feat: add oneclaw module for 1Claw MCP integration#857
Open
kmjones1979 wants to merge 4 commits into
Open
Conversation
Add kmjones1979 namespace and oneclaw module, ported from 1clawAI/1claw-coder-workspace-module. Provides vault-backed secrets and MCP server config for AI coding agents in Coder workspaces. - Namespace: kmjones1979 (avatar from GitHub) - Module: oneclaw with three provisioning modes (terraform-native, shell bootstrap, manual) - Tests: main.tftest.hcl (5 runs) and main.test.ts (5 tests) - Scripts: provision.sh, bootstrap.sh, setup.sh Made-with: Cursor
Made-with: Cursor
…dling Addresses reviewer feedback on closed PR coder#845 that the module was "split up way more than usual" and did not follow the registry module schema. Structure (matches the coder/ namespace conventions): - Collapse variables.tf + outputs.tf into main.tf - Merge scripts/bootstrap.sh + scripts/setup.sh into a single scripts/run.sh executed by a single coder_script - Remove Terraform-native provisioning mode (scripts/provision.sh, null_resource.provision, master_api_key): it relied on local-exec writing a state file to the provisioner's cwd, which is ephemeral inside Coder template provisioners and therefore cannot round-trip credentials into coder_env - Keep two supported modes: bootstrap (human 1ck_ key, recommended) and manual (pre-provisioned scoped ocv_ key) Security hardening for the 1ck_ human bootstrap key: - Deliver the key via a sensitive coder_env (_ONECLAW_HUMAN_API_KEY) instead of templatefile() substitution, so the literal key never appears in the rendered script body stored in Terraform state or logged to the workspace's /tmp/coder-agent.log - Send the key to the 1Claw auth endpoint via curl --data-binary @- from stdin so it does not appear in process argv (ps/proc/cmdline) - Unset HUMAN_KEY and _ONECLAW_HUMAN_API_KEY as soon as auth completes so downstream processes do not inherit the key - Only the scoped ocv_ agent key and vault id are persisted to ~/.1claw/bootstrap.json and the MCP config files - README documents post-bootstrap cleanup (set human_api_key = "" once the state file exists) and the full security guarantees Tested end-to-end against a local Coder server with real 1Claw credentials: first boot, idempotent restart, and post-bootstrap cleanup all succeed and leave no copy of the 1ck_ value anywhere on the workspace filesystem or in its process environments. Made-with: Cursor
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new community namespace (kmjones1979) and a new Terraform module (oneclaw) to configure 1Claw vault-backed secrets access and write/merge MCP server configuration for AI agents in Coder workspaces, including an optional “bootstrap” flow that provisions 1Claw resources from inside the workspace.
Changes:
- Introduces
registry/kmjones1979/contributor namespace metadata (README + avatar reference). - Adds
registry/kmjones1979/modules/oneclaw/with Terraform module wiring (coder_env+coder_script) and a unifiedscripts/run.sh. - Adds Terraform (
main.tftest.hcl) and Bun (main.test.ts) tests covering manual vs bootstrap behavior and ensuring the human key is not embedded in the rendered script.
Reviewed changes
Copilot reviewed 6 out of 8 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| registry/kmjones1979/README.md | Adds namespace/frontmatter metadata for the new community contributor. |
| registry/kmjones1979/modules/oneclaw/README.md | Documents module usage (bootstrap/manual) and the security model/cleanup steps. |
| registry/kmjones1979/modules/oneclaw/main.tf | Implements the module’s inputs/outputs and Coder resources for env injection and startup script execution. |
| registry/kmjones1979/modules/oneclaw/main.tftest.hcl | Adds Terraform plan-based assertions for the module’s two operating modes and env/script wiring. |
| registry/kmjones1979/modules/oneclaw/main.test.ts | Adds integration-style tests validating rendered script behavior (including no human key literal). |
| registry/kmjones1979/modules/oneclaw/scripts/run.sh | Implements the bootstrap provisioning flow plus MCP config write/merge logic. |
| VAULT_NAME_IN="${VAULT_NAME}" | ||
| AGENT_NAME_IN="${AGENT_NAME}" | ||
| POLICY_PATH_IN="${POLICY_PATH}" | ||
| STATE_DIR=$(eval echo "${STATE_DIR}") |
|
|
||
| write_mcp_config() { | ||
| local target_path="$1" label="$2" tmp_file="$3" | ||
| target_path=$(eval echo "$target_path") |
Comment on lines
+108
to
+114
| vault=$(echo "$list_response" | python3 -c " | ||
| import json, sys | ||
| for v in json.load(sys.stdin).get('vaults', []): | ||
| if v['name'] == '$VAULT_NAME_IN': | ||
| print(v['id']); sys.exit(0) | ||
| sys.exit(1) | ||
| ") || die "Could not find existing vault named '$VAULT_NAME_IN'" |
Comment on lines
