t) {
+		return
 	}

 	pids := make(reap.PidCh, 1)
-	exitCode, err := reaper.ForkReap(
+	var reapLock sync.RWMutex
+	opts := append([]reaper.Option{
 		reaper.WithPIDCallback(pids),
-		// Provide some argument that immediately exits.
 		reaper.WithExecArgs("/bin/sh", "-c", "exit 0"),
-	)
+		reaper.WithReapLock(&reapLock),
+	}, withDone(t)...)
+	reapLock.RLock()
+	exitCode, err := reaper.ForkReap(opts...)
+	reapLock.RUnlock()
 	require.NoError(t, err)
 	require.Equal(t, 0, exitCode)

@@ -56,7 +111,7 @@ func TestReap(t *testing.T) {

 	expectedPIDs := []int{cmd.Process.Pid, cmd2.Process.Pid}

-	for i := 0; i < len(expectedPIDs); i++ {
+	for range len(expectedPIDs) {
 		select {
 		case <-time.After(testutil.WaitShort):
 			t.Fatalf("Timed out waiting for process")
@@ -66,10 +121,11 @@ func TestReap(t *testing.T) {
 	}
 }

-//nolint:paralleltest
+//nolint:tparallel // Subtests must be sequential, each starts its own reaper.
 func TestForkReapExitCodes(t *testing.T) {
-	if testutil.InCI() {
-		t.Skip("Detected CI, skipping reaper tests")
+	t.Parallel()
+	if !runSubprocess(t) {
+		return
 	}

 	tests := []struct {
@@ -85,56 +141,31 @@ func TestForkReapExitCodes(t *testing.T) {
 		{"SIGTERM", "kill -15 $$", 128 + 15},
 	}

+	//nolint:paralleltest // Subtests must be sequential, each starts its own reaper.
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			exitCode, err := reaper.ForkReap(
+			var reapLock sync.RWMutex
+			opts := append([]reaper.Option{
 				reaper.WithExecArgs("/bin/sh", "-c", tt.command),
-			)
+				reaper.WithReapLock(&reapLock),
+			}, withDone(t)...)
+			reapLock.RLock()
+			exitCode, err := reaper.ForkReap(opts...)
+			reapLock.RUnlock()
 			require.NoError(t, err)
 			require.Equal(t, tt.expectedCode, exitCode, "exit code mismatch for %q", tt.command)
 		})
 	}
 }

-func TestParseKillSignal(t *testing.T) {
-	t.Parallel()
-
-	tests := []struct {
-		raw            string
-		expectedReason string
-		expectedValue  string
-	}{
-		// Reaper path: "signal:killed"
-		{"signal:killed", "signal", "killed"},
-		// Systemd path: signal death
-		{"signal:SIGKILL", "signal", "SIGKILL"},
-		{"signal:SIGABRT", "signal", "SIGABRT"},
-		// Systemd path: exit code
-		{"exit-code:2", "exit-code", "2"},
-		{"exit-code:134", "exit-code", "134"},
-		// Empty
-		{"", "", ""},
-		// Legacy format (no colon)
-		{"killed", "", "killed"},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.raw, func(t *testing.T) {
-			t.Parallel()
-			reason, value := reaper.ParseKillSignal(tt.raw)
-			require.Equal(t, tt.expectedReason, reason)
-			require.Equal(t, tt.expectedValue, value)
-		})
-	}
-}
-
-//nolint:paralleltest // Signal handling.
+// TestReapInterrupt verifies that ForkReap forwards caught signals
+// to the child process. The test sends SIGINT to its own process
+// and checks that the child receives it. Running in a subprocess
+// ensures SIGINT cannot kill the parent test binary.
 func TestReapInterrupt(t *testing.T) {
-	// Don't run the reaper test in CI. It does weird
-	// things like forkexecing which may have unintended
-	// consequences in CI.
-	if testutil.InCI() {
-		t.Skip("Detected CI, skipping reaper tests")
+	t.Parallel()
+	if !runSubprocess(t) {
+		return
 	}

 	errC := make(chan error, 1)
@@ -147,23 +178,28 @@ func TestReapInterrupt(t *testing.T) {
 	defer signal.Stop(usrSig)

