Skip to main content
The Rules page allows you to enable and disable governance policies that control how agents can behave. These rules are enforced automatically by the ContextFort extension.

Overview

Governance rules:
  • Control agent actions like navigation and output
  • Are enforced automatically by background scripts and content scripts
  • Can be toggled on/off with a simple switch
  • Log instances when they block actions (see Instances page)
Rules are disabled by default. Enable the ones you need for your security policies.

Rules Summary

The summary card shows:
  • X / Y: Number of enabled rules out of total available
  • Total Rules badge: Total number of governance rules

Available Rules

ContextFort currently provides two governance rules:

Disallow URLs with Query Parameters

Rule ID: disallow_query_params Description: Prevents the agent from opening any URLs that contain query parameters (e.g., ?param=value). This protects against potential data leakage through URL parameters and ensures agents only visit clean, parameterless URLs. Use case:
  • Prevent agents from accessing URLs with sensitive data in parameters
  • Ensure clean, bookmark-able URLs
  • Avoid tracking parameters
Example blocked URLs:
  • https://example.com/page?token=secret123
  • https://example.com/search?q=sensitive+query
  • https://example.com/page?user_id=12345
Example allowed URLs:
  • https://example.com/page
  • https://example.com/search
  • https://example.com/docs/guide
This rule uses Chrome’s declarativeNetRequest API to block navigation before it happens.

Disallow Printing Clickable URLs in Sidechat

Rule ID: disallow_clickable_urls Description: Prevents the agent from printing any clickable URLs in the Claude sidechat interface. This ensures that sensitive or internal URLs cannot be accidentally exposed or shared through the chat interface. Use case:
  • Prevent internal URLs from appearing in chat logs
  • Avoid exposing sensitive endpoints
  • Keep chat output clean and secure
How it works:
  • Content scripts monitor the Claude sidechat
  • Clickable URLs (links) are removed or replaced with plain text
  • Non-clickable URL text may still appear
This rule only affects the sidechat display. It doesn’t prevent the agent from navigating to URLs.

Enabling/Disabling Rules

1

Locate the rule

Find the rule in the table. Rules are listed with full descriptions.
2

Toggle the switch

Click the switch in the Enabled column.
  • On (green): Rule is active and enforced
  • Off (gray): Rule is inactive
3

Changes apply immediately

The rule state is saved to Chrome storage and sent to the background script.
4

Verify status

The Status column shows:
  • Green “Active” badge when enabled
  • Gray “Inactive” badge when disabled

Rules Table

The table displays all available governance rules.

Table Columns

ColumnDescription
Rule NameName and detailed description of the rule
StatusCurrent state (Active/Inactive badge)
EnabledToggle switch to enable/disable
The description column wraps text and can be quite detailed. Scroll horizontally if needed.

Rule Enforcement

When a rule is enabled:
  1. The rule configuration is saved to chrome.storage.local (key: governanceRules)
  2. A message is sent to the background script: 
    chrome.runtime.sendMessage({
  type: 'RELOAD_GOVERNANCE_RULES',
  rules: { disallow_query_params: true, ... }
})
  3. The background script updates its internal state
  4. For DNR-based rules, declarativeNetRequest rules are updated
  5. The rule is enforced on all future actions
Changes take effect immediately. No page refresh or extension reload required.

Rule Instances

Every time a rule blocks an action, an instance is logged to Chrome storage:
  • Instance ID: Unique identifier
  • Rule ID: Which rule was triggered
  • Timestamp: When it happened
  • Details: What was blocked
  • Session ID: Associated session (if any)
View instances on the Instances page.

Empty States

No Rules Configured

If you see this message:
  • The rules list failed to load
  • There was an error reading from storage
  • The extension is not properly initialized
This is unusual. Try refreshing the page or reloading the extension.

Refreshing Data

Click the Refresh button to reload rules from Chrome storage:
  • Rule configurations are re-read from storage
  • Toggle states are updated
  • The summary is recalculated

Use Cases

Strict URL Control

Enable disallow_query_params to:
  • Prevent agents from accessing tracking URLs
  • Ensure clean URLs in session logs
  • Block potential data leakage via parameters

Chat Security

Enable disallow_clickable_urls to:
  • Keep internal URLs out of chat logs
  • Prevent accidental URL sharing
  • Maintain clean chat output

Compliance Policies

Combine rules to enforce organizational policies:
  • No query parameters (data privacy)
  • No clickable URLs (information security)
  • Review instances for audit trails

Best Practices

1

Start with strict rules

Enable all rules by default, then selectively disable if they interfere with legitimate use cases.
2

Monitor instances

Check the Instances page regularly to see how often rules are triggered.
3

Document rule decisions

Keep notes on why certain rules are enabled/disabled for your use case.
4

Test rule impact

When enabling a new rule, test with a sample agent task to ensure it doesn’t break functionality.

Technical Details

The Rules page:
  • Loads from chrome.storage.local (key: governanceRules)
  • Stores rules as an object: { rule_id: boolean }
  • Default state is false (disabled) for all rules
  • Sends RELOAD_GOVERNANCE_RULES message on toggle
  • Background script updates DNR rules for navigation-based policies
  • Content scripts monitor for sidechat-based policies

Future Rules

ContextFort may add additional governance rules in future versions:
  • Disallow file downloads
  • Restrict specific HTTP methods
  • Block access to local network addresses
  • Limit request rate or frequency
  • Enforce specific user agents
Check the Rules page after updates to see new options.

Next Steps

View Instances

See when rules were enforced and what they blocked

Manage Domains

Configure domain-level access controls

Build docs developers (and LLMs) love

Get started for freeTalk to us