feat(cli): colorize help page (#9589)

cli/cliui/cliui.go

@@ -51,6 +51,11 @@ var (
 	Blue    = color.Color("#5000ff")
 )
 
+// Color returns a color for the given string.
+func Color(s string) termenv.Color {
+	return color.Color(s)
+}
+
 func isTerm() bool {
 	return color != termenv.Ascii
 }

cli/help.go

@@ -17,8 +17,10 @@ import (
 	"golang.org/x/crypto/ssh/terminal"
 	"golang.org/x/xerrors"
 
+	"github.com/coder/coder/v2/buildinfo"
 	"github.com/coder/coder/v2/cli/clibase"
 	"github.com/coder/coder/v2/cli/cliui"
+	"github.com/coder/pretty"
 )
 
 //go:embed help.tpl
@@ -47,12 +49,28 @@ func wrapTTY(s string) string {
 var usageTemplate = template.Must(
 	template.New("usage").Funcs(
 		template.FuncMap{
+			"version": func() string {
+				return buildinfo.Version()
+			},
 			"wrapTTY": func(s string) string {
 				return wrapTTY(s)
 			},
 			"trimNewline": func(s string) string {
 				return strings.TrimSuffix(s, "\n")
 			},
+			"keyword": func(s string) string {
+				return pretty.Sprint(
+					pretty.FgColor(cliui.Color("#0173ff")),
+					s,
+				)
+			},
+			"prettyHeader": func(s string) string {
+				return pretty.Sprint(
+					pretty.FgColor(
+						cliui.Color("#ffb500"),
+					), strings.ToUpper(s), ":",
+				)
+			},
 			"typeHelper": func(opt *clibase.Option) string {
 				switch v := opt.Value.(type) {
 				case *clibase.Enum:
@@ -71,13 +89,15 @@ var usageTemplate = template.Must(
 
 				body = wordwrap.WrapString(body, uint(twidth-len(spacing)))
 
+				sc := bufio.NewScanner(strings.NewReader(body))
+
 				var sb strings.Builder
-				for _, line := range strings.Split(body, "\n") {
+				for sc.Scan() {
 					// Remove existing indent, if any.
-					line = strings.TrimSpace(line)
+					// line = strings.TrimSpace(line)
 					// Use spaces so we can easily calculate wrapping.
 					_, _ = sb.WriteString(spacing)
-					_, _ = sb.WriteString(line)
+					_, _ = sb.Write(sc.Bytes())
 					_, _ = sb.WriteString("\n")
 				}
 				return sb.String()
@@ -126,9 +146,7 @@ var usageTemplate = template.Must(
 			"flagName": func(opt clibase.Option) string {
 				return opt.Flag
 			},
-			"prettyHeader": func(s string) string {
+
-				return cliui.Bold(s)
-			},
 			"isEnterprise": func(opt clibase.Option) bool {
 				return opt.Annotations.IsSet("enterprise")
 			},
@@ -160,12 +178,6 @@ var usageTemplate = template.Must(
 				}
 				return sb.String()
 			},
-			"formatLong": func(long string) string {
-				// We intentionally don't wrap here because it would misformat
-				// examples, where the new line would start without the prior
-				// line's indentation.
-				return strings.TrimSpace(long)
-			},
 			"formatGroupDescription": func(s string) string {
 				s = strings.ReplaceAll(s, "\n", "")
 				s = s + "\n"

cli/help.tpl

@@ -1,20 +1,22 @@
-{{- /* Heavily inspired by the Go toolchain formatting. */ -}}
+{{- /* Heavily inspired by the Go toolchain and fd */ -}}
-Usage: {{.FullUsage}}
+coder {{version}}
+
+{{prettyHeader "Usage"}}
+{{indent .FullUsage 2}}
 
 
 {{ with .Short }}
-{{- wrapTTY . }}
+{{- indent . 2 | wrapTTY }}
 {{"\n"}}
 {{- end}}
 
 {{ with .Aliases }}
-{{ "\n" }}
+{{"  Aliases: "}} {{- joinStrings .}}
-{{ "Aliases:"}} {{ joinStrings .}}
-{{ "\n" }}
 {{- end }}
 
 {{- with .Long}}
-{{- formatLong . }}
+{{"\n"}}
+{{- indent . 2}}
 {{ "\n" }}
 {{- end }}
 {{ with visibleChildren . }}
@@ -34,11 +36,11 @@ Usage: {{.FullUsage}}
 {{- else }}
 {{- end }}
     {{- range $index, $option := $group.Options }}
-	{{- if not (eq $option.FlagShorthand "") }}{{- print "\n  -" $option.FlagShorthand ", " -}}
+	{{- if not (eq $option.FlagShorthand "") }}{{- print "\n "}} {{ keyword "-"}}{{keyword $option.FlagShorthand }}{{", "}}
 	{{- else }}{{- print "\n      " -}}
 	{{- end }}
-    {{- with flagName $option }}--{{ . }}{{ end }} {{- with typeHelper $option }} {{ . }}{{ end }}
+    {{- with flagName $option }}{{keyword "--"}}{{ keyword . }}{{ end }} {{- with typeHelper $option }} {{ . }}{{ end }}
-    {{- with envName $option }}, ${{ . }}{{ end }}
+    {{- with envName $option }}, {{ print "$" . | keyword }}{{ end }}
     {{- with $option.Default }} (default: {{ . }}){{ end }}
         {{- with $option.Description }}
             {{- $desc := $option.Description }}
@@ -47,7 +49,7 @@ Usage: {{.FullUsage}}
         {{- end -}}
     {{- end }}
 {{- end }}
----
+———
 {{- if .Parent }}
 Run `coder --help` for a list of global options.
 {{- else }}

cli/testdata/coder_--help.golden

@@ -1,15 +1,19 @@
-Usage: coder [global-flags] <subcommand>
+coder v0.0.0-devel
 
-Coder v0.0.0-devel — A tool for provisioning self-hosted development environments with Terraform.
+USAGE:
-  - Start a Coder server:
+  coder [global-flags] <subcommand>
 
-     $ coder server
+  Coder v0.0.0-devel — A tool for provisioning self-hosted development
+  environments with Terraform.
+    - Start a Coder server:
+  
+       $ coder server
+  
+    - Get started by creating a template from an example:
+  
+       $ coder templates init
 
-  - Get started by creating a template from an example:
+SUBCOMMANDS:
-
-     $ coder templates init
-
-Subcommands
     config-ssh        Add an SSH Host entry for your workspaces "ssh
                       coder.workspace"
     create            Create a workspace
@@ -45,43 +49,43 @@ Coder v0.0.0-devel — A tool for provisioning self-hosted development environme
     users             Manage users
     version           Show coder version
 
-Global Options 
+GLOBAL OPTIONS: 
 Global options are applied to all commands. They can be set using environment
 variables or flags.
 
-      --debug-options bool
+      --debug-options bool
           Print all options, how they're set, then exit.
 
-      --disable-direct-connections bool, $CODER_DISABLE_DIRECT_CONNECTIONS
+      --disable-direct-connections bool, $CODER_DISABLE_DIRECT_CONNECTIONS
           Disable direct (P2P) connections to workspaces.
 
-      --global-config string, $CODER_CONFIG_DIR (default: ~/.config/coderv2)
+      --global-config string, $CODER_CONFIG_DIR (default: ~/.config/coderv2)
           Path to the global `coder` config directory.
 
-      --header string-array, $CODER_HEADER
+      --header string-array, $CODER_HEADER
           Additional HTTP headers added to all requests. Provide as key=value.
           Can be specified multiple times.
 
-      --header-command string, $CODER_HEADER_COMMAND
+      --header-command string, $CODER_HEADER_COMMAND
           An external command that outputs additional HTTP headers added to all
           requests. The command must output each header as `key=value` on its
           own line.
 
-      --no-feature-warning bool, $CODER_NO_FEATURE_WARNING
+      --no-feature-warning bool, $CODER_NO_FEATURE_WARNING
           Suppress warnings about unlicensed features.
 
-      --no-version-warning bool, $CODER_NO_VERSION_WARNING
+      --no-version-warning bool, $CODER_NO_VERSION_WARNING
           Suppress warning when client and server versions do not match.
 
-      --token string, $CODER_SESSION_TOKEN
+      --token string, $CODER_SESSION_TOKEN
           Specify an authentication token. For security reasons setting
           CODER_SESSION_TOKEN is preferred.
 
-      --url url, $CODER_URL
+      --url url, $CODER_URL
           URL to a deployment.
 
-  -v, --verbose bool, $CODER_VERBOSE
+  -v, --verbose bool, $CODER_VERBOSE
           Enable verbose output.
 
----
+———
 Report bugs and request features at https://github.com/coder/coder/issues/new

cli/testdata/coder_agent_--help.golden

@@ -1,41 +1,44 @@
-Usage: coder agent [flags]
+coder v0.0.0-devel
 
-Starts the Coder workspace agent.
+USAGE:
+  coder agent [flags]
 
-Options
+  Starts the Coder workspace agent.
-      --log-human string, $CODER_AGENT_LOGGING_HUMAN (default: /dev/stderr)
+
+OPTIONS:
+      --log-human string, $CODER_AGENT_LOGGING_HUMAN (default: /dev/stderr)
           Output human-readable logs to a given file.
 
-      --log-json string, $CODER_AGENT_LOGGING_JSON
+      --log-json string, $CODER_AGENT_LOGGING_JSON
           Output JSON logs to a given file.
 
-      --log-stackdriver string, $CODER_AGENT_LOGGING_STACKDRIVER
+      --log-stackdriver string, $CODER_AGENT_LOGGING_STACKDRIVER
           Output Stackdriver compatible logs to a given file.
 
-      --auth string, $CODER_AGENT_AUTH (default: token)
+      --auth string, $CODER_AGENT_AUTH (default: token)
           Specify the authentication type to use for the agent.
 
-      --debug-address string, $CODER_AGENT_DEBUG_ADDRESS (default: 127.0.0.1:2113)
+      --debug-address string, $CODER_AGENT_DEBUG_ADDRESS (default: 127.0.0.1:2113)
           The bind address to serve a debug HTTP server.
 
-      --log-dir string, $CODER_AGENT_LOG_DIR (default: /tmp)
+      --log-dir string, $CODER_AGENT_LOG_DIR (default: /tmp)
           Specify the location for the agent log files.
 
-      --no-reap bool
+      --no-reap bool
           Do not start a process reaper.
 
-      --pprof-address string, $CODER_AGENT_PPROF_ADDRESS (default: 127.0.0.1:6060)
+      --pprof-address string, $CODER_AGENT_PPROF_ADDRESS (default: 127.0.0.1:6060)
           The address to serve pprof.
 
-      --prometheus-address string, $CODER_AGENT_PROMETHEUS_ADDRESS (default: 127.0.0.1:2112)
+      --prometheus-address string, $CODER_AGENT_PROMETHEUS_ADDRESS (default: 127.0.0.1:2112)
           The bind address to serve Prometheus metrics.
 
-      --ssh-max-timeout duration, $CODER_AGENT_SSH_MAX_TIMEOUT (default: 72h)
+      --ssh-max-timeout duration, $CODER_AGENT_SSH_MAX_TIMEOUT (default: 72h)
           Specify the max timeout for a SSH connection, it is advisable to set
           it to a minimum of 60s, but no more than 72h.
 
-      --tailnet-listen-port int, $CODER_AGENT_TAILNET_LISTEN_PORT (default: 0)
+      --tailnet-listen-port int, $CODER_AGENT_TAILNET_LISTEN_PORT (default: 0)
           Specify a static port for Tailscale to use for listening.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_config-ssh_--help.golden

@@ -1,51 +1,55 @@
-Usage: coder config-ssh [flags]
+coder v0.0.0-devel
 
-Add an SSH Host entry for your workspaces "ssh coder.workspace"
+USAGE:
+  coder config-ssh [flags]
 
-- You can use -o (or --ssh-option) so set SSH options to be used for all your
+  Add an SSH Host entry for your workspaces "ssh coder.workspace"
-workspaces:
 
-     $ coder config-ssh -o ForwardAgent=yes
+    - You can use -o (or --ssh-option) so set SSH options to be used for all
+  your
+  workspaces:
+  
+       $ coder config-ssh -o ForwardAgent=yes
+  
+    - You can use --dry-run (or -n) to see the changes that would be made:
+  
+       $ coder config-ssh --dry-run
 
-  - You can use --dry-run (or -n) to see the changes that would be made:
+OPTIONS:
-
+      --coder-binary-path string, $CODER_SSH_CONFIG_BINARY_PATH
-     $ coder config-ssh --dry-run
-
-Options
-      --coder-binary-path string, $CODER_SSH_CONFIG_BINARY_PATH
           Optionally specify the absolute path to the coder binary used in
           ProxyCommand. By default, the binary invoking this command ('config
           ssh') is used.
 
-  -n, --dry-run bool, $CODER_SSH_DRY_RUN
+  -n, --dry-run bool, $CODER_SSH_DRY_RUN
           Perform a trial run with no changes made, showing a diff at the end.
 
-      --force-unix-filepaths bool, $CODER_CONFIGSSH_UNIX_FILEPATHS
+      --force-unix-filepaths bool, $CODER_CONFIGSSH_UNIX_FILEPATHS
           By default, 'config-ssh' uses the os path separator when writing the
           ssh config. This might be an issue in Windows machine that use a
           unix-like shell. This flag forces the use of unix file paths (the
           forward slash '/').
 
-      --ssh-config-file string, $CODER_SSH_CONFIG_FILE (default: ~/.ssh/config)
+      --ssh-config-file string, $CODER_SSH_CONFIG_FILE (default: ~/.ssh/config)
           Specifies the path to an SSH config.
 
-      --ssh-host-prefix string, $CODER_CONFIGSSH_SSH_HOST_PREFIX
+      --ssh-host-prefix string, $CODER_CONFIGSSH_SSH_HOST_PREFIX
           Override the default host prefix.
 
-  -o, --ssh-option string-array, $CODER_SSH_CONFIG_OPTS
+  -o, --ssh-option string-array, $CODER_SSH_CONFIG_OPTS
           Specifies additional SSH options to embed in each host stanza.
 
-      --use-previous-options bool, $CODER_SSH_USE_PREVIOUS_OPTIONS
+      --use-previous-options bool, $CODER_SSH_USE_PREVIOUS_OPTIONS
           Specifies whether or not to keep options from previous run of
           config-ssh.
 
-      --wait yes|no|auto, $CODER_CONFIGSSH_WAIT (default: auto)
+      --wait yes|no|auto, $CODER_CONFIGSSH_WAIT (default: auto)
           Specifies whether or not to wait for the startup script to finish
           executing. Auto means that the agent startup script behavior
           configured in the workspace template is used.
 
-  -y, --yes bool
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_create_--help.golden

@@ -1,32 +1,35 @@
-Usage: coder create [flags] [name]
+coder v0.0.0-devel
 
-Create a workspace
+USAGE:
+  coder create [flags] [name]
 
-- Create a workspace for another user (if you have permission):
+  Create a workspace
 
-     $ coder create <username>/<workspace_name>
+    - Create a workspace for another user (if you have permission):
+  
+       $ coder create <username>/<workspace_name>
 
-Options
+OPTIONS:
-      --parameter string-array, $CODER_RICH_PARAMETER
+      --parameter string-array, $CODER_RICH_PARAMETER
           Rich parameter value in the format "name=value".
 
-      --rich-parameter-file string, $CODER_RICH_PARAMETER_FILE
+      --rich-parameter-file string, $CODER_RICH_PARAMETER_FILE
           Specify a file path with values for rich parameters defined in the
           template.
 
-      --start-at string, $CODER_WORKSPACE_START_AT
+      --start-at string, $CODER_WORKSPACE_START_AT
           Specify the workspace autostart schedule. Check coder schedule start
           --help for the syntax.
 
-      --stop-after duration, $CODER_WORKSPACE_STOP_AFTER
+      --stop-after duration, $CODER_WORKSPACE_STOP_AFTER
           Specify a duration after which the workspace should shut down (e.g.
           8h).
 
-  -t, --template string, $CODER_TEMPLATE_NAME
+  -t, --template string, $CODER_TEMPLATE_NAME
           Specify a template name.
 
-  -y, --yes bool
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_delete_--help.golden

@@ -1,17 +1,20 @@
-Usage: coder delete [flags] <workspace>
+coder v0.0.0-devel
 
-Delete a workspace
+USAGE:
+  coder delete [flags] <workspace>
 
-Aliases: rm
+  Delete a workspace
 
-Options
+  Aliases: rm
-      --orphan bool
+
+OPTIONS:
+      --orphan bool
           Delete a workspace without deleting its resources. This can delete a
           workspace in a broken state, but may also lead to unaccounted cloud
           resources.
 
-  -y, --yes bool
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_dotfiles_--help.golden

@@ -1,23 +1,26 @@
-Usage: coder dotfiles [flags] <git_repo_url>
+coder v0.0.0-devel
 
-Personalize your workspace by applying a canonical dotfiles repository
+USAGE:
+  coder dotfiles [flags] <git_repo_url>
 
-- Check out and install a dotfiles repository without prompts:
+  Personalize your workspace by applying a canonical dotfiles repository
 
-     $ coder dotfiles --yes git@github.com:example/dotfiles.git
+    - Check out and install a dotfiles repository without prompts:
+  
+       $ coder dotfiles --yes git@github.com:example/dotfiles.git
 
-Options
+OPTIONS:
-  -b, --branch string
+  -b, --branch string
           Specifies which branch to clone. If empty, will default to cloning the
           default branch or using the existing branch in the cloned repo on
           disk.
 
-      --symlink-dir string, $CODER_SYMLINK_DIR
+      --symlink-dir string, $CODER_SYMLINK_DIR
           Specifies the directory for the dotfiles symlink destinations. If
           empty, will use $HOME.
 
-  -y, --yes bool
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_list_--help.golden

@@ -1,23 +1,26 @@
-Usage: coder list [flags]
+coder v0.0.0-devel
 
-List workspaces
+USAGE:
+  coder list [flags]
 
-Aliases: ls
+  List workspaces
 
-Options
+  Aliases: ls
-  -a, --all bool
+
+OPTIONS:
+  -a, --all bool
           Specifies whether all workspaces will be listed or not.
 
-  -c, --column string-array (default: workspace,template,status,healthy,last built,outdated,starts at,stops after)
+  -c, --column string-array (default: workspace,template,status,healthy,last built,outdated,starts at,stops after)
           Columns to display in table output. Available columns: workspace,
           template, status, healthy, last built, outdated, starts at, stops
           after, daily cost.
 
-  -o, --output string (default: table)
+  -o, --output string (default: table)
           Output format. Available formats: table, json.
 
