feat: use coder boundary subcommand (#674)

## Summary of Changes

### Feature: Add `coder boundary` subcommand support as default

Adds `coder boundary` subcommand as the default method for running
boundary eliminating the need to install boundary separately.

**Changes:**

1. **New variable: `use_boundary_directly`** (default: `false`)
- `false`: Uses `coder boundary` subcommand (default, no installation)
   - `true`: Installs boundary binary from release
   - `compile_boundary_from_source = true`: Compiles from source

2. **Fixed CAP_NET_ADMIN capability issue**
- Copies `coder` binary to `coder-no-caps` to strip capabilities
(required for boundary)

3. **Removed `boundary-run` wrapper** - no longer used

**Files Modified:**
- `scripts/start.sh` - main implementation
- `main.tf` - added `use_boundary_directly` variable  

**Behavior:**
- **Default**: Uses `coder boundary` subcommand (no installation needed)
- **`use_boundary_directly = true`**: Installs boundary from release
version
- **`compile_boundary_from_source = true`**: Compiles boundary from
source

<!-- Briefly describe what this PR does and why -->

## Type of Change

- [ ] New module
- [ ] New template
- [ ] Bug fix
- [x] Feature/enhancement
- [ ] Documentation
- [ ] Other

## Module Information

<!-- Delete this section if not applicable -->

**Path:** `registry/coder/modules/claude-code`  
**New version:** `v4.7.0`  
**Breaking change:** [ ] Yes [X] No

## Testing & Validation

- [ ] Tests pass (`bun test`)
- [ ] Code formatted (`bun fmt`)
- [ ] Changes tested locally

## Related Issues

<!-- Link related issues or write "None" if not applicable -->

.github/workflows/check_registry_site_health.yaml

@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
       - name: Run check.sh
         run: |

.github/workflows/ci.yaml

@@ -12,9 +12,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v6
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - name: Detect changed files
-        uses: dorny/paths-filter@v3
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
         id: filter
         with:
           list-files: shell
@@ -37,9 +37,9 @@ jobs:
             all:
               - '**'
       - name: Set up Terraform
-        uses: coder/coder/.github/actions/setup-tf@main
+        uses: coder/coder/.github/actions/setup-tf@59cdd7e21f4d7da12567c0c29964d298fbf38f27 # v2.29.1
       - name: Set up Bun
-        uses: oven-sh/setup-bun@v2
+        uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2
         with:
           # We're using the latest version of Bun for now, but it might be worth
           # reconsidering. They've pushed breaking changes in patch releases
@@ -80,20 +80,20 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v6
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - name: Install Bun
-        uses: oven-sh/setup-bun@v2
+        uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2
         with:
           bun-version: latest
       # Need Terraform for its formatter
       - name: Install Terraform
-        uses: coder/coder/.github/actions/setup-tf@main
+        uses: coder/coder/.github/actions/setup-tf@59cdd7e21f4d7da12567c0c29964d298fbf38f27 # v2.29.1
       - name: Install dependencies
         run: bun install
       - name: Validate formatting
         run: bun fmt:ci
       - name: Check for typos
-        uses: crate-ci/typos@v1.42.0
+        uses: crate-ci/typos@bb4666ad77b539a6b4ce4eda7ebb6de553704021 # v1.42.0
         with:
           config: .github/typos.toml
   validate-readme-files:
@@ -104,9 +104,9 @@ jobs:
     needs: validate-style
     steps:
       - name: Check out code
-        uses: actions/checkout@v6
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - name: Set up Go
-        uses: actions/setup-go@v6
+        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
         with:
           go-version: "1.24.0"
       - name: Validate contributors

.github/workflows/deploy-registry.yaml

@@ -28,7 +28,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - name: Authenticate with Google Cloud
         uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093
         with:

.github/workflows/golangci-lint.yml

@@ -14,11 +14,11 @@ jobs:
     name: lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-go@v6
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
         with:
           go-version: stable
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v9
+        uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9
         with:
           version: v2.1

