Why this matters
The optional HTTPS proxy is useful, but it is easy for self-hosted users to misunderstand where it is safe to run and where it should not be exposed.
The current guidance is spread across README.md, SECURITY.md, docs/SECURITY-AUDIT.md, and the release/publishing docs. The repo should make the deployment boundaries obvious to a new reader before they cargo-cult a risky setup.
Scope
- Tighten the deployment guidance for the optional proxy.
- Add a short, concrete checklist for trusted-network assumptions and "do not expose this like a hardened public edge" cases.
- Keep the guidance consistent across README, security docs, and release/publishing docs.
Acceptance criteria
- A new self-hosted user can quickly tell when the proxy is appropriate and when it is not.
- The docs explicitly call out public-internet exposure risks and trusted-certificate expectations.
- The guidance is consistent across the main public-facing docs.
- No claims in the docs overstate the proxy's security posture.
Notes
This is partly documentation, but it directly reduces support risk and security misunderstanding.
Why this matters
The optional HTTPS proxy is useful, but it is easy for self-hosted users to misunderstand where it is safe to run and where it should not be exposed.
The current guidance is spread across
README.md,SECURITY.md,docs/SECURITY-AUDIT.md, and the release/publishing docs. The repo should make the deployment boundaries obvious to a new reader before they cargo-cult a risky setup.Scope
Acceptance criteria
Notes
This is partly documentation, but it directly reduces support risk and security misunderstanding.