installer/CLAUDE.md

# Installer

## Deployment Modes

The installer (`installer/install.sh`) supports two deployment modes:

| | Multi-tenant SaaS (`DEPLOYMENT_MODE=saas`) | Standalone (`DEPLOYMENT_MODE=standalone`) |
|---|---|---|
| **Containers** | traefik, postgres, clickhouse, logto, cameleer-saas | traefik, postgres, clickhouse, server, server-ui |
| **Auth** | Logto OIDC (SaaS admin + tenant users) | Local auth (built-in admin, no identity provider) |
| **Tenant management** | SaaS admin creates/manages tenants via UI | Single server instance, no fleet management |
| **PostgreSQL** | `cameleer-postgres` image (multi-DB init) | Stock `postgres:16-alpine` (server creates schema via Flyway) |
| **Use case** | Platform vendor managing multiple customers | Single customer running the product directly |

Standalone mode generates a simpler compose with the server running directly. No Logto, no SaaS management plane, no bootstrap. The admin logs in with local credentials at `/`.

## Compose templates

The installer uses static docker-compose templates in `installer/templates/`. Templates are copied to the install directory and composed via `COMPOSE_FILE` in `.env`:
- `docker-compose.yml` — shared infrastructure (traefik, postgres, clickhouse)
- `docker-compose.saas.yml` — SaaS mode (logto, cameleer-saas)
- `docker-compose.server.yml` — standalone mode (server, server-ui)
- `docker-compose.tls.yml` — overlay: custom TLS cert volume
- `docker-compose.monitoring.yml` — overlay: external monitoring network

## SMTP configuration

Both installers (`install.sh` and `install.ps1`) prompt for SMTP settings in SaaS mode when the user opts in ("Configure SMTP for email verification?"). SMTP is required for self-service sign-up — without it, only admin-created users can sign in.

Env vars: `SMTP_HOST`, `SMTP_PORT` (default 587), `SMTP_USER`, `SMTP_PASS`, `SMTP_FROM_EMAIL` (default `noreply@<PUBLIC_HOST>`). Passed to the `cameleer-logto` container. The bootstrap script (Phase 8b) discovers the SMTP connector factory and creates the connector with Cameleer-branded email templates.

CLI args: `--smtp-host`, `--smtp-port`, `--smtp-user`, `--smtp-pass`, `--smtp-from-email` (bash) / `-SmtpHost`, `-SmtpPort`, `-SmtpUser`, `-SmtpPass`, `-SmtpFromEmail` (PS1). Persisted in `cameleer.conf` for upgrades/reconfigure.

## Registry configuration

Both installers support pulling images from a custom Docker registry via `--registry` (bash) / `-Registry` (PS1). Default: `gitea.siegeln.net/cameleer`.

When a registry is configured, the installer writes `*_IMAGE` env vars to `.env` (e.g. `TRAEFIK_IMAGE`, `POSTGRES_IMAGE`, `CAMELEER_IMAGE`) which override the defaults baked into the compose templates. In SaaS mode, provisioning image refs (`CAMELEER_SAAS_PROVISIONING_*IMAGE`) are also set from the registry.

For private registries, pass `--registry-user` / `--registry-token` (bash) or `-RegistryUser` / `-RegistryToken` (PS1). The installer runs `docker login` before pulling images. Credentials are persisted in `cameleer.conf` for upgrades/reconfigure.

## Env var naming convention

- `CAMELEER_AGENT_*` — agent config (consumed by the Java agent)
- `CAMELEER_SERVER_*` — server config (consumed by cameleer-server)
- `CAMELEER_SAAS_*` — SaaS management plane config
- `CAMELEER_SAAS_PROVISIONING_*` — "SaaS forwards this to provisioned tenant servers"
- `SMTP_*` — email delivery config for Logto (consumed by bootstrap, SaaS mode only)
- No prefix (e.g. `POSTGRES_PASSWORD`, `PUBLIC_HOST`) — shared infrastructure, consumed by multiple components
refactor: decompose CLAUDE.md into directory-scoped files Root CLAUDE.md reduced from 475 to 175 lines (75 excl. GitNexus). Detailed context now loads automatically only when editing code in the relevant directory: - provisioning/CLAUDE.md — env vars, provisioning flow, lifecycle - config/CLAUDE.md — auth, scopes, JWT, OIDC role extraction - docker/CLAUDE.md — routing, networks, bootstrap, deployment pipeline - installer/CLAUDE.md — deployment modes, compose templates, env naming - ui/CLAUDE.md — frontend files, sign-in UI No information lost — everything moved, nothing deleted. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-16 09:30:21 +02:00			`# Installer`