 	go func() {
-		exitCode, err := reaper.ForkReap(
+		opts := append([]reaper.Option{
 			reaper.WithPIDCallback(pids),
 			reaper.WithCatchSignals(os.Interrupt),
 			// Signal propagation does not extend to children of children, so
 			// we create a little bash script to ensure sleep is interrupted.
-			reaper.WithExecArgs("/bin/sh", "-c", fmt.Sprintf("pid=0; trap 'kill -USR2 %d; kill -TERM $pid' INT; sleep 10 &\npid=$!; kill -USR1 %d; wait", os.Getpid(), os.Getpid())),
-		)
+			reaper.WithExecArgs("/bin/sh", "-c", fmt.Sprintf(
+				"pid=0; trap 'kill -USR2 %d; kill -TERM $pid' INT; sleep 10 &\npid=$!; kill -USR1 %d; wait",
+				os.Getpid(), os.Getpid(),
+			)),
+		}, withDone(t)...)
+		exitCode, err := reaper.ForkReap(opts...)
 		// The child exits with 128 + SIGTERM (15) = 143, but the trap catches
 		// SIGINT and sends SIGTERM to the sleep process, so exit code varies.
 		_ = exitCode
 		errC <- err
 	}()

-	require.Equal(t, <-usrSig, syscall.SIGUSR1)
+	require.Equal(t, syscall.SIGUSR1, <-usrSig)
+
 	err := syscall.Kill(os.Getpid(), syscall.SIGINT)
 	require.NoError(t, err)
-	require.Equal(t, <-usrSig, syscall.SIGUSR2)

+	require.Equal(t, syscall.SIGUSR2, <-usrSig)
 	require.NoError(t, <-errC)
 }
@@ -4,14 +4,9 @@ package reaper

 import (
 	"context"
-	"fmt"
-	"math/rand"
 	"os"
 	"os/signal"
-	"strings"
-	"sync"
 	"syscall"
-	"time"

 	"github.com/hashicorp/go-reap"
 	"golang.org/x/xerrors"
@@ -19,99 +14,67 @@ import (
 	"cdr.dev/slog/v3"
 )

-const (
-	defaultMaxRestarts      = 5
-	defaultRestartWindow    = 10 * time.Minute
-	defaultRestartBaseDelay = 1 * time.Second
-	defaultRestartMaxDelay  = 60 * time.Second
-
-	// StartCountFile tracks how many times the agent process has
-	// started. A value > 1 indicates the agent was restarted
-	// (e.g. after an OOM kill). The file is written by the reaper
-	// in PID 1 mode and by the agent itself in systemd mode. It
-	// is deleted on graceful shutdown.
-	StartCountFile = "/tmp/coder-agent-start-count.txt"
-	// KillSignalFile records the signal that terminated the
-	// previous agent process (e.g. "SIGKILL"). Written by the
-	// reaper after wait4 in the PID 1 path, or by systemd's
-	// ExecStopPost in the supervised path. Deleted on graceful
-	// shutdown.
-	KillSignalFile = "/tmp/coder-agent-kill-signal.txt"
-)
-
 // IsInitProcess returns true if the current process's PID is 1.
 func IsInitProcess() bool {
 	return os.Getpid() == 1
 }

-// catchSignalsWithStop catches the given signals and forwards them to
-// the child process. On the first signal received, it closes the
-// stopping channel to indicate that the reaper should not restart the
-// child. Subsequent signals are still forwarded. The goroutine exits
-// when the done channel is closed (typically after Wait4 returns).
-func catchSignalsWithStop(logger slog.Logger, pid int, sigs []os.Signal, stopping chan struct{}, once *sync.Once, done <-chan struct{}) {
+// startSignalForwarding registers signal handlers synchronously
+// then forwards caught signals to the child in a background
+// goroutine. Registering before the goroutine starts ensures no
+// signal is lost between ForkExec and the handler being ready.
+func startSignalForwarding(logger slog.Logger, pid int, sigs []os.Signal) {
 	if len(sigs) == 0 {
 		return
 	}

 	sc := make(chan os.Signal, 1)
 	signal.Notify(sc, sigs...)
-	defer signal.Stop(sc)

 	logger.Info(context.Background(), "reaper catching signals",
 		slog.F("signals", sigs),
 		slog.F("child_pid", pid),
 	)

