Networking
Endor services run in isolated sandboxes by default, preventing access to public networks. Enable network access when you need to install packages, clone repositories, or connect to external services.
Security by Default
All Endor services are isolated from public networks to ensure:
- Safe execution: No unintended external connections
- Reproducible environments: Consistent behavior across runs
- Resource protection: Prevents unauthorized network access
Enable Network Access
Allow Public Network Access
- 1
Start any service with the
--allow-netflag:Terminal window endor run alpine --allow-net - 2
Verify network access is enabled in the output:
🚀 EndorLaunching the Alpine environment✅ Mission ready✅ Connection established • Ready in 2.6s╭──────────────────────────────────────────────────────────────────────────╮│ Alpine Connection Details ││ ││ Host: 127.0.0.1 ││ Ports: ││ - 2222 (host) <-> 2222 (guest) ││ Public network access: allowed │╰──────────────────────────────────────────────────────────────────────────╯ - 3
Test network connectivity from within the service:
Terminal window # Inside the containercurl -I https://google.com
Common Use Cases
Enable network access when you need to:
- Install packages: Download dependencies or tools
- Clone repositories: Access Git repositories
- Fetch data: Download files or connect to APIs
AI Agent Integration
When using Endor with AI agents through MCP, services remain isolated by default. Enable network access for AI-managed services by configuring the --allow-net flag in your MCP client settings.
See our MCP integration guides for specific setup instructions:
Learn more about MCP integration and how AI agents can manage your development environments.