diff --git a/CHANGELOG.md b/CHANGELOG.md
index d9f19a06..378da31f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -56,6 +56,19 @@ All notable changes to Bundle of Joy Server are documented here.
   [`hyperpolymath/standards#100`](https://github.com/hyperpolymath/standards/issues/100),
   [`#91`](https://github.com/hyperpolymath/standards/issues/91).
 
+- **Container `APP_HOST` default is now `127.0.0.1`** (was: `"[::]"`
+  IPv6 all-interfaces). Tightens three sites that feed the Zig adapter
+  binary's `--host` flag: `stapeln.toml [targets.production]`,
+  `container/entrypoint.sh`, and `container/compose.prod.yaml`. Same
+  Phase E posture as the Cowboy bind change in the Elixir path: BoJ
+  binds loopback by default when fronted by `http-capability-gateway`
+  (HCG tier-2). Legacy/standalone deployments without HCG in front
+  should override `APP_HOST=0.0.0.0` (IPv4 all-interfaces) or
+  `APP_HOST=::` (IPv6 all-interfaces) in their deployment config.
+  Phase E rollout-runbook §1.4 prereq #7. Refs
+  [`hyperpolymath/standards#100`](https://github.com/hyperpolymath/standards/issues/100),
+  [`#91`](https://github.com/hyperpolymath/standards/issues/91).
+
 ### Added
 
 - **ADR-0014 — cross-cartridge composition safety (RFC)** — frames the
diff --git a/container/compose.prod.yaml b/container/compose.prod.yaml
index fae6f82b..50e4ce1c 100644
--- a/container/compose.prod.yaml
+++ b/container/compose.prod.yaml
@@ -40,8 +40,12 @@ services:
     volumes:
       - boj-node-data:/data:Z
     environment:
-      # Server binding
-      APP_HOST: "[::]"
+      # Server binding — loopback by default per ADR-0004 §1 (BoJ is
+      # fronted by http-capability-gateway tier-2 and not externally
+      # routable). Override APP_HOST=0.0.0.0 or APP_HOST=:: for
+      # legacy/standalone deployments without HCG in front.
+      # See docs/integration/hcg-tier2-rollout-runbook.md §1.4 prereq #7.
+      APP_HOST: "127.0.0.1"
       APP_PORT: "7700"
       APP_DATA_DIR: "/data"
       APP_LOG_FORMAT: "json"
diff --git a/container/entrypoint.sh b/container/entrypoint.sh
index b35ad0c9..f40bb980 100755
--- a/container/entrypoint.sh
+++ b/container/entrypoint.sh
@@ -37,7 +37,7 @@ done
 export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:+${LD_LIBRARY_PATH}:}${CART_LIBS}"
 
 echo "Starting boj-server..."
-echo "  Host: ${APP_HOST:-[::]}"
+echo "  Host: ${APP_HOST:-127.0.0.1}"
 echo "  Port: ${APP_PORT:-7700}"
 echo "  Data: ${APP_DATA_DIR:-/data}"
 echo "  Log:  ${APP_LOG_FORMAT:-json}"
@@ -137,4 +137,8 @@ bootstrap_federation &
 # Replace the entrypoint shell with the application process so that
 # signals are delivered directly and PID 1 is the application.
 
-exec /app/boj-server serve --host "${APP_HOST:-[::]}" --port "${REST_PORT}"
+# Default to 127.0.0.1 (loopback) per ADR-0004 §1 — BoJ is fronted by
+# http-capability-gateway (HCG tier-2) and is not externally routable
+# in canonical deployments. Override APP_HOST for legacy/standalone use.
+# See docs/integration/hcg-tier2-rollout-runbook.md §1.4 prereq #7.
+exec /app/boj-server serve --host "${APP_HOST:-127.0.0.1}" --port "${REST_PORT}"
diff --git a/stapeln.toml b/stapeln.toml
index 6f8c63e0..d8e98f8a 100644
--- a/stapeln.toml
+++ b/stapeln.toml
@@ -97,7 +97,14 @@ env = { LOG_LEVEL = "debug", BOJ_DEV_MODE = "true" }
 
 [targets.production]
 layers = ["runtime"]
-env = { LOG_LEVEL = "info", APP_HOST = "[::]", APP_PORT = "7700" }
+# APP_HOST = "127.0.0.1" (was "[::]") — code-enforces the ADR-0004 §1
+# invariant that BoJ's back-side bind is not externally routable in
+# deployments fronted by http-capability-gateway (HCG tier-2). See
+# docs/integration/hcg-tier2-rollout-runbook.md §1.4 prereq #7.
+# Legacy/standalone deployments without HCG in front should override
+# APP_HOST=0.0.0.0 (IPv4 all-interfaces) or APP_HOST=:: (IPv6
+# all-interfaces) in their deployment configuration.
+env = { LOG_LEVEL = "info", APP_HOST = "127.0.0.1", APP_PORT = "7700" }
 
 [targets.test]
 layers = ["base", "zig-toolchain", "ffi-build", "adapter-build"]