chore: rename cameleer3 to cameleer

Rename Java packages from net.siegeln.cameleer3 to net.siegeln.cameleer,
update all references in workflows, Docker configs, docs, and bootstrap.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docs/superpowers/specs/2026-04-04-dual-deployment-architecture.md

@@ -27,7 +27,7 @@ Key constraints:
 | **Identity & Auth** | **Logto** | MPL-2.0 | Lightest IdP (2 containers, ~0.5-1 GB). Orgs, RBAC, M2M tokens, OIDC/SSO federation all in OSS. Replaces ~3-4 months of custom auth build (OIDC, SSO, teams, invites, MFA, password reset, custom roles). |
 | **Reverse Proxy** | **Traefik** | MIT | Native Docker provider (labels) and K8s provider (IngressRoute CRDs). Same mental model in both environments. Already on the k3s cluster. ForwardAuth middleware for tenant-aware routing. Auto-HTTPS via Let's Encrypt. ~256 MB RAM. |
 | **Database** | **PostgreSQL** | PostgreSQL License | Already chosen. Platform data + Logto data (separate schemas). |
-| **Trace/Metrics Storage** | **ClickHouse** | Apache-2.0 | Replaced OpenSearch in the cameleer3-server stack. Columnar OLAP, excellent for time-series observability data. |
+| **Trace/Metrics Storage** | **ClickHouse** | Apache-2.0 | Replaced OpenSearch in the cameleer-server stack. Columnar OLAP, excellent for time-series observability data. |
 | **Schema Migrations** | **Flyway** | Apache-2.0 | Already in place. |
 | **Billing (subscriptions)** | **Stripe** | N/A (API) | Start with Stripe Checkout for fixed-tier subscriptions. No custom billing infrastructure day 1. |
 | **Billing (usage metering)** | **Lago** (deferred) | AGPL-3.0 | Purpose-built for event-based metering. 8 containers — deploy only when usage-based pricing launches. Design event model with Lago's API shape in mind from day 1. Integrate via API only (keeps AGPL safe). |
@@ -42,14 +42,14 @@ Key constraints:
 | Subsystem | Why Build |
 |---|---|
 | **License signing & validation** | Ed25519 signed JWT with tier, features, limits, expiry. Dual mode: online API check + offline signed file. No off-the-shelf tool does this. Core IP. |
-| **Agent bootstrap tokens** | Tightly coupled to the cameleer3 agent protocol (PROTOCOL.md). Custom Ed25519 tokens for agent registration. |
+| **Agent bootstrap tokens** | Tightly coupled to the cameleer agent protocol (PROTOCOL.md). Custom Ed25519 tokens for agent registration. |
 | **Tenant lifecycle** | CRUD, configuration, status management. Core business logic. User management (invites, teams, roles) is delegated to Logto's organization model. |
 | **Runtime orchestration** | The core of the "managed Camel runtime" product. `RuntimeOrchestrator` interface with Docker and K8s implementations. No off-the-shelf tool does "managed Camel runtime with agent injection." |
-| **Image build pipeline** | Templated Dockerfile: JRE + cameleer3-agent.jar + customer JAR + `-javaagent` flag. Simple but custom. |
+| **Image build pipeline** | Templated Dockerfile: JRE + cameleer-agent.jar + customer JAR + `-javaagent` flag. Simple but custom. |
 | **Feature gating** | Tier-based feature gating logic. Which features are available at which tier. Business logic. |
 | **Billing integration** | Stripe API calls, subscription lifecycle, webhook handling. Thin integration layer. |
-| **Observability proxy** | Routing authenticated requests to tenant-specific cameleer3-server instances. |
-| **MOAT features** | Debugger, Lineage, Correlation — the defensible product. Built in cameleer3 agent + server. |
+| **Observability proxy** | Routing authenticated requests to tenant-specific cameleer-server instances. |
+| **MOAT features** | Debugger, Lineage, Correlation — the defensible product. Built in cameleer agent + server. |
 
