ifURI docs

Security and policy

urirun is default-deny: a route only runs if an explicit policy allows it. This page is where execution restrictions live, how to read them in real time, and how to manage them.

> Note on assistant guardrails. If you drive a node through an AI assistant, the > assistant keeps its own safety rules (it will not type passwords, enter payment > details, etc.). Those are the assistant's operating rules, not a urirun setting — > they are not configured here and cannot be toggled off. This page covers urirun's > own execution policy, which *is* configurable.

Where restrictions are set

restrictionwhere you set it
Which URIs may executeurirun node serve --allow '<glob>' (repeatable) — the node's allow-list. Without a match a call is denied (no allow rule matched (default deny)).
Allow for pushed routesurirun host deploy <node> --allow '<glob>' — the policy for a deployed surface.
Programmatic policyurirun.policy(allow=[...], deny=[...], secret_allow=[...], policy_file=...) → pass as policy= to urirun.run(...).
Per-route gatea binding's policy.allowExecute: true lets that one route run without a glob.
Who may call /runurirun node serve --require-run-auth/run and /events require an admin token or an enrolled SSH key (403 otherwise).
Node admin (deploy / node://)--key-auth (enrolled ~/.ssh/id_ed25519, authorized_keys) or --admin-token; /deploy and node:// are always admin-gated.
Secretssecret:// / getv:// are execute-only and deny-by-default; widen with secret_allow globs.
Surface integrityhost deploy --merge (add, don't replace) and the registry etag (a hot-swap is detectable, see host & node).

Globs match the URI: env://* allows any env route, browser://laptop/ any browser route on laptop, everything (don't, on an open /run).

Read the restrictions in real time

``bash curl -s http://node:8765/health | jq .policy # { "allow": ["env://*","proc://*"], "requireRunAuth": false, "allowSecrets": false } ``

``json { "uri": "shell://laptop/command/rm", "ok": false, "decision": { "allowed": false, "reason": "no allow rule matched (default deny)" } } ``

Manage it

Related