Network boundary
How Scrydon limits the network — egress policy, ingress termination, and the cluster perimeter.
Scrydon's network model is shaped by one principle: the customer cluster is the trust boundary. Everything inside it is enforced by mTLS and capability checks; everything outside is treated as untrusted.
Inbound
Inbound traffic terminates at Traefik. Three classes of routes:
| Route class | Authenticated as | Where |
|---|---|---|
| User-facing app | User session (SSO + Better Auth) | Workflow editor, settings, chat, voice |
| Workflow API | API key (workflow-scoped) | POST /api/workflows/{id}/execute |
| Public assets | None | /favicon.ico, /health (liveness/readiness only) |
There are no public endpoints that expose customer data. The /health endpoint returns only platform liveness — it does not leak version, configuration, or tenant data.
See Ingress hardening for the header-stripping and TLS-termination rules.
Outbound
Outbound traffic falls into three buckets:
| Bucket | Required? | Where |
|---|---|---|
| License heartbeat | Yes, for licensed operation | license.scrydon.com — daily POST, 30-day grace window |
| Vendor calls | Opt-in per integration | The endpoints declared by installed integrations (OpenAI, Microsoft Graph, etc.) |
| Copilot Backend | Required only if Copilot is used | copilot.scrydon.com — orchestration for the in-editor assistant |
Nothing else leaves the cluster. No telemetry, no error reporting to Scrydon, no anonymous analytics. If your security policy requires a tightly scoped egress allowlist, the three endpoints above plus whatever installed integrations call are the entire list.
Air-gapped mode
In true air-gapped deployments, you can:
- Operate offline-only: skip the license heartbeat. Operations continue under your contractual licence; phone-home is disabled.
- Skip Copilot: the in-editor assistant becomes unavailable. The rest of the platform is unaffected.
- Lock vendor integrations to self-hosted providers only. No outbound vendor calls happen.
See Deployment → Air-gapped for the full procedure.
Egress allowlist
For non-air-gapped deployments, the recommended egress policy is:
ALLOW license.scrydon.com:443 # required
ALLOW copilot.scrydon.com:443 # optional (Copilot)
ALLOW <endpoints declared by installed integrations>
DENY * # everything elseThe platform never makes outbound calls to anything not in that list. The list is auditable from Settings → Platform → Integrations (each installed integration lists its declared egress endpoints).
A vendor's declared egress endpoints are part of the integration manifest, validated at install time, and rejected if they would expand the egress surface beyond the org's configured allowlist.
Per-tool SSRF protection
Web-fetch and tool-driven outbound calls are subject to a runtime SSRF check:
- RFC 1918 (private) addresses are denied.
- Link-local (
169.254.0.0/16) is denied. - IPv6 unique-local (
fc00::/7) is denied. - Loopback is denied.
- Cluster-internal hostnames (
*.svc.cluster.local) are denied.
This applies to the built-in fetch-webpage tool, the API block, and any vendor tool that performs an outbound fetch on user-controlled input. Integration authors cannot bypass this check; the platform enforces it on every dispatch.
Related
- Ingress hardening — the inbound side of the boundary.
- SPIFFE / mTLS — internal mesh authentication.
- Deployment → Air-gapped — full disconnect mode.