docs: update AI Governance label and add v2.32 requirement (#24708)

## Summary Replace the "Premium" label with "AI Governance Add-On" and add a disclaimer that the AI Governance Add-On is required for AI Gateway and Agent Firewall as of Coder v2.32, across all AI Governance doc pages and their children. ## Changes **Label and requirement updates (7 files):** - `docs/ai-coder/ai-governance.md`: Removed "(Premium)" from title; updated GA section to state add-on required as of v2.32. - `docs/ai-coder/ai-gateway/setup.md`: "Premium license" → "AI Governance Add-On license". - `docs/ai-coder/ai-gateway/ai-gateway-proxy/setup.md`: "Premium license" → "AI Governance Add-On". - `docs/ai-coder/ai-gateway/clients/claude-code.md`: "(Premium feature)" → "(AI Governance Add-On)". - `docs/manifest.json`: `"state": ["premium"]` → `"state": ["ai governance add-on"]` for 4 nav entries. **Disclaimer added to all child pages (26 files):** AI Gateway pages (18): `index.md`, `setup.md`, `audit.md`, `monitoring.md`, `mcp.md`, `reference.md`, `ai-gateway-proxy/index.md`, `ai-gateway-proxy/setup.md`, `clients/index.md`, `clients/claude-code.md`, `clients/codex.md`, `clients/mux.md`, `clients/opencode.md`, `clients/factory.md`, `clients/cline.md`, `clients/kilo-code.md`, `clients/roo-code.md`, `clients/vscode.md`, `clients/jetbrains.md`, `clients/zed.md`, `clients/copilot.md` Agent Firewall pages (8): `index.md`, `version.md`, `landjail.md`, `rules-engine.md`, `nsjail/index.md`, `nsjail/docker.md`, `nsjail/k8s.md`, `nsjail/ecs.md` Other: `security.md` > [!NOTE] > The `"ai governance add-on"` state value in `manifest.json` is new. The docs site renderer may need to be updated to support this state value. > Generated by Coder Agents
2026-06-02 20:48:20 +00:00 · 2026-05-07 15:09:54 -07:00
parent 400374992c
commit e9f0385198
33 changed files with 152 additions and 11 deletions
@@ -7,6 +7,10 @@ autonomous programs, such as AI agents, can access and use.
 of Agent Firewall blocking a process.

 > [!NOTE]
+> Agent Firewall requires the [AI Governance Add-On](../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access Agent Firewall.
+>
 > Agent Firewall was previously known as "Agent Boundaries". Some
 > configuration options and internal references still use the old name
 > and will be updated in a future release.
@@ -1,5 +1,10 @@
 # landjail Jail Type

+> [!NOTE]
+> Agent Firewall requires the [AI Governance Add-On](../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access Agent Firewall.
+
 landjail is Agent Firewall's alternative jail type that uses Landlock V4 for
 network isolation.

@@ -1,5 +1,10 @@
 # nsjail on Docker

+> [!NOTE]
+> Agent Firewall requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access Agent Firewall.
+
 This page describes the runtime and permission requirements for running Agent
 Firewall with the **nsjail** jail type on **Docker**.

@@ -1,5 +1,10 @@
 # nsjail on ECS

+> [!NOTE]
+> Agent Firewall requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access Agent Firewall.
+
 This page describes the runtime and permission requirements for running Agent
 Firewall with the **nsjail** jail type on **Amazon ECS**.

@@ -1,5 +1,10 @@
 # nsjail Jail Type

+> [!NOTE]
+> Agent Firewall requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access Agent Firewall.
+
 nsjail is Agent Firewall's default jail type that uses Linux namespaces to
 provide process isolation. It creates unprivileged network namespaces to control
 and monitor network access for processes running under Boundary.
@@ -1,5 +1,10 @@
 # nsjail on Kubernetes

+> [!NOTE]
+> Agent Firewall requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access Agent Firewall.
+
 This page describes the runtime and permission requirements for running Agent
 Firewall with the **nsjail** jail type on **Kubernetes**.

