This commit introduces a new `--local-only` flag for the `gateway` command that hardens the configuration for strictly local usage by:
- Disabling update checks on start
- Disabling diagnostics
- Clearing model fallbacks (to prevent accidental cloud usage)
- Denying external tools (web_search, web_fetch, browser)
- Enabling Docker sandboxing for non-main sessions
It also adds a detailed `SECURITY_ASSESSMENT_LOCAL.md` report and a unit test for the new flag.
Co-authored-by: samibs <1743891+samibs@users.noreply.github.com>
This commit adds `SECURITY_ASSESSMENT_LOCAL.md`, which provides a detailed audit of Moltbot for users who want to run the assistant entirely locally using Ollama.
The assessment identifies potential data leakage points (update checks, cloud-capable tools), audits model fallback logic to prevent accidental cloud usage, verifies Gateway binding and authentication, and provides a hardened configuration template.
Co-authored-by: samibs <1743891+samibs@users.noreply.github.com>