Network Policy
Network policies define allowed connections in transparent mode. The proxy intercepts all network traffic via iptables DNAT and enforces these rules.
Schema
network:
outbound:
- name: string
domains: [string] # glob patterns
ports: [integer]
protocol: tcp|udp
rate_limit:
requests_per_minute: integer
burst: integer
taint_labels: [string]
inbound:
- name: string
container_port: integer
host_port: integer
allowed_sources: [string] # CIDR notation
dns:
mode: allowlist|passthrough
additional_domains: [string]
runtime:
runtime_type: node|binary|container
entrypoint: string
env: {key: value}
volumes:
- name: string
mount_path: string
size_limit_mib: integer
Sections
outbound
Rules for outgoing connections.
| Field | Description |
|---|---|
name | Rule identifier |
domains | Allowed domain patterns. * matches subdomains. |
ports | Allowed destination ports |
protocol | tcp or udp |
rate_limit | Connection rate limit |
taint_labels | Labels for data from these connections |
inbound
Rules for incoming connections (optional).
| Field | Description |
|---|---|
name | Rule identifier |
container_port | Port inside the sandbox |
host_port | Port exposed on host |
allowed_sources | CIDR ranges allowed to connect |
dns
DNS resolution policy.
| Field | Description |
|---|---|
mode | allowlist only resolves domains in outbound rules; passthrough allows all DNS |
additional_domains | Extra domains to resolve in allowlist mode |
runtime
Agent execution configuration.
| Field | Description |
|---|---|
runtime_type | node, binary, or container |
entrypoint | Command to run |
env | Environment variables |
volumes | Mounted volumes with size limits |
Example
network:
outbound:
- name: openai
domains: ["api.openai.com"]
ports: [443]
protocol: tcp
rate_limit:
requests_per_minute: 100
- name: slack
domains: ["*.slack.com"]
ports: [443]
protocol: tcp
dns:
mode: allowlist
runtime:
runtime_type: node
entrypoint: "node /app/bot.js"
env:
NODE_ENV: production
volumes:
- name: data
mount_path: /data
size_limit_mib: 256