Aller au contenu

Deployment Modes

Ce contenu n’est pas encore disponible dans votre langue.

AImetier supports two runtime modes with different security profiles. Reachability is configured separately with bind.

The default mode. Optimized for single-operator local use.

  • Host binding: loopback only (localhost)
  • Bind: loopback
  • Authentication: no login required
  • Use case: local development, solo experimentation
  • Board identity: auto-created local board user
Terminal window
# Set during onboard
pnpm aimetier onboard
# Choose "local_trusted"

Login required. Supports two exposure policies.

For private network access (VPN, LAN).

  • Authentication: login required via Better Auth
  • URL handling: auto base URL mode (lower friction)
  • Host trust: private-host trust policy required
  • Bind: choose loopback, lan, or custom (tailnet is disabled as of 2026-06-15 — use lan, or set AIMETIER_TAILNET_BIND_HOST explicitly)
Terminal window
pnpm aimetier onboard
# Choose "authenticated" -> "private"

Allow custom Tailscale hostnames:

Terminal window
pnpm aimetier allowed-hostname my-machine

For internet-facing deployment.

  • Authentication: login required
  • URL: explicit public URL required
  • Security: stricter deployment checks in doctor
  • Bind: usually loopback behind a reverse proxy; lan/custom is advanced
Terminal window
pnpm aimetier onboard
# Choose "authenticated" -> "public"

When migrating from local_trusted to authenticated, AImetier emits a one-time claim URL at startup:

/board-claim/<token>?code=<code>

A signed-in user visits this URL to claim board ownership. This:

  • Promotes the current user to instance admin
  • Demotes the auto-created local board admin
  • Ensures active company membership for the claiming user

Update the deployment mode:

Terminal window
pnpm aimetier configure --section server

Runtime override via environment variable:

Terminal window
AIMETIER_DEPLOYMENT_MODE=authenticated AIMETIER_BIND=lan pnpm aimetier run