.github/workflows/release.yml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           fetch-depth: 0
           persist-credentials: false
@@ -89,9 +89,9 @@ jobs:
 
           for sha in $MODULE_COMMIT_SHAS; do
             SHORT_SHA=${sha:0:7}
-            
+
             COMMIT_LINES=$(echo "$FULL_CHANGELOG" | grep -E "$SHORT_SHA|$(git log --format='%s' -n 1 $sha)" || true)
-            
+
             if [ -n "$COMMIT_LINES" ]; then
               FILTERED_CHANGELOG="${FILTERED_CHANGELOG}${COMMIT_LINES}\n"
             else

.github/workflows/version-bump.yaml

@@ -20,26 +20,28 @@ jobs:
       issues: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Bun
-        uses: oven-sh/setup-bun@v2
+        uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2
         with:
           bun-version: latest
 
       - name: Set up Terraform
-        uses: coder/coder/.github/actions/setup-tf@main
+        uses: coder/coder/.github/actions/setup-tf@59cdd7e21f4d7da12567c0c29964d298fbf38f27 # v2.29.1
 
       - name: Install dependencies
         run: bun install
 
       - name: Extract bump type from label
+        env:
+          LABEL_NAME: ${{ github.event.label.name }}
         id: bump-type
         run: |
-          case "${{ github.event.label.name }}" in
+          case "$LABEL_NAME" in in
             "version:patch")
               echo "type=patch" >> $GITHUB_OUTPUT
               ;;
@@ -50,7 +52,7 @@ jobs:
               echo "type=major" >> $GITHUB_OUTPUT
               ;;
             *)
-              echo "Invalid version label: ${{ github.event.label.name }}"
+              echo "Invalid version label: ${LABEL_NAME}"
               exit 1
               ;;
           esac
@@ -60,7 +62,7 @@ jobs:
 
       - name: Comment on PR - Version bump required
         if: failure()
-        uses: actions/github-script@v8
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |

.github/workflows/zizmor.yaml

@@ -0,0 +1,55 @@
+name: GitHub Actions Security Analysis (zizmor)
+
+on:
+  pull_request:
+    branches: ["**"]
+    paths:
+      - ".github/workflows/**"
+  push:
+    branches: ["main"]
+    paths:
+      - ".github/workflows/**"
+  workflow_dispatch:
+
+permissions: {}
+
+jobs:
+  zizmor_pr_blocking:
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      actions: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          persist-credentials: false
+
+      - name: Run zizmor (blocking, HIGH only)
+        uses: zizmorcore/zizmor-action@e639db99335bc9038abc0e066dfcd72e23d26fb4 # v0.3.0
+        with:
+          advanced-security: false
+          annotations: true
+          min-severity: high
+          inputs: |
+            .github/workflows
+
+  zizmor_main_sarif:
+    if: github.event_name != 'pull_request'
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      contents: read
+      actions: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          persist-credentials: false
+
+      - name: Run zizmor (SARIF)
+        uses: zizmorcore/zizmor-action@e639db99335bc9038abc0e066dfcd72e23d26fb4 # v0.3.0
+        with:
+          inputs: |
+            .github/workflows

AGENTS.md

@@ -1,168 +1,41 @@
 # AGENTS.md
 
-This file provides guidance to AI coding assistants when working with code in this repository.
+Coder Registry: Terraform modules/templates for Coder workspaces under `registry/[namespace]/modules/` and `registry/[namespace]/templates/`.
 
-## Project Overview
-
-The Coder Registry is a community-driven repository for Terraform modules and templates that extend Coder workspaces. It's organized with:
-
-- **Modules**: Individual components and tools (IDEs, auth integrations, dev tools)
-- **Templates**: Complete workspace configurations for different platforms
-- **Namespaces**: Each contributor has their own namespace under `/registry/[namespace]/`
-
-## Common Development Commands
-
-### Formatting
+## Commands
 
 ```bash
-bun run fmt    # Format all code (Prettier + Terraform)
-bun run fmt:ci # Check formatting (CI mode)
+bun run fmt                                           # Format code (Prettier + Terraform) - run before commits
+bun run tftest                                        # Run all Terraform tests
+bun run tstest                                        # Run all TypeScript tests
+terraform init -upgrade && terraform test -verbose    # Test single module (run from module dir)
+bun test main.test.ts                                 # Run single TS test (from module dir)
+./scripts/terraform_validate.sh                       # Validate Terraform syntax
+./scripts/new_module.sh ns/name                       # Create new module scaffold
+.github/scripts/version-bump.sh patch | minor | major # Bump module version after changes
 ```
 
