fix(dirty-state): exclude live-pushed fields from deploy diff

Live-pushed config fields (taps, tapVersion, tracedProcessors, routeRecording) apply via SSE CONFIG_UPDATE — they take effect on running agents without a redeploy and are fetched on agent restart from application_config. They must not contribute to the "pending deploy" diff against the last-successful-deployment snapshot. Before this fix, applying a tap from the process diagram correctly rolled out in real time but then marked the app "Pending Deploy (1)" because DirtyStateCalculator compared every agentConfig field. This also contradicted the UI rule (ui.md) that the live tabs "never mark dirty". Adds taps, tapVersion, tracedProcessors, routeRecording to AGENT_CONFIG_IGNORED_KEYS. Updates the nested-path test to use a staged field (sensitiveKeys) and adds a new test asserting that divergent live-push fields keep dirty=false. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Merge pull request 'feat(ui): show deployment status + rich pending-deploy tooltip on app header' (#151 ) from feature/deployment-status-badge into main
2026-04-24 14:42:07 +02:00 · 2026-04-24 13:50:00 +02:00 · 2026-04-24 13:49:51 +02:00 · 2026-04-24 13:49:24 +02:00 · 2026-04-24 13:47:04 +02:00 · 2026-04-24 11:22:27 +02:00
1065 changed files with 101153 additions and 12137 deletions
--- a/.claude/rules/app-classes.md
+++ b/.claude/rules/app-classes.md
@@ -0,0 +1,210 @@
+---
+paths:
+  - "cameleer-server-app/**"
+---
+
+# App Module Key Classes
+
+`cameleer-server-app/src/main/java/com/cameleer/server/app/`
+
+## URL taxonomy
+
+User-facing data and config endpoints live under `/api/v1/environments/{envSlug}/...`. Env is a path segment, never a query param. The `envSlug` is resolved to an `Environment` bean via the `@EnvPath` argument resolver (`web/EnvironmentPathResolver.java`) — 404 on unknown slug.
+
+**Slugs are immutable after creation** for both environments and apps. Slug regex: `^[a-z0-9][a-z0-9-]{0,63}$`. Validated in `EnvironmentService.create` and `AppService.createApp`. Update endpoints (`PUT`) do not accept a slug field; Jackson drops it as an unknown property.
+
+### Flat-endpoint allow-list
+
+These paths intentionally stay flat (no `/environments/{envSlug}` prefix). Every new endpoint should be env-scoped unless it appears here and the reason is documented.
+
+| Path prefix | Why flat |
+|---|---|
+| `/api/v1/data/**` | Agent ingestion. JWT `env` claim is authoritative; URL-embedded env would invite spoofing. |
+| `/api/v1/agents/register`, `/refresh`, `/{id}/heartbeat`, `/{id}/events` (SSE), `/{id}/deregister`, `/{id}/commands`, `/{id}/commands/{id}/ack`, `/{id}/replay` | Agent self-service; JWT-bound. |
+| `/api/v1/agents/commands`, `/api/v1/agents/groups/{group}/commands` | Operator fan-out; target scope is explicit in query params. |
+| `/api/v1/agents/config` | Agent-authoritative config read; JWT → registry → (app, env). |
+| `/api/v1/admin/{users,roles,groups,oidc,license,audit,rbac/stats,claim-mappings,thresholds,sensitive-keys,usage,clickhouse,database,environments,outbound-connections}` | Truly cross-env admin. Env CRUD URLs use `{envSlug}`, not UUID. |
+| `/api/v1/catalog`, `/api/v1/catalog/{applicationId}` | Cross-env discovery is the purpose. Env is an optional filter via `?environment=`. |
+| `/api/v1/executions/{execId}`, `/processors/**` | Exchange IDs are globally unique; permalinks. |
+| `/api/v1/diagrams/{contentHash}/render`, `POST /api/v1/diagrams/render` | Content-addressed or stateless. |
+| `/api/v1/alerts/notifications/{id}/retry` | Notification IDs are globally unique; no env routing needed. |
+| `/api/v1/auth/**` | Pre-auth; no env context exists. |
+| `/api/v1/health`, `/prometheus`, `/api-docs/**`, `/swagger-ui/**` | Server metadata. |
+
+## Tenant isolation invariant
+
+ClickHouse is shared across tenants. Every ClickHouse query must filter by `tenant_id` (from `CAMELEER_SERVER_TENANT_ID` env var, resolved via `TenantContext`/config) in addition to `environment`. New controllers added under `/environments/{envSlug}/...` must preserve this — the env filter from the path does not replace the tenant filter.
+
+## User ID conventions
+
+`users.user_id` stores the **bare** identifier:
+- Local users: `<username>` (e.g. `admin`, `alice`)
+- OIDC users: `oidc:<sub>` (e.g. `oidc:c7a93b…`)
+
+JWT subjects carry a `user:` namespace prefix (`user:admin`, `user:oidc:<sub>`) so `JwtAuthenticationFilter` can distinguish user tokens from agent tokens. All three write paths upsert the **bare** form:
+
+- `UiAuthController.login` — computes `userId = request.username()`, signs with `subject = "user:" + userId`.
+- `OidcAuthController.callback` — `userId = "oidc:" + oidcUser.subject()`, signs with `subject = "user:" + userId`.
+- `UserAdminController.createUser` — `userId = request.username()`.
+
+Env-scoped read-path controllers (`AlertController`, `AlertRuleController`, `AlertSilenceController`, `OutboundConnectionAdminController`) strip `"user:"` from `SecurityContextHolder.authentication.name` before using it as an FK. All FKs to `users(user_id)` (e.g. `alert_rules.created_by`, `outbound_connections.created_by`, `alert_reads.user_id`, `user_roles.user_id`, `user_groups.user_id`) therefore reference the bare form. If you add a new controller that needs the acting user id for an FK insert, follow the same strip pattern.
+
+## controller/ — REST endpoints
+
+### Env-scoped (user-facing data & config)
+
+- `AppController` — `/api/v1/environments/{envSlug}/apps`. GET list / POST create / GET `{appSlug}` / DELETE `{appSlug}` / GET `{appSlug}/versions` / POST `{appSlug}/versions` (JAR upload) / PUT `{appSlug}/container-config` / GET `{appSlug}/dirty-state` (returns `DirtyStateResponse{dirty, lastSuccessfulDeploymentId, differences}` — compares current JAR+config against last RUNNING deployment snapshot; dirty=true when no snapshot exists). App slug uniqueness is per-env (`(env, app_slug)` is the natural key). `CreateAppRequest` body has no env (path), validates slug regex. Injects `DirtyStateCalculator` bean (registered in `RuntimeBeanConfig`, requires `ObjectMapper` with `JavaTimeModule`).
+- `DeploymentController` — `/api/v1/environments/{envSlug}/apps/{appSlug}/deployments`. GET list / POST create (body `{ appVersionId }`) / POST `{id}/stop` / POST `{id}/promote` (body `{ targetEnvironment: slug }` — target app slug must exist in target env) / GET `{id}/logs`. All lifecycle ops (`POST /` deploy, `POST /{id}/stop`, `POST /{id}/promote`) audited under `AuditCategory.DEPLOYMENT`. Action codes: `deploy_app`, `stop_deployment`, `promote_deployment`. Acting user resolved via the `user:` prefix-strip convention; both SUCCESS and FAILURE branches write audit rows. `created_by` (TEXT, nullable) populated from `SecurityContextHolder` and surfaced on the `Deployment` DTO.
+- `ApplicationConfigController` — `/api/v1/environments/{envSlug}`. GET `/config` (list), GET/PUT `/apps/{appSlug}/config`, GET `/apps/{appSlug}/processor-routes`, POST `/apps/{appSlug}/config/test-expression`. PUT accepts `?apply=staged|live` (default `live`). `live` saves to DB and pushes `CONFIG_UPDATE` SSE to live agents in this env (existing behavior); `staged` saves to DB only, skipping the SSE push — used by the unified app deployment page. Audit action is `stage_app_config` for staged writes, `update_app_config` for live. Invalid `apply` values return 400.
+- `AppSettingsController` — `/api/v1/environments/{envSlug}`. GET `/app-settings` (list), GET/PUT/DELETE `/apps/{appSlug}/settings`. ADMIN/OPERATOR only.
+- `SearchController` — `/api/v1/environments/{envSlug}`. GET `/executions`, POST `/executions/search`, GET `/stats`, `/stats/timeseries`, `/stats/timeseries/by-app`, `/stats/timeseries/by-route`, `/stats/punchcard`, `/attributes/keys`, `/errors/top`. GET `/executions` accepts repeat `attr` query params: `attr=order` (key-exists), `attr=order:47` (exact), `attr=order:4*` (wildcard — `*` maps to SQL LIKE `%`). First `:` splits key/value; later colons stay in the value. Invalid keys → 400. POST `/executions/search` accepts the same filters via `SearchRequest.attributeFilters` in the body.
+- `LogQueryController` — GET `/api/v1/environments/{envSlug}/logs` (filters: source (multi, comma-split, OR-joined), level (multi, comma-split, OR-joined), application, agentId, exchangeId, logger, q, time range, instanceIds (multi, comma-split, AND-joined as WHERE instance_id IN (...) — used by the Checkpoint detail drawer to scope logs to a deployment's replicas); sort asc/desc). Cursor-paginated, returns `{ data, nextCursor, hasMore, levelCounts }`; cursor is base64url of `"{timestampIso}|{insert_id_uuid}"` — same-millisecond tiebreak via the `insert_id` UUID column on `logs`.
+- `RouteCatalogController` — GET `/api/v1/environments/{envSlug}/routes` (merged route catalog from registry + ClickHouse; env filter unconditional).
+- `RouteMetricsController` — GET `/api/v1/environments/{envSlug}/routes/metrics`, GET `/api/v1/environments/{envSlug}/routes/metrics/processors`.
+- `AgentListController` — GET `/api/v1/environments/{envSlug}/agents` (registered agents with runtime metrics, filtered to env).
+- `AgentEventsController` — GET `/api/v1/environments/{envSlug}/agents/events` (lifecycle events; cursor-paginated, returns `{ data, nextCursor, hasMore }`; order `(timestamp DESC, insert_id DESC)`; cursor is base64url of `"{timestampIso}|{insert_id_uuid}"` — `insert_id` is a stable UUID column used as a same-millisecond tiebreak).
+- `AgentMetricsController` — GET `/api/v1/environments/{envSlug}/agents/{agentId}/metrics` (JVM/Camel metrics). Rejects cross-env agents (404) as defence-in-depth.
+- `DiagramRenderController` — GET `/api/v1/environments/{envSlug}/apps/{appSlug}/routes/{routeId}/diagram` returns the most recent diagram for (app, env, route) via `DiagramStore.findLatestContentHashForAppRoute`. Registry-independent — routes whose publishing agents were removed still resolve. Also GET `/api/v1/diagrams/{contentHash}/render` (flat — content hashes are globally unique), the point-in-time path consumed by the exchange viewer via `ExecutionDetail.diagramContentHash`.
+- `AlertRuleController` — `/api/v1/environments/{envSlug}/alerts/rules`. GET list / POST create / GET `{id}` / PUT `{id}` / DELETE `{id}` / POST `{id}/enable` / POST `{id}/disable` / POST `{id}/render-preview` / POST `{id}/test-evaluate`. OPERATOR+ for mutations, VIEWER+ for reads. CRITICAL: attribute keys in `ExchangeMatchCondition.filter.attributes` are validated at rule-save time against `^[a-zA-Z0-9._-]+$` — they are later inlined into ClickHouse SQL. `AgentLifecycleCondition` is allowlist-only — the `AgentLifecycleEventType` enum (REGISTERED / RE_REGISTERED / DEREGISTERED / WENT_STALE / WENT_DEAD / RECOVERED) plus the record compact ctor (non-empty `eventTypes`, `withinSeconds ≥ 1`) do the validation; custom agent-emitted event types are tracked in backlog issue #145. Webhook validation: verifies `outboundConnectionId` exists and `isAllowedInEnvironment`. Null notification templates default to `""` (NOT NULL constraint). Audit: `ALERT_RULE_CHANGE`.
+- `AlertController` — `/api/v1/environments/{envSlug}/alerts`. GET list (inbox filtered by userId/groupIds/roleNames via `InAppInboxQuery`; optional multi-value `state`, `severity`, tri-state `acked`, tri-state `read` query params; soft-deleted rows always excluded) / GET `/unread-count` / GET `{id}` / POST `{id}/ack` / POST `{id}/read` / POST `/bulk-read` / POST `/bulk-ack` (VIEWER+) / DELETE `{id}` (OPERATOR+, soft-delete) / POST `/bulk-delete` (OPERATOR+) / POST `{id}/restore` (OPERATOR+, clears `deleted_at`). `requireLiveInstance` helper returns 404 on soft-deleted rows; `restore` explicitly fetches regardless of `deleted_at`. `BulkIdsRequest` is the shared body for bulk-read/ack/delete (`{ instanceIds }`). `AlertDto` includes `readAt`; `deletedAt` is intentionally NOT on the wire. Inbox SQL: `? = ANY(target_user_ids) OR target_group_ids && ? OR target_role_names && ?` — requires at least one matching target (no broadcast concept).
+- `AlertSilenceController` — `/api/v1/environments/{envSlug}/alerts/silences`. GET list / POST create / DELETE `{id}`. 422 if `endsAt <= startsAt`. OPERATOR+ for mutations, VIEWER+ for list. Audit: `ALERT_SILENCE_CHANGE`.
+- `AlertNotificationController` — Dual-path (no class-level prefix). GET `/api/v1/environments/{envSlug}/alerts/{alertId}/notifications` (VIEWER+); POST `/api/v1/alerts/notifications/{id}/retry` (OPERATOR+, flat — notification IDs globally unique). Retry resets attempts to 0 and sets `nextAttemptAt = now`.
+
+### Env admin (env-slug-parameterized, not env-scoped data)
+
+- `EnvironmentAdminController` — `/api/v1/admin/environments`. GET list / POST create / GET `{envSlug}` / PUT `{envSlug}` / DELETE `{envSlug}` / PUT `{envSlug}/default-container-config` / PUT `{envSlug}/jar-retention`. Slug immutable — PUT body has no slug field; any slug supplied is dropped by Jackson. Slug validated on POST. `UpdateEnvironmentRequest` carries `color` (nullable); unknown values rejected with 400 via `EnvironmentColor.isValid`. Null/absent color preserves the existing value.
+
+### Agent-only (JWT-authoritative, intentionally flat)
+
+- `AgentRegistrationController` — POST `/register` (requires `environmentId` in body; 400 if missing), POST `/{id}/refresh` (rejects tokens with no `env` claim), POST `/{id}/heartbeat` (env from body preferred, JWT fallback; 400 if neither), POST `/{id}/deregister`.
+- `AgentSseController` — GET `/{id}/events` (SSE connection).
+- `AgentCommandController` — POST `/{agentId}/commands`, POST `/groups/{group}/commands`, POST `/commands` (broadcast), POST `/{agentId}/commands/{commandId}/ack`, POST `/{agentId}/replay`.
+- `AgentConfigController` — GET `/api/v1/agents/config`. Agent-authoritative config read: resolves (app, env) from JWT subject → registry (registry miss falls back to JWT env claim; no registry entry → 404 since application can't be derived).
+
+### Ingestion (agent-only, JWT-authoritative)
+
+- `LogIngestionController` — POST `/api/v1/data/logs` (accepts `List<LogEntry>`; WARNs on missing identity, unregistered agents, empty payloads, buffer-full drops).
+- `EventIngestionController` — POST `/api/v1/data/events`.
+- `ChunkIngestionController` — POST `/api/v1/data/executions`. Accepts a single `ExecutionChunk` or an array (fields include `exchangeId`, `applicationId`, `instanceId`, `routeId`, `status`, `startTime`, `endTime`, `durationMs`, `chunkSeq`, `final`, `processors: FlatProcessorRecord[]`). The accumulator merges non-final chunks by exchangeId and emits the merged envelope on the final chunk or on stale timeout. Legacy `ExecutionController` / `RouteExecution` shape is retired.
+- `MetricsController` — POST `/api/v1/data/metrics`.
+- `DiagramController` — POST `/api/v1/data/diagrams` (resolves applicationId + environment from the agent registry keyed on JWT subject; stamps both on the stored `TaggedDiagram`).
+
+### Cross-env discovery (flat)
+
+- `CatalogController` — GET `/api/v1/catalog` (merges managed apps + in-memory agents + CH stats; optional `?environment=` filter). DELETE `/api/v1/catalog/{applicationId}` (ADMIN: dismiss app, purge all CH data + PG record).
+
+### Admin (cross-env, flat)
+
+- `UserAdminController` — CRUD `/api/v1/admin/users`, POST `/{id}/roles`, POST `/{id}/set-password`.
+- `RoleAdminController` — CRUD `/api/v1/admin/roles`.
+- `GroupAdminController` — CRUD `/api/v1/admin/groups`.
+- `OidcConfigAdminController` — GET/POST `/api/v1/admin/oidc`, POST `/test`.
+- `OutboundConnectionAdminController` — `/api/v1/admin/outbound-connections`. GET list / POST create / GET `{id}` / PUT `{id}` / DELETE `{id}` / POST `{id}/test` / GET `{id}/usage`. RBAC: list/get/usage ADMIN|OPERATOR; mutations + test ADMIN.
+- `SensitiveKeysAdminController` — GET/PUT `/api/v1/admin/sensitive-keys`. GET returns 200 or 204 if not configured. PUT accepts `{ keys: [...] }` with optional `?pushToAgents=true`. Fan-out iterates every distinct `(application, environment)` slice — intentional global baseline + per-env overrides.
+- `ClaimMappingAdminController` — CRUD `/api/v1/admin/claim-mappings`, POST `/test`.
+- `LicenseAdminController` — GET/POST `/api/v1/admin/license`.
+- `ThresholdAdminController` — CRUD `/api/v1/admin/thresholds`.
+- `AuditLogController` — GET `/api/v1/admin/audit`.
+- `RbacStatsController` — GET `/api/v1/admin/rbac/stats`.
+- `UsageAnalyticsController` — GET `/api/v1/admin/usage` (ClickHouse `usage_events`).
+- `ClickHouseAdminController` — GET `/api/v1/admin/clickhouse/**` (conditional on `infrastructureendpoints` flag).
+- `DatabaseAdminController` — GET `/api/v1/admin/database/**` (conditional on `infrastructureendpoints` flag).
+- `ServerMetricsAdminController` — `/api/v1/admin/server-metrics/**`. GET `/catalog`, GET `/instances`, POST `/query`. Generic read API over the `server_metrics` ClickHouse table so SaaS dashboards don't need direct CH access. Delegates to `ServerMetricsQueryStore` (impl `ClickHouseServerMetricsQueryStore`). Visibility matches ClickHouse/Database admin: `@ConditionalOnProperty(infrastructureendpoints, matchIfMissing=true)` + class-level `@PreAuthorize("hasRole('ADMIN')")`. Validation: metric/tag regex `^[a-zA-Z0-9._]+$`, statistic regex `^[a-z_]+$`, `to - from ≤ 31 days`, stepSeconds ∈ [10, 3600], response capped at 500 series. `IllegalArgumentException` → 400. `/query` supports `raw` + `delta` modes (delta does per-`server_instance_id` positive-clipped differences, then aggregates across instances). Derived `statistic=mean` for timers computes `sum(total|total_time)/sum(count)` per bucket.
+
+### Other (flat)
+
+- `DetailController` — GET `/api/v1/executions/{executionId}` + processor snapshot endpoints.
+- `MetricsController` — exposes `/api/v1/metrics` and `/api/v1/prometheus` (server-side Prometheus scrape endpoint).
+
+## runtime/ — Docker orchestration
+
+- `DockerRuntimeOrchestrator` — implements RuntimeOrchestrator; Docker Java client (zerodep transport), container lifecycle
+- `DeploymentExecutor` — @Async staged deploy: PRE_FLIGHT -> PULL_IMAGE -> CREATE_NETWORK -> START_REPLICAS -> HEALTH_CHECK -> SWAP_TRAFFIC -> COMPLETE. Container names are `{tenantId}-{envSlug}-{appSlug}-{replicaIndex}-{generation}`, where `generation` is the first 8 chars of the deployment UUID — old and new replicas coexist during a blue/green swap. Per-replica `CAMELEER_AGENT_INSTANCEID` env var is `{envSlug}-{appSlug}-{replicaIndex}-{generation}`. Branches on `DeploymentStrategy.fromWire(config.deploymentStrategy())`: **blue-green** (default) starts all N → waits for all healthy → stops old (partial health = FAILED, preserves old untouched); **rolling** replaces replicas one at a time with rollback only for in-flight new containers (already-replaced old stay stopped; un-replaced old keep serving). DEGRADED is now only set by `DockerEventMonitor` post-deploy, never by the executor.
+- `DockerNetworkManager` — ensures bridge networks (cameleer-traefik, cameleer-env-{slug}), connects containers
+- `DockerEventMonitor` — persistent Docker event stream listener (die, oom, start, stop), updates deployment status
+- `TraefikLabelBuilder` — generates Traefik Docker labels for path-based or subdomain routing. Per-container identity labels: `cameleer.replica` (index), `cameleer.generation` (deployment-scoped 8-char id — for Prometheus/Grafana deploy-boundary annotations), `cameleer.instance-id` (`{envSlug}-{appSlug}-{replicaIndex}-{generation}`). Router/service label keys are generation-agnostic so load balancing spans old + new replicas during a blue/green overlap.
+- `PrometheusLabelBuilder` — generates Prometheus Docker labels (`prometheus.scrape/path/port`) per runtime type for `docker_sd_configs` auto-discovery
+- `ContainerLogForwarder` — streams Docker container stdout/stderr to ClickHouse with `source='container'`. One follow-stream thread per container, batches lines every 2s/50 lines via `ClickHouseLogStore.insertBufferedBatch()`. 60-second max capture timeout.
+- `DisabledRuntimeOrchestrator` — no-op when runtime not enabled
+
+## metrics/ — Prometheus observability
+
+- `ServerMetrics` — centralized business metrics: gauges (agents by state, SSE connections, buffer depths), counters (ingestion drops, agent transitions, deployment outcomes, auth failures), timers (flush duration, deployment duration). Exposed via `/api/v1/prometheus`.
+- `ServerInstanceIdConfig` — `@Configuration`, exposes `@Bean("serverInstanceId") String`. Resolution precedence: `cameleer.server.instance-id` property → `HOSTNAME` env → `InetAddress.getLocalHost()` → random UUID. Fixed at boot; rotates across restarts so counters restart cleanly.
+- `ServerMetricsSnapshotScheduler` — `@Scheduled(fixedDelayString = "${cameleer.server.self-metrics.interval-ms:60000}")`. Walks `MeterRegistry.getMeters()` each tick, emits one `ServerMetricSample` per `Measurement` (Timer/DistributionSummary produce multiple rows per meter — one per Micrometer `Statistic`). Skips non-finite values; logs and swallows store failures. Disabled via `cameleer.server.self-metrics.enabled=false` (`@ConditionalOnProperty`). Write-only — no query endpoint yet; inspect via `/api/v1/admin/clickhouse/query`.
+
+## storage/ — PostgreSQL repositories (JdbcTemplate)
+
+- `PostgresAppRepository`, `PostgresAppVersionRepository`, `PostgresEnvironmentRepository`
+- `PostgresDeploymentRepository` — includes JSONB replica_states, deploy_stage, findByContainerId. Also carries `deployed_config_snapshot` JSONB (Flyway V3) populated by `DeploymentExecutor` via `saveDeployedConfigSnapshot(UUID, DeploymentConfigSnapshot)` on successful RUNNING transition. Consumed by `DirtyStateCalculator` for the `/apps/{slug}/dirty-state` endpoint and by the UI for checkpoint restore.
+- `PostgresUserRepository`, `PostgresRoleRepository`, `PostgresGroupRepository`
+- `PostgresAuditRepository`, `PostgresOidcConfigRepository`, `PostgresClaimMappingRepository`, `PostgresSensitiveKeysRepository`
+- `PostgresAppSettingsRepository`, `PostgresApplicationConfigRepository`, `PostgresThresholdRepository`. Both `app_settings` and `application_config` are env-scoped (PK `(app_id, environment)` / `(application, environment)`); finders take `(app, env)` — no env-agnostic variants.
+
+## storage/ — ClickHouse stores
+
+- `ClickHouseExecutionStore`, `ClickHouseMetricsStore`, `ClickHouseMetricsQueryStore`
+- `ClickHouseStatsStore` — pre-aggregated stats, punchcard
+- `ClickHouseDiagramStore`, `ClickHouseAgentEventRepository`
+- `ClickHouseUsageTracker` — usage_events for billing
+- `ClickHouseRouteCatalogStore` — persistent route catalog with first_seen cache, warm-loaded on startup
+- `ClickHouseServerMetricsStore` — periodic dumps of the server's own Micrometer registry into the `server_metrics` table. Tenant-stamped (bound at the scheduler, not the bean); no `environment` column (server straddles envs). Batch-insert via `JdbcTemplate.batchUpdate` with `Map(String, String)` tag binding. Written by `ServerMetricsSnapshotScheduler`.
+- `ClickHouseServerMetricsQueryStore` — read side of `server_metrics` for dashboards. Implements `ServerMetricsQueryStore`. `catalog(from,to)` returns name+type+statistics+tagKeys, `listInstances(from,to)` returns server_instance_ids with first/last seen, `query(request)` builds bucketed time-series with `raw` or `delta` mode and supports a derived `mean` statistic for timers. All identifier inputs regex-validated; tenant_id always bound; max range 31 days; series count capped at 500. Exposed via `ServerMetricsAdminController`.
+
+## search/ — ClickHouse search and log stores
+
+- `ClickHouseLogStore` — log storage and query, MDC-based exchange/processor correlation
+- `ClickHouseSearchIndex` — full-text search
+
+## security/ — Spring Security
+
+- `SecurityConfig` — WebSecurityFilterChain, JWT filter, CORS, OIDC conditional. `/api/v1/admin/outbound-connections/**` GETs permit OPERATOR in addition to ADMIN (defense-in-depth at controller level); mutations remain ADMIN-only. Alerting matchers: GET `/environments/*/alerts/**` VIEWER+; POST/PUT/DELETE rules and silences OPERATOR+; ack/read/bulk-read VIEWER+; POST `/alerts/notifications/*/retry` OPERATOR+.
+- `JwtAuthenticationFilter` — OncePerRequestFilter, validates Bearer tokens
+- `JwtServiceImpl` — HMAC-SHA256 JWT (Nimbus JOSE)
+- `UiAuthController` — `/api/v1/auth` (login, refresh, me). Upserts `users.user_id = request.username()` (bare); signs JWTs with `subject = "user:" + userId`. `refresh`/`me` strip the `"user:"` prefix from incoming subjects via `stripSubjectPrefix()` before any DB/RBAC lookup.
+- `OidcAuthController` — `/api/v1/auth/oidc` (login-uri, token-exchange, logout). Upserts `users.user_id = "oidc:" + oidcUser.subject()` (no `user:` prefix); signs JWTs with `subject = "user:oidc:" + oidcUser.subject()`. `applyClaimMappings` + `getSystemRoleNames` calls all use the bare `oidc:<sub>` form.
+- `OidcTokenExchanger` — code -> tokens, role extraction from access_token then id_token
+- `OidcProviderHelper` — OIDC discovery, JWK source cache
+
+## agent/ — Agent lifecycle
+
+- `SseConnectionManager` — manages per-agent SSE connections, delivers commands
+- `AgentLifecycleMonitor` — @Scheduled 10s, LIVE->STALE->DEAD transitions
+- `SsePayloadSigner` — Ed25519 signs SSE payloads for agent verification
+
+## retention/ — JAR cleanup
+
+- `JarRetentionJob` — @Scheduled 03:00 daily, per-environment retention, skips deployed versions
+
+## alerting/eval/ — Rule evaluation
+
+- `AlertEvaluatorJob` — @Scheduled tick driver; per-rule claim/release via `AlertRuleRepository`, dispatches to per-kind `ConditionEvaluator`, persists advanced cursor on release via `AlertRule.withEvalState`.
+- `BatchResultApplier` — `@Component` that wraps a single rule's tick outcome (`EvalResult.Batch` = `firings` + `nextEvalState`) in one `@Transactional` boundary: instance upserts + notification enqueues + cursor advance commit atomically or roll back together. This is the exactly-once-per-exchange guarantee for `PER_EXCHANGE` fire mode.
+- `ConditionEvaluator` — interface; per-kind implementations: `ExchangeMatchEvaluator`, `AgentLifecycleEvaluator`, `AgentStateEvaluator`, `DeploymentStateEvaluator`, `JvmMetricEvaluator`, `LogPatternEvaluator`, `RouteMetricEvaluator`.
+- `AlertStateTransitions` — PER_EXCHANGE vs rule-level FSM helpers (fire/resolve/ack).
+- `PerKindCircuitBreaker` — trips noisy per-kind evaluators; `TickCache` — per-tick shared lookups (apps, envs, silences).
+
+## http/ — Outbound HTTP client implementation
+
+- `SslContextBuilder` — composes SSL context from `OutboundHttpProperties` + `OutboundHttpRequestContext`. Supports SYSTEM_DEFAULT (JDK roots + configured CA extras), TRUST_ALL (short-circuit no-op TrustManager), TRUST_PATHS (JDK roots + system extras + per-request extras). Throws `IllegalArgumentException("CA file not found: ...")` on missing PEM.
+- `ApacheOutboundHttpClientFactory` — Apache HttpClient 5 impl of `OutboundHttpClientFactory`. Memoizes clients per `CacheKey(trustAll, caPaths, mode, connectTimeout, readTimeout)`. Applies `NoopHostnameVerifier` when trust-all is active.
+- `config/OutboundHttpConfig` — `@ConfigurationProperties("cameleer.server.outbound-http")`. Exposes beans: `OutboundHttpProperties`, `SslContextBuilder`, `OutboundHttpClientFactory`. `@PostConstruct` logs WARN on trust-all and throws if configured CA paths don't exist.
+
+## outbound/ — Admin-managed outbound connections (implementation)
+
+- `crypto/SecretCipher` — AES-GCM symmetric cipher with key derived via HMAC-SHA256(jwtSecret, "cameleer-outbound-secret-v1"). Ciphertext format: base64(IV(12 bytes) || GCM output with 128-bit tag). `encrypt` throws `IllegalStateException`; `decrypt` throws `IllegalArgumentException` on tamper/wrong-key/malformed.
+- `storage/PostgresOutboundConnectionRepository` — JdbcTemplate impl. `save()` upserts by id; JSONB serialization via ObjectMapper; UUID arrays via `ConnectionCallback`. Reads `created_by`/`updated_by` as String (= users.user_id TEXT).
+- `OutboundConnectionServiceImpl` — service layer. Tenant bound at construction via `cameleer.server.tenant.id` property. Uniqueness check via `findByName`. Narrowing-envs guard: rejects update that removes envs while rules reference the connection (rulesReferencing stubbed in Plan 01, wired in Plan 02). Delete guard: rejects if referenced by rules.
+- `controller/OutboundConnectionAdminController` — REST controller. Class-level `@PreAuthorize("hasRole('ADMIN')")` defaults; GETs relaxed to ADMIN|OPERATOR. Resolves acting user id via the user-id convention (strip `"user:"` from `authentication.name` → matches `users.user_id` FK). Audit via `AuditCategory.OUTBOUND_CONNECTION_CHANGE`.
+- `dto/OutboundConnectionRequest` — Bean Validation: `@NotBlank` name, `@Pattern("^https://.+")` url, `@NotNull` method/tlsTrustMode/auth. Compact ctor throws `IllegalArgumentException` if TRUST_PATHS with empty paths list.
+- `dto/OutboundConnectionDto` — response DTO. `hmacSecretSet: boolean` instead of the ciphertext; `authKind: OutboundAuthKind` instead of the full auth config.
+- `dto/OutboundConnectionTestResult` — result of POST `/{id}/test`: status, latencyMs, responseSnippet (first 512 chars), tlsProtocol/cipherSuite/peerCertSubject (protocol is "TLS" stub; enriched in Plan 02 follow-up), error (nullable).
+- `config/OutboundBeanConfig` — registers `OutboundConnectionRepository`, `SecretCipher`, `OutboundConnectionService` beans.
+
+## config/ — Spring beans
+
+- `RuntimeOrchestratorAutoConfig` — conditional Docker/Disabled orchestrator + NetworkManager + EventMonitor
+- `RuntimeBeanConfig` — DeploymentExecutor, AppService, EnvironmentService
+- `SecurityBeanConfig` — JwtService, Ed25519, BootstrapTokenValidator
+- `StorageBeanConfig` — all repositories
+- `ClickHouseConfig` — ClickHouse JdbcTemplate, schema initializer
--- a/.claude/rules/cicd.md
+++ b/.claude/rules/cicd.md
@@ -0,0 +1,27 @@
+---
+paths:
+  - ".gitea/**"
+  - "deploy/**"
+  - "Dockerfile"
+  - "docker-entrypoint.sh"
+---
+
+# CI/CD & Deployment
+
+- CI workflow: `.gitea/workflows/ci.yml` — build -> docker -> deploy on push to main or feature branches. `paths-ignore` skips the whole pipeline for docs-only / `.planning/` / `.claude/` / `*.md` changes (push and PR triggers).
+- Build step skips integration tests (`-DskipITs`) — Testcontainers needs Docker daemon
+- Build caches (parallel `actions/cache@v4` steps in the `build` job): `~/.m2/repository` (key on all `pom.xml`), `~/.npm` (key on `ui/package-lock.json`), `ui/node_modules/.vite` (key on `ui/package-lock.json` + `ui/vite.config.ts`). UI install uses `npm ci --prefer-offline --no-audit --fund=false` so the npm cache is the primary source.
+- Maven build performance (set in `pom.xml` and `cameleer-server-app/pom.xml`): `useIncrementalCompilation=true` on the compiler plugin; Surefire uses `forkCount=1C` + `reuseForks=true` (one JVM per CPU core, reused across test classes); Failsafe keeps `forkCount=1` + `reuseForks=true`. Unit tests must not rely on per-class JVM isolation.
+- UI build script (`ui/package.json`): `build` is `vite build` only — the type-check pass was split out into `npm run typecheck` (run separately when you want a full `tsc --noEmit` sweep).
+- Docker: multi-stage build (`Dockerfile`), `$BUILDPLATFORM` for native Maven on ARM64 runner, amd64 runtime. `docker-entrypoint.sh` imports `/certs/ca.pem` into JVM truststore before starting the app (supports custom CAs for OIDC discovery without `CAMELEER_SERVER_SECURITY_OIDCTLSSKIPVERIFY`).
+- `REGISTRY_TOKEN` build arg required for `cameleer-common` dependency resolution
+- Registry: `gitea.siegeln.net/cameleer/cameleer-server` (container images)
+- K8s manifests in `deploy/` — Kustomize base + overlays (main/feature), shared infra (PostgreSQL, ClickHouse, Logto) as top-level manifests
+- Deployment target: k3s at 192.168.50.86, namespace `cameleer` (main), `cam-<slug>` (feature branches)
+- Feature branches: isolated namespace, PG schema; Traefik Ingress at `<slug>-api.cameleer.siegeln.net`
+- Secrets managed in CI deploy step (idempotent `--dry-run=client | kubectl apply`): `cameleer-auth`, `cameleer-postgres-credentials`, `cameleer-clickhouse-credentials`
+- K8s probes: server uses `/api/v1/health`, PostgreSQL uses `pg_isready -U "$POSTGRES_USER"` (env var, not hardcoded)
+- K8s security: server and database pods run with `securityContext.runAsNonRoot`. UI (nginx) runs without securityContext (needs root for entrypoint setup).
+- Docker: server Dockerfile has no default credentials — all DB config comes from env vars at runtime
+- Docker build uses buildx registry cache + `--provenance=false` for Gitea compatibility
+- CI: branch slug sanitization extracted to `.gitea/sanitize-branch.sh`, sourced by docker and deploy-feature jobs
--- a/.claude/rules/core-classes.md
+++ b/.claude/rules/core-classes.md
@@ -0,0 +1,117 @@
