feat: move boundary configuration to file (#640)

This pull request updates the `claude-code` module to version 4.3.0 and significantly simplifies the configuration and startup logic for the Boundary integration. The changes remove several Boundary-related configuration variables and options, streamlining both Terraform and shell script code. The documentation is updated to reflect these changes and the new version. **Boundary integration simplification:** * Removed multiple Boundary-related variables from `main.tf`, including log directory, log level, additional allowed URLs, proxy port, and pprof options, as well as their usage in the module and test files. (`registry/coder/modules/claude-code/main.tf` [[1]](diffhunk://#diff-e7adc2da34facfd5d16deb23876fca7ae4cb11c8a68a0cfbe37a044bb69932f0L213-L248) [[2]](diffhunk://#diff-e7adc2da34facfd5d16deb23876fca7ae4cb11c8a68a0cfbe37a044bb69932f0L377-L382); `registry/coder/modules/claude-code/main.tftest.hcl` [[3]](diffhunk://#diff-46ca9cfb5cdd077a9c42f7f62ab3f45583196a05edc29838eda0c6bd0ea63edcL198-L210) * Updated the Boundary startup logic in `start.sh` to remove handling and passing of the eliminated variables, resulting in a simpler and more maintainable script. (`registry/coder/modules/claude-code/scripts/start.sh` [[1]](diffhunk://#diff-decfa0cea699ba8bf5e89b60ee677c361d2e9cc8b4792ed54ac1da66b4bd9315L19-L23) [[2]](diffhunk://#diff-decfa0cea699ba8bf5e89b60ee677c361d2e9cc8b4792ed54ac1da66b4bd9315L39-L41) [[3]](diffhunk://#diff-decfa0cea699ba8bf5e89b60ee677c361d2e9cc8b4792ed54ac1da66b4bd9315L232-L260) **Documentation updates:** * Updated all usage examples in `README.md` to reference version 4.3.0 and reflect the new, simplified Boundary configuration. (`registry/coder/modules/claude-code/README.md` [[1]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL16-R16) [[2]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL48-R52) [[3]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL75-R71) [[4]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL111-R107) [[5]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL133-R129) [[6]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL206-R202) [[7]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL263-R259) **Version bump:** * Bumped the module version from 4.2.9 to 4.3.0 throughout all documentation and configuration examples. (`registry/coder/modules/claude-code/README.md` [[1]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL16-R16) [[2]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL48-R52) [[3]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL75-R71) [[4]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL111-R107) [[5]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL133-R129) [[6]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL206-R202) [[7]](diffhunk://#diff-3f433388cb775dcc77c38911e23acbd2eb64e26e26c25d46b045724dfe5136bbL263-R259) --------- Co-authored-by: DevCats <christofer@coder.com>
2026-06-02 20:48:14 +00:00 · 2026-01-08 13:29:11 -05:00
parent bbd18ac870
commit 8aa54bbee3
4 changed files with 15 additions and 99 deletions
@@ -13,7 +13,7 @@ Run the [Claude Code](https://docs.anthropic.com/en/docs/agents-and-tools/claude
 ```tf
 module "claude-code" {
  source         = "registry.coder.com/coder/claude-code/coder"
-  version        = "4.2.9"
+  version        = "4.3.0"
  agent_id       = coder_agent.main.id
  workdir        = "/home/coder/project"
  claude_api_key = "xxxx-xxxxx-xxxx"
@@ -44,16 +44,12 @@ This example shows how to configure the Claude Code module to run the agent behi

 ```tf
 module "claude-code" {
-  source                           = "dev.registry.coder.com/coder/claude-code/coder"
-  version                          = "4.2.9"
-  agent_id                         = coder_agent.main.id
-  workdir                          = "/home/coder/project"
-  enable_boundary                  = true
-  boundary_version                 = "main"
-  boundary_log_dir                 = "/tmp/boundary_logs"
-  boundary_log_level               = "WARN"
-  boundary_additional_allowed_urls = ["GET *google.com"]
-  boundary_proxy_port              = "8087"
+  source           = "dev.registry.coder.com/coder/claude-code/coder"
+  version          = "4.3.0"
+  agent_id         = coder_agent.main.id
+  workdir          = "/home/coder/project"
+  enable_boundary  = true
+  boundary_version = "v0.5.1"
 }
 ```

@@ -72,7 +68,7 @@ data "coder_parameter" "ai_prompt" {

 module "claude-code" {
  source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.2.9"
+  version  = "4.3.0"
  agent_id = coder_agent.main.id
  workdir  = "/home/coder/project"

@@ -108,7 +104,7 @@ Run and configure Claude Code as a standalone CLI in your workspace.
 ```tf
 module "claude-code" {
  source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "4.2.9"
+  version             = "4.3.0"
  agent_id            = coder_agent.main.id
  workdir             = "/home/coder/project"
  install_claude_code = true
@@ -130,7 +126,7 @@ variable "claude_code_oauth_token" {

