Network & exposing ports
Networking is part of the sandbox contract. Name what the guest can reach, name what ports are exposed, and keep service exposure separate from outbound egress.
Egress policy
Section titled “Egress policy”Use a preset when it matches the workload:
mvmctl up --flake . --network-preset nonemvmctl up --flake . --network-preset registriesmvmctl up --flake . --network-preset devUse explicit allow rules for narrow agent workloads:
mvmctl up --flake . \ --network-allow api.example.com:443 \ --network-allow github.com:443For security-sensitive examples, start from no egress and add only required destinations. For grant review, SDK declarations, and agent-tool policy, see Network egress policy.
Port forwarding
Section titled “Port forwarding”Expose a guest service to the host:
mvmctl up --flake . --name api-dev -p 8080:8080mvmctl forward api-dev -p 3000:3000Use readiness and logs while developing services:
mvmctl wait api-dev --for allmvmctl boot-report api-devmvmctl logs api-dev -fHost control channel
Section titled “Host control channel”Host control does not require SSH. Guest communication uses the mvm control plane and guest protocol where supported. For debugging, prefer:
mvmctl console api-devmvmctl logs api-devmvmctl exec api-dev -- sh -lc 'id && pwd'Security notes
Section titled “Security notes”- Do not expose ports unless the workflow requires it.
- Keep inbound port forwarding and outbound egress policy separate.
- Treat browser automation and agent workflows as high-risk network users.
- Prefer explicit allowlists over broad presets for production-like runs.