claude-code: boundary silently crashes if user is not logged into Coder #794
Description
Problem
When enable_boundary = true, coder boundary requires an active Coder session. If the workspace owner is not logged in (e.g. session token expired, or first-time setup), boundary crashes silently — Claude Code either fails to start or runs without any network restrictions, with no clear error surfaced to the user.
This is particularly bad because:
- The failure is silent, so the user doesn't know boundary isn't enforcing anything
- There's no mention in the module README that an active Coder login is a prerequisite
- A first-time user enabling boundary has no indication of why things aren't working
Proposed fixes
Two possible directions (not mutually exclusive):
-
Document the requirement — Add a note to the README that
enable_boundary = truerequires the workspace owner to have an active Coder session (coder login), and link to agent boundaries docs. -
Fail gracefully — If
coder boundarycan't authenticate, it should either:- Fall back to running Claude Code without boundary but emit a visible warning to the workspace terminal, so the user knows restrictions are not active
- Or hard-fail with a clear error message rather than a silent crash
The preferred behaviour is debatable — failing open (warn + run) is friendlier but less secure; failing closed (hard error) is safer but may frustrate users. At minimum, the failure should never be silent.
Steps to reproduce
- Create a workspace from a template using
claude-codemodule withenable_boundary = true - Ensure the workspace owner is not logged into Coder (or session is expired)
- Start the workspace — boundary crashes silently, no clear error surfaced