Follow-up from v0.8.61 app-server release verification
docs/RUNTIME_API.md currently says, in the app-server section, to pass --insecure on trusted loopback. That flag name is correct for codewhale serve, but the canonical app-server flag is --insecure-no-auth.
Evidence:
codewhale app-server --help exposes --insecure-no-auth.codewhale serve --help exposes --insecure.app-server --http maps --insecure-no-auth to the delegated serve --insecure flag.
Expected direction:
- Update the app-server-specific docs text to say
--insecure-no-auth.
- Keep any
serve compatibility-alias examples using --insecure where they refer specifically to codewhale serve.
Follow-up from v0.8.61 app-server release verification
docs/RUNTIME_API.mdcurrently says, in the app-server section, to pass--insecureon trusted loopback. That flag name is correct forcodewhale serve, but the canonical app-server flag is--insecure-no-auth.Evidence:
codewhale app-server --helpexposes--insecure-no-auth.codewhale serve --helpexposes--insecure.app-server --httpmaps--insecure-no-authto the delegated serve--insecureflag.Expected direction:
--insecure-no-auth.servecompatibility-alias examples using--insecurewhere they refer specifically tocodewhale serve.