coder
diff --git a/‎cli/testdata/coder_list_--output_json.golden
Lines changed: 2 additions & 1 deletion b/‎cli/testdata/coder_list_--output_json.golden
Lines changed: 2 additions & 1 deletion
diff --git a/‎cli/testdata/coder_provisioner_list_--output_json.golden
Lines changed: 1 addition & 1 deletion b/‎cli/testdata/coder_provisioner_list_--output_json.golden
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 93 additions & 1 deletion b/‎coderd/apidoc/docs.go
Lines changed: 93 additions & 1 deletion
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 85 additions & 1 deletion b/‎coderd/apidoc/swagger.json
Lines changed: 85 additions & 1 deletion
diff --git a/‎coderd/coderd.go
Lines changed: 3 additions & 0 deletions b/‎coderd/coderd.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/coderdtest/swaggerparser.go
Lines changed: 4 additions & 2 deletions b/‎coderd/coderdtest/swaggerparser.go
Lines changed: 4 additions & 2 deletions
diff --git a/‎coderd/entitlements/entitlements.go
Lines changed: 6 additions & 0 deletions b/‎coderd/entitlements/entitlements.go
Lines changed: 6 additions & 0 deletions
diff --git a/‎coderd/initscript.go
Lines changed: 45 additions & 0 deletions b/‎coderd/initscript.go
Lines changed: 45 additions & 0 deletions
@@ -70,7 +70,8 @@
         "most_recently_seen": null
       },
       "template_version_preset_id": null,
-      "has_ai_task": false
+      "has_ai_task": false,
+      "has_external_agent": false
     },
     "latest_app_status": null,
     "outdated": false,
 
@@ -7,7 +7,7 @@
     "last_seen_at": "====[timestamp]=====",
     "name": "test-daemon",
     "version": "v0.0.0-devel",
-    "api_version": "1.8",
+    "api_version": "1.9",
     "provisioners": [
       "echo"
     ],
 
@@ -1566,6 +1566,9 @@ func New(options *Options) *API {
 			r.Use(apiKeyMiddleware)
 			r.Get("/", api.tailnetRPCConn)
 		})
+		r.Route("/init-script", func(r chi.Router) {
+			r.Get("/{os}/{arch}", api.initScript)
+		})
 	})
 
 	if options.SwaggerEndpoint {
 
@@ -310,7 +310,8 @@ func assertSecurityDefined(t *testing.T, comment SwaggerComment) {
 		comment.router == "/" ||
 		comment.router == "/users/login" ||
 		comment.router == "/users/otp/request" ||
-		comment.router == "/users/otp/change-password" {
+		comment.router == "/users/otp/change-password" ||
+		comment.router == "/init-script/{os}/{arch}" {
 		return // endpoints do not require authorization
 	}
 	assert.Containsf(t, authorizedSecurityTags, comment.security, "@Security must be either of these options: %v", authorizedSecurityTags)
@@ -361,7 +362,8 @@ func assertProduce(t *testing.T, comment SwaggerComment) {
 			(comment.router == "/licenses/{id}" && comment.method == "delete") ||
 			(comment.router == "/debug/coordinator" && comment.method == "get") ||
 			(comment.router == "/debug/tailnet" && comment.method == "get") ||
-			(comment.router == "/workspaces/{workspace}/acl" && comment.method == "patch") {
+			(comment.router == "/workspaces/{workspace}/acl" && comment.method == "patch") ||
+			(comment.router == "/init-script/{os}/{arch}" && comment.method == "get") {
 			return // Exception: HTTP 200 is returned without response entity
 		}
 
 
@@ -161,3 +161,9 @@ func (l *Set) Errors() []string {
 	defer l.entitlementsMu.RUnlock()
 	return slices.Clone(l.entitlements.Errors)
 }
+
+func (l *Set) HasLicense() bool {
+	l.entitlementsMu.RLock()
+	defer l.entitlementsMu.RUnlock()
+	return l.entitlements.HasLicense
+}
@@ -0,0 +1,45 @@
+package coderd
+
+import (
+	"crypto/sha256"
+	"encoding/base64"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/go-chi/chi/v5"
+
+	"github.com/coder/coder/v2/coderd/httpapi"
+	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/provisionersdk"
+)
+
+// @Summary Get agent init script
+// @ID get-agent-init-script
+// @Produce text/plain
+// @Tags InitScript
+// @Param os path string true "Operating system"
+// @Param arch path string true "Architecture"
+// @Success 200 "Success"
+// @Router /init-script/{os}/{arch} [get]
+func (api *API) initScript(rw http.ResponseWriter, r *http.Request) {
+	os := strings.ToLower(chi.URLParam(r, "os"))
+	arch := strings.ToLower(chi.URLParam(r, "arch"))
+
+	script, exists := provisionersdk.AgentScriptEnv()[fmt.Sprintf("CODER_AGENT_SCRIPT_%s_%s", os, arch)]
+	if !exists {
+		httpapi.Write(r.Context(), rw, http.StatusBadRequest, codersdk.Response{
+			Message: fmt.Sprintf("Unknown os/arch: %s/%s", os, arch),
+		})
+		return
+	}
+	script = strings.ReplaceAll(script, "${ACCESS_URL}", api.AccessURL.String()+"/")
+	script = strings.ReplaceAll(script, "${AUTH_TYPE}", "token")
+
+	scriptBytes := []byte(script)
+	hash := sha256.Sum256(scriptBytes)
+	rw.Header().Set("Content-Digest", fmt.Sprintf("sha256:%x", base64.StdEncoding.EncodeToString(hash[:])))
+	rw.Header().Set("Content-Type", "text/plain; charset=utf-8")
+	rw.WriteHeader(http.StatusOK)
+	_, _ = rw.Write(scriptBytes)
+}