InfracodebaseInfracodebase

Rulesets

Rulesets are how you make the agent's non-deterministic behavior controllable. A ruleset is a collection of rules organized around a specific concern, written in plain language, that the agent must follow when generating code and responding to conversations. For example, a "Terraform Configuration Guidelines" ruleset might contain rules about module sourcing, naming conventions, state management, and variable structure.

Each ruleset groups related rules together so they can be managed and toggled as a unit. Rulesets work at three levels.

  • Enterprise for org-wide standards that apply across all workspaces
  • Workspace for project-specific rules within a particular workspace
  • User for personal preferences that customize behavior within the boundaries set above

Creating a ruleset

The New Ruleset button is the entry point. Two paths:

With AI (recommended). Click New Ruleset to open the chat panel directly, or open the dropdown next to it and choose Use agent. Either way you land in a conversation where you can create, update, and organize rulesets. The agent accepts URLs (and can deep crawl linked documentation), uploaded folders, and individual files of various types. It analyzes your content, identifies IaC-checkable rules, compares against your existing rulesets, and creates new rulesets for you.

From scratch. Open the dropdown next to New Ruleset and choose Start blank to go to a form where you provide a name, a description of what the ruleset covers, and add individual rules written in plain language.

Once approved, rulesets need to be enabled and added to the workspaces where they apply before they are included in compliance evaluations.

Editing a ruleset or rule

Open any active ruleset or rule and click Edit Ruleset / Edit Rule to switch into edit mode. Make your changes, then choose:

  • Cancel to discard your edits.
  • Request Review stages your edit as a pending review item that someone with approval permissions can approve.
  • Save applies the change directly to the live ruleset or rule. This option only appears if you have approval permission.

Both action buttons stay disabled until the form actually differs from what's currently live.

Reviewing and approving changes

When the AI agent creates or modifies rulesets, the changes go through a review process before going live.

After the agent finishes, the panel shows up to three actions depending on your permissions:

  • Discard drops the proposed plan and closes the panel.
  • Request Review stages the changes for someone with approval permissions to review. The changes appear in the Pending Review tab on the rulesets page.
  • Approve applies the changes immediately to your live rulesets. This appears only if you have approval permission. It is hidden when the plan touches a ruleset or rule that is already in Pending Review — in that case you have to go through the existing review.

If you reopen the chat in a scope where you have an unfinished plan, a banner offers Resume (load the prior plan into the card so you can keep editing) or Discard (drop just that plan).

Pending Review tab

The Pending Review tab shows all staged changes waiting for approval. Click Review on any item to open the review page where you can:

  • Review each rule's title and content
  • Edit rules before approving (pencil icon)
  • Remove individual rules you don't want (trash icon)
  • Approve All or Reject All from the header

After you approve or reject, you stay on the Pending Review tab if there are more items in the queue; once the queue empties, you land back on Active.

Changes only go live after explicit approval.

Enterprise rulesets

Enterprise rulesets let you set standards across your entire organization. When you create an enterprise ruleset, you control two things.

  • Enabled determines whether the ruleset is published and available to workspaces
  • Required determines whether workspaces can opt out

A ruleset that is both enabled and required is locked on for every workspace in the organization. No one can disable it. This is how you guarantee that all of your teams follow the same standards regardless of what they're working on.

A ruleset that is enabled but not required gives workspaces the flexibility to toggle it on or off based on their needs. This makes your enterprise rules more scalable. Instead of forcing every standard on every team, you can publish a library of rulesets that workspaces adopt when relevant.

Workspace rulesets

Workspace rulesets are rules that apply only within a specific workspace. They let you add project-specific standards on top of whatever enterprise rulesets are already active. For example, a workspace for a payments service might have rulesets about naming conventions, deployment patterns, or compliance requirements that are unique to that project.

In addition to creating workspace-specific rulesets, you can also enable optional enterprise rulesets for the workspace. If an enterprise administrator has published a ruleset but not marked it as required, you can toggle it on from the workspace settings to apply it to your project.

User rulesets

User rulesets are personal preferences that apply across all of your workspaces. They let you customize how the agent works for you individually.

Hierarchy

All active rulesets from all three levels are combined and used by the agent. When there is a conflict between levels, the agent follows this precedence.

  1. Enterprise rulesets always take priority
  2. Workspace rulesets apply unless they conflict with an enterprise ruleset
  3. User rulesets apply unless they conflict with an enterprise or workspace ruleset

This hierarchy means enterprise administrators can set guardrails with confidence. Required enterprise rulesets are guaranteed to be followed. Workspace and user rulesets can add specificity and personalization, but they cannot override organizational standards.

Best practices

  • Be specific. "Use t3.medium as the default EC2 instance type" beats "Use appropriate instance sizes"
  • Keep them focused. One ruleset per concern makes them easier to manage and toggle
  • Use plain language. Write rules as clear instructions, not code
  • Use required sparingly. Reserve it for true organizational standards. Make everything else optional so workspaces can adopt what's relevant to them
  • Use tags. Add tags like cloud:aws or scope:resource to organize rulesets. The AI agent reuses existing tag patterns when creating new rulesets.
Enterprise Configuration
Workflows
Enterprise Configuration
Templates