+---
+paths:
+  - "cameleer-server-core/**"
+---
+
+# Core Module Key Classes
+
+`cameleer-server-core/src/main/java/com/cameleer/server/core/`
+
+## agent/ — Agent lifecycle and commands
+
+- `AgentRegistryService` — in-memory registry (ConcurrentHashMap), register/heartbeat/lifecycle
+- `AgentInfo` — record: id, name, application, environmentId, version, routeIds, capabilities, state
+- `AgentCommand` — record: id, type, targetAgent, payload, createdAt, expiresAt
+- `AgentEventService` — records agent state changes, heartbeats
+- `AgentState` — enum: LIVE, STALE, DEAD, SHUTDOWN
+- `CommandType` — enum for command types (config-update, deep-trace, replay, route-control, etc.)
+- `CommandStatus` — enum for command acknowledgement states
+- `CommandReply` — record: command execution result from agent
+- `AgentEventRecord`, `AgentEventRepository` — event persistence. `AgentEventRepository.queryPage(...)` is cursor-paginated (`AgentEventPage{data, nextCursor, hasMore}`); the legacy non-paginated `query(...)` path is gone. `AgentEventRepository.findInWindow(env, appSlug, agentId, eventTypes, from, to, limit)` returns matching events ordered by `(timestamp ASC, insert_id ASC)` — consumed by `AgentLifecycleEvaluator`.
+- `AgentEventPage` — record: `(List<AgentEventRecord> data, String nextCursor, boolean hasMore)` returned by `AgentEventRepository.queryPage`
+- `AgentEventListener` — callback interface for agent events
+- `RouteStateRegistry` — tracks per-agent route states
+
+## runtime/ — App/Environment/Deployment domain
+
+- `App` — record: id, environmentId, slug, displayName, containerConfig (JSONB)
+- `AppVersion` — record: id, appId, version, jarPath, detectedRuntimeType, detectedMainClass
+- `Environment` — record: id, slug, displayName, production, enabled, defaultContainerConfig, jarRetentionCount, color, createdAt. `color` is one of the 8 preset palette values validated by `EnvironmentColor.VALUES` and CHECK-constrained in PostgreSQL (V2 migration).
+- `EnvironmentColor` — constants: `DEFAULT = "slate"`, `VALUES = {slate,red,amber,green,teal,blue,purple,pink}`, `isValid(String)`.
+- `Deployment` — record: id, appId, appVersionId, environmentId, status, targetState, deploymentStrategy, replicaStates (JSONB), deployStage, containerId, containerName, createdBy (String, user_id reference; nullable for pre-V4 historical rows)
+- `DeploymentStatus` — enum: STOPPED, STARTING, RUNNING, DEGRADED, STOPPING, FAILED. `DEGRADED` is reserved for post-deploy drift (a replica died after RUNNING); `DeploymentExecutor` now marks partial-healthy deploys FAILED, not DEGRADED.
+- `DeployStage` — enum: PRE_FLIGHT, PULL_IMAGE, CREATE_NETWORK, START_REPLICAS, HEALTH_CHECK, SWAP_TRAFFIC, COMPLETE
+- `DeploymentStrategy` — enum: BLUE_GREEN, ROLLING. Stored on `ResolvedContainerConfig.deploymentStrategy` as kebab-case string (`"blue-green"` / `"rolling"`). `fromWire(String)` is the only conversion entry point; unknown/null inputs fall back to BLUE_GREEN so the executor dispatch site never null-checks or throws.
+- `DeploymentService` — createDeployment (calls `deleteFailedByAppAndEnvironment` first so FAILED rows don't pile up; STOPPED rows are preserved as restorable checkpoints), markRunning, markFailed, markStopped
+- `RuntimeType` — enum: AUTO, SPRING_BOOT, QUARKUS, PLAIN_JAVA, NATIVE
+- `RuntimeDetector` — probes JAR files at upload time: detects runtime from manifest Main-Class (Spring Boot loader, Quarkus entry point, plain Java) or native binary (non-ZIP magic bytes)
+- `ContainerRequest` — record: 20 fields for Docker container creation (includes runtimeType, customArgs, mainClass)
+- `ContainerStatus` — record: state, running, exitCode, error
+- `ResolvedContainerConfig` — record: typed config with memoryLimitMb, memoryReserveMb, cpuRequest, cpuLimit, appPort, exposedPorts, customEnvVars, stripPathPrefix, sslOffloading, routingMode, routingDomain, serverUrl, replicas, deploymentStrategy, routeControlEnabled, replayEnabled, runtimeType, customArgs, extraNetworks, externalRouting (default `true`; when `false`, `TraefikLabelBuilder` strips all `traefik.*` labels so the container is not publicly routed), certResolver (server-wide, sourced from `CAMELEER_SERVER_RUNTIME_CERTRESOLVER`; when blank the `tls.certresolver` label is omitted — use for dev installs with a static TLS store)
+- `RoutingMode` — enum for routing strategies
+- `ConfigMerger` — pure function: resolve(globalDefaults, envConfig, appConfig) -> ResolvedContainerConfig
+- `RuntimeOrchestrator` — interface: startContainer, stopContainer, getContainerStatus, getLogs, startLogCapture, stopLogCapture
+- `AppRepository`, `AppVersionRepository`, `EnvironmentRepository`, `DeploymentRepository` — repository interfaces
+- `AppService`, `EnvironmentService` — domain services
+
+## search/ — Execution search and stats
+
+- `SearchService` — search, count, stats, statsForApp, statsForRoute, timeseries, timeseriesForApp, timeseriesForRoute, timeseriesGroupedByApp, timeseriesGroupedByRoute, slaCompliance, slaCountsByApp, slaCountsByRoute, topErrors, activeErrorTypes, punchcard, distinctAttributeKeys. `statsForRoute`/`timeseriesForRoute` take `(routeId, applicationId)` — app filter is applied to `stats_1m_route`.
+- `SearchRequest` / `SearchResult` — search DTOs. `SearchRequest.attributeFilters: List<AttributeFilter>` carries structured facet filters for execution attributes — key-only (exists), exact (key=value), or wildcard (`*` in value). The 21-arg legacy ctor is preserved for call-site churn; the compact ctor normalises null → `List.of()`.
+- `AttributeFilter(key, value)` — record with key regex `^[a-zA-Z0-9._-]+$` (inlined into SQL, same constraint as alerting), `value == null` means key-exists, `value` containing `*` becomes a SQL LIKE pattern via `toLikePattern()`.
+- `ExecutionStats`, `ExecutionSummary` — stats aggregation records
+- `StatsTimeseries`, `TopError` — timeseries and error DTOs
+- `LogSearchRequest` / `LogSearchResponse` — log search DTOs. `LogSearchRequest.sources` / `levels` are `List<String>` (null-normalized, multi-value OR); `cursor` + `limit` + `sort` drive keyset pagination. Response carries `nextCursor` + `hasMore` + per-level `levelCounts`.
+
+## storage/ — Storage abstractions
+
+- `ExecutionStore`, `MetricsStore`, `MetricsQueryStore`, `StatsStore`, `DiagramStore`, `RouteCatalogStore`, `SearchIndex`, `LogIndex` — interfaces. `DiagramStore.findLatestContentHashForAppRoute(appId, routeId, env)` resolves the latest diagram by (app, env, route) without consulting the agent registry, so routes whose publishing agents were removed between app versions still resolve. `findContentHashForRoute(route, instance)` is retained for the ingestion path that stamps a per-execution `diagramContentHash` at ingest time (point-in-time link from `ExecutionDetail`/`ExecutionSummary`).
+- `RouteCatalogEntry` — record: applicationId, routeId, environment, firstSeen, lastSeen
+- `LogEntryResult` — log query result record
+- `model/` — `ExecutionDocument`, `MetricTimeSeries`, `MetricsSnapshot`
+
+## rbac/ — Role-based access control
+
+- `RbacService` — interface: role/group CRUD, assignRoleToUser, removeRoleFromUser, addUserToGroup, removeUserFromGroup, getDirectRolesForUser, getEffectiveRolesForUser, clearManagedAssignments, assignManagedRole, addUserToManagedGroup, getStats, listUsers
+- `SystemRole` — enum: AGENT, VIEWER, OPERATOR, ADMIN; `normalizeScope()` maps scopes
+- `UserDetail`, `RoleDetail`, `GroupDetail` — records
+- `UserSummary`, `RoleSummary`, `GroupSummary` — lightweight list records
+- `RbacStats` — aggregate stats record
+- `AssignmentOrigin` — enum: DIRECT, CLAIM_MAPPING (tracks how roles were assigned)
+- `ClaimMappingRule` — record: OIDC claim-to-role mapping rule
+- `ClaimMappingService` — interface: CRUD for claim mapping rules
+- `ClaimMappingRepository` — persistence interface
+- `RoleRepository`, `GroupRepository` — persistence interfaces
+
+## admin/ — Server-wide admin config
+
+- `SensitiveKeysConfig` — record: keys (List<String>, immutable)
+- `SensitiveKeysRepository` — interface: find(), save()
+- `SensitiveKeysMerger` — pure function: merge(global, perApp) -> union with case-insensitive dedup, preserves first-seen casing. Returns null when both inputs null.
+- `AppSettings`, `AppSettingsRepository` — per-app-per-env settings config and persistence. Record carries `(applicationId, environment, …)`; repository methods are `findByApplicationAndEnvironment`, `findByEnvironment`, `save`, `delete(appId, env)`. `AppSettings.defaults(appId, env)` produces a default instance scoped to an environment.
+- `ThresholdConfig`, `ThresholdRepository` — alerting threshold config and persistence
+- `AuditService` — audit logging facade
+- `AuditRecord`, `AuditResult`, `AuditCategory` (enum: `INFRA, AUTH, USER_MGMT, CONFIG, RBAC, AGENT, OUTBOUND_CONNECTION_CHANGE, OUTBOUND_HTTP_TRUST_CHANGE, ALERT_RULE_CHANGE, ALERT_SILENCE_CHANGE, DEPLOYMENT`), `AuditRepository` — audit trail records and persistence
+
+## http/ — Outbound HTTP primitives (cross-cutting)
+
+- `OutboundHttpClientFactory` — interface: `clientFor(context)` returns memoized `CloseableHttpClient`
+- `OutboundHttpProperties` — record: `trustAll, trustedCaPemPaths, defaultConnectTimeout, defaultReadTimeout, proxyUrl, proxyUsername, proxyPassword`
+- `OutboundHttpRequestContext` — record of per-call TLS/timeout overrides; `systemDefault()` static factory
+- `TrustMode` — enum: `SYSTEM_DEFAULT | TRUST_ALL | TRUST_PATHS`
+
+## outbound/ — Admin-managed outbound connections
+
+- `OutboundConnection` — record: id, tenantId, name, description, url, method, defaultHeaders, defaultBodyTmpl, tlsTrustMode, tlsCaPemPaths, hmacSecretCiphertext, auth, allowedEnvironmentIds, createdAt, createdBy (String user_id), updatedAt, updatedBy (String user_id). `isAllowedInEnvironment(envId)` returns true when allowed-envs list is empty OR contains the env.
+- `OutboundAuth` — sealed interface + records: `None | Bearer(tokenCiphertext) | Basic(username, passwordCiphertext)`. Jackson `@JsonTypeInfo(use = DEDUCTION)` — wire shape has no discriminator, subtype inferred from fields.
+- `OutboundAuthKind`, `OutboundMethod` — enums
+- `OutboundConnectionRepository` — CRUD by (tenantId, id): save/findById/findByName/listByTenant/delete
+- `OutboundConnectionService` — create/update/delete/get/list with uniqueness + narrow-envs + delete-if-referenced guards. `rulesReferencing(id)` stubbed in Plan 01 (returns `[]`); populated in Plan 02 against `AlertRuleRepository`.
+
+## security/ — Auth
+
+- `JwtService` — interface: createAccessToken, createRefreshToken, validateAccessToken, validateRefreshToken
+- `Ed25519SigningService` — interface: sign, getPublicKeyBase64 (config signing)
+- `OidcConfig` — record: enabled, issuerUri, clientId, clientSecret, rolesClaim, defaultRoles, autoSignup, displayNameClaim, userIdClaim, audience, additionalScopes
+- `OidcConfigRepository` — persistence interface
+- `PasswordPolicyValidator` — min 12 chars, 3-of-4 character classes, no username match
+- `UserInfo`, `UserRepository` — user identity records and persistence
+- `InvalidTokenException` — thrown on revoked/expired tokens
+
+## ingestion/ — Buffered data pipeline
+
+- `IngestionService` — diagram + metrics facade (`ingestDiagram`, `acceptMetrics`, `getMetricsBuffer`). Execution ingestion went through here via the legacy `RouteExecution` shape until `ChunkAccumulator` took over writes from the chunked pipeline — the `ingestExecution` path plus its `ExecutionStore.upsert` / `upsertProcessors` dependencies were removed.
+- `ChunkAccumulator` — batches data for efficient flush; owns the execution write path (chunks → buffers → flush scheduler → `ClickHouseExecutionStore.insertExecutionBatch`).
+- `WriteBuffer` — bounded ring buffer for async flush
+- `BufferedLogEntry` — log entry wrapper with metadata
+- `MergedExecution`, `TaggedDiagram` — tagged ingestion records. `TaggedDiagram` carries `(instanceId, applicationId, environment, graph)` — env is resolved from the agent registry in the controller and stamped on the ClickHouse `route_diagrams` row.
--- a/.claude/rules/docker-orchestration.md
+++ b/.claude/rules/docker-orchestration.md
@@ -0,0 +1,81 @@
+---
+paths:
+  - "cameleer-server-app/**/runtime/**"
+  - "cameleer-server-core/**/runtime/**"
+  - "deploy/**"
+  - "docker-compose*.yml"
+  - "Dockerfile"
+  - "docker-entrypoint.sh"
+---
+
+# Docker Orchestration
+
+When deployed via the cameleer-saas platform, this server orchestrates customer app containers using Docker. Key components:
+
+- **ConfigMerger** (`core/runtime/ConfigMerger.java`) — pure function: resolve(globalDefaults, envConfig, appConfig) -> ResolvedContainerConfig. Three-layer merge: global (application.yml) -> environment (defaultContainerConfig JSONB) -> app (containerConfig JSONB). Includes `runtimeType` (default `"auto"`) and `customArgs` (default `""`).
+- **TraefikLabelBuilder** (`app/runtime/TraefikLabelBuilder.java`) — generates Traefik Docker labels for path-based (`/{envSlug}/{appSlug}/`) or subdomain-based (`{appSlug}-{envSlug}.{domain}`) routing. Supports strip-prefix and SSL offloading toggles. Per-replica identity labels: `cameleer.replica` (index), `cameleer.generation` (8-char deployment UUID prefix — pin Prometheus/Grafana deploy boundaries with this), `cameleer.instance-id` (`{envSlug}-{appSlug}-{replicaIndex}-{generation}`). Traefik router/service keys deliberately omit the generation so load balancing spans old + new replicas during a blue/green overlap. When `ResolvedContainerConfig.externalRouting()` is `false` (UI: Resources → External Routing, default `true`), the builder emits ONLY the identity labels (`managed-by`, `cameleer.*`) and skips every `traefik.*` label — the container stays on `cameleer-traefik` and the per-env network (so sibling containers can still reach it via Docker DNS) but is invisible to Traefik. The `tls.certresolver` label is emitted only when `CAMELEER_SERVER_RUNTIME_CERTRESOLVER` is set to a non-blank resolver name (matching a resolver configured in the Traefik static config). When unset (dev installs backed by a static TLS store) only `tls=true` is emitted and Traefik serves the default cert from the TLS store.
+- **PrometheusLabelBuilder** (`app/runtime/PrometheusLabelBuilder.java`) — generates Prometheus `docker_sd_configs` labels per resolved runtime type: Spring Boot `/actuator/prometheus:8081`, Quarkus/native `/q/metrics:9000`, plain Java `/metrics:9464`. Labels merged into container metadata alongside Traefik labels at deploy time.
+- **DockerNetworkManager** (`app/runtime/DockerNetworkManager.java`) — manages two Docker network tiers:
+  - `cameleer-traefik` — shared network; Traefik, server, and all app containers attach here. Server joined via docker-compose with `cameleer-server` DNS alias.
+  - `cameleer-env-{slug}` — per-environment isolated network; containers in the same environment discover each other via Docker DNS. In SaaS mode, env networks are tenant-scoped: `cameleer-env-{tenantId}-{envSlug}` (overloaded `envNetworkName(tenantId, envSlug)` method) to prevent cross-tenant collisions when multiple tenants have identically-named environments.
+- **DockerEventMonitor** (`app/runtime/DockerEventMonitor.java`) — persistent Docker event stream listener for containers with `managed-by=cameleer-server` label. Detects die/oom/start/stop events and updates deployment replica states. Periodic reconciliation (@Scheduled every 30s) inspects actual container state and corrects deployment status mismatches (fixes stale DEGRADED with all replicas healthy).
+- **DeploymentProgress** (`ui/src/components/DeploymentProgress.tsx`) — UI step indicator showing 7 deploy stages with amber active/green completed styling.
+- **ContainerLogForwarder** (`app/runtime/ContainerLogForwarder.java`) — streams Docker container stdout/stderr to ClickHouse `logs` table with `source='container'`. Uses `docker logs --follow` per container, batches lines every 2s or 50 lines. Parses Docker timestamp prefix, infers log level via regex. `DeploymentExecutor` starts capture after each replica launches with the replica's `instanceId` (`{envSlug}-{appSlug}-{replicaIndex}-{generation}`); `DockerEventMonitor` stops capture on die/oom. 60-second max capture timeout with 30s cleanup scheduler. Thread pool of 10 daemon threads. Container logs use the same `instanceId` as the agent (set via `CAMELEER_AGENT_INSTANCEID` env var) for unified log correlation at the instance level. Instance-id changes per deployment — cross-deploy queries aggregate on `application + environment` (and optionally `replica_index`).
+- **StartupLogPanel** (`ui/src/components/StartupLogPanel.tsx`) — collapsible log panel rendered below `DeploymentProgress`. Queries `/api/v1/logs?source=container&application={appSlug}&environment={envSlug}`. Auto-polls every 3s while deployment is STARTING; shows green "live" badge during polling, red "stopped" badge on FAILED. Uses `useStartupLogs` hook and `LogViewer` (design system).
+
+## DeploymentExecutor Details
+
+Primary network for app containers is set via `CAMELEER_SERVER_RUNTIME_DOCKERNETWORK` env var (in SaaS mode: `cameleer-tenant-{slug}`); apps also connect to `cameleer-traefik` (routing) and `cameleer-env-{tenantId}-{envSlug}` (per-environment discovery) as additional networks. Resolves `runtimeType: auto` to concrete type from `AppVersion.detectedRuntimeType` at PRE_FLIGHT (fails deployment if unresolvable). Builds Docker entrypoint per runtime type (all JVM types use `-javaagent:/app/agent.jar -jar`, plain Java uses `-cp` with main class, native runs binary directly). Sets per-replica `CAMELEER_AGENT_INSTANCEID` env var to `{envSlug}-{appSlug}-{replicaIndex}-{generation}` so container logs and agent logs share the same instance identity. Sets `CAMELEER_AGENT_*` env vars from `ResolvedContainerConfig` (routeControlEnabled, replayEnabled, health port). These are startup-only agent properties — changing them requires redeployment.
+
+**Container naming** — `{tenantId}-{envSlug}-{appSlug}-{replicaIndex}-{generation}`, where `generation` is the first 8 characters of the deployment UUID. The generation suffix lets old + new replicas coexist during a blue/green swap (deterministic names without a generation used to 409). All lookups across the executor, `DockerEventMonitor`, and `ContainerLogForwarder` key on container **id**, not name — the name is operator-visibility only.
+
+**Strategy dispatch** — `DeploymentStrategy.fromWire(config.deploymentStrategy())` branches the executor. Unknown values fall back to BLUE_GREEN so misconfiguration never throws at runtime.
+
+- **Blue/green** (default): start all N new replicas → wait for ALL healthy → stop the previous deployment. Resource peak ≈ 2× replicas for the health-check window. Partial health aborts with status FAILED; the previous deployment is preserved untouched (user's safety net).
+- **Rolling**: replace replicas one at a time — start new[i] → wait healthy → stop old[i] → next. Resource peak = replicas + 1. Mid-rollout health failure stops in-flight new containers and aborts; already-replaced old replicas are NOT restored (not reversible) but un-replaced old[i+1..N] keep serving traffic. User redeploys to recover.
+
+Traffic routing is implicit: Traefik labels (`cameleer.app`, `cameleer.environment`) are generation-agnostic, so new replicas attract load balancing as soon as they come up healthy — no explicit swap step.
+
+## Deployment Status Model
+
+| Status | Meaning |
+|--------|---------|
+| `STOPPED` | Intentionally stopped or initial state |
+| `STARTING` | Deploy in progress |
+| `RUNNING` | All replicas healthy and serving |
+| `DEGRADED` | Post-deploy: a replica died after the deploy was marked RUNNING. Set by `DockerEventMonitor` reconciliation, never by `DeploymentExecutor` directly. |
+| `STOPPING` | Graceful shutdown in progress |
+| `FAILED` | Terminal failure (pre-flight, health check, or crash). Partial-healthy deploys now mark FAILED — DEGRADED is reserved for post-deploy drift. |
+
+**Deploy stages** (`DeployStage`): PRE_FLIGHT -> PULL_IMAGE -> CREATE_NETWORK -> START_REPLICAS -> HEALTH_CHECK -> SWAP_TRAFFIC -> COMPLETE (or FAILED at any stage). Rolling reuses the same stage labels inside the per-replica loop; the UI progress bar shows the most recent stage.
+
+**Deployment retention**: `DeploymentService.createDeployment()` deletes FAILED deployments for the same app+environment before creating a new one, preventing failed-attempt buildup. STOPPED deployments are preserved as restorable checkpoints — the UI Checkpoints disclosure lists every deployment with a non-null `deployed_config_snapshot` (RUNNING, DEGRADED, STOPPED) minus the current one.
+
+## JAR Management
+
+- **Retention policy** per environment: configurable maximum number of JAR versions to keep. Older JARs are deleted automatically.
+- **Nightly cleanup job** (`JarRetentionJob`, Spring `@Scheduled` 03:00): purges JARs exceeding the retention limit and removes orphaned files not referenced by any app version. Skips versions currently deployed.
+- **Volume-based JAR mounting** for Docker-in-Docker setups: set `CAMELEER_SERVER_RUNTIME_JARDOCKERVOLUME` to the Docker volume name that contains the JAR storage directory. When set, the orchestrator mounts this volume into the container instead of bind-mounting the host path (required when the SaaS container itself runs inside Docker and the host path is not accessible from sibling containers).
+
+## Runtime Type Detection
+
+The server detects the app framework from uploaded JARs and builds Docker entrypoints. The agent shaded JAR bundles the log appender, so no separate `cameleer-log-appender.jar` or `PropertiesLauncher` is needed:
+
+- **Detection** (`RuntimeDetector`): runs at JAR upload time. Checks ZIP magic bytes (non-ZIP = native binary), then probes `META-INF/MANIFEST.MF` Main-Class: Spring Boot loader prefix -> `spring-boot`, Quarkus entry point -> `quarkus`, other Main-Class -> `plain-java` (extracts class name). Results stored on `AppVersion` (`detected_runtime_type`, `detected_main_class`).
+- **Runtime types** (`RuntimeType` enum): `AUTO`, `SPRING_BOOT`, `QUARKUS`, `PLAIN_JAVA`, `NATIVE`. Configurable per app/environment via `containerConfig.runtimeType` (default `"auto"`).
+- **Entrypoint per type**: All JVM types use `java -javaagent:/app/agent.jar -jar app.jar`. Plain Java uses `-cp` with explicit main class instead of `-jar`. Native runs the binary directly.
+- **Custom arguments** (`containerConfig.customArgs`): freeform string appended to the start command. Validated against a strict pattern to prevent shell injection (entrypoint uses `sh -c`).
+- **AUTO resolution**: at deploy time (PRE_FLIGHT), `"auto"` resolves to the detected type from `AppVersion`. Fails deployment if detection was unsuccessful — user must set type explicitly.
+- **UI**: Resources tab shows Runtime Type dropdown (with detection hint from latest uploaded version) and Custom Arguments text field.
+
+## SaaS Multi-Tenant Network Isolation
+
+In SaaS mode, each tenant's server and its deployed apps are isolated at the Docker network level:
+
+- **Tenant network** (`cameleer-tenant-{slug}`) — primary internal bridge for all of a tenant's containers. Set as `CAMELEER_SERVER_RUNTIME_DOCKERNETWORK` for the tenant's server instance. Tenant A's apps cannot reach tenant B's apps.
+- **Shared services network** — server also connects to the shared infrastructure network (PostgreSQL, ClickHouse, Logto) and `cameleer-traefik` for HTTP routing.
+- **Tenant-scoped environment networks** (`cameleer-env-{tenantId}-{envSlug}`) — per-environment discovery is scoped per tenant, so `alpha-corp`'s "dev" environment network is separate from `beta-corp`'s "dev" environment network.
+
+## nginx / Reverse Proxy
+
+- `client_max_body_size 200m` is required in the nginx config to allow JAR uploads up to 200 MB. Without this, large JAR uploads return 413.
--- a/.claude/rules/gitnexus.md
+++ b/.claude/rules/gitnexus.md
@@ -0,0 +1,98 @@
+# GitNexus — Code Intelligence
+
+This project is indexed by GitNexus as **cameleer-server** (6306 symbols, 15892 relationships, 300 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely.
+
+> If any GitNexus tool warns the index is stale, run `npx gitnexus analyze` in terminal first.
+
+## Always Do
+
+- **MUST run impact analysis before editing any symbol.** Before modifying a function, class, or method, run `gitnexus_impact({target: "symbolName", direction: "upstream"})` and report the blast radius (direct callers, affected processes, risk level) to the user.
+- **MUST run `gitnexus_detect_changes()` before committing** to verify your changes only affect expected symbols and execution flows.
+- **MUST warn the user** if impact analysis returns HIGH or CRITICAL risk before proceeding with edits.
+- When exploring unfamiliar code, use `gitnexus_query({query: "concept"})` to find execution flows instead of grepping. It returns process-grouped results ranked by relevance.
+- When you need full context on a specific symbol — callers, callees, which execution flows it participates in — use `gitnexus_context({name: "symbolName"})`.
+
+## When Debugging
+
+1. `gitnexus_query({query: "<error or symptom>"})` — find execution flows related to the issue
+2. `gitnexus_context({name: "<suspect function>"})` — see all callers, callees, and process participation
+3. `READ gitnexus://repo/cameleer-server/process/{processName}` — trace the full execution flow step by step
+4. For regressions: `gitnexus_detect_changes({scope: "compare", base_ref: "main"})` — see what your branch changed
+
+## When Refactoring
+
+- **Renaming**: MUST use `gitnexus_rename({symbol_name: "old", new_name: "new", dry_run: true})` first. Review the preview — graph edits are safe, text_search edits need manual review. Then run with `dry_run: false`.
+- **Extracting/Splitting**: MUST run `gitnexus_context({name: "target"})` to see all incoming/outgoing refs, then `gitnexus_impact({target: "target", direction: "upstream"})` to find all external callers before moving code.
+- After any refactor: run `gitnexus_detect_changes({scope: "all"})` to verify only expected files changed.
+
+## Never Do
+
+- NEVER edit a function, class, or method without first running `gitnexus_impact` on it.
+- NEVER ignore HIGH or CRITICAL risk warnings from impact analysis.
+- NEVER rename symbols with find-and-replace — use `gitnexus_rename` which understands the call graph.
+- NEVER commit changes without running `gitnexus_detect_changes()` to check affected scope.
+
+## Tools Quick Reference
+
+| Tool | When to use | Command |
+|------|-------------|---------|
+| `query` | Find code by concept | `gitnexus_query({query: "auth validation"})` |
+| `context` | 360-degree view of one symbol | `gitnexus_context({name: "validateUser"})` |
+| `impact` | Blast radius before editing | `gitnexus_impact({target: "X", direction: "upstream"})` |
+| `detect_changes` | Pre-commit scope check | `gitnexus_detect_changes({scope: "staged"})` |
+| `rename` | Safe multi-file rename | `gitnexus_rename({symbol_name: "old", new_name: "new", dry_run: true})` |
+| `cypher` | Custom graph queries | `gitnexus_cypher({query: "MATCH ..."})` |
+
+## Impact Risk Levels
+
+| Depth | Meaning | Action |
+|-------|---------|--------|
+| d=1 | WILL BREAK — direct callers/importers | MUST update these |
+| d=2 | LIKELY AFFECTED — indirect deps | Should test |
+| d=3 | MAY NEED TESTING — transitive | Test if critical path |
+
+## Resources
+
+| Resource | Use for |
+|----------|---------|
+| `gitnexus://repo/cameleer-server/context` | Codebase overview, check index freshness |
+| `gitnexus://repo/cameleer-server/clusters` | All functional areas |
+| `gitnexus://repo/cameleer-server/processes` | All execution flows |
+| `gitnexus://repo/cameleer-server/process/{name}` | Step-by-step execution trace |
+
+## Self-Check Before Finishing
+
+Before completing any code modification task, verify:
+1. `gitnexus_impact` was run for all modified symbols
+2. No HIGH/CRITICAL risk warnings were ignored
+3. `gitnexus_detect_changes()` confirms changes match expected scope
+4. All d=1 (WILL BREAK) dependents were updated
+
+## Keeping the Index Fresh
+
+After committing code changes, the GitNexus index becomes stale. Re-run analyze to update it:
+
+```bash
+npx gitnexus analyze
+```
+
+If the index previously included embeddings, preserve them by adding `--embeddings`:
+
+```bash
+npx gitnexus analyze --embeddings
+```
+
+To check whether embeddings exist, inspect `.gitnexus/meta.json` — the `stats.embeddings` field shows the count (0 means no embeddings). **Running analyze without `--embeddings` will delete any previously generated embeddings.**
+
+> Claude Code users: A PostToolUse hook handles this automatically after `git commit` and `git merge`.
+
+## CLI
+
+| Task | Read this skill file |
+|------|---------------------|
+| Understand architecture / "How does X work?" | `.claude/skills/gitnexus/gitnexus-exploring/SKILL.md` |
+| Blast radius / "What breaks if I change X?" | `.claude/skills/gitnexus/gitnexus-impact-analysis/SKILL.md` |
+| Trace bugs / "Why is X failing?" | `.claude/skills/gitnexus/gitnexus-debugging/SKILL.md` |
+| Rename / extract / split / refactor | `.claude/skills/gitnexus/gitnexus-refactoring/SKILL.md` |
+| Tools, resources, schema reference | `.claude/skills/gitnexus/gitnexus-guide/SKILL.md` |
+| Index, status, clean, wiki CLI commands | `.claude/skills/gitnexus/gitnexus-cli/SKILL.md` |
--- a/.claude/rules/metrics.md
+++ b/.claude/rules/metrics.md
@@ -0,0 +1,107 @@
+---
+paths:
+  - "cameleer-server-app/**/metrics/**"
+  - "cameleer-server-app/**/ServerMetrics*"
+  - "ui/src/pages/RuntimeTab/**"
+  - "ui/src/pages/DashboardTab/**"
+---
+
+# Prometheus Metrics
+
+Server exposes `/api/v1/prometheus` (unauthenticated, Prometheus text format). Spring Boot Actuator provides JVM, GC, thread pool, and `http.server.requests` metrics automatically. Business metrics via `ServerMetrics` component.
+
+The same `MeterRegistry` is also snapshotted to ClickHouse every 60 s by `ServerMetricsSnapshotScheduler` (see "Server self-metrics persistence" at the bottom of this file) — so historical server-health data survives restarts without an external Prometheus.
+
+## Gauges (auto-polled)
+
+| Metric | Tags | Source |
+|--------|------|--------|
+| `cameleer.agents.connected` | `state` (live, stale, dead, shutdown) | `AgentRegistryService.findByState()` |
+| `cameleer.agents.sse.active` | — | `SseConnectionManager.getConnectionCount()` |
+| `cameleer.ingestion.buffer.size` | `type` (execution, processor, log, metrics) | `WriteBuffer.size()` |
+| `cameleer.ingestion.accumulator.pending` | — | `ChunkAccumulator.getPendingCount()` |
+
+## Counters
+
+| Metric | Tags | Instrumented in |
+|--------|------|-----------------|
+| `cameleer.ingestion.drops` | `reason` (buffer_full, no_agent, no_identity) | `LogIngestionController` |
+| `cameleer.agents.transitions` | `transition` (went_stale, went_dead, recovered) | `AgentLifecycleMonitor` |
+| `cameleer.deployments.outcome` | `status` (running, failed, degraded) | `DeploymentExecutor` |
+| `cameleer.auth.failures` | `reason` (invalid_token, revoked, oidc_rejected) | `JwtAuthenticationFilter` |
+
+## Timers
+
+| Metric | Tags | Instrumented in |
+|--------|------|-----------------|
+| `cameleer.ingestion.flush.duration` | `type` (execution, processor, log) | `ExecutionFlushScheduler` |
+| `cameleer.deployments.duration` | — | `DeploymentExecutor` |
+
+## Agent container Prometheus labels (set by PrometheusLabelBuilder at deploy time)
+
+| Runtime Type | `prometheus.path` | `prometheus.port` |
+|---|---|---|
+| `spring-boot` | `/actuator/prometheus` | `8081` |
+| `quarkus` / `native` | `/q/metrics` | `9000` |
+| `plain-java` | `/metrics` | `9464` |
+
+All containers also get `prometheus.scrape=true`. These labels enable Prometheus `docker_sd_configs` auto-discovery.
+
+## Agent Metric Names (Micrometer)
+
+Agents send `MetricsSnapshot` records with Micrometer-convention metric names. The server stores them generically (ClickHouse `agent_metrics.metric_name`). The UI references specific names in `AgentInstance.tsx` for JVM charts.
+
+### JVM metrics (used by UI)
+
+| Metric name | UI usage |
+|---|---|
+| `process.cpu.usage.value` | CPU % stat card + chart |
+| `jvm.memory.used.value` | Heap MB stat card + chart (tags: `area=heap`) |
+| `jvm.memory.max.value` | Heap max for % calculation (tags: `area=heap`) |
+| `jvm.threads.live.value` | Thread count chart |
+| `jvm.gc.pause.total_time` | GC time chart |
+
+### Camel route metrics (stored, queried by dashboard)
+
+| Metric name | Type | Tags |
+|---|---|---|
+| `camel.exchanges.succeeded.count` | counter | `routeId`, `camelContext` |
+| `camel.exchanges.failed.count` | counter | `routeId`, `camelContext` |
