Operator
Deployment Overview
SLAW supports three deployment configurations, from a zero-friction local instance to an internet-facing production server. This page helps you pick the right one.
The three modes
| Mode | Auth | Best for |
|---|---|---|
local_trusted | No login required | Single-operator local machine |
authenticated + private | Login required | Private network (Tailscale, VPN, LAN) |
authenticated + public | Login required | Internet-facing cloud deployment |
Local trusted (default)
- Loopback-only host binding (localhost)
- No human login flow
- Fastest startup
- Best for solo development and experimentation
Authenticated + private
- Login required via Better Auth
- Binds to network interfaces for shared access
- Auto base URL mode (lower friction)
- Best for team access over Tailscale or a local network
Authenticated + public
- Login required
- Explicit public URL required
- Stricter security checks at startup
- Best for cloud hosting and internet-facing deployment
Choosing a mode
- Just trying SLAW? Use
local_trusted(the default). - Sharing with a team on a private network? Use
authenticated+private— see Tailscale Private Access. - Deploying to the cloud? Use
authenticated+public.
Set the mode during onboarding:
npx slaw onboard
Or update it later:
npx slaw configure --section server
Next steps
- Deployment Modes — the security profiles in detail
- Docker — run SLAW in a container
- Local Development — set up a dev instance