Skip to content

Commit 7e42a14

Browse files
evgeniy-scherbinaDevelopmentCatsmatifali
authored
feat: dropping perms before running claude (#509)
Co-authored-by: DevCats <christofer@coder.com> Co-authored-by: Atif Ali <atif@coder.com>
1 parent 0ff3dbc commit 7e42a14

File tree

2 files changed

+8
-17
lines changed

2 files changed

+8
-17
lines changed

registry/coder/modules/claude-code/README.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ Run the [Claude Code](https://docs.anthropic.com/en/docs/agents-and-tools/claude
1313
```tf
1414
module "claude-code" {
1515
source = "registry.coder.com/coder/claude-code/coder"
16-
version = "3.3.1"
16+
version = "3.3.2"
1717
agent_id = coder_agent.example.id
1818
workdir = "/home/coder/project"
1919
claude_api_key = "xxxx-xxxxx-xxxx"
@@ -51,7 +51,7 @@ module "claude-code" {
5151
boundary_log_level = "WARN"
5252
boundary_additional_allowed_urls = ["GET *google.com"]
5353
boundary_proxy_port = "8087"
54-
version = "3.3.1"
54+
version = "3.3.2"
5555
}
5656
```
5757

@@ -70,7 +70,7 @@ data "coder_parameter" "ai_prompt" {
7070
7171
module "claude-code" {
7272
source = "registry.coder.com/coder/claude-code/coder"
73-
version = "3.3.1"
73+
version = "3.3.2"
7474
agent_id = coder_agent.example.id
7575
workdir = "/home/coder/project"
7676
@@ -106,7 +106,7 @@ Run and configure Claude Code as a standalone CLI in your workspace.
106106
```tf
107107
module "claude-code" {
108108
source = "registry.coder.com/coder/claude-code/coder"
109-
version = "3.3.1"
109+
version = "3.3.2"
110110
agent_id = coder_agent.example.id
111111
workdir = "/home/coder"
112112
install_claude_code = true
@@ -129,7 +129,7 @@ variable "claude_code_oauth_token" {
129129
130130
module "claude-code" {
131131
source = "registry.coder.com/coder/claude-code/coder"
132-
version = "3.3.1"
132+
version = "3.3.2"
133133
agent_id = coder_agent.example.id
134134
workdir = "/home/coder/project"
135135
claude_code_oauth_token = var.claude_code_oauth_token
@@ -202,7 +202,7 @@ resource "coder_env" "bedrock_api_key" {
202202
203203
module "claude-code" {
204204
source = "registry.coder.com/coder/claude-code/coder"
205-
version = "3.3.1"
205+
version = "3.3.2"
206206
agent_id = coder_agent.example.id
207207
workdir = "/home/coder/project"
208208
model = "global.anthropic.claude-sonnet-4-5-20250929-v1:0"
@@ -259,7 +259,7 @@ resource "coder_env" "google_application_credentials" {
259259
260260
module "claude-code" {
261261
source = "registry.coder.com/coder/claude-code/coder"
262-
version = "3.3.1"
262+
version = "3.3.2"
263263
agent_id = coder_agent.example.id
264264
workdir = "/home/coder/project"
265265
model = "claude-sonnet-4@20250514"

registry/coder/modules/claude-code/scripts/start.sh

Lines changed: 1 addition & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -166,18 +166,9 @@ function start_agentapi() {
166166
BOUNDARY_ARGS+=(--pprof-port ${ARG_BOUNDARY_PPROF_PORT})
167167
fi
168168

169-
# Remove --dangerously-skip-permissions from ARGS when using boundary (it doesn't work with elevated permissions)
170-
# Create a new array without the dangerous permissions flag
171-
CLAUDE_ARGS=()
172-
for arg in "${ARGS[@]}"; do
173-
if [ "$arg" != "--dangerously-skip-permissions" ]; then
174-
CLAUDE_ARGS+=("$arg")
175-
fi
176-
done
177-
178169
agentapi server --allowed-hosts="*" --type claude --term-width 67 --term-height 1190 -- \
179170
sudo -E env PATH=$PATH setpriv --inh-caps=+net_admin --ambient-caps=+net_admin --bounding-set=+net_admin boundary "${BOUNDARY_ARGS[@]}" -- \
180-
claude "${CLAUDE_ARGS[@]}"
171+
claude "${ARGS[@]}"
181172
else
182173
agentapi server --type claude --term-width 67 --term-height 1190 -- claude "${ARGS[@]}"
183174
fi

0 commit comments

Comments
 (0)