chore: rename cameleer3 to cameleer

Rename Java packages from com.cameleer3 to com.cameleer, module
directories from cameleer3-* to cameleer-*, and all references
throughout workflows, Dockerfiles, docs, migrations, and pom.xml.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docs/superpowers/plans/2026-04-05-logto-oidc-resource-server.md

@@ -14,13 +14,13 @@
 
 | File | Action | Responsibility |
 |------|--------|---------------|
-| `cameleer3-server-app/pom.xml` | Modify | Add oauth2-resource-server dependency |
-| `cameleer3-server-app/src/main/resources/application.yml` | Modify | Add OIDC issuer/audience properties |
-| `cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityProperties.java` | Modify | Add oidcIssuerUri, oidcAudience fields |
-| `cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityConfig.java` | Modify | Build OIDC decoder, pass to filter |
-| `cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/JwtAuthenticationFilter.java` | Modify | Add OIDC fallback path |
-| `cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/OidcConfig.java` | Modify | Update default rolesClaim |
-| `cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/OidcConfigAdminController.java` | Modify | Update default rolesClaim |
+| `cameleer-server-app/pom.xml` | Modify | Add oauth2-resource-server dependency |
+| `cameleer-server-app/src/main/resources/application.yml` | Modify | Add OIDC issuer/audience properties |
+| `cameleer-server-app/src/main/java/com/cameleer/server/app/security/SecurityProperties.java` | Modify | Add oidcIssuerUri, oidcAudience fields |
+| `cameleer-server-app/src/main/java/com/cameleer/server/app/security/SecurityConfig.java` | Modify | Build OIDC decoder, pass to filter |
+| `cameleer-server-app/src/main/java/com/cameleer/server/app/security/JwtAuthenticationFilter.java` | Modify | Add OIDC fallback path |
+| `cameleer-server-core/src/main/java/com/cameleer/server/core/security/OidcConfig.java` | Modify | Update default rolesClaim |
+| `cameleer-server-app/src/main/java/com/cameleer/server/app/controller/OidcConfigAdminController.java` | Modify | Update default rolesClaim |
 | `deploy/authentik.yaml` | Delete | Remove Authentik deployment |
 | `deploy/logto.yaml` | Create | Logto server + dedicated PostgreSQL |
 | `.gitea/workflows/ci.yml` | Modify | Replace Authentik with Logto in CI |
@@ -33,11 +33,11 @@
 ### Task 1: Add OAuth2 Resource Server Dependency
 
 **Files:**
-- Modify: `cameleer3-server-app/pom.xml:87-97`
+- Modify: `cameleer-server-app/pom.xml:87-97`
 
 - [ ] **Step 1: Add the spring-boot-starter-oauth2-resource-server dependency**
 
-In `cameleer3-server-app/pom.xml`, add after the existing `spring-boot-starter-security` dependency (line 87) and before the `nimbus-jose-jwt` dependency (line 88):
+In `cameleer-server-app/pom.xml`, add after the existing `spring-boot-starter-security` dependency (line 87) and before the `nimbus-jose-jwt` dependency (line 88):
 
 ```xml
         <dependency>
@@ -66,13 +66,13 @@ The full dependencies section around that area should read:
 
 - [ ] **Step 2: Verify compilation**
 
-Run: `mvn clean compile -pl cameleer3-server-app -am -B`
+Run: `mvn clean compile -pl cameleer-server-app -am -B`
 Expected: BUILD SUCCESS
 
 - [ ] **Step 3: Commit**
 
 ```bash
-git add cameleer3-server-app/pom.xml
+git add cameleer-server-app/pom.xml
 git commit -m "feat: add spring-boot-starter-oauth2-resource-server dependency"
 ```
 
@@ -81,8 +81,8 @@ git commit -m "feat: add spring-boot-starter-oauth2-resource-server dependency"
 ### Task 2: Add OIDC Properties
 
 **Files:**
-- Modify: `cameleer3-server-app/src/main/resources/application.yml:42-48`
-- Modify: `cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityProperties.java`
+- Modify: `cameleer-server-app/src/main/resources/application.yml:42-48`
+- Modify: `cameleer-server-app/src/main/java/com/cameleer/server/app/security/SecurityProperties.java`
 
 - [ ] **Step 1: Add OIDC properties to application.yml**
 
@@ -107,7 +107,7 @@ security:
 Add `oidcIssuerUri` and `oidcAudience` fields with getters/setters. The complete file should be:
 
 ```java
-package com.cameleer3.server.app.security;
+package com.cameleer.server.app.security;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
 
@@ -154,14 +154,14 @@ public class SecurityProperties {
 
 - [ ] **Step 3: Verify compilation**
 
-Run: `mvn clean compile -pl cameleer3-server-app -am -B`
+Run: `mvn clean compile -pl cameleer-server-app -am -B`
 Expected: BUILD SUCCESS
 
