{"id":"ericlewis-code-server","name":"code-server","homepage":"https://hub.docker.com/r/ericlewis/code-server","repo_url":"https://hub.docker.com/r/ericlewis/code-server","category":"devtools","subcategories":[],"tags":["web-ide","self-hosted","developer-tools","vscode","remote-development"],"what_it_does":"code-server runs VS Code (web version) in your browser by hosting the editor on a machine and tunneling access over HTTP(S). It provides a web-based IDE backed by your local filesystem and configurable extensions.","use_cases":["Provide browser-based development environments for remote teams","Self-hosted IDE for development on servers without desktop access","Education and training environments where learners access an IDE via browser","Environments that need to keep code local while using a web UI for editing"],"not_for":["Highly restricted environments that require strong auth from day one without additional configuration","Production multi-tenant platforms without careful isolation and secure reverse-proxying","Use cases needing a stable programmatic API for CRUD operations (it is primarily a web UI/server)"],"best_when":"You control the host network and can secure access via TLS and authentication/reverse proxy, and you want a self-hosted web IDE.","avoid_when":"You cannot enforce HTTPS/auth or you expose the service directly to the public internet without a hardened reverse proxy.","alternatives":["Theia-based self-hosted IDEs (e.g., Eclipse Theia deployments)","VS Code on remote via SSH with local VS Code client (no web IDE hosting)","Cloud IDEs (GitHub Codespaces, GitLab Web IDE)","JupyterLab (for notebook-centric workflows)"],"af_score":24.2,"security_score":48.2,"reliability_score":35.0,"package_type":"mcp_server","discovery_source":["docker_mcp"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T21:27:04.874150+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Built-in code-server authentication (configurable)","Reverse-proxy authentication (e.g., OAuth2/SSO at the proxy level)"],"oauth":false,"scopes":false,"notes":"code-server authentication model depends on deployment configuration (internal auth vs. delegating auth to a reverse proxy). Fine-grained API scopes are not applicable because it is not primarily an API product."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted open-source style deployment; any costs come from your infrastructure rather than per-request pricing."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":24.2,"security_score":48.2,"reliability_score":35.0,"mcp_server_quality":0.0,"documentation_accuracy":35.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":55.0,"rate_limit_clarity":0.0,"tls_enforcement":65.0,"auth_strength":55.0,"scope_granularity":10.0,"dependency_hygiene":50.0,"secret_handling":60.0,"security_notes":"code-server security largely depends on correct configuration: ensure HTTPS (TLS) via internal settings or reverse proxy, restrict access (auth, network controls), and avoid exposing the admin/web editor publicly. Because it hosts an IDE with extension execution and filesystem access, the attack surface is similar to any self-hosted remote dev environment—hardening and least-privilege isolation are critical.","uptime_documented":0.0,"version_stability":55.0,"breaking_changes_history":45.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["This is primarily a web UI/server; there is no clear agent-facing API contract for programmatic use.","Authentication and security posture are highly deployment-dependent (direct exposure vs. reverse proxy, TLS termination, access controls).","State is tied to filesystem/session; automated agents may need careful session handling to avoid unintended edits."]}}