mirror of
https://github.com/coder/coder.git
synced 2026-06-03 21:18:24 +00:00
Matt Vollmer
481c132135
Addresses five documentation gaps identified from an internal agents briefing Q&A, specifically around what permissions an agent inherits from the user: 1. **No privilege escalation** — Added explicit statement that the agent has the exact same permissions as the user. No escalation, no shared service account. 2. **Cross-user workspace isolation** — Added statement that agents cannot access workspaces belonging to other users. 3. **Default-state warning** — Added WARNING callouts that agent workspaces inherit the user's full network access unless templates explicitly restrict it. 4. **Tool boundary statement** — Added explicit statement that the agent cannot act outside its defined tool set and has no direct access to the Coder API. 5. **Template visibility scoped to user RBAC** — Clarified that template selection respects the user's role and permissions. Changes across 3 files: - `docs/ai-coder/agents/index.md` - `docs/ai-coder/agents/architecture.md` - `docs/ai-coder/agents/platform-controls/template-optimization.md` --- PR generated with Coder Agents