 - [ ] **Step 4: Commit**
 
 ```bash
-git add cameleer3-server-app/src/main/resources/application.yml
-git add cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityProperties.java
+git add cameleer-server-app/src/main/resources/application.yml
+git add cameleer-server-app/src/main/java/com/cameleer/server/app/security/SecurityProperties.java
 git commit -m "feat: add OIDC issuer URI and audience security properties"
 ```
 
@@ -170,18 +170,18 @@ git commit -m "feat: add OIDC issuer URI and audience security properties"
 ### Task 3: Add OIDC Fallback to JwtAuthenticationFilter
 
 **Files:**
-- Modify: `cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/JwtAuthenticationFilter.java`
+- Modify: `cameleer-server-app/src/main/java/com/cameleer/server/app/security/JwtAuthenticationFilter.java`
 
 - [ ] **Step 1: Update JwtAuthenticationFilter with OIDC fallback**
 
 The filter needs a new nullable `oidcDecoder` parameter, a `tryInternalToken` method (wrapping existing logic), a `tryOidcToken` fallback, and scope-based role extraction. The complete updated file:
 
 ```java
-package com.cameleer3.server.app.security;
+package com.cameleer.server.app.security;
 
-import com.cameleer3.server.core.agent.AgentRegistryService;
-import com.cameleer3.server.core.security.JwtService;
-import com.cameleer3.server.core.security.JwtService.JwtValidationResult;
+import com.cameleer.server.core.agent.AgentRegistryService;
+import com.cameleer.server.core.security.JwtService;
+import com.cameleer.server.core.security.JwtService.JwtValidationResult;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -323,17 +323,17 @@ This change removes the 2-arg constructor, so `SecurityConfig.java` won't compil
 ### Task 4: Build OIDC Decoder in SecurityConfig
 
 **Files:**
-- Modify: `cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityConfig.java`
+- Modify: `cameleer-server-app/src/main/java/com/cameleer/server/app/security/SecurityConfig.java`
 
 - [ ] **Step 1: Update SecurityConfig to build OIDC decoder and pass to filter**
 
 The `filterChain` method needs an additional `SecurityProperties` parameter, an inline OIDC decoder builder, and must pass the decoder to the `JwtAuthenticationFilter` constructor. The complete updated file:
 
 ```java
-package com.cameleer3.server.app.security;
+package com.cameleer.server.app.security;
 
-import com.cameleer3.server.core.agent.AgentRegistryService;
-import com.cameleer3.server.core.security.JwtService;
+import com.cameleer.server.core.agent.AgentRegistryService;
+import com.cameleer.server.core.security.JwtService;
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.jwk.source.JWKSourceBuilder;
 import com.nimbusds.jose.proc.JWSVerificationKeySelector;
@@ -550,19 +550,19 @@ public class SecurityConfig {
 
 - [ ] **Step 2: Verify compilation**
 
-Run: `mvn clean compile -pl cameleer3-server-app -am -B`
+Run: `mvn clean compile -pl cameleer-server-app -am -B`
 Expected: BUILD SUCCESS
 
 - [ ] **Step 3: Run tests**
 
-Run: `mvn test -pl cameleer3-server-app -am -B`
+Run: `mvn test -pl cameleer-server-app -am -B`
 Expected: Tests pass (OIDC decoder won't be built since `CAMELEER_OIDC_ISSUER_URI` is empty in test config)
 
 - [ ] **Step 4: Commit**
 
 ```bash
-git add cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/JwtAuthenticationFilter.java
-git add cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityConfig.java
+git add cameleer-server-app/src/main/java/com/cameleer/server/app/security/JwtAuthenticationFilter.java
+git add cameleer-server-app/src/main/java/com/cameleer/server/app/security/SecurityConfig.java
 git commit -m "feat: add OIDC resource server support with JWKS discovery and scope-based roles"
 ```
 
@@ -571,8 +571,8 @@ git commit -m "feat: add OIDC resource server support with JWKS discovery and sc
 ### Task 5: Update OidcConfig Default RolesClaim
 
 **Files:**
-- Modify: `cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/OidcConfig.java:28`
-- Modify: `cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/OidcConfigAdminController.java:101`
+- Modify: `cameleer-server-core/src/main/java/com/cameleer/server/core/security/OidcConfig.java:28`
+- Modify: `cameleer-server-app/src/main/java/com/cameleer/server/app/controller/OidcConfigAdminController.java:101`
 
 - [ ] **Step 1: Update OidcConfig.disabled() default**
 
@@ -600,8 +600,8 @@ Expected: BUILD SUCCESS
 - [ ] **Step 4: Commit**
 
 ```bash
-git add cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/OidcConfig.java
-git add cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/OidcConfigAdminController.java
+git add cameleer-server-core/src/main/java/com/cameleer/server/core/security/OidcConfig.java
+git add cameleer-server-app/src/main/java/com/cameleer/server/app/controller/OidcConfigAdminController.java
 git commit -m "feat: update default rolesClaim to 'roles' for Logto compatibility"
 ```