-      --search string (default: owner:me)
+      --search string (default: owner:me)
           Search for a workspace with a query.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_login_--help.golden

@@ -1,27 +1,30 @@
-Usage: coder login [flags] <url>
+coder v0.0.0-devel
 
-Authenticate with Coder deployment
+USAGE:
+  coder login [flags] <url>
 
-Options
+  Authenticate with Coder deployment
-      --first-user-email string, $CODER_FIRST_USER_EMAIL
+
+OPTIONS:
+      --first-user-email string, $CODER_FIRST_USER_EMAIL
           Specifies an email address to use if creating the first user for the
           deployment.
 
-      --first-user-password string, $CODER_FIRST_USER_PASSWORD
+      --first-user-password string, $CODER_FIRST_USER_PASSWORD
           Specifies a password to use if creating the first user for the
           deployment.
 
-      --first-user-trial bool, $CODER_FIRST_USER_TRIAL
+      --first-user-trial bool, $CODER_FIRST_USER_TRIAL
           Specifies whether a trial license should be provisioned for the Coder
           deployment or not.
 
-      --first-user-username string, $CODER_FIRST_USER_USERNAME
+      --first-user-username string, $CODER_FIRST_USER_USERNAME
           Specifies a username to use if creating the first user for the
           deployment.
 
-      --use-token-as-session bool
+      --use-token-as-session bool
           By default, the CLI will generate a new session token when logging in.
           This flag will instead use the provided token as the session token.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_logout_--help.golden

@@ -1,10 +1,13 @@
-Usage: coder logout [flags]
+coder v0.0.0-devel
 
-Unauthenticate your local session
+USAGE:
+  coder logout [flags]
 
-Options
+  Unauthenticate your local session
-  -y, --yes bool
+
+OPTIONS:
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_netcheck_--help.golden

@@ -1,6 +1,9 @@
-Usage: coder netcheck
+coder v0.0.0-devel
 
-Print network debug information for DERP and STUN
+USAGE:
+  coder netcheck
 
----
+  Print network debug information for DERP and STUN
+
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_ping_--help.golden

@@ -1,16 +1,19 @@
-Usage: coder ping [flags] <workspace>
+coder v0.0.0-devel
 
-Ping a workspace
+USAGE:
+  coder ping [flags] <workspace>
 
-Options
+  Ping a workspace
-  -n, --num int (default: 10)
+
+OPTIONS:
+  -n, --num int (default: 10)
           Specifies the number of pings to perform.
 
-  -t, --timeout duration (default: 5s)
+  -t, --timeout duration (default: 5s)
           Specifies how long to wait for a ping to complete.
 
-      --wait duration (default: 1s)
+      --wait duration (default: 1s)
           Specifies how long to wait between pings.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_port-forward_--help.golden

@@ -1,39 +1,45 @@
-Usage: coder port-forward [flags] <workspace>
+coder v0.0.0-devel
 
-Forward ports from a workspace to the local machine. For reverse port
+USAGE:
-forwarding, use "coder ssh -R".
+  coder port-forward [flags] <workspace>
 
-Aliases: tunnel
+  Forward ports from a workspace to the local machine. For reverse port
+  forwarding, use "coder ssh -R".
 
-- Port forward a single TCP port from 1234 in the workspace to port 5678 on your
+  Aliases: tunnel
-local machine:
 
-     $ coder port-forward <workspace> --tcp 5678:1234
+    - Port forward a single TCP port from 1234 in the workspace to port 5678 on
+  your
+  local machine:
+  
+       $ coder port-forward <workspace> --tcp 5678:1234
+  
+    - Port forward a single UDP port from port 9000 to port 9000 on your local
+  machine:
+  
+       $ coder port-forward <workspace> --udp 9000
+  
+    - Port forward multiple TCP ports and a UDP port:
+  
+       $ coder port-forward <workspace> --tcp 8080:8080 --tcp 9000:3000 --udp
+  5353:53
+  
+    - Port forward multiple ports (TCP or UDP) in condensed syntax:
+  
+       $ coder port-forward <workspace> --tcp
+  8080,9000:3000,9090-9092,10000-10002:10010-10012
+  
+    - Port forward specifying the local address to bind to:
+  
+       $ coder port-forward <workspace> --tcp 1.2.3.4:8080:8080
 
-  - Port forward a single UDP port from port 9000 to port 9000 on your local
+OPTIONS:
-machine:
+  -p, --tcp string-array, $CODER_PORT_FORWARD_TCP
-
-     $ coder port-forward <workspace> --udp 9000
-
-  - Port forward multiple TCP ports and a UDP port:
-
-     $ coder port-forward <workspace> --tcp 8080:8080 --tcp 9000:3000 --udp 5353:53
-
-  - Port forward multiple ports (TCP or UDP) in condensed syntax:
-
-     $ coder port-forward <workspace> --tcp 8080,9000:3000,9090-9092,10000-10002:10010-10012
-
-  - Port forward specifying the local address to bind to:
-
-     $ coder port-forward <workspace> --tcp 1.2.3.4:8080:8080
-
-Options
-  -p, --tcp string-array, $CODER_PORT_FORWARD_TCP
           Forward TCP port(s) from the workspace to the local machine.
 
-      --udp string-array, $CODER_PORT_FORWARD_UDP
+      --udp string-array, $CODER_PORT_FORWARD_UDP
           Forward UDP port(s) from the workspace to the local machine. The UDP
           connection has TCP-like semantics to support stateful UDP protocols.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_publickey_--help.golden

@@ -1,16 +1,19 @@
-Usage: coder publickey [flags]
+coder v0.0.0-devel
 
-Output your Coder public key used for Git operations
+USAGE:
+  coder publickey [flags]
 
-Aliases: pubkey
+  Output your Coder public key used for Git operations
 
-Options
+  Aliases: pubkey
-      --reset bool
+
+OPTIONS:
+      --reset bool
           Regenerate your public key. This will require updating the key on any
           services it's registered with.
 
-  -y, --yes bool
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_rename_--help.golden

@@ -1,10 +1,13 @@
-Usage: coder rename [flags] <workspace> <new name>
+coder v0.0.0-devel
 
-Rename a workspace
+USAGE:
+  coder rename [flags] <workspace> <new name>
 
-Options
+  Rename a workspace
-  -y, --yes bool
+
+OPTIONS:
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_reset-password_--help.golden

@@ -1,10 +1,13 @@
-Usage: coder reset-password [flags] <username>
+coder v0.0.0-devel
 
-Directly connect to the database to reset a user's password
+USAGE:
+  coder reset-password [flags] <username>
 
-Options
+  Directly connect to the database to reset a user's password
-      --postgres-url string, $CODER_PG_CONNECTION_URL
+
+OPTIONS:
+      --postgres-url string, $CODER_PG_CONNECTION_URL
           URL of a PostgreSQL database to connect to.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_restart_--help.golden

@@ -1,16 +1,19 @@
-Usage: coder restart [flags] <workspace>
+coder v0.0.0-devel
 
-Restart a workspace
+USAGE:
+  coder restart [flags] <workspace>
 
-Options
+  Restart a workspace
-      --build-option string-array, $CODER_BUILD_OPTION
+
+OPTIONS:
+      --build-option string-array, $CODER_BUILD_OPTION
           Build option value in the format "name=value".
 
-      --build-options bool
+      --build-options bool
           Prompt for one-time build options defined with ephemeral parameters.
 
-  -y, --yes bool
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_schedule_--help.golden

@@ -1,13 +1,16 @@
-Usage: coder schedule { show | start | stop | override } <workspace>
+coder v0.0.0-devel
 
-Schedule automated start and stop times for workspaces
+USAGE:
+  coder schedule { show | start | stop | override } <workspace>
 
-Subcommands
+  Schedule automated start and stop times for workspaces
+
+SUBCOMMANDS:
     override-stop    Override the stop time of a currently running workspace
                      instance.
     show             Show workspace schedule
     start            Edit workspace start schedule
     stop             Edit workspace stop schedule
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_schedule_override-stop_--help.golden

@@ -1,12 +1,15 @@
-Usage: coder schedule override-stop <workspace-name> <duration from now>
+coder v0.0.0-devel
 
-Override the stop time of a currently running workspace instance.
+USAGE:
+  coder schedule override-stop <workspace-name> <duration from now>
 
-* The new stop time is calculated from *now*.
+  Override the stop time of a currently running workspace instance.
-  * The new stop time must be at least 30 minutes in the future.
-  * The workspace template may restrict the maximum workspace runtime.
 
- $ coder schedule override-stop my-workspace 90m
+      * The new stop time is calculated from *now*.
+    * The new stop time must be at least 30 minutes in the future.
+    * The workspace template may restrict the maximum workspace runtime.
+  
+   $ coder schedule override-stop my-workspace 90m
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_schedule_show_--help.golden

@@ -1,12 +1,15 @@
-Usage: coder schedule show <workspace-name>
+coder v0.0.0-devel
 
-Show workspace schedule
+USAGE:
+  coder schedule show <workspace-name>
 
-Shows the following information for the given workspace:
+  Show workspace schedule
-  * The automatic start schedule
-  * The next scheduled start time
-  * The duration after which it will stop
-  * The next scheduled stop time
 
----
+  Shows the following information for the given workspace:
+    * The automatic start schedule
+    * The next scheduled start time
+    * The duration after which it will stop
+    * The next scheduled stop time
+
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_schedule_start_--help.golden

@@ -1,20 +1,29 @@
-Usage: coder schedule start <workspace-name> { <start-time> [day-of-week] [location] | manual }
+coder v0.0.0-devel
 
-Edit workspace start schedule
+USAGE:
+  coder schedule start <workspace-name> { <start-time> [day-of-week] [location]
+  | manual }
 
-Schedules a workspace to regularly start at a specific time.
+  Edit workspace start schedule
-Schedule format: <start-time> [day-of-week] [location].
-  * Start-time (required) is accepted either in 12-hour (hh:mm{am|pm}) format, or 24-hour format hh:mm.
-  * Day-of-week (optional) allows specifying in the cron format, e.g. 1,3,5 or Mon-Fri.
-    Aliases such as @daily are not supported.
-    Default: * (every day)
-  * Location (optional) must be a valid location in the IANA timezone database.
-    If omitted, we will fall back to either the TZ environment variable or /etc/localtime.
-    You can check your corresponding location by visiting https://ipinfo.io - it shows in the demo widget on the right.
 
-  - Set the workspace to start at 9:30am (in Dublin) from Monday to Friday:
+  Schedules a workspace to regularly start at a specific time.
+  Schedule format: <start-time> [day-of-week] [location].
+    * Start-time (required) is accepted either in 12-hour (hh:mm{am|pm}) format,
+  or 24-hour format hh:mm.
+    * Day-of-week (optional) allows specifying in the cron format, e.g. 1,3,5 or
+  Mon-Fri.
+      Aliases such as @daily are not supported.
+      Default: * (every day)
+    * Location (optional) must be a valid location in the IANA timezone
+  database.
+      If omitted, we will fall back to either the TZ environment variable or
+  /etc/localtime.
+      You can check your corresponding location by visiting https://ipinfo.io -
+  it shows in the demo widget on the right.
+  
+    - Set the workspace to start at 9:30am (in Dublin) from Monday to Friday:
+  
+       $ coder schedule start my-workspace 9:30AM Mon-Fri Europe/Dublin
 
-     $ coder schedule start my-workspace 9:30AM Mon-Fri Europe/Dublin
+———
-
----
 Run `coder --help` for a list of global options.

cli/testdata/coder_schedule_stop_--help.golden

@@ -1,21 +1,28 @@
-Usage: coder schedule stop <workspace-name> { <duration> | manual }
+coder v0.0.0-devel
 
-Edit workspace stop schedule
+USAGE:
+  coder schedule stop <workspace-name> { <duration> | manual }
 
-Schedules a workspace to stop after a given duration has elapsed.
+  Edit workspace stop schedule
-  * Workspace runtime is measured from the time that the workspace build completed.
-  * The minimum scheduled stop time is 1 minute.
-  * The workspace template may place restrictions on the maximum shutdown time.
-  * Changes to workspace schedules only take effect upon the next build of the workspace,
-    and do not affect a running instance of a workspace.
 
-When enabling scheduled stop, enter a duration in one of the following formats:
+  Schedules a workspace to stop after a given duration has elapsed.
-  * 3h2m (3 hours and two minutes)
+    * Workspace runtime is measured from the time that the workspace build
-  * 3h   (3 hours)
+  completed.
-  * 2m   (2 minutes)
+    * The minimum scheduled stop time is 1 minute.
-  * 2    (2 minutes)
+    * The workspace template may place restrictions on the maximum shutdown
+  time.
+    * Changes to workspace schedules only take effect upon the next build of the
+  workspace,
+      and do not affect a running instance of a workspace.
+  
+  When enabling scheduled stop, enter a duration in one of the following
+  formats:
+    * 3h2m (3 hours and two minutes)
+    * 3h   (3 hours)
+    * 2m   (2 minutes)
+    * 2    (2 minutes)
+  
+   $ coder schedule stop my-workspace 2h30m
 
- $ coder schedule stop my-workspace 2h30m
+———
-
----
 Run `coder --help` for a list of global options.

cli/testdata/coder_server_--help.golden

@@ -1,8 +1,11 @@
-Usage: coder server [flags]
+coder v0.0.0-devel
 
-Start a Coder server
+USAGE:
+  coder server [flags]
 
-Subcommands
+  Start a Coder server
+
+SUBCOMMANDS:
     create-admin-user         Create a new admin user with the given username,
                               email and password and adds it to every
                               organization.
@@ -10,153 +13,153 @@ Start a Coder server
     postgres-builtin-url      Output the connection URL for the built-in
                               PostgreSQL deployment.
 
-Options
+OPTIONS:
-      --cache-dir string, $CODER_CACHE_DIRECTORY (default: [cache dir])
+      --cache-dir string, $CODER_CACHE_DIRECTORY (default: [cache dir])
           The directory to cache temporary files. If unspecified and
           $CACHE_DIRECTORY is set, it will be used for compatibility with
           systemd.
 
-      --disable-owner-workspace-access bool, $CODER_DISABLE_OWNER_WORKSPACE_ACCESS
+      --disable-owner-workspace-access bool, $CODER_DISABLE_OWNER_WORKSPACE_ACCESS
           Remove the permission for the 'owner' role to have workspace execution
           on all workspaces. This prevents the 'owner' from ssh, apps, and
           terminal access based on the 'owner' role. They still have their user
           permissions to access their own workspaces.
 
-      --disable-path-apps bool, $CODER_DISABLE_PATH_APPS
+      --disable-path-apps bool, $CODER_DISABLE_PATH_APPS
           Disable workspace apps that are not served from subdomains. Path-based
           apps can make requests to the Coder API and pose a security risk when
           the workspace serves malicious JavaScript. This is recommended for
           security purposes if a --wildcard-access-url is configured.
 
-      --swagger-enable bool, $CODER_SWAGGER_ENABLE
+      --swagger-enable bool, $CODER_SWAGGER_ENABLE
           Expose the swagger endpoint via /swagger.
 
-      --experiments string-array, $CODER_EXPERIMENTS
+      --experiments string-array, $CODER_EXPERIMENTS
           Enable one or more experiments. These are not ready for production.
           Separate multiple experiments with commas, or enter '*' to opt-in to
           all available experiments.
 
-      --postgres-url string, $CODER_PG_CONNECTION_URL
+      --postgres-url string, $CODER_PG_CONNECTION_URL
           URL of a PostgreSQL database. If empty, PostgreSQL binaries will be
           downloaded from Maven (https://repo1.maven.org/maven2) and store all
           data in the config root. Access the built-in database with "coder
           server postgres-builtin-url".
 
-      --ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519)
+      --ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519)
           The algorithm to use for generating ssh keys. Accepted values are
           "ed25519", "ecdsa", or "rsa4096".
 
-      --update-check bool, $CODER_UPDATE_CHECK (default: false)
+      --update-check bool, $CODER_UPDATE_CHECK (default: false)
           Periodically check for new releases of Coder and inform the owner. The
           check is performed once per day.
 
-Client Options 
+CLIENT OPTIONS: 
 These options change the behavior of how clients interact with the Coder.
 Clients include the coder cli, vs code extension, and the web UI.
 
-      --ssh-config-options string-array, $CODER_SSH_CONFIG_OPTIONS
+      --ssh-config-options string-array, $CODER_SSH_CONFIG_OPTIONS
           These SSH config options will override the default SSH config options.
           Provide options in "key=value" or "key value" format separated by
           commas.Using this incorrectly can break SSH to your deployment, use
           cautiously.
 
-      --ssh-hostname-prefix string, $CODER_SSH_HOSTNAME_PREFIX (default: coder.)
+      --ssh-hostname-prefix string, $CODER_SSH_HOSTNAME_PREFIX (default: coder.)
           The SSH deployment prefix is used in the Host of the ssh config.
 
-Config Options 
+CONFIG OPTIONS: 
 Use a YAML configuration file when your server launch become unwieldy.
 
-  -c, --config yaml-config-path, $CODER_CONFIG_PATH
+  -c, --config yaml-config-path, $CODER_CONFIG_PATH
           Specify a YAML file to load configuration from.
 
-      --write-config bool
+      --write-config bool
           
           Write out the current server config as YAML to stdout.
 
-Introspection / Logging Options 
+INTROSPECTION / LOGGING OPTIONS: 
-      --enable-terraform-debug-mode bool, $CODER_ENABLE_TERRAFORM_DEBUG_MODE (default: false)
+      --enable-terraform-debug-mode bool, $CODER_ENABLE_TERRAFORM_DEBUG_MODE (default: false)
           Allow administrators to enable Terraform debug output.
 
-      --log-human string, $CODER_LOGGING_HUMAN (default: /dev/stderr)
+      --log-human string, $CODER_LOGGING_HUMAN (default: /dev/stderr)
           Output human-readable logs to a given file.
 
-      --log-json string, $CODER_LOGGING_JSON
+      --log-json string, $CODER_LOGGING_JSON
           Output JSON logs to a given file.
 
-  -l, --log-filter string-array, $CODER_LOG_FILTER
+  -l, --log-filter string-array, $CODER_LOG_FILTER
           Filter debug logs by matching against a given regex. Use .* to match
           all debug logs.
 
-      --log-stackdriver string, $CODER_LOGGING_STACKDRIVER
+      --log-stackdriver string, $CODER_LOGGING_STACKDRIVER
           Output Stackdriver compatible logs to a given file.
 
-Introspection / Prometheus Options 
+INTROSPECTION / PROMETHEUS OPTIONS: 
-      --prometheus-address host:port, $CODER_PROMETHEUS_ADDRESS (default: 127.0.0.1:2112)
+      --prometheus-address host:port, $CODER_PROMETHEUS_ADDRESS (default: 127.0.0.1:2112)
           The bind address to serve prometheus metrics.
 
-      --prometheus-collect-agent-stats bool, $CODER_PROMETHEUS_COLLECT_AGENT_STATS
+      --prometheus-collect-agent-stats bool, $CODER_PROMETHEUS_COLLECT_AGENT_STATS
           Collect agent stats (may increase charges for metrics storage).
 
