Operator
Deployment Modes
SLAW runs in two modes with different security profiles. Reachability is configured separately with bind.
local_trusted
The default mode, optimised for single-operator local use.
- Host binding: loopback only (localhost)
- Bind:
loopback - Authentication: no login required
- Use case: local development, solo experimentation
- Operator identity: an auto-created local Operator
npx slaw onboard
# Choose "local_trusted"
authenticated
Login required. Supports two exposure policies.
authenticated + private
For private network access (Tailscale, VPN, LAN).
- Authentication: login required via Better Auth
- URL handling: auto base URL mode (lower friction)
- Host trust: private-host trust policy required
- Bind: choose
loopback,lan,tailnet, orcustom
npx slaw onboard
# Choose "authenticated" -> "private"
Allow custom Tailscale hostnames:
npx slaw allowed-hostname my-machine
authenticated + public
For internet-facing deployment.
- Authentication: login required
- URL: explicit public URL required
- Security: stricter deployment checks in
doctor - Bind: usually
loopbackbehind a reverse proxy;lan/customis advanced
npx slaw onboard
# Choose "authenticated" -> "public"
Operator claim flow
When migrating from local_trusted to authenticated, SLAW emits a one-time claim URL at startup:
/board-claim/<token>?code=<code>
A signed-in user visits this URL to claim Operator ownership. This:
- Promotes the current user to instance Operator
- Demotes the auto-created local Operator
- Ensures active squad membership for the claiming user
Changing modes
Update the deployment mode:
npx slaw configure --section server
Runtime override via environment variable:
SLAW_DEPLOYMENT_MODE=authenticated SLAW_BIND=lan npx slaw run
Next steps
- Tailscale Private Access — private remote access
- Environment Variables — the full config reference
- Secrets — strict mode for authenticated deployments