Creating a Custom Rule
Navigate to Rules Engine > Guard and switch to the Custom tab. Click Create Rule. The wizard walks you through three steps:Step 1: Choose a Type
Select what kind of content the rule should evaluate:| Type | Evaluates |
|---|---|
| Command | Shell commands the agent attempts to execute |
| Secret | Content that may contain credentials or sensitive data |
| Injection | Input that may be attempting to manipulate agent behavior |
Step 2: Define the Pattern
Write a regex pattern that matches the content you want to catch. Examples:| Pattern | What It Catches |
|---|---|
internal-api\.company\.com | References to internal API endpoints |
COMPANY_SECRET_\w+ | Company-specific secret key patterns |
kubectl.*--namespace=production | kubectl commands targeting production |
git push.*--force.*main | Force pushes to main branch |
Step 3: Configure Behavior
Set how Turen should respond when the pattern matches:| Field | Description |
|---|---|
| Severity | Critical, High, Medium, or Low |
| Message | Custom message shown when the rule triggers |
| Allow Override | Whether developers can override the block |
| Category | Organizational category for the rule |
| Description | Detailed description of what the rule catches |
Examples
Block Production Database Access
Prevent agents from connecting to production databases:- Type: Command
- Pattern:
psql.*prod-db|mysql.*production|mongosh.*prod - Severity: Critical
Flag Internal URL References
Catch when agents reference internal services:- Type: Secret
- Pattern:
https?://[a-z]+\.internal\.company\.com - Severity: Low
Block Deployment Commands
Prevent agents from deploying directly:- Type: Command
- Pattern:
(terraform apply|helm install|kubectl apply).*--auto-approve - Severity: High
Managing Custom Rules
From Rules Engine > Guard > Custom tab, you can:- Disable a rule without deleting it
- Delete a rule permanently