EAI currently binds to localhost by default and warns users before exposing the control plane or notebook to a LAN/Tailscale/trusted network. There is not yet an authentication layer.
This issue tracks future hardening so the public bundle does not imply that network exposure is safe by default.
Scope:
Keep localhost as the safe default.
Document risks of EAI_HOST=0.0.0.0 and EAI_NOTEBOOK_HOST=0.0.0.0.
Decide the minimum viable auth approach for early public use.
NOTE:
Avoid adding a large identity/security framework prematurely.
Done when:
Remote access has a bounded auth mechanism or a clearly documented “not supported yet” boundary.
README and .env.example accurately describe the exposure risk.
No unauthenticated Act-tier or governance mutation endpoints are casually exposed.
EAI currently binds to localhost by default and warns users before exposing the control plane or notebook to a LAN/Tailscale/trusted network. There is not yet an authentication layer.
This issue tracks future hardening so the public bundle does not imply that network exposure is safe by default.
Scope:
Keep localhost as the safe default.
Document risks of EAI_HOST=0.0.0.0 and EAI_NOTEBOOK_HOST=0.0.0.0.
Decide the minimum viable auth approach for early public use.
NOTE:
Avoid adding a large identity/security framework prematurely.
Done when:
Remote access has a bounded auth mechanism or a clearly documented “not supported yet” boundary.
README and .env.example accurately describe the exposure risk.
No unauthenticated Act-tier or governance mutation endpoints are casually exposed.