You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/ai-coder/agent-boundary.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,35 +11,35 @@ The easiest way to use Agent Boundaries is through existing Coder modules, such
11
11
>[!NOTE]
12
12
>The Coder Boundary CLI is free and open source. Integrations with the core product, such as through modules, offers strong isolation and is available to Coder Premium customers.
13
13
14
-
#Supported Agents
14
+
##Supported Agents
15
15
16
16
Coder Boundary supports the securing of any terminal-based agent, including your own custom agents.
17
17
18
-
#Features
18
+
##Features
19
19
20
20
Boundaries extend Coder's trusted workspaces with a defense-in-depth model that detects and prevents destructive actions without reducing productivity by slowing down workflows or blocking automation. They offer the following features:
21
21
22
22
-_Policy-driven access controls_: limit what an agent can access (repos, registries, APIs, files, commands)
23
23
-_Network policy enforcement_: block domains, subnets, or HTTP verbs to prevent exfiltration
24
24
-_Audit-ready_: centralize logs, exportable for compliance, with full visibility into agent actions
25
25
26
-
#Architecture
26
+
##Architecture
27
27
28
28
Agent Boundary runs in two locations:
29
29
- Workspace: Boundary runs alongside your agent or tool, wrapping its process and enforcing outbound network policy at runtime
30
30
- Control place (Premium): Module-level config toggles enforcement and routes audit logs to centralized governance
31
31
32
32
[More detail to be added here]
33
33
34
-
#Getting Started with Boundary
34
+
##Getting Started with Boundary
35
35
36
36
There are two ways to use Agent Boundaries in your project.
37
37
38
38
Users of Coder Premium can enable Agent Boundaries simply by updating to the latest versions of their preferred coding agent modules, which integrate with Coder with just a few lines of Terraform. Once configured by platform admins, developers get agent-ready environments automatically - no extra setup required.
39
39
40
40
All other users can use Agent Boundaries through its[open source CLI](https://github.com/coder/boundary), which can be run to wrap any process or invoked through rules in a YAML file.
41
41
42
-
##Option 1) Apply Boundary through Coder modules
42
+
###Option 1) Apply Boundary through Coder modules
43
43
44
44
This option is available to Coder Premium users. It is the easiest way to use Agent Boundaries and offers centralized policy management with strong isolation.
45
45
@@ -62,13 +62,13 @@ To apply Agent Boundaries through Coder modules, follow the instructions below.
62
62
63
63
[More detail to be added here]
64
64
65
-
##Option 2) Wrap the agent process with the Boundary CLI
65
+
###Option 2) Wrap the agent process with the Boundary CLI
66
66
67
67
Users can also run Boundary directly in your workspace and configure it per template or per script. While free tier users won't get centralized policy management or the deeper, "strong isolation," they can still enforce per workspace network rules and log decisions locally.
68
68
69
69
There are two ways to integrate the open source Boundary CLI into a workspace.
70
70
71
-
###Wrap a command inline with flags
71
+
####Wrap a command inline with flags
72
72
73
73
1. Install the[binary](https://github.com/coder/boundary) into the workspace image or at start-up. You can do so with the following command:
74
74
@@ -104,7 +104,7 @@ There are two ways to integrate the open source Boundary CLI into a workspace.
104
104
105
105
Additional information, such as Allow Rules, can be found in the [repository README](https://github.com/coder/boundary).
106
106
107
-
### Use a config file (YAML) to set rules
107
+
#### Use a config file (YAML) to set rules
108
108
109
109
Another option is to define rules in a YAML file, which only needs to be invoked once as opposed to through flags with each command.
110
110
@@ -143,6 +143,6 @@ Another option is to define rules in a YAML file, which only needs to be invoked
143
143
144
144
You will notice that the rules are automatically applied without any need for additional customization.
145
145
146
-
## Opting out of Boundary
146
+
### Opting out of Boundary
147
147
148
148
If you tried Boundary through a Coder module and decided you don't want to use it, you can turn it off by setting the flag to `boundary_enabled=false`.