Proxy Modes

Sylo supports two ways to route agent traffic through the gateway.

Tunnel mode (bypass-proof)

Uses iptables to redirect all outbound TCP through the tunnel client. The agent cannot bypass it without root access.

Agent → iptables REDIRECT → tunnel client → TLS → gateway → mitmproxy → API

Setup:

Install at template build time:

curl -fsSL https://sylo.runplex.dev/install | sudo bash

Activate at runtime (after receiving the session token):

sudo -E bash /etc/sylo/init.sh

Use sandboxEnv() in the SDK:

const env = sylo.sandboxEnv(session);
// { SYLO_TOKEN, SYLO_GATEWAY, SYLO_GATEWAY_API, NODE_EXTRA_CA_CERTS, ... }

Best for: E2B, Docker, any environment with iptables support.

Proxy mode (no iptables)

Sets HTTPS_PROXY so HTTP clients route through Sylo automatically. No installation needed.

Agent → HTTPS_PROXY → gateway → mitmproxy → API

Setup:

Use proxyEnv() in the SDK:

const env = sylo.proxyEnv(session);
// { HTTPS_PROXY, HTTP_PROXY, SYLO_TOKEN, NODE_EXTRA_CA_CERTS, ... }

Best for: Modal, gVisor, environments without NET_ADMIN capability.

Caveat: The agent could unset HTTPS_PROXY to bypass the proxy. Combine with CIDR restrictions on the sandbox network to prevent direct outbound access.

Comparison

	Tunnel mode	Proxy mode
Install step	`curl \| sudo bash` at build time	None
SDK method	`sandboxEnv()`	`proxyEnv()`
Requires	iptables / NET_ADMIN	Nothing
Bypass-proof	Yes	No (needs CIDR restriction)
Works on	E2B, Docker	Modal, any container

CA certificate trust

Both modes require the sandbox to trust Sylo’s mitmproxy CA certificate for HTTPS interception. The SDK automatically sets:

NODE_EXTRA_CA_CERTS=/etc/sylo/ca.crt    # Node.js
SSL_CERT_FILE=/etc/sylo/ca.crt          # Python, curl
REQUESTS_CA_BUNDLE=/etc/sylo/ca.crt     # Python requests

In tunnel mode, init.sh downloads the CA cert from the gateway and installs it. In proxy mode, your template needs to download it manually or include it at build time.