			`## Deployment Modes`

			The installer (`installer/install.sh`) supports two deployment modes:

			\| \| Multi-tenant SaaS (`DEPLOYMENT_MODE=saas`) \| Standalone (`DEPLOYMENT_MODE=standalone`) \|
			`\|---\|---\|---\|`
			`\| Containers \| traefik, postgres, clickhouse, logto, cameleer-saas \| traefik, postgres, clickhouse, server, server-ui \|`
			`\| Auth \| Logto OIDC (SaaS admin + tenant users) \| Local auth (built-in admin, no identity provider) \|`
			`\| Tenant management \| SaaS admin creates/manages tenants via UI \| Single server instance, no fleet management \|`
			\| PostgreSQL \| `cameleer-postgres` image (multi-DB init) \| Stock `postgres:16-alpine` (server creates schema via Flyway) \|
			`\| Use case \| Platform vendor managing multiple customers \| Single customer running the product directly \|`

			Standalone mode generates a simpler compose with the server running directly. No Logto, no SaaS management plane, no bootstrap. The admin logs in with local credentials at `/`.

			`## Compose templates`

			The installer uses static docker-compose templates in `installer/templates/`. Templates are copied to the install directory and composed via `COMPOSE_FILE` in `.env`:
			- `docker-compose.yml` — shared infrastructure (traefik, postgres, clickhouse)
			- `docker-compose.saas.yml` — SaaS mode (logto, cameleer-saas)
			- `docker-compose.server.yml` — standalone mode (server, server-ui)
			- `docker-compose.tls.yml` — overlay: custom TLS cert volume
			- `docker-compose.monitoring.yml` — overlay: external monitoring network

feat: self-service sign-up with email verification and onboarding Complete sign-up pipeline: email registration via Logto Experience API, SMTP email verification, and self-service trial tenant creation. Layer 1 — Logto config: - Bootstrap Phase 8b: SMTP email connector with branded HTML templates - Bootstrap Phase 8c: enable SignInAndRegister (email+password sign-up) - Dockerfile installs official Logto connectors (ensures SMTP available) - SMTP env vars in docker-compose, installer templates, .env.example Layer 2 — Experience API (ui/sign-in/experience-api.ts): - Registration flow: initRegistration → sendVerificationCode → verifyCode → addProfile (password) → identifyUser → submit - Sign-in auto-detects email vs username identifier Layer 3 — Custom sign-in UI (ui/sign-in/SignInPage.tsx): - Three-mode state machine: signIn / register / verifyCode - Reads first_screen=register from URL query params - Toggle links between sign-in and register views Layer 4 — Post-registration onboarding: - OnboardingService: reuses VendorTenantService.createAndProvision(), adds calling user to Logto org as owner, enforces one trial per user - OnboardingController: POST /api/onboarding/tenant (authenticated only) - OnboardingPage.tsx: org name + auto-slug form - LandingRedirect: detects zero orgs → redirects to /onboarding - RegisterPage.tsx: /platform/register initiates OIDC with firstScreen Installers (install.sh + install.ps1): - Both prompt for SMTP config in SaaS mode - CLI args, env var capture, cameleer.conf persistence Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-25 00:21:07 +02:00			`## SMTP configuration`

			Both installers (`install.sh` and `install.ps1`) prompt for SMTP settings in SaaS mode when the user opts in ("Configure SMTP for email verification?"). SMTP is required for self-service sign-up — without it, only admin-created users can sign in.

			Env vars: `SMTP_HOST`, `SMTP_PORT` (default 587), `SMTP_USER`, `SMTP_PASS`, `SMTP_FROM_EMAIL` (default `noreply@<PUBLIC_HOST>`). Passed to the `cameleer-logto` container. The bootstrap script (Phase 8b) discovers the SMTP connector factory and creates the connector with Cameleer-branded email templates.

			CLI args: `--smtp-host`, `--smtp-port`, `--smtp-user`, `--smtp-pass`, `--smtp-from-email` (bash) / `-SmtpHost`, `-SmtpPort`, `-SmtpUser`, `-SmtpPass`, `-SmtpFromEmail` (PS1). Persisted in `cameleer.conf` for upgrades/reconfigure.

feat(installer): add --registry, --registry-user, --registry-token Both installers (bash + PS1) now support pulling images from a custom Docker registry. Writes *_IMAGE env vars to .env so compose templates use the configured registry. Runs docker login before pull when credentials are provided. Persisted in cameleer.conf for upgrades/reconfigure. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-25 02:10:48 +02:00			`## Registry configuration`

			Both installers support pulling images from a custom Docker registry via `--registry` (bash) / `-Registry` (PS1). Default: `gitea.siegeln.net/cameleer`.

