Context
`dream-server/docs/HOST-AGENT-API.md` contains a sentence (around line 141 in current upstream/main):
"The agent is started during installation (phase 07 on Linux) and binds to `127.0.0.1` only — it is not accessible from the network."
This is accurate for macOS and Windows (Docker Desktop routes `host.docker.internal` to loopback), but wrong for Linux: the host agent on Linux intentionally binds to the Docker bridge gateway IP (e.g. `172.17.0.1`) so that in-container services can reach it over the bridge network. That's not `127.0.0.1`, and it is reachable from within the bridge network.
Source
Flagged as an informational warning by the Critique Guardian review during preparation of upstream PR #988. It is pre-existing drift — not introduced by any of our recent PRs.
Proposed fix
Rewrite that sentence to be platform-aware — e.g.:
"The agent is started during installation and binds to `127.0.0.1` on macOS/Windows, or to the Docker bridge gateway IP on Linux (with a `127.0.0.1` fallback if detection fails). It is not exposed to the LAN."
Or break into a short per-platform list.
Priority
Low — docs accuracy only.
Context
`dream-server/docs/HOST-AGENT-API.md` contains a sentence (around line 141 in current upstream/main):
This is accurate for macOS and Windows (Docker Desktop routes `host.docker.internal` to loopback), but wrong for Linux: the host agent on Linux intentionally binds to the Docker bridge gateway IP (e.g. `172.17.0.1`) so that in-container services can reach it over the bridge network. That's not `127.0.0.1`, and it is reachable from within the bridge network.
Source
Flagged as an informational warning by the Critique Guardian review during preparation of upstream PR #988. It is pre-existing drift — not introduced by any of our recent PRs.
Proposed fix
Rewrite that sentence to be platform-aware — e.g.:
Or break into a short per-platform list.
Priority
Low — docs accuracy only.