 ### SKIP / DEFER
 
@@ -74,7 +74,7 @@ Key constraints:
 +--------+---------------------+------------------------+
          |                     |
 +--------v--------+  +---------v-----------+
-| cameleer-saas   |  | cameleer3-server    |
+| cameleer-saas   |  | cameleer-server    |
 | (Spring Boot)   |  | (observability)     |
 | Control plane   |  | Per-tenant instance |
 +---+-------+-----+  +----------+----------+
@@ -99,10 +99,10 @@ API request:
     -> Traefik forwards to upstream service
 
 Machine auth (agent bootstrap):
-  cameleer3-agent -> cameleer-saas /api/agent/register
+  cameleer-agent -> cameleer-saas /api/agent/register
     -> Validates bootstrap token (Ed25519)
     -> Issues agent session token
-    -> Agent connects to cameleer3-server
+    -> Agent connects to cameleer-server
 ```
 
 Logto handles all user-facing identity. The cameleer-saas app handles machine-to-machine auth (agent tokens, license tokens) using Ed25519.
@@ -137,9 +137,9 @@ Customer uploads JAR
   -> Validation (file type, size, SHA-256, security scan)
   -> Templated Dockerfile generation:
        FROM eclipse-temurin:21-jre-alpine
-       COPY cameleer3-agent.jar /opt/agent/
+       COPY cameleer-agent.jar /opt/agent/
        COPY customer-app.jar /opt/app/
-       ENTRYPOINT ["java", "-javaagent:/opt/agent/cameleer3-agent.jar", "-jar", "/opt/app/customer-app.jar"]
+       ENTRYPOINT ["java", "-javaagent:/opt/agent/cameleer-agent.jar", "-jar", "/opt/app/customer-app.jar"]
   -> Build:
        Docker mode: docker build via docker-java (local image cache)
        K8s mode: Kaniko Job -> push to registry
@@ -152,7 +152,7 @@ Customer uploads JAR
 - **Schema-per-tenant** in PostgreSQL for platform data isolation.
 - **Logto organizations** map 1:1 to tenants. Logto handles user-tenant membership.
 - **ClickHouse** data partitioned by tenant_id.
-- **cameleer3-server** instances are per-tenant (separate containers/pods).
+- **cameleer-server** instances are per-tenant (separate containers/pods).
 - **K8s bonus:** Namespace-per-tenant for network isolation, resource quotas.
 
 ### Environment Model
@@ -232,8 +232,8 @@ services:
       - traefik.enable=true
       - traefik.http.routers.auth.rule=PathPrefix(`/auth`)
 
-  cameleer3-server:
-    image: gitea.siegeln.net/cameleer/cameleer3-server:${VERSION}
+  cameleer-server:
+    image: gitea.siegeln.net/cameleer/cameleer-server:${VERSION}
     environment:
       - CLICKHOUSE_URL=jdbc:clickhouse://clickhouse:8123/cameleer
     labels:
@@ -312,9 +312,9 @@ volumes:
 ### Phase 4: Observability Pipeline
 **Goal:** Customer can see traces, metrics, and route topology for deployed apps.
 
-- Connect cameleer3-server to customer app containers
+- Connect cameleer-server to customer app containers
 - ClickHouse tenant-scoped data partitioning
-- Observability API proxy (tenant-aware routing to cameleer3-server)
+- Observability API proxy (tenant-aware routing to cameleer-server)
 - Basic topology graph endpoint
 - Agent ↔ server connectivity verification
 
@@ -367,13 +367,13 @@ volumes:
 1. Upload a sample Camel JAR via API
 2. Platform builds container image
 3. Deploy to "dev" environment
-4. Container starts with cameleer3 agent attached
+4. Container starts with cameleer agent attached
 5. App is reachable via Traefik routing
 6. Logs are accessible via API
 7. Deploy same image to "prod" with different config
 
 ### Phase 4 Verification
-1. Running Camel app sends traces to cameleer3-server
+1. Running Camel app sends traces to cameleer-server
 2. Traces visible in ClickHouse with correct tenant_id
 3. Topology graph shows route structure
 4. Different tenant cannot see another tenant's data
@@ -393,7 +393,7 @@ docker compose up -d
 # Create tenant + user via API/Logto
 # Upload sample Camel JAR
 # Deploy to environment
-# Verify agent connects to cameleer3-server
+# Verify agent connects to cameleer-server
 # Verify traces in ClickHouse
 # Verify observability API returns data
 ```