From 465e6d052be0d8b5a82cfa6a3784530515cc9008 Mon Sep 17 00:00:00 2001
From: YEVHENII SHCHERBINA <yevhenii@coder.com>
Date: Sat, 25 Oct 2025 00:33:42 +0000
Subject: [PATCH 1/6] fix: drop perms for boundary process

---
 registry/coder/modules/claude-code/scripts/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/registry/coder/modules/claude-code/scripts/start.sh b/registry/coder/modules/claude-code/scripts/start.sh
index 1daae35f6..48d6bc962 100644
--- a/registry/coder/modules/claude-code/scripts/start.sh
+++ b/registry/coder/modules/claude-code/scripts/start.sh
@@ -167,7 +167,7 @@ function start_agentapi() {
     fi
 
     agentapi server --allowed-hosts="*" --type claude --term-width 67 --term-height 1190 -- \
-      sudo -E env PATH=$PATH setpriv --inh-caps=+net_admin --ambient-caps=+net_admin --bounding-set=+net_admin boundary "${BOUNDARY_ARGS[@]}" -- \
+      sudo -E env PATH=$PATH setpriv --reuid=$(id -u) --regid=$(id -g) --inh-caps=+net_admin --ambient-caps=+net_admin --bounding-set=+net_admin boundary "${BOUNDARY_ARGS[@]}" -- \
       claude "${ARGS[@]}"
   else
     agentapi server --type claude --term-width 67 --term-height 1190 -- claude "${ARGS[@]}"

From 08082a5e9840f7d2d262014a0ba0523d72830e2b Mon Sep 17 00:00:00 2001
From: YEVHENII SHCHERBINA <yevhenii@coder.com>
Date: Sat, 25 Oct 2025 00:50:33 +0000
Subject: [PATCH 2/6] add debug logs

---
 registry/coder/modules/claude-code/scripts/start.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/registry/coder/modules/claude-code/scripts/start.sh b/registry/coder/modules/claude-code/scripts/start.sh
index 48d6bc962..8446f00e2 100644
--- a/registry/coder/modules/claude-code/scripts/start.sh
+++ b/registry/coder/modules/claude-code/scripts/start.sh
@@ -166,6 +166,9 @@ function start_agentapi() {
       BOUNDARY_ARGS+=(--pprof-port ${ARG_BOUNDARY_PPROF_PORT})
     fi
 
+    echo $(id -u) > /tmp/yevhenii-debug.logs
+    echo $(id -g) >> /tmp/yevhenii-debug.logs
+
     agentapi server --allowed-hosts="*" --type claude --term-width 67 --term-height 1190 -- \
       sudo -E env PATH=$PATH setpriv --reuid=$(id -u) --regid=$(id -g) --inh-caps=+net_admin --ambient-caps=+net_admin --bounding-set=+net_admin boundary "${BOUNDARY_ARGS[@]}" -- \
       claude "${ARGS[@]}"

From 17236041debe94255bb475b53f255985d2acd893 Mon Sep 17 00:00:00 2001
From: YEVHENII SHCHERBINA <yevhenii@coder.com>
Date: Sat, 25 Oct 2025 00:54:05 +0000
Subject: [PATCH 3/6] add debug logs

---
 registry/coder/modules/claude-code/scripts/start.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/registry/coder/modules/claude-code/scripts/start.sh b/registry/coder/modules/claude-code/scripts/start.sh
index 8446f00e2..90da8b728 100644
--- a/registry/coder/modules/claude-code/scripts/start.sh
+++ b/registry/coder/modules/claude-code/scripts/start.sh
@@ -169,6 +169,9 @@ function start_agentapi() {
     echo $(id -u) > /tmp/yevhenii-debug.logs
     echo $(id -g) >> /tmp/yevhenii-debug.logs
 
+    echo ${BOUNDARY_ARGS[@]} >> /tmp/yevhenii-debug.logs
+    echo ${ARGS[@]} >> /tmp/yevhenii-debug.logs
+
     agentapi server --allowed-hosts="*" --type claude --term-width 67 --term-height 1190 -- \
       sudo -E env PATH=$PATH setpriv --reuid=$(id -u) --regid=$(id -g) --inh-caps=+net_admin --ambient-caps=+net_admin --bounding-set=+net_admin boundary "${BOUNDARY_ARGS[@]}" -- \
       claude "${ARGS[@]}"

From 19bfe6617f25ed6bede4486f2b0c5ce2de17fc01 Mon Sep 17 00:00:00 2001
From: YEVHENII SHCHERBINA <yevhenii@coder.com>
Date: Sat, 25 Oct 2025 00:58:20 +0000
Subject: [PATCH 4/6] fix: minor bug