 module "claude-code" {
  source                  = "registry.coder.com/coder/claude-code/coder"
-  version                 = "4.2.9"
+  version                 = "4.3.0"
  agent_id                = coder_agent.main.id
  workdir                 = "/home/coder/project"
  claude_code_oauth_token = var.claude_code_oauth_token
@@ -203,7 +199,7 @@ resource "coder_env" "bedrock_api_key" {

 module "claude-code" {
  source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.2.9"
+  version  = "4.3.0"
  agent_id = coder_agent.main.id
  workdir  = "/home/coder/project"
  model    = "global.anthropic.claude-sonnet-4-5-20250929-v1:0"
@@ -260,7 +256,7 @@ resource "coder_env" "google_application_credentials" {

 module "claude-code" {
  source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.2.9"
+  version  = "4.3.0"
  agent_id = coder_agent.main.id
  workdir  = "/home/coder/project"
  model    = "claude-sonnet-4@20250514"
@@ -210,42 +210,6 @@ variable "boundary_version" {
  default     = "main"
 }

-variable "boundary_log_dir" {
-  type        = string
-  description = "Directory for boundary logs"
-  default     = "/tmp/boundary_logs"
-}
-
-variable "boundary_log_level" {
-  type        = string
-  description = "Log level for boundary process"
-  default     = "WARN"
-}
-
-variable "boundary_additional_allowed_urls" {
-  type        = list(string)
-  description = "Additional URLs to allow through boundary (in addition to default allowed URLs)"
-  default     = []
-}
-
-variable "boundary_proxy_port" {
-  type        = string
-  description = "Port for HTTP Proxy used by Boundary"
-  default     = "8087"
-}
-
-variable "enable_boundary_pprof" {
-  type        = bool
-  description = "Whether to enable coder boundary pprof server"
-  default     = false
-}
-
-variable "boundary_pprof_port" {
-  type        = string
-  description = "Port for pprof server used by Boundary"
-  default     = "6067"
-}
-
 variable "compile_boundary_from_source" {
  type        = bool
  description = "Whether to compile boundary from source instead of using the official install script"
@@ -374,12 +338,6 @@ module "agentapi" {
     ARG_REPORT_TASKS='${var.report_tasks}' \
     ARG_ENABLE_BOUNDARY='${var.enable_boundary}' \
     ARG_BOUNDARY_VERSION='${var.boundary_version}' \
-     ARG_BOUNDARY_LOG_DIR='${var.boundary_log_dir}' \
-     ARG_BOUNDARY_LOG_LEVEL='${var.boundary_log_level}' \
-     ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS='${join("|", var.boundary_additional_allowed_urls)}' \
-     ARG_BOUNDARY_PROXY_PORT='${var.boundary_proxy_port}' \
-     ARG_ENABLE_BOUNDARY_PPROF='${var.enable_boundary_pprof}' \
-     ARG_BOUNDARY_PPROF_PORT='${var.boundary_pprof_port}' \
     ARG_COMPILE_FROM_SOURCE='${var.compile_boundary_from_source}' \
     ARG_CODER_HOST='${local.coder_host}' \
     /tmp/start.sh
@@ -192,10 +192,9 @@ run "test_claude_code_with_boundary" {
  command = plan

  variables {
-    agent_id         = "test-agent-boundary"
-    workdir          = "/home/coder/boundary-test"
-    enable_boundary  = true
-    boundary_log_dir = "/tmp/test-boundary-logs"
+    agent_id        = "test-agent-boundary"
+    workdir         = "/home/coder/boundary-test"
+    enable_boundary = true
  }

  assert {
@@ -203,11 +202,6 @@ run "test_claude_code_with_boundary" {
    error_message = "Boundary should be enabled"
  }

