You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/ai-coder/agent-boundary.md
+2-31Lines changed: 2 additions & 31 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,45 +21,16 @@ Boundaries extend Coder's trusted workspaces with a defense-in-depth model that
21
21
-_Network policy enforcement_: block domains, subnets, or HTTP verbs to prevent exfiltration
22
22
-_Audit-ready_: centralize logs, exportable for compliance, with full visibility into agent actions
23
23
24
-
##Architecture
25
24
26
-
Agent Boundary runs in two locations:
27
-
28
-
- Workspace: Boundary runs alongside your agent or tool, wrapping its process and enforcing outbound network policy at runtime
29
-
- Control place (Premium): Module-level config toggles enforcement and routes audit logs to centralized governance
30
-
31
-
[More detail to be added here]
32
25
33
26
##Getting Started with Boundary
34
27
35
-
There are two ways to use Agent Boundaries in your project.
36
-
37
-
Users of Coder Premium can enable Agent Boundaries simply by updating to the latest versions of their preferred coding agent modules, which integrate with Coder with just a few lines of Terraform. Once configured by platform admins, developers get agent-ready environments automatically - no extra setup required.
38
-
39
-
All other users can use Agent Boundaries through its[open source CLI](https://github.com/coder/boundary), which can be run to wrap any process or invoked through rules in a YAML file.
40
-
41
-
###Option 1) Apply Boundary through Coder modules
42
-
43
-
This option is available to Coder Premium users. It is the easiest way to use Agent Boundaries and offers centralized policy management with strong isolation.
44
-
45
-
This integration offers:
28
+
For Early Access, users can use Agent Boundaries through its[open source CLI](https://github.com/coder/boundary), which can be run to wrap any process or invoked through rules in a YAML file.
46
29
47
-
- A built-in`coder boundary` subcommand
48
-
- Module authors do not need to ship or manage a separate binary
49
-
- A clean module interface
50
-
- Template admins toggle policy per template by using variables
51
-
- Stronger isolation and centralized governance hooks
52
-
- Protection beyond what is offered by the CLI path
30
+
Eventually, users of Coder Premium can enable Agent Boundaries simply by updating to the latest versions of their preferred coding agent modules, which integrate with Coder with just a few lines of Terraform. Once configured by platform admins, developers get agent-ready environments automatically - no extra setup required.
53
31
54
-
To apply Agent Boundaries through Coder modules, follow the instructions below:
55
32
56
-
1. Ensure that you have installed or updated to the latest version of the[Claude Code module](https://registry.coder.com/modules/coder/claude-code)
57
-
1. In the template that calls the module, set`module.boundary_configuration.enabled = true`
58
-
1. Choose a policy expression
59
-
- For simple rules, you can insert a variation of this example:`provide allow = ["domain=github.com path=/api/*", "method=GET,HEAD domain=github.com"]`
60
-
- For complexrules, you can package a YAML file into the workspace image or mount a path and set`config_path`
61
33
62
-
[More detail to be added here]
63
34
64
35
###Option 2) Wrap the agent process with the Boundary CLI