Replace stub with full Docker implementation using docker-java. Manages
per-tenant server and UI containers with Traefik labels, health checks,
image pull, network attachment, and full lifecycle (provision/start/stop/remove/status).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds server_endpoint and provision_error columns to tenants table (V011 migration),
updates TenantEntity and TenantResponse with new fields and a from() factory,
adds revokeLicense() to LicenseService, and updates TenantController to use the factory.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Redesign SaaS platform from read-only viewer into vendor management
plane with tenant provisioning, license management, and customer
self-service. Two personas (vendor/customer), pluggable provisioning
interface (Docker first, K8s later), per-tenant server instances.
User stories tracked as Gitea issues #40-#51. Closes#37.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Disabled features on the license page now show 'Not included' with a
neutral (auto) badge color instead of 'Disabled' in error red, which
looked like an actionable error rather than a plan tier indicator.
Label/value spacing on DashboardPage already used flex justify-between
correctly — no change needed there.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Verified 2026-04-09: all runtime management fully ported to
cameleer3-server with enhancements beyond the original plan.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add key class locations for Java backend and React frontend, document
cameleer-traefik network topology with DNS alias, add server runtime
env vars table, update deployment pipeline to 7-stage flow, add
database migration reference.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Deployed app containers are put on the cameleer-traefik network by the
orchestrator, but the server and Traefik were only on the compose-internal
network. This caused UnresolvedAddressException when apps tried to connect
to cameleer3-server:8081 for agent registration and SSE.
- Add cameleer-traefik network with fixed name (no compose project prefix)
- Attach server to cameleer-traefik with DNS alias "cameleer3-server"
- Attach Traefik to cameleer-traefik for routing to deployed apps
- Add dev overrides for Docker orchestration (socket, volumes, env vars)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Standardize env var naming. The agent reads CAMELEER_SERVER_URL
to configure -Dcameleer.export.endpoint.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
After configuring the server's OIDC settings, the bootstrap now seeds
claim mapping rules so Logto roles (server:admin, server:operator) map
to server RBAC roles (ADMIN, OPERATOR) automatically. Rules are
idempotent — existing mappings are checked by matchValue before creating.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Delete EnvironmentsPage, EnvironmentDetailPage, AppDetailPage
- Delete EnvironmentTree and DeploymentStatusBadge components
- Simplify DashboardPage to show tenant info, license status, server link
- Remove environment/app/deployment routes from router
- Remove environment section from sidebar, keep dashboard/license/platform
- Strip API hooks to tenant/license/me only
- Remove environment/app/deployment/observability types
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove docker-java-core and docker-java-transport-zerodep from pom.xml
- Remove Docker socket mount, group_add, jardata volume from docker-compose.yml
- Remove CAMELEER_DOCKER_NETWORK and CLICKHOUSE_URL env vars from SaaS service
- Remove jardata volume definition
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- V010: drop deployments, apps, environments, api_keys tables
- Tables have been migrated to cameleer3-server
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Delete environment/, app/, deployment/, runtime/ packages (source + tests)
- Delete apikey/ package (tied to environments, table will be dropped)
- Strip AsyncConfig to empty @EnableAsync (no more deploymentExecutor bean)
- Remove EnvironmentService dependency from TenantService
- Remove environment/app isolation from TenantIsolationInterceptor
- Remove environment seeding from BootstrapDataSeeder
- Refactor ServerApiClient to use LogtoConfig instead of RuntimeConfig
- Add server-endpoint property to LogtoConfig (was in RuntimeConfig)
- Remove runtime config section and multipart config from application.yml
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- ServerApiClient: use X-Cameleer-Protocol-Version: 1 (server expects "1", not "2")
- Disable Hibernate show-sql in dev profile (too verbose)
- CLAUDE.md: document deployment pipeline architecture, M2M server role in bootstrap,
runtime-base image in CI
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The default cameleer-runtime-base:latest has no registry prefix, so
Docker can't pull it. Use the full gitea.siegeln.net/cameleer/ path.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Logto's OIDC endpoint may respond before the Management API is fully
initialized. Add a retry loop that checks GET /api/roles returns valid
JSON before making any API calls. Fixes intermittent bootstrap failure
on cold starts with 'Cannot index string with string "name"'.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The @Bean named 'deploymentExecutor' (ThreadPoolTaskExecutor) collided
with the @Service class DeploymentExecutor. Rename the bean to
'deploymentTaskExecutor'.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The Alpine-based docker builder uses BusyBox grep which doesn't
support Perl regex (-P). Switch to sed for extracting the agent
version from Maven metadata XML.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The serverApiClient.isAvailable() stubbing in setUp() is unused by
the observability test, causing UnnecessaryStubbingException in CI.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1. Docker socket security: remove root group from Dockerfile, use
group_add in docker-compose.yml for runtime-only socket access
2. M2M server communication: create ServerApiClient using Logto
client_credentials grant with API resource scope. Add M2M server
role in bootstrap. Replace hacky admin/admin login in
AgentStatusService.