-### Testing
+## Structure
 
-```bash
-# Test all modules with .tftest.hcl files
-bun run test
+- **Modules**: `registry/[ns]/modules/[name]/` with `main.tf`, `README.md` (YAML frontmatter), `.tftest.hcl` (required)
+- **Templates**: `registry/[ns]/templates/[name]/` with `main.tf`, `README.md`
+- **Validation**: `cmd/readmevalidation/` (Go) validates structure/frontmatter; URLs must be relative, not absolute
 
-# Test specific module (from module directory)
-terraform init -upgrade
-terraform test -verbose
+## Code Style
 
-# Validate Terraform syntax
-./scripts/terraform_validate.sh
-```
+- Every module MUST have `.tftest.hcl` tests; optional `main.test.ts` for container/script tests
+- README frontmatter: `display_name`, `description`, `icon`, `verified: false`, `tags`
+- Use semantic versioning; bump version via script when modifying modules
+- Docker tests require Linux or Colima/OrbStack (not Docker Desktop)
+- Use `tf` (not `hcl`) for code blocks in README; use relative icon paths (e.g., `../../../../.icons/`)
 
-### Module Creation
+## PR Review Checklist
 
-```bash
-# Generate new module scaffold
-./scripts/new_module.sh namespace/module-name
-```
-
-### TypeScript Testing & Setup
-
-The repository uses Bun for TypeScript testing with utilities:
-
-- `test/test.ts` - Testing utilities for container management and Terraform operations
-- `setup.ts` - Test cleanup (removes .tfstate files and test containers)
-- Container-based testing with Docker for module validation
-
-## Architecture & Organization
-
-### Directory Structure
-
-```
-registry/[namespace]/
-├── README.md          # Contributor info with frontmatter
-├── .images/           # Namespace avatar (avatar.png/svg)
-├── modules/           # Individual components
-│   └── [module]/      # Each module has main.tf, README.md, tests
-└── templates/         # Complete workspace configs
-    └── [template]/    # Each template has main.tf, README.md
-```
-
-### Key Components
-
-**Module Structure**: Each module contains:
-
-- `main.tf` - Terraform implementation
-- `README.md` - Documentation with YAML frontmatter
-- `.tftest.hcl` - Terraform test files (required)
-- `run.sh` - Optional startup script
-
-**Template Structure**: Each template contains:
-
-- `main.tf` - Complete Coder template configuration
-- `README.md` - Documentation with YAML frontmatter
-- Additional configs, scripts as needed
-
-### README Frontmatter Requirements
-
-All modules/templates require YAML frontmatter:
-
-```yaml
----
-display_name: "Module Name"
-description: "Brief description"
-icon: "../../../../.icons/tool.svg"
-verified: false
-tags: ["tag1", "tag2"]
----
-```
-
-## Testing Requirements
-
-### Module Testing
-
-- Every module MUST have `.tftest.hcl` test files
-- Optional `main.test.ts` files for container-based testing or complex business logic validation
-- Tests use Docker containers with `--network=host` flag
-- Linux required for testing (Docker Desktop on macOS/Windows won't work)
-- Use Colima or OrbStack on macOS instead of Docker Desktop
-
-### Test Utilities
-
-The `test/test.ts` file provides:
-
-- `runTerraformApply()` - Execute Terraform with variables
-- `executeScriptInContainer()` - Run coder_script resources in containers
-- `testRequiredVariables()` - Validate required variables
-- Container management functions
-
-## Validation & Quality
-
-### Automated Validation
-
-The Go validation tool (`cmd/readmevalidation/`) checks:
-
-- Repository structure integrity
-- Contributor README files
-- Module and template documentation
-- Frontmatter format compliance
-
-### Versioning
-
-Use semantic versioning for modules:
-
-- **Patch** (1.2.3 → 1.2.4): Bug fixes
-- **Minor** (1.2.3 → 1.3.0): New features, adding inputs
-- **Major** (1.2.3 → 2.0.0): Breaking changes
-
-## Dependencies & Tools
-
-### Required Tools
-
-- **Terraform** - Module development and testing
-- **Docker** - Container-based testing
-- **Bun** - JavaScript runtime for formatting/scripts
-- **Go 1.23+** - Validation tooling
-
-### Development Dependencies
-
-- Prettier with Terraform and shell plugins
-- TypeScript for test utilities
-- Various npm packages for documentation processing
-
-## Workflow Notes
-
-### Contributing Process
-
-1. Create namespace (first-time contributors)
-2. Generate module/template files using scripts
-3. Implement functionality and tests
-4. Run formatting and validation
-5. Submit PR with appropriate template
-
-### Testing Workflow
-
-- All modules must pass `terraform test`
-- Use `bun run test` for comprehensive testing
-- Format code with `bun run fmt` before submission
-- Manual testing recommended for templates
-
-### Namespace Management
-
-- Each contributor gets unique namespace
-- Namespace avatar required (avatar.png/svg in .images/)
-- Namespace README with contributor info and frontmatter
+- Version bumped via `.github/scripts/version-bump.sh` if module changed (patch=bugfix, minor=feature, major=breaking)
+- Breaking changes documented: removed inputs, changed defaults, new required variables
+- New variables have sensible defaults to maintain backward compatibility
+- Tests pass (`bun run tftest`, `bun run tstest`); add diagnostic logging for test failures
+- README examples updated with new version number; tooltip/behavior changes noted
+- Shell scripts handle errors gracefully (use `|| echo "Warning..."` for non-fatal failures)
+- No hardcoded values that should be configurable; no absolute URLs (use relative paths)
+- If AI-assisted: include model and tool/agent name at footer of PR body (e.g., "Generated with [Amp](thread-url) using Claude")

