diff --git a/.github/.linkspector.yml b/.github/.linkspector.yml index 50e9359f51..25af1ebe41 100644 --- a/.github/.linkspector.yml +++ b/.github/.linkspector.yml @@ -29,5 +29,6 @@ ignorePatterns: - pattern: "developer.hashicorp.com/terraform/language" - pattern: "platform.openai.com" - pattern: "api.openai.com" + - pattern: "openai.com" aliveStatusCodes: - 200 diff --git a/docs/ai-coder/agent-firewall/index.md b/docs/ai-coder/agent-firewall/index.md index 1a3a3e4420..d5d2921097 100644 --- a/docs/ai-coder/agent-firewall/index.md +++ b/docs/ai-coder/agent-firewall/index.md @@ -7,6 +7,10 @@ autonomous programs, such as AI agents, can access and use. of Agent Firewall blocking a process. > [!NOTE] +> Agent Firewall requires the [AI Governance Add-On](../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access Agent Firewall. +> > Agent Firewall was previously known as "Agent Boundaries". Some > configuration options and internal references still use the old name > and will be updated in a future release. diff --git a/docs/ai-coder/agent-firewall/landjail.md b/docs/ai-coder/agent-firewall/landjail.md index b03eaf648d..c8d50ae9f2 100644 --- a/docs/ai-coder/agent-firewall/landjail.md +++ b/docs/ai-coder/agent-firewall/landjail.md @@ -1,5 +1,10 @@ # landjail Jail Type +> [!NOTE] +> Agent Firewall requires the [AI Governance Add-On](../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access Agent Firewall. + landjail is Agent Firewall's alternative jail type that uses Landlock V4 for network isolation. diff --git a/docs/ai-coder/agent-firewall/nsjail/docker.md b/docs/ai-coder/agent-firewall/nsjail/docker.md index 5b88477f96..cb23a14bfe 100644 --- a/docs/ai-coder/agent-firewall/nsjail/docker.md +++ b/docs/ai-coder/agent-firewall/nsjail/docker.md @@ -1,5 +1,10 @@ # nsjail on Docker +> [!NOTE] +> Agent Firewall requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access Agent Firewall. + This page describes the runtime and permission requirements for running Agent Firewall with the **nsjail** jail type on **Docker**. diff --git a/docs/ai-coder/agent-firewall/nsjail/ecs.md b/docs/ai-coder/agent-firewall/nsjail/ecs.md index 9ed2755efb..257136f37d 100644 --- a/docs/ai-coder/agent-firewall/nsjail/ecs.md +++ b/docs/ai-coder/agent-firewall/nsjail/ecs.md @@ -1,5 +1,10 @@ # nsjail on ECS +> [!NOTE] +> Agent Firewall requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access Agent Firewall. + This page describes the runtime and permission requirements for running Agent Firewall with the **nsjail** jail type on **Amazon ECS**. diff --git a/docs/ai-coder/agent-firewall/nsjail/index.md b/docs/ai-coder/agent-firewall/nsjail/index.md index 9a2ed86e8e..d43971022d 100644 --- a/docs/ai-coder/agent-firewall/nsjail/index.md +++ b/docs/ai-coder/agent-firewall/nsjail/index.md @@ -1,5 +1,10 @@ # nsjail Jail Type +> [!NOTE] +> Agent Firewall requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access Agent Firewall. + nsjail is Agent Firewall's default jail type that uses Linux namespaces to provide process isolation. It creates unprivileged network namespaces to control and monitor network access for processes running under Boundary. diff --git a/docs/ai-coder/agent-firewall/nsjail/k8s.md b/docs/ai-coder/agent-firewall/nsjail/k8s.md index 0328633edc..0dd2eee0fc 100644 --- a/docs/ai-coder/agent-firewall/nsjail/k8s.md +++ b/docs/ai-coder/agent-firewall/nsjail/k8s.md @@ -1,5 +1,10 @@ # nsjail on Kubernetes +> [!NOTE] +> Agent Firewall requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access Agent Firewall. + This page describes the runtime and permission requirements for running Agent Firewall with the **nsjail** jail type on **Kubernetes**. diff --git a/docs/ai-coder/agent-firewall/rules-engine.md b/docs/ai-coder/agent-firewall/rules-engine.md index 8a8d12009a..e24ffcb1dd 100644 --- a/docs/ai-coder/agent-firewall/rules-engine.md +++ b/docs/ai-coder/agent-firewall/rules-engine.md @@ -1,5 +1,10 @@ # Rules Engine Documentation +> [!NOTE] +> Agent Firewall requires the [AI Governance Add-On](../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access Agent Firewall. + ## Overview The `rulesengine` package provides a flexible rule-based filtering system for diff --git a/docs/ai-coder/agent-firewall/version.md b/docs/ai-coder/agent-firewall/version.md index 4214a18447..e8bdef5556 100644 --- a/docs/ai-coder/agent-firewall/version.md +++ b/docs/ai-coder/agent-firewall/version.md @@ -1,5 +1,10 @@ # Version Requirements +> [!NOTE] +> Agent Firewall requires the [AI Governance Add-On](../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access Agent Firewall. + ## Recommended Versions It's recommended to use **Coder v2.30.0 or newer** and **Claude Code module diff --git a/docs/ai-coder/ai-gateway/ai-gateway-proxy/index.md b/docs/ai-coder/ai-gateway/ai-gateway-proxy/index.md index 186c56cf9e..0ed31e4629 100644 --- a/docs/ai-coder/ai-gateway/ai-gateway-proxy/index.md +++ b/docs/ai-coder/ai-gateway/ai-gateway-proxy/index.md @@ -1,5 +1,10 @@ # AI Gateway Proxy +> [!NOTE] +> AI Gateway Proxy requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway Proxy. + AI Gateway Proxy extends [AI Gateway](../index.md) to support clients that don't allow base URL overrides. While AI Gateway requires clients to support custom base URLs, many popular AI coding tools lack this capability. diff --git a/docs/ai-coder/ai-gateway/ai-gateway-proxy/setup.md b/docs/ai-coder/ai-gateway/ai-gateway-proxy/setup.md index f860a6fba1..006b6f2797 100644 --- a/docs/ai-coder/ai-gateway/ai-gateway-proxy/setup.md +++ b/docs/ai-coder/ai-gateway/ai-gateway-proxy/setup.md @@ -5,7 +5,7 @@ Once enabled, `coderd` runs the `aibridgeproxyd` in-memory and intercepts traffi **Required:** -1. AI Gateway must be enabled and configured (requires a **Premium** license with the [AI Governance Add-On](../../ai-governance.md)). See [AI Gateway Setup](../setup.md) for further information. +1. AI Gateway must be enabled and configured (requires the [AI Governance Add-On](../../ai-governance.md)). See [AI Gateway Setup](../setup.md) for further information. 1. AI Gateway Proxy must be [enabled](#proxy-configuration) using the server flag. 1. A [CA certificate](#ca-certificate) must be configured for MITM interception. 1. [Clients](#client-configuration) must be configured to use the proxy and trust the CA certificate. diff --git a/docs/ai-coder/ai-gateway/audit.md b/docs/ai-coder/ai-gateway/audit.md index 574cf2bcf9..a63f3c459f 100644 --- a/docs/ai-coder/ai-gateway/audit.md +++ b/docs/ai-coder/ai-gateway/audit.md @@ -1,5 +1,10 @@ # Auditing AI Sessions +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + AI Gateway groups intercepted requests into **sessions** and **threads** to show the causal relationships between human prompts and agent actions. This structure gives auditors clear provenance over who initiated what, and why. diff --git a/docs/ai-coder/ai-gateway/clients/claude-code.md b/docs/ai-coder/ai-gateway/clients/claude-code.md index a962194e56..6680de6ebf 100644 --- a/docs/ai-coder/ai-gateway/clients/claude-code.md +++ b/docs/ai-coder/ai-gateway/clients/claude-code.md @@ -1,5 +1,10 @@ # Claude Code +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + Claude Code can be configured using environment variables. All modes require a **[Coder API token](../../../admin/users/sessions-tokens.md#generate-a-long-lived-api-token-on-behalf-of-yourself)** for authentication with AI Gateway. ## Centralized API Key @@ -77,7 +82,7 @@ module "claude-code" { workdir = "/path/to/project" # Set to your project directory ai_prompt = data.coder_task.me.prompt - # Route through AI Gateway (Premium feature) + # Route through AI Gateway (AI Governance Add-On) enable_aibridge = true } ``` diff --git a/docs/ai-coder/ai-gateway/clients/cline.md