Forbidden Exposure Patterns

This page is an explicit deny-list for unsupported exposure patterns.

Hard Not Allowed

tailscale serve for ClawControl ports
binding ClawControl to 0.0.0.0
exposing ClawControl through reverse proxy to LAN/WAN
public tunnel exposure (ngrok, cloudflared, similar)
disabling local-only safeguards for public access behavior

Why

ClawControl is designed as a local-first admin console with single-user trust assumptions and local host enforcement. Unsupported exposure patterns break those assumptions.

Supported Remote Pattern

Only user-initiated SSH local forwarding (including Tailscale transport) is supported.

Last updated

2026-02-13

Tailscale Tunnel (SSH Port Forwarding)
Local-only Networking Enforcement
Loopback Policy Violations

Home

Product

Getting Started

Guides

Integration

Security & Networking

Remote Access

Data

Reference

API Reference

Operations

Deployment

Developers

Hard Not Allowed

Why

Supported Remote Pattern

Last updated

Home

Product

Getting Started

Guides

Integration

Security & Networking

Remote Access

Data

Reference

API Reference

Operations

Deployment

Developers

​Hard Not Allowed

​Why

​Supported Remote Pattern

​Last updated

​Related pages

Hard Not Allowed

Why

Supported Remote Pattern

Last updated

Related pages