@@ -1,5 +1,10 @@
 # Rules Engine Documentation

+> [!NOTE]
+> Agent Firewall requires the [AI Governance Add-On](../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access Agent Firewall.
+
 ## Overview

 The `rulesengine` package provides a flexible rule-based filtering system for
@@ -1,5 +1,10 @@
 # Version Requirements

+> [!NOTE]
+> Agent Firewall requires the [AI Governance Add-On](../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access Agent Firewall.
+
 ## Recommended Versions

 It's recommended to use **Coder v2.30.0 or newer** and **Claude Code module
@@ -1,5 +1,10 @@
 # AI Gateway Proxy

+> [!NOTE]
+> AI Gateway Proxy requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway Proxy.
+
 AI Gateway Proxy extends [AI Gateway](../index.md) to support clients that don't allow base URL overrides.
 While AI Gateway requires clients to support custom base URLs, many popular AI coding tools lack this capability.

@@ -5,7 +5,7 @@ Once enabled, `coderd` runs the `aibridgeproxyd` in-memory and intercepts traffi

 **Required:**

-1. AI Gateway must be enabled and configured (requires a **Premium** license with the [AI Governance Add-On](../../ai-governance.md)). See [AI Gateway Setup](../setup.md) for further information.
+1. AI Gateway must be enabled and configured (requires the [AI Governance Add-On](../../ai-governance.md)). See [AI Gateway Setup](../setup.md) for further information.
 1. AI Gateway Proxy must be [enabled](#proxy-configuration) using the server flag.
 1. A [CA certificate](#ca-certificate) must be configured for MITM interception.
 1. [Clients](#client-configuration) must be configured to use the proxy and trust the CA certificate.
@@ -1,5 +1,10 @@
 # Auditing AI Sessions

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
 AI Gateway groups intercepted requests into **sessions** and **threads** to show
 the causal relationships between human prompts and agent actions. This
 structure gives auditors clear provenance over who initiated what, and why.
@@ -1,5 +1,10 @@
 # Claude Code

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
 Claude Code can be configured using environment variables. All modes require a **[Coder API token](../../../admin/users/sessions-tokens.md#generate-a-long-lived-api-token-on-behalf-of-yourself)** for authentication with AI Gateway.

 ## Centralized API Key
@@ -77,7 +82,7 @@ module "claude-code" {
  workdir        = "/path/to/project"  # Set to your project directory
  ai_prompt      = data.coder_task.me.prompt