3. Async deployment: extract DeploymentExecutor as separate @Service
so Spring's @Async proxy works (self-invocation bypasses proxy).
Deploy now returns immediately, health check runs in background.
4. Bootstrap: M2M server role (cameleer-m2m-server) with server:admin
scope, idempotent creation outside the M2M app creation block.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Three fixes for the deployment pipeline:
1. Health check path: /health -> /cameleer/health (matches agent)
2. Container cleanup: stop AND remove old container before starting
new one, plus orphan cleanup by container name to prevent conflicts
3. Container status: read health.status instead of state.status so
waitForHealthy correctly detects the "healthy" state
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Docker Compose prefixes network names with the project name, so the
actual network is cameleer-saas_cameleer, not just cameleer. Pass
CAMELEER_DOCKER_NETWORK env var using COMPOSE_PROJECT_NAME.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The httpclient5 transport needs junixsocket for Unix domain sockets.
Switch to docker-java-transport-zerodep which has built-in Unix socket
support with zero external dependencies.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The mounted /var/run/docker.sock is owned by root:root with rw-rw----
permissions. The cameleer user needs to be in the root group to
read/write the socket for building images and managing containers.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Default docker-java config resolved to localhost:2375 (TCP) inside the
container. Explicitly set docker host to unix:///var/run/docker.sock
which is volume-mounted from the host.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Check for spaClientId and m2mClientSecret in the cached bootstrap
file. If both exist, exit immediately instead of re-running all
phases. Delete /data/logto-bootstrap.json to force a re-run.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add CI step to build cameleer-runtime-base image by downloading the
agent shaded JAR from Gitea Maven registry and pushing the image.
Wire CAMELEER_AUTH_TOKEN from docker-compose into RuntimeConfig so
deployed containers authenticate with cameleer3-server. Add agent.jar
to gitignore for local builds.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Spring Boot defaults to 1MB max file size which rejected all JAR
uploads. Set to 200MB to match the configured max-jar-size. Also
create /data/jars with cameleer user ownership in the Dockerfile
so the non-root process can write uploaded JARs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add per-app memory limit and CPU shares (stored on AppEntity, used by
DeploymentService with fallback to global defaults). JAR upload is now
optional at creation time. Both create modals show the computed slug in
the dialog title and use consistent Cancel-left/Action-right button
layout with inline styles to avoid Modal CSS conflicts.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Read user profile from Logto ID token in OrgResolver, store in
Zustand org store, display in sidebar footer and TopBar avatar
- Fix license limits showing "—" by aligning frontend LIMIT_LABELS
keys with backend snake_case convention (max_agents, retention_days,
max_environments)
- Bump @cameleer/design-system to v0.1.38 (font-size floor)
- Add dev volume mount for local UI hot-reload without image rebuild
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Change rolesClaim from "scope" to "roles" to match the custom claim
injected by the Logto Custom JWT script
- Add Phase 7b: configure Logto Custom JWT for access tokens that maps
org roles (admin→server:admin, member→server:viewer) and global roles
(platform-admin→server:admin) into a standard "roles" claim
- Add additionalScopes field to OIDC config
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
