feat: comprehensive amazon-q module v2.0.0 enhancements

- Enhanced security: Changed trust_all_tools default from true to false
- Updated versions: amazon_q_version to 1.14.1, agentapi_version to v0.6.0
- Fixed server parameters: Corrected ARG_SERVER_PARAMETERS with -c flag
- Improved configuration: Better parameter handling and flexibility
- Clean documentation: Removed temporary changelog, maintained sync with code
- Professional quality: Consistent formatting and comprehensive updates

- Dynamic agent name extraction from agent_config JSON 'name' field
- Agent-specific configuration files: ~/.aws/amazonq/cli-agents/{agent_name}.json
- Configurable q_install_url parameter for enterprise/air-gapped environments
- Default q_install_url: https://desktop-release.q.us-east-1.amazonaws.com
- Unified URL construction for both x86_64 and aarch64 architectures
- Enhanced MCP integration with agent-specific configuration
- Improved install script with agent name and URL parameters
- Comprehensive air-gapped installation documentation and examples
- Clean separation: install-time configuration vs runtime execution
- Backward compatibility with default agent name fallback
- Enhanced logging and debugging output for troubleshooting

- Comprehensive Dependencies section documenting AgentAPI requirements
- AgentAPI Coder Module v1.1.1 (registry.coder.com/coder/agentapi/coder)
- AgentAPI Binary v0.6.0 (configurable via agentapi_version parameter)
- Clear component separation: module lifecycle vs runtime functionality
- Version management guidance: fixed module vs configurable binary versions
- Architecture documentation: two-layer dependency explanation
- Upgrade path clarity for both AgentAPI components

- Removed folder variable and ARG_FOLDER usage for simplification
- Use HOME directory directly instead of configurable folder parameter
- Simplified working directory logic and parameter passing
- Reduced configuration complexity and unnecessary variables
- Cleaner start script with consistent HOME-based working environment
- Updated documentation to reflect simplified variable set

- Interactive mode with MCP reporting when no AI prompt provided
- Consistent coder_report_task tool integration for all usage scenarios
- Enhanced user experience for both automated and manual operations
- Proper MCP communication in prompted and interactive modes

- Code improvements and documentation enhancements
- Enhanced README formatting and clarity
- Improved script logic and error handling
- Refined user experience and code maintainability
- Minor script improvements for enhanced functionality and reliability
- Latest main.tf configuration improvements and module enhancements
- Enhanced start.sh script functionality and reliability improvements
- Continuous main.tf updates with enhanced functionality and performance

Author: Michael Orlov

registry/coder/modules/amazon-q/README.md

@@ -34,6 +34,40 @@ module "amazon-q" {
 - **🛠️ Tool Trust**: Configurable tool trust settings
 - **📁 Flexible Deployment**: Configurable working directory and module structure
 
+## Dependencies
+
+This module has critical dependencies on AgentAPI components for proper web integration and interactive functionality:
+
+### AgentAPI Coder Module
+
+- **Module**: `registry.coder.com/coder/agentapi/coder`
+- **Version**: `1.1.1` (hardcoded in module)
+- **Purpose**: Provides the Coder module infrastructure for AgentAPI integration
+- **Functionality**: Handles module lifecycle, configuration, and Coder-specific integration
+
+### AgentAPI Binary
+
+- **Binary Version**: `v0.6.0` (configurable via `agentapi_version` parameter)
+- **Installation**: Automatically downloaded and installed when `install_agentapi = true`
+- **Purpose**: The actual AgentAPI server binary that runs the web interface
+- **Functionality**: Provides the runtime server for web-based interactions
+
+**Why Both Components are Required:**
+
+- **Coder Module (1.1.1)**: Integrates AgentAPI into the Coder ecosystem and manages the module lifecycle
+- **AgentAPI Binary (v0.6.0)**: Provides the actual web interface and interactive functionality
+- **Web Interface**: Enables web-based chat interface accessible through Coder
+- **Session Management**: Handles interactive sessions and maintains state
+- **MCP Protocol**: Facilitates Model Context Protocol communication for task reporting
+- **Real-time Updates**: Enables live progress reporting through the `coder_report_task` tool
+
+**Version Compatibility:**
+
+- **Module Version**: Fixed at `1.1.1` for stability and compatibility
+- **Binary Version**: Configurable (default `v0.6.0`) to allow updates and customization
+- **Coder Integration**: Ensure your Coder deployment supports both component versions
+- **Upgrade Path**: Binary version can be updated via `agentapi_version` parameter
+
 ## Prerequisites
 
 ### Authentication Tarball (Required)
@@ -102,20 +136,20 @@ variable "amazon_q_auth_tarball" {
 
 ### Optional Variables
 
-| Variable              | Type     | Default         | Description                                                                                           |
-| --------------------- | -------- | --------------- | ----------------------------------------------------------------------------------------------------- |
-| `auth_tarball`        | `string` | `""`            | Base64 encoded, zstd compressed tarball of authenticated Amazon Q directory                           |
-| `amazon_q_version`    | `string` | `"latest"`      | Version of Amazon Q to install                                                                        |
-| `install_amazon_q`    | `bool`   | `true`          | Whether to install Amazon Q CLI                                                                       |
-| `install_agentapi`    | `bool`   | `true`          | Whether to install AgentAPI for web integration                                                       |
-| `agentapi_version`    | `string` | `"v0.5.0"`      | Version of AgentAPI to install                                                                        |
-| `folder`              | `string` | `"/home/coder"` | Working directory for Amazon Q                                                                        |
-| `trust_all_tools`     | `bool`   | `true`          | Whether to trust all tools in Amazon Q                                                                |
-| `ai_prompt`           | `string` | `""`            | Initial task prompt to send to Amazon Q                                                               |
-| `system_prompt`       | `string` | _See below_     | System prompt for task reporting behavior                                                             |
-| `pre_install_script`  | `string` | `null`          | Script to run before installing Amazon Q                                                              |
-| `post_install_script` | `string` | `null`          | Script to run after installing Amazon Q                                                               |
-| `agent_config`        | `string` | `null`          | Custom agent configuration JSON (See the [Default Agent configuration](#default-agent-configuration)) |
+| Variable              | Type     | Default                                               | Description                                                                                                                                                           |
+| --------------------- | -------- | ----------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `auth_tarball`        | `string` | `""`                                                  | Base64 encoded, zstd compressed tarball of authenticated Amazon Q directory                                                                                           |
+| `amazon_q_version`    | `string` | `"1.14.1"`                                            | Version of Amazon Q to install                                                                                                                                        |
+| `q_install_url`       | `string` | `"https://desktop-release.q.us-east-1.amazonaws.com"` | Base URL for Amazon Q installation downloads                                                                                                                          |
+| `install_amazon_q`    | `bool`   | `true`                                                | Whether to install Amazon Q CLI                                                                                                                                       |
+| `install_agentapi`    | `bool`   | `true`                                                | Whether to install AgentAPI for web integration                                                                                                                       |
+| `agentapi_version`    | `string` | `"v0.6.0"`                                            | Version of AgentAPI to install                                                                                                                                        |
+| `trust_all_tools`     | `bool`   | `false`                                               | Whether to trust all tools in Amazon Q                                                                                                                                |
+| `ai_prompt`           | `string` | `""`                                                  | Initial task prompt to send to Amazon Q                                                                                                                               |
+| `system_prompt`       | `string` | _See below_                                           | System prompt for task reporting behavior                                                                                                                             |
+| `pre_install_script`  | `string` | `null`                                                | Script to run before installing Amazon Q                                                                                                                              |
+| `post_install_script` | `string` | `null`                                                | Script to run after installing Amazon Q                                                                                                                               |
+| `agent_config`        | `string` | `null`                                                | Custom agent configuration JSON. The "name" field is used as the agent name and config filename (See the [Default Agent configuration](#default-agent-configuration)) |
 
 ### UI Configuration
 
@@ -196,6 +230,16 @@ The module includes a default agent configuration template that provides a compr
 
 You can override this configuration by providing your own JSON via the `agent_config` variable.
 
