Add native Windows compatibility layer

app.py

@@ -1,7 +1,22 @@
 # app.py — slim orchestrator
-from dotenv import load_dotenv
-load_dotenv()
 import os
+
+# Windows: force HuggingFace/fastembed to COPY model files instead of symlinking.
+# On a network-share/UNC data dir Windows can't follow HF's symlinks ([WinError
+# 1463]), so the ONNX embedding model fails to load. huggingface_hub reads this
+# at import time, so set it before anything pulls it in. (Mirrored in
+# src/embeddings.py for non-server entrypoints.)
+if os.name == "nt":
+    os.environ.setdefault("HF_HUB_DISABLE_SYMLINKS", "1")
+    os.environ.setdefault("HF_HUB_DISABLE_SYMLINKS_WARNING", "1")
+
+from dotenv import load_dotenv
+# encoding="utf-8-sig" tolerates a UTF-8 BOM in .env — a common Windows gotcha
+# when the file is saved from Notepad. Without this, the first key parses as
+# "AUTH_ENABLED" instead of "AUTH_ENABLED", so AUTH_ENABLED=false (etc.)
+# is silently ignored and the user is unexpectedly forced to log in (issue #142).
+# utf-8-sig reads plain UTF-8 (no BOM) identically, so this is safe everywhere.
+load_dotenv(encoding="utf-8-sig")
 import uuid
 
 import asyncio
@@ -170,6 +185,31 @@ if AUTH_ENABLED:
         _token_cache.update(new_map)
         app.state._token_cache_dirty = False
 
+    # Headers that prove a request was forwarded by a proxy/tunnel (cloudflared,
+    # nginx, Caddy, Tailscale Funnel, …). cloudflared connects to the app FROM
+    # 127.0.0.1, so without this check every tunneled request would look like
+    # loopback and could bypass auth.
+    _PROXY_FWD_HEADERS = (
+        "cf-connecting-ip", "cf-ray", "cf-visitor",
+        "x-forwarded-for", "x-forwarded-host", "x-real-ip", "forwarded",
+    )
+
+    def _is_trusted_loopback(request: Request) -> bool:
+        """True ONLY for a DIRECT loopback connection with no proxy/tunnel
+        forwarding headers. A bare ``client.host in ('127.0.0.1','::1')`` check is
+        unsafe behind a Cloudflare tunnel / reverse proxy: those connect from
+        loopback, so a remote visitor would otherwise inherit local trust and
+        slip past LOCALHOST_BYPASS or spoof the internal-tool path. Odysseus's own
+        in-process agent loopback calls carry none of these headers, so they still
+        qualify."""
+        host = request.client.host if request.client else None
+        if host not in ("127.0.0.1", "::1"):
+            return False
+        for _h in _PROXY_FWD_HEADERS:
+            if request.headers.get(_h):
+                return False
+        return True
+
     class AuthMiddleware(BaseHTTPMiddleware):
         async def dispatch(self, request: Request, call_next):
             path = request.url.path
@@ -182,8 +222,7 @@ if AUTH_ENABLED:
             try:
                 from core.middleware import INTERNAL_TOOL_HEADER, INTERNAL_TOOL_TOKEN as _ITT
                 _hdr = request.headers.get(INTERNAL_TOOL_HEADER)
-                _client_host = request.client.host if request.client else None
-                if _hdr and _hdr == _ITT and _client_host in ("127.0.0.1", "::1"):
+                if _hdr and _hdr == _ITT and _is_trusted_loopback(request):
                     # Impersonation: when the agent's loopback call sets
                     # X-Odysseus-Owner, attribute the request to that
                     # user so notes/calendar/etc. land in their account
@@ -196,12 +235,13 @@ if AUTH_ENABLED:
                     return await call_next(request)
             except Exception:
                 pass
-            # Allow localhost requests (internal service calls from heartbeats etc.)
-            # Disable with LOCALHOST_BYPASS=false when exposing via reverse proxy / Tailscale Funnel
-            if LOCALHOST_BYPASS:
-                client_host = request.client.host if request.client else None
-                if client_host in ("127.0.0.1", "::1"):
-                    return await call_next(request)
+            # Allow DIRECT localhost requests (internal service calls from
+            # heartbeats etc.). Tunnel/proxy-forwarded requests are excluded by
+            # _is_trusted_loopback so LOCALHOST_BYPASS can't be abused over a
+            # Cloudflare tunnel / reverse proxy. Keep LOCALHOST_BYPASS=false for
+            # network-exposed deployments regardless.
+            if LOCALHOST_BYPASS and _is_trusted_loopback(request):
+                return await call_next(request)
             if not auth_manager.is_configured:
                 # No users yet — redirect to login for first-time setup
                 if not path.startswith("/api/"):
@@ -819,7 +859,7 @@ async def startup_event():
         try:
             import json as _json
             auth_path = "data/auth.json"
-            with open(auth_path) as f:
+            with open(auth_path, encoding="utf-8") as f:
                 users = _json.load(f).get("users", {})
             owners.update(users.keys())
         except Exception as e:
@@ -866,7 +906,7 @@ async def startup_event():
     try:
         import json as _json
         auth_path = "data/auth.json"
-        with open(auth_path) as f:
+        with open(auth_path, encoding="utf-8") as f:
             users = _json.load(f).get("users", {})
         primary_owner = None
         for uname, udata in users.items():