registry/coder/modules/claude-code/README.md

@@ -13,7 +13,7 @@ Run the [Claude Code](https://docs.anthropic.com/en/docs/agents-and-tools/claude
 ```tf
 module "claude-code" {
   source         = "registry.coder.com/coder/claude-code/coder"
-  version        = "4.5.0"
+  version        = "4.7.0"
   agent_id       = coder_agent.main.id
   workdir        = "/home/coder/project"
   claude_api_key = "xxxx-xxxxx-xxxx"
@@ -42,17 +42,21 @@ By default, Claude Code automatically resumes existing conversations when your w
 
 This example shows how to configure the Claude Code module to run the agent behind a process-level boundary that restricts its network access.
 
+By default, when `enable_boundary = true`, the module uses `coder boundary` subcommand (provided by Coder) without requiring any installation.
+
 ```tf
 module "claude-code" {
-  source           = "registry.coder.com/coder/claude-code/coder"
-  version          = "4.5.0"
-  agent_id         = coder_agent.main.id
-  workdir          = "/home/coder/project"
-  enable_boundary  = true
-  boundary_version = "v0.5.1"
+  source          = "registry.coder.com/coder/claude-code/coder"
+  version         = "4.7.0"
+  agent_id        = coder_agent.main.id
+  workdir         = "/home/coder/project"
+  enable_boundary = true
 }
 ```
 
+> [!NOTE]
+> For developers: The module also supports installing boundary from a release version (`use_boundary_directly = true`) or compiling from source (`compile_boundary_from_source = true`). These are escape hatches for development and testing purposes.
+
 ### Usage with AI Bridge
 
 [AI Bridge](https://coder.com/docs/ai-coder/ai-bridge) is a Premium Coder feature that provides centralized LLM proxy management. To use AI Bridge, set `enable_aibridge = true`.
@@ -64,7 +68,7 @@ For tasks integration with AI Bridge, add `enable_aibridge = true` to the [Usage
 ```tf
 module "claude-code" {
   source          = "registry.coder.com/coder/claude-code/coder"
-  version         = "4.5.0"
+  version         = "4.7.0"
   agent_id        = coder_agent.main.id
   workdir         = "/home/coder/project"
   enable_aibridge = true
@@ -93,7 +97,7 @@ data "coder_task" "me" {}
 
