Deployment Modes
AImetier supports two runtime modes with different security profiles. Reachability is configured separately with bind.
local_trusted
Section titled “local_trusted”The default mode. Optimized for single-operator local use.
- Host binding: loopback only (localhost)
- Bind:
loopback - Authentication: no login required
- Use case: local development, solo experimentation
- Board identity: auto-created local board user
# Set during onboardpnpm aimetier onboard# Choose "local_trusted"authenticated
Section titled “authenticated”Login required. Supports two exposure policies.
authenticated + private
Section titled “authenticated + private”For private network access (VPN, LAN).
- Authentication: login required via Better Auth
- URL handling: auto base URL mode (lower friction)
- Host trust: private-host trust policy required
- Bind: choose
loopback,lan, orcustom(tailnetis disabled as of 2026-06-15 — uselan, or setAIMETIER_TAILNET_BIND_HOSTexplicitly)
pnpm aimetier onboard# Choose "authenticated" -> "private"Allow custom Tailscale hostnames:
pnpm aimetier allowed-hostname my-machineauthenticated + public
Section titled “authenticated + public”For internet-facing deployment.
- Authentication: login required
- URL: explicit public URL required
- Security: stricter deployment checks in doctor
- Bind: usually
loopbackbehind a reverse proxy;lan/customis advanced
pnpm aimetier onboard# Choose "authenticated" -> "public"Board Claim Flow
Section titled “Board Claim Flow”When migrating from local_trusted to authenticated, AImetier emits a one-time claim URL at startup:
/board-claim/<token>?code=<code>A signed-in user visits this URL to claim board ownership. This:
- Promotes the current user to instance admin
- Demotes the auto-created local board admin
- Ensures active company membership for the claiming user
Changing Modes
Section titled “Changing Modes”Update the deployment mode:
pnpm aimetier configure --section serverRuntime override via environment variable:
AIMETIER_DEPLOYMENT_MODE=authenticated AIMETIER_BIND=lan pnpm aimetier run