fix(web): add /auth proxy for dev server and update .gitignore

.gitignore

@@ -48,3 +48,23 @@ Thumbs.db
 
 # Database files
 loom.db*
+
+# Local environment
+.env
+.env.*
+
+# Claude Code
+.claude/
+
+# Playwright MCP screenshots
+.playwright-mcp/
+
+# Session-specific files
+CURRENT_SESSION_CONTEXT.md
+
+# Local convenience scripts/docs (not part of repo)
+main.sh
+/docs/
+
+# npm lockfile (project uses pnpm)
+package-lock.json

crates/loom-weaver-audit-sidecar/Cargo.toml

@@ -39,9 +39,6 @@ prometheus = "0.13"
 # Axum for health endpoint
 axum = "0.7"
 
-# eBPF userspace library
-aya = "0.13"
-
 # Cryptographic hashing
 sha2 = "0.10"
 
@@ -60,3 +57,8 @@ ebpf = []
 proptest = { workspace = true }
 tempfile = { workspace = true }
 tokio-test = { workspace = true }
+
+# Linux-only dependencies
+[target.'cfg(target_os = "linux")'.dependencies]
+# eBPF userspace library - Linux only (uses netlink, bpf syscalls)
+aya = "0.13"

crates/loom-weaver-audit-sidecar/src/loader.rs

@@ -1,6 +1,13 @@
 // Copyright (c) 2025 Geoffrey Huntley <ghuntley@ghuntley.com>. All rights reserved.
 // SPDX-License-Identifier: Proprietary
 
+//! eBPF audit loader for Linux systems.
+//!
+//! This module is only compiled on Linux with the `ebpf` feature enabled.
+//! On other platforms, the audit sidecar runs in stub mode without eBPF monitoring.
+
+#![cfg(all(feature = "ebpf", target_os = "linux"))]
+
 // The LoaderError enum is intentionally large due to the aya::programs::ProgramError
 // contained in the Attach variant. Boxing would add unnecessary complexity for
 // error types that are only used at startup/initialization time.

crates/loom-weaver-audit-sidecar/src/main.rs

@@ -11,6 +11,7 @@ mod event_processor;
 mod events;
 mod filter;
 mod health;
+#[cfg(all(feature = "ebpf", target_os = "linux"))]
 mod loader;
 mod metrics;
 
@@ -30,7 +31,7 @@ use crate::config::Config;
 use crate::event_processor::{EventProcessor, EventProcessorConfig};
 use crate::events::WeaverAuditEvent;
 use crate::health::{health_router, HealthState};
-#[cfg(feature = "ebpf")]
+#[cfg(all(feature = "ebpf", target_os = "linux"))]
 use crate::loader::EbpfAuditLoader;
 use crate::metrics::Metrics;
 
@@ -181,6 +182,7 @@ async fn main() -> Result<()> {
 	));
 
 	// Bounded channel for raw eBPF events to prevent OOM from unbounded task spawning
+	#[allow(unused_variables)]
 	let (raw_event_tx, mut raw_event_rx) = mpsc::channel::<Vec<u8>>(1000);
 
 	// Spawn consumer task to process raw events
@@ -191,7 +193,7 @@ async fn main() -> Result<()> {
 		}
 	});
 
-	#[cfg(feature = "ebpf")]
+	#[cfg(all(feature = "ebpf", target_os = "linux"))]
 	let ebpf_loaded = match EbpfAuditLoader::new() {
 		Ok(loader) => {
 			let attached = loader.attached_count();
@@ -234,9 +236,9 @@ async fn main() -> Result<()> {
 		}
 	};
 
-	#[cfg(not(feature = "ebpf"))]
+	#[cfg(not(all(feature = "ebpf", target_os = "linux")))]
 	let ebpf_loaded = {
-		info!("eBPF feature not enabled, running in stub mode");
+		info!("eBPF not available (feature disabled or not on Linux), running in stub mode");
 		health_state.set_ebpf_status(0, 0).await;
 		false
 	};

web/loom-web/vite.config.ts

@@ -26,6 +26,10 @@ export default defineConfig({
 				target: 'http://127.0.0.1:8080',
 				changeOrigin: true,
 			},
+			'/auth': {
+				target: 'http://127.0.0.1:8080',
+				changeOrigin: true,
+			},
 		},
 	},
 	test: {