shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-04 05:28:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e94de0bdabcaeed735d468bb6d279d06f8b8b2d1
coder/docs/ai-coder/agent-boundaries/rules-engine.md
T
blinkagent[bot] c75c57c250 docs: restructure agent boundaries from /boundary/ to /agent-boundaries/ (#21798) 
## Summary

This PR restructures the Agent Boundaries documentation to improve URL
clarity and consistency:

### Changes
- Renames `/docs/ai-coder/boundary/` to
`/docs/ai-coder/agent-boundaries/`
- Renames `agent-boundary.md` to `index.md` for cleaner URLs
- Updates all internal doc references to the new paths
- Updates `manifest.json` with new paths
- Updates prose references from "Boundary" to "Agent Boundaries"
throughout the documentation (33 changes across 4 files)

### New URL structure
| Old URL | New URL |
|---------|----------|
| `/docs/ai-coder/boundary/agent-boundary` |
`/docs/ai-coder/agent-boundaries` |
| `/docs/ai-coder/boundary/nsjail` |
`/docs/ai-coder/agent-boundaries/nsjail` |
| `/docs/ai-coder/boundary/landjail` |
`/docs/ai-coder/agent-boundaries/landjail` |
| `/docs/ai-coder/boundary/rules-engine` |
`/docs/ai-coder/agent-boundaries/rules-engine` |
| `/docs/ai-coder/boundary/version` |
`/docs/ai-coder/agent-boundaries/version` |

### Follow-up required

Redirects need to be added to `coder/coder.com` for the old URLs:
- `/docs/ai-coder/agent-boundary` → `/docs/ai-coder/agent-boundaries`
(this one is currently 404'ing from Google search results)
- `/docs/ai-coder/boundary/:path*` →
`/docs/ai-coder/agent-boundaries/:path*`

---

Created on behalf of @mattvollmer

---------

Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: Matt Vollmer <matthewjvollmer@outlook.com>
2026-02-02 07:48:34 -06:00

108 lines
4.9 KiB
Markdown
Raw Blame History

# Rules Engine Documentation
## Overview
The `rulesengine` package provides a flexible rule-based filtering system for
HTTP/HTTPS requests. Rules use a simple key-value syntax with support for
wildcards and multiple values.
### Basic Syntax
Rules follow the format: `key=value [key=value ...]` with three supported keys:
- **`method`**: HTTP method(s) - Any HTTP method (e.g., `GET`, `POST`, `PUT`,
`DELETE`), `*` (all methods), or comma-separated list
- **`domain`**: Domain/hostname pattern - `github.com`, `*.example.com`, `*`
(all domains)
- **`path`**: URL path pattern - `/api/users`, `/api/*/users`, `*` (all paths),
or comma-separated list
**Key behavior**:
- If a key is omitted, it matches all values
- Multiple key-value pairs in one rule are separated by whitespace
- Multiple rules in the allowlist are OR'd together (OR logic)
- Default deny: if no rule matches, the request is denied
**Examples**:
```yaml
allowlist:
- domain=github.com # All methods, all paths for github.com (exact match)
- domain=*.github.com # All subdomains of github.com
- method=GET,POST domain=api.example.com # GET/POST to api.example.com (exact match)
- domain=api.example.com path=/users,/posts # Multiple paths
- method=GET domain=github.com path=/api/* # All three keys
```
---
## Wildcard Symbol for Domains
The `*` wildcard matches domain labels (parts separated by dots).
| Pattern | Matches | Does NOT Match |
|----------------|-------------------------------------------------------------|--------------------------------------------------------------------------|
| `*` | All domains | - |
| `github.com` | `github.com` (exact match only) | `api.github.com`, `v1.api.github.com` (subdomains), `github.io` |
| `*.github.com` | `api.github.com`, `v1.api.github.com` (1+ subdomain levels) | `github.com` (base domain) |
| `api.*.com` | `api.github.com`, `api.google.com` | `api.v1.github.com` (`*` in the middle matches exactly one domain label) |
| `*.*.com` | `api.example.com`, `api.v1.github.com` | - |
| `api.*` | ❌ **ERROR** - Cannot end with `*` | - |
**Important**:
- Patterns without `*` match **exactly** (no automatic subdomain matching)
- `*.example.com` matches one or more subdomain levels
- To match both base domain and subdomains, use separate rules:
`domain=github.com` and `domain=*.github.com`
- Domain patterns **cannot end with asterisk**
---
## Wildcard Symbol for Paths
The `*` wildcard matches path segments (parts separated by slashes).
| Pattern | Matches | Does NOT Match |
|----------------|------------------------------------------------------------|-----------------------------------------|
| `*` | All paths | - |
| `/api/users` | `/api/users` | `/api/users/123` (subpaths don't match) |
| `/api/*` | `/api/users`, `/api/posts` | `/api` |
| `/api/*/users` | `/api/v1/users`, `/api/v2/users` | `/api/users`, `/api/v1/v2/users` |
| `/*/users` | `/api/users`, `/v1/users` | `/api/v1/users` |
| `/api/v1/*` | `/api/v1/users`, `/api/v1/users/123/details` (1+ segments) | `/api/v1` |
**Important**:
- `*` matches **exactly one segment** (except at the end)
- `*` at the **end** matches **one or more segments** (special behavior)
- `*` must match an entire segment (cannot be part of a segment like
`/api/user*`)
---
## Special Meaning of Wildcard at Beginning and End
| Position | Domain | Path |
|------------|---------------------|-----------------------|
| Beginning | 1+ subdomain levels | Exactly 1 segment |
| Middle | Exactly 1 label | Exactly 1 segment |
| End | ❌ Not allowed | 1+ segments (special) |
| Standalone | All domains | All paths |
---
## Multipath
Specify multiple paths in a single rule by separating them with commas:
```yaml
allowlist:
- domain=api.example.com path=/users,/posts,/comments
- domain=api.example.com path=/api,/api/*
```
`NOTE`: The pattern `/api/*` does not include the base path `/api`. To match
both, use `path=/api,/api/*`.
Reference in New Issue View Git Blame Copy Permalink