Moltis is a Rust-based self-hosted agent runtime with sandboxed execution via Docker or Podman, MCP integration support, and a no-telemetry posture. Harden network exposure, sandbox isolation, and tool/server permissions before production use.
- Bind the application to localhost or a private interface by default.
- Front external access with an authenticated reverse proxy and HTTPS.
- Do not expose admin, debug, or internal tool-control endpoints publicly.
- Apply request limits and logging on reverse proxy routes.
¶ 2) Harden Docker/Podman sandboxing
- Run agent tasks in least-privilege Docker/Podman containers.
- Restrict bind mounts to the minimum required paths.
- Avoid privileged containers unless explicitly required and reviewed.
- Pin sandbox base images and patch them regularly.
¶ 3) Control LLM and MCP integrations
- Review MCP server permissions and network reachability before enabling them.
- Use separate credentials for each provider and integration where possible.
- Apply allowlists and approval gates for high-impact tools/actions.
- Log agent actions, tool invocations, and failures for auditability.
- Moltis source repository: https://github.com/moltis-org/moltis
- Podman docs: https://podman.io/docs
- Docker docs: https://docs.docker.com/
Any questions?
Feel free to contact us. Find all contact information on our contact page.