#23578: docs(docker): clarify dashboard HTTP access and allowInsecureAuth

## Problem Users running `docker-setup.sh` cannot access the dashboard due to browser secure-context requirements. HTTP contexts restrict `SubtleCrypto` (needed for device identity), causing 'device identity required' errors even with valid tokens. ## Solution - Updated `docker-setup.sh` to print clear dashboard access instructions including the token-embedded URL - Added new section in `docs/install/docker.md` explaining HTTP access requirements - Documented `gateway.controlUi.allowInsecureAuth` config option for Docker/local development - Added security notes about localhost-only bypass behavior ## Changes 1. **docker-setup.sh**: Added dashboard access instructions with HTTP requirements notice 2. **docs/install/docker.md**: - Updated quick start section to mention HTTP access issues - Added new "HTTP Access and allowInsecureAuth" section with: - Explanation of secure-context restrictions - Configuration steps for `allowInsecureAuth` - Security notes about localhost-only bypass ## Security The `allowInsecureAuth` option is safe for Docker/local development because it only bypasses device identity checks for **localhost** connections. Remote connections are still rejected, maintaining the MitM protection from the original security fix. ## Testing - ✅ All quality gates passed (build, tsgo, lint, tests) - ✅ Documentation-only changes, no code logic modifications - ✅ Verified against Docker setup workflow Fixes #23554 --- **AI-assisted**: Implementation and documentation by Claude (Anthropic). **Human oversight**: Code review and testing verification. <!-- greptile_comment --> <h3>Greptile Summary</h3> Adds clear dashboard access instructions and HTTP context documentation for Docker users. The changes address browser secure-context restrictions by documenting the `gateway.controlUi.allowInsecureAuth` configuration option. **Changes:** - `docker-setup.sh`: prints dashboard URL with token and HTTP access notice after setup - `docs/install/docker.md`: adds new section explaining HTTP/HTTPS access requirements, `allowInsecureAuth` configuration, and localhost-only bypass behavior **Key points:** - Documentation correctly explains that `allowInsecureAuth` only bypasses device identity for localhost connections - Security model verified in codebase (`src/gateway/server/ws-connection/connect-policy.ts:62-69`): remote connections are still rejected - All links and anchors are properly formatted for Mintlify <h3>Confidence Score: 5/5</h3> - This PR is safe to merge - documentation-only changes with no code modifications - Documentation accurately reflects the existing security implementation, all quality gates passed, and the changes directly address a real usability issue (issue #23554) for Docker users accessing the dashboard over HTTP - No files require special attention _{Last reviewed commit: f6b0768} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->