-      --prometheus-collect-db-metrics bool, $CODER_PROMETHEUS_COLLECT_DB_METRICS (default: false)
+      --prometheus-collect-db-metrics bool, $CODER_PROMETHEUS_COLLECT_DB_METRICS (default: false)
           Collect database metrics (may increase charges for metrics storage).
 
-      --prometheus-enable bool, $CODER_PROMETHEUS_ENABLE
+      --prometheus-enable bool, $CODER_PROMETHEUS_ENABLE
           Serve prometheus metrics on the address defined by prometheus address.
 
-Introspection / Tracing Options 
+INTROSPECTION / TRACING OPTIONS: 
-      --trace-logs bool, $CODER_TRACE_LOGS
+      --trace-logs bool, $CODER_TRACE_LOGS
           Enables capturing of logs as events in traces. This is useful for
           debugging, but may result in a very large amount of events being sent
           to the tracing backend which may incur significant costs.
 
-      --trace bool, $CODER_TRACE_ENABLE
+      --trace bool, $CODER_TRACE_ENABLE
           Whether application tracing data is collected. It exports to a backend
           configured by environment variables. See:
           https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md.
 
-      --trace-honeycomb-api-key string, $CODER_TRACE_HONEYCOMB_API_KEY
+      --trace-honeycomb-api-key string, $CODER_TRACE_HONEYCOMB_API_KEY
           Enables trace exporting to Honeycomb.io using the provided API Key.
 
-Introspection / pprof Options 
+INTROSPECTION / PPROF OPTIONS: 
-      --pprof-address host:port, $CODER_PPROF_ADDRESS (default: 127.0.0.1:6060)
+      --pprof-address host:port, $CODER_PPROF_ADDRESS (default: 127.0.0.1:6060)
           The bind address to serve pprof.
 
-      --pprof-enable bool, $CODER_PPROF_ENABLE
+      --pprof-enable bool, $CODER_PPROF_ENABLE
           Serve pprof metrics on the address defined by pprof address.
 
-Networking Options 
+NETWORKING OPTIONS: 
-      --access-url url, $CODER_ACCESS_URL
+      --access-url url, $CODER_ACCESS_URL
           The URL that users will use to access the Coder deployment.
 
-      --docs-url url, $CODER_DOCS_URL
+      --docs-url url, $CODER_DOCS_URL
           Specifies the custom docs URL.
 
-      --proxy-trusted-headers string-array, $CODER_PROXY_TRUSTED_HEADERS
+      --proxy-trusted-headers string-array, $CODER_PROXY_TRUSTED_HEADERS
           Headers to trust for forwarding IP addresses. e.g. Cf-Connecting-Ip,
           True-Client-Ip, X-Forwarded-For.
 
-      --proxy-trusted-origins string-array, $CODER_PROXY_TRUSTED_ORIGINS
+      --proxy-trusted-origins string-array, $CODER_PROXY_TRUSTED_ORIGINS
           Origin addresses to respect "proxy-trusted-headers". e.g.
           192.168.1.0/24.
 
-      --redirect-to-access-url bool, $CODER_REDIRECT_TO_ACCESS_URL
+      --redirect-to-access-url bool, $CODER_REDIRECT_TO_ACCESS_URL
           Specifies whether to redirect requests that do not match the access
           URL host.
 
-      --secure-auth-cookie bool, $CODER_SECURE_AUTH_COOKIE
+      --secure-auth-cookie bool, $CODER_SECURE_AUTH_COOKIE
           Controls if the 'Secure' property is set on browser session cookies.
 
-      --wildcard-access-url url, $CODER_WILDCARD_ACCESS_URL
+      --wildcard-access-url url, $CODER_WILDCARD_ACCESS_URL
           Specifies the wildcard hostname to use for workspace applications in
           the form "*.example.com".
 
-Networking / DERP Options 
+NETWORKING / DERP OPTIONS: 
 Most Coder deployments never have to think about DERP because all connections
 between workspaces and users are peer-to-peer. However, when Coder cannot
 establish a peer to peer connection, Coder uses a distributed relay network
 backed by Tailscale and WireGuard.
 
-      --block-direct-connections bool, $CODER_BLOCK_DIRECT
+      --block-direct-connections bool, $CODER_BLOCK_DIRECT
           Block peer-to-peer (aka. direct) workspace connections. All workspace
           connections from the CLI will be proxied through Coder (or custom
           configured DERP servers) and will never be peer-to-peer when enabled.
@@ -164,36 +167,36 @@ backed by Tailscale and WireGuard.
           until they are restarted after this change has been made, but new
           connections will still be proxied regardless.
 
-      --derp-config-path string, $CODER_DERP_CONFIG_PATH
+      --derp-config-path string, $CODER_DERP_CONFIG_PATH
           Path to read a DERP mapping from. See:
           https://tailscale.com/kb/1118/custom-derp-servers/.
 
-      --derp-config-url string, $CODER_DERP_CONFIG_URL
+      --derp-config-url string, $CODER_DERP_CONFIG_URL
           URL to fetch a DERP mapping on startup. See:
           https://tailscale.com/kb/1118/custom-derp-servers/.
 
-      --derp-force-websockets bool, $CODER_DERP_FORCE_WEBSOCKETS
+      --derp-force-websockets bool, $CODER_DERP_FORCE_WEBSOCKETS
           Force clients and agents to always use WebSocket to connect to DERP
           relay servers. By default, DERP uses `Upgrade: derp`, which may cause
           issues with some reverse proxies. Clients may automatically fallback
           to WebSocket if they detect an issue with `Upgrade: derp`, but this
           does not work in all situations.
 
-      --derp-server-enable bool, $CODER_DERP_SERVER_ENABLE (default: true)
+      --derp-server-enable bool, $CODER_DERP_SERVER_ENABLE (default: true)
           Whether to enable or disable the embedded DERP relay server.
 
-      --derp-server-region-name string, $CODER_DERP_SERVER_REGION_NAME (default: Coder Embedded Relay)
+      --derp-server-region-name string, $CODER_DERP_SERVER_REGION_NAME (default: Coder Embedded Relay)
           Region name that for the embedded DERP server.
 
-      --derp-server-stun-addresses string-array, $CODER_DERP_SERVER_STUN_ADDRESSES (default: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302)
+      --derp-server-stun-addresses string-array, $CODER_DERP_SERVER_STUN_ADDRESSES (default: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302)
           Addresses for STUN servers to establish P2P connections. It's
           recommended to have at least two STUN servers to give users the best
           chance of connecting P2P to workspaces. Each STUN server will get it's
           own DERP region, with region IDs starting at `--derp-server-region-id
           + 1`. Use special value 'disable' to turn off STUN completely.
 
-Networking / HTTP Options 
+NETWORKING / HTTP OPTIONS: 
-      --disable-password-auth bool, $CODER_DISABLE_PASSWORD_AUTH
+      --disable-password-auth bool, $CODER_DISABLE_PASSWORD_AUTH
           Disable password authentication. This is recommended for security
           purposes in production deployments that rely on an identity provider.
           Any user with the owner role will be able to sign in with their
@@ -202,226 +205,226 @@ backed by Tailscale and WireGuard.
           create-admin` command to create a new admin user directly in the
           database.
 
-      --disable-session-expiry-refresh bool, $CODER_DISABLE_SESSION_EXPIRY_REFRESH
+      --disable-session-expiry-refresh bool, $CODER_DISABLE_SESSION_EXPIRY_REFRESH
           Disable automatic session expiry bumping due to activity. This forces
           all sessions to become invalid after the session expiry duration has
           been reached.
 
-      --http-address string, $CODER_HTTP_ADDRESS (default: 127.0.0.1:3000)
+      --http-address string, $CODER_HTTP_ADDRESS (default: 127.0.0.1:3000)
           HTTP bind address of the server. Unset to disable the HTTP endpoint.
 
-      --max-token-lifetime duration, $CODER_MAX_TOKEN_LIFETIME (default: 876600h0m0s)
+      --max-token-lifetime duration, $CODER_MAX_TOKEN_LIFETIME (default: 876600h0m0s)
           The maximum lifetime duration users can specify when creating an API
           token.
 
-      --proxy-health-interval duration, $CODER_PROXY_HEALTH_INTERVAL (default: 1m0s)
+      --proxy-health-interval duration, $CODER_PROXY_HEALTH_INTERVAL (default: 1m0s)
           The interval in which coderd should be checking the status of
           workspace proxies.
 
-      --session-duration duration, $CODER_SESSION_DURATION (default: 24h0m0s)
+      --session-duration duration, $CODER_SESSION_DURATION (default: 24h0m0s)
           The token expiry duration for browser sessions. Sessions may last
           longer if they are actively making requests, but this functionality
           can be disabled via --disable-session-expiry-refresh.
 
-Networking / TLS Options 
+NETWORKING / TLS OPTIONS: 
 Configure TLS / HTTPS for your Coder deployment. If you're running Coder behind
 a TLS-terminating reverse proxy or are accessing Coder over a secure link, you
 can safely ignore these settings.
 
-      --strict-transport-security int, $CODER_STRICT_TRANSPORT_SECURITY (default: 0)
+      --strict-transport-security int, $CODER_STRICT_TRANSPORT_SECURITY (default: 0)
           Controls if the 'Strict-Transport-Security' header is set on all
           static file responses. This header should only be set if the server is
           accessed via HTTPS. This value is the MaxAge in seconds of the header.
 
-      --strict-transport-security-options string-array, $CODER_STRICT_TRANSPORT_SECURITY_OPTIONS
+      --strict-transport-security-options string-array, $CODER_STRICT_TRANSPORT_SECURITY_OPTIONS
           Two optional fields can be set in the Strict-Transport-Security
           header; 'includeSubDomains' and 'preload'. The
           'strict-transport-security' flag must be set to a non-zero value for
           these options to be used.
 
-      --tls-address host:port, $CODER_TLS_ADDRESS (default: 127.0.0.1:3443)
+      --tls-address host:port, $CODER_TLS_ADDRESS (default: 127.0.0.1:3443)
           HTTPS bind address of the server.
 
-      --tls-cert-file string-array, $CODER_TLS_CERT_FILE
+      --tls-cert-file string-array, $CODER_TLS_CERT_FILE
           Path to each certificate for TLS. It requires a PEM-encoded file. To
           configure the listener to use a CA certificate, concatenate the
           primary certificate and the CA certificate together. The primary
           certificate should appear first in the combined file.
 
-      --tls-client-auth string, $CODER_TLS_CLIENT_AUTH (default: none)
+      --tls-client-auth string, $CODER_TLS_CLIENT_AUTH (default: none)
           Policy the server will follow for TLS Client Authentication. Accepted
           values are "none", "request", "require-any", "verify-if-given", or
           "require-and-verify".
 
-      --tls-client-ca-file string, $CODER_TLS_CLIENT_CA_FILE
+      --tls-client-ca-file string, $CODER_TLS_CLIENT_CA_FILE
           PEM-encoded Certificate Authority file used for checking the
           authenticity of client.
 
-      --tls-client-cert-file string, $CODER_TLS_CLIENT_CERT_FILE
+      --tls-client-cert-file string, $CODER_TLS_CLIENT_CERT_FILE
           Path to certificate for client TLS authentication. It requires a
           PEM-encoded file.
 
-      --tls-client-key-file string, $CODER_TLS_CLIENT_KEY_FILE
+      --tls-client-key-file string, $CODER_TLS_CLIENT_KEY_FILE
           Path to key for client TLS authentication. It requires a PEM-encoded
           file.
 
-      --tls-enable bool, $CODER_TLS_ENABLE
+      --tls-enable bool, $CODER_TLS_ENABLE
           Whether TLS will be enabled.
 
-      --tls-key-file string-array, $CODER_TLS_KEY_FILE
+      --tls-key-file string-array, $CODER_TLS_KEY_FILE
           Paths to the private keys for each of the certificates. It requires a
           PEM-encoded file.
 
-      --tls-min-version string, $CODER_TLS_MIN_VERSION (default: tls12)
+      --tls-min-version string, $CODER_TLS_MIN_VERSION (default: tls12)
           Minimum supported version of TLS. Accepted values are "tls10",
           "tls11", "tls12" or "tls13".
 
-OAuth2 / GitHub Options 
+OAUTH2 / GITHUB OPTIONS: 
-      --oauth2-github-allow-everyone bool, $CODER_OAUTH2_GITHUB_ALLOW_EVERYONE
+      --oauth2-github-allow-everyone bool, $CODER_OAUTH2_GITHUB_ALLOW_EVERYONE
           Allow all logins, setting this option means allowed orgs and teams
           must be empty.
 
-      --oauth2-github-allow-signups bool, $CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS
+      --oauth2-github-allow-signups bool, $CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS
           Whether new users can sign up with GitHub.
 
-      --oauth2-github-allowed-orgs string-array, $CODER_OAUTH2_GITHUB_ALLOWED_ORGS
+      --oauth2-github-allowed-orgs string-array, $CODER_OAUTH2_GITHUB_ALLOWED_ORGS
           Organizations the user must be a member of to Login with GitHub.
 
-      --oauth2-github-allowed-teams string-array, $CODER_OAUTH2_GITHUB_ALLOWED_TEAMS
+      --oauth2-github-allowed-teams string-array, $CODER_OAUTH2_GITHUB_ALLOWED_TEAMS
           Teams inside organizations the user must be a member of to Login with
           GitHub. Structured as: <organization-name>/<team-slug>.
 
-      --oauth2-github-client-id string, $CODER_OAUTH2_GITHUB_CLIENT_ID
+      --oauth2-github-client-id string, $CODER_OAUTH2_GITHUB_CLIENT_ID
           Client ID for Login with GitHub.
 
-      --oauth2-github-client-secret string, $CODER_OAUTH2_GITHUB_CLIENT_SECRET
+      --oauth2-github-client-secret string, $CODER_OAUTH2_GITHUB_CLIENT_SECRET
           Client secret for Login with GitHub.
 
-      --oauth2-github-enterprise-base-url string, $CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL
+      --oauth2-github-enterprise-base-url string, $CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL
           Base URL of a GitHub Enterprise deployment to use for Login with
           GitHub.
 
-OIDC Options 
+OIDC OPTIONS: 
-      --oidc-group-auto-create bool, $CODER_OIDC_GROUP_AUTO_CREATE (default: false)
+      --oidc-group-auto-create bool, $CODER_OIDC_GROUP_AUTO_CREATE (default: false)
           Automatically creates missing groups from a user's groups claim.
 
-      --oidc-allow-signups bool, $CODER_OIDC_ALLOW_SIGNUPS (default: true)
+      --oidc-allow-signups bool, $CODER_OIDC_ALLOW_SIGNUPS (default: true)
           Whether new users can sign up with OIDC.
 
-      --oidc-auth-url-params struct[map[string]string], $CODER_OIDC_AUTH_URL_PARAMS (default: {"access_type": "offline"})
+      --oidc-auth-url-params struct[map[string]string], $CODER_OIDC_AUTH_URL_PARAMS (default: {"access_type": "offline"})
           OIDC auth URL parameters to pass to the upstream provider.
 
-      --oidc-client-cert-file string, $CODER_OIDC_CLIENT_CERT_FILE
+      --oidc-client-cert-file string, $CODER_OIDC_CLIENT_CERT_FILE
           Pem encoded certificate file to use for oauth2 PKI/JWT authorization.
           The public certificate that accompanies oidc-client-key-file. A
           standard x509 certificate is expected.
 
-      --oidc-client-id string, $CODER_OIDC_CLIENT_ID
+      --oidc-client-id string, $CODER_OIDC_CLIENT_ID
           Client ID to use for Login with OIDC.
 
-      --oidc-client-key-file string, $CODER_OIDC_CLIENT_KEY_FILE
+      --oidc-client-key-file string, $CODER_OIDC_CLIENT_KEY_FILE
           Pem encoded RSA private key to use for oauth2 PKI/JWT authorization.
           This can be used instead of oidc-client-secret if your IDP supports
           it.
 
-      --oidc-client-secret string, $CODER_OIDC_CLIENT_SECRET
+      --oidc-client-secret string, $CODER_OIDC_CLIENT_SECRET
           Client secret to use for Login with OIDC.
 
-      --oidc-email-domain string-array, $CODER_OIDC_EMAIL_DOMAIN
+      --oidc-email-domain string-array, $CODER_OIDC_EMAIL_DOMAIN
           Email domains that clients logging in with OIDC must match.
 
-      --oidc-email-field string, $CODER_OIDC_EMAIL_FIELD (default: email)
+      --oidc-email-field string, $CODER_OIDC_EMAIL_FIELD (default: email)
           OIDC claim field to use as the email.
 
-      --oidc-group-field string, $CODER_OIDC_GROUP_FIELD
+      --oidc-group-field string, $CODER_OIDC_GROUP_FIELD
           This field must be set if using the group sync feature and the scope
           name is not 'groups'. Set to the claim to be used for groups.
 
-      --oidc-group-mapping struct[map[string]string], $CODER_OIDC_GROUP_MAPPING (default: {})
+      --oidc-group-mapping struct[map[string]string], $CODER_OIDC_GROUP_MAPPING (default: {})
           A map of OIDC group IDs and the group in Coder it should map to. This
           is useful for when OIDC providers only return group IDs.
 
-      --oidc-ignore-email-verified bool, $CODER_OIDC_IGNORE_EMAIL_VERIFIED
+      --oidc-ignore-email-verified bool, $CODER_OIDC_IGNORE_EMAIL_VERIFIED
           Ignore the email_verified claim from the upstream provider.
 
-      --oidc-ignore-userinfo bool, $CODER_OIDC_IGNORE_USERINFO (default: false)
+      --oidc-ignore-userinfo bool, $CODER_OIDC_IGNORE_USERINFO (default: false)
           Ignore the userinfo endpoint and only use the ID token for user
           information.
 
-      --oidc-issuer-url string, $CODER_OIDC_ISSUER_URL
+      --oidc-issuer-url string, $CODER_OIDC_ISSUER_URL
           Issuer URL to use for Login with OIDC.
 
-      --oidc-group-regex-filter regexp, $CODER_OIDC_GROUP_REGEX_FILTER (default: .*)
+      --oidc-group-regex-filter regexp, $CODER_OIDC_GROUP_REGEX_FILTER (default: .*)
           If provided any group name not matching the regex is ignored. This
           allows for filtering out groups that are not needed. This filter is
           applied after the group mapping.
 
-      --oidc-scopes string-array, $CODER_OIDC_SCOPES (default: openid,profile,email)
+      --oidc-scopes string-array, $CODER_OIDC_SCOPES (default: openid,profile,email)
           Scopes to grant when authenticating with OIDC.
 
-      --oidc-user-role-default string-array, $CODER_OIDC_USER_ROLE_DEFAULT
+      --oidc-user-role-default string-array, $CODER_OIDC_USER_ROLE_DEFAULT
           If user role sync is enabled, these roles are always included for all
           authenticated users. The 'member' role is always assigned.
 
-      --oidc-user-role-field string, $CODER_OIDC_USER_ROLE_FIELD
+      --oidc-user-role-field string, $CODER_OIDC_USER_ROLE_FIELD
           This field must be set if using the user roles sync feature. Set this
           to the name of the claim used to store the user's role. The roles
           should be sent as an array of strings.
 