-  # Route through AI Gateway (Premium feature)
+  # Route through AI Gateway (AI Governance Add-On)
  enable_aibridge = true
 }
 ```
@@ -1,5 +1,10 @@
 # Cline

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
 Cline supports both OpenAI and Anthropic models and can be configured to use AI Gateway by setting providers.

 ## Configuration
@@ -1,5 +1,10 @@
 # Codex CLI

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
 Codex CLI can be configured to use AI Gateway by setting up a custom model provider.

 ## Centralized API Key
@@ -1,5 +1,10 @@
 # GitHub Copilot

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
 [GitHub Copilot](https://github.com/features/copilot) is an AI coding assistant that doesn't support custom base URLs but does respect proxy configurations.
 This makes it compatible with [AI Gateway Proxy](../ai-gateway-proxy/index.md), which integrates with [AI Gateway](../index.md) for full access to auditing and governance features.
 To use Copilot with AI Gateway, make sure AI Gateway Proxy is properly configured, see [AI Gateway Proxy Setup](../ai-gateway-proxy/setup.md) for instructions.
@@ -1,5 +1,10 @@
 # Factory

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
 Factort's Droid agent can be configured to use AI Gateway by setting up custom models for OpenAI and Anthropic.

 ## Centralized API Key
@@ -1,5 +1,10 @@
 # Client Configuration

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
 Once AI Gateway is setup on your deployment, the AI coding tools used by your users will need to be configured to route requests via AI Gateway.

 There are two ways to connect AI tools to AI Gateway:
@@ -1,5 +1,10 @@
 # JetBrains IDEs

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
 JetBrains IDE (IntelliJ IDEA, PyCharm, WebStorm, etc.) support AI Gateway via the [third-party model configuration](https://www.jetbrains.com/help/ai-assistant/use-custom-models.html#provide-your-own-api-key) feature.

 ## Prerequisites
@@ -1,5 +1,10 @@
 # Kilo Code

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
 Kilo Code allows you to configure providers via the UI and can be set up to use AI Gateway.

 ## Centralized API Key
@@ -1,5 +1,10 @@
 # Mux

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
 Mux makes it easy to run parallel coding agents, each with its own isolated workspace, from your browser or desktop; it is open source and provider-agnostic.

 Mux can be configured to route OpenAI- and Anthropic-compatible traffic through AI Gateway by setting a custom provider base URL and using a Coder-issued token for authentication.
@@ -1,5 +1,10 @@
 # OpenCode

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
 OpenCode supports both OpenAI and Anthropic models and can be configured to use AI Gateway by setting custom base URLs for each provider.

 ## Centralized API Key
@@ -1,5 +1,10 @@
 # Roo Code

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
 Roo Code allows you to configure providers via the UI and can be set up to use AI Gateway.

 ## Configuration
@@ -1,5 +1,10 @@
 # VS Code

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
 VS Code's native chat can be configured to use AI Gateway with the GitHub Copilot Chat extension's custom language model support.

 ## Centralized API Key
@@ -1,5 +1,10 @@
 # Zed

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
 Zed IDE supports AI Gateway via its `language_models` configuration in `settings.json`.

 ## Centralized API Key
@@ -18,6 +18,10 @@ AI Gateway solves 3 key problems:
   use.

 > [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+>
 > AI Gateway was previously known as "AI Bridge". Some configuration
 > options, environment variables, and API paths still use the old name
 > and will be updated in a future release.
@@ -1,5 +1,12 @@
 # MCP

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
+<!-- -->
+
 > [!WARNING]
 > Injected MCP in AI Gateway is deprecated.
 > It remains functional and will not be removed until
@@ -1,5 +1,10 @@
 # Monitoring

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
 AI Gateway records the last `user` prompt, token usage, model reasoning, and every tool invocation for each intercepted request. Each capture is tied to a single "interception" that maps back to the authenticated Coder identity, making it easy to attribute spend and behaviour.

 ![User Prompt logging](../../images/aibridge/grafana_user_prompts_logging.png)
@@ -1,5 +1,10 @@
 # Reference

+> [!NOTE]
+> AI Gateway requires the [AI Governance Add-On](../ai-governance.md).
+> As of Coder v2.32, deployments without the add-on will not be able to
+> access AI Gateway.
+
 ## Implementation Details

 `coderd` runs an in-memory instance of `aibridged`, whose logic is mostly contained in https://github.com/coder/coder/tree/main/aibridge. In future releases we will support running external instances for higher throughput and complete memory isolation from `coderd`.
@@ -4,7 +4,7 @@ AI Gateway runs inside the Coder control plane (`coderd`), requiring no separate

 **Required**:

-1. A **Premium** license with the [AI Governance Add-On](../ai-governance.md).
+1. The [AI Governance Add-On](../ai-governance.md) license.
 1. Feature must be [enabled](#activation) using the server flag
 1. One or more [providers](#configure-providers) API key(s) must be configured

@@ -1,4 +1,4 @@
-# AI Governance Add-On (Premium)
+# AI Governance Add-On

 Coder Workspaces already lets teams run AI tools like
 [Cursor](https://registry.coder.com/modules/coder/cursor) and
@@ -77,9 +77,9 @@ rates, and usage patterns to inform decisions about AI strategy.
 Starting with Coder v2.30 (February 2026), AI Gateway and Agent Firewall are
 generally available as part of the AI Governance Add-On.

-The AI Governance add-on is required to use AI Gateway and Agent Firewall.
-If your deployment does not have the add-on, you'll see a notification banner
-reminding you to enable it.
+As of Coder v2.32, the AI Governance Add-On is required to use AI Gateway and
+Agent Firewall. Deployments without the add-on will not be able to access
+these features.

 To learn more about enabling the AI Governance Add-On, pricing, or trial
 options, reach out to your
@@ -1,3 +1,8 @@
+> [!NOTE]
+> Features mentioned on this page, such as AI Gateway and Agent Firewall,
+> require the [AI Governance Add-On](./ai-governance.md). As of Coder v2.32,
+> deployments without the add-on will not be able to access these features.
+
 As the AI landscape is evolving, we are working to ensure Coder remains a secure
 platform for running AI agents just as it is for other cloud development
 environments.