Networking & Ops
HTTPS / LAN access
Access ChatWalaʻau from other devices on your network (phones, tablets, PCs). HTTPS enables the browser Secure Context required for voice input and clipboard on non-localhost origins.
APP_HOST=0.0.0.0
APP_SSL_CERTFILE=.certs/cert.pem
APP_SSL_KEYFILE=.certs/key.pem
Setup with mkcert:
- Install mkcert and run
mkcert -install - Issue a certificate:
mkcert -cert-file .certs/cert.pem -key-file .certs/key.pem <your-ip> localhost 127.0.0.1 - Set the env vars above in
.env - Allow the ports through your firewall (8000 production, 5173 dev)
- Install the CA certificate (
rootCA.pem) on each client device
Access from the LAN at https://<your-ip>:8000. When SSL is not configured, the
server runs in HTTP mode as usual (no breaking change).
Corporate networks (TLS-intercepting proxy)
Behind a corporate proxy (Zscaler, Netskope, on-prem SSL middlebox), the first
outbound HTTPS call can fail because Python's bundled certifi store does not know
your in-house root CA:
httpx.ConnectError: [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: self-signed certificate in certificate chain
The recommended remedy is the opt-in corp extras, which route TLS validation
through the host OS certificate store:
pip install "chatwalaau[corp]"
No source change, no env change, and no behavior change for non-corporate environments. Alternatively, point Python at an explicit CA bundle:
export SSL_CERT_FILE=/path/to/corp-root-ca.pem
export REQUESTS_CA_BUNDLE=/path/to/corp-root-ca.pem
DevUI
Enable the Microsoft Agent Framework DevUI for debugging:
DEVUI_ENABLED=true
DEVUI_PORT=8080
# DEVUI_DISABLE_MCP=true # excluded by default (cross-loop safety)
# DEVUI_DISABLE_RAG=true # excluded by default
Access at http://localhost:8080. DevUI receives a
dedicated Agent instance that reuses the main agent's function tools, skills, and
model client but omits MCP tools and rag_search by default, avoiding cross-loop
invocation between the DevUI daemon thread and the main FastAPI event loop.