SecureServe

The Live Server that won't leak your secrets.

Security-first local serving with blocked secret files, guarded CORS, loopback binding, and a visible security status panel.

Why This Exists

SecureServe is built as a privacy-first, local-first alternative to Live Server. The extension keeps core workflow data on the user's machine and focuses on the advanced workflow gaps documented in the NexForge build tracker.

Features

• Loopback-only local server
• CORS allowlist
• Secret-file blocking
• Path traversal protection
• Security status dashboard

Commands

• secureserve.start
• secureserve.stop
• secureserve.open
• secureserve.status

Privacy

This extension is designed for local-first operation. Core data is stored in VS Code storage or workspace .vscode files where the feature explicitly supports Git sharing. No cloud service is required for the free v1.0 release.

Commercial Roadmap

The free v1.0 product is intended to be useful on its own. Paid features should be added only where they expand team workflows without weakening the local-first promise.