By default, Codex Network blocks internet access during the agent phase. Setup scripts still run with internet access so you can install dependencies. Enable agent internet access per environment when you need it.
Codex Network provides granular control over how agents connect to the internet. Manage security, prevent data exfiltration, and reduce the risk of prompt injection attacks with configurable access policies.
Internet access is blocked by default. Only enable it for environments that require external connectivity, reducing your attack surface.
Configure internet access independently for each environment. Fine-tune which domains and HTTP methods are allowed.
Guard against agents being tricked into following instructions from untrusted web content, preventing data leaks and unsafe operations.
Enabling agent internet access increases security risk. Understanding these risks is critical to deploying Codex Network agents safely.
To reduce risk, allow only the domains and HTTP methods you need, and review the agent output and work log regularly.
Prompt injection can happen when the agent retrieves and follows instructions from untrusted content (for example, a web page or dependency README). Consider a scenario where you ask Codex Network to fix a GitHub issue:
This example shows how prompt injection can expose sensitive data or lead to unsafe changes. Point Codex Network only to trusted resources and keep internet access as limited as possible.
Agent internet access is configured on a per-environment basis in Codex Network. Choose the level of access that matches your security requirements.
Off: Completely blocks internet access.
On: Allows internet access, which you can restrict with a domain allowlist and allowed HTTP methods.
Choose from preset allowlists or specify custom domains. Options include None (empty), Common dependencies, or All (unrestricted). Add additional domains as needed.
Restrict network requests to GET, HEAD, and OPTIONS for read-only access. POST, PUT, PATCH, DELETE, and other methods are blocked for extra protection.
Start with a known-good list of popular domains for source control, package management, and dependencies. Narrow it down based on your specific needs.
When you select None or Common Dependencies, you can add additional domains to the allowlist. Finding the right domains can take some trial and error. Presets help you start with a known-good list, then narrow it down as needed.
This allowlist includes popular domains for source control, package management, and other dependencies often required for development. We keep it up to date based on feedback and as the tooling ecosystem evolves.