# Rules

### What is a Rule?

In Gomboc, a **rule** is the executable unit that:

* **Finds** issues in the Code 
* **Applies** a concrete fix to the code

Rules are implemented in **ORL** and stored in the Gomboc [**Rules Service**](/orl/publish/orl-rule-service-api.md).

#### The data model has three key objects:

1. **Rule**\
   A rule-like object with:
   * `name` - unique internal identifier
   * `shortName` - display name 
   * `annotations` - key/value tags (e.g., provider, framework, risk)
   * `metadata` - extra details (for ORL rules: priority, language, etc.)
   * `body` / `data` - the ORL rule itself (audit + remediation logic)
2. **Classification**\
   Arbitrary groupings of rules (e.g., “Encryption at Rest”)\
   Classifications are how we:
   * Group rules into higher-level concepts (policies & frameworks)
   * Tag rules with framework mappings and other metadata
3. **Channel**\
   A named saved search that returns a set of rules.
   * Example: `<tenant-id>/default`, or `<tenant-id>/ruleset/hardening`
   * Gomboc workspaces/scans refer to channels to decide *which rules to run*

### Publish Rules

Learn here how to [publish custom rules](/orl/publish.md).

### Browsing Rules

The Advanced tab displays the individual rules that make up a policy. This is useful for understanding the granular checks that Gomboc performs.

#### **Rule Information**

Each rule in the Advanced view shows:

<table><thead><tr><th width="213.4296875">Field</th><th>Description</th></tr></thead><tbody><tr><td><strong>Severity</strong></td><td>The severity level of the rule (Low, Medium, High, Critical)</td></tr><tr><td><strong>Risk</strong></td><td>The risk level if the rule is violated</td></tr><tr><td><strong>Rule</strong></td><td>The full rule name and description</td></tr><tr><td><strong>Rule ID</strong></td><td>A unique identifier for the rule (e.g., <code>gomboc-ai/api_key_authentication_for_hashicorp__aws-resources-aws_appsync_graphql_api</code>)</td></tr><tr><td><strong>Provider / Resource</strong></td><td>The infrastructure stack this rule applies to</td></tr></tbody></table>

#### **Expanding Rules**

Click on any rule row to expand it and view:

* **Code Sample**: A fixed code example specific to that rule
* **Resource**: The exact resource type the code applies to

The expandable rows allow you to quickly review multiple rules and their corresponding remediation code.

#### **Example Rule Structure**

<figure><img src="/files/ZpoNK8afjis18gkfq5qG" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.gomboc.ai/policy-management/rules.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.