-  assert {
-    condition     = var.boundary_log_dir == "/tmp/test-boundary-logs"
-    error_message = "Boundary log dir should be set correctly"
-  }
-
  assert {
    condition     = local.coder_host != ""
    error_message = "Coder host should be extracted from access URL"
@@ -16,11 +16,6 @@ ARG_AI_PROMPT=$(echo -n "${ARG_AI_PROMPT:-}" | base64 -d)
 ARG_REPORT_TASKS=${ARG_REPORT_TASKS:-true}
 ARG_ENABLE_BOUNDARY=${ARG_ENABLE_BOUNDARY:-false}
 ARG_BOUNDARY_VERSION=${ARG_BOUNDARY_VERSION:-"main"}
-ARG_BOUNDARY_LOG_DIR=${ARG_BOUNDARY_LOG_DIR:-"/tmp/boundary_logs"}
-ARG_BOUNDARY_LOG_LEVEL=${ARG_BOUNDARY_LOG_LEVEL:-"WARN"}
-ARG_BOUNDARY_PROXY_PORT=${ARG_BOUNDARY_PROXY_PORT:-"8087"}
-ARG_ENABLE_BOUNDARY_PPROF=${ARG_ENABLE_BOUNDARY_PPROF:-false}
-ARG_BOUNDARY_PPROF_PORT=${ARG_BOUNDARY_PPROF_PORT:-"6067"}
 ARG_COMPILE_FROM_SOURCE=${ARG_COMPILE_FROM_SOURCE:-false}
 ARG_CODER_HOST=${ARG_CODER_HOST:-}

@@ -36,9 +31,6 @@ printf "ARG_WORKDIR: %s\n" "$ARG_WORKDIR"
 printf "ARG_REPORT_TASKS: %s\n" "$ARG_REPORT_TASKS"
 printf "ARG_ENABLE_BOUNDARY: %s\n" "$ARG_ENABLE_BOUNDARY"
 printf "ARG_BOUNDARY_VERSION: %s\n" "$ARG_BOUNDARY_VERSION"
-printf "ARG_BOUNDARY_LOG_DIR: %s\n" "$ARG_BOUNDARY_LOG_DIR"
-printf "ARG_BOUNDARY_LOG_LEVEL: %s\n" "$ARG_BOUNDARY_LOG_LEVEL"
-printf "ARG_BOUNDARY_PROXY_PORT: %s\n" "$ARG_BOUNDARY_PROXY_PORT"
 printf "ARG_COMPILE_FROM_SOURCE: %s\n" "$ARG_COMPILE_FROM_SOURCE"
 printf "ARG_CODER_HOST: %s\n" "$ARG_CODER_HOST"

@@ -229,35 +221,11 @@ function start_agentapi() {
  if [ "${ARG_ENABLE_BOUNDARY:-false}" = "true" ]; then
    install_boundary

-    mkdir -p "$ARG_BOUNDARY_LOG_DIR"
    printf "Starting with coder boundary enabled\n"

-    # Build boundary args with conditional --unprivileged flag
-    BOUNDARY_ARGS=(--log-dir "$ARG_BOUNDARY_LOG_DIR")
    # Add default allowed URLs
    BOUNDARY_ARGS+=(--allow "domain=anthropic.com" --allow "domain=registry.npmjs.org" --allow "domain=sentry.io" --allow "domain=claude.ai" --allow "domain=$ARG_CODER_HOST")

-    # Add any additional allowed URLs from the variable
-    if [ -n "$ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS" ]; then
-      IFS='|' read -ra ADDITIONAL_URLS <<< "$ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS"
-      for url in "${ADDITIONAL_URLS[@]}"; do
-        # Quote the URL to preserve spaces within the allow rule
-        BOUNDARY_ARGS+=(--allow "$url")
-      done
-    fi
-
-    # Set HTTP Proxy port used by Boundary
-    BOUNDARY_ARGS+=(--proxy-port "$ARG_BOUNDARY_PROXY_PORT")
-
-    # Set log level for boundary
-    BOUNDARY_ARGS+=(--log-level "$ARG_BOUNDARY_LOG_LEVEL")
-
-    if [ "${ARG_ENABLE_BOUNDARY_PPROF:-false}" = "true" ]; then
-      # Enable boundary pprof server on specified port
-      BOUNDARY_ARGS+=(--pprof)
-      BOUNDARY_ARGS+=(--pprof-port "$ARG_BOUNDARY_PPROF_PORT")
-    fi
-
    agentapi server --type claude --term-width 67 --term-height 1190 -- \
      boundary-run "${BOUNDARY_ARGS[@]}" -- \
      claude "${ARGS[@]}"