mirror of
https://github.com/coder/coder.git
synced 2026-06-04 21:48:22 +00:00
blinkagent[bot]
c75c57c250
## Summary This PR restructures the Agent Boundaries documentation to improve URL clarity and consistency: ### Changes - Renames `/docs/ai-coder/boundary/` to `/docs/ai-coder/agent-boundaries/` - Renames `agent-boundary.md` to `index.md` for cleaner URLs - Updates all internal doc references to the new paths - Updates `manifest.json` with new paths - Updates prose references from "Boundary" to "Agent Boundaries" throughout the documentation (33 changes across 4 files) ### New URL structure | Old URL | New URL | |---------|----------| | `/docs/ai-coder/boundary/agent-boundary` | `/docs/ai-coder/agent-boundaries` | | `/docs/ai-coder/boundary/nsjail` | `/docs/ai-coder/agent-boundaries/nsjail` | | `/docs/ai-coder/boundary/landjail` | `/docs/ai-coder/agent-boundaries/landjail` | | `/docs/ai-coder/boundary/rules-engine` | `/docs/ai-coder/agent-boundaries/rules-engine` | | `/docs/ai-coder/boundary/version` | `/docs/ai-coder/agent-boundaries/version` | ### Follow-up required Redirects need to be added to `coder/coder.com` for the old URLs: - `/docs/ai-coder/agent-boundary` → `/docs/ai-coder/agent-boundaries` (this one is currently 404'ing from Google search results) - `/docs/ai-coder/boundary/:path*` → `/docs/ai-coder/agent-boundaries/:path*` --- Created on behalf of @mattvollmer --------- Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com> Co-authored-by: Matt Vollmer <matthewjvollmer@outlook.com>
16 lines
437 B
Markdown
16 lines
437 B
Markdown
# landjail Jail Type
|
|
|
|
landjail is Agent Boundaries' alternative jail type that uses Landlock V4 for
|
|
network isolation.
|
|
|
|
## Overview
|
|
|
|
Agent Boundaries uses Landlock V4 to enforce network restrictions:
|
|
|
|
- All `bind` syscalls are forbidden
|
|
- All `connect` syscalls are forbidden except to the port that is used by http
|
|
proxy
|
|
|
|
This provides network isolation without requiring network namespace capabilities
|
|
or special Docker permissions.
|