lms server start: Auth required not possible

[vielhuber]

Currently, lms server start only supports --port and --cors flags (https://lmstudio.ai/docs/cli/serve/server-start).

There is no way to enable the "Require Authentication" server setting via the CLI.

This means that when running LM Studio headless (e.g. via lms daemon up + lms server start on a remote Linux server), the API server is exposed without any authentication, unless the user has previously toggled the setting in the GUI.

This defeats the purpose of headless mode for any deployment that is network-accessible, as there is no purely CLI-based workflow to secure the server. None of these are ideal. Authentication should be a first-class CLI feature, especially since headless/daemon mode is explicitly designed for server deployments.

lms server start should support enabling authentication and specifying (or generating) an API token directly from the command line. For example:

lms server start --auth --token "my-secret-token"

[simonw]

I'd like this feature too. I want to start running lms server start --cors on my laptop so that my own various client-side web applications on different hosts can use http://localhost:3000/... to run prompts.

But... I don't want random websites I visit to also be able to run prompts on my machine.

Adding optional authentication support, such that JavaScript my own private sites can send a Authorization: bearer xxx HTTP header to localhost:3000 when they want to run a prompt would solve this for me.

[DomoticX]

+1

[hunterzju]

maybe we also need lms server --auth --gen_token command to generate the token?

[miladsoltany]

This is definitely a needed feature