+### Agent Name Configuration
+
+The module automatically extracts the agent name from the `"name"` field in the `agent_config` JSON and uses it for:
+
+- **Configuration File:** Saves the agent config as `~/.aws/amazonq/cli-agents/{agent_name}.json`
+- **Default Agent:** Sets the agent as the default using `q settings chat.defaultAgent {agent_name}`
+- **MCP Integration:** Associates the Coder MCP server with the specified agent name
+
+If no custom `agent_config` is provided, the default agent name "agent" is used.
+
 ## Usage Examples
 
 ### Basic Usage
@@ -293,6 +337,34 @@ module "amazon-q" {
 }
 ```
 
+### Air-Gapped Installation
+
+For environments without direct internet access, you can host Amazon Q installation files internally and configure the module to use your internal repository:
+
+```tf
+module "amazon-q" {
+  source       = "registry.coder.com/coder/amazon-q/coder"
+  version      = "2.0.0"
+  agent_id     = coder_agent.example.id
+  auth_tarball = var.amazon_q_auth_tarball
+
+  # Point to internal artifact repository
+  q_install_url = "https://artifacts.internal.corp/amazon-q-releases"
+
+  # Use specific version available in your repository
+  amazon_q_version = "1.14.1"
+}
+```
+
+**Prerequisites for Air-Gapped Setup:**
+
+1. Download Amazon Q installation files from AWS and host them internally
+2. Maintain the same directory structure: `{base_url}/{version}/q-{arch}-linux.zip`
+3. Ensure both architectures are available:
+   - `q-x86_64-linux.zip` for Intel/AMD systems
+   - `q-aarch64-linux.zip` for ARM systems
+4. Configure network access from Coder workspaces to your internal repository
+
 ## Architecture
 
 ### Components

registry/coder/modules/amazon-q/main.tf

@@ -37,11 +37,6 @@ variable "icon" {
   default     = "/icon/amazon-q.svg"
 }
 
-variable "folder" {
-  type        = string
-  description = "The folder to run Amazon Q in."
-  default     = "/home/coder"
-}
 
 variable "install_amazon_q" {
   type        = bool
@@ -58,7 +53,7 @@ variable "install_agentapi" {
 variable "agentapi_version" {
   type        = string
   description = "The version of AgentAPI to install."
-  default     = "v0.5.0"
+  default     = "v0.6.0"
 }
 
 variable "amazon_q_version" {
@@ -67,10 +62,16 @@ variable "amazon_q_version" {
   default     = "1.14.1"
 }
 
+variable "q_install_url" {
+  type        = string
+  description = "Base URL for Amazon Q installation downloads."
+  default     = "https://desktop-release.q.us-east-1.amazonaws.com"
+}
+
 variable "trust_all_tools" {
   type        = bool
   description = "Whether to trust all tools in Amazon Q."
-  default     = true
+  default     = false
 }
 
 variable "ai_prompt" {
@@ -107,7 +108,7 @@ variable "system_prompt" {
 
 variable "auth_tarball" {
   type        = string
-  description = "Base64 encoded, zstd compressed tarball of a pre-authenticated ~/.local/share/amazon-q directory. After running `q login` on another machine, you may generate it with: `cd ~/.local/share/amazon-q && tar -c . | zstd | base64 -w 0`"
+  description = "Base64 encoded, zstd compressed tarball of a pre-authenticated ~/.local/share/amazon-q directory."
   default     = ""
   sensitive   = true
 }
@@ -153,6 +154,11 @@ locals {
   agent_config = var.agent_config == null ? templatefile("${path.module}/templates/agent-config.json.tpl", {
     system_prompt = var.system_prompt
   }) : var.agent_config
