> ## Documentation Index
> Fetch the complete documentation index at: https://docs.noxus.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Outbound Connectivity

> What Noxus connects out to — models, integrations, storage, control plane — and how to run with minimal egress

Most of Noxus's "intelligence" lives behind outbound calls. In a locked-down
network, egress rules are what determine which features work. This page explains
the categories and the impact of restricting each; the
[Endpoint reference](/deployment/networking/endpoint-reference) lists the
concrete hosts and ports to allowlist.

## Categories of egress

```mermaid theme={null}
flowchart LR
  WRK[Workers / Backend] --> M[Model providers]
  WRK --> I[Integration & OAuth APIs]
  WRK --> S[Object storage]
  WRK --> NCS[Noxus Control Service]
  WRK --> T[Telemetry - optional]
  WRK --> WT[Web search / scrape tools]
  WRK --> CB[Your callback / webhook URLs]
```

### Model providers

Every LLM, embedding, and reranker call is outbound to the provider's API. If
egress to a provider is blocked, **models from that provider fail** and any
node/agent relying on them errors out (fallback models from a reachable provider
still work). You must be able to reach **at least one** model provider, or
self-host one (see [minimal egress](#running-with-minimal-egress)).

Cloud provider models (Vertex AI, Azure OpenAI, AWS Bedrock) also require egress
to that cloud's auth/metadata endpoints, not just the inference endpoint.

### Integrations & OAuth

Two distinct outbound flows:

* **Token exchange & refresh** — after a user authorizes an integration, the
  backend calls the provider's **token endpoint** (outbound) to exchange the
  code and later refresh it.
* **API calls** — running an integration node calls the provider's API
  (e.g. Google Drive, Microsoft Graph, Slack, Notion). Blocked egress to a
  provider disables that integration's nodes and any agent tools that use it.

By default, OAuth for managed providers is **brokered by the Noxus Control
Service** (NCS) — the secrets stay with NCS and the platform claims short-lived
tokens. If you block NCS egress, use **direct OAuth apps** (your own client
id/secret per provider) or static credentials instead.

### Object storage

Files, run IO, and knowledge-base content live in object storage (Google Cloud
Storage or S3-compatible). This egress is **required** unless you run an
in-network S3-compatible store (e.g. MinIO) and point storage at it. Blocking it
breaks uploads, file nodes, and KB ingestion.

### Noxus Control Service (NCS)

NCS is Noxus's optional control plane. Self-hosted deployments use it for:

* **OAuth brokering** for managed integration providers.
* **Search / scrape relay** for the built-in web tools.
* **On-prem checkin & auto-upgrade** — the worker runs an **outbound** checkin
  (no inbound needed) that lets Noxus push compose/image updates.

NCS is **outbound-only** and **optional**. Without egress to it:

* Auto-upgrade is disabled (upgrade manually instead).
* NCS-brokered OAuth and the relayed search/scrape tools are unavailable —
  switch to direct OAuth apps and provider-native search keys.
* **The platform otherwise runs normally.**

### Telemetry (optional — disable for air-gap)

Error tracking (Sentry), product analytics (Mixpanel), and OpenTelemetry export
are all outbound and **optional**. Leave their config unset and no telemetry
egress occurs. For OTel, point the exporter at an **in-network** collector.

### Web tools

The web-search and web-scrape tools call external services (a search API and a
scraping API), typically via the NCS relay. Blocked egress disables those agent
tools and any flow nodes that use them.

### Outbound webhooks (run callbacks & relays)

When you pass a `callback_url` on a run, Noxus **POSTs the result outbound** to
that URL on completion. This is the recommended pattern when you can't accept
inbound — you receive results without exposing anything. The target must be in
your **egress** allowlist (and able to receive the call). Channel reply delivery
(Slack/Teams/etc. responses) is likewise outbound to the provider.

## Impact summary

| Egress blocked              | Impact                                                                               |
| --------------------------- | ------------------------------------------------------------------------------------ |
| A specific model provider   | That provider's models fail; reachable fallbacks still serve requests                |
| **All** model providers     | No LLM/embedding calls — agents and AI nodes can't run. Self-host a model to recover |
| A specific integration host | That integration's nodes/tools fail; others unaffected                               |
| Object storage              | File uploads, file nodes, and KB ingestion break                                     |
| NCS                         | No auto-upgrade, no NCS-brokered OAuth/web tools; core platform fine                 |
| Telemetry hosts             | None functional — telemetry is best-effort and optional                              |
| Your callback host          | Run callback webhooks are not delivered (run still completes)                        |

## Running with minimal egress

To operate in a tightly restricted or air-gapped network:

<Steps>
  <Step title="Point models at an in-network endpoint">
    Use an OpenAI-compatible server inside your network (e.g. vLLM, Ollama, or a
    private Azure OpenAI). Configure the provider `base_url` to that host so no
    public model egress is needed.
  </Step>

  <Step title="Use direct OAuth apps or static credentials">
    Register your own OAuth applications per provider (your client id/secret) so
    token exchange goes straight to the provider, bypassing NCS. For providers
    that support static API tokens, enter those directly.
  </Step>

  <Step title="Run an in-network object store">
    Point storage at an S3-compatible endpoint (e.g. MinIO) reachable inside your
    network.
  </Step>

  <Step title="Disable telemetry">
    Leave the Sentry DSN, Mixpanel token, and OTel exporter endpoint unset (or
    set OTel to an internal collector).
  </Step>

  <Step title="Drop NCS, upgrade manually">
    Skip NCS egress entirely. Upgrade the deployment by replacing image tags /
    compose files yourself.
  </Step>

  <Step title="Allowlist only what remains">
    With the above, your required egress shrinks to your in-network endpoints
    plus whatever specific external integrations you deliberately keep. Verify
    against the [Endpoint reference](/deployment/networking/endpoint-reference).
  </Step>
</Steps>

<Note>
  Web search/scrape, hosted-model providers, and managed-OAuth providers are the
  features most affected by an air-gap. Plan around in-network models and direct
  credentials, and the rest of the platform — flows, agents over your own
  models, knowledge bases, the editor — runs without public egress.
</Note>
