Harden tailnet bind setup

cli/src/prompts/server.ts

@@ -2,11 +2,10 @@ import * as p from "@clack/prompts";
 import { isLoopbackHost, type BindMode } from "@paperclipai/shared";
 import type { AuthConfig, ServerConfig } from "../config/schema.js";
 import { parseHostnameCsv } from "../config/hostnames.js";
-import {
-  buildCustomServerConfig,
-  buildPresetServerConfig,
-  inferConfiguredBind,
-} from "../config/server-bind.js";
+import { buildCustomServerConfig, buildPresetServerConfig, inferConfiguredBind } from "../config/server-bind.js";
+
+const TAILNET_BIND_WARNING =
+  "No Tailscale address was detected during setup. The saved config will stay on loopback until Tailscale is available or PAPERCLIP_TAILNET_BIND_HOST is set.";
 
 function cancelled(): never {
   p.cancel("Setup cancelled.");
@@ -95,11 +94,15 @@ export async function promptServer(opts?: {
 
     if (p.isCancel(allowedHostnamesInput)) cancelled();
 
-    return buildPresetServerConfig(bind, {
+    const preset = buildPresetServerConfig(bind, {
       port,
       allowedHostnames: parseHostnameCsv(allowedHostnamesInput),
       serveUi,
     });
+    if (bind === "tailnet" && isLoopbackHost(preset.server.host)) {
+      p.log.warn(TAILNET_BIND_WARNING);
+    }
+    return preset;
   }
 
   const deploymentModeSelection = await p.select({