manueljpconde hardens the one-click self-hosting build

A cleanup pass on the local install pulls a powerful secret key out of the browser and makes the private-model setup actually work on the servers teams deploy on.

infrastructuresecurity

manueljpconde went back over the install-it-yourself package for this fork and fixed two things that matter to anyone running it themselves. A high-privilege secret key - the kind that should never leave the server - was being baked into the part of the app that runs in the user's browser, where anyone could have fished it out. That's now gone.

The same pass fixed a quieter trap. The configuration that lets you point the system at a private AI model running on your own hardware worked on Mac and Windows developer machines but silently failed on Linux - which is what most teams actually deploy on. It works there now, alongside a couple of smaller reliability fixes to keep the setup reproducible.

So what Worth a look for any firm planning to self-host this rather than lean on a vendor - it's the gap between a demo that runs on a laptop and an install you'd trust on a real server.

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

SHA	Subject	Author	Date
`f8873309`	Harden Docker quickstart config	Manuel Conde	2026-05-10	↗ GitHub

SHA

Subject

Author

Date

f8873309

Harden Docker quickstart config

Manuel Conde

2026-05-10

↗ GitHub

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-247.md from inside the repo you want the changes in.

manueljpconde hardens the one-click self-hosting build

Commits in this thread

Capture this thread into my fork