+
+  # Extract agent name from agent_config JSON
+  agent_config_json = jsondecode(local.agent_config)
+  agent_name        = try(local.agent_config_json.name, "default-agent")
+
   full_prompt = var.ai_prompt != null ? "${var.ai_prompt}" : ""
 }
 
@@ -185,8 +191,7 @@ module "agentapi" {
     ARG_TRUST_ALL_TOOLS='${var.trust_all_tools}' \
     ARG_AI_PROMPT='${base64encode(local.full_prompt)}' \
     ARG_MODULE_DIR_NAME='${local.module_dir_name}' \
-    ARG_FOLDER='${var.folder}' \
-    SERVER_PARAMETERS="/@${data.coder_workspace_owner.me.name}/${data.coder_workspace.me.name}.${var.agent_id}/apps/${local.app_slug}/chat" \
+    ARG_SERVER_PARAMETERS="-c /@${data.coder_workspace_owner.me.name}/${data.coder_workspace.me.name}.${var.agent_id}/apps/${local.app_slug}/chat" \
     /tmp/start.sh
   EOT
 
@@ -199,8 +204,10 @@ module "agentapi" {
     chmod +x /tmp/install.sh
     ARG_INSTALL='${var.install_amazon_q}' \
     ARG_VERSION='${var.amazon_q_version}' \
+    ARG_Q_INSTALL_URL='${var.q_install_url}' \
     ARG_AUTH_TARBALL='${var.auth_tarball}' \
     ARG_AGENT_CONFIG='${local.agent_config != null ? base64encode(local.agent_config) : ""}' \
+    ARG_AGENT_NAME='${local.agent_name}' \
     ARG_MODULE_DIR_NAME='${local.module_dir_name}' \
     ARG_CODER_MCP_APP_STATUS_SLUG='${local.app_slug}' \
     ARG_PRE_INSTALL_SCRIPT='${var.pre_install_script != null ? base64encode(var.pre_install_script) : ""}' \

registry/coder/modules/amazon-q/scripts/install.sh

@@ -5,14 +5,16 @@ set -o errexit
 set -o pipefail
 
 command_exists() {
-  command -v "$1" >/dev/null 2>&1
+  command -v "$1" > /dev/null 2>&1
 }
 
 # Inputs
 ARG_INSTALL=${ARG_INSTALL:-true}
 ARG_VERSION=${ARG_VERSION:-latest}
+ARG_Q_INSTALL_URL=${ARG_Q_INSTALL_URL:-https://desktop-release.q.us-east-1.amazonaws.com}
 ARG_AUTH_TARBALL=${ARG_AUTH_TARBALL:-}
 ARG_AGENT_CONFIG=${ARG_AGENT_CONFIG:-}
+ARG_AGENT_NAME=${ARG_AGENT_NAME:-default-agent}
 ARG_MODULE_DIR_NAME=${ARG_MODULE_DIR_NAME:-.aws/.amazonq}
 ARG_CODER_MCP_APP_STATUS_SLUG=${ARG_CODER_MCP_APP_STATUS_SLUG:-}
 ARG_PRE_INSTALL_SCRIPT=${ARG_PRE_INSTALL_SCRIPT:-}
@@ -29,6 +31,8 @@ fi
 echo "--------------------------------"
 echo "install: $ARG_INSTALL"
 echo "version: $ARG_VERSION"
+echo "q_install_url: $ARG_Q_INSTALL_URL"
+echo "agent_name: $ARG_AGENT_NAME"
 echo "coder_mcp_app_status_slug: $ARG_CODER_MCP_APP_STATUS_SLUG"
 echo "module_dir_name: $ARG_MODULE_DIR_NAME"
 echo "auth_tarball_provided: $([ -n "$ARG_AUTH_TARBALL" ] && echo "yes" || echo "no")"
@@ -61,16 +65,16 @@ function install_amazon_q() {
 
     ARCH="$(uname -m)"
     case "$ARCH" in
-    "x86_64")
-      Q_URL="https://desktop-release.q.us-east-1.amazonaws.com/${ARG_VERSION}/q-x86_64-linux.zip"
-      ;;
-    "aarch64" | "arm64")
-      Q_URL="https://desktop-release.codewhisperer.us-east-1.amazonaws.com/${ARG_VERSION}/q-aarch64-linux.zip"
-      ;;
-    *)
-      echo "Error: Unsupported architecture: $ARCH. Amazon Q only supports x86_64 and arm64."
-      exit 1
-      ;;
+      "x86_64")
+        Q_URL="${ARG_Q_INSTALL_URL}/${ARG_VERSION}/q-x86_64-linux.zip"
+        ;;
+      "aarch64" | "arm64")
+        Q_URL="${ARG_Q_INSTALL_URL}/${ARG_VERSION}/q-aarch64-linux.zip"
+        ;;
+      *)
+        echo "Error: Unsupported architecture: $ARCH. Amazon Q only supports x86_64 and arm64."
+        exit 1
+        ;;
     esac
 
     echo "Downloading Amazon Q for $ARCH from $Q_URL..."