-	for {
-		select {
-		case <-done:
-			return
-		case s := <-sc:
+	go func() {
+		defer signal.Stop(sc)
+		for s := range sc {
 			sig, ok := s.(syscall.Signal)
-			if !ok {
-				continue
+			if ok {
+				logger.Info(context.Background(), "reaper caught signal, killing child process",
+					slog.F("signal", sig.String()),
+					slog.F("child_pid", pid),
+				)
+				_ = syscall.Kill(pid, sig)
 			}
-			// Signal that we're intentionally stopping — suppress
-			// restart after the child exits.
-			once.Do(func() { close(stopping) })
-			logger.Info(context.Background(), "reaper caught signal, forwarding to child",
-				slog.F("signal", sig.String()),
-				slog.F("child_pid", pid),
-			)
-			_ = syscall.Kill(pid, sig)
 		}
-	}
+	}()
 }

 // ForkReap spawns a goroutine that reaps children. In order to avoid
 // complications with spawning `exec.Commands` in the same process that
 // is reaping, we forkexec a child process. This prevents a race between
 // the reaper and an exec.Command waiting for its process to complete.
-// The provided 'pids' channel may be nil if the caller does not care
-// about the reaped children PIDs.
+// The provided 'pids' channel may be nil if the caller does not care about the
+// reaped children PIDs.
 //
-// If the child process is killed by SIGKILL (e.g. by the OOM killer),
-// ForkReap will restart it with exponential backoff, up to MaxRestarts
-// times within RestartWindow. If the reaper receives a stop signal
-// (via CatchSignals), it will not restart the child after it exits.
-//
-// Returns the child's exit code (using 128+signal for signal
-// termination) and any error from Wait4.
+// Returns the child's exit code (using 128+signal for signal termination)
+// and any error from Wait4.
 func ForkReap(opt ...Option) (int, error) {
 	opts := &options{
-		ExecArgs:         os.Args,
-		MaxRestarts:      defaultMaxRestarts,
-		RestartWindow:    defaultRestartWindow,
-		RestartBaseDelay: defaultRestartBaseDelay,
-		RestartMaxDelay:  defaultRestartMaxDelay,
+		ExecArgs: os.Args,
 	}

 	for _, o := range opt {
 		o(opts)
 	}

-	go reap.ReapChildren(opts.PIDs, nil, nil, nil)
+	go func() {
+		reap.ReapChildren(opts.PIDs, nil, opts.ReaperStop, opts.ReapLock)
+		if opts.ReaperStopped != nil {
+			close(opts.ReaperStopped)
+		}
+	}()

 	pwd, err := os.Getwd()
 	if err != nil {
@@ -131,191 +94,31 @@ func ForkReap(opt ...Option) (int, error) {
 		},
 	}

-	// Track whether we've been told to stop via a caught signal.
-	stopping := make(chan struct{})
-	var stoppingOnce sync.Once
+	//#nosec G204
+	pid, err := syscall.ForkExec(opts.ExecArgs[0], opts.ExecArgs, pattrs)
+	if err != nil {
+		return 1, xerrors.Errorf("fork exec: %w", err)
+	}

-	var restartCount int
-	var restartTimes []time.Time
+	startSignalForwarding(opts.Logger, pid, opts.CatchSignals)

-	for {
-		// Write the start count before forking so the child can
-		// detect restarts. Start count = restartCount + 1 (first
-		// start is 1, first restart is 2, etc.).
-		if err := WriteStartCount(restartCount + 1); err != nil {
-			opts.Logger.Error(context.Background(), "failed to write start count file", slog.Error(err))
-		}
-
-		//#nosec G204
-		pid, err := syscall.ForkExec(opts.ExecArgs[0], opts.ExecArgs, pattrs)
-		if err != nil {
-			return 1, xerrors.Errorf("fork exec: %w", err)
-		}
-
-		childDone := make(chan struct{})
-		go catchSignalsWithStop(opts.Logger, pid, opts.CatchSignals, stopping, &stoppingOnce, childDone)
-
-		var wstatus syscall.WaitStatus
+	var wstatus syscall.WaitStatus
+	_, err = syscall.Wait4(pid, &wstatus, 0, nil)
+	for xerrors.Is(err, syscall.EINTR) {
 		_, err = syscall.Wait4(pid, &wstatus, 0, nil)
-		for xerrors.Is(err, syscall.EINTR) {
-			_, err = syscall.Wait4(pid, &wstatus, 0, nil)
-		}
-
-		// Stop the signal-forwarding goroutine now that the child
-		// has exited, before we potentially loop and spawn a new one.
-		close(childDone)
-
-		exitCode := convertExitCode(wstatus)
-
-		if !shouldRestart(wstatus, stopping, restartTimes, opts) {
-			return exitCode, err
-		}
-
-		// Record the signal that killed the child so the next
-		// instance can report it to coderd. Format matches
-		// the systemd path: "signal:<name>".
-		if wstatus.Signaled() {
-			if err := WriteKillSignal(fmt.Sprintf("signal:%s", wstatus.Signal().String())); err != nil {
-				opts.Logger.Error(context.Background(), "failed to write kill signal file", slog.Error(err))
-			}
-		}
-
-		restartCount++
-		restartTimes = append(restartTimes, time.Now())
-		delay := backoffDelay(restartCount, opts.RestartBaseDelay, opts.RestartMaxDelay)
-		opts.Logger.Warn(context.Background(), "child process killed, restarting",
-			slog.F("restart_count", restartCount),
-			slog.F("signal", wstatus.Signal()),
-			slog.F("delay", delay),
-		)
-
-		select {
-		case <-time.After(delay):
-			// Continue to restart.
-		case <-stopping:
-			return exitCode, err
-		}
-	}
-}
-
-// shouldRestart determines whether the child process should be
-// restarted based on its exit status, whether we're stopping, and
-// how many recent restarts have occurred.
-func shouldRestart(wstatus syscall.WaitStatus, stopping <-chan struct{}, restartTimes []time.Time, opts *options) bool {
-	// Don't restart if we've been told to stop.
-	select {
-	case <-stopping:
-		return false
-	default:
 	}

