Add secure remote startup flow#255
Closed
neubig wants to merge 8 commits into
Closed
Conversation
Co-authored-by: openhands <openhands@all-hands.dev>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
# Conflicts: # AGENTS.md
Co-authored-by: openhands <openhands@all-hands.dev>
# Conflicts: # SELF_HOSTING.md
Co-authored-by: openhands <openhands@all-hands.dev>
…re-remote-startup
rbren
reviewed
May 11, 2026
| "dev:automation": "node --env-file-if-exists=.env scripts/dev-with-automation.mjs", | ||
| "dev:docker": "node --env-file-if-exists=.env scripts/dev-docker.mjs", | ||
| "dev:static": "node --env-file-if-exists=.env scripts/dev-static.mjs", | ||
| "dev:remote": "node --env-file-if-exists=.env scripts/dev-static.mjs --remote", |
Member
There was a problem hiding this comment.
looks like dev:remote just runs dev:static which is a helper I made for myself on slow connections
I don't think we need dev:remote, just dev should work fine.
rbren
reviewed
May 11, 2026
|
|
||
| Access the UI at [http://localhost:8000](http://localhost:8000) | ||
|
|
||
| By default, the dev script automatically passes the generated session API key to the browser frontend for local convenience. To require each browser to enter the key instead, start it with `OH_REQUIRE_BROWSER_SESSION_KEY=1 npm run dev:docker`; users can enter the key from `~/.openhands/agent-canvas/session-api-key.txt` (or your `SESSION_API_KEY` / `OH_SESSION_API_KEYS_0` value) in the onboarding backend connection step. |
Co-authored-by: openhands <openhands@all-hands.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
SESSION_API_KEYacross recommended dev-stack restarts so agent-server auth is enabled by defaultOH_REQUIRE_BROWSER_SESSION_KEY=1for the recommended Docker and non-Docker flows to suppress automaticVITE_SESSION_API_KEYpropagation to the browsernpm run dev:remotestartup path/recommendation; remote/shared use can use the existingdev:dockerordev:dangerously-dockerlessworkflows withOH_REQUIRE_BROWSER_SESSION_KEY=1Verification
node --check scripts/dev-static.mjsnpm run test -- __tests__/scripts/dev-static.test.ts __tests__/scripts/dev-with-automation.test.ts __tests__/scripts/dev-docker.test.tsnpm run typechecknpm run buildThis PR description was updated by an AI agent (OpenHands) on behalf of the user.
@neubig can click here to continue refining the PR