The Agent Bridge is optional and must be explicitly enabled. New installs should keep:
agent:
enabled: falseEnable it only on servers that need network features.
Use a strong shared secret in both PMMP config.yml and Agent config/agent.toml.
Never paste the real secret into logs, docs, bug reports or screenshots. Rotate it if it was exposed.
The Bridge readiness report warns when the secret is empty or still using a default/dev value.
Remote command dispatch is powerful and should be treated as admin automation, not normal gameplay logic.
Recommended production posture:
agent:
commands:
enabled: true
advanced: false
debug: falseKeep command dispatch protected with allowlists/blocklists and prefer API-level features for gameplay state.
RPC responders should stay allowlisted. Do not expose a generic method that can execute arbitrary plugin code.
Compute services are intentionally closed:
PHP validates AgentComputeMethods
Agent Go validates [compute].allowed_methods
Agent Go never executes arbitrary code from payloads
payload size is limited by max_payload_bytes
timeouts are boundedDo not add custom free-form compute method strings to plugin code. Add a named constant and a built-in Agent implementation instead.
The Agent Go console is local operator tooling. Avoid printing secrets or complete sensitive payloads by default.
If the Agent is exposed outside a private network, use firewall rules and a strong secret. Prefer private/VPN/internal networking for production.