Ip stuff

[ignaciojimenezr]

Summary

• Fix guest IP/rate-limit support for local npx runs
• Let local production mode create stable guest secrets on disk
• Keep hosted prod strict: Railway/Docker still must use real env vars
• Add tests for local vs hosted secret behavior

Why

• Guest rate limits need a stable IP hash pepper
• Guest proxying needs a stable shared secret
• npx can run with NODE_ENV=production
• Before this, local npx could fail because it expected hosted env secrets

Tests

• Added local-secret-store tests for env, local fallback, hosted rejection, and test-mode rejection

[chelojimenez]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[github-actions]

Internal preview

Preview URL will appear in Railway after the deploy finishes.
Deployed commit: 07da939
PR head commit: 21210b9
Backend target: staging fallback.
Access is employee-only in non-production environments.