coder · evgeniy-scherbina · Nov 17, 2025 · Nov 17, 2025 · Nov 17, 2025 · Nov 17, 2025
diff --git a/docs/ai-coder/agent-boundary.md b/docs/ai-coder/agent-boundary.md
@@ -16,32 +16,86 @@ Agent Boundaries offer network policy enforcement, which blocks domains and HTTP
 
 The easiest way to use Agent Boundaries is through existing Coder modules, such as the [Claude Code module](https://registry.coder.com/modules/coder/claude-code). It can also be ran directly in the terminal by installing the [CLI](https://github.com/coder/boundary).
 
-Below is an example of how to configure Agent Boundaries for usage in your workspace.
+There are two supported ways to configure Boundary today:
+
+1. **Inline module configuration** – fastest for quick testing.
+2. **External `config.yaml`** – best when you need a large allow list or want everyone who launches Boundary manually to share the same config.
+
+### Option 1: Inline module configuration (quick start)
+
+Put every setting directly in the Terraform module when you just want to experiment:
 
 ```tf
 module "claude-code" {
   source              = "dev.registry.coder.com/coder/claude-code/coder"
+  version             = "4.1.0"
   enable_boundary     = true
-  boundary_version    = "main"
-  boundary_log_dir    = "/tmp/boundary_logs" 
+  boundary_version    = "v0.2.0"
+  boundary_log_dir    = "/tmp/boundary_logs"
   boundary_log_level  = "WARN"
-  boundary_additional_allowed_urls = ["GET *google.com"]
+  boundary_additional_allowed_urls = ["domain=google.com"]
   boundary_proxy_port = "8087"
-  version             = "3.2.1"
 }
 ```
 
-- `boundary_version` defines what version of Boundary is being applied. This is set to `main`, which points to the main branch of `coder/boundary`.
+All Boundary knobs live in Terraform, so you can iterate quickly without creating extra files.
+
+### Option 2: Keep policy in `config.yaml` (extensive allow lists)
+
+When you need to maintain a long allow list or share a detailed policy with teammates, keep Terraform minimal and move the rest into `config.yaml`:
+
+```tf
+module "claude-code" {
+  source              = "dev.registry.coder.com/coder/claude-code/coder"
+  version             = "4.1.0"
+  enable_boundary     = true
+  boundary_version    = "v0.2.0"
+}
+```
+
+Then create a `config.yaml` file in your template directory with your policy:
+
+```yaml
+allowlist:
+  - "domain=google.com"
+  - "method=GET,HEAD domain=api.github.com"
+  - "method=POST domain=api.example.com path=/users,/posts"
+log_dir: /tmp/boundary_logs
+proxy_port: 8087
+log_level: warn
+```
+
+Add a `coder_script` resource to mount the configuration file into the workspace filesystem:
+
+```tf
+resource "coder_script" "boundary_config_setup" {
+  agent_id     = coder_agent.dev.id
+  display_name = "Boundary Setup Configuration"
+  run_on_start = true
+
+  script = <<-EOF
+    #!/bin/sh
+    mkdir -p ~/.config/coder_boundary
+    echo '${base64encode(file("${path.module}/config.yaml"))}' | base64 -d > ~/.config/coder_boundary/config.yaml
+    chmod 600 ~/.config/coder_boundary/config.yaml
+  EOF
+}
+```
+
+Boundary automatically reads `config.yaml` from `~/.config/coder_boundary/` when it starts, so everyone who launches Boundary manually inside the workspace picks up the same configuration without extra flags. This is especially convenient for managing extensive allow lists in version control.
+
+- `boundary_version` defines what version of Boundary is being applied. This is set to `v0.2.0`, which points to the v0.2.0 release tag of `coder/boundary`.
 - `boundary_log_dir` is the directory where log files are written to when the workspace spins up.
 - `boundary_log_level` defines the verbosity at which requests are logged. Boundary uses the following verbosity levels:
   - `WARN`: logs only requests that have been blocked by Boundary
   - `INFO`: logs all requests at a high level
   - `DEBUG`: logs all requests in detail
-- `boundary_additional_allowed_urls`: defines the URLs that the agent can access, in additional to the default URLs required for the agent to work
-  - `github.com` means only the specific domain is allowed
-  - `*.github.com` means only the subdomains are allowed - the specific domain is excluded
-  - `*github.com` means both the specific domain and all subdomains are allowed
-  - You can also also filter on methods, hostnames, and paths - for example, `GET,HEAD *github.com/coder`.
+- `boundary_additional_allowed_urls`: defines the URLs that the agent can access, in addition to the default URLs required for the agent to work. Rules use the format `"key=value [key=value ...]"`:
+  - `domain=github.com` - allows the domain and all its subdomains
+  - `domain=*.github.com` - allows only subdomains (the specific domain is excluded)
+  - `method=GET,HEAD domain=api.github.com` - allows specific HTTP methods for a domain
+  - `method=POST domain=api.example.com path=/users,/posts` - allows specific methods, domain, and paths
+  - `path=/api/v1/*,/api/v2/*` - allows specific URL paths
 
 You can also run Agent Boundaries directly in your workspace and configure it per template. You can do so by installing the [binary](https://github.com/coder/boundary) into the workspace image or at start-up. You can do so with the following command: