fix: address review comments on boundary config validation and safety checks

- Update boundary_config_b64 local and ARG_BOUNDARY_CONFIG_PATH interpolation to treat empty/whitespace-only strings as not set using trimspace() checks, not just null checks - Add unified post-fi check in start.sh that BOUNDARY_CONFIG_FILE exists and is non-empty after writing/linking, exits with clear error if not Generated with OpenClaw using Claude
2026-04-04 15:27:22 +00:00 · 2026-04-04 15:27:22 +00:00 · 8f6853522d
commit 8f6853522d
parent 20993b042f
2 changed files with 7 additions and 2 deletions
--- a/registry/coder/modules/claude-code/main.tf
+++ b/registry/coder/modules/claude-code/main.tf
@ -364,7 +364,7 @@ locals {
  module_dir_name = ".claude-module"
  # Extract hostname from access_url for boundary --allow flag
  coder_host          = replace(replace(data.coder_workspace.me.access_url, "https://", ""), "http://", "")
-  boundary_config_b64 = var.boundary_config != null ? base64encode(var.boundary_config) : ""
+  boundary_config_b64 = var.boundary_config != null && trimspace(var.boundary_config) != "" ? base64encode(var.boundary_config) : ""
  claude_api_key      = var.enable_aibridge ? data.coder_workspace_owner.me.session_token : var.claude_api_key

  # Required prompts for the module to properly report task status to Coder
@ -441,7 +441,7 @@ module "agentapi" {
    ARG_USE_BOUNDARY_DIRECTLY='${var.use_boundary_directly}' \
    ARG_CODER_HOST='${local.coder_host}' \
    ARG_BOUNDARY_CONFIG='${local.boundary_config_b64}' \
-    ARG_BOUNDARY_CONFIG_PATH='${var.boundary_config_path != null ? var.boundary_config_path : ""}' \
+    ARG_BOUNDARY_CONFIG_PATH='${var.boundary_config_path != null && trimspace(var.boundary_config_path) != "" ? trimspace(var.boundary_config_path) : ""}' \
    ARG_CLAUDE_BINARY_PATH='${var.claude_binary_path}' \
    /tmp/start.sh
  EOT
--- a/registry/coder/modules/claude-code/scripts/start.sh
+++ b/registry/coder/modules/claude-code/scripts/start.sh
@ -250,6 +250,11 @@ function start_agentapi() {
      fi
    fi

+    if [ ! -s "$BOUNDARY_CONFIG_FILE" ]; then
+      printf "Error: boundary configuration file '%s' does not exist or is empty. Check ARG_BOUNDARY_CONFIG/ARG_BOUNDARY_CONFIG_PATH.\n" "$BOUNDARY_CONFIG_FILE" >&2
+      exit 1
+    fi
+
    install_boundary

    printf "Starting with coder boundary enabled\n"