From ccc49c2183c7d4d5c8a0ad2ab0a195350ba1ffd8 Mon Sep 17 00:00:00 2001 From: YEVHENII SHCHERBINA Date: Tue, 28 Oct 2025 20:13:32 +0000 Subject: [PATCH 1/3] feat: change boundary rules according to new spec --- registry/coder/modules/claude-code/scripts/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/registry/coder/modules/claude-code/scripts/start.sh b/registry/coder/modules/claude-code/scripts/start.sh index 704526753..b0a04632f 100644 --- a/registry/coder/modules/claude-code/scripts/start.sh +++ b/registry/coder/modules/claude-code/scripts/start.sh @@ -144,7 +144,7 @@ function start_agentapi() { # Build boundary args with conditional --unprivileged flag BOUNDARY_ARGS=(--log-dir "$ARG_BOUNDARY_LOG_DIR") # Add default allowed URLs - BOUNDARY_ARGS+=(--allow "*anthropic.com" --allow "registry.npmjs.org" --allow "*sentry.io" --allow "claude.ai" --allow "$ARG_CODER_HOST") + BOUNDARY_ARGS+=(--allow "domain=anthropic.com" --allow "domain=registry.npmjs.org" --allow "domain=sentry.io" --allow "domain=claude.ai" --allow "domain=$ARG_CODER_HOST") # Add any additional allowed URLs from the variable if [ -n "$ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS" ]; then From 0d2113ccc18a1e179f4e17a4d97566660341fef9 Mon Sep 17 00:00:00 2001 From: YEVHENII SHCHERBINA Date: Wed, 29 Oct 2025 13:58:46 +0000 Subject: [PATCH 2/3] fix: change rule separator --- registry/coder/modules/claude-code/main.tf | 2 +- registry/coder/modules/claude-code/scripts/start.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/registry/coder/modules/claude-code/main.tf b/registry/coder/modules/claude-code/main.tf index 926b2402a..93b3761b6 100644 --- a/registry/coder/modules/claude-code/main.tf +++ b/registry/coder/modules/claude-code/main.tf @@ -353,7 +353,7 @@ module "agentapi" { ARG_BOUNDARY_VERSION='${var.boundary_version}' \ ARG_BOUNDARY_LOG_DIR='${var.boundary_log_dir}' \ ARG_BOUNDARY_LOG_LEVEL='${var.boundary_log_level}' \ - ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS='${join(" ", var.boundary_additional_allowed_urls)}' \ + ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS='${join("|", var.boundary_additional_allowed_urls)}' \ ARG_BOUNDARY_PROXY_PORT='${var.boundary_proxy_port}' \ ARG_ENABLE_BOUNDARY_PPROF='${var.enable_boundary_pprof}' \ ARG_BOUNDARY_PPROF_PORT='${var.boundary_pprof_port}' \ diff --git a/registry/coder/modules/claude-code/scripts/start.sh b/registry/coder/modules/claude-code/scripts/start.sh index b0a04632f..b880cf51d 100644 --- a/registry/coder/modules/claude-code/scripts/start.sh +++ b/registry/coder/modules/claude-code/scripts/start.sh @@ -148,7 +148,7 @@ function start_agentapi() { # Add any additional allowed URLs from the variable if [ -n "$ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS" ]; then - IFS=' ' read -ra ADDITIONAL_URLS <<< "$ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS" + IFS='|' read -ra ADDITIONAL_URLS <<< "$ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS" for url in "${ADDITIONAL_URLS[@]}"; do BOUNDARY_ARGS+=(--allow "$url") done From 118ef245a33d6763aa00a0d72b35e9b4a7ba843b Mon Sep 17 00:00:00 2001 From: YEVHENII SHCHERBINA Date: Wed, 29 Oct 2025 20:25:28 +0000 Subject: [PATCH 3/3] update module version --- registry/coder/modules/claude-code/README.md | 14 +++++++------- .../coder/modules/claude-code/scripts/start.sh | 1 + 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/registry/coder/modules/claude-code/README.md b/registry/coder/modules/claude-code/README.md index c311eeb7e..3a0ec420f 100644 --- a/registry/coder/modules/claude-code/README.md +++ b/registry/coder/modules/claude-code/README.md @@ -13,7 +13,7 @@ Run the [Claude Code](https://docs.anthropic.com/en/docs/agents-and-tools/claude ```tf module "claude-code" { source = "registry.coder.com/coder/claude-code/coder" - version = "3.3.3" + version = "3.4.3" agent_id = coder_agent.example.id workdir = "/home/coder/project" claude_api_key = "xxxx-xxxxx-xxxx" @@ -51,7 +51,7 @@ module "claude-code" { boundary_log_level = "WARN" boundary_additional_allowed_urls = ["GET *google.com"] boundary_proxy_port = "8087" - version = "3.3.3" + version = "3.4.3" } ``` @@ -70,7 +70,7 @@ data "coder_parameter" "ai_prompt" { module "claude-code" { source = "registry.coder.com/coder/claude-code/coder" - version = "3.3.3" + version = "3.4.3" agent_id = coder_agent.example.id workdir = "/home/coder/project" @@ -106,7 +106,7 @@ Run and configure Claude Code as a standalone CLI in your workspace. ```tf module "claude-code" { source = "registry.coder.com/coder/claude-code/coder" - version = "3.3.3" + version = "3.4.3" agent_id = coder_agent.example.id workdir = "/home/coder" install_claude_code = true @@ -129,7 +129,7 @@ variable "claude_code_oauth_token" { module "claude-code" { source = "registry.coder.com/coder/claude-code/coder" - version = "3.3.3" + version = "3.4.3" agent_id = coder_agent.example.id workdir = "/home/coder/project" claude_code_oauth_token = var.claude_code_oauth_token @@ -202,7 +202,7 @@ resource "coder_env" "bedrock_api_key" { module "claude-code" { source = "registry.coder.com/coder/claude-code/coder" - version = "3.3.3" + version = "3.4.3" agent_id = coder_agent.example.id workdir = "/home/coder/project" model = "global.anthropic.claude-sonnet-4-5-20250929-v1:0" @@ -259,7 +259,7 @@ resource "coder_env" "google_application_credentials" { module "claude-code" { source = "registry.coder.com/coder/claude-code/coder" - version = "3.3.3" + version = "3.4.3" agent_id = coder_agent.example.id workdir = "/home/coder/project" model = "claude-sonnet-4@20250514" diff --git a/registry/coder/modules/claude-code/scripts/start.sh b/registry/coder/modules/claude-code/scripts/start.sh index b880cf51d..783e908db 100644 --- a/registry/coder/modules/claude-code/scripts/start.sh +++ b/registry/coder/modules/claude-code/scripts/start.sh @@ -150,6 +150,7 @@ function start_agentapi() { if [ -n "$ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS" ]; then IFS='|' read -ra ADDITIONAL_URLS <<< "$ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS" for url in "${ADDITIONAL_URLS[@]}"; do + # Quote the URL to preserve spaces within the allow rule BOUNDARY_ARGS+=(--allow "$url") done fi