SakuraByteCore · awsl233777 · Mar 31, 2026 · Apr 3, 2026
diff --git a/README.en.md b/README.en.md
@@ -124,7 +124,9 @@ codexmate status
 codexmate run
 ```
 
-Default listen address is `0.0.0.0:3737` for LAN access, and browser auto-open is enabled by default.
+Default listen address is `127.0.0.1:3737`, localhost-only, and browser auto-open is enabled by default.
+
+> Security note: if you explicitly use `--host 0.0.0.0` or set `CODEXMATE_HOST=0.0.0.0`, the unauthenticated admin UI becomes reachable on your current network. If the instance contains API keys, provider settings, or skills management data, prefer `127.0.0.1` and only enable LAN access on trusted networks.
 
 ### Run from source
 
@@ -232,7 +234,7 @@ codexmate mcp serve --allow-write
 | Variable | Default | Description |
 | --- | --- | --- |
 | `CODEXMATE_PORT` | `3737` | Web server port |
-| `CODEXMATE_HOST` | `0.0.0.0` | Web listen host |
+| `CODEXMATE_HOST` | `127.0.0.1` | Web listen host (set `0.0.0.0` explicitly for LAN access) |
 | `CODEXMATE_NO_BROWSER` | unset | Set `1` to disable browser auto-open |
 | `CODEXMATE_MCP_ALLOW_WRITE` | unset | Set `1` to allow MCP write tools by default |
 | `CODEXMATE_FORCE_RESET_EXISTING_CONFIG` | `0` | Set `1` to force bootstrap reset of existing config |

diff --git a/site/guide/getting-started.md b/site/guide/getting-started.md
@@ -27,7 +27,9 @@ codexmate status
 codexmate run
 ```
 
-默认监听 `0.0.0.0:3737`，支持局域网访问，并尝试自动打开浏览器。
+默认监听 `127.0.0.1:3737`，仅本机可访问，并尝试自动打开浏览器。
+
+如需局域网访问，可显式设置 `CODEXMATE_HOST=0.0.0.0` 或使用 `--host 0.0.0.0`；若当前网络不可信，建议继续使用 `127.0.0.1`。
 
 仅启动服务（测试 / CI）：
 

diff --git a/tests/unit/config-tabs-ui.test.mjs b/tests/unit/config-tabs-ui.test.mjs
@@ -109,6 +109,7 @@ test('config template keeps expected config tabs in top and side navigation', ()
 test('web ui script defines provider mode metadata for codex only', () => {
     const appScript = readProjectFile('web-ui/app.js');
     const configModeComputed = readProjectFile('web-ui/modules/config-mode.computed.mjs');
+    const sessionTrashMethods = readProjectFile('web-ui/modules/session-trash.methods.mjs');
 
     assert.match(appScript, /CONFIG_MODE_SET/);
     assert.match(appScript, /getProviderConfigModeMeta/);
@@ -176,6 +177,8 @@ test('web ui script defines provider mode metadata for codex only', () => {
     assert.match(appScript, /skillsMarketLoading:\s*false/);
     assert.match(appScript, /skillsMarketLocalLoadedOnce:\s*false/);
     assert.match(appScript, /skillsMarketImportLoadedOnce:\s*false/);
+    assert.match(appScript, /createSessionTrashMethods/);
+    assert.match(appScript, /\.\.\.createSessionTrashMethods\(/);
     assert.doesNotMatch(appScript, /skillsMarketRemoteLoading:\s*false/);
     assert.doesNotMatch(appScript, /skillsMarketRemoteLoadedOnce:\s*false/);
     assert.doesNotMatch(appScript, /skillsMarketRemoteItems:\s*\[\]/);
@@ -190,21 +193,21 @@ test('web ui script defines provider mode metadata for codex only', () => {
     assert.match(appScript, /visibleSessionTrashItems\(\)/);
     assert.match(appScript, /sessionTrashHasMoreItems\(\)/);
     assert.match(appScript, /sessionTrashHiddenCount\(\)/);
-    assert.match(appScript, /normalizeSettingsTab\(tab\)/);
-    assert.match(appScript, /switchSettingsTab\(tab,\s*options = \{\}\)/);
-    assert.match(appScript, /loadSessionTrash\(options = \{\}\)/);
-    assert.match(appScript, /loadMoreSessionTrashItems\(\)/);
-    assert.match(appScript, /restoreSessionTrash\(item\)/);
-    assert.match(appScript, /purgeSessionTrash\(item\)/);
-    assert.match(appScript, /clearSessionTrash\(\)/);
-    assert.match(appScript, /buildSessionTrashItemFromSession\(session,\s*result = \{\}\)/);
-    assert.match(appScript, /prependSessionTrashItem\(item,\s*options = \{\}\)/);
-    assert.match(appScript, /resetSessionTrashVisibleCount\(\)/);
-    assert.match(appScript, /normalizeSessionTrashTotalCount\(totalCount,\s*fallbackItems = this\.sessionTrashItems\)/);
-    assert.match(appScript, /getSessionTrashViewState\(\)/);
-    assert.match(appScript, /this\.sessionTrashTotalCount = this\.normalizeSessionTrashTotalCount\(res\.totalCount,\s*nextItems\);/);
-    assert.match(appScript, /this\.sessionTrashTotalCount = this\.normalizeSessionTrashTotalCount\(\s*res && res\.totalCount !== undefined/);
-    assert.match(appScript, /messageCount:\s*Number\.isFinite\(Number\(result && result\.messageCount\)\)/);
+    assert.match(sessionTrashMethods, /normalizeSettingsTab\(tab\)/);
+    assert.match(sessionTrashMethods, /switchSettingsTab\(tab,\s*options = \{\}\)/);
+    assert.match(sessionTrashMethods, /loadSessionTrash\(options = \{\}\)/);
+    assert.match(sessionTrashMethods, /loadMoreSessionTrashItems\(\)/);
+    assert.match(sessionTrashMethods, /restoreSessionTrash\(item\)/);
+    assert.match(sessionTrashMethods, /purgeSessionTrash\(item\)/);
+    assert.match(sessionTrashMethods, /clearSessionTrash\(\)/);
+    assert.match(sessionTrashMethods, /buildSessionTrashItemFromSession\(session,\s*result = \{\}\)/);
+    assert.match(sessionTrashMethods, /prependSessionTrashItem\(item,\s*options = \{\}\)/);
+    assert.match(sessionTrashMethods, /resetSessionTrashVisibleCount\(\)/);
+    assert.match(sessionTrashMethods, /normalizeSessionTrashTotalCount\(totalCount,\s*fallbackItems = this\.sessionTrashItems\)/);
+    assert.match(sessionTrashMethods, /getSessionTrashViewState\(\)/);
+    assert.match(sessionTrashMethods, /this\.sessionTrashTotalCount = this\.normalizeSessionTrashTotalCount\(res\.totalCount,\s*nextItems\);/);
+    assert.match(sessionTrashMethods, /options && options\.totalCount !== undefined/);
+    assert.match(sessionTrashMethods, /messageCount:\s*Number\.isFinite\(Number\(result && result\.messageCount\)\)/);
     assert.match(appScript, /clearActiveSessionState\(\)/);
     assert.match(appScript, /removeSessionFromCurrentList\(session\)/);
     assert.match(appScript, /await this\.removeSessionFromCurrentList\(session\);/);