From b899095f18d10e7b7ec47695aa601aef50fd676b Mon Sep 17 00:00:00 2001 From: Ahmed Dlshad Date: Mon, 22 Jun 2026 21:29:55 +0300 Subject: [PATCH] docs(setup): note -BindHost flag for LAN access on native Windows (#4636) The native Windows launcher binds to 127.0.0.1 via its own -BindHost parameter and does not read APP_BIND/ODYSSEUS_HOST from .env, so editing .env alone leaves the server on loopback. Document the -BindHost flag in the Native Windows setup section, with the existing keep-auth-on / don't-expose-publicly caveats. Fixes #4552 Co-authored-by: Claude Opus 4.8 --- docs/setup.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/setup.md b/docs/setup.md index 0fb4e2465..6978a263f 100644 --- a/docs/setup.md +++ b/docs/setup.md @@ -250,6 +250,19 @@ python -m uvicorn app:app --host 127.0.0.1 --port 7000 If `python` points at an older interpreter, use `py -3.12` (or another installed 3.11+ version) for the venv step. +**Exposing on a LAN/Tailscale (Windows):** the launcher binds to `127.0.0.1` and +does **not** read `APP_BIND` / `ODYSSEUS_HOST` from `.env`, so editing `.env` +alone leaves the native Windows server on loopback. Pass the launcher's +`-BindHost` flag instead: + +```powershell +powershell -ExecutionPolicy Bypass -File .\launch-windows.ps1 -BindHost 0.0.0.0 +``` + +The manual `uvicorn` command takes the same address as `--host 0.0.0.0`. Bind +outside loopback only for a trusted LAN/VPN such as Tailscale: keep +`AUTH_ENABLED=true` and do not expose the port directly to the public internet. + **Requirements:** Python 3.11+. The core app (chat, agent, memory, documents, email, calendar, deep research) runs fully native. For full **Cookbook** background model downloads and the agent shell tool, also install