Skip to content

Egress

fleet egress observes what each app’s containers are talking to. v1 is observe-only — it never blocks packets, so there is zero risk of breaking apps. A future phase adds an explicit enforce mode (default-deny via nftables) gated behind a manual operator promotion after a clean shadow window.

The snapshot uses nsenter to run ss -tnH inside each container’s network namespace, so it sees real container egress (not just host-side NAT’d flows). Remote IPs are reverse-resolved to hostnames best-effort. RFC1918 (private) destinations don’t count as violations.


fleet egress observe

Take a snapshot of current outbound flows for one app. Lists each unique destination and flags those not on the allowlist.

Usage

Terminal window
fleet egress observe <app> [--json]

Example

Egress snapshot: poolside
Taken: 2026-04-25T16:13:36Z
Distinct remote endpoints: 3
CONTAINER REMOTE STATUS
poolside api.stripe.com:443 allowed
poolside api.bookwhen.com:443 allowed
poolside sentry.io:443 not in allowlist

fleet egress show

Print the configured allowlist + observation mode for one app.

Usage

Terminal window
fleet egress show <app>

fleet egress allow

Add a host (or host:port, *.host, *.host:port, IP, IP:port) to the app’s allowlist.

Usage

Terminal window
fleet egress allow <app> <pattern>

Allowlist forms

PatternMatches
api.stripe.comexact host, any port
api.stripe.com:443exact host, exact port
api.stripe.com:*exact host, glob port
*.stripe.comany subdomain (or apex) of stripe.com, any port
*.stripe.com:443any subdomain (or apex) of stripe.com, exact port
8.8.8.8exact IP, any port (PTR-spoof-proof)
8.8.8.8:443exact IP, exact port (PTR-spoof-proof)

Schema

Per-app config in data/registry.json:

{
"egress": {
"mode": "observe",
"allow": ["api.stripe.com:443", "smtp.gmail.com:587", "*.cloudflare.com"]
}
}

MCP tool

fleet_egress_snapshot(app) returns { takenAt, uniqueRemotes, violations, flowCount } — token-conservative summary suitable for an AI agent’s first pass. Full per-flow detail is available via the CLI.