Pocket Agent is short-lived, TTL-ticket remote-access tooling. It lets an
operator reach a target machine to perform a bounded task, with a security model
designed so the target never has to open a port or trust an inbound connection.
[!WARNING]
Pocket Agent is not a mobile companion app. The name refers to a small,
on-demand remote-access agent, not a phone client. For the mobile client see
the iOS / mobile bridge plugin.
It runs host-native and talks to the gateway over the
contract.
Facts
Field
Value
Version
0.1.0
Port
8814
Runtime
host-native
What it is
A way to run a bounded action on a remote target without standing infrastructure
on that target. Instead of a daemon listening for inbound commands, the model is
ticket-driven and outbound-only:
An operator issues a ticket — a short-lived (TTL-bounded) grant for a
specific task.
The target runs a signed bootstrap that verifies the ticket.
The target then enters an outbound poll loop, reaching out to fetch work
and report results.
When the ticket’s TTL expires, the access is gone. There is nothing persistent
left listening.
The security model
[!NOTE]
The whole point of Pocket Agent is the security posture, not convenience.
Understand it before deploying:
Short-lived tickets (TTL). Access is time-bounded; an expired ticket
grants nothing.
Signed bootstrap. The target only proceeds after verifying a signed
bootstrap tied to the ticket.
Outbound poll loop only. The target initiates all connections. There is
no inbound socket to attack and no push channel.
Allowlist. Targets and actions are constrained by an allowlist.
Audit. Activity is recorded for review.
Because there is no inbound listener and no push, the attack surface on the
target is minimal: an attacker cannot connect to the target through Pocket
Agent, and access automatically lapses when the ticket expires.
How it is used
An operator issues a ticket for a specific task; the target picks it up via the
signed bootstrap and the outbound poll loop, performs the allowlisted work, and
reports back. Each step is bounded by the ticket TTL and recorded in the audit
trail.
operator issues TTL ticket ─▶ target verifies signed bootstrap ─▶ target polls outbound ─▶ allowlisted work ─▶ audit
Installation
Install Pocket Agent in one click from the marketplace in the admin UI. The
host-native deployer downloads the plugin, runs its install step, renders a
sandboxed systemd unit and waits for health before marking it ready — see
Install & updates. No containers are
involved.
Security and limits
TTL-ticket access only — bounded in time, not a standing remote session.
Outbound-only — no inbound socket, no push channel on the target.
Allowlist + signed bootstrap + audit enforce who can do what, and record
it.
Not a companion app — this is operator-driven remote access, not a phone
client.
Host-native — runs under systemd, not in a container.
<p class="doc-plugin-logo"><img class="th-on-dark" src="/pl/pocket-dark.svg" alt="" width="60" height="60" /><img class="th-on-light" src="/pl/pocket-light.svg" alt="" width="60" height="60" /></p>
**Pocket Agent is short-lived, TTL-ticket remote-access tooling.** It lets an
operator reach a target machine to perform a bounded task, with a security model
designed so the target never has to open a port or trust an inbound connection.
> [!WARNING]
> Pocket Agent is **not a mobile companion app.** The name refers to a small,
> on-demand remote-access agent, not a phone client. For the mobile client see
> the [iOS / mobile bridge](/en/v1.0/plugins/ios-mobile) plugin.
It runs host-native and talks to the gateway over the
contract.
## Facts
| Field | Value |
|---|---|
| Version | 0.1.0 |
| Port | 8814 |
| Runtime | host-native |
## What it is
A way to run a bounded action on a remote target without standing infrastructure
on that target. Instead of a daemon listening for inbound commands, the model is
**ticket-driven and outbound-only**:
1. An **operator issues a ticket** — a short-lived (TTL-bounded) grant for a
specific task.
2. The **target runs a signed bootstrap** that verifies the ticket.
3. The target then enters an **outbound poll loop**, reaching out to fetch work
and report results.
When the ticket's TTL expires, the access is gone. There is nothing persistent
left listening.
## The security model
> [!NOTE]
> The whole point of Pocket Agent is the security posture, not convenience.
> Understand it before deploying:
>
> - **Short-lived tickets (TTL).** Access is time-bounded; an expired ticket
> grants nothing.
> - **Signed bootstrap.** The target only proceeds after verifying a signed
> bootstrap tied to the ticket.
> - **Outbound poll loop only.** The target initiates all connections. There is
> **no inbound socket** to attack and **no push** channel.
> - **Allowlist.** Targets and actions are constrained by an allowlist.
> - **Audit.** Activity is recorded for review.
Because there is no inbound listener and no push, the attack surface on the
target is minimal: an attacker cannot connect *to* the target through Pocket
Agent, and access automatically lapses when the ticket expires.
## How it is used
An operator issues a ticket for a specific task; the target picks it up via the
signed bootstrap and the outbound poll loop, performs the allowlisted work, and
reports back. Each step is bounded by the ticket TTL and recorded in the audit
trail.
```text
operator issues TTL ticket ─▶ target verifies signed bootstrap ─▶ target polls outbound ─▶ allowlisted work ─▶ audit
```
## Installation
Install Pocket Agent in one click from the marketplace in the admin UI. The
host-native deployer downloads the plugin, runs its install step, renders a
sandboxed systemd unit and waits for health before marking it ready — see
[Install & updates](/en/v1.0/marketplace/install-updates). No containers are
involved.
## Security and limits
- **TTL-ticket access only** — bounded in time, not a standing remote session.
- **Outbound-only** — no inbound socket, no push channel on the target.
- **Allowlist + signed bootstrap + audit** enforce who can do what, and record
it.
- **Not a companion app** — this is operator-driven remote access, not a phone
client.
- **Host-native** — runs under systemd, not in a container.
## Where to next
- [Install & updates](/en/v1.0/marketplace/install-updates)
- [Marketplace overview & tiers](/en/v1.0/marketplace/overview-tiers)
- Mobile client: [iOS / mobile bridge](/en/v1.0/plugins/ios-mobile)
AiHummer 