+214
to
+216
| log "WARNING: No API token or vault ID available — skipping MCP config" | ||
| log "Provide api_token + vault_id, or set human_api_key/master_api_key" | ||
| exit 0 |
Comment on lines
+118
to
+122
| variable "order" { | ||
| type = number | ||
| description = "The order determines the position of app in the UI presentation." | ||
| default = null | ||
| } |
|
|
||
| data "coder_workspace" "me" {} | ||
|
|
||
| data "coder_workspace_owner" "me" {} |
Comment on lines
+83
to
+86
| # Key is no longer needed; scrub from process memory before any other work. | ||
| HUMAN_KEY="" | ||
| unset HUMAN_KEY | ||
|
|
main.tf: - Remove unused `order` variable. coder_script does not support an order field, so the variable was dead code. - Remove unused `data "coder_workspace_owner" "me"` source. scripts/run.sh: - Replace `eval echo` (used to expand `$HOME` / `~` in user-overridable config paths) with a dedicated expand_path() helper that uses bash string substitution and a case statement. Adds unit-test coverage confirming that injected `$(...)` and backticks are not executed. - Rewrite the existing-vault lookup so the vault name is passed to Python via argv instead of being interpolated into the inline Python source. The JSON payload is now fed to Python on stdin via a here-string instead of via a pipe + here-doc combination, which shellcheck flagged (SC2259) as broken (the heredoc would have overridden the piped stdin and the program would have failed to parse the response). - `unset _ONECLAW_HUMAN_API_KEY` immediately after reading it into HUMAN_KEY at the top of the script, so the privileged bootstrap key is no longer visible in /proc/<pid>/environ for the lifetime of the script run. - Update the "no API token or vault ID" warning to drop the mention of `master_api_key`, which was removed earlier in this PR. Made-with: Cursor
Author
|
Thanks for the careful review — addressed all seven items in 4d5b414.
All checks still green: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Resubmission of #845 (closed for structural reasons) with the reviewer feedback addressed and additional security hardening of the bootstrap flow.
Adds the
kmjones1979namespace and theoneclawmodule, which provides vault-backed secrets and MCP server wiring for AI coding agents (Cursor, Claude Code) in Coder workspaces.Changes since #845
Structural (addresses @DevelopmentCats review)
The reviewer asked that the module follow the standard schema used in the
coder/namespace:Done:
variables.tfandoutputs.tfare consolidated intomain.tf.scripts/bootstrap.shandscripts/setup.share merged into a singlescripts/run.shexecuted by onecoder_script.scripts/provision.sh,null_resource.provision,master_api_key) is removed. That mode relied on alocal-execprovisioner writing a state file to the provisioner's cwd, which is ephemeral inside Coder template provisioners and cannot round-trip credentials intocoder_env. Two modes remain: bootstrap (recommended) and manual.Final tree:
Security hardening for the
1ck_human bootstrap keyThe
1ck_human API key is privileged (can create and destroy vaults in the caller's 1Claw account), so the module goes out of its way to make sure it cannot be recovered from the workspace after bootstrap:coder_envvariable (_ONECLAW_HUMAN_API_KEY) rather than viatemplatefile()substitution. As a result, the literal key never appears in the rendered script body that lives in Terraform state or in the Coder agent's/tmp/coder-agent.log. The rendered script only showsHUMAN_KEY="\${_ONECLAW_HUMAN_API_KEY:-}".curl --data-binary @-from stdin, so it never appears inps aux//proc/<pid>/cmdline.HUMAN_KEYand_ONECLAW_HUMAN_API_KEYare unset immediately after authentication, so downstream subprocesses spawned by the script do not inherit the key.ocv_agent key and the vault id are persisted to~/.1claw/bootstrap.jsonand the MCP config files.README.mddocuments a post-bootstrap cleanup flow: once the state file exists, the user is instructed to sethuman_api_key = ""in their Terraform so subsequent restarts do not reference the human key at all.Test plan
Verified against a local Coder server (v2.31.9) running the module with real 1Claw credentials.
terraform testpasses (4 runs, Terraform 1.14 via Docker)bun test main.test.tspasses (5 tests, including an explicit assertion that the human key value is not embedded in the rendered script)shellcheckis clean onscripts/run.shbun run fmtleaves the tree unchangedbootstrap.json+ Cursor/Claude MCP configshuman_api_key = "",coder update, restart) continues to work using cached credentials1ck_key value does not appear in any file on the workspace (state file, MCP configs, agent log, script log, shell init files,/proc/<pid>/environof any Coder process)Made with Cursor