-      --oidc-user-role-mapping struct[map[string][]string], $CODER_OIDC_USER_ROLE_MAPPING (default: {})
+      --oidc-user-role-mapping struct[map[string][]string], $CODER_OIDC_USER_ROLE_MAPPING (default: {})
           A map of the OIDC passed in user roles and the groups in Coder it
           should map to. This is useful if the group names do not match. If
           mapped to the empty string, the role will ignored.
 
-      --oidc-username-field string, $CODER_OIDC_USERNAME_FIELD (default: preferred_username)
+      --oidc-username-field string, $CODER_OIDC_USERNAME_FIELD (default: preferred_username)
           OIDC claim field to use as the username.
 
-      --oidc-sign-in-text string, $CODER_OIDC_SIGN_IN_TEXT (default: OpenID Connect)
+      --oidc-sign-in-text string, $CODER_OIDC_SIGN_IN_TEXT (default: OpenID Connect)
           The text to show on the OpenID Connect sign in button.
 
-      --oidc-icon-url url, $CODER_OIDC_ICON_URL
+      --oidc-icon-url url, $CODER_OIDC_ICON_URL
           URL pointing to the icon to use on the OpenID Connect login button.
 
-Provisioning Options 
+PROVISIONING OPTIONS: 
 Tune the behavior of the provisioner, which is responsible for creating,
 updating, and deleting workspace resources.
 
-      --provisioner-force-cancel-interval duration, $CODER_PROVISIONER_FORCE_CANCEL_INTERVAL (default: 10m0s)
+      --provisioner-force-cancel-interval duration, $CODER_PROVISIONER_FORCE_CANCEL_INTERVAL (default: 10m0s)
           Time to force cancel provisioning tasks that are stuck.
 
-      --provisioner-daemon-poll-interval duration, $CODER_PROVISIONER_DAEMON_POLL_INTERVAL (default: 1s)
+      --provisioner-daemon-poll-interval duration, $CODER_PROVISIONER_DAEMON_POLL_INTERVAL (default: 1s)
           Time to wait before polling for a new job.
 
-      --provisioner-daemon-poll-jitter duration, $CODER_PROVISIONER_DAEMON_POLL_JITTER (default: 100ms)
+      --provisioner-daemon-poll-jitter duration, $CODER_PROVISIONER_DAEMON_POLL_JITTER (default: 100ms)
           Random jitter added to the poll interval.
 
-      --provisioner-daemon-psk string, $CODER_PROVISIONER_DAEMON_PSK
+      --provisioner-daemon-psk string, $CODER_PROVISIONER_DAEMON_PSK
           Pre-shared key to authenticate external provisioner daemons to Coder
           server.
 
-      --provisioner-daemons int, $CODER_PROVISIONER_DAEMONS (default: 3)
+      --provisioner-daemons int, $CODER_PROVISIONER_DAEMONS (default: 3)
           Number of provisioner daemons to create on start. If builds are stuck
           in queued state for a long time, consider increasing this.
 
-Telemetry Options 
+TELEMETRY OPTIONS: 
 Telemetry is critical to our ability to improve Coder. We strip all
 personalinformation before sending data to our servers. Please only disable
 telemetrywhen required by your organization's security policy.
 
-      --telemetry bool, $CODER_TELEMETRY_ENABLE (default: false)
+      --telemetry bool, $CODER_TELEMETRY_ENABLE (default: false)
           Whether telemetry is enabled or not. Coder collects anonymized usage
           data to help improve our product.
 
-      --telemetry-trace bool, $CODER_TELEMETRY_TRACE (default: false)
+      --telemetry-trace bool, $CODER_TELEMETRY_TRACE (default: false)
           Whether Opentelemetry traces are sent to Coder. Coder collects
           anonymized application tracing to help improve our product. Disabling
           telemetry also disables this option.
 
-User Quiet Hours Schedule Options 
+USER QUIET HOURS SCHEDULE OPTIONS: 
 Allow users to set quiet hours schedules each day for workspaces to avoid
 workspaces stopping during the day due to template max TTL.
 
-      --default-quiet-hours-schedule string, $CODER_QUIET_HOURS_DEFAULT_SCHEDULE
+      --default-quiet-hours-schedule string, $CODER_QUIET_HOURS_DEFAULT_SCHEDULE
           The default daily cron schedule applied to users that haven't set a
           custom quiet hours schedule themselves. The quiet hours schedule
           determines when workspaces will be force stopped due to the template's
@@ -431,8 +434,8 @@ workspaces stopping during the day due to template max TTL.
           one hour and minute can be specified (ranges or comma separated values
           are not supported).
 
-⚠️ Dangerous Options 
+⚠️ DANGEROUS OPTIONS: 
-      --dangerous-allow-path-app-sharing bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SHARING
+      --dangerous-allow-path-app-sharing bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SHARING
           Allow workspace apps that are not served from subdomains to be shared.
           Path-based app sharing is DISABLED by default for security purposes.
           Path-based apps can make requests to the Coder API and pose a security
@@ -440,7 +443,7 @@ workspaces stopping during the day due to template max TTL.
           can be disabled entirely with --disable-path-apps for further
           security.
 
-      --dangerous-allow-path-app-site-owner-access bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS
+      --dangerous-allow-path-app-site-owner-access bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS
           Allow site-owners to access workspace apps from workspaces they do not
           own. Owners cannot access path-based apps they do not own by default.
           Path-based apps can make requests to the Coder API and pose a security
@@ -448,17 +451,17 @@ workspaces stopping during the day due to template max TTL.
           can be disabled entirely with --disable-path-apps for further
           security.
 
-Enterprise Options 
+ENTERPRISE OPTIONS: 
 These options are only available in the Enterprise Edition.
 
-      --browser-only bool, $CODER_BROWSER_ONLY
+      --browser-only bool, $CODER_BROWSER_ONLY
           Whether Coder only allows connections to workspaces via the browser.
 
-      --derp-server-relay-url url, $CODER_DERP_SERVER_RELAY_URL
+      --derp-server-relay-url url, $CODER_DERP_SERVER_RELAY_URL
           An HTTP URL that is accessible by other replicas to relay DERP
           traffic. Required for high availability.
 
-      --external-token-encryption-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS
+      --external-token-encryption-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS
           Encrypt OIDC and Git authentication tokens with AES-256-GCM in the
           database. The value must be a comma-separated list of base64-encoded
           keys. Each key, when base64-decoded, must be exactly 32 bytes in
@@ -468,9 +471,9 @@ These options are only available in the Enterprise Edition.
           process of rotating keys with the `coder server dbcrypt rotate`
           command.
 
-      --scim-auth-header string, $CODER_SCIM_AUTH_HEADER
+      --scim-auth-header string, $CODER_SCIM_AUTH_HEADER
           Enables SCIM and sets the authentication header for the built-in SCIM
           server. New users are automatically created with OIDC authentication.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_server_create-admin-user_--help.golden

@@ -1,32 +1,35 @@
-Usage: coder server create-admin-user [flags]
+coder v0.0.0-devel
 
-Create a new admin user with the given username, email and password and adds it
+USAGE:
-to every organization.
+  coder server create-admin-user [flags]
 
-Options
+  Create a new admin user with the given username, email and password and adds
-      --email string, $CODER_EMAIL
+  it to every organization.
+
+OPTIONS:
+      --email string, $CODER_EMAIL
           The email of the new user. If not specified, you will be prompted via
           stdin.
 
-      --password string, $CODER_PASSWORD
+      --password string, $CODER_PASSWORD
           The password of the new user. If not specified, you will be prompted
           via stdin.
 
-      --postgres-url string, $CODER_PG_CONNECTION_URL
+      --postgres-url string, $CODER_PG_CONNECTION_URL
           URL of a PostgreSQL database. If empty, the built-in PostgreSQL
           deployment will be used (Coder must not be already running in this
           case).
 
-      --raw-url bool
+      --raw-url bool
           Output the raw connection URL instead of a psql command.
 
-      --ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519)
+      --ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519)
           The algorithm to use for generating ssh keys. Accepted values are
           "ed25519", "ecdsa", or "rsa4096".
 
-      --username string, $CODER_USERNAME
+      --username string, $CODER_USERNAME
           The username of the new user. If not specified, you will be prompted
           via stdin.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_server_postgres-builtin-serve_--help.golden

@@ -1,10 +1,13 @@
-Usage: coder server postgres-builtin-serve [flags]
+coder v0.0.0-devel
 
-Run the built-in PostgreSQL deployment.
+USAGE:
+  coder server postgres-builtin-serve [flags]
 
-Options
+  Run the built-in PostgreSQL deployment.
-      --raw-url bool
+
+OPTIONS:
+      --raw-url bool
           Output the raw connection URL instead of a psql command.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_server_postgres-builtin-url_--help.golden

@@ -1,10 +1,13 @@
-Usage: coder server postgres-builtin-url [flags]
+coder v0.0.0-devel
 
-Output the connection URL for the built-in PostgreSQL deployment.
+USAGE:
+  coder server postgres-builtin-url [flags]
 
-Options
+  Output the connection URL for the built-in PostgreSQL deployment.
-      --raw-url bool
+
+OPTIONS:
+      --raw-url bool
           Output the raw connection URL instead of a psql command.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_show_--help.golden

@@ -1,6 +1,9 @@
-Usage: coder show <workspace>
+coder v0.0.0-devel
 
-Display details of a workspace's resources and agents
+USAGE:
+  coder show <workspace>
 
----
+  Display details of a workspace's resources and agents
+
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_speedtest_--help.golden

@@ -1,18 +1,21 @@
-Usage: coder speedtest [flags] <workspace>
+coder v0.0.0-devel
 
-Run upload and download tests from your machine to a workspace
+USAGE:
+  coder speedtest [flags] <workspace>
 
-Options
+  Run upload and download tests from your machine to a workspace
-  -d, --direct bool
+
+OPTIONS:
+  -d, --direct bool
           Specifies whether to wait for a direct connection before testing
           speed.
 
-      --direction up|down (default: down)
+      --direction up|down (default: down)
           Specifies whether to run in reverse mode where the client receives and
           the server sends.
 
-  -t, --time duration (default: 5s)
+  -t, --time duration (default: 5s)
           Specifies the duration to monitor traffic.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_ssh_--help.golden

@@ -1,45 +1,48 @@
-Usage: coder ssh [flags] <workspace>
+coder v0.0.0-devel
 
-Start a shell into a workspace
+USAGE:
+  coder ssh [flags] <workspace>
 
-Options
+  Start a shell into a workspace
-  -A, --forward-agent bool, $CODER_SSH_FORWARD_AGENT
+
+OPTIONS:
+  -A, --forward-agent bool, $CODER_SSH_FORWARD_AGENT
           Specifies whether to forward the SSH agent specified in
           $SSH_AUTH_SOCK.
 
-  -G, --forward-gpg bool, $CODER_SSH_FORWARD_GPG
+  -G, --forward-gpg bool, $CODER_SSH_FORWARD_GPG
           Specifies whether to forward the GPG agent. Unsupported on Windows
           workspaces, but supports all clients. Requires gnupg (gpg, gpgconf) on
           both the client and workspace. The GPG agent must already be running
           locally and will not be started for you. If a GPG agent is already
           running in the workspace, it will be attempted to be killed.
 
-      --identity-agent string, $CODER_SSH_IDENTITY_AGENT
+      --identity-agent string, $CODER_SSH_IDENTITY_AGENT
           Specifies which identity agent to use (overrides $SSH_AUTH_SOCK),
           forward agent must also be enabled.
 
-  -l, --log-dir string, $CODER_SSH_LOG_DIR
+  -l, --log-dir string, $CODER_SSH_LOG_DIR
           Specify the directory containing SSH diagnostic log files.
 
-      --no-wait bool, $CODER_SSH_NO_WAIT
+      --no-wait bool, $CODER_SSH_NO_WAIT
           Enter workspace immediately after the agent has connected. This is the
           default if the template has configured the agent startup script
           behavior as non-blocking.
           DEPRECATED: Use --wait instead.
 
-  -R, --remote-forward string, $CODER_SSH_REMOTE_FORWARD
+  -R, --remote-forward string, $CODER_SSH_REMOTE_FORWARD
           Enable remote port forwarding (remote_port:local_address:local_port).
 
-      --stdio bool, $CODER_SSH_STDIO
+      --stdio bool, $CODER_SSH_STDIO
           Specifies whether to emit SSH output over stdin/stdout.
 
-      --wait yes|no|auto, $CODER_SSH_WAIT (default: auto)
+      --wait yes|no|auto, $CODER_SSH_WAIT (default: auto)
           Specifies whether or not to wait for the startup script to finish
           executing. Auto means that the agent startup script behavior
           configured in the workspace template is used.
 
-      --workspace-poll-interval duration, $CODER_WORKSPACE_POLL_INTERVAL (default: 1m)
+      --workspace-poll-interval duration, $CODER_WORKSPACE_POLL_INTERVAL (default: 1m)
           Specifies how often to poll for workspace automated shutdown.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_start_--help.golden

@@ -1,16 +1,19 @@
-Usage: coder start [flags] <workspace>
+coder v0.0.0-devel
 
-Start a workspace
+USAGE:
+  coder start [flags] <workspace>
 
-Options
+  Start a workspace
-      --build-option string-array, $CODER_BUILD_OPTION
+
+OPTIONS:
+      --build-option string-array, $CODER_BUILD_OPTION
           Build option value in the format "name=value".
 
-      --build-options bool
+      --build-options bool
           Prompt for one-time build options defined with ephemeral parameters.
 
-  -y, --yes bool
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_stat_--help.golden

@@ -1,19 +1,22 @@
-Usage: coder stat [flags]
+coder v0.0.0-devel
 
-Show resource usage for the current workspace.
+USAGE:
+  coder stat [flags]
 
-Subcommands
+  Show resource usage for the current workspace.
+
+SUBCOMMANDS:
     cpu     Show CPU usage, in cores.
     disk    Show disk usage, in gigabytes.
     mem     Show memory usage, in gigabytes.
 
-Options
+OPTIONS:
-  -c, --column string-array (default: host_cpu,host_memory,home_disk,container_cpu,container_memory)
+  -c, --column string-array (default: host_cpu,host_memory,home_disk,container_cpu,container_memory)
           Columns to display in table output. Available columns: host cpu, host
           memory, home disk, container cpu, container memory.
 
-  -o, --output string (default: table)
+  -o, --output string (default: table)
           Output format. Available formats: table, json.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_stat_cpu_--help.golden

@@ -1,13 +1,16 @@
-Usage: coder stat cpu [flags]
+coder v0.0.0-devel
 
-Show CPU usage, in cores.
+USAGE:
+  coder stat cpu [flags]
 
-Options
+  Show CPU usage, in cores.
-      --host bool
+
+OPTIONS:
+      --host bool
           Force host CPU measurement.
 
-  -o, --output string (default: text)
+  -o, --output string (default: text)
           Output format. Available formats: text, json.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_stat_disk_--help.golden

@@ -1,16 +1,19 @@
-Usage: coder stat disk [flags]
+coder v0.0.0-devel
 
-Show disk usage, in gigabytes.
+USAGE:
+  coder stat disk [flags]
 
-Options
+  Show disk usage, in gigabytes.
-  -o, --output string (default: text)
+
+OPTIONS:
+  -o, --output string (default: text)
           Output format. Available formats: text, json.
 
-      --path string (default: /)
+      --path string (default: /)
           Path for which to check disk usage.
 
-      --prefix Ki|Mi|Gi|Ti (default: Gi)
+      --prefix Ki|Mi|Gi|Ti (default: Gi)
           SI Prefix for disk measurement.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_stat_mem_--help.golden

@@ -1,16 +1,19 @@
-Usage: coder stat mem [flags]
+coder v0.0.0-devel
 
-Show memory usage, in gigabytes.
+USAGE:
+  coder stat mem [flags]
 
-Options
+  Show memory usage, in gigabytes.
-      --host bool
+
+OPTIONS:
+      --host bool
           Force host memory measurement.
 
-  -o, --output string (default: text)
+  -o, --output string (default: text)
           Output format. Available formats: text, json.
 
-      --prefix Ki|Mi|Gi|Ti (default: Gi)
+      --prefix Ki|Mi|Gi|Ti (default: Gi)
           SI Prefix for memory measurement.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_state_--help.golden

@@ -1,10 +1,13 @@
-Usage: coder state
+coder v0.0.0-devel
 
-Manually manage Terraform state to fix broken workspaces
+USAGE:
+  coder state
 
-Subcommands
+  Manually manage Terraform state to fix broken workspaces
+
+SUBCOMMANDS:
     pull    Pull a Terraform state file from a workspace.
     push    Push a Terraform state file to a workspace.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_state_pull_--help.golden

@@ -1,10 +1,13 @@
-Usage: coder state pull [flags] <workspace> [file]
+coder v0.0.0-devel
 
-Pull a Terraform state file from a workspace.
+USAGE:
+  coder state pull [flags] <workspace> [file]
 
-Options
+  Pull a Terraform state file from a workspace.
-  -b, --build int
+
+OPTIONS:
+  -b, --build int
           Specify a workspace build to target by name. Defaults to latest.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_state_push_--help.golden

@@ -1,10 +1,13 @@
-Usage: coder state push [flags] <workspace> <file>
+coder v0.0.0-devel
 
-Push a Terraform state file to a workspace.
+USAGE:
+  coder state push [flags] <workspace> <file>
 
-Options
+  Push a Terraform state file to a workspace.
-  -b, --build int
+
+OPTIONS:
+  -b, --build int
           Specify a workspace build to target by name. Defaults to latest.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_stop_--help.golden

@@ -1,10 +1,13 @@
-Usage: coder stop [flags] <workspace>
+coder v0.0.0-devel
 
-Stop a workspace
+USAGE:
+  coder stop [flags] <workspace>
 
-Options
+  Stop a workspace
-  -y, --yes bool
+
+OPTIONS:
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_templates_--help.golden

@@ -1,23 +1,28 @@
-Usage: coder templates
+coder v0.0.0-devel
 
-Manage templates
+USAGE:
+  coder templates
 
-Aliases: template
+  Manage templates
 
-Templates are written in standard Terraform and describe the infrastructure for workspaces
+  Aliases: template
-  - Create a template for developers to create workspaces:
 
-     $ coder templates create
+  Templates are written in standard Terraform and describe the infrastructure
+  for workspaces
+    - Create a template for developers to create workspaces:
+  
+       $ coder templates create
+  
+    - Make changes to your template, and plan the changes:
+  
+       $ coder templates plan my-template
+  
+    - Push an update to the template. Your developers can update their
+  workspaces:
+  
+       $ coder templates push my-template
 
-  - Make changes to your template, and plan the changes:
+SUBCOMMANDS:
-
-     $ coder templates plan my-template
-
-  - Push an update to the template. Your developers can update their workspaces:
-
-     $ coder templates push my-template
-
-Subcommands
     create      Create a template from the current directory or as specified by
                 flag
     delete      Delete templates
@@ -29,5 +34,5 @@ Templates are written in standard Terraform and describe the infrastructure for
                 specified by flag
     versions    Manage different versions of the specified template
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_templates_create_--help.golden

@@ -1,62 +1,65 @@
-Usage: coder templates create [flags] [name]
+coder v0.0.0-devel
 
-Create a template from the current directory or as specified by flag
+USAGE:
+  coder templates create [flags] [name]
 
-Options
+  Create a template from the current directory or as specified by flag
-      --default-ttl duration (default: 24h)
+
+OPTIONS:
+      --default-ttl duration (default: 24h)
           Specify a default TTL for workspaces created from this template. It is
           the default time before shutdown - workspaces created from this
           template default to this value. Maps to "Default autostop" in the UI.
 
