{"id":"codercom-code-server","name":"code-server","homepage":"https://hub.docker.com/r/codercom/code-server","repo_url":"https://hub.docker.com/r/codercom/code-server","category":"devtools","subcategories":[],"tags":["devtools","ide","self-hosted","web-ui","remote-development"],"what_it_does":"code-server is a self-hosted (or deployment-provided) web-based VS Code experience: it runs the VS Code editor in a browser, serving an HTTP(S) interface that lets users edit files, run terminals/tasks, and access projects from a remote environment.","use_cases":["Provide browser-based access to a development environment","Remote pair programming / collaboration on codebases","Ephemeral or centralized dev environments for teams","Education and workshops requiring a consistent editor in the browser","Running editor + tooling on a remote machine with local browser access"],"not_for":["Publicly exposed production environments without careful security hardening","Highly regulated deployments that require strict authn/authz and audit controls out of the box","Agent workflows that require a formal REST/GraphQL API with documented error codes and rate limits"],"best_when":"You need an editor-in-the-browser backed by a controllable server you can secure (networking, authentication, TLS, and filesystem permissions).","avoid_when":"You cannot restrict access (e.g., no authentication or no network controls) or you need a standardized API interface for automation rather than a web UI.","alternatives":["JupyterLab / JupyterHub (for notebook-centric workflows)","Theia-based IDE servers","GitHub Codespaces / development containers (hosted environments)","Self-hosted SSH + VS Code Remote (vscode-server) setups","Web-based file editors without full terminal execution"],"af_score":23.5,"security_score":47.8,"reliability_score":37.5,"package_type":"mcp_server","discovery_source":["docker_mcp"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:26:48.030438+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Web authentication (configured by deployment; commonly via built-in auth providers such as password-based and/or SSO depending on configuration)"],"oauth":false,"scopes":false,"notes":"code-server’s security posture depends heavily on how you deploy it (auth method, reverse proxy, network restrictions). There is no standardized, documented scope model suitable for agent authorization from what is typically exposed in a UI-first product."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"code-server is typically self-hosted/open-source; costs come from your infrastructure and any managed hosting used."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":23.5,"security_score":47.8,"reliability_score":37.5,"mcp_server_quality":0.0,"documentation_accuracy":30.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":55.0,"rate_limit_clarity":0.0,"tls_enforcement":60.0,"auth_strength":50.0,"scope_granularity":20.0,"dependency_hygiene":55.0,"secret_handling":55.0,"security_notes":"As a web IDE, code-server can expose powerful capabilities (filesystem access, terminal execution) and is a high-value target if misconfigured. TLS/auth/network hardening (reverse proxy with HTTPS, strong auth, IP allowlists, least-privilege filesystem permissions) are crucial. Programmatic scope granularity and standardized authorization model are not clearly applicable for agent use based on the UI-first nature.","uptime_documented":10.0,"version_stability":60.0,"breaking_changes_history":50.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["UI-first interface: agents generally cannot rely on stable programmatic endpoints like they would with an API-first service","Security controls and operational behavior vary significantly by deployment (reverse proxy, auth provider, TLS termination)","Executing commands/terminals can have side effects; automation must be careful about safe operation and permissions"]}}