You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/ai-coder/agent-boundary.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -149,24 +149,24 @@ Another option is to define rules in a YAML file, which only needs to be invoked
149
149
150
150
### Unprivileged vs. Privileged Mode
151
151
152
-
There are two approaches you can take to secure your agentic workflows with Agent Boundary.
152
+
There are two approaches you can take to secure your agentic workflows with Agent Boundary.
153
153
154
154
#### Unprivileged Mode
155
155
156
-
In this case, a specific agent process or tool (for example, Claude Code or a CLI agent) runs inside of a constrained sandbox. This is the default mode in which Boundary will operate in and does not require root access.
156
+
In this case, a specific agent process or tool (for example, Claude Code or a CLI agent) runs inside of a constrained sandbox. This is the default mode in which Boundary will operate in and does not require root access.
157
157
158
-
Agents are prevented from reaching restricted domains or exfiltrating data, without blocking the rest of the dev's environment.
158
+
Agents are prevented from reaching restricted domains or exfiltrating data, without blocking the rest of the dev's environment.
159
159
160
-
This is the fastest way to add real guardrails, but a determined user could still operate a tool outside of Boundary restrictions because the broader environment allows it. This mode relies on tools respecting certain settings, like HTTP proxies, and can lead to silent failures if a tool bypasses them.
160
+
This is the fastest way to add real guardrails, but a determined user could still operate a tool outside of Boundary restrictions because the broader environment allows it. This mode relies on tools respecting certain settings, like HTTP proxies, and can lead to silent failures if a tool bypasses them.
161
161
162
162
#### Privileged Mode
163
163
164
-
In this case, boundaries are enforced at the level of the environment that the agent lives in. These are workspace- or session-level controls, including how the developer connects to it.
164
+
In this case, boundaries are enforced at the level of the environment that the agent lives in. These are workspace- or session-level controls, including how the developer connects to it.
165
165
166
-
Currently, this must be turned on with a flag and ran with higher-level permissions such as root access or `CapNetAdmin`.
166
+
Currently, this must be turned on with a flag and ran with higher-level permissions such as root access or `CapNetAdmin`.
167
167
168
-
In addition to process-level egress rules, privileged mode locks down all pathways that could bypass policy, such as restricting or disabling SSH tunnels or parallel unbound IDEs. This delivers deterministic, policy-as-code enforcement and offers the highest assurance for regulated environments, but results in slightly more friction for mixed human-and-agent workflows.
168
+
In addition to process-level egress rules, privileged mode locks down all pathways that could bypass policy, such as restricting or disabling SSH tunnels or parallel unbound IDEs. This delivers deterministic, policy-as-code enforcement and offers the highest assurance for regulated environments, but results in slightly more friction for mixed human-and-agent workflows.
169
169
170
170
### Opting out of Boundary
171
171
172
-
If you tried Boundary through a Coder module and decided you don't want to use it, you can turn it off by setting the flag to `boundary_enabled=false`.
172
+
If you tried Boundary through a Coder module and decided you don't want to use it, you can turn it off by setting the flag to `boundary_enabled=false`.