Commit 5f6865b
docs(security): reflect post-Light-Heart-Labs#988 host-agent fallback in SECURITY.md
Maintainer audit on PR Light-Heart-Labs#973 (Lightheartdevs, 2026-04-28):
"Audit follow-up: needs rebase/update after the security merges.
Light-Heart-Labs#988 is now on `main`, so docs should describe the safer loopback
fallback behavior rather than the old exposure story. Please rebase
this broad docs pass on current `main`, reconcile it with Light-Heart-Labs#988/Light-Heart-Labs#959,
and make sure the host-agent/native binding sections consistently
say `127.0.0.1` where that is now the implementation."
Light-Heart-Labs#988 (`fix/security-loopback`) changed `bin/dream-host-agent.py:2315`
to fall back to `127.0.0.1` instead of `0.0.0.0` when Docker bridge
detection fails. The "Host Agent Network Binding" table introduced
in this PR (commit `4ef9133c`) described pre-Light-Heart-Labs#988 behavior in the
Linux row. This commit corrects the cell with a parenthetical
pointing at Light-Heart-Labs#988 so the rationale isn't lost on future readers.
The other entries in the table (macOS/Windows already loopback,
override examples, bind-to-LAN warning) are unchanged.
Light-Heart-Labs#959-related changes: the token-spy proxy/upstream auth split is
already correctly captured by extension manifests + service
documentation that landed with Light-Heart-Labs#959; this PR's diff doesn't touch
those paths.
Closes the binding-doc audit ask. Branch is now rebased on current
upstream/main; rest of the docs sync (Qwen3.5/3 model names,
Windows-quickstart rewrite, FAQ expansions, langfuse README, etc.)
stands as before.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>1 parent 41a76d0 commit 5f6865b
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
84 | 84 | | |
85 | 85 | | |
86 | 86 | | |
87 | | - | |
| 87 | + | |
88 | 88 | | |
89 | 89 | | |
90 | 90 | | |
| |||
0 commit comments