+| `camel.exchanges.total.count` | counter | `routeId`, `camelContext` |
+| `camel.exchanges.failures.handled.count` | counter | `routeId`, `camelContext` |
+| `camel.route.policy.count` | count | `routeId`, `camelContext` |
+| `camel.route.policy.total_time` | total | `routeId`, `camelContext` |
+| `camel.route.policy.max` | gauge | `routeId`, `camelContext` |
+| `camel.routes.running.value` | gauge | — |
+
+Mean processing time = `camel.route.policy.total_time / camel.route.policy.count`. Min processing time is not available (Micrometer does not track minimums).
+
+### Cameleer agent metrics
+
+| Metric name | Type | Tags |
+|---|---|---|
+| `cameleer.chunks.exported.count` | counter | `instanceId` |
+| `cameleer.chunks.dropped.count` | counter | `instanceId`, `reason` |
+| `cameleer.sse.reconnects.count` | counter | `instanceId` |
+| `cameleer.taps.evaluated.count` | counter | `instanceId` |
+| `cameleer.metrics.exported.count` | counter | `instanceId` |
+
+## Server self-metrics persistence
+
+`ServerMetricsSnapshotScheduler` walks `MeterRegistry.getMeters()` every 60 s (configurable via `cameleer.server.self-metrics.interval-ms`) and writes one row per Micrometer `Measurement` to the ClickHouse `server_metrics` table. Full registry is captured — Spring Boot Actuator series (`jvm.*`, `process.*`, `http.server.requests`, `hikaricp.*`, `jdbc.*`, `tomcat.*`, `logback.events`, `system.*`) plus `cameleer.*` and `alerting_*`.
+
+**Table** (`cameleer-server-app/src/main/resources/clickhouse/init.sql`):
+
+```
+server_metrics(tenant_id, collected_at, server_instance_id,
+               metric_name, metric_type, statistic, metric_value,
+               tags Map(String,String), server_received_at)
+```
+
+- `metric_type` — lowercase Micrometer `Meter.Type` (counter, gauge, timer, distribution_summary, long_task_timer, other)
+- `statistic` — Micrometer `Statistic.getTagValueRepresentation()` (value, count, total, total_time, max, mean, active_tasks, duration). Timers emit 3 rows per tick (count + total_time + max); gauges/counters emit 1 (`statistic='value'` or `'count'`).
+- No `environment` column — the server is env-agnostic.
+- `tenant_id` threaded from `cameleer.server.tenant.id` (single-tenant per server).
+- `server_instance_id` resolved once at boot by `ServerInstanceIdConfig` (property → HOSTNAME → localhost → UUID fallback). Rotates across restarts so counter resets are unambiguous.
+- TTL: 90 days (vs 365 for `agent_metrics`). Write-only in v1 — no query endpoint or UI page. Inspect via ClickHouse admin: `/api/v1/admin/clickhouse/query` or direct SQL.
+- Toggle off entirely with `cameleer.server.self-metrics.enabled=false` (uses `@ConditionalOnProperty`).
--- a/.claude/rules/ui.md
+++ b/.claude/rules/ui.md
@@ -0,0 +1,75 @@
+---
+paths:
+  - "ui/**"
+---
+
+# UI Structure
+
+The UI has 4 main tabs: **Exchanges**, **Dashboard**, **Runtime**, **Deployments**.
+
+- **Exchanges** — route execution search and detail (`ui/src/pages/Exchanges/`)
+- **Dashboard** — metrics and stats with L1/L2/L3 drill-down (`ui/src/pages/DashboardTab/`)
+- **Runtime** — live agent status, logs, commands (`ui/src/pages/RuntimeTab/`). AgentHealth supports compact view (dense health-tinted cards) and expanded view (full GroupCard+DataTable per app). View mode persisted to localStorage.
+- **Deployments** — unified app deployment page (`ui/src/pages/AppsTab/`)
+  - Routes: `/apps` (list, `AppListView` in `AppsTab.tsx`), `/apps/new` + `/apps/:slug` (both render `AppDeploymentPage`).
+  - Identity & Artifact section always visible; name editable pre-first-deploy, read-only after. JAR picker client-stages; new JAR + any form edits flip the primary button from `Save` to `Redeploy`. Environment fixed to the currently-selected env (no selector).
+  - Config sub-tabs: **Monitoring | Resources | Variables | Sensitive Keys | Deployment | ● Traces & Taps | ● Route Recording**. The four staged tabs feed dirty detection; the `●` live tabs apply in real-time (amber LiveBanner + default `?apply=live` on their writes) and never mark dirty.
+  - Primary action state machine: `Save` → `Uploading… N%` (during JAR upload; button shows percent with a tinted progress-fill overlay) → `Redeploy` → `Deploying…` during active deploy. Upload progress sourced from `useUploadJar` (XHR `upload.onprogress` → page-level `uploadPct` state). The button is disabled during `uploading` and `deploying`.
+  - Checkpoints render as a collapsible `CheckpointsTable` (default **collapsed**) **inside the Identity & Artifact `configGrid`** as an in-grid row (`Checkpoints | ▸ Expand (N)` / `▾ Collapse (N)`). `CheckpointsTable` returns a React.Fragment of grid-ready children so the label + trigger align with the other identity rows; when opened, a third grid child spans both columns via `grid-column: 1 / -1` so the 7-column table gets full width. Wired through `IdentitySection.checkpointsSlot` — `CheckpointDetailDrawer` stays in `IdentitySection.children` because it portals. Columns: Version · JAR (filename) · Deployed by · Deployed (relative `timeAgo` + user-locale sub-line via `new Date(iso).toLocaleString()`) · Strategy · Outcome · ›. Row click opens the drawer. Drawer tabs are ordered **Config | Logs** with `Config` as the default. Config panel has Snapshot / Diff vs current view modes. Replica filter in the Logs panel uses DS `Select`. Restore lives in the drawer footer (forces review). Visible row cap = `Environment.jarRetentionCount` (default 10 if 0/null); older rows accessible via "Show older (N)" expander. Currently-running deployment is excluded — represented separately by `StatusCard`. The empty-checkpoints case returns `null` (no row). The legacy `Checkpoints.tsx` row-list component is gone.
+  - Deployment tab: `StatusCard` + `DeploymentProgress` (during STARTING / FAILED) + flex-grow `StartupLogPanel` (no fixed maxHeight). Auto-activates when a deploy starts. The former `HistoryDisclosure` is retired — per-deployment config and logs live in the Checkpoints drawer. `StartupLogPanel` header mirrors the Runtime Application Log pattern: title + live/stopped badge + `N entries` + sort toggle (↑/↓, default **desc**) + refresh icon (`RefreshCw`). Sort drives the backend fetch via `useStartupLogs(…, sort)` so the 500-line limit returns the window closest to the user's interest; display order matches fetch order. Refresh scrolls to the latest edge (top for desc, bottom for asc). Sort + refresh buttons disable while a refetch is in flight. 3s polling while STARTING is unchanged.
+  - Unsaved-change router blocker uses DS `AlertDialog` (not `window.beforeunload`). Env switch intentionally discards edits without warning.
+
+**Admin pages** (ADMIN-only, under `/admin/`):
+- **Sensitive Keys** (`ui/src/pages/Admin/SensitiveKeysPage.tsx`) — global sensitive key masking config. Shows agent built-in defaults as outlined Badge reference, editable Tag pills for custom keys, amber-highlighted push-to-agents toggle. Keys add to (not replace) agent defaults. Per-app sensitive key additions managed via `ApplicationConfigController` API. Note: `AppConfigDetailPage.tsx` exists but is not routed in `router.tsx`.
+- **Server Metrics** (`ui/src/pages/Admin/ServerMetricsAdminPage.tsx`) — dashboard over the `server_metrics` ClickHouse table. Visibility matches Database/ClickHouse pages: gated on `capabilities.infrastructureEndpoints` in `buildAdminTreeNodes`; backend is `@ConditionalOnProperty(infrastructureendpoints) + @PreAuthorize('hasRole(ADMIN)')`. Uses the generic `/api/v1/admin/server-metrics/{catalog,instances,query}` API via `ui/src/api/queries/admin/serverMetrics.ts` hooks (`useServerMetricsCatalog`, `useServerMetricsInstances`, `useServerMetricsSeries`), all three of which take a `ServerMetricsRange = { from: Date; to: Date }`. Time range is driven by the global TopBar picker via `useGlobalFilters()` — no page-local selector; bucket size auto-scales through `stepSecondsFor(windowSeconds)` (10 s up to 1 h buckets). Toolbar is just server-instance badges. Sections: Server health (agents/ingestion/auth), JVM (memory/CPU/GC/threads), HTTP & DB pools, Alerting (conditional on catalog), Deployments (conditional on catalog). Each panel is a `ThemedChart` with `Line`/`Area` children from the design system; multi-series responses are flattened into overlap rows by bucket timestamp. Alerting and Deployments rows are hidden when their metrics aren't in the catalog (zero-deploy / alerting-disabled installs).
+
+## Key UI Files
+
+- `ui/src/router.tsx` — React Router v6 routes
+- `ui/src/config.ts` — apiBaseUrl, basePath
+- `ui/src/auth/auth-store.ts` — Zustand: accessToken, user, roles, login/logout
+- `ui/src/api/environment-store.ts` — Zustand: selected environment (localStorage)
+- `ui/src/components/ContentTabs.tsx` — main tab switcher
+- `ui/src/components/EnvironmentSwitcherButton.tsx` + `EnvironmentSwitcherModal.tsx` — explicit env picker (button in TopBar; DS `Modal`-based list). Replaces the retired `EnvironmentSelector` (All-Envs dropdown). When `envRecords.length > 0` and the stored `selectedEnv` no longer matches any env, `LayoutShell` opens the modal in `forced` mode (non-dismissible). Switcher pulls env records from `useEnvironments()` (admin endpoint; readable by VIEWER+).
+- `ui/src/components/env-colors.ts` + `ui/src/styles/env-colors.css` — 8-swatch preset palette for the per-environment color indicator. Tokens `--env-color-slate/red/amber/green/teal/blue/purple/pink` are defined for both light and dark themes. `envColorVar(name)` falls back to `slate` for unknown values. `LayoutShell` renders a 3px fixed top bar in the current env's color (z-index 900, below DS modals).
+- `ui/src/components/ExecutionDiagram/` — interactive trace view (canvas)
+- `ui/src/components/ProcessDiagram/` — ELK-rendered route diagram
+- `ui/src/hooks/useScope.ts` — TabKey type, scope inference
+- `ui/src/components/StartupLogPanel.tsx` — deployment startup log viewer (container logs from ClickHouse, polls 3s while STARTING)
+- `ui/src/api/queries/logs.ts` — `useStartupLogs` hook for container startup log polling, `useLogs`/`useApplicationLogs` for bounded log search (single page), `useInfiniteApplicationLogs` for streaming log views (cursor-paginated, server-side source/level filters)
+- `ui/src/api/queries/agents.ts` — `useAgents` for agent list, `useInfiniteAgentEvents` for cursor-paginated timeline stream
+- `ui/src/hooks/useInfiniteStream.ts` — tanstack `useInfiniteQuery` wrapper with top-gated auto-refetch, flattened `items[]`, and `refresh()` invalidator
+- `ui/src/components/InfiniteScrollArea.tsx` — scrollable container with IntersectionObserver top/bottom sentinels. Streaming log/event views use this + `useInfiniteStream`. Bounded views (LogTab, StartupLogPanel) keep `useLogs`/`useStartupLogs`
+- `ui/src/components/SideDrawer.tsx` — project-local right-slide drawer (DS has Modal but no Drawer). Portal-rendered, ESC + transparent-backdrop click closes, sticky header/footer, sizes md/lg/xl. Currently consumed only by `CheckpointDetailDrawer` — promote to `@cameleer/design-system` once a second consumer appears.
+
+## Alerts
+
+- **Sidebar section** (`buildAlertsTreeNodes` in `ui/src/components/sidebar-utils.ts`) — Inbox, Rules, Silences.
+- **Routes** in `ui/src/router.tsx`: `/alerts` (redirect to inbox), `/alerts/inbox`, `/alerts/rules`, `/alerts/rules/new`, `/alerts/rules/:id`, `/alerts/silences`. No redirects for the retired `/alerts/all` and `/alerts/history` — stale URLs 404 per the clean-break policy.
+- **Pages** under `ui/src/pages/Alerts/`:
+  - `InboxPage.tsx` — single filterable inbox. Filters: severity (multi), state (PENDING/FIRING/RESOLVED, default FIRING), Hide acked toggle (default on), Hide read toggle (default on). Row actions: Acknowledge, Mark read, Silence rule… (duration quick menu), Delete (OPERATOR+, soft-delete with undo toast wired to `useRestoreAlert`). Bulk toolbar (selection-driven): Acknowledge N · Mark N read · Silence rules · Delete N (ConfirmDialog; OPERATOR+).
+  - `SilenceRuleMenu.tsx` — DS `Dropdown`-based duration picker (1h / 8h / 24h / Custom…). Used by the row-level and bulk silence actions. "Custom…" navigates to `/alerts/silences?ruleId=<id>`.
+  - `RulesListPage.tsx` — CRUD + enable/disable toggle + env-promotion dropdown (pure UI prefill, no new endpoint).
+  - `RuleEditor/RuleEditorWizard.tsx` — 5-step wizard (Scope / Condition / Trigger / Notify / Review). `form-state.ts` is the single source of truth (`initialForm` / `toRequest` / `validateStep`). Seven condition-form subcomponents under `RuleEditor/condition-forms/` — including `AgentLifecycleForm.tsx` (multi-select event-type chips for the six-entry `AgentLifecycleEventType` allowlist + lookback-window input).
+  - `SilencesPage.tsx` — matcher-based create + end-early. Reads `?ruleId=` search param to prefill the Rule ID field (driven by InboxPage's "Silence rule… → Custom…" flow).
+  - `AlertRow.tsx` shared list row; `alerts-page.module.css` shared styling.
+- **Components**:
+  - `NotificationBell.tsx` — polls `/alerts/unread-count` every 30 s (paused when tab hidden via TanStack Query `refetchIntervalInBackground: false`).
+  - `AlertStateChip.tsx`, `SeverityBadge.tsx` — shared state/severity indicators.
+  - `MustacheEditor/` — CodeMirror 6 editor with variable autocomplete + inline linter. Shared between rule title/message, webhook body/header overrides, and (future) Admin Outbound Connection editor (reduced-context mode for URL).
+  - `MustacheEditor/alert-variables.ts` — variable registry aligned with `NotificationContextBuilder.java`. Add new leaves here whenever the backend context grows.
+- **API queries** under `ui/src/api/queries/`: `alerts.ts`, `alertRules.ts`, `alertSilences.ts`, `alertNotifications.ts`, `alertMeta.ts`. All env-scoped via `useSelectedEnv` from `alertMeta`.
+- **CMD-K**: `buildAlertSearchData` in `LayoutShell.tsx` registers `alert` and `alertRule` result categories. Badges convey severity + state. Palette navigates directly to the deep-link path — no sidebar-reveal state for alerts.
+- **Sidebar accordion**: entering `/alerts/*` collapses Applications + Admin + Starred (mirrors Admin accordion).
+- **Top-nav**: `<NotificationBell />` is the first child of `<TopBar>`, sitting alongside `SearchTrigger` + status `ButtonGroup` + `TimeRangeDropdown` + `AutoRefreshToggle`.
+
+## UI Styling
+
+- Always use `@cameleer/design-system` CSS variables for colors (`var(--amber)`, `var(--error)`, `var(--success)`, etc.) — never hardcode hex values. This applies to CSS modules, inline styles, and SVG `fill`/`stroke` attributes. SVG presentation attributes resolve `var()` correctly. All colors use CSS variables (no hardcoded hex).
+- Shared CSS modules in `ui/src/styles/` (table-section, log-panel, rate-colors, refresh-indicator, chart-card, section-card) — import these instead of duplicating patterns.
+- Shared `PageLoader` component replaces copy-pasted spinner patterns.
+- Design system components used consistently: `Select`, `Tabs`, `Toggle`, `Button`, `LogViewer`, `Label` — prefer DS components over raw HTML elements. `LogViewer` renders optional source badges (`container`, `app`, `agent`) via `LogEntry.source` field (DS v0.1.49+).
+- Environment slugs are auto-computed from display name (read-only in UI).
+- Brand assets: `@cameleer/design-system/assets/` provides `camel-logo.svg` (currentColor), `cameleer-{16,32,48,192,512}.png`, and `cameleer-logo.png`. Copied to `ui/public/` for use as favicon (`favicon-16.png`, `favicon-32.png`) and logo (`camel-logo.svg` — login dialog 36px, sidebar 28x24px).
+- Sidebar generates `/exchanges/` paths directly (no legacy `/apps/` redirects). basePath is centralized in `ui/src/config.ts`; router.tsx imports it instead of re-reading `<base>` tag.
+- Global user preferences (environment selection) use Zustand stores with localStorage persistence — never URL search params. URL params are for page-specific state only (e.g. `?text=` search query). Switching environment resets all filters and remounts pages.
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -5,8 +5,20 @@ on:
    branches: [main, 'feature/**', 'fix/**', 'feat/**']
    tags-ignore:
      - 'v*'
+    paths-ignore:
+      - '.planning/**'
+      - 'docs/**'
+      - '**/*.md'
+      - '.claude/**'
+      - 'AGENTS.md'
+      - 'CLAUDE.md'
  pull_request:
    branches: [main]
+    paths-ignore:
+      - '.planning/**'
+      - 'docs/**'
+      - '**/*.md'
+      - '.claude/**'
  delete:

