- A Databricks workspace with Model Serving endpoints enabled
The simplest way β no CLI, no cloning, everything stays in the Databricks UI.
- Go to Databricks β Apps β Create App
- Choose Custom App and connect this Git repo:
https://github.com/datasciencemonkey/coding-agents-databricks-apps.git - Click Deploy
- Open the app β on first terminal session, paste a short-lived PAT when prompted
The app pulls the code directly from Git. To update later, just re-deploy β it picks up the latest from the repo.
Note: On first startup, the app automatically removes the template's
.githistory and reinitializes a clean, remote-free git repo. This prevents accidental pushes back to the template repo from the in-browser terminal.
Optional (Highly Recommended): If you use Databricks AI Gateway, also add
DATABRICKS_GATEWAY_HOSTas a secret or environment variable. Otherwise the app falls back to direct model serving endpoints.
If you prefer working from the terminal or need more control:
databricks repos create \
--url https://github.com/datasciencemonkey/coding-agents-databricks-apps.git \
--path /Workspace/Users/<your-email>/apps/coding-agents-databricks-appsIn the cloned workspace folder, copy the template and edit it:
cp app.yaml.template app.yamlSet your DATABRICKS_GATEWAY_HOST, or remove the gateway lines to fall back to direct model serving endpoints.
databricks apps create <your-app-name>No secrets or resources to configure. On first terminal session, paste a short-lived PAT when prompted β all CLIs are configured automatically.
databricks apps deploy <your-app-name> \
--source-code-path /Workspace/Users/<your-email>/apps/coding-agents-databricks-appsTip: To update later, just
git pullin the workspace repo and re-deploy.
| Variable | Required | Description |
|---|---|---|
DATABRICKS_TOKEN |
No | Optional. If not set, the app prompts for a token on first session. Auto-rotated every 10 minutes |
HOME |
Yes | Set to /app/python/source_code in app.yaml |
ANTHROPIC_MODEL |
No | Claude model name (default: databricks-claude-opus-4-7) |
CODEX_MODEL |
No | Codex model name (default: databricks-gpt-5-5) |
GEMINI_MODEL |
No | Gemini model name (default: databricks-gemini-2-5-pro) |
HERMES_MODEL |
No | Hermes model name (default: databricks-claude-opus-4-7) |
DATABRICKS_GATEWAY_HOST |
No | AI Gateway URL override. Auto-discovered from DATABRICKS_WORKSPACE_ID if unset. Falls back to direct model serving if neither is available |
This is a single-user, zero-config auth app. No secrets or tokens are required at deploy time.
- Owner resolution: The app owner is determined from
app.creatorvia the service principal + Apps API β no PAT needed - Authorization: Each request's
X-Forwarded-Emailheader is compared againstapp.creator. Non-matching users see 403 - Interactive PAT setup: On first terminal session, the user pastes a short-lived PAT interactively. All CLIs (Claude, Codex, OpenCode, Gemini, Hermes, Databricks) are configured automatically
- Auto-rotation: PAT rotates every 10 minutes with a 15-minute lifetime. Old tokens are proactively revoked. Maximum leaked-token exposure: 15 minutes
- Session-aware: Rotation is skipped when no active terminal sessions exist
- On restart: The user re-pastes a token (no persistence by design)
Production uses Gunicorn (gunicorn.conf.py) with:
workers=1β PTY file descriptors and in-memory session state can't survive forkingthreads=8β Handles concurrent polling from the terminal clientworker_class=gthreadβ Single process + thread poolpost_worker_inithook callsinitialize_app()to start setup
Git commits automatically sync projects to Databricks Workspace:
/Workspace/Users/{email}/projects/{project-name}/
The post-commit hook uses nohup ... & disown to ensure the sync process survives across all coding agents, since some agents kill the entire process group when a shell command finishes.