feat: bind to 127.0.0.1 by default instead of 0.0.0.0

[bfirsh]

Summary

• Default port binding changed from 0.0.0.0 to 127.0.0.1 across all commands, preventing prediction endpoints from being accidentally exposed to the entire network during development.
• Added --host flag to cog serve and host:port syntax to cog run -p so users can opt into binding to all interfaces when needed.

Changes

File	Change
pkg/docker/command/command.go	Added HostIP field to Port struct
pkg/docker/docker.go	Uses port.HostIP (default 127.0.0.1) instead of hardcoded ""
pkg/docker/run.go	GetHostPortForContainer now accepts a hostIP parameter
pkg/docker/run_test.go	Updated tests + added new test cases for default and all-interfaces binding
pkg/cli/serve.go	Added --host flag (default 127.0.0.1)
pkg/cli/run.go	-p flag supports host:port syntax (e.g. -p 0.0.0.0:8888), defaults to 127.0.0.1
pkg/predict/predictor.go	cog predict/cog train bind to 127.0.0.1

User-facing behavior

Command	Before	After
cog serve	Binds to 0.0.0.0	Binds to 127.0.0.1. Use --host 0.0.0.0 to expose.
cog run -p 8888	Binds to 0.0.0.0:8888	Binds to 127.0.0.1:8888. Use -p 0.0.0.0:8888 to expose.
cog predict / cog train	Binds to 0.0.0.0	Binds to 127.0.0.1

Test plan

• All 853 Go unit tests pass
• 0 lint issues

[ask-bonk]

LGTM

github run

[ask-bonk]

@anish-sahoo Bonk workflow was cancelled.

View workflow run · To retry, trigger Bonk again.

[ask-bonk]

Changes default port binding from 0.0.0.0 to 127.0.0.1 across Docker container operations, with a new --host flag for cog serve and HostIP support in the port abstraction.

Issues found:

1. cog exec -p silently breaks backward compatibility. pkg/cli/exec.go creates command.Port without setting HostIP. Since docker.go now defaults empty HostIP to 127.0.0.1, cog exec -p 8888 now binds to localhost instead of all interfaces, with no escape hatch for users who need network exposure. Consider adding host:port parsing to the -p flag here, or an explicit --host flag for cog exec.

2. Misleading URL when explicitly binding to all interfaces. pkg/cli/serve.go substitutes localhost when --host 0.0.0.0 is used, which hides the fact that the server is exposed to the entire network. The displayed URL should reflect the actual binding or include a warning.

[ask-bonk]

I'm Bonk, and I've done a quick review of your PR.

Summary: Changes default Docker port binding from 0.0.0.0 to 127.0.0.1, adds --host flag to cog serve, and threads HostIP through the port abstraction.

Issues (highest severity first):

1. cog exec -p backward compatibility break — pkg/cli/exec.go:123 creates command.Port without HostIP, so it silently falls through to the new 127.0.0.1 default. Users who previously relied on cog exec -p 8888 being reachable from the network now have no escape hatch. Consider adding host:port syntax support or a --host flag to cog exec.

2. Misleading serve URL when binding to all interfaces — pkg/cli/serve.go:173-176 displays http://localhost:port even when --host 0.0.0.0 is explicitly passed, which masks the security implication that the server is exposed to the entire network.

I posted the full review as a top-level PR comment because the batch review API returned a 422 (likely stale line numbers). You can view it here: #2812 (comment)

github run