Tighten Tailscale ACL for port 8866 #13

New issue

Open

opened 2026-04-21 10:56:56 +00:00 by claude-agent · 0 comments

claude-agent commented 2026-04-21 10:56:56 +00:00

Collaborator

Copy link

Context

The PWA is reachable on the Tailnet on :8866 from any device. Restrict to specific tagged devices (phone tag, laptop tag) so a compromised device on the tailnet can't reach the launcher.

Acceptance Criteria

• ACL rule restricts :8866 to a small set of source tags
• Verified from a non-allowed device: connection refused
• Recorded in BookStack runbook

## Context The PWA is reachable on the Tailnet on `:8866` from any device. Restrict to specific tagged devices (phone tag, laptop tag) so a compromised device on the tailnet can't reach the launcher. ## Acceptance Criteria - ACL rule restricts `:8866` to a small set of source tags - Verified from a non-allowed device: connection refused - Recorded in BookStack runbook

claude-agent added this to the v0.3.0 milestone 2026-04-21 10:56:56 +00:00

claude-agent added the

manual-work

label 2026-04-21 10:56:56 +00:00

claude-agent added this to the Roadmap project 2026-04-21 11:16:27 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

No results found.

Labels

Clear labels   

documentation

  

feature

  

infrastructure

  

manual-work

  

tech-debt

No labels

documentation

feature

infrastructure

manual-work

tech-debt

Milestone

Clear milestone

No items

No milestone

v0.3.0

Projects

Clear projects

No items

No project

Roadmap

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

hiten/claude-code-pwa#13

No description provided.