default gateway bind to loopback, require explicit opt-in for public exposure #2590

2026-01-29 18:38:55 -05:00 · 2026-01-29 18:38:55 -05:00 · cd987e7ae0
commit cd987e7ae0
parent 4583f88626
5 changed files with 19 additions and 3 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -22,7 +22,7 @@ services:
        "dist/index.js",
        "gateway",
        "--bind",
-        "${CLAWDBOT_GATEWAY_BIND:-lan}",
+        "${CLAWDBOT_GATEWAY_BIND:-loopback}",
        "--port",
        "${CLAWDBOT_GATEWAY_PORT:-18789}"
      ]
--- a/fly.private.toml
+++ b/fly.private.toml
@ -22,7 +22,8 @@ primary_region = "iad"  # change to your closest region
  NODE_OPTIONS = "--max-old-space-size=1536"

 [processes]
-  app = "node dist/index.js gateway --allow-unconfigured --port 3000 --bind lan"
+  # Default bind is loopback (127.0.0.1) - appropriate for private deployment.
+  app = "node dist/index.js gateway --allow-unconfigured --port 3000"

 # NOTE: No [http_service] block = no public ingress allocated.
 # The gateway will only be accessible via:
--- a/fly.toml
+++ b/fly.toml
@ -15,7 +15,9 @@ primary_region = "iad"  # change to your closest region
  NODE_OPTIONS = "--max-old-space-size=1536"

 [processes]
-  app = "node dist/index.js gateway --allow-unconfigured --port 3000 --bind lan"
+  # Default bind is loopback (127.0.0.1). For public access, add: --bind lan --token YOUR_SECRET
+  # WARNING: Using --bind lan exposes your gateway to internet scanners (Shodan).
+  app = "node dist/index.js gateway --allow-unconfigured --port 3000"

 [http_service]
  internal_port = 3000
--- a/src/cli/gateway-cli/run.ts
+++ b/src/cli/gateway-cli/run.ts
@ -256,6 +256,17 @@ async function runGatewayCommand(opts: GatewayRunOpts) {
    return;
  }

+  // Warn when binding to non-loopback even with auth
+  if (bind !== "loopback" && hasSharedSecret) {
+    gatewayLog.warn(
+      [
+        `Gateway binding to ${bind} (network-accessible).`,
+        "Ensure this is intentional. The gateway may be discoverable via internet scanners.",
+        "For local-only access, use --bind loopback or omit the --bind flag.",
+      ].join("\n"),
+    );
+  }
+
  try {
    await runGatewayLoop({
      runtime: defaultRuntime,
--- a/src/commands/doctor-security.ts
+++ b/src/commands/doctor-security.ts
@ -60,6 +60,7 @@ export async function noteSecurityWarnings(cfg: MoltbotConfig) {
      warnings.push(
        `- CRITICAL: Gateway bound to ${bindDescriptor} without authentication.`,
        `  Anyone on your network (or internet if port-forwarded) can fully control your agent.`,
+        `  Your gateway is discoverable via internet scanners (Shodan, Censys).`,
        `  Fix: ${formatCliCommand("moltbot config set gateway.bind loopback")}`,
        ...authFixLines,
      );
@ -67,6 +68,7 @@ export async function noteSecurityWarnings(cfg: MoltbotConfig) {
      // Auth is configured, but still warn about network exposure
      warnings.push(
        `- WARNING: Gateway bound to ${bindDescriptor} (network-accessible).`,
+        `  The gateway may be discoverable via internet scanners (Shodan, Censys).`,
        `  Ensure your auth credentials are strong and not exposed.`,
      );
    }