<feed xmlns='http://www.w3.org/2005/Atom'>
<title>claudomator.git/internal/config/bind_test.go, branch fix/dockersandbox-gitpush-host-security</title>
<subtitle>claudomator — task automation server
</subtitle>
<id>https://git.terst.org/claudomator.git/atom?h=fix%2Fdockersandbox-gitpush-host-security</id>
<link rel='self' href='https://git.terst.org/claudomator.git/atom?h=fix%2Fdockersandbox-gitpush-host-security'/>
<link rel='alternate' type='text/html' href='https://git.terst.org/claudomator.git/'/>
<updated>2026-05-26T21:08:25+00:00</updated>
<entry>
<title>feat(config,cli): loopback-default binding with fail-loud on external (Phase 7)</title>
<updated>2026-05-26T21:08:25+00:00</updated>
<author>
<name>Claude</name>
<email>noreply@anthropic.com</email>
</author>
<published>2026-05-26T21:08:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.terst.org/claudomator.git/commit/?id=b9d73497efe7c28800040b3e421bfb4cb6af6092'/>
<id>urn:sha1:b9d73497efe7c28800040b3e421bfb4cb6af6092</id>
<content type='text'>
The server now defaults to binding 127.0.0.1 and refuses to bind a non-loopback
address (:8484, 0.0.0.0, a LAN IP, …) unless external_bind_allowed = true is set
in config — failing loud at startup instead of silently exposing itself.
External access is expected to go through a reverse proxy (Tailscale / Cloudflare
Access / Caddy), per the locked auth model.

- config: ExternalBindAllowed flag + ValidateBindAddr/isLoopbackHost (tested
  across loopback, all-interfaces, LAN, and override cases).
- cli: --addr default is now 127.0.0.1:8484; serve() validates before binding.

Per-client bearer rotation stays deferred (single shared token for now).

https://claude.ai/code/session_01SESwn7kQ7oP62trWw6pc39
</content>
</entry>
</feed>