-	// Only restart on SIGKILL (signal 9), which is what the OOM
-	// killer sends. Other signals (SIGTERM, SIGINT, etc.) indicate
-	// intentional termination.
-	if !wstatus.Signaled() || wstatus.Signal() != syscall.SIGKILL {
-		return false
-	}
-
-	// Count restarts within the sliding window.
-	cutoff := time.Now().Add(-opts.RestartWindow)
-	recentCount := 0
-	for _, t := range restartTimes {
-		if t.After(cutoff) {
-			recentCount++
-		}
-	}
-	return recentCount < opts.MaxRestarts
-}
-
-// convertExitCode converts a wait status to an exit code using
-// standard Unix conventions.
-func convertExitCode(wstatus syscall.WaitStatus) int {
+	// Convert wait status to exit code using standard Unix conventions:
+	// - Normal exit: use the exit code
+	// - Signal termination: use 128 + signal number
+	var exitCode int
 	switch {
 	case wstatus.Exited():
-		return wstatus.ExitStatus()
+		exitCode = wstatus.ExitStatus()
 	case wstatus.Signaled():
-		return 128 + int(wstatus.Signal())
+		exitCode = 128 + int(wstatus.Signal())
 	default:
-		return 1
+		exitCode = 1
 	}
-}
-
-// backoffDelay computes an exponential backoff delay with jitter.
-// The delay doubles on each attempt, capped at maxDelay, with
-// 0-25% jitter added to prevent thundering herd.
-func backoffDelay(attempt int, baseDelay, maxDelay time.Duration) time.Duration {
-	// Cap the shift amount to prevent overflow. With a 1s base
-	// delay, shift > 60 would overflow time.Duration (int64).
-	shift := attempt - 1
-	if shift > 60 {
-		shift = 60
-	}
-	// #nosec G115 - shift is capped above, so this is safe.
-	delay := baseDelay * time.Duration(1<<uint(shift))
-	if delay > maxDelay {
-		delay = maxDelay
-	}
-	// Add 0-25% jitter.
-	if delay > 0 {
-		//nolint:gosec // Jitter doesn't need cryptographic randomness.
-		jitter := time.Duration(rand.Int63n(int64(delay / 4)))
-		delay += jitter
-	}
-	return delay
-}
-
-// WriteStartCount writes the start count to the well-known file.
-// The reaper calls this before forking each child so the agent
-// can detect it has been restarted (start count > 1).
-func WriteStartCount(count int) error {
-	if err := os.WriteFile(StartCountFile, []byte(fmt.Sprintf("%d", count)), 0o644); err != nil {
-		return xerrors.Errorf("write start count file: %w", err)
-	}
-	return nil
-}
-
-// WriteKillSignal writes the kill signal info to the well-known file
-// so the agent can report it to coderd. The format is
-// "<service_result>:<exit_status>", e.g. "signal:killed" (reaper
-// path) or "signal:SIGKILL" / "exit-code:2" (systemd path).
-func WriteKillSignal(sig string) error {
-	if err := os.WriteFile(KillSignalFile, []byte(sig), 0o644); err != nil {
-		return xerrors.Errorf("write kill signal file: %w", err)
-	}
-	return nil
-}
-
-// ReadKillSignal reads the kill signal from the well-known file.
-// Returns an empty string if the file doesn't exist.
-func ReadKillSignal() string {
-	data, err := os.ReadFile(KillSignalFile)
-	if err != nil {
-		return ""
-	}
-	return strings.TrimSpace(string(data))
-}
-
-// ParseKillSignal parses the kill signal file content into its
-// components. The format is "<reason>:<value>", e.g.
-// "signal:killed" or "exit-code:2". Returns the reason