 module "claude-code" {
   source         = "registry.coder.com/coder/claude-code/coder"
-  version        = "4.5.0"
+  version        = "4.7.0"
   agent_id       = coder_agent.main.id
   workdir        = "/home/coder/project"
   claude_api_key = "xxxx-xxxxx-xxxx"
@@ -114,7 +118,7 @@ This example shows additional configuration options for version pinning, custom
 ```tf
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.5.0"
+  version  = "4.7.0"
   agent_id = coder_agent.main.id
   workdir  = "/home/coder/project"
 
@@ -139,9 +143,30 @@ module "claude-code" {
     }
   }
   EOF
+
+  mcp_config_remote_path = [
+    "https://gist.githubusercontent.com/35C4n0r/cd8dce70360e5d22a070ae21893caed4/raw/",
+    "https://raw.githubusercontent.com/coder/coder/main/.mcp.json"
+  ]
 }
 ```
 
+> [!NOTE]
+> Remote URLs should return a JSON body in the following format:
+>
+> ```json
+> {
+>   "mcpServers": {
+>     "server-name": {
+>       "command": "some-command",
+>       "args": ["arg1", "arg2"]
+>     }
+>   }
+> }
+> ```
+>
+> The `Content-Type` header doesn't matter—both `text/plain` and `application/json` work fine.
+
 ### Standalone Mode
 
