> ## Documentation Index
> Fetch the complete documentation index at: https://docs.turen.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Custom Rules

> Create organization-specific agent security rules

In addition to the 96 built-in rules, you can create custom rules that match your organization's specific security requirements. Custom rules are evaluated alongside built-in rules and enforce patterns unique to your environment.

## Creating a Custom Rule

Navigate to **Agentic Security > Agent Security** (`/security/prompt`) and select the **Custom** tab. Click **Add Rule** to open the Create Rule Wizard.

The wizard walks you through three steps:

### Step 1: Choose a Type

Select what kind of content the rule should evaluate:

| Type          | Evaluates                                                 | Default Hooks                 |
| ------------- | --------------------------------------------------------- | ----------------------------- |
| **Command**   | Shell commands the agent attempts to execute              | PreToolUse                    |
| **Secret**    | Content that may contain credentials or sensitive data    | PreToolUse, PostToolUse       |
| **Injection** | Input that may be attempting to manipulate agent behavior | UserPromptSubmit, PostToolUse |

### Step 2: Define the Pattern

Give your rule a **name** and write a **regex pattern** that matches the content you want to catch. You can start from a template or write a custom pattern from scratch.

The wizard validates your regex in real time and shows a live preview of the rule on the right sidebar.

**Examples:**

| Pattern                           | What It Catches                       |
| --------------------------------- | ------------------------------------- |
| `internal-api\.company\.com`      | References to internal API endpoints  |
| `COMPANY_SECRET_\w+`              | Company-specific secret key patterns  |
| `kubectl.*--namespace=production` | kubectl commands targeting production |
| `git push.*--force.*main`         | Force pushes to main branch           |

### Step 3: Configure Behavior

Set how Turen should respond when the pattern matches:

| Field              | Description                                   |
| ------------------ | --------------------------------------------- |
| **Severity**       | Critical, High, Medium, or Low                |
| **Message**        | Custom message shown when the rule triggers   |
| **Allow Override** | Whether developers can override the block     |
| **Category**       | Organizational category for the rule          |
| **Description**    | Detailed description of what the rule catches |

## Examples

### Block Production Database Access

Prevent agents from connecting to production databases:

* **Type:** Command
* **Pattern:** `psql.*prod-db|mysql.*production|mongosh.*prod`
* **Severity:** Critical

### Flag Internal URL References

Catch when agents reference internal services:

* **Type:** Secret
* **Pattern:** `https?://[a-z]+\.internal\.company\.com`
* **Severity:** Low

### Block Deployment Commands

Prevent agents from deploying directly:

* **Type:** Command
* **Pattern:** `(terraform apply|helm install|kubectl apply).*--auto-approve`
* **Severity:** High

## Managing Custom Rules

From **Agentic Security > Agent Security > Custom** tab, you can:

* **Toggle** a rule between Active and Disabled by clicking the status badge
* **Delete** a rule permanently using the trash icon
* **Add** new rules at any time

Custom rules are stored separately from built-in rule configuration. Each custom rule displays its type, name, pattern, active hooks, severity, and status in the table.

If both a built-in and custom rule match, the more restrictive action takes precedence.

<Note>
  Custom rules require the **Teams plan**. Solo plan users will see an upgrade prompt when attempting to create custom rules.
</Note>