-  -d, --directory string (default: .)
+  -d, --directory string (default: .)
           Specify the directory to create from, use '-' to read tar from stdin.
 
-      --failure-ttl duration (default: 0h)
+      --failure-ttl duration (default: 0h)
           Specify a failure TTL for workspaces created from this template. It is
           the amount of time after a failed "start" build before coder
           automatically schedules a "stop" build to cleanup.This licensed
           feature's default is 0h (off). Maps to "Failure cleanup"in the UI.
 
-      --ignore-lockfile bool (default: false)
+      --ignore-lockfile bool (default: false)
           Ignore warnings about not having a .terraform.lock.hcl file present in
           the template.
 
-      --inactivity-ttl duration (default: 0h)
+      --inactivity-ttl duration (default: 0h)
           Specify an inactivity TTL for workspaces created from this template.
           It is the amount of time the workspace is not used before it is be
           stopped and auto-locked. This includes across multiple builds (e.g.
           auto-starts and stops). This licensed feature's default is 0h (off).
           Maps to "Dormancy threshold" in the UI.
 
-      --max-ttl duration
+      --max-ttl duration
           Edit the template maximum time before shutdown - workspaces created
           from this template must shutdown within the given duration after
           starting. This is an enterprise-only feature.
 
-  -m, --message string
+  -m, --message string
           Specify a message describing the changes in this version of the
           template. Messages longer than 72 characters will be displayed as
           truncated.
 
-      --private bool
+      --private bool
           Disable the default behavior of granting template access to the
           'everyone' group. The template permissions must be updated to allow
           non-admin users to use this template.
 
-      --provisioner-tag string-array
+      --provisioner-tag string-array
           Specify a set of tags to target provisioner daemons.
 
-      --var string-array
+      --var string-array
           Alias of --variable.
 
-      --variable string-array
+      --variable string-array
           Specify a set of values for Terraform-managed variables.
 
-      --variables-file string
+      --variables-file string
           Specify a file path with values for Terraform-managed variables.
 
-  -y, --yes bool
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_templates_delete_--help.golden

@@ -1,12 +1,15 @@
-Usage: coder templates delete [flags] [name...]
+coder v0.0.0-devel
 
-Delete templates
+USAGE:
+  coder templates delete [flags] [name...]
 
-Aliases: rm
+  Delete templates
 
-Options
+  Aliases: rm
-  -y, --yes bool
+
+OPTIONS:
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_templates_edit_--help.golden

@@ -1,57 +1,60 @@
-Usage: coder templates edit [flags] <template>
+coder v0.0.0-devel
 
-Edit the metadata of a template by name.
+USAGE:
+  coder templates edit [flags] <template>
 
-Options
+  Edit the metadata of a template by name.
-      --allow-user-autostart bool (default: true)
+
+OPTIONS:
+      --allow-user-autostart bool (default: true)
           Allow users to configure autostart for workspaces on this template.
           This can only be disabled in enterprise.
 
-      --allow-user-autostop bool (default: true)
+      --allow-user-autostop bool (default: true)
           Allow users to customize the autostop TTL for workspaces on this
           template. This can only be disabled in enterprise.
 
-      --allow-user-cancel-workspace-jobs bool (default: true)
+      --allow-user-cancel-workspace-jobs bool (default: true)
           Allow users to cancel in-progress workspace jobs.
 
-      --default-ttl duration
+      --default-ttl duration
           Edit the template default time before shutdown - workspaces created
           from this template default to this value. Maps to "Default autostop"
           in the UI.
 
-      --description string
+      --description string
           Edit the template description.
 
-      --display-name string
+      --display-name string
           Edit the template display name.
 
-      --failure-ttl duration (default: 0h)
+      --failure-ttl duration (default: 0h)
           Specify a failure TTL for workspaces created from this template. It is
           the amount of time after a failed "start" build before coder
           automatically schedules a "stop" build to cleanup.This licensed
           feature's default is 0h (off). Maps to "Failure cleanup" in the UI.
 
-      --icon string
+      --icon string
           Edit the template icon path.
 
-      --inactivity-ttl duration (default: 0h)
+      --inactivity-ttl duration (default: 0h)
           Specify an inactivity TTL for workspaces created from this template.
           It is the amount of time the workspace is not used before it is be
           stopped and auto-locked. This includes across multiple builds (e.g.
           auto-starts and stops). This licensed feature's default is 0h (off).
           Maps to "Dormancy threshold" in the UI.
 
-      --max-ttl duration
+      --max-ttl duration
           Edit the template maximum time before shutdown - workspaces created
           from this template must shutdown within the given duration after
           starting, regardless of user activity. This is an enterprise-only
           feature. Maps to "Max lifetime" in the UI.
 
-      --name string
+      --name string
           Edit the template name.
 
-  -y, --yes bool
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_templates_init_--help.golden

@@ -1,10 +1,13 @@
-Usage: coder templates init [flags] [directory]
+coder v0.0.0-devel
 
-Get started with a templated template.
+USAGE:
+  coder templates init [flags] [directory]
 
-Options
+  Get started with a templated template.
-      --id aws-ecs-container|aws-linux|aws-windows|azure-linux|do-linux|docker|docker-with-dotfiles|fly-docker-image|gcp-linux|gcp-vm-container|gcp-windows|kubernetes
+
+OPTIONS:
+      --id aws-ecs-container|aws-linux|aws-windows|azure-linux|do-linux|docker|docker-with-dotfiles|fly-docker-image|gcp-linux|gcp-vm-container|gcp-windows|kubernetes
           Specify a given example template by ID.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_templates_list_--help.golden

@@ -1,17 +1,20 @@
-Usage: coder templates list [flags]
+coder v0.0.0-devel
 
-List all the templates available for the organization
+USAGE:
+  coder templates list [flags]
 
-Aliases: ls
+  List all the templates available for the organization
 
-Options
+  Aliases: ls
-  -c, --column string-array (default: name,last updated,used by)
+
+OPTIONS:
+  -c, --column string-array (default: name,last updated,used by)
           Columns to display in table output. Available columns: name, created
           at, last updated, organization id, provisioner, active version id,
           used by, default ttl.
 
-  -o, --output string (default: table)
+  -o, --output string (default: table)
           Output format. Available formats: table, json.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_templates_pull_--help.golden

@@ -1,13 +1,16 @@
-Usage: coder templates pull [flags] <name> [destination]
+coder v0.0.0-devel
 
-Download the latest version of a template to a path.
+USAGE:
+  coder templates pull [flags] <name> [destination]
 
-Options
+  Download the latest version of a template to a path.
-      --tar bool
+
+OPTIONS:
+      --tar bool
           Output the template as a tar archive to stdout.
 
-  -y, --yes bool
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_templates_push_--help.golden

@@ -1,48 +1,51 @@
-Usage: coder templates push [flags] [template]
+coder v0.0.0-devel
 
-Push a new template version from the current directory or as specified by flag
+USAGE:
+  coder templates push [flags] [template]
 
-Options
+  Push a new template version from the current directory or as specified by flag
-      --activate bool (default: true)
+
+OPTIONS:
+      --activate bool (default: true)
           Whether the new template will be marked active.
 
-      --always-prompt bool
+      --always-prompt bool
           Always prompt all parameters. Does not pull parameter values from
           active template version.
 
-      --create bool (default: false)
+      --create bool (default: false)
           Create the template if it does not exist.
 
-  -d, --directory string (default: .)
+  -d, --directory string (default: .)
           Specify the directory to create from, use '-' to read tar from stdin.
 
-      --ignore-lockfile bool (default: false)
+      --ignore-lockfile bool (default: false)
           Ignore warnings about not having a .terraform.lock.hcl file present in
           the template.
 
-  -m, --message string
+  -m, --message string
           Specify a message describing the changes in this version of the
           template. Messages longer than 72 characters will be displayed as
           truncated.
 
-      --name string
+      --name string
           Specify a name for the new template version. It will be automatically
           generated if not provided.
 
-      --provisioner-tag string-array
+      --provisioner-tag string-array
           Specify a set of tags to target provisioner daemons.
 
-      --var string-array
+      --var string-array
           Alias of --variable.
 
-      --variable string-array
+      --variable string-array
           Specify a set of values for Terraform-managed variables.
 
-      --variables-file string
+      --variables-file string
           Specify a file path with values for Terraform-managed variables.
 
-  -y, --yes bool
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_templates_versions_--help.golden

@@ -1,15 +1,18 @@
-Usage: coder templates versions
+coder v0.0.0-devel
 
-Manage different versions of the specified template
+USAGE:
+  coder templates versions
 
-Aliases: version
+  Manage different versions of the specified template
 
-- List versions of a specific template:
+  Aliases: version
 
-     $ coder templates versions list my-template
+    - List versions of a specific template:
+  
+       $ coder templates versions list my-template
 
-Subcommands
+SUBCOMMANDS:
     list    List all the versions of the specified template
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_templates_versions_list_--help.golden

@@ -1,14 +1,17 @@
-Usage: coder templates versions list [flags] <template>
+coder v0.0.0-devel
 
-List all the versions of the specified template
+USAGE:
+  coder templates versions list [flags] <template>
 
-Options
+  List all the versions of the specified template
-  -c, --column string-array (default: name,created at,created by,status,active)
+
+OPTIONS:
+  -c, --column string-array (default: name,created at,created by,status,active)
           Columns to display in table output. Available columns: name, created
           at, created by, status, active.
 
-  -o, --output string (default: table)
+  -o, --output string (default: table)
           Output format. Available formats: table, json.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_tokens_--help.golden

@@ -1,26 +1,29 @@
-Usage: coder tokens
+coder v0.0.0-devel
 
-Manage personal access tokens
+USAGE:
+  coder tokens
 
-Aliases: token
+  Manage personal access tokens
 
-Tokens are used to authenticate automated clients to Coder.
+  Aliases: token
-  - Create a token for automation:
 
-     $ coder tokens create
+  Tokens are used to authenticate automated clients to Coder.
+    - Create a token for automation:
+  
+       $ coder tokens create
+  
+    - List your tokens:
+  
+       $ coder tokens ls
+  
+    - Remove a token by ID:
+  
+       $ coder tokens rm WuoWs4ZsMX
 
-  - List your tokens:
+SUBCOMMANDS:
-
-     $ coder tokens ls
-
-  - Remove a token by ID:
-
-     $ coder tokens rm WuoWs4ZsMX
-
-Subcommands
     create    Create a token
     list      List tokens
     remove    Delete a token
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_tokens_create_--help.golden

@@ -1,13 +1,16 @@
-Usage: coder tokens create [flags]
+coder v0.0.0-devel
 
-Create a token
+USAGE:
+  coder tokens create [flags]
 
-Options
+  Create a token
-      --lifetime duration, $CODER_TOKEN_LIFETIME (default: 720h0m0s)
+
+OPTIONS:
+      --lifetime duration, $CODER_TOKEN_LIFETIME (default: 720h0m0s)
           Specify a duration for the lifetime of the token.
 
-  -n, --name string, $CODER_TOKEN_NAME
+  -n, --name string, $CODER_TOKEN_NAME
           Specify a human-readable name.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_tokens_list_--help.golden

@@ -1,20 +1,23 @@
-Usage: coder tokens list [flags]
+coder v0.0.0-devel
 
-List tokens
+USAGE:
+  coder tokens list [flags]
 
-Aliases: ls
+  List tokens
 
-Options
+  Aliases: ls
-  -a, --all bool
+
+OPTIONS:
+  -a, --all bool
           Specifies whether all users' tokens will be listed or not (must have
           Owner role to see all tokens).
 
-  -c, --column string-array (default: id,name,last used,expires at,created at)
+  -c, --column string-array (default: id,name,last used,expires at,created at)
           Columns to display in table output. Available columns: id, name, last
           used, expires at, created at, owner.
 
-  -o, --output string (default: table)
+  -o, --output string (default: table)
           Output format. Available formats: table, json.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_tokens_remove_--help.golden

@@ -1,8 +1,11 @@
-Usage: coder tokens remove <name>
+coder v0.0.0-devel
 
-Delete a token
+USAGE:
+  coder tokens remove <name>
 
-Aliases: delete, rm
+  Delete a token
 
----
+  Aliases: delete, rm
+
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_update_--help.golden

@@ -1,26 +1,29 @@
-Usage: coder update [flags] <workspace>
+coder v0.0.0-devel
 
-Will update and start a given workspace if it is out of date
+USAGE:
+  coder update [flags] <workspace>
 
-Use --always-prompt to change the parameter values of the workspace.
+  Will update and start a given workspace if it is out of date
 
-Options
+  Use --always-prompt to change the parameter values of the workspace.
-      --always-prompt bool
+
+OPTIONS:
+      --always-prompt bool
           Always prompt all parameters. Does not pull parameter values from
           existing workspace.
 
-      --build-option string-array, $CODER_BUILD_OPTION
+      --build-option string-array, $CODER_BUILD_OPTION
           Build option value in the format "name=value".
 
-      --build-options bool
+      --build-options bool
           Prompt for one-time build options defined with ephemeral parameters.
 
-      --parameter string-array, $CODER_RICH_PARAMETER
+      --parameter string-array, $CODER_RICH_PARAMETER
           Rich parameter value in the format "name=value".
 
-      --rich-parameter-file string, $CODER_RICH_PARAMETER_FILE
+      --rich-parameter-file string, $CODER_RICH_PARAMETER_FILE
           Specify a file path with values for rich parameters defined in the
           template.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_users_--help.golden

@@ -1,10 +1,13 @@
-Usage: coder users [subcommand]
+coder v0.0.0-devel
 
-Manage users
+USAGE:
+  coder users [subcommand]
 
-Aliases: user
+  Manage users
 
-Subcommands
+  Aliases: user
+
+SUBCOMMANDS:
     activate    Update a user's status to 'active'. Active users can fully
                 interact with the platform
     create      
@@ -14,5 +17,5 @@ Aliases: user
     suspend     Update a user's status to 'suspended'. A suspended user cannot
                 log into the platform
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_users_activate_--help.golden

@@ -1,15 +1,18 @@
-Usage: coder users activate [flags] <username|user_id>
+coder v0.0.0-devel
 
-Update a user's status to 'active'. Active users can fully interact with the
+USAGE:
-platform
+  coder users activate [flags] <username|user_id>
 
-Aliases: active
+  Update a user's status to 'active'. Active users can fully interact with the
+  platform
 
-$ coder users activate example_user
+  Aliases: active
 
-Options
+   $ coder users activate example_user
-  -c, --column string-array (default: username,email,created_at,status)
+
+OPTIONS:
+  -c, --column string-array (default: username,email,created_at,status)
           Specify a column to filter in the table.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_users_create_--help.golden

@@ -1,20 +1,23 @@
-Usage: coder users create [flags]
+coder v0.0.0-devel
 
-Options
+USAGE:
-  -e, --email string
+  coder users create [flags]
+
+OPTIONS:
+  -e, --email string
           Specifies an email address for the new user.
 
-      --login-type string
+      --login-type string
           Optionally specify the login type for the user. Valid values are:
           password, none, github, oidc. Using 'none' prevents the user from
           authenticating and requires an API key/token to be generated by an
           admin.
 
-  -p, --password string
+  -p, --password string
           Specifies a password for the new user.
 
-  -u, --username string
+  -u, --username string
           Specifies a username for the new user.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_users_list_--help.golden

@@ -1,14 +1,17 @@
-Usage: coder users list [flags]
+coder v0.0.0-devel
 
-Aliases: ls
+USAGE:
+  coder users list [flags]
 
-Options
+  Aliases: ls
-  -c, --column string-array (default: username,email,created_at,status)
+
+OPTIONS:
+  -c, --column string-array (default: username,email,created_at,status)
           Columns to display in table output. Available columns: id, username,
           email, created at, status.
 
-  -o, --output string (default: table)
+  -o, --output string (default: table)
           Output format. Available formats: table, json.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_users_show_--help.golden

@@ -1,12 +1,15 @@
-Usage: coder users show [flags] <username|user_id|'me'>
+coder v0.0.0-devel
 
-Show a single user. Use 'me' to indicate the currently authenticated user.
+USAGE:
+  coder users show [flags] <username|user_id|'me'>
 
-$ coder users show me
+  Show a single user. Use 'me' to indicate the currently authenticated user.
 
-Options
+   $ coder users show me
-  -o, --output string (default: table)
+
+OPTIONS:
+  -o, --output string (default: table)
           Output format. Available formats: table, json.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_users_suspend_--help.golden

@@ -1,15 +1,18 @@
-Usage: coder users suspend [flags] <username|user_id>
+coder v0.0.0-devel
 
-Update a user's status to 'suspended'. A suspended user cannot log into the
+USAGE:
-platform
+  coder users suspend [flags] <username|user_id>
 
-Aliases: rm, delete
+  Update a user's status to 'suspended'. A suspended user cannot log into the
+  platform
 
-$ coder users suspend example_user
+  Aliases: rm, delete
 
-Options
+   $ coder users suspend example_user
-  -c, --column string-array (default: username,email,created_at,status)
+
+OPTIONS:
+  -c, --column string-array (default: username,email,created_at,status)
           Specify a column to filter in the table.
 
----
+———
 Run `coder --help` for a list of global options.

cli/testdata/coder_version_--help.golden

@@ -1,10 +1,13 @@
-Usage: coder version [flags]
+coder v0.0.0-devel
 
-Show coder version
+USAGE:
+  coder version [flags]
 
-Options
+  Show coder version
-  -o, --output string (default: text)
+
+OPTIONS:
+  -o, --output string (default: text)
           Output format. Available formats: text, json.
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_--help.golden

@@ -1,58 +1,62 @@
-Usage: coder [global-flags] <subcommand>
+coder v0.0.0-devel
 
-Coder v0.0.0-devel — A tool for provisioning self-hosted development environments with Terraform.
+USAGE:
-  - Start a Coder server:
+  coder [global-flags] <subcommand>
 
-     $ coder server
+  Coder v0.0.0-devel — A tool for provisioning self-hosted development
+  environments with Terraform.
+    - Start a Coder server:
+  
+       $ coder server
+  
+    - Get started by creating a template from an example:
+  
+       $ coder templates init
 
-  - Get started by creating a template from an example:
+SUBCOMMANDS:
-
-     $ coder templates init
-
-Subcommands
     features           List Enterprise features
     groups             Manage groups
     licenses           Add, delete, and list licenses
     provisionerd       Manage provisioner daemons
     server             Start a Coder server
 
-Global Options 
+GLOBAL OPTIONS: 
 Global options are applied to all commands. They can be set using environment
 variables or flags.
 