---
 registry/coder/modules/claude-code/scripts/start.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/registry/coder/modules/claude-code/scripts/start.sh b/registry/coder/modules/claude-code/scripts/start.sh
index 90da8b728..1419debfc 100644
--- a/registry/coder/modules/claude-code/scripts/start.sh
+++ b/registry/coder/modules/claude-code/scripts/start.sh
@@ -173,7 +173,8 @@ function start_agentapi() {
     echo ${ARGS[@]} >> /tmp/yevhenii-debug.logs
 
     agentapi server --allowed-hosts="*" --type claude --term-width 67 --term-height 1190 -- \
-      sudo -E env PATH=$PATH setpriv --reuid=$(id -u) --regid=$(id -g) --inh-caps=+net_admin --ambient-caps=+net_admin --bounding-set=+net_admin boundary "${BOUNDARY_ARGS[@]}" -- \
+      sudo -E env PATH=$PATH setpriv --reuid=$(id -u) --regid=$(id -g) --clear-groups \
+      --inh-caps=+net_admin --ambient-caps=+net_admin --bounding-set=+net_admin boundary "${BOUNDARY_ARGS[@]}" -- \
       claude "${ARGS[@]}"
   else
     agentapi server --type claude --term-width 67 --term-height 1190 -- claude "${ARGS[@]}"

From 37ef765207cc9ecfba4247b813a7858fa795feb6 Mon Sep 17 00:00:00 2001
From: YEVHENII SHCHERBINA <yevhenii@coder.com>
Date: Sat, 25 Oct 2025 01:07:13 +0000
Subject: [PATCH 5/6] remove debug logs

---
 registry/coder/modules/claude-code/scripts/start.sh | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/registry/coder/modules/claude-code/scripts/start.sh b/registry/coder/modules/claude-code/scripts/start.sh
index 1419debfc..704526753 100644
--- a/registry/coder/modules/claude-code/scripts/start.sh
+++ b/registry/coder/modules/claude-code/scripts/start.sh
@@ -166,12 +166,6 @@ function start_agentapi() {
       BOUNDARY_ARGS+=(--pprof-port ${ARG_BOUNDARY_PPROF_PORT})
     fi
 
-    echo $(id -u) > /tmp/yevhenii-debug.logs
-    echo $(id -g) >> /tmp/yevhenii-debug.logs
-
-    echo ${BOUNDARY_ARGS[@]} >> /tmp/yevhenii-debug.logs
-    echo ${ARGS[@]} >> /tmp/yevhenii-debug.logs
-
     agentapi server --allowed-hosts="*" --type claude --term-width 67 --term-height 1190 -- \
       sudo -E env PATH=$PATH setpriv --reuid=$(id -u) --regid=$(id -g) --clear-groups \
       --inh-caps=+net_admin --ambient-caps=+net_admin --bounding-set=+net_admin boundary "${BOUNDARY_ARGS[@]}" -- \

From a954059a7c08194cd0f92deadbc8fdbb630004d1 Mon Sep 17 00:00:00 2001
From: YEVHENII SHCHERBINA <yevhenii@coder.com>
Date: Sat, 25 Oct 2025 01:16:42 +0000
Subject: [PATCH 6/6] update module version

---
 registry/coder/modules/claude-code/README.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/registry/coder/modules/claude-code/README.md b/registry/coder/modules/claude-code/README.md
index af0e58e87..c311eeb7e 100644
--- a/registry/coder/modules/claude-code/README.md
+++ b/registry/coder/modules/claude-code/README.md
@@ -13,7 +13,7 @@ Run the [Claude Code](https://docs.anthropic.com/en/docs/agents-and-tools/claude
 ```tf
 module "claude-code" {
   source         = "registry.coder.com/coder/claude-code/coder"
-  version        = "3.3.2"
+  version        = "3.3.3"
   agent_id       = coder_agent.example.id
   workdir        = "/home/coder/project"
   claude_api_key = "xxxx-xxxxx-xxxx"
@@ -51,7 +51,7 @@ module "claude-code" {
   boundary_log_level               = "WARN"
   boundary_additional_allowed_urls = ["GET *google.com"]
   boundary_proxy_port              = "8087"
-  version                          = "3.3.2"
+  version                          = "3.3.3"
 }
 ```
 
@@ -70,7 +70,7 @@ data "coder_parameter" "ai_prompt" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "3.3.2"
+  version  = "3.3.3"
   agent_id = coder_agent.example.id
   workdir  = "/home/coder/project"
 
@@ -106,7 +106,7 @@ Run and configure Claude Code as a standalone CLI in your workspace.
 ```tf
 module "claude-code" {
   source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "3.3.2"
+  version             = "3.3.3"
   agent_id            = coder_agent.example.id
   workdir             = "/home/coder"
   install_claude_code = true
@@ -129,7 +129,7 @@ variable "claude_code_oauth_token" {
 
 module "claude-code" {
   source                  = "registry.coder.com/coder/claude-code/coder"
-  version                 = "3.3.2"
+  version                 = "3.3.3"
   agent_id                = coder_agent.example.id
   workdir                 = "/home/coder/project"
   claude_code_oauth_token = var.claude_code_oauth_token
@@ -202,7 +202,7 @@ resource "coder_env" "bedrock_api_key" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "3.3.2"
+  version  = "3.3.3"
   agent_id = coder_agent.example.id
   workdir  = "/home/coder/project"
   model    = "global.anthropic.claude-sonnet-4-5-20250929-v1:0"
@@ -259,7 +259,7 @@ resource "coder_env" "google_application_credentials" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "3.3.2"
+  version  = "3.3.3"
   agent_id = coder_agent.example.id
   workdir  = "/home/coder/project"
   model    = "claude-sonnet-4@20250514"