From 00337b3bdfe59c27f28bc20afd73837d08395f91 Mon Sep 17 00:00:00 2001
From: Benjamin <benjaminpeinhardt@gmail.com>
Date: Mon, 6 Oct 2025 11:19:21 -0500
Subject: [PATCH] default unprivileged

---
 registry/coder/modules/claude-code/main.tf          |  7 +++++++
 registry/coder/modules/claude-code/scripts/start.sh | 13 +++++++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/registry/coder/modules/claude-code/main.tf b/registry/coder/modules/claude-code/main.tf
index 4d2ad66c..6034cd5c 100644
--- a/registry/coder/modules/claude-code/main.tf
+++ b/registry/coder/modules/claude-code/main.tf
@@ -204,6 +204,12 @@ variable "boundary_log_dir" {
   default     = "/tmp/boundary_logs"
 }
 
+variable "boundary_unprivileged" {
+  type        = bool
+  description = "Whether to use --unprivileged flag with coder boundary (recommended for security)"
+  default     = true
+}
+
 resource "coder_env" "claude_code_md_path" {
   count = var.claude_md_path == "" ? 0 : 1
 
@@ -286,6 +292,7 @@ module "agentapi" {
      ARG_AI_PROMPT='${base64encode(var.ai_prompt)}' \
      ARG_ENABLE_BOUNDARY='${var.enable_boundary}' \
      ARG_BOUNDARY_LOG_DIR='${var.boundary_log_dir}' \
+     ARG_BOUNDARY_UNPRIVILEGED='${var.boundary_unprivileged}' \
      ARG_CODER_HOST='${local.coder_host}' \
      /tmp/start.sh
    EOT
diff --git a/registry/coder/modules/claude-code/scripts/start.sh b/registry/coder/modules/claude-code/scripts/start.sh
index ccc22d90..00d536f7 100644
--- a/registry/coder/modules/claude-code/scripts/start.sh
+++ b/registry/coder/modules/claude-code/scripts/start.sh
@@ -17,6 +17,7 @@ ARG_WORKDIR=${ARG_WORKDIR:-"$HOME"}
 ARG_AI_PROMPT=$(echo -n "${ARG_AI_PROMPT:-}" | base64 -d)
 ARG_ENABLE_BOUNDARY=${ARG_ENABLE_BOUNDARY:-false}
 ARG_BOUNDARY_LOG_DIR=${ARG_BOUNDARY_LOG_DIR:-"/tmp/boundary_logs"}
+ARG_BOUNDARY_UNPRIVILEGED=${ARG_BOUNDARY_UNPRIVILEGED:-true}
 ARG_CODER_HOST=${ARG_CODER_HOST:-}
 
 echo "--------------------------------"
@@ -30,6 +31,7 @@ printf "ARG_AI_PROMPT: %s\n" "$ARG_AI_PROMPT"
 printf "ARG_WORKDIR: %s\n" "$ARG_WORKDIR"
 printf "ARG_ENABLE_BOUNDARY: %s\n" "$ARG_ENABLE_BOUNDARY"
 printf "ARG_BOUNDARY_LOG_DIR: %s\n" "$ARG_BOUNDARY_LOG_DIR"
+printf "ARG_BOUNDARY_UNPRIVILEGED: %s\n" "$ARG_BOUNDARY_UNPRIVILEGED"
 printf "ARG_CODER_HOST: %s\n" "$ARG_CODER_HOST"
 
 echo "--------------------------------"
@@ -84,9 +86,16 @@ function start_agentapi() {
   if [ "${ARG_ENABLE_BOUNDARY:-false}" = "true" ]; then
     mkdir -p "$ARG_BOUNDARY_LOG_DIR"
     printf "Starting with coder boundary enabled\n"
+    
+    # Build boundary args with conditional --unprivileged flag
+    BOUNDARY_ARGS=(--log-dir "$ARG_BOUNDARY_LOG_DIR")
+    if [ "${ARG_BOUNDARY_UNPRIVILEGED:-true}" = "true" ]; then
+      BOUNDARY_ARGS+=(--unprivileged)
+    fi
+    BOUNDARY_ARGS+=(--allow "*.anthropic.com" --allow "$ARG_CODER_HOST")
+    
     agentapi server --type claude --term-width 67 --term-height 1190 -- \
-      coder boundary --log-dir "$ARG_BOUNDARY_LOG_DIR" \
-      --allow "*.anthropic.com" --allow "$ARG_CODER_HOST" -- \
+      coder boundary "${BOUNDARY_ARGS[@]}" -- \
       claude "${ARGS[@]}"
   else
     agentapi server --type claude --term-width 67 --term-height 1190 -- claude "${ARGS[@]}"