diff --git a/registry/coder/modules/claude-code/main.tf b/registry/coder/modules/claude-code/main.tf index 6034cd5c..9d3c4a8b 100644 --- a/registry/coder/modules/claude-code/main.tf +++ b/registry/coder/modules/claude-code/main.tf @@ -210,6 +210,12 @@ variable "boundary_unprivileged" { default = true } +variable "boundary_additional_allowed_urls" { + type = list(string) + description = "Additional URLs to allow through boundary (in addition to default allowed URLs)" + default = [] +} + resource "coder_env" "claude_code_md_path" { count = var.claude_md_path == "" ? 0 : 1 @@ -293,6 +299,7 @@ module "agentapi" { ARG_ENABLE_BOUNDARY='${var.enable_boundary}' \ ARG_BOUNDARY_LOG_DIR='${var.boundary_log_dir}' \ ARG_BOUNDARY_UNPRIVILEGED='${var.boundary_unprivileged}' \ + ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS='${join(" ", var.boundary_additional_allowed_urls)}' \ ARG_CODER_HOST='${local.coder_host}' \ /tmp/start.sh EOT diff --git a/registry/coder/modules/claude-code/scripts/start.sh b/registry/coder/modules/claude-code/scripts/start.sh index 00d536f7..5dd959d4 100644 --- a/registry/coder/modules/claude-code/scripts/start.sh +++ b/registry/coder/modules/claude-code/scripts/start.sh @@ -92,7 +92,16 @@ function start_agentapi() { if [ "${ARG_BOUNDARY_UNPRIVILEGED:-true}" = "true" ]; then BOUNDARY_ARGS+=(--unprivileged) fi - BOUNDARY_ARGS+=(--allow "*.anthropic.com" --allow "$ARG_CODER_HOST") + # Add default allowed URLs + BOUNDARY_ARGS+=(--allow "*.anthropic.com" --allow "registry.npmjs.org" --allow "*.sentry.io" --allow "claude.ai" --allow "$ARG_CODER_HOST") + + # Add any additional allowed URLs from the variable + if [ -n "$ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS" ]; then + IFS=' ' read -ra ADDITIONAL_URLS <<< "$ARG_BOUNDARY_ADDITIONAL_ALLOWED_URLS" + for url in "${ADDITIONAL_URLS[@]}"; do + BOUNDARY_ARGS+=(--allow "$url") + done + fi agentapi server --type claude --term-width 67 --term-height 1190 -- \ coder boundary "${BOUNDARY_ARGS[@]}" -- \