 Run and configure Claude Code as a standalone CLI in your workspace.
@@ -149,7 +174,7 @@ Run and configure Claude Code as a standalone CLI in your workspace.
 ```tf
 module "claude-code" {
   source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "4.5.0"
+  version             = "4.7.0"
   agent_id            = coder_agent.main.id
   workdir             = "/home/coder/project"
   install_claude_code = true
@@ -171,7 +196,7 @@ variable "claude_code_oauth_token" {
 
 module "claude-code" {
   source                  = "registry.coder.com/coder/claude-code/coder"
-  version                 = "4.5.0"
+  version                 = "4.7.0"
   agent_id                = coder_agent.main.id
   workdir                 = "/home/coder/project"
   claude_code_oauth_token = var.claude_code_oauth_token
@@ -244,7 +269,7 @@ resource "coder_env" "bedrock_api_key" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.5.0"
+  version  = "4.7.0"
   agent_id = coder_agent.main.id
   workdir  = "/home/coder/project"
   model    = "global.anthropic.claude-sonnet-4-5-20250929-v1:0"
@@ -301,7 +326,7 @@ resource "coder_env" "google_application_credentials" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.5.0"
+  version  = "4.7.0"
   agent_id = coder_agent.main.id
   workdir  = "/home/coder/project"
   model    = "claude-sonnet-4@20250514"

registry/coder/modules/claude-code/main.test.ts

@@ -461,4 +461,54 @@ EOF`,
     expect(startLog.stdout).toContain(taskSessionId);
     expect(startLog.stdout).not.toContain("manual-456");
   });
+
+  test("mcp-config-remote-path", async () => {
+    const failingUrl = "http://localhost:19999/mcp.json";
+    const successUrl =
+      "https://raw.githubusercontent.com/coder/coder/main/.mcp.json";
+
+    const { id, coderEnvVars } = await setup({
+      skipClaudeMock: true,
+      moduleVariables: {
+        mcp_config_remote_path: JSON.stringify([failingUrl, successUrl]),
+      },
+    });
+    await execModuleScript(id, coderEnvVars);
+
+    const installLog = await readFileContainer(
+      id,
+      "/home/coder/.claude-module/install.log",
+    );
+
+    // Verify both URLs are attempted
+    expect(installLog).toContain(failingUrl);
+    expect(installLog).toContain(successUrl);
+
+    // First URL should fail gracefully
+    expect(installLog).toContain(
+      `Warning: Failed to fetch MCP configuration from '${failingUrl}'`,
+    );
+
+    // Second URL should succeed - no failure warning for it
+    expect(installLog).not.toContain(
+      `Warning: Failed to fetch MCP configuration from '${successUrl}'`,
+    );
+
+    // Should contain the MCP server add command from successful fetch
+    expect(installLog).toContain(
+      "Added stdio MCP server go-language-server to local config",
+    );
+
+    expect(installLog).toContain(
+      "Added stdio MCP server typescript-language-server to local config",
+    );
+
+    // Verify the MCP config was added to claude.json
+    const claudeConfig = await readFileContainer(
+      id,
+      "/home/coder/.claude.json",
+    );
+    expect(claudeConfig).toContain("typescript-language-server");
+    expect(claudeConfig).toContain("go-language-server");
+  });
 });

registry/coder/modules/claude-code/main.tf

@@ -166,6 +166,12 @@ variable "mcp" {
   default     = ""
 }
 
+variable "mcp_config_remote_path" {
+  type        = list(string)
+  description = "List of URLs that return JSON MCP server configurations (text/plain with valid JSON)"
+  default     = []
+}
+
 variable "allowed_tools" {
   type        = string
   description = "A list of tools that should be allowed without prompting the user for permission, in addition to settings.json files."
@@ -228,6 +234,12 @@ variable "compile_boundary_from_source" {
   default     = false
 }
 
+variable "use_boundary_directly" {
+  type        = bool
