security: webhook server runs plain HTTP without TLS

## Description

The webhook trigger server runs plain HTTP. This is acceptable when bound to `127.0.0.1` (the default) behind a reverse proxy that terminates TLS, but provides no encryption if exposed directly on a non-localhost interface.

## Affected files

- Webhook server code (trigger system)

## Impact

Unencrypted webhook traffic if bound to a non-localhost address without a TLS-terminating reverse proxy.

## Recommended fix

1. Document the requirement for TLS termination in non-localhost deployments
2. Log a warning when the server is configured to bind to a non-localhost address:

```python
if bind_host not in ("127.0.0.1", "::1", "localhost"):
    logger.warning("webhook.no_tls", bind=bind_host, hint="Use a reverse proxy for TLS termination")
```

## Severity

LOW — default binding to localhost mitigates this.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

security: webhook server runs plain HTTP without TLS #212

Description

Affected files

Impact

Recommended fix

Severity

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

security: webhook server runs plain HTTP without TLS #212

Description

Description

Affected files

Impact

Recommended fix

Severity

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions