Summary

Resubmission of #845 (closed for structural reasons) with the reviewer feedback addressed and additional security hardening of the bootstrap flow.

Adds the kmjones1979 namespace and the oneclaw module, which provides vault-backed secrets and MCP server wiring for AI coding agents (Cursor, Claude Code) in Coder workspaces.

Changes since #845

Structural (addresses @DevelopmentCats review)

The reviewer asked that the module follow the standard schema used in the coder/ namespace:

Generally in almost all cases you would just have: main.tf, README.md, main.test.ts, main.tftest.hcl and script files which amount to maybe one or two scripts.

Done:

• variables.tf and outputs.tf are consolidated into main.tf.
• scripts/bootstrap.sh and scripts/setup.sh are merged into a single scripts/run.sh executed by one coder_script.
• The Terraform-native provisioning mode (scripts/provision.sh, null_resource.provision, master_api_key) is removed. That mode relied on a local-exec provisioner writing a state file to the provisioner's cwd, which is ephemeral inside Coder template provisioners and cannot round-trip credentials into coder_env. Two modes remain: bootstrap (recommended) and manual.

Final tree:

registry/kmjones1979/
├── README.md
├── .images/avatar.png
└── modules/oneclaw/
    ├── README.md
    ├── main.tf
    ├── main.test.ts
    ├── main.tftest.hcl
    └── scripts/run.sh

Security hardening for the 1ck_ human bootstrap key

The 1ck_ human API key is privileged (can create and destroy vaults in the caller's 1Claw account), so the module goes out of its way to make sure it cannot be recovered from the workspace after bootstrap:

1. The key is delivered to the script as a sensitive coder_env variable (_ONECLAW_HUMAN_API_KEY) rather than via templatefile() substitution. As a result, the literal key never appears in the rendered script body that lives in Terraform state or in the Coder agent's /tmp/coder-agent.log. The rendered script only shows HUMAN_KEY="\${_ONECLAW_HUMAN_API_KEY:-}".
2. The key is sent to the 1Claw auth endpoint via curl --data-binary @- from stdin, so it never appears in ps aux / /proc/<pid>/cmdline.
3. HUMAN_KEY and _ONECLAW_HUMAN_API_KEY are unset immediately after authentication, so downstream subprocesses spawned by the script do not inherit the key.
4. Only the scoped ocv_ agent key and the vault id are persisted to ~/.1claw/bootstrap.json and the MCP config files.
5. README.md documents a post-bootstrap cleanup flow: once the state file exists, the user is instructed to set human_api_key = "" in their Terraform so subsequent restarts do not reference the human key at all.

Test plan

Verified against a local Coder server (v2.31.9) running the module with real 1Claw credentials.

• terraform test passes (4 runs, Terraform 1.14 via Docker)
• bun test main.test.ts passes (5 tests, including an explicit assertion that the human key value is not embedded in the rendered script)
• shellcheck is clean on scripts/run.sh
• bun run fmt leaves the tree unchanged
• Live workspace on local Coder: first boot creates vault + agent + policy and writes bootstrap.json + Cursor/Claude MCP configs
• Live workspace restart is idempotent — the script detects the state file and skips provisioning
• Post-bootstrap cleanup flow (human_api_key = "", coder update, restart) continues to work using cached credentials
• Filesystem audit after each scenario confirms the 1ck_ key value does not appear in any file on the workspace (state file, MCP configs, agent log, script log, shell init files, /proc/<pid>/environ of any Coder process)

Made with Cursor