feat: provide boundary support for agent modules

[shanewhite97]

Description

Enable any agent module to run its AI agent inside Coder's Agent Boundaries.
The agentapi module handles boundary installation, config setup, and wrapper
script creation, then exports AGENTAPI_BOUNDARY_PREFIX for consuming modules
to use in their start scripts.

Supports three boundary installation modes:

• coder boundary subcommand (default, Coder v2.30+)
• Standalone binary via install script (use_boundary_directly)
• Compiled from source (compile_boundary_from_source)

Users must provide a boundary config.yaml with their allowlist and
settings when enabling boundary.

Closes #457

Type of Change

• Feature/enhancement

Module Information

Path: registry/coder/modules/agentapi
Breaking change: No

Testing & Validation

• Tests pass (bun test)
• Code formatted (bun fmt)
• Changes tested locally

[shanewhite97]

Proof of tests being completed:

[shanewhite97]

@matifali @zedkipp @evgeniy-scherbina

I believe this is now ready for review, if I have missed anything in the code or as part of the contributing process please just let me know and I will resolve, this is my first contribution.

Also, I was thinking it might be better to remove the Codex changes, and implement those in a separate PR once the new version of AgentAPI with the changes is released. But I will wait for your guidance before proceeding on that.
I will also likely some other modules as well once the agentapi changes are published.

Thanks!

[matifali]

@shanewhite97 We made some changes to how Codex starts in #781. Would be nice to take a look and rebase on main.

[shanewhite97]

@matifali yh I saw those, I think I will remove them out of this PR to keep things simple. Let me do that now.

I will also try to resolve the other pipeline errors

[Copilot]

Pull request overview

Adds optional Coder Boundary network filtering support to the shared agentapi module and wires it through to the Codex module so the Codex CLI can be executed behind boundary (nsjail/landjail), with documentation for how to enable it.

Changes:

• Add new Terraform inputs (enable_boundary, boundary_jail_type, boundary_proxy_port, boundary_config_path) to the agentapi module and pass them into the runtime script.
• Implement boundary setup in agentapi’s main.sh (config generation + exported wrapper) and update Codex start logic to invoke Codex via the wrapper when present.
• Bump the Codex module’s dependency on coder/agentapi to 2.2.0 and document boundary usage in the Codex README.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
registry/coder/modules/agentapi/scripts/main.sh	Adds boundary setup (config + exported wrapper) prior to running the module’s start script.
registry/coder/modules/agentapi/main.tf	Adds boundary-related variables and passes them as script args into main.sh.
registry/coder-labs/modules/codex/scripts/start.sh	Wraps the Codex invocation with BOUNDARY_WRAPPER when boundary is enabled.
registry/coder-labs/modules/codex/main.tf	Exposes boundary variables and forwards them to the agentapi module; bumps agentapi module version.
registry/coder-labs/modules/codex/README.md	Documents how to enable Boundary network filtering for Codex.

[shanewhite97]

@matifali I have added some changes based on the feedback, if you could run another review that would be appreciated :)

[35C4n0r]

@shanewhite97, let's also move these stuff to here over from registry/registry/coder/modules/claude-code/scripts/start.sh:

• install_boundary
• all the logic related to it
• agentapi exposes these 4 additional variables (these are from claude-code too)

variable "enable_boundary" {
  type        = bool
  description = "Whether to enable coder boundary for network filtering"
  default     = false
}

variable "boundary_version" {
  type        = string
  description = "Boundary version. When use_boundary_directly is true, a release version should be provided or 'latest' for the latest release. When compile_boundary_from_source is true, a valid git reference should be provided (tag, commit, branch)."
  default     = "latest"
}

variable "compile_boundary_from_source" {
  type        = bool
  description = "Whether to compile boundary from source instead of using the official install script"
  default     = false
}

variable "use_boundary_directly" {
  type        = bool
  description = "Whether to use boundary binary directly instead of coder boundary subcommand. When false (default), uses coder boundary subcommand. When true, installs and uses boundary binary from release."
  default     = false
}

Also in the agentapi-module, let's create a boundary.sh and move all the boundary related stuff there.

@35C4n0r I think I have addressed everything you have asked for, this makes a lot of sense, I am guessing you want to centralise the boundary code, so that Claude/Codex and all other modules just pass the variables in to enable, plus the boundary config then it's good to go?

Yes, the plan is to centralise the boundary bits. This way any of the modules can use/enable it with minimal changes.

[35C4n0r]

@shanewhite97 can you also raise a PR for codex to use boundary ? This way we can validate both the codex PR and the agentapi PR and make sure everything works perfectly.

when you make the PR for codex, you can use these agentapi changes (temporarily) in the same way I have done here: https://github.com/coder/registry/pull/705/changes#diff-e7adc2da34facfd5d16deb23876fca7ae4cb11c8a68a0cfbe37a044bb69932f0R358-R361

[shanewhite97]

@35C4n0r @matifali All requested changes should now be applied. Please continue to review while I work on the Codex PR 😄

[shanewhite97]

Codex PR created:
#795

[35C4n0r]

@shanewhite97 can you run this script and push

./.github/scripts/version-bump.sh minor

[shanewhite97]

@35C4n0r Is it normal for that script to pick up changes from a load of other modules?

[35C4n0r]

@35C4n0r Is it normal for that script to pick up changes from a load of other modules?

No it shouldn't do that, anyhow just push the readme update for the agentapi module.

[shanewhite97]

@35C4n0r Roger, that is done now :)

[35C4n0r]

Just one minor change, otherwise LGTM.

[shanewhite97]

@35C4n0r Accepted your change

[shanewhite97]

@35C4n0r @matifali I don't have merge permissions it seems. When merging, please can you squash the commits with the following message:

feat: provide boundary support for agent modules

Enable any agent module to run its AI agent inside Coder's Agent Boundaries.
The agentapi module handles boundary installation, config setup, and wrapper
script creation, then exports AGENTAPI_BOUNDARY_PREFIX for consuming modules
to use in their start scripts.

Users must provide a boundary config.yaml with their allowlist and
settings when enabling boundary.

[matifali]

LGTM