Skip to content

fix: harden default bind address and improve documentation (v1.0.1)#17

Merged
Romain-Grosos merged 5 commits intomainfrom
fix/release-1.0.1
Mar 10, 2026
Merged

fix: harden default bind address and improve documentation (v1.0.1)#17
Romain-Grosos merged 5 commits intomainfrom
fix/release-1.0.1

Conversation

@Romain-Grosos
Copy link
Contributor

@Romain-Grosos Romain-Grosos commented Mar 10, 2026

Summary

  • Default bind address changed from 0.0.0.0 to 127.0.0.1 to prevent accidental LAN exposure on multi-VLAN networks
  • buncker api-setup now switches bind to 0.0.0.0 when activating API auth + TLS
  • README pitch renamed from "Zero exotic deps" to "OS-packaged deps only"
  • Added Windows/WSL2 requirement note in README
  • Documented GPG out-of-scope rationale in security docs (offline machine cannot refresh keyrings)
  • Added python3-yaml to tech stack documentation
  • Version bumped to 1.0.1

Test plan

  • Unit tests: 590 passed
  • Lint: ruff check + format clean
  • Integration tests: 40/40 (3 phases - USB flow, LAN client auth, OCI restricted mode)
  • Phase 1 validates bind 127.0.0.1 works for local access
  • Phase 2 validates api-setup switches to 0.0.0.0 for LAN clients

@Romain-Grosos
fix(server): default bind to 127.0.0.1, switch to 0.0.0.0 on api-setup
778fbfa 
Localhost-only by default prevents accidental exposure on multi-VLAN
networks. When api-setup activates auth + TLS, bind is switched to
0.0.0.0 for LAN client access.
@Romain-Grosos
docs: update pitch wording, bind default, and add WSL2 note
bc2f7b1 
- Rename 'Zero exotic deps' to 'OS-packaged deps only' in README
- Update bind default from 0.0.0.0 to 127.0.0.1 across all docs
- Add Windows/WSL2 requirement note in README
@Romain-Grosos
docs(security): document GPG out-of-scope rationale and network binding
16e7381 
- Add 'Network Binding' section explaining 127.0.0.1 default
- Add 'Package Integrity (no GPG)' section with threat model rationale
- Update dependency security to mention python3-yaml
@Romain-Grosos
docs: add python3-yaml to tech stack table
19117c1
@Romain-Grosos
chore: bump version to 1.0.1
c2800fe
@Romain-Grosos Romain-Grosos added this to the v1.0.1 milestone Mar 10, 2026
@Romain-Grosos Romain-Grosos self-assigned this Mar 10, 2026
@Romain-Grosos Romain-Grosos added documentation Improvements or additions to documentation security labels Mar 10, 2026
@Romain-Grosos Romain-Grosos merged commit 42a1264 into main Mar 10, 2026
7 checks passed
@Romain-Grosos Romain-Grosos deleted the fix/release-1.0.1 branch March 10, 2026 09:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Romain-Grosos Romain-Grosos

Labels

documentation Improvements or additions to documentation security

Projects

None yet

Milestone

v1.0.1

Development

Successfully merging this pull request may close these issues.

1 participant

@Romain-Grosos