-      --debug-options bool
+      --debug-options bool
           Print all options, how they're set, then exit.
 
-      --disable-direct-connections bool, $CODER_DISABLE_DIRECT_CONNECTIONS
+      --disable-direct-connections bool, $CODER_DISABLE_DIRECT_CONNECTIONS
           Disable direct (P2P) connections to workspaces.
 
-      --global-config string, $CODER_CONFIG_DIR (default: ~/.config/coderv2)
+      --global-config string, $CODER_CONFIG_DIR (default: ~/.config/coderv2)
           Path to the global `coder` config directory.
 
-      --header string-array, $CODER_HEADER
+      --header string-array, $CODER_HEADER
           Additional HTTP headers added to all requests. Provide as key=value.
           Can be specified multiple times.
 
-      --header-command string, $CODER_HEADER_COMMAND
+      --header-command string, $CODER_HEADER_COMMAND
           An external command that outputs additional HTTP headers added to all
           requests. The command must output each header as `key=value` on its
           own line.
 
-      --no-feature-warning bool, $CODER_NO_FEATURE_WARNING
+      --no-feature-warning bool, $CODER_NO_FEATURE_WARNING
           Suppress warnings about unlicensed features.
 
-      --no-version-warning bool, $CODER_NO_VERSION_WARNING
+      --no-version-warning bool, $CODER_NO_VERSION_WARNING
           Suppress warning when client and server versions do not match.
 
-      --token string, $CODER_SESSION_TOKEN
+      --token string, $CODER_SESSION_TOKEN
           Specify an authentication token. For security reasons setting
           CODER_SESSION_TOKEN is preferred.
 
-      --url url, $CODER_URL
+      --url url, $CODER_URL
           URL to a deployment.
 
-  -v, --verbose bool, $CODER_VERBOSE
+  -v, --verbose bool, $CODER_VERBOSE
           Enable verbose output.
 
----
+———
 Report bugs and request features at https://github.com/coder/coder/issues/new

enterprise/cli/testdata/coder_features_--help.golden

@@ -1,11 +1,14 @@
-Usage: coder features
+coder v0.0.0-devel
 
-List Enterprise features
+USAGE:
+  coder features
 
-Aliases: feature
+  List Enterprise features
 
-Subcommands
+  Aliases: feature
+
+SUBCOMMANDS:
     list    
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_features_list_--help.golden

@@ -1,14 +1,17 @@
-Usage: coder features list [flags]
+coder v0.0.0-devel
 
-Aliases: ls
+USAGE:
+  coder features list [flags]
 
-Options
+  Aliases: ls
-  -c, --column string-array (default: Name,Entitlement,Enabled,Limit,Actual)
+
+OPTIONS:
+  -c, --column string-array (default: Name,Entitlement,Enabled,Limit,Actual)
           Specify a column to filter in the table. Available columns are: Name,
           Entitlement, Enabled, Limit, Actual.
 
-  -o, --output string (default: table)
+  -o, --output string (default: table)
           Output format. Available formats are: table, json.
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_groups_--help.golden

@@ -1,14 +1,17 @@
-Usage: coder groups
+coder v0.0.0-devel
 
-Manage groups
+USAGE:
+  coder groups
 
-Aliases: group
+  Manage groups
 
-Subcommands
+  Aliases: group
+
+SUBCOMMANDS:
     create    Create a user group
     delete    Delete a user group
     edit      Edit a user group
     list      List user groups
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_groups_create_--help.golden

@@ -1,13 +1,16 @@
-Usage: coder groups create [flags] <name>
+coder v0.0.0-devel
 
-Create a user group
+USAGE:
+  coder groups create [flags] <name>
 
-Options
+  Create a user group
-  -u, --avatar-url string, $CODER_AVATAR_URL
+
+OPTIONS:
+  -u, --avatar-url string, $CODER_AVATAR_URL
           Set an avatar for a group.
 
-      --display-name string, $CODER_DISPLAY_NAME
+      --display-name string, $CODER_DISPLAY_NAME
           Optional human friendly name for the group.
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_groups_delete_--help.golden

@@ -1,8 +1,11 @@
-Usage: coder groups delete <name>
+coder v0.0.0-devel
 
-Delete a user group
+USAGE:
+  coder groups delete <name>
 
-Aliases: rm
+  Delete a user group
 
----
+  Aliases: rm
+
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_groups_edit_--help.golden

@@ -1,22 +1,25 @@
-Usage: coder groups edit [flags] <name>
+coder v0.0.0-devel
 
-Edit a user group
+USAGE:
+  coder groups edit [flags] <name>
 
-Options
+  Edit a user group
-  -a, --add-users string-array
+
+OPTIONS:
+  -a, --add-users string-array
           Add users to the group. Accepts emails or IDs.
 
-  -u, --avatar-url string
+  -u, --avatar-url string
           Update the group avatar.
 
-      --display-name string, $CODER_DISPLAY_NAME
+      --display-name string, $CODER_DISPLAY_NAME
           Optional human friendly name for the group.
 
-  -n, --name string
+  -n, --name string
           Update the group name.
 
-  -r, --rm-users string-array
+  -r, --rm-users string-array
           Remove users to the group. Accepts emails or IDs.
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_groups_list_--help.golden

@@ -1,14 +1,17 @@
-Usage: coder groups list [flags]
+coder v0.0.0-devel
 
-List user groups
+USAGE:
+  coder groups list [flags]
 
-Options
+  List user groups
-  -c, --column string-array (default: name,display name,organization id,members,avatar url)
+
+OPTIONS:
+  -c, --column string-array (default: name,display name,organization id,members,avatar url)
           Columns to display in table output. Available columns: name, display
           name, organization id, members, avatar url.
 
-  -o, --output string (default: table)
+  -o, --output string (default: table)
           Output format. Available formats: table, json.
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_licenses_--help.golden

@@ -1,13 +1,16 @@
-Usage: coder licenses
+coder v0.0.0-devel
 
-Add, delete, and list licenses
+USAGE:
+  coder licenses
 
-Aliases: license
+  Add, delete, and list licenses
 
-Subcommands
+  Aliases: license
+
+SUBCOMMANDS:
     add       Add license to Coder deployment
     delete    Delete license by ID
     list      List licenses (including expired)
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_licenses_add_--help.golden

@@ -1,16 +1,19 @@
-Usage: coder licenses add [flags] [-f file | -l license]
+coder v0.0.0-devel
 
-Add license to Coder deployment
+USAGE:
+  coder licenses add [flags] [-f file | -l license]
 
-Options
+  Add license to Coder deployment
-      --debug bool
+
+OPTIONS:
+      --debug bool
           Output license claims for debugging.
 
-  -f, --file string
+  -f, --file string
           Load license from file.
 
-  -l, --license string
+  -l, --license string
           License string.
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_licenses_delete_--help.golden

@@ -1,8 +1,11 @@
-Usage: coder licenses delete <id>
+coder v0.0.0-devel
 
-Delete license by ID
+USAGE:
+  coder licenses delete <id>
 
-Aliases: del, rm
+  Delete license by ID
 
----
+  Aliases: del, rm
+
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_licenses_list_--help.golden

@@ -1,16 +1,19 @@
-Usage: coder licenses list [flags]
+coder v0.0.0-devel
 
-List licenses (including expired)
+USAGE:
+  coder licenses list [flags]
 
-Aliases: ls
+  List licenses (including expired)
 
-Options
+  Aliases: ls
-  -c, --column string-array (default: UUID,Expires At,Uploaded At,Features)
+
+OPTIONS:
+  -c, --column string-array (default: UUID,Expires At,Uploaded At,Features)
           Columns to display in table output. Available columns: id, uuid,
           uploaded at, features, expires at, trial.
 
-  -o, --output string (default: table)
+  -o, --output string (default: table)
           Output format. Available formats: table, json.
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_provisionerd_--help.golden

@@ -1,9 +1,12 @@
-Usage: coder provisionerd
+coder v0.0.0-devel
 
-Manage provisioner daemons
+USAGE:
+  coder provisionerd
 
-Subcommands
+  Manage provisioner daemons
+
+SUBCOMMANDS:
     start    Run a provisioner daemon
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_provisionerd_start_--help.golden

@@ -1,22 +1,25 @@
-Usage: coder provisionerd start [flags]
+coder v0.0.0-devel
 
-Run a provisioner daemon
+USAGE:
+  coder provisionerd start [flags]
 
-Options
+  Run a provisioner daemon
-  -c, --cache-dir string, $CODER_CACHE_DIRECTORY (default: [cache dir])
+
+OPTIONS:
+  -c, --cache-dir string, $CODER_CACHE_DIRECTORY (default: [cache dir])
           Directory to store cached data.
 
-      --poll-interval duration, $CODER_PROVISIONERD_POLL_INTERVAL (default: 1s)
+      --poll-interval duration, $CODER_PROVISIONERD_POLL_INTERVAL (default: 1s)
           How often to poll for provisioner jobs.
 
-      --poll-jitter duration, $CODER_PROVISIONERD_POLL_JITTER (default: 100ms)
+      --poll-jitter duration, $CODER_PROVISIONERD_POLL_JITTER (default: 100ms)
           How much to jitter the poll interval by.
 
-      --psk string, $CODER_PROVISIONER_DAEMON_PSK
+      --psk string, $CODER_PROVISIONER_DAEMON_PSK
           Pre-shared key to authenticate with Coder server.
 
-  -t, --tag string-array, $CODER_PROVISIONERD_TAGS
+  -t, --tag string-array, $CODER_PROVISIONERD_TAGS
           Tags to filter provisioner jobs by.
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_server_--help.golden

@@ -1,8 +1,11 @@
-Usage: coder server [flags]
+coder v0.0.0-devel
 
-Start a Coder server
+USAGE:
+  coder server [flags]
 
-Subcommands
+  Start a Coder server
+
+SUBCOMMANDS:
     create-admin-user         Create a new admin user with the given username,
                               email and password and adds it to every
                               organization.
@@ -11,153 +14,153 @@ Start a Coder server
     postgres-builtin-url      Output the connection URL for the built-in
                               PostgreSQL deployment.
 
-Options
+OPTIONS:
-      --cache-dir string, $CODER_CACHE_DIRECTORY (default: [cache dir])
+      --cache-dir string, $CODER_CACHE_DIRECTORY (default: [cache dir])
           The directory to cache temporary files. If unspecified and
           $CACHE_DIRECTORY is set, it will be used for compatibility with
           systemd.
 
-      --disable-owner-workspace-access bool, $CODER_DISABLE_OWNER_WORKSPACE_ACCESS
+      --disable-owner-workspace-access bool, $CODER_DISABLE_OWNER_WORKSPACE_ACCESS
           Remove the permission for the 'owner' role to have workspace execution
           on all workspaces. This prevents the 'owner' from ssh, apps, and
           terminal access based on the 'owner' role. They still have their user
           permissions to access their own workspaces.
 
-      --disable-path-apps bool, $CODER_DISABLE_PATH_APPS
+      --disable-path-apps bool, $CODER_DISABLE_PATH_APPS
           Disable workspace apps that are not served from subdomains. Path-based
           apps can make requests to the Coder API and pose a security risk when
           the workspace serves malicious JavaScript. This is recommended for
           security purposes if a --wildcard-access-url is configured.
 
-      --swagger-enable bool, $CODER_SWAGGER_ENABLE
+      --swagger-enable bool, $CODER_SWAGGER_ENABLE
           Expose the swagger endpoint via /swagger.
 
-      --experiments string-array, $CODER_EXPERIMENTS
+      --experiments string-array, $CODER_EXPERIMENTS
           Enable one or more experiments. These are not ready for production.
           Separate multiple experiments with commas, or enter '*' to opt-in to
           all available experiments.
 
-      --postgres-url string, $CODER_PG_CONNECTION_URL
+      --postgres-url string, $CODER_PG_CONNECTION_URL
           URL of a PostgreSQL database. If empty, PostgreSQL binaries will be
           downloaded from Maven (https://repo1.maven.org/maven2) and store all
           data in the config root. Access the built-in database with "coder
           server postgres-builtin-url".
 
-      --ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519)
+      --ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519)
           The algorithm to use for generating ssh keys. Accepted values are
           "ed25519", "ecdsa", or "rsa4096".
 
-      --update-check bool, $CODER_UPDATE_CHECK (default: false)
+      --update-check bool, $CODER_UPDATE_CHECK (default: false)
           Periodically check for new releases of Coder and inform the owner. The
           check is performed once per day.
 
-Client Options 
+CLIENT OPTIONS: 
 These options change the behavior of how clients interact with the Coder.
 Clients include the coder cli, vs code extension, and the web UI.
 
-      --ssh-config-options string-array, $CODER_SSH_CONFIG_OPTIONS
+      --ssh-config-options string-array, $CODER_SSH_CONFIG_OPTIONS
           These SSH config options will override the default SSH config options.
           Provide options in "key=value" or "key value" format separated by
           commas.Using this incorrectly can break SSH to your deployment, use
           cautiously.
 
-      --ssh-hostname-prefix string, $CODER_SSH_HOSTNAME_PREFIX (default: coder.)
+      --ssh-hostname-prefix string, $CODER_SSH_HOSTNAME_PREFIX (default: coder.)
           The SSH deployment prefix is used in the Host of the ssh config.
 
-Config Options 
+CONFIG OPTIONS: 
 Use a YAML configuration file when your server launch become unwieldy.
 
-  -c, --config yaml-config-path, $CODER_CONFIG_PATH
+  -c, --config yaml-config-path, $CODER_CONFIG_PATH
           Specify a YAML file to load configuration from.
 
-      --write-config bool
+      --write-config bool
           
           Write out the current server config as YAML to stdout.
 
-Introspection / Logging Options 
+INTROSPECTION / LOGGING OPTIONS: 
-      --enable-terraform-debug-mode bool, $CODER_ENABLE_TERRAFORM_DEBUG_MODE (default: false)
+      --enable-terraform-debug-mode bool, $CODER_ENABLE_TERRAFORM_DEBUG_MODE (default: false)
           Allow administrators to enable Terraform debug output.
 
-      --log-human string, $CODER_LOGGING_HUMAN (default: /dev/stderr)
+      --log-human string, $CODER_LOGGING_HUMAN (default: /dev/stderr)
           Output human-readable logs to a given file.
 
-      --log-json string, $CODER_LOGGING_JSON
+      --log-json string, $CODER_LOGGING_JSON
           Output JSON logs to a given file.
 
-  -l, --log-filter string-array, $CODER_LOG_FILTER
+  -l, --log-filter string-array, $CODER_LOG_FILTER
           Filter debug logs by matching against a given regex. Use .* to match
           all debug logs.
 
-      --log-stackdriver string, $CODER_LOGGING_STACKDRIVER
+      --log-stackdriver string, $CODER_LOGGING_STACKDRIVER
           Output Stackdriver compatible logs to a given file.
 
-Introspection / Prometheus Options 
+INTROSPECTION / PROMETHEUS OPTIONS: 
-      --prometheus-address host:port, $CODER_PROMETHEUS_ADDRESS (default: 127.0.0.1:2112)
+      --prometheus-address host:port, $CODER_PROMETHEUS_ADDRESS (default: 127.0.0.1:2112)
           The bind address to serve prometheus metrics.
 
-      --prometheus-collect-agent-stats bool, $CODER_PROMETHEUS_COLLECT_AGENT_STATS
+      --prometheus-collect-agent-stats bool, $CODER_PROMETHEUS_COLLECT_AGENT_STATS
           Collect agent stats (may increase charges for metrics storage).
 
-      --prometheus-collect-db-metrics bool, $CODER_PROMETHEUS_COLLECT_DB_METRICS (default: false)
+      --prometheus-collect-db-metrics bool, $CODER_PROMETHEUS_COLLECT_DB_METRICS (default: false)
           Collect database metrics (may increase charges for metrics storage).
 
-      --prometheus-enable bool, $CODER_PROMETHEUS_ENABLE
+      --prometheus-enable bool, $CODER_PROMETHEUS_ENABLE
           Serve prometheus metrics on the address defined by prometheus address.
 
-Introspection / Tracing Options 
+INTROSPECTION / TRACING OPTIONS: 
-      --trace-logs bool, $CODER_TRACE_LOGS
+      --trace-logs bool, $CODER_TRACE_LOGS
           Enables capturing of logs as events in traces. This is useful for
           debugging, but may result in a very large amount of events being sent
           to the tracing backend which may incur significant costs.
 
-      --trace bool, $CODER_TRACE_ENABLE
+      --trace bool, $CODER_TRACE_ENABLE
           Whether application tracing data is collected. It exports to a backend
           configured by environment variables. See:
           https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md.
 
-      --trace-honeycomb-api-key string, $CODER_TRACE_HONEYCOMB_API_KEY
+      --trace-honeycomb-api-key string, $CODER_TRACE_HONEYCOMB_API_KEY
           Enables trace exporting to Honeycomb.io using the provided API Key.
 
-Introspection / pprof Options 
+INTROSPECTION / PPROF OPTIONS: 
-      --pprof-address host:port, $CODER_PPROF_ADDRESS (default: 127.0.0.1:6060)
+      --pprof-address host:port, $CODER_PPROF_ADDRESS (default: 127.0.0.1:6060)
           The bind address to serve pprof.
 
-      --pprof-enable bool, $CODER_PPROF_ENABLE
+      --pprof-enable bool, $CODER_PPROF_ENABLE
           Serve pprof metrics on the address defined by pprof address.
 
-Networking Options 
+NETWORKING OPTIONS: 
-      --access-url url, $CODER_ACCESS_URL
+      --access-url url, $CODER_ACCESS_URL
           The URL that users will use to access the Coder deployment.
 
-      --docs-url url, $CODER_DOCS_URL
+      --docs-url url, $CODER_DOCS_URL
           Specifies the custom docs URL.
 
-      --proxy-trusted-headers string-array, $CODER_PROXY_TRUSTED_HEADERS
+      --proxy-trusted-headers string-array, $CODER_PROXY_TRUSTED_HEADERS
           Headers to trust for forwarding IP addresses. e.g. Cf-Connecting-Ip,
           True-Client-Ip, X-Forwarded-For.
 
-      --proxy-trusted-origins string-array, $CODER_PROXY_TRUSTED_ORIGINS
+      --proxy-trusted-origins string-array, $CODER_PROXY_TRUSTED_ORIGINS
           Origin addresses to respect "proxy-trusted-headers". e.g.
           192.168.1.0/24.
 
-      --redirect-to-access-url bool, $CODER_REDIRECT_TO_ACCESS_URL
+      --redirect-to-access-url bool, $CODER_REDIRECT_TO_ACCESS_URL
           Specifies whether to redirect requests that do not match the access
           URL host.
 
-      --secure-auth-cookie bool, $CODER_SECURE_AUTH_COOKIE
+      --secure-auth-cookie bool, $CODER_SECURE_AUTH_COOKIE
           Controls if the 'Secure' property is set on browser session cookies.
 
-      --wildcard-access-url url, $CODER_WILDCARD_ACCESS_URL
+      --wildcard-access-url url, $CODER_WILDCARD_ACCESS_URL
           Specifies the wildcard hostname to use for workspace applications in
           the form "*.example.com".
 
-Networking / DERP Options 
+NETWORKING / DERP OPTIONS: 
 Most Coder deployments never have to think about DERP because all connections
 between workspaces and users are peer-to-peer. However, when Coder cannot
 establish a peer to peer connection, Coder uses a distributed relay network
 backed by Tailscale and WireGuard.
 
-      --block-direct-connections bool, $CODER_BLOCK_DIRECT
+      --block-direct-connections bool, $CODER_BLOCK_DIRECT
           Block peer-to-peer (aka. direct) workspace connections. All workspace
           connections from the CLI will be proxied through Coder (or custom
           configured DERP servers) and will never be peer-to-peer when enabled.
@@ -165,36 +168,36 @@ backed by Tailscale and WireGuard.
           until they are restarted after this change has been made, but new
           connections will still be proxied regardless.
 
-      --derp-config-path string, $CODER_DERP_CONFIG_PATH
+      --derp-config-path string, $CODER_DERP_CONFIG_PATH
           Path to read a DERP mapping from. See:
           https://tailscale.com/kb/1118/custom-derp-servers/.
 
-      --derp-config-url string, $CODER_DERP_CONFIG_URL
+      --derp-config-url string, $CODER_DERP_CONFIG_URL
           URL to fetch a DERP mapping on startup. See:
           https://tailscale.com/kb/1118/custom-derp-servers/.
 
-      --derp-force-websockets bool, $CODER_DERP_FORCE_WEBSOCKETS
+      --derp-force-websockets bool, $CODER_DERP_FORCE_WEBSOCKETS
           Force clients and agents to always use WebSocket to connect to DERP
           relay servers. By default, DERP uses `Upgrade: derp`, which may cause
           issues with some reverse proxies. Clients may automatically fallback
           to WebSocket if they detect an issue with `Upgrade: derp`, but this
           does not work in all situations.
 
-      --derp-server-enable bool, $CODER_DERP_SERVER_ENABLE (default: true)
+      --derp-server-enable bool, $CODER_DERP_SERVER_ENABLE (default: true)
           Whether to enable or disable the embedded DERP relay server.
 
-      --derp-server-region-name string, $CODER_DERP_SERVER_REGION_NAME (default: Coder Embedded Relay)
+      --derp-server-region-name string, $CODER_DERP_SERVER_REGION_NAME (default: Coder Embedded Relay)
           Region name that for the embedded DERP server.
 
-      --derp-server-stun-addresses string-array, $CODER_DERP_SERVER_STUN_ADDRESSES (default: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302)
+      --derp-server-stun-addresses string-array, $CODER_DERP_SERVER_STUN_ADDRESSES (default: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302)
           Addresses for STUN servers to establish P2P connections. It's
           recommended to have at least two STUN servers to give users the best
           chance of connecting P2P to workspaces. Each STUN server will get it's
           own DERP region, with region IDs starting at `--derp-server-region-id
           + 1`. Use special value 'disable' to turn off STUN completely.
 
-Networking / HTTP Options 
+NETWORKING / HTTP OPTIONS: 
-      --disable-password-auth bool, $CODER_DISABLE_PASSWORD_AUTH
+      --disable-password-auth bool, $CODER_DISABLE_PASSWORD_AUTH
           Disable password authentication. This is recommended for security
           purposes in production deployments that rely on an identity provider.
           Any user with the owner role will be able to sign in with their
@@ -203,226 +206,226 @@ backed by Tailscale and WireGuard.
           create-admin` command to create a new admin user directly in the
           database.
 
-      --disable-session-expiry-refresh bool, $CODER_DISABLE_SESSION_EXPIRY_REFRESH
+      --disable-session-expiry-refresh bool, $CODER_DISABLE_SESSION_EXPIRY_REFRESH
           Disable automatic session expiry bumping due to activity. This forces
           all sessions to become invalid after the session expiry duration has
           been reached.
 
-      --http-address string, $CODER_HTTP_ADDRESS (default: 127.0.0.1:3000)
+      --http-address string, $CODER_HTTP_ADDRESS (default: 127.0.0.1:3000)
           HTTP bind address of the server. Unset to disable the HTTP endpoint.
 
-      --max-token-lifetime duration, $CODER_MAX_TOKEN_LIFETIME (default: 876600h0m0s)
+      --max-token-lifetime duration, $CODER_MAX_TOKEN_LIFETIME (default: 876600h0m0s)
           The maximum lifetime duration users can specify when creating an API
           token.
 
-      --proxy-health-interval duration, $CODER_PROXY_HEALTH_INTERVAL (default: 1m0s)
+      --proxy-health-interval duration, $CODER_PROXY_HEALTH_INTERVAL (default: 1m0s)
           The interval in which coderd should be checking the status of
           workspace proxies.
 
-      --session-duration duration, $CODER_SESSION_DURATION (default: 24h0m0s)
+      --session-duration duration, $CODER_SESSION_DURATION (default: 24h0m0s)
           The token expiry duration for browser sessions. Sessions may last
           longer if they are actively making requests, but this functionality
           can be disabled via --disable-session-expiry-refresh.
 
-Networking / TLS Options 
+NETWORKING / TLS OPTIONS: 
 Configure TLS / HTTPS for your Coder deployment. If you're running Coder behind
 a TLS-terminating reverse proxy or are accessing Coder over a secure link, you
 can safely ignore these settings.
 
-      --strict-transport-security int, $CODER_STRICT_TRANSPORT_SECURITY (default: 0)
+      --strict-transport-security int, $CODER_STRICT_TRANSPORT_SECURITY (default: 0)
           Controls if the 'Strict-Transport-Security' header is set on all
           static file responses. This header should only be set if the server is
           accessed via HTTPS. This value is the MaxAge in seconds of the header.
 
-      --strict-transport-security-options string-array, $CODER_STRICT_TRANSPORT_SECURITY_OPTIONS
+      --strict-transport-security-options string-array, $CODER_STRICT_TRANSPORT_SECURITY_OPTIONS
           Two optional fields can be set in the Strict-Transport-Security
           header; 'includeSubDomains' and 'preload'. The
           'strict-transport-security' flag must be set to a non-zero value for
           these options to be used.
 
-      --tls-address host:port, $CODER_TLS_ADDRESS (default: 127.0.0.1:3443)
+      --tls-address host:port, $CODER_TLS_ADDRESS (default: 127.0.0.1:3443)
           HTTPS bind address of the server.
 
-      --tls-cert-file string-array, $CODER_TLS_CERT_FILE
+      --tls-cert-file string-array, $CODER_TLS_CERT_FILE
           Path to each certificate for TLS. It requires a PEM-encoded file. To
           configure the listener to use a CA certificate, concatenate the
           primary certificate and the CA certificate together. The primary
           certificate should appear first in the combined file.
 
-      --tls-client-auth string, $CODER_TLS_CLIENT_AUTH (default: none)
+      --tls-client-auth string, $CODER_TLS_CLIENT_AUTH (default: none)
           Policy the server will follow for TLS Client Authentication. Accepted
           values are "none", "request", "require-any", "verify-if-given", or
           "require-and-verify".
 
-      --tls-client-ca-file string, $CODER_TLS_CLIENT_CA_FILE
+      --tls-client-ca-file string, $CODER_TLS_CLIENT_CA_FILE
           PEM-encoded Certificate Authority file used for checking the
           authenticity of client.
 
-      --tls-client-cert-file string, $CODER_TLS_CLIENT_CERT_FILE
+      --tls-client-cert-file string, $CODER_TLS_CLIENT_CERT_FILE
           Path to certificate for client TLS authentication. It requires a
           PEM-encoded file.
 
-      --tls-client-key-file string, $CODER_TLS_CLIENT_KEY_FILE
+      --tls-client-key-file string, $CODER_TLS_CLIENT_KEY_FILE
           Path to key for client TLS authentication. It requires a PEM-encoded
           file.
 
-      --tls-enable bool, $CODER_TLS_ENABLE
+      --tls-enable bool, $CODER_TLS_ENABLE
           Whether TLS will be enabled.
 
-      --tls-key-file string-array, $CODER_TLS_KEY_FILE
+      --tls-key-file string-array, $CODER_TLS_KEY_FILE
           Paths to the private keys for each of the certificates. It requires a
           PEM-encoded file.
 
-      --tls-min-version string, $CODER_TLS_MIN_VERSION (default: tls12)
+      --tls-min-version string, $CODER_TLS_MIN_VERSION (default: tls12)
           Minimum supported version of TLS. Accepted values are "tls10",
           "tls11", "tls12" or "tls13".
 
-OAuth2 / GitHub Options 
+OAUTH2 / GITHUB OPTIONS: 
-      --oauth2-github-allow-everyone bool, $CODER_OAUTH2_GITHUB_ALLOW_EVERYONE
+      --oauth2-github-allow-everyone bool, $CODER_OAUTH2_GITHUB_ALLOW_EVERYONE
           Allow all logins, setting this option means allowed orgs and teams
           must be empty.
 
-      --oauth2-github-allow-signups bool, $CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS
+      --oauth2-github-allow-signups bool, $CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS
           Whether new users can sign up with GitHub.
 
-      --oauth2-github-allowed-orgs string-array, $CODER_OAUTH2_GITHUB_ALLOWED_ORGS
+      --oauth2-github-allowed-orgs string-array, $CODER_OAUTH2_GITHUB_ALLOWED_ORGS
           Organizations the user must be a member of to Login with GitHub.
 
-      --oauth2-github-allowed-teams string-array, $CODER_OAUTH2_GITHUB_ALLOWED_TEAMS
+      --oauth2-github-allowed-teams string-array, $CODER_OAUTH2_GITHUB_ALLOWED_TEAMS
           Teams inside organizations the user must be a member of to Login with
           GitHub. Structured as: <organization-name>/<team-slug>.
 
-      --oauth2-github-client-id string, $CODER_OAUTH2_GITHUB_CLIENT_ID
+      --oauth2-github-client-id string, $CODER_OAUTH2_GITHUB_CLIENT_ID
           Client ID for Login with GitHub.
 
-      --oauth2-github-client-secret string, $CODER_OAUTH2_GITHUB_CLIENT_SECRET
+      --oauth2-github-client-secret string, $CODER_OAUTH2_GITHUB_CLIENT_SECRET
           Client secret for Login with GitHub.
 
-      --oauth2-github-enterprise-base-url string, $CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL
+      --oauth2-github-enterprise-base-url string, $CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL
           Base URL of a GitHub Enterprise deployment to use for Login with
           GitHub.
 
-OIDC Options 
+OIDC OPTIONS: 
-      --oidc-group-auto-create bool, $CODER_OIDC_GROUP_AUTO_CREATE (default: false)
+      --oidc-group-auto-create bool, $CODER_OIDC_GROUP_AUTO_CREATE (default: false)
           Automatically creates missing groups from a user's groups claim.
 
-      --oidc-allow-signups bool, $CODER_OIDC_ALLOW_SIGNUPS (default: true)
+      --oidc-allow-signups bool, $CODER_OIDC_ALLOW_SIGNUPS (default: true)
           Whether new users can sign up with OIDC.
 
-      --oidc-auth-url-params struct[map[string]string], $CODER_OIDC_AUTH_URL_PARAMS (default: {"access_type": "offline"})
+      --oidc-auth-url-params struct[map[string]string], $CODER_OIDC_AUTH_URL_PARAMS (default: {"access_type": "offline"})
           OIDC auth URL parameters to pass to the upstream provider.
 
-      --oidc-client-cert-file string, $CODER_OIDC_CLIENT_CERT_FILE
+      --oidc-client-cert-file string, $CODER_OIDC_CLIENT_CERT_FILE
           Pem encoded certificate file to use for oauth2 PKI/JWT authorization.
           The public certificate that accompanies oidc-client-key-file. A
           standard x509 certificate is expected.
 
-      --oidc-client-id string, $CODER_OIDC_CLIENT_ID
+      --oidc-client-id string, $CODER_OIDC_CLIENT_ID
           Client ID to use for Login with OIDC.
 
-      --oidc-client-key-file string, $CODER_OIDC_CLIENT_KEY_FILE
+      --oidc-client-key-file string, $CODER_OIDC_CLIENT_KEY_FILE
           Pem encoded RSA private key to use for oauth2 PKI/JWT authorization.
           This can be used instead of oidc-client-secret if your IDP supports
           it.
 
-      --oidc-client-secret string, $CODER_OIDC_CLIENT_SECRET
+      --oidc-client-secret string, $CODER_OIDC_CLIENT_SECRET
           Client secret to use for Login with OIDC.
 
-      --oidc-email-domain string-array, $CODER_OIDC_EMAIL_DOMAIN
+      --oidc-email-domain string-array, $CODER_OIDC_EMAIL_DOMAIN
           Email domains that clients logging in with OIDC must match.
 
-      --oidc-email-field string, $CODER_OIDC_EMAIL_FIELD (default: email)
+      --oidc-email-field string, $CODER_OIDC_EMAIL_FIELD (default: email)
           OIDC claim field to use as the email.
 
-      --oidc-group-field string, $CODER_OIDC_GROUP_FIELD
+      --oidc-group-field string, $CODER_OIDC_GROUP_FIELD
           This field must be set if using the group sync feature and the scope
           name is not 'groups'. Set to the claim to be used for groups.
 
-      --oidc-group-mapping struct[map[string]string], $CODER_OIDC_GROUP_MAPPING (default: {})
+      --oidc-group-mapping struct[map[string]string], $CODER_OIDC_GROUP_MAPPING (default: {})
           A map of OIDC group IDs and the group in Coder it should map to. This
           is useful for when OIDC providers only return group IDs.
 
-      --oidc-ignore-email-verified bool, $CODER_OIDC_IGNORE_EMAIL_VERIFIED
+      --oidc-ignore-email-verified bool, $CODER_OIDC_IGNORE_EMAIL_VERIFIED
           Ignore the email_verified claim from the upstream provider.
 
-      --oidc-ignore-userinfo bool, $CODER_OIDC_IGNORE_USERINFO (default: false)
+      --oidc-ignore-userinfo bool, $CODER_OIDC_IGNORE_USERINFO (default: false)
           Ignore the userinfo endpoint and only use the ID token for user
           information.
 
-      --oidc-issuer-url string, $CODER_OIDC_ISSUER_URL
+      --oidc-issuer-url string, $CODER_OIDC_ISSUER_URL
           Issuer URL to use for Login with OIDC.
 
-      --oidc-group-regex-filter regexp, $CODER_OIDC_GROUP_REGEX_FILTER (default: .*)
+      --oidc-group-regex-filter regexp, $CODER_OIDC_GROUP_REGEX_FILTER (default: .*)
           If provided any group name not matching the regex is ignored. This
           allows for filtering out groups that are not needed. This filter is
           applied after the group mapping.
 
-      --oidc-scopes string-array, $CODER_OIDC_SCOPES (default: openid,profile,email)
+      --oidc-scopes string-array, $CODER_OIDC_SCOPES (default: openid,profile,email)
           Scopes to grant when authenticating with OIDC.
 
-      --oidc-user-role-default string-array, $CODER_OIDC_USER_ROLE_DEFAULT
+      --oidc-user-role-default string-array, $CODER_OIDC_USER_ROLE_DEFAULT
           If user role sync is enabled, these roles are always included for all
           authenticated users. The 'member' role is always assigned.
 
-      --oidc-user-role-field string, $CODER_OIDC_USER_ROLE_FIELD
+      --oidc-user-role-field string, $CODER_OIDC_USER_ROLE_FIELD
           This field must be set if using the user roles sync feature. Set this
           to the name of the claim used to store the user's role. The roles
           should be sent as an array of strings.
 
-      --oidc-user-role-mapping struct[map[string][]string], $CODER_OIDC_USER_ROLE_MAPPING (default: {})
+      --oidc-user-role-mapping struct[map[string][]string], $CODER_OIDC_USER_ROLE_MAPPING (default: {})
           A map of the OIDC passed in user roles and the groups in Coder it
           should map to. This is useful if the group names do not match. If
           mapped to the empty string, the role will ignored.
 
-      --oidc-username-field string, $CODER_OIDC_USERNAME_FIELD (default: preferred_username)
+      --oidc-username-field string, $CODER_OIDC_USERNAME_FIELD (default: preferred_username)
           OIDC claim field to use as the username.
 
-      --oidc-sign-in-text string, $CODER_OIDC_SIGN_IN_TEXT (default: OpenID Connect)
+      --oidc-sign-in-text string, $CODER_OIDC_SIGN_IN_TEXT (default: OpenID Connect)
           The text to show on the OpenID Connect sign in button.
 
-      --oidc-icon-url url, $CODER_OIDC_ICON_URL
+      --oidc-icon-url url, $CODER_OIDC_ICON_URL
           URL pointing to the icon to use on the OpenID Connect login button.
 
-Provisioning Options 
+PROVISIONING OPTIONS: 
 Tune the behavior of the provisioner, which is responsible for creating,
 updating, and deleting workspace resources.
 
-      --provisioner-force-cancel-interval duration, $CODER_PROVISIONER_FORCE_CANCEL_INTERVAL (default: 10m0s)
+      --provisioner-force-cancel-interval duration, $CODER_PROVISIONER_FORCE_CANCEL_INTERVAL (default: 10m0s)
           Time to force cancel provisioning tasks that are stuck.
 
-      --provisioner-daemon-poll-interval duration, $CODER_PROVISIONER_DAEMON_POLL_INTERVAL (default: 1s)
+      --provisioner-daemon-poll-interval duration, $CODER_PROVISIONER_DAEMON_POLL_INTERVAL (default: 1s)
           Time to wait before polling for a new job.
 
-      --provisioner-daemon-poll-jitter duration, $CODER_PROVISIONER_DAEMON_POLL_JITTER (default: 100ms)
+      --provisioner-daemon-poll-jitter duration, $CODER_PROVISIONER_DAEMON_POLL_JITTER (default: 100ms)
           Random jitter added to the poll interval.
 
-      --provisioner-daemon-psk string, $CODER_PROVISIONER_DAEMON_PSK
+      --provisioner-daemon-psk string, $CODER_PROVISIONER_DAEMON_PSK
           Pre-shared key to authenticate external provisioner daemons to Coder
           server.
 
-      --provisioner-daemons int, $CODER_PROVISIONER_DAEMONS (default: 3)
+      --provisioner-daemons int, $CODER_PROVISIONER_DAEMONS (default: 3)
           Number of provisioner daemons to create on start. If builds are stuck
           in queued state for a long time, consider increasing this.
 
