Scenario — Enterprise network binding checklist

An operator verifies default loopback binds, inventories open ports, and only then widens LENSES_HOST/--bind-all-interfaces, pairing changes with firewall posture.

Updated

Scenario summary

An operator verifies default loopback binds, inventories open ports, and only then widens LENSES_HOST/--bind-all-interfaces, pairing changes with firewall posture.

User role

Platform operator or security reviewer.

Starting state

  • Forge Lenses installed per Install and run.
  • Shell access to ss or lsof on the host.

Steps

  1. Record ss -lptn while Lenses is stopped and while running on the default port.
  2. Compare results with Enterprise — network binding.
  3. If widening binds, document the reverse proxy + TLS termination owner.

Example input

ss -lptn 'sport = :8080'

Example output or expected state

Only loopback (127.0.0.1) listeners until --bind-all-interfaces + proxy plan is logged.

Verification

Failure / recovery

REST narrative: Schemas and API for builders. JSON stub: sample-oauth-oidc-endpoint.json anchors OIDC appendix references.