e129378014
Document safer defaults and deployment guidance for network-accessible Odysseus installs. The guidance emphasizes keeping auth enabled, disabling localhost bypass outside development, using secure cookies for HTTPS/reverse-proxy deployments, and exposing only the authenticated Odysseus entrypoint through a trusted proxy or private access layer. Also clarify that bundled services, databases, vector stores, notification services, and raw model/provider APIs should remain internal-only. This is documentation and config-example only. It does not change runtime behavior.
6.0 KiB
6.0 KiB