 jobs:
@@ -45,11 +57,25 @@ jobs:
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-maven-

+      - name: Cache npm registry
+        uses: actions/cache@v4
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-npm-${{ hashFiles('ui/package-lock.json') }}
+          restore-keys: ${{ runner.os }}-npm-
+
+      - name: Cache Vite build artifacts
+        uses: actions/cache@v4
+        with:
+          path: ui/node_modules/.vite
+          key: ${{ runner.os }}-vite-${{ hashFiles('ui/package-lock.json', 'ui/vite.config.ts') }}
+          restore-keys: ${{ runner.os }}-vite-
+
      - name: Build UI
        working-directory: ui
        run: |
          echo '//gitea.siegeln.net/api/packages/cameleer/npm/:_authToken=${REGISTRY_TOKEN}' >> .npmrc
-          npm ci
+          npm ci --prefer-offline --no-audit --fund=false
          npm run build
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
@@ -93,24 +119,24 @@ jobs:
      - name: Build and push server
        run: |
          docker buildx create --use --name cibuilder
-          TAGS="-t gitea.siegeln.net/cameleer/cameleer3-server:${{ github.sha }}"
+          TAGS="-t gitea.siegeln.net/cameleer/cameleer-server:${{ github.sha }}"
          for TAG in $IMAGE_TAGS; do
-            TAGS="$TAGS -t gitea.siegeln.net/cameleer/cameleer3-server:$TAG"
+            TAGS="$TAGS -t gitea.siegeln.net/cameleer/cameleer-server:$TAG"
          done
          docker buildx build --platform linux/amd64 \
            --build-arg REGISTRY_TOKEN="$REGISTRY_TOKEN" \
            $TAGS \
-            --cache-from type=registry,ref=gitea.siegeln.net/cameleer/cameleer3-server:buildcache \
-            --cache-to type=registry,ref=gitea.siegeln.net/cameleer/cameleer3-server:buildcache,mode=max \
+            --cache-from type=registry,ref=gitea.siegeln.net/cameleer/cameleer-server:buildcache \
+            --cache-to type=registry,ref=gitea.siegeln.net/cameleer/cameleer-server:buildcache,mode=max \
            --provenance=false \
            --push .
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
      - name: Build and push UI
        run: |
-          TAGS="-t gitea.siegeln.net/cameleer/cameleer3-server-ui:${{ github.sha }}"
+          TAGS="-t gitea.siegeln.net/cameleer/cameleer-server-ui:${{ github.sha }}"
          for TAG in $IMAGE_TAGS; do
-            TAGS="$TAGS -t gitea.siegeln.net/cameleer/cameleer3-server-ui:$TAG"
+            TAGS="$TAGS -t gitea.siegeln.net/cameleer/cameleer-server-ui:$TAG"
          done
          SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7)
          docker buildx build --platform linux/amd64 \
@@ -118,8 +144,8 @@ jobs:
            --build-arg REGISTRY_TOKEN="$REGISTRY_TOKEN" \
            --build-arg VITE_APP_VERSION="$SHORT_SHA" \
            $TAGS \
-            --cache-from type=registry,ref=gitea.siegeln.net/cameleer/cameleer3-server-ui:buildcache \
-            --cache-to type=registry,ref=gitea.siegeln.net/cameleer/cameleer3-server-ui:buildcache,mode=max \
+            --cache-from type=registry,ref=gitea.siegeln.net/cameleer/cameleer-server-ui:buildcache \
+            --cache-to type=registry,ref=gitea.siegeln.net/cameleer/cameleer-server-ui:buildcache,mode=max \
            --provenance=false \
            --push ui/
        env:
@@ -137,7 +163,7 @@ jobs:
          if [ "$BRANCH_SLUG" != "main" ]; then
            KEEP_TAGS="$KEEP_TAGS branch-$BRANCH_SLUG"
          fi
-          for PKG in cameleer3-server cameleer3-server-ui; do
+          for PKG in cameleer-server cameleer-server-ui; do
            curl -sf -H "$AUTH" "$API/packages/cameleer/container/$PKG" | \
              jq -r '.[] | "\(.id) \(.version)"' | \
              while read id version; do
@@ -192,20 +218,20 @@ jobs:

          kubectl create secret generic cameleer-auth \
            --namespace=cameleer \
-            --from-literal=CAMELEER_AUTH_TOKEN="$CAMELEER_AUTH_TOKEN" \
-            --from-literal=CAMELEER_UI_USER="${CAMELEER_UI_USER:-admin}" \
-            --from-literal=CAMELEER_UI_PASSWORD="${CAMELEER_UI_PASSWORD:-admin}" \
-            --from-literal=CAMELEER_JWT_SECRET="${CAMELEER_JWT_SECRET}" \
+            --from-literal=CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN="$CAMELEER_AUTH_TOKEN" \
+            --from-literal=CAMELEER_SERVER_SECURITY_UIUSER="${CAMELEER_UI_USER:-admin}" \
+            --from-literal=CAMELEER_SERVER_SECURITY_UIPASSWORD="${CAMELEER_UI_PASSWORD:-admin}" \
+            --from-literal=CAMELEER_SERVER_SECURITY_JWTSECRET="${CAMELEER_JWT_SECRET}" \
            --dry-run=client -o yaml | kubectl apply -f -

-          kubectl create secret generic postgres-credentials \
+          kubectl create secret generic cameleer-postgres-credentials \
            --namespace=cameleer \
            --from-literal=POSTGRES_USER="$POSTGRES_USER" \
            --from-literal=POSTGRES_PASSWORD="$POSTGRES_PASSWORD" \
            --from-literal=POSTGRES_DB="${POSTGRES_DB:-cameleer}" \
            --dry-run=client -o yaml | kubectl apply -f -

-          kubectl create secret generic logto-credentials \
+          kubectl create secret generic cameleer-logto-credentials \
            --namespace=cameleer \
            --from-literal=PG_USER="${LOGTO_PG_USER:-logto}" \
            --from-literal=PG_PASSWORD="${LOGTO_PG_PASSWORD}" \
@@ -213,29 +239,29 @@ jobs:
            --from-literal=ADMIN_ENDPOINT="${LOGTO_ADMIN_ENDPOINT}" \
            --dry-run=client -o yaml | kubectl apply -f -

-          kubectl create secret generic clickhouse-credentials \
+          kubectl create secret generic cameleer-clickhouse-credentials \
            --namespace=cameleer \
            --from-literal=CLICKHOUSE_USER="${CLICKHOUSE_USER:-default}" \
            --from-literal=CLICKHOUSE_PASSWORD="$CLICKHOUSE_PASSWORD" \
            --dry-run=client -o yaml | kubectl apply -f -

-          kubectl apply -f deploy/postgres.yaml
-          kubectl -n cameleer rollout status statefulset/postgres --timeout=120s
+          kubectl apply -f deploy/cameleer-postgres.yaml
+          kubectl -n cameleer rollout status statefulset/cameleer-postgres --timeout=120s

-          kubectl apply -f deploy/clickhouse.yaml
-          kubectl -n cameleer rollout status statefulset/clickhouse --timeout=180s
+          kubectl apply -f deploy/cameleer-clickhouse.yaml
+          kubectl -n cameleer rollout status statefulset/cameleer-clickhouse --timeout=180s

-          kubectl apply -f deploy/logto.yaml
-          kubectl -n cameleer rollout status deployment/logto --timeout=180s
+          kubectl apply -f deploy/cameleer-logto.yaml
+          kubectl -n cameleer rollout status deployment/cameleer-logto --timeout=180s

          kubectl apply -k deploy/overlays/main
-          kubectl -n cameleer set image deployment/cameleer3-server \
-            server=gitea.siegeln.net/cameleer/cameleer3-server:${{ github.sha }}
-          kubectl -n cameleer rollout status deployment/cameleer3-server --timeout=120s
+          kubectl -n cameleer set image deployment/cameleer-server \
+            server=gitea.siegeln.net/cameleer/cameleer-server:${{ github.sha }}
+          kubectl -n cameleer rollout status deployment/cameleer-server --timeout=120s