			When a registry is configured, the installer writes `_IMAGE` env vars to `.env` (e.g. `TRAEFIK_IMAGE`, `POSTGRES_IMAGE`, `CAMELEER_IMAGE`) which override the defaults baked into the compose templates. In SaaS mode, provisioning image refs (`CAMELEER_SAAS_PROVISIONING_IMAGE`) are also set from the registry.

			For private registries, pass `--registry-user` / `--registry-token` (bash) or `-RegistryUser` / `-RegistryToken` (PS1). The installer runs `docker login` before pulling images. Credentials are persisted in `cameleer.conf` for upgrades/reconfigure.

refactor: decompose CLAUDE.md into directory-scoped files Root CLAUDE.md reduced from 475 to 175 lines (75 excl. GitNexus). Detailed context now loads automatically only when editing code in the relevant directory: - provisioning/CLAUDE.md — env vars, provisioning flow, lifecycle - config/CLAUDE.md — auth, scopes, JWT, OIDC role extraction - docker/CLAUDE.md — routing, networks, bootstrap, deployment pipeline - installer/CLAUDE.md — deployment modes, compose templates, env naming - ui/CLAUDE.md — frontend files, sign-in UI No information lost — everything moved, nothing deleted. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-16 09:30:21 +02:00			`## Env var naming convention`

			- `CAMELEER_AGENT_*` — agent config (consumed by the Java agent)
			- `CAMELEER_SERVER_*` — server config (consumed by cameleer-server)
			- `CAMELEER_SAAS_*` — SaaS management plane config
			- `CAMELEER_SAAS_PROVISIONING_*` — "SaaS forwards this to provisioned tenant servers"
feat: self-service sign-up with email verification and onboarding Complete sign-up pipeline: email registration via Logto Experience API, SMTP email verification, and self-service trial tenant creation. Layer 1 — Logto config: - Bootstrap Phase 8b: SMTP email connector with branded HTML templates - Bootstrap Phase 8c: enable SignInAndRegister (email+password sign-up) - Dockerfile installs official Logto connectors (ensures SMTP available) - SMTP env vars in docker-compose, installer templates, .env.example Layer 2 — Experience API (ui/sign-in/experience-api.ts): - Registration flow: initRegistration → sendVerificationCode → verifyCode → addProfile (password) → identifyUser → submit - Sign-in auto-detects email vs username identifier Layer 3 — Custom sign-in UI (ui/sign-in/SignInPage.tsx): - Three-mode state machine: signIn / register / verifyCode - Reads first_screen=register from URL query params - Toggle links between sign-in and register views Layer 4 — Post-registration onboarding: - OnboardingService: reuses VendorTenantService.createAndProvision(), adds calling user to Logto org as owner, enforces one trial per user - OnboardingController: POST /api/onboarding/tenant (authenticated only) - OnboardingPage.tsx: org name + auto-slug form - LandingRedirect: detects zero orgs → redirects to /onboarding - RegisterPage.tsx: /platform/register initiates OIDC with firstScreen Installers (install.sh + install.ps1): - Both prompt for SMTP config in SaaS mode - CLI args, env var capture, cameleer.conf persistence Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-25 00:21:07 +02:00			- `SMTP_*` — email delivery config for Logto (consumed by bootstrap, SaaS mode only)
refactor: decompose CLAUDE.md into directory-scoped files Root CLAUDE.md reduced from 475 to 175 lines (75 excl. GitNexus). Detailed context now loads automatically only when editing code in the relevant directory: - provisioning/CLAUDE.md — env vars, provisioning flow, lifecycle - config/CLAUDE.md — auth, scopes, JWT, OIDC role extraction - docker/CLAUDE.md — routing, networks, bootstrap, deployment pipeline - installer/CLAUDE.md — deployment modes, compose templates, env naming - ui/CLAUDE.md — frontend files, sign-in UI No information lost — everything moved, nothing deleted. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-16 09:30:21 +02:00			- No prefix (e.g. `POSTGRES_PASSWORD`, `PUBLIC_HOST`) — shared infrastructure, consumed by multiple components