@@ -102,7 +106,7 @@ function extract_auth_tarball() {
   if [ -n "$ARG_AUTH_TARBALL" ]; then
     echo "Extracting auth tarball..."
     PREV_DIR="$PWD"
-    echo "$ARG_AUTH_TARBALL" | base64 -d >/tmp/auth.tar.zst
+    echo "$ARG_AUTH_TARBALL" | base64 -d > /tmp/auth.tar.zst
     rm -rf ~/.local/share/amazon-q
     mkdir -p ~/.local/share/amazon-q
     cd ~/.local/share/amazon-q
@@ -125,9 +129,9 @@ function configure_agent() {
     # Apply custom MCP configuration if provided
     if [ -n "$ARG_AGENT_CONFIG_DECODED" ]; then
       echo "Applying custom MCP configuration..."
-      # Parse and apply MCP config - implementation depends on Amazon Q's MCP config format
-      echo "$ARG_AGENT_CONFIG_DECODED" >"$AGENT_CONFIG_DIR/agent.json"
-      echo "Custom configuration saved to $AGENT_CONFIG_DIR/agent.json"
+      # Use agent name as filename for the configuration
+      echo "$ARG_AGENT_CONFIG_DECODED" > "$AGENT_CONFIG_DIR/${ARG_AGENT_NAME}.json"
+      echo "Custom configuration saved to $AGENT_CONFIG_DIR/${ARG_AGENT_NAME}.json"
     fi
     q mcp add --name coder \
       --command "coder" \
@@ -136,10 +140,10 @@ function configure_agent() {
       --env "CODER_MCP_AI_AGENTAPI_URL=http://localhost:3284" \
       --env "CODER_AGENT_URL=${CODER_AGENT_URL}" \
       --env "CODER_AGENT_TOKEN=${CODER_AGENT_TOKEN}" \
-      --agent agent \
+      --agent "$ARG_AGENT_NAME" \
       --force || echo "Warning: Failed to add Coder MCP server"
-    echo "Added Coder MCP server into agent in Amazon Q configuration"
-    q settings chat.defaultAgent agent
+    echo "Added Coder MCP server into $ARG_AGENT_NAME in Amazon Q configuration"
+    q settings chat.defaultAgent "$ARG_AGENT_NAME"
   fi
 }
 

registry/coder/modules/amazon-q/scripts/start.sh

@@ -12,10 +12,10 @@ command_exists() {
 ARG_AI_PROMPT=$(echo -n "${ARG_AI_PROMPT:-}" | base64 -d)
 ARG_TRUST_ALL_TOOLS=${ARG_TRUST_ALL_TOOLS:-true}
 ARG_MODULE_DIR_NAME=${ARG_MODULE_DIR_NAME:-.aws/amazonq}
-ARG_FOLDER=${ARG_FOLDER:-$HOME}
+ARG_SERVER_PARAMETERS=${ARG_SERVER_PARAMETERS:-""}
 
 echo "--------------------------------"
-echo "folder: $ARG_FOLDER"
+echo "working_directory: $HOME"
 echo "ai_prompt: $ARG_AI_PROMPT"
 echo "trust_all_tools: $ARG_TRUST_ALL_TOOLS"
 echo "module_dir_name: $ARG_MODULE_DIR_NAME"
@@ -33,13 +33,8 @@ else
   exit 1
 fi
 
-# Ensure working directory exists
-if [ -d "$ARG_FOLDER" ]; then
-  cd "$ARG_FOLDER"
-else
-  mkdir -p "$ARG_FOLDER"
-  cd "$ARG_FOLDER"
-fi
+# Change to home directory for consistent working environment
+cd "$HOME"
 
 # Set up environment
 export LANG=en_US.UTF-8
@@ -59,6 +54,9 @@ printf "Running: %q %s\n" "$Q_CMD" "$(printf '%q ' "${ARGS[@]}")"
 if [ -n "$ARG_AI_PROMPT" ]; then
   printf "AI prompt provided\n"
   ARGS+=("\"Complete the task at hand in one go. Every step of the way, report your progress using coder_report_task tool through coder MCP with proper summary and statuses. Your task at hand: $ARG_AI_PROMPT\"")
+else
+  printf "AI prompt wasn't provided\n"
+  ARGS+=("\"Run interactively. Every step of the way, report your progress using coder_report_task tool through coder MCP with proper summary and statuses.\"")
 fi
 # Use agentapi to manage the interactive session with initial prompt
-agentapi server -c "$SERVER_PARAMETERS" -- "$Q_CMD" "${ARGS[@]}"
+agentapi server $ARG_SERVER_PARAMETERS -- "$Q_CMD" "${ARGS[@]}"