Deployment Modes
Paperclip supports two runtime modes with different security profiles.
local_trusted
Section titled “local_trusted”The default mode. Optimized for single-operator local use.
- Host binding: loopback only (localhost)
- Authentication: no login required
- Use case: local development, solo experimentation
- Board identity: auto-created local board user
# Set during onboardpnpm paperclipai onboard# Choose "local_trusted"authenticated
Section titled “authenticated”Login required. Supports two exposure policies.
authenticated + private
Section titled “authenticated + private”For private network access (Tailscale, VPN, LAN).
- Authentication: login required via Better Auth
- URL handling: auto base URL mode (lower friction)
- Host trust: private-host trust policy required
pnpm paperclipai onboard# Choose "authenticated" -> "private"Allow custom Tailscale hostnames:
pnpm paperclipai allowed-hostname my-machineauthenticated + public
Section titled “authenticated + public”For internet-facing deployment.
- Authentication: login required
- URL: explicit public URL required
- Security: stricter deployment checks in doctor
pnpm paperclipai onboard# Choose "authenticated" -> "public"Board Claim Flow
Section titled “Board Claim Flow”When migrating from local_trusted to authenticated, Paperclip emits a one-time claim URL at startup:
/board-claim/<token>?code=<code>A signed-in user visits this URL to claim board ownership. This:
- Promotes the current user to instance admin
- Demotes the auto-created local board admin
- Ensures active company membership for the claiming user
Changing Modes
Section titled “Changing Modes”Update the deployment mode:
pnpm paperclipai configure --section serverRuntime override via environment variable:
PAPERCLIP_DEPLOYMENT_MODE=authenticated pnpm paperclipai run