Skip to main content
Network policy controls outbound access for agent runs.

Where to configure it

Settings > Container & Network

Available policies

  • LLM providers only
  • Allowlist
  • Full access

Important behavior

  • Network policy controls apply to containerized workspaces.
  • Allowlist editing is active when policy is set to Allowlist.
  • Allowlist entries are one per line.

Practical default policy

For most teams:
  1. Start with LLM providers only.
  2. Move to Allowlist when specific hosts are required.
  3. Use Full access only when the task truly needs it.

Allowlist tips

  • Keep hostnames minimal and explicit.
  • Remove temporary entries after one-off tasks.
  • Track policy exceptions in team docs.