-Telemetry Options 
+TELEMETRY OPTIONS: 
 Telemetry is critical to our ability to improve Coder. We strip all
 personalinformation before sending data to our servers. Please only disable
 telemetrywhen required by your organization's security policy.
 
-      --telemetry bool, $CODER_TELEMETRY_ENABLE (default: false)
+      --telemetry bool, $CODER_TELEMETRY_ENABLE (default: false)
           Whether telemetry is enabled or not. Coder collects anonymized usage
           data to help improve our product.
 
-      --telemetry-trace bool, $CODER_TELEMETRY_TRACE (default: false)
+      --telemetry-trace bool, $CODER_TELEMETRY_TRACE (default: false)
           Whether Opentelemetry traces are sent to Coder. Coder collects
           anonymized application tracing to help improve our product. Disabling
           telemetry also disables this option.
 
-User Quiet Hours Schedule Options 
+USER QUIET HOURS SCHEDULE OPTIONS: 
 Allow users to set quiet hours schedules each day for workspaces to avoid
 workspaces stopping during the day due to template max TTL.
 
-      --default-quiet-hours-schedule string, $CODER_QUIET_HOURS_DEFAULT_SCHEDULE
+      --default-quiet-hours-schedule string, $CODER_QUIET_HOURS_DEFAULT_SCHEDULE
           The default daily cron schedule applied to users that haven't set a
           custom quiet hours schedule themselves. The quiet hours schedule
           determines when workspaces will be force stopped due to the template's
@@ -432,8 +435,8 @@ workspaces stopping during the day due to template max TTL.
           one hour and minute can be specified (ranges or comma separated values
           are not supported).
 
-⚠️ Dangerous Options 
+⚠️ DANGEROUS OPTIONS: 
-      --dangerous-allow-path-app-sharing bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SHARING
+      --dangerous-allow-path-app-sharing bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SHARING
           Allow workspace apps that are not served from subdomains to be shared.
           Path-based app sharing is DISABLED by default for security purposes.
           Path-based apps can make requests to the Coder API and pose a security
@@ -441,7 +444,7 @@ workspaces stopping during the day due to template max TTL.
           can be disabled entirely with --disable-path-apps for further
           security.
 
-      --dangerous-allow-path-app-site-owner-access bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS
+      --dangerous-allow-path-app-site-owner-access bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS
           Allow site-owners to access workspace apps from workspaces they do not
           own. Owners cannot access path-based apps they do not own by default.
           Path-based apps can make requests to the Coder API and pose a security
@@ -449,17 +452,17 @@ workspaces stopping during the day due to template max TTL.
           can be disabled entirely with --disable-path-apps for further
           security.
 
-Enterprise Options 
+ENTERPRISE OPTIONS: 
 These options are only available in the Enterprise Edition.
 
-      --browser-only bool, $CODER_BROWSER_ONLY
+      --browser-only bool, $CODER_BROWSER_ONLY
           Whether Coder only allows connections to workspaces via the browser.
 
-      --derp-server-relay-url url, $CODER_DERP_SERVER_RELAY_URL
+      --derp-server-relay-url url, $CODER_DERP_SERVER_RELAY_URL
           An HTTP URL that is accessible by other replicas to relay DERP
           traffic. Required for high availability.
 
-      --external-token-encryption-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS
+      --external-token-encryption-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS
           Encrypt OIDC and Git authentication tokens with AES-256-GCM in the
           database. The value must be a comma-separated list of base64-encoded
           keys. Each key, when base64-decoded, must be exactly 32 bytes in
@@ -469,9 +472,9 @@ These options are only available in the Enterprise Edition.
           process of rotating keys with the `coder server dbcrypt rotate`
           command.
 
-      --scim-auth-header string, $CODER_SCIM_AUTH_HEADER
+      --scim-auth-header string, $CODER_SCIM_AUTH_HEADER
           Enables SCIM and sets the authentication header for the built-in SCIM
           server. New users are automatically created with OIDC authentication.
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_server_create-admin-user_--help.golden

@@ -1,32 +1,35 @@
-Usage: coder server create-admin-user [flags]
+coder v0.0.0-devel
 
-Create a new admin user with the given username, email and password and adds it
+USAGE:
-to every organization.
+  coder server create-admin-user [flags]
 
-Options
+  Create a new admin user with the given username, email and password and adds
-      --email string, $CODER_EMAIL
+  it to every organization.
+
+OPTIONS:
+      --email string, $CODER_EMAIL
           The email of the new user. If not specified, you will be prompted via
           stdin.
 
-      --password string, $CODER_PASSWORD
+      --password string, $CODER_PASSWORD
           The password of the new user. If not specified, you will be prompted
           via stdin.
 
-      --postgres-url string, $CODER_PG_CONNECTION_URL
+      --postgres-url string, $CODER_PG_CONNECTION_URL
           URL of a PostgreSQL database. If empty, the built-in PostgreSQL
           deployment will be used (Coder must not be already running in this
           case).
 
-      --raw-url bool
+      --raw-url bool
           Output the raw connection URL instead of a psql command.
 
-      --ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519)
+      --ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519)
           The algorithm to use for generating ssh keys. Accepted values are
           "ed25519", "ecdsa", or "rsa4096".
 
-      --username string, $CODER_USERNAME
+      --username string, $CODER_USERNAME
           The username of the new user. If not specified, you will be prompted
           via stdin.
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_server_dbcrypt_--help.golden

@@ -1,12 +1,15 @@
-Usage: coder server dbcrypt
+coder v0.0.0-devel
 
-Manage database encryption.
+USAGE:
+  coder server dbcrypt
 
-Subcommands
+  Manage database encryption.
+
+SUBCOMMANDS:
     decrypt    Decrypt a previously encrypted database.
     delete     Delete all encrypted data from the database. THIS IS A
                DESTRUCTIVE OPERATION.
     rotate     Rotate database encryption keys.
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_server_dbcrypt_decrypt_--help.golden

@@ -1,17 +1,20 @@
-Usage: coder server dbcrypt decrypt [flags]
+coder v0.0.0-devel
 
-Decrypt a previously encrypted database.
+USAGE:
+  coder server dbcrypt decrypt [flags]
 
-Options
+  Decrypt a previously encrypted database.
-      --keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_DECRYPT_KEYS
+
+OPTIONS:
+      --keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_DECRYPT_KEYS
           Keys required to decrypt existing data. Must be a comma-separated list
           of base64-encoded keys.
 
-      --postgres-url string, $CODER_PG_CONNECTION_URL
+      --postgres-url string, $CODER_PG_CONNECTION_URL
           The connection URL for the Postgres database.
 
-  -y, --yes bool
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_server_dbcrypt_delete_--help.golden

@@ -1,15 +1,18 @@
-Usage: coder server dbcrypt delete [flags]
+coder v0.0.0-devel
 
-Delete all encrypted data from the database. THIS IS A DESTRUCTIVE OPERATION.
+USAGE:
+  coder server dbcrypt delete [flags]
 
-Aliases: rm
+  Delete all encrypted data from the database. THIS IS A DESTRUCTIVE OPERATION.
 
-Options
+  Aliases: rm
-      --postgres-url string, $CODER_EXTERNAL_TOKEN_ENCRYPTION_POSTGRES_URL
+
+OPTIONS:
+      --postgres-url string, $CODER_EXTERNAL_TOKEN_ENCRYPTION_POSTGRES_URL
           The connection URL for the Postgres database.
 
-  -y, --yes bool
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_server_dbcrypt_rotate_--help.golden

@@ -1,20 +1,23 @@
-Usage: coder server dbcrypt rotate [flags]
+coder v0.0.0-devel
 
-Rotate database encryption keys.
+USAGE:
+  coder server dbcrypt rotate [flags]
 
-Options
+  Rotate database encryption keys.
-      --new-key string, $CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_NEW_KEY
+
+OPTIONS:
+      --new-key string, $CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_NEW_KEY
           The new external token encryption key. Must be base64-encoded.
 
-      --old-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_OLD_KEYS
+      --old-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_OLD_KEYS
           The old external token encryption keys. Must be a comma-separated list
           of base64-encoded keys.
 
-      --postgres-url string, $CODER_PG_CONNECTION_URL
+      --postgres-url string, $CODER_PG_CONNECTION_URL
           The connection URL for the Postgres database.
 
-  -y, --yes bool
+  -y, --yes bool
           Bypass prompts.
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_server_postgres-builtin-serve_--help.golden

@@ -1,10 +1,13 @@
-Usage: coder server postgres-builtin-serve [flags]
+coder v0.0.0-devel
 
-Run the built-in PostgreSQL deployment.
+USAGE:
+  coder server postgres-builtin-serve [flags]
 
-Options
+  Run the built-in PostgreSQL deployment.
-      --raw-url bool
+
+OPTIONS:
+      --raw-url bool
           Output the raw connection URL instead of a psql command.
 
----
+———
 Run `coder --help` for a list of global options.

enterprise/cli/testdata/coder_server_postgres-builtin-url_--help.golden

@@ -1,10 +1,13 @@
-Usage: coder server postgres-builtin-url [flags]
+coder v0.0.0-devel
 
-Output the connection URL for the built-in PostgreSQL deployment.
+USAGE:
+  coder server postgres-builtin-url [flags]
 
-Options
+  Output the connection URL for the built-in PostgreSQL deployment.
-      --raw-url bool
+
+OPTIONS:
+      --raw-url bool
           Output the raw connection URL instead of a psql command.
 
----
+———
 Run `coder --help` for a list of global options.

go.mod

@@ -246,7 +246,7 @@ require (
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/clbanning/mxj/v2 v2.7.0 // indirect
 	github.com/cloudflare/circl v1.3.3 // indirect
-	github.com/coder/pretty v0.0.0-20230907185834-1d3e21235f75
+	github.com/coder/pretty v0.0.0-20230907215737-666f1c793d10
 	github.com/containerd/continuity v0.4.2-0.20230616210509-1e0d26eb2381 // indirect
 	github.com/coreos/go-iptables v0.6.0 // indirect
 	github.com/dlclark/regexp2 v1.10.0 // indirect

go.sum

@@ -86,6 +86,8 @@ github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8
 github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
 github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs=
 github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls=
@@ -179,6 +181,7 @@ github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqy
 github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
@@ -221,6 +224,8 @@ github.com/coder/gvisor v0.0.0-20230714132058-be2e4ac102c3 h1:gtuDFa+InmMVUYiurB
 github.com/coder/gvisor v0.0.0-20230714132058-be2e4ac102c3/go.mod h1:pzr6sy8gDLfVmDAg8OYrlKvGEHw5C3PGTiBXBTCx76Q=
 github.com/coder/pretty v0.0.0-20230907185834-1d3e21235f75 h1:cTpm2TCHrJmijom7EUqf5PI3PRQTPz4JDXKWH1XJfpQ=
 github.com/coder/pretty v0.0.0-20230907185834-1d3e21235f75/go.mod h1:5UuS2Ts+nTToAMeOjNlnHFkPahrtDkmpydBen/3wgZc=
+github.com/coder/pretty v0.0.0-20230907215737-666f1c793d10 h1:uWbKrpV/yhctyqu27BSPzW2tRNzzPh7Q68im5AFznqM=
+github.com/coder/pretty v0.0.0-20230907215737-666f1c793d10/go.mod h1:5UuS2Ts+nTToAMeOjNlnHFkPahrtDkmpydBen/3wgZc=
 github.com/coder/retry v1.4.0 h1:g0fojHFxcdgM3sBULqgjFDxw1UIvaCqk4ngUDu0EWag=
 github.com/coder/retry v1.4.0/go.mod h1:blHMk9vs6LkoRT9ZHyuZo360cufXEhrxqvEzeMtRGoY=
 github.com/coder/ssh v0.0.0-20230621095435-9a7e23486f1c h1:TI7TzdFI0UvQmwgyQhtI1HeyYNRxAQpr8Tw/rjT8VSA=
@@ -291,6 +296,7 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/fanliao/go-promise v0.0.0-20141029170127-1890db352a72/go.mod h1:PjfxuH4FZdUyfMdtBio2lsRr1AKEaVPwelzuHuh8Lqc=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
@@ -340,6 +346,7 @@ github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
 github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
 github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
+github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -376,6 +383,7 @@ github.com/go-playground/validator/v10 v10.15.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QX
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
 github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
 github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
@@ -516,6 +524,7 @@ github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brv
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=
+github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI=
@@ -562,6 +571,7 @@ github.com/hdevalence/ed25519consensus v0.1.0/go.mod h1:w3BHWjwJbFU29IRHL1Iqkw3s
 github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec/go.mod h1:Q48J4R4DvxnHolD5P8pOtXigYlRuPLGl6moFx3ulM68=
 github.com/hinshun/vt10x v0.0.0-20220301184237-5011da428d02 h1:AgcIVYPa6XJnU3phs104wLj8l5GEththEw6+F79YsIY=
 github.com/hinshun/vt10x v0.0.0-20220301184237-5011da428d02/go.mod h1:Q48J4R4DvxnHolD5P8pOtXigYlRuPLGl6moFx3ulM68=
+github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714/go.mod h1:2Goc3h8EklBH5mspfHFxBnEoURQCGzQQH1ga9Myjvis=
 github.com/iancoleman/orderedmap v0.3.0 h1:5cbR2grmZR/DiVt+VJopEhtVs9YGInGIxAoMJn+Ichc=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
@@ -571,6 +581,7 @@ github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
 github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/insomniacslk/dhcp v0.0.0-20230407062729-974c6f05fe16 h1:+aAGyK41KRn8jbF2Q7PLL0Sxwg6dShGcQSeCC7nZQ8E=
 github.com/insomniacslk/dhcp v0.0.0-20230407062729-974c6f05fe16/go.mod h1:IKrnDWs3/Mqq5n0lI+RxA2sB7MvN/vbMBP3ehXg65UI=
+github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jedib0t/go-pretty/v6 v6.4.0 h1:YlI/2zYDrweA4MThiYMKtGRfT+2qZOO65ulej8GTcVI=
 github.com/jedib0t/go-pretty/v6 v6.4.0/go.mod h1:MgmISkTWDSFu0xOqiZ0mKNntMQ2mDgOcwOkwBEkMDJI=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
@@ -587,14 +598,17 @@ github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFF
 github.com/josharian/native v1.0.1-0.20221213033349-c1e37c09b531/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
 github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86 h1:elKwZS1OcdQ0WwEDBeqxKwb7WB62QX8bvZ/FJnVXIfk=
 github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86/go.mod h1:aFAMtuldEgx/4q7iSGazk22+IcgvtiC+HIimFO9XlS8=
+github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/jsimonetti/rtnetlink v1.3.2 h1:dcn0uWkfxycEEyNy0IGfx3GrhQ38LH7odjxAghimsVI=
 github.com/jsimonetti/rtnetlink v1.3.2/go.mod h1:BBu4jZCpTjP6Gk0/wfrO8qcqymnN3g0hoFqObRmUo6U=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/juju/errors v1.0.0 h1:yiq7kjCLll1BiaRuNY53MGI0+EQ3rF6GB+wvboZDefM=
 github.com/juju/errors v1.0.0/go.mod h1:B5x9thDqx0wIMH3+aLIMP9HjItInYWObRovoCFM5Qe8=
+github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/justinas/nosurf v1.1.1 h1:92Aw44hjSK4MxJeMSyDa7jwuI9GR2J/JCQiaKvXXSlk=
 github.com/justinas/nosurf v1.1.1/go.mod h1:ALpWdSbuNGy2lZWtyXdjkYv4edL23oSEgfBT1gPJ5BQ=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
@@ -663,10 +677,12 @@ github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A
 github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/mdlayher/ethernet v0.0.0-20190606142754-0394541c37b7/go.mod h1:U6ZQobyTjI/tJyq2HG+i/dfSoFUt8/aZCM+GKtmFk/Y=
 github.com/mdlayher/genetlink v1.3.2 h1:KdrNKe+CTu+IbZnm/GVUMXSqBBLqcGpRDa0xkQy56gw=
 github.com/mdlayher/genetlink v1.3.2/go.mod h1:tcC3pkCrPUGIKKsCsp0B3AdaaKuHtaxoJRz3cc+528o=
 github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g=
 github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw=
+github.com/mdlayher/raw v0.0.0-20191009151244-50f2db8cc065/go.mod h1:7EpbotpCmVZcu+KCX4g9WaRNuu11uyhiW7+Le1dKawg=
 github.com/mdlayher/sdnotify v1.0.0 h1:Ma9XeLVN/l0qpyx1tNeMSeTjCPH6NtuD6/N9XdTlQ3c=
 github.com/mdlayher/sdnotify v1.0.0/go.mod h1:HQUmpM4XgYkhDLtd+Uad8ZFK1T9D5+pNxnXQjCeJlGE=
 github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U=
@@ -680,6 +696,7 @@ github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
 github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
 github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
 github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU=
@@ -699,8 +716,10 @@ github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
 github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
 github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s=
@@ -708,6 +727,7 @@ github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKt
 github.com/muesli/termenv v0.13.0/go.mod h1:sP1+uffeLaEYpyOTb8pLCUctGcGLnoFjSn4YJK5e2bc=
 github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo=
 github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8=
+github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/niklasfasching/go-org v1.7.0 h1:vyMdcMWWTe/XmANk19F4k8XGBYg0GQ/gJGMimOjGMek=
 github.com/niklasfasching/go-org v1.7.0/go.mod h1:WuVm4d45oePiE0eX25GqTDQIt/qPW1T9DGkRscqLW5o=
@@ -785,6 +805,7 @@ github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDN
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/satori/go.uuid v1.2.1-0.20181028125025-b2ce2384e17b h1:gQZ0qzfKHQIybLANtM3mBXNUtOfsCFXeTsnBqCsx1KM=
 github.com/satori/go.uuid v1.2.1-0.20181028125025-b2ce2384e17b/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4=
 github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
 github.com/secure-systems-lab/go-securesystemslib v0.7.0 h1:OwvJ5jQf9LnIAS83waAjPbcMsODrTQUpJ02eNLUoxBg=
 github.com/secure-systems-lab/go-securesystemslib v0.7.0/go.mod h1:/2gYnlnHVQ6xeGtfIqFy7Do03K4cdCY0A/GlJLDKLHI=
@@ -795,6 +816,7 @@ github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
 github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM=
@@ -916,6 +938,7 @@ github.com/yuin/goldmark-emoji v1.0.1/go.mod h1:2w1E6FEWLcDQkoTE+7HU6QF1F6SLlNGj
 github.com/zclconf/go-cty v1.1.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s=
 github.com/zclconf/go-cty v1.14.0 h1:/Xrd39K7DXbHzlisFP9c4pHao4yyf+/Ug9LEz+Y/yhc=
 github.com/zclconf/go-cty v1.14.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
+github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
 github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=
 github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs=
 github.com/zeebo/errs v1.3.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
@@ -1382,6 +1405,7 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
 gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
+gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
 gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=