+  description = "Whether to use boundary binary directly instead of coder boundary subcommand. When false (default), uses coder boundary subcommand. When true, installs and uses boundary binary from release."
+  default     = false
+}
+
 variable "enable_aibridge" {
   type        = bool
   description = "Use AI Bridge for Claude Code. https://coder.com/docs/ai-coder/ai-bridge"
@@ -383,6 +395,7 @@ module "agentapi" {
      ARG_ENABLE_BOUNDARY='${var.enable_boundary}' \
      ARG_BOUNDARY_VERSION='${var.boundary_version}' \
      ARG_COMPILE_FROM_SOURCE='${var.compile_boundary_from_source}' \
+     ARG_USE_BOUNDARY_DIRECTLY='${var.use_boundary_directly}' \
      ARG_CODER_HOST='${local.coder_host}' \
      /tmp/start.sh
    EOT
@@ -404,6 +417,7 @@ module "agentapi" {
     ARG_ALLOWED_TOOLS='${var.allowed_tools}' \
     ARG_DISALLOWED_TOOLS='${var.disallowed_tools}' \
     ARG_MCP='${var.mcp != null ? base64encode(replace(var.mcp, "'", "'\\''")) : ""}' \
+    ARG_MCP_CONFIG_REMOTE_PATH='${base64encode(jsonencode(var.mcp_config_remote_path))}' \
     ARG_ENABLE_AIBRIDGE='${var.enable_aibridge}' \
     /tmp/install.sh
   EOT

registry/coder/modules/claude-code/scripts/install.sh

@@ -16,6 +16,7 @@ ARG_INSTALL_VIA_NPM=${ARG_INSTALL_VIA_NPM:-false}
 ARG_REPORT_TASKS=${ARG_REPORT_TASKS:-true}
 ARG_MCP_APP_STATUS_SLUG=${ARG_MCP_APP_STATUS_SLUG:-}
 ARG_MCP=$(echo -n "${ARG_MCP:-}" | base64 -d)
+ARG_MCP_CONFIG_REMOTE_PATH=$(echo -n "${ARG_MCP_CONFIG_REMOTE_PATH:-}" | base64 -d)
 ARG_ALLOWED_TOOLS=${ARG_ALLOWED_TOOLS:-}
 ARG_DISALLOWED_TOOLS=${ARG_DISALLOWED_TOOLS:-}
 ARG_ENABLE_AIBRIDGE=${ARG_ENABLE_AIBRIDGE:-false}
@@ -30,12 +31,26 @@ printf "ARG_INSTALL_VIA_NPM: %s\n" "$ARG_INSTALL_VIA_NPM"
 printf "ARG_REPORT_TASKS: %s\n" "$ARG_REPORT_TASKS"
 printf "ARG_MCP_APP_STATUS_SLUG: %s\n" "$ARG_MCP_APP_STATUS_SLUG"
 printf "ARG_MCP: %s\n" "$ARG_MCP"
+printf "ARG_MCP_CONFIG_REMOTE_PATH: %s\n" "$ARG_MCP_CONFIG_REMOTE_PATH"
 printf "ARG_ALLOWED_TOOLS: %s\n" "$ARG_ALLOWED_TOOLS"
 printf "ARG_DISALLOWED_TOOLS: %s\n" "$ARG_DISALLOWED_TOOLS"
 printf "ARG_ENABLE_AIBRIDGE: %s\n" "$ARG_ENABLE_AIBRIDGE"
 
 echo "--------------------------------"
 
+function add_mcp_servers() {
+  local mcp_json="$1"
+  local source_desc="$2"
+
+  while IFS= read -r server_name && IFS= read -r server_json; do
+    echo "------------------------"
+    echo "Executing: claude mcp add-json \"$server_name\" '$server_json' ($source_desc)"
+    claude mcp add-json "$server_name" "$server_json" || echo "Warning: Failed to add MCP server '$server_name', continuing..."
+    echo "------------------------"
+    echo ""
+  done < <(echo "$mcp_json" | jq -r '.mcpServers | to_entries[] | .key, (.value | @json)')
+}
+
 function ensure_claude_in_path() {
   if [ -z "${CODER_SCRIPT_BIN_DIR:-}" ]; then
     echo "CODER_SCRIPT_BIN_DIR not set, skipping PATH setup"
@@ -112,13 +127,25 @@ function setup_claude_configurations() {
   if [ "$ARG_MCP" != "" ]; then
     (
       cd "$ARG_WORKDIR"
-      while IFS= read -r server_name && IFS= read -r server_json; do
-        echo "------------------------"
-        echo "Executing: claude mcp add-json \"$server_name\" '$server_json' (in $ARG_WORKDIR)"
-        claude mcp add-json "$server_name" "$server_json" || echo "Warning: Failed to add MCP server '$server_name', continuing..."
-        echo "------------------------"
-        echo ""
-      done < <(echo "$ARG_MCP" | jq -r '.mcpServers | to_entries[] | .key, (.value | @json)')
+      add_mcp_servers "$ARG_MCP" "in $ARG_WORKDIR"
+    )
+  fi
+
+  if [ -n "$ARG_MCP_CONFIG_REMOTE_PATH" ] && [ "$ARG_MCP_CONFIG_REMOTE_PATH" != "[]" ]; then
+    (
+      cd "$ARG_WORKDIR"
+      for url in $(echo "$ARG_MCP_CONFIG_REMOTE_PATH" | jq -r '.[]'); do
+        echo "Fetching MCP configuration from: $url"
+        mcp_json=$(curl -fsSL "$url") || {
