> For the complete documentation index, see [llms.txt](https://docs.gomboc.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.gomboc.ai/orl/publish.md).

# Publish

ORL rules can be published to the Rules Service, categorized, and served via channels.

## Channels

Channels are pre-canned search [queries](/orl/publish/query-language.md) that return a set of rules. The Gomboc service uses channels for everything from policy sets to exception handling.

## Classification

Classifications are a hierarchical list of categories that can contain rules. They can be children of other classifications. Gomboc uses them for policies as well as security framework mapping.

## Rules

Rules in the rules service are just JSON documents with JSON metadata. ORL will only push and pull JSON documents of a type it understands.

### Rule Classifications

When pushing rules to the Rules Service the `metadata.classifications` field is used to associate rules with classifications. You can associate rules with any classifications including gomboc managed ones.

```yaml
type: Rule
version: v1
metadata:
  name: my-rule
  classifications:
    - my/aws/no/dns/ips
    - gomboc-ai/prismacloud/CKV2_AWS_23
    - gomboc-ai/policy/surface_area
```

This will create a rule associated with an internal policy `my/aws/no/dns/ips`, the Checkov rule `CKV2_AWS_23`, as well as the "Surface Area" Policy.

### Publishing Rules (push)

Pushing rules will affect scans. So it is important that they are well [tested](/orl/concepts/tests.md) locally before being pushed.

When ready, put all the files (or sym-links to the files) in a single directory and then run `orl rules push <path>` to upsert the files to the rules service.

The following ENVs are needed:

* `RULE_SERVICE_URL`: The rule service URL to use (should be `https://rules.app.gomboc.ai`)
* `RULE_SERVICE_TOKEN`: The API token

### Caching Rules (pull)

Pulling rules requires a channel or a [query string](/orl/publish/query-language.md), as well as the same ENV variables for pushing rules. All the downloaded rules will be written as `*.orl` files locally to be used in a later `orl remediate` step.

* Via direct search `orl rules pull --search '(contains "my/aws" $.name)`
* Via a channel `orl rules pull --channel 'my-aws'`

## Example CI Workflows

* [Github](/orl/publish/github-workflow.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.gomboc.ai/orl/publish.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.