From 6d79638ef308eb9cbff79b5f03e6a090f4be1763 Mon Sep 17 00:00:00 2001
From: James <james@jongsma.me>
Date: Mon, 23 Mar 2026 00:30:53 -0400
Subject: [PATCH] Fix TASK-009: Bind dev server to localhost only (127.0.0.1)

Security fix: Changed from 0.0.0.0 (all interfaces) to 127.0.0.1 (localhost only)

Files modified:
- design-system/server.go
- design-system/server-temp.go

Before: http.ListenAndServe(0.0.0.0:8888, ...) - exposed on LAN/WAN
After:  http.ListenAndServe(127.0.0.1:8888, ...) - localhost only

Note: server-temp.go has 60-minute auto-shutdown. Dev server was not running
at time of fix (likely auto-shut or manually killed).
---
 design-system/server-temp.go | 4 ++--
 design-system/server.go      | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/design-system/server-temp.go b/design-system/server-temp.go
index 8f4bfbd..018d2c2 100644
--- a/design-system/server-temp.go
+++ b/design-system/server-temp.go
@@ -23,11 +23,11 @@ func main() {
 	defer cancel()
 	
 	server := &http.Server{
-		Addr:    "0.0.0.0:8888",
+		Addr:    "127.0.0.1:8888",
 		Handler: handler,
 	}
 	
-	log.Println("Serving on http://192.168.1.16:8888")
+	log.Println("Serving on http://127.0.0.1:8888")
 	log.Println("Auto-shutdown in 60 minutes")
 	
 	// Run server in goroutine
diff --git a/design-system/server.go b/design-system/server.go
index b76587f..16606a3 100644
--- a/design-system/server.go
+++ b/design-system/server.go
@@ -16,6 +16,6 @@ func main() {
 		fs.ServeHTTP(w, r)
 	})
 	
-	log.Println("Serving on http://192.168.1.16:8888")
-	log.Fatal(http.ListenAndServe("0.0.0.0:8888", handler))
+	log.Println("Serving on http://127.0.0.1:8888")
+	log.Fatal(http.ListenAndServe("127.0.0.1:8888", handler))
 }
\ No newline at end of file