From b60ea7c583817cf3d72502948b6b92125ba2ed7c Mon Sep 17 00:00:00 2001
From: Zach Kipp <zach.kipp@coder.com>
Date: Fri, 5 Dec 2025 13:41:53 -0700
Subject: [PATCH] fix(claude-code): add audit socket for boundary logs
 reporting

Pass --audit-socket to boundary so it reports network events to the
Coder agent, which forwards them to coderd for display in the UI.
---
 registry/coder/modules/claude-code/scripts/start.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/registry/coder/modules/claude-code/scripts/start.sh b/registry/coder/modules/claude-code/scripts/start.sh
index 737052f8..d48f1c11 100644
--- a/registry/coder/modules/claude-code/scripts/start.sh
+++ b/registry/coder/modules/claude-code/scripts/start.sh
@@ -215,6 +215,16 @@ function start_agentapi() {
 
     # Build boundary args - using --simple mode (no sudo/capabilities required)
     BOUNDARY_ARGS=(--simple --log-dir "$ARG_BOUNDARY_LOG_DIR")
+    
+    # Add audit socket for reporting to Coder agent
+    AUDIT_SOCKET="${TMPDIR:-/tmp}/coder-boundary-audit.sock"
+    if [ -S "$AUDIT_SOCKET" ]; then
+      BOUNDARY_ARGS+=(--audit-socket "$AUDIT_SOCKET")
+      printf "Using audit socket: %s\n" "$AUDIT_SOCKET"
+    else
+      printf "Warning: Audit socket not found at %s - boundary logs won't be reported to Coder\n" "$AUDIT_SOCKET"
+    fi
+    
     # Add default allowed URLs
     BOUNDARY_ARGS+=(--allow "domain=anthropic.com" --allow "domain=registry.npmjs.org" --allow "domain=sentry.io" --allow "domain=claude.ai" --allow "domain=${ARG_CODER_HOST%%:*}")