-// (e.g. "signal", "exit-code") and the value (e.g. "killed",
-// "SIGKILL", "2"). For legacy format (no colon), returns empty
-// reason and the raw value.
-func ParseKillSignal(raw string) (reason, value string) {
-	if raw == "" {
-		return "", ""
-	}
-	if idx := strings.IndexByte(raw, ':'); idx >= 0 {
-		return raw[:idx], raw[idx+1:]
-	}
-	// Legacy format: just the signal name.
-	return "", raw
-}
-
-// ClearRestartState deletes the start count and kill signal files.
-// This should be called on graceful shutdown so the next start
-// begins fresh.
-func ClearRestartState() {
-	_ = os.Remove(StartCountFile)
-	_ = os.Remove(KillSignalFile)
+	return exitCode, err
 }
@@ -3,11 +3,11 @@
 		"enabled": true,
 		"clientKind": "git",
 		"useIgnoreFile": true,
-		"defaultBranch": "main"
+		"defaultBranch": "main",
 	},
 	"files": {
 		"includes": ["**", "!**/pnpm-lock.yaml"],
-		"ignoreUnknown": true
+		"ignoreUnknown": true,
 	},
 	"linter": {
 		"rules": {
@@ -15,18 +15,18 @@
 				"noSvgWithoutTitle": "off",
 				"useButtonType": "off",
 				"useSemanticElements": "off",
-				"noStaticElementInteractions": "off"
+				"noStaticElementInteractions": "off",
 			},
-		"correctness": {
-			"noUnusedImports": "warn",
+			"correctness": {
+				"noUnusedImports": "warn",
 				"useUniqueElementIds": "off", // TODO: This is new but we want to fix it
 				"noNestedComponentDefinitions": "off", // TODO: Investigate, since it is used by shadcn components
-			"noUnusedVariables": {
-				"level": "warn",
+				"noUnusedVariables": {
+					"level": "warn",
 					"options": {
-						"ignoreRestSiblings": true
-					}
-				}
+						"ignoreRestSiblings": true,
+					},
+				},
 			},
 			"style": {
 				"noNonNullAssertion": "off",
@@ -45,6 +45,10 @@
 					"level": "error",
 					"options": {
 						"paths": {
+							"react": {
+								"message": "React 19 no longer requires forwardRef. Use ref as a prop instead.",
+								"importNames": ["forwardRef"],
+							},
 							// "@mui/material/Alert": "Use components/Alert/Alert instead.",
 							// "@mui/material/AlertTitle": "Use components/Alert/Alert instead.",
 							// "@mui/material/Autocomplete": "Use shadcn/ui Combobox instead.",
@@ -111,10 +115,10 @@
 							"@emotion/styled": "Use Tailwind CSS instead.",
 							// "@emotion/cache": "Use Tailwind CSS instead.",
 							// "components/Stack/Stack": "Use Tailwind flex utilities instead (e.g., <div className='flex flex-col gap-4'>).",
-							"lodash": "Use lodash/<name> instead."
-						}
-					}
-				}
+							"lodash": "Use lodash/<name> instead.",
+						},
+					},
+				},
 			},
 			"suspicious": {
 				"noArrayIndexKey": "off",
@@ -125,14 +129,14 @@
 				"noConsole": {
 					"level": "error",
 					"options": {
-						"allow": ["error", "info", "warn"]
-					}
-				}
+						"allow": ["error", "info", "warn"],
+					},
+				},
 			},
 			"complexity": {
-				"noImportantStyles": "off" // TODO: check and fix !important styles
-			}
-		}
+				"noImportantStyles": "off", // TODO: check and fix !important styles
+			},
+		},
 	},
-	"$schema": "./node_modules/@biomejs/biome/configuration_schema.json"
+	"$schema": "./node_modules/@biomejs/biome/configuration_schema.json",
 }
--- a/Show More
+++ b/Show More