+          echo "Warning: Failed to fetch MCP configuration from '$url', continuing..."
+          continue
+        }
+        if ! echo "$mcp_json" | jq -e '.mcpServers' > /dev/null 2>&1; then
+          echo "Warning: Invalid MCP configuration from '$url' (missing mcpServers), continuing..."
+          continue
+        fi
+        add_mcp_servers "$mcp_json" "from $url"
+      done
     )
   fi
 

registry/coder/modules/claude-code/scripts/start.sh

@@ -16,6 +16,7 @@ ARG_REPORT_TASKS=${ARG_REPORT_TASKS:-true}
 ARG_ENABLE_BOUNDARY=${ARG_ENABLE_BOUNDARY:-false}
 ARG_BOUNDARY_VERSION=${ARG_BOUNDARY_VERSION:-"main"}
 ARG_COMPILE_FROM_SOURCE=${ARG_COMPILE_FROM_SOURCE:-false}
+ARG_USE_BOUNDARY_DIRECTLY=${ARG_USE_BOUNDARY_DIRECTLY:-false}
 ARG_CODER_HOST=${ARG_CODER_HOST:-}
 
 echo "--------------------------------"
@@ -30,12 +31,13 @@ printf "ARG_REPORT_TASKS: %s\n" "$ARG_REPORT_TASKS"
 printf "ARG_ENABLE_BOUNDARY: %s\n" "$ARG_ENABLE_BOUNDARY"
 printf "ARG_BOUNDARY_VERSION: %s\n" "$ARG_BOUNDARY_VERSION"
 printf "ARG_COMPILE_FROM_SOURCE: %s\n" "$ARG_COMPILE_FROM_SOURCE"
+printf "ARG_USE_BOUNDARY_DIRECTLY: %s\n" "$ARG_USE_BOUNDARY_DIRECTLY"
 printf "ARG_CODER_HOST: %s\n" "$ARG_CODER_HOST"
 
 echo "--------------------------------"
 
 function install_boundary() {
-  if [ "${ARG_COMPILE_FROM_SOURCE:-false}" = "true" ]; then
+  if [ "$ARG_COMPILE_FROM_SOURCE" = "true" ]; then
     # Install boundary by compiling from source
     echo "Compiling boundary from source (version: $ARG_BOUNDARY_VERSION)"
 
@@ -52,14 +54,16 @@ function install_boundary() {
     # Build the binary
     make build
 
-    # Install binary and wrapper script (optional)
+    # Install binary
     sudo cp boundary /usr/local/bin/
-    sudo cp scripts/boundary-wrapper.sh /usr/local/bin/boundary-run
-    sudo chmod +x /usr/local/bin/boundary-run
-  else
+    sudo chmod +x /usr/local/bin/boundary
+  elif [ "$ARG_USE_BOUNDARY_DIRECTLY" = "true" ]; then
     # Install boundary using official install script
     echo "Installing boundary using official install script (version: $ARG_BOUNDARY_VERSION)"
     curl -fsSL https://raw.githubusercontent.com/coder/boundary/main/install.sh | bash -s -- --version "$ARG_BOUNDARY_VERSION"
+  else
+    # Use coder boundary subcommand (default) - no installation needed
+    echo "Using coder boundary subcommand (provided by Coder)"
   fi
 }
 
@@ -212,15 +216,30 @@ function start_agentapi() {
 
   printf "Running claude code with args: %s\n" "$(printf '%q ' "${ARGS[@]}")"
 
-  if [ "${ARG_ENABLE_BOUNDARY:-false}" = "true" ]; then
+  if [ "$ARG_ENABLE_BOUNDARY" = "true" ]; then
     install_boundary
 
     printf "Starting with coder boundary enabled\n"
 
     BOUNDARY_ARGS+=()
 
+    # Determine which boundary command to use
+    if [ "$ARG_COMPILE_FROM_SOURCE" = "true" ] || [ "$ARG_USE_BOUNDARY_DIRECTLY" = "true" ]; then
+      # Use boundary binary directly (from compilation or release installation)
+      BOUNDARY_CMD=("boundary")
+    else
+      # Use coder boundary subcommand (default)
+      # Copy coder binary to coder-no-caps. Copying strips CAP_NET_ADMIN capabilities
+      # from the binary, which is necessary because boundary doesn't work with
+      # privileged binaries (you can't launch privileged binaries inside network
+      # namespaces unless you have sys_admin).
+      CODER_NO_CAPS="$(dirname "$(which coder)")/coder-no-caps"
+      cp "$(which coder)" "$CODER_NO_CAPS"
+      BOUNDARY_CMD=("$CODER_NO_CAPS" "boundary")
+    fi
+
     agentapi server --type claude --term-width 67 --term-height 1190 -- \
-      boundary-run "${BOUNDARY_ARGS[@]}" -- \
+      "${BOUNDARY_CMD[@]}" "${BOUNDARY_ARGS[@]}" -- \
       claude "${ARGS[@]}"
   else
     agentapi server --type claude --term-width 67 --term-height 1190 -- claude "${ARGS[@]}"