Codevisor Server

Network security

Expose a remote Codevisor Server without exposing its credentials or transport.

Codevisor Server speaks plain HTTP and WebSocket. It does not terminate TLS. For access outside a trusted private network, put it behind a TLS-terminating reverse proxy or a private overlay network.

  • Run with --auth token whenever the bind address is not loopback.
  • Restrict port 49361 with a host firewall or private network policy.
  • Terminate HTTPS and WSS before traffic crosses an untrusted network.
  • Keep the SQLite database and installation directory readable only by the service user.
  • Configure explicit CORS origins only for browser clients you control.
  • Store pairing tokens in a credential manager; the current API does not expose token revocation.

The hosted API reference intentionally does not execute requests. This prevents server addresses and bearer tokens from being sent to www.codevisor.dev.

On this page