b/docs/ai-coder/ai-gateway/clients/cline.md index 5b891de464..4cfa92269d 100644 --- a/docs/ai-coder/ai-gateway/clients/cline.md +++ b/docs/ai-coder/ai-gateway/clients/cline.md @@ -1,5 +1,10 @@ # Cline +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + Cline supports both OpenAI and Anthropic models and can be configured to use AI Gateway by setting providers. ## Configuration diff --git a/docs/ai-coder/ai-gateway/clients/codex.md b/docs/ai-coder/ai-gateway/clients/codex.md index 083035772e..2c25521608 100644 --- a/docs/ai-coder/ai-gateway/clients/codex.md +++ b/docs/ai-coder/ai-gateway/clients/codex.md @@ -1,5 +1,10 @@ # Codex CLI +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + Codex CLI can be configured to use AI Gateway by setting up a custom model provider. ## Centralized API Key diff --git a/docs/ai-coder/ai-gateway/clients/copilot.md b/docs/ai-coder/ai-gateway/clients/copilot.md index 1448ae82ad..ba7db474d6 100644 --- a/docs/ai-coder/ai-gateway/clients/copilot.md +++ b/docs/ai-coder/ai-gateway/clients/copilot.md @@ -1,5 +1,10 @@ # GitHub Copilot +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + [GitHub Copilot](https://github.com/features/copilot) is an AI coding assistant that doesn't support custom base URLs but does respect proxy configurations. This makes it compatible with [AI Gateway Proxy](../ai-gateway-proxy/index.md), which integrates with [AI Gateway](../index.md) for full access to auditing and governance features. To use Copilot with AI Gateway, make sure AI Gateway Proxy is properly configured, see [AI Gateway Proxy Setup](../ai-gateway-proxy/setup.md) for instructions. diff --git a/docs/ai-coder/ai-gateway/clients/factory.md b/docs/ai-coder/ai-gateway/clients/factory.md index e6c39cdac4..f0e7b1ac50 100644 --- a/docs/ai-coder/ai-gateway/clients/factory.md +++ b/docs/ai-coder/ai-gateway/clients/factory.md @@ -1,5 +1,10 @@ # Factory +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + Factort's Droid agent can be configured to use AI Gateway by setting up custom models for OpenAI and Anthropic. ## Centralized API Key diff --git a/docs/ai-coder/ai-gateway/clients/index.md b/docs/ai-coder/ai-gateway/clients/index.md index b541ff5005..63893e0c94 100644 --- a/docs/ai-coder/ai-gateway/clients/index.md +++ b/docs/ai-coder/ai-gateway/clients/index.md @@ -1,5 +1,10 @@ # Client Configuration +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + Once AI Gateway is setup on your deployment, the AI coding tools used by your users will need to be configured to route requests via AI Gateway. There are two ways to connect AI tools to AI Gateway: diff --git a/docs/ai-coder/ai-gateway/clients/jetbrains.md b/docs/ai-coder/ai-gateway/clients/jetbrains.md index d1a7513ea0..73b9f6963b 100644 --- a/docs/ai-coder/ai-gateway/clients/jetbrains.md +++ b/docs/ai-coder/ai-gateway/clients/jetbrains.md @@ -1,5 +1,10 @@ # JetBrains IDEs +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + JetBrains IDE (IntelliJ IDEA, PyCharm, WebStorm, etc.) support AI Gateway via the [third-party model configuration](https://www.jetbrains.com/help/ai-assistant/use-custom-models.html#provide-your-own-api-key) feature. ## Prerequisites diff --git a/docs/ai-coder/ai-gateway/clients/kilo-code.md b/docs/ai-coder/ai-gateway/clients/kilo-code.md index 1daa1b8200..810c1e9dee 100644 --- a/docs/ai-coder/ai-gateway/clients/kilo-code.md +++ b/docs/ai-coder/ai-gateway/clients/kilo-code.md @@ -1,5 +1,10 @@ # Kilo Code +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + Kilo Code allows you to configure providers via the UI and can be set up to use AI Gateway. ## Centralized API Key diff --git a/docs/ai-coder/ai-gateway/clients/mux.md b/docs/ai-coder/ai-gateway/clients/mux.md index 85478c71d2..60ce74b236 100644 --- a/docs/ai-coder/ai-gateway/clients/mux.md +++ b/docs/ai-coder/ai-gateway/clients/mux.md @@ -1,5 +1,10 @@ # Mux +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + Mux makes it easy to run parallel coding agents, each with its own isolated workspace, from your browser or desktop; it is open source and provider-agnostic. Mux can be configured to route OpenAI- and Anthropic-compatible traffic through AI Gateway by setting a custom provider base URL and using a Coder-issued token for authentication. diff --git a/docs/ai-coder/ai-gateway/clients/opencode.md b/docs/ai-coder/ai-gateway/clients/opencode.md index 9f746944fe..d98115b7fd 100644 --- a/docs/ai-coder/ai-gateway/clients/opencode.md +++ b/docs/ai-coder/ai-gateway/clients/opencode.md @@ -1,5 +1,10 @@ # OpenCode +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + OpenCode supports both OpenAI and Anthropic models and can be configured to use AI Gateway by setting custom base URLs for each provider. ## Centralized API Key diff --git a/docs/ai-coder/ai-gateway/clients/roo-code.md b/docs/ai-coder/ai-gateway/clients/roo-code.md index 175500b29e..730adec0fe 100644 --- a/docs/ai-coder/ai-gateway/clients/roo-code.md +++ b/docs/ai-coder/ai-gateway/clients/roo-code.md @@ -1,5 +1,10 @@ # Roo Code +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + Roo Code allows you to configure providers via the UI and can be set up to use AI Gateway. ## Configuration diff --git a/docs/ai-coder/ai-gateway/clients/vscode.md b/docs/ai-coder/ai-gateway/clients/vscode.md index f7dd84f666..d27a61459b 100644 --- a/docs/ai-coder/ai-gateway/clients/vscode.md +++ b/docs/ai-coder/ai-gateway/clients/vscode.md @@ -1,5 +1,10 @@ # VS Code +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + VS Code's native chat can be configured to use AI Gateway with the GitHub Copilot Chat extension's custom language model support. ## Centralized API Key diff --git a/docs/ai-coder/ai-gateway/clients/zed.md b/docs/ai-coder/ai-gateway/clients/zed.md index 2e3ac7a75b..7a53904a71 100644 --- a/docs/ai-coder/ai-gateway/clients/zed.md +++ b/docs/ai-coder/ai-gateway/clients/zed.md @@ -1,5 +1,10 @@ # Zed +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + Zed IDE supports AI Gateway via its `language_models` configuration in `settings.json`. ## Centralized API Key diff --git a/docs/ai-coder/ai-gateway/index.md b/docs/ai-coder/ai-gateway/index.md index ac8ec09831..39012a2471 100644 --- a/docs/ai-coder/ai-gateway/index.md +++ b/docs/ai-coder/ai-gateway/index.md @@ -18,6 +18,10 @@ AI Gateway solves 3 key problems: use. > [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. +> > AI Gateway was previously known as "AI Bridge". Some configuration > options, environment variables, and API paths still use the old name > and will be updated in a future release. diff --git a/docs/ai-coder/ai-gateway/mcp.md b/docs/ai-coder/ai-gateway/mcp.md index 824e5720f0..492b2f6522 100644 --- a/docs/ai-coder/ai-gateway/mcp.md +++ b/docs/ai-coder/ai-gateway/mcp.md @@ -1,5 +1,12 @@ # MCP +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + + + > [!WARNING] > Injected MCP in AI Gateway is deprecated. > It remains functional and will not be removed until diff --git a/docs/ai-coder/ai-gateway/monitoring.md b/docs/ai-coder/ai-gateway/monitoring.md index c0ccd3132f..8bd648a443 100644 --- a/docs/ai-coder/ai-gateway/monitoring.md +++ b/docs/ai-coder/ai-gateway/monitoring.md @@ -1,5 +1,10 @@ # Monitoring +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + AI Gateway records the last `user` prompt, token usage, model reasoning, and every tool invocation for each intercepted request. Each capture is tied to a single "interception" that maps back to the authenticated Coder identity, making it easy to attribute spend and behaviour. ![User Prompt logging](../../images/aibridge/grafana_user_prompts_logging.png) diff --git a/docs/ai-coder/ai-gateway/reference.md b/docs/ai-coder/ai-gateway/reference.md index 8efb53a89b..f5652e28a6 100644 --- a/docs/ai-coder/ai-gateway/reference.md +++ b/docs/ai-coder/ai-gateway/reference.md @@ -1,5 +1,10 @@ # Reference +> [!NOTE] +> AI Gateway requires the [AI Governance Add-On](../ai-governance.md). +> As of Coder v2.32, deployments without the add-on will not be able to +> access AI Gateway. + ## Implementation Details `coderd` runs an in-memory instance of `aibridged`, whose logic is mostly contained in https://github.com/coder/coder/tree/main/aibridge. In future releases we will support running external instances for higher throughput and complete memory isolation from `coderd`. diff --git a/docs/ai-coder/ai-gateway/setup.md b/docs/ai-coder/ai-gateway/setup.md index de7b301c3c..6c20149c6a 100644 --- a/docs/ai-coder/ai-gateway/setup.md +++ b/docs/ai-coder/ai-gateway/setup.md @@ -4,7 +4,7 @@ AI Gateway runs inside the Coder control plane (`coderd`), requiring no separate **Required**: -1. A **Premium** license with the [AI Governance Add-On](../ai-governance.md). +1. The [AI Governance Add-On](../ai-governance.md) license. 1. Feature must be [enabled](#activation) using the server flag 1. One or more [providers](#configure-providers) API key(s) must be configured diff --git a/docs/ai-coder/ai-governance.md b/docs/ai-coder/ai-governance.md index 8a0074c010..0c8f7b609a 100644 --- a/docs/ai-coder/ai-governance.md +++ b/docs/ai-coder/ai-governance.md @@ -1,4 +1,4 @@ -# AI Governance Add-On (Premium) +# AI Governance Add-On Coder Workspaces already lets teams run AI tools like [Cursor](https://registry.coder.com/modules/coder/cursor) and @@ -77,9 +77,9 @@ rates, and usage patterns to inform decisions about AI strategy. Starting with Coder v2.30 (February 2026), AI Gateway and Agent Firewall are generally available as part of the AI Governance Add-On. -The AI Governance add-on is required to use AI Gateway and Agent Firewall. -If your deployment does not have the add-on, you'll see a notification banner -reminding you to enable it. +As of Coder v2.32, the AI Governance Add-On is required to use AI Gateway and +Agent Firewall. Deployments without the add-on will not be able to access +these features. To learn more about enabling the AI Governance Add-On, pricing, or trial options, reach out to your diff --git a/docs/ai-coder/security.md b/docs/ai-coder/security.md index 83d882d753..67f5968719 100644 --- a/docs/ai-coder/security.md +++ b/docs/ai-coder/security.md @@ -1,3 +1,8 @@ +> [!NOTE] +> Features mentioned on this page, such as AI Gateway and Agent Firewall, +> require the [AI Governance Add-On](./ai-governance.md). As of Coder v2.32, +> deployments without the add-on will not be able to access these features. + As the AI landscape is evolving, we are working to ensure Coder remains a secure platform for running AI agents just as it is for other cloud development environments. diff --git a/docs/manifest.json b/docs/manifest.json index 2bd7b4f068..2522af9b37 100644 --- a/docs/manifest.json +++ b/docs/manifest.json @@ -1081,13 +1081,13 @@ "title": "AI Governance Add-On", "description": "Features around managing agents at scale", "path": "./ai-coder/ai-governance.md", - "state": ["premium"], + "state": ["ai governance add-on"], "children": [ { "title": "Agent Firewall", "description": "Understanding Agent Firewall in Coder Tasks", "path": "./ai-coder/agent-firewall/index.md", - "state": ["premium"], + "state": ["ai governance add-on"], "children": [ { "title": "NS Jail", @@ -1133,7 +1133,7 @@ "description": "AI Gateway for Enterprise Governance \u0026 Observability", "path": "./ai-coder/ai-gateway/index.md", "icon_path": "./images/icons/api.svg", - "state": ["premium"], + "state": ["ai governance add-on"], "children": [ { "title": "Setup", @@ -1222,7 +1222,7 @@ "title": "AI Gateway Proxy", "description": "Proxy for AI coding tools without base URL override support", "path": "./ai-coder/ai-gateway/ai-gateway-proxy/index.md", - "state": ["premium"], + "state": ["ai governance add-on"], "children": [ { "title": "Setup",