-          kubectl -n cameleer set image deployment/cameleer3-ui \
-            ui=gitea.siegeln.net/cameleer/cameleer3-server-ui:${{ github.sha }}
-          kubectl -n cameleer rollout status deployment/cameleer3-ui --timeout=120s
+          kubectl -n cameleer set image deployment/cameleer-ui \
+            ui=gitea.siegeln.net/cameleer/cameleer-server-ui:${{ github.sha }}
+          kubectl -n cameleer rollout status deployment/cameleer-ui --timeout=120s
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
          CAMELEER_AUTH_TOKEN: ${{ secrets.CAMELEER_AUTH_TOKEN }}
@@ -283,7 +309,7 @@ jobs:
        run: kubectl create namespace "$BRANCH_NS" --dry-run=client -o yaml | kubectl apply -f -
      - name: Copy secrets from cameleer namespace
        run: |
-          for SECRET in gitea-registry postgres-credentials clickhouse-credentials cameleer-auth; do
+          for SECRET in gitea-registry cameleer-postgres-credentials cameleer-clickhouse-credentials cameleer-auth; do
            kubectl get secret "$SECRET" -n cameleer -o json \
              | jq 'del(.metadata.namespace, .metadata.resourceVersion, .metadata.uid, .metadata.creationTimestamp, .metadata.managedFields)' \
              | kubectl apply -n "$BRANCH_NS" -f -
@@ -309,9 +335,9 @@ jobs:
          kubectl -n "$BRANCH_NS" wait --for=condition=complete job/init-schema --timeout=60s || \
            echo "Warning: init-schema job did not complete in time"
      - name: Wait for server rollout
-        run: kubectl -n "$BRANCH_NS" rollout status deployment/cameleer3-server --timeout=120s
+        run: kubectl -n "$BRANCH_NS" rollout status deployment/cameleer-server --timeout=120s
      - name: Wait for UI rollout
-        run: kubectl -n "$BRANCH_NS" rollout status deployment/cameleer3-ui --timeout=60s
+        run: kubectl -n "$BRANCH_NS" rollout status deployment/cameleer-ui --timeout=60s
      - name: Print deployment URLs
        run: |
          echo "===================================="
@@ -358,8 +384,8 @@ jobs:
            --namespace=cameleer \
            --image=postgres:16 \
            --restart=Never \
-            --env="PGPASSWORD=$(kubectl get secret postgres-credentials -n cameleer -o jsonpath='{.data.POSTGRES_PASSWORD}' | base64 -d)" \
-            --command -- sh -c "psql -h postgres -U $(kubectl get secret postgres-credentials -n cameleer -o jsonpath='{.data.POSTGRES_USER}' | base64 -d) -d cameleer3 -c 'DROP SCHEMA IF EXISTS ${BRANCH_SCHEMA} CASCADE'"
+            --env="PGPASSWORD=$(kubectl get secret cameleer-postgres-credentials -n cameleer -o jsonpath='{.data.POSTGRES_PASSWORD}' | base64 -d)" \
+            --command -- sh -c "psql -h cameleer-postgres -U $(kubectl get secret cameleer-postgres-credentials -n cameleer -o jsonpath='{.data.POSTGRES_USER}' | base64 -d) -d cameleer -c 'DROP SCHEMA IF EXISTS ${BRANCH_SCHEMA} CASCADE'"
          kubectl wait --for=condition=Ready pod/cleanup-schema-${BRANCH_SLUG} -n cameleer --timeout=30s || true
          kubectl wait --for=jsonpath='{.status.phase}'=Succeeded pod/cleanup-schema-${BRANCH_SLUG} -n cameleer --timeout=60s || true
          kubectl delete pod cleanup-schema-${BRANCH_SLUG} -n cameleer --ignore-not-found
@@ -367,7 +393,7 @@ jobs:
        run: |
          API="https://gitea.siegeln.net/api/v1"
          AUTH="Authorization: token ${REGISTRY_TOKEN}"
-          for PKG in cameleer3-server cameleer3-server-ui; do
+          for PKG in cameleer-server cameleer-server-ui; do
            # Delete branch-specific tag
            curl -sf -X DELETE -H "$AUTH" "$API/packages/cameleer/container/$PKG/branch-${BRANCH_SLUG}" || true
          done
--- a/.gitea/workflows/sonarqube.yml
+++ b/.gitea/workflows/sonarqube.yml
@@ -59,5 +59,5 @@ jobs:
          mvn clean verify sonar:sonar -DskipITs -U --batch-mode \
            -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \
            -Dsonar.token=${{ secrets.SONAR_TOKEN }} \
-            -Dsonar.projectKey=cameleer3-server \
-            -Dsonar.projectName="Cameleer3 Server"
+            -Dsonar.projectKey=cameleer-server \
+            -Dsonar.projectName="Cameleer Server"
--- a/.gitignore
+++ b/.gitignore
@@ -38,6 +38,9 @@ Thumbs.db
 logs/

 # Claude
-.claude/
+.claude/*
+!.claude/rules/
+.superpowers/
+.playwright-mcp/
 .worktrees/
 .gitnexus
--- a/.planning/PROJECT.md
+++ b/.planning/PROJECT.md
@@ -1,8 +1,8 @@
-# Cameleer3 Server
+# Cameleer Server

 ## What This Is

-An observability server that receives, stores, and serves Apache Camel route execution data from distributed Cameleer3 agents. Think njams Server (by Integration Matters) — but built incrementally, API-first, with a modern stack. Users can search through millions of recorded transactions by state, time, duration, full text, and correlate executions across multiple Camel instances. The server also pushes configuration, tracing controls, and ad-hoc commands to agents via SSE.
+An observability server that receives, stores, and serves Apache Camel route execution data from distributed Cameleer agents. Think njams Server (by Integration Matters) — but built incrementally, API-first, with a modern stack. Users can search through millions of recorded transactions by state, time, duration, full text, and correlate executions across multiple Camel instances. The server also pushes configuration, tracing controls, and ad-hoc commands to agents via SSE.

 ## Core Value

@@ -16,7 +16,7 @@ Users can reliably search and find any transaction across all connected Camel in

 ### Active

- [ ] Receive and ingest transaction/activity data from Cameleer3 agents via HTTP POST
+- [ ] Receive and ingest transaction/activity data from Cameleer agents via HTTP POST
 - [ ] Store transactions in a high-volume, horizontally scalable data store with 30-day retention
 - [ ] Search transactions by state, execution date/time, duration, and full-text content
 - [ ] Correlate activities across multiple routes and Camel instances within a single transaction
@@ -38,8 +38,8 @@ Users can reliably search and find any transaction across all connected Camel in

 ## Context

- **Agent side**: cameleer3 agent (`https://gitea.siegeln.net/cameleer/cameleer3`) is under active development; already supports creating diagrams and capturing executions
- **Shared library**: `com.cameleer3:cameleer3-common` contains shared models and the graph API; protocol defined in `cameleer3-common/PROTOCOL.md`
+- **Agent side**: cameleer agent (`https://gitea.siegeln.net/cameleer/cameleer`) is under active development; already supports creating diagrams and capturing executions
+- **Shared library**: `com.cameleer:cameleer-common` contains shared models and the graph API; protocol defined in `cameleer-common/PROTOCOL.md`
 - **Data model**: Hierarchical — a **transaction** represents a message's full journey, containing **activities** per route execution. Transactions can span multiple Camel instances (e.g., route A calls route B on another instance via endpoint)
 - **Scale target**: Millions of transactions per day, 50+ connected agents, 30-day data retention
 - **Query pattern**: Incident-driven — mostly recent data queries, with deep historical dives during incidents
@@ -49,7 +49,7 @@ Users can reliably search and find any transaction across all connected Camel in
 ## Constraints

 - **Tech stack**: Java 17+, Spring Boot 3.4.3, Maven multi-module — already established
- **Dependency**: Must consume `com.cameleer3:cameleer3-common` from Gitea Maven registry
+- **Dependency**: Must consume `com.cameleer:cameleer-common` from Gitea Maven registry
 - **Protocol**: Agent protocol is still evolving — server must adapt as it stabilizes
 - **Incremental delivery**: Build step by step; storage and search first, then layer features on top

--- a/.planning/REQUIREMENTS.md
+++ b/.planning/REQUIREMENTS.md
@@ -1,4 +1,4 @@
-# Requirements: Cameleer3 Server
+# Requirements: Cameleer Server

 **Defined:** 2026-03-11
 **Core Value:** Users can reliably search and find any transaction across all connected Camel instances — by any combination of state, time, duration, or content — even at millions of transactions per day with 30-day retention.
--- a/.planning/ROADMAP.md
+++ b/.planning/ROADMAP.md
@@ -1,4 +1,4 @@
-# Roadmap: Cameleer3 Server
+# Roadmap: Cameleer Server

 ## Overview

--- a/.planning/STATE.md
+++ b/.planning/STATE.md
@@ -75,7 +75,7 @@ Recent decisions affecting current work:
 - [Roadmap]: Phases 2 and 3 can execute in parallel (both depend only on Phase 1)
 - [Roadmap]: Web UI deferred to v2
 - [Phase 01]: Used spring-boot-starter-jdbc for JdbcTemplate + HikariCP auto-config
- [Phase 01]: Created MetricsSnapshot record in core module (cameleer3-common has no metrics model)
+- [Phase 01]: Created MetricsSnapshot record in core module (cameleer-common has no metrics model)
 - [Phase 01]: Upgraded testcontainers to 2.0.3 for Docker Desktop 29.x compatibility
 - [Phase 01]: Changed error_message/error_stacktrace to non-nullable String for tokenbf_v1 index compat
 - [Phase 01]: TTL expressions require toDateTime() cast for DateTime64 columns in ClickHouse 25.3
@@ -121,7 +121,7 @@ None yet.
 ### Blockers/Concerns

 - [Phase 1]: ClickHouse Java client API needs phase-specific research (library has undergone changes)
- [Phase 1]: Must read cameleer3-common PROTOCOL.md before designing ClickHouse schema
+- [Phase 1]: Must read cameleer-common PROTOCOL.md before designing ClickHouse schema
 - [Phase 2]: Diagram rendering library selection is an open question (Batik, jsvg, JGraphX, or client-side)
 - [Phase 2]: ClickHouse skip indexes may not suffice for full-text; decision point during Phase 2

--- a/.planning/it-triage-report.md
+++ b/.planning/it-triage-report.md
@@ -0,0 +1,120 @@
+# IT Triage Report — 2026-04-21
+
+Branch: `main`, starting HEAD `90460705` (chore: refresh GitNexus index stats).
+
+## Summary
+
+- **Starting state**: 65 IT failures (46 F + 19 E) out of 555 tests on a clean build. Side-note: `target/classes` incremental-build staleness from the `90083f88` V1..V18 → V1 schema collapse makes the number look worse (every context load dies on `Flyway V2__claim_mapping.sql failed`). A fresh `mvn clean verify` gives the real 65.
+- **Final state**: **12 failures across 3 test classes** (`AgentSseControllerIT`, `SseSigningIT`, `ClickHouseStatsStoreIT`). **53 failures closed across 14 test classes.**
+- **11 commits landed on local `main`** (not pushed).
+- No new env vars, endpoints, tables, or columns added. `V1__init.sql` untouched. No tests rewritten to pass-by-weakening — every assertion change is accompanied by a comment explaining the contract it now captures.
+
+## Commits (in order)
+
+| SHA | Test classes | What changed |
+|---|---|---|
+| `7436a37b` | AgentRegistrationControllerIT | environmentId, flat→env URL, heartbeat auto-heal, absolute sseEndpoint |
+| `97a6b2e0` | AgentCommandControllerIT | environmentId, CommandGroupResponse new shape (200 w/ aggregate replies) |
+| `e955302f` | BootstrapTokenIT / JwtRefreshIT / RegistrationSecurityIT / SseSigningIT / AgentSseControllerIT | environmentId in register bodies; AGENT-role smoke target; drop flaky iat-coupled assertion |
+| `10e2b699` | SecurityFilterIT | env-scoped agent list URL |
+| `9bda4d8f` | FlywayMigrationIT, ConfigEnvIsolationIT | decouple from shared Testcontainers Postgres state |
+| `36571013` | (docs) | first version of this report |
+| `dfacedb0` | DetailControllerIT | **Cluster B template**: ExecutionChunk envelope + REST-driven lookup |
+| `87bada1f` | ExecutionControllerIT, MetricsControllerIT | Chunk payloads + REST flush-visibility probes |
+| `a6e7458a` | DiagramControllerIT, DiagramRenderControllerIT | Env-scoped render + execution-detail-derived content hash for flat SVG path |
+| `56844799` | SearchControllerIT | 10 seed payloads → ExecutionChunk; fix AGENT→VIEWER token on search GET |
+| `d5adaaab` | DiagramLinkingIT, IngestionSchemaIT | REST for diagramContentHash + processor-tree/snapshot assertions |
+| `8283d531` | ClickHouseChunkPipelineIT, ClickHouseExecutionReadIT | Replace removed `/clickhouse/V2_.sql` with consolidated init.sql; correct `iteration` vs `loopIndex` on seq-based tree path |
+| `95f90f43` | ForwardCompatIT, ProtocolVersionIT, BackpressureIT | Chunk payload; fix wrong property-key prefix in BackpressureIT (+ MetricsFlushScheduler's separate `ingestion.flush-interval-ms` key) |
+| `b55221e9` | SensitiveKeysAdminControllerIT | assert pushResult shape, not exact 0 (shared registry across ITs) |
+
+## The single biggest insight
+
+**`ExecutionController` (legacy PG path) is dead code.** It's `@ConditionalOnMissingBean(ChunkAccumulator.class)` and `ChunkAccumulator` is registered **unconditionally** in `StorageBeanConfig.java:92`, so `ExecutionController` never binds. Even if it did, `IngestionService.upsert` → `ClickHouseExecutionStore.upsert` throws `UnsupportedOperationException("ClickHouse writes use the chunked pipeline")` — the only `ExecutionStore` impl in `src/main/java` is ClickHouse, the Postgres variant lives in a planning doc only.
+
+Practical consequences for every IT that was exercising `/api/v1/data/executions`:
+1. `ChunkIngestionController` owns the URL and expects an `ExecutionChunk` envelope (`exchangeId`, `applicationId`, `instanceId`, `routeId`, `status`, `startTime`, `endTime`, `durationMs`, `chunkSeq`, `final`, `processors: FlatProcessorRecord[]`) — the legacy `RouteExecution` shape was being silently degraded to an empty/degenerate chunk.
+2. The test payload changes are accompanied by assertion changes that now go through REST endpoints instead of raw SQL against the (ClickHouse-resident) `executions` / `processor_executions` / `route_diagrams` / `agent_metrics` tables.
+3. **Recommendation for cleanup**: remove `ExecutionController` + the `upsert` path in `IngestionService` + the stubbed `ClickHouseExecutionStore.upsert` throwers. Separate PR. Happy to file.
+
+## Cluster breakdown
+
+**Cluster A — missing `environmentId` in register bodies (DONE)**
+Root cause: `POST /api/v1/agents/register` now 400s without `environmentId`. Test payloads minted before this requirement. Fixed across all agent-registering ITs plus side-cleanups (flaky iat-coupled assertion in JwtRefreshIT, wrong RBAC target in can-access tests, absolute vs relative sseEndpoint).
+
+**Cluster B — ingestion payload drift (DONE per user direction)**
+All controller + storage ITs that posted `RouteExecution` JSON now post `ExecutionChunk` envelopes. All CH-side assertions now go through REST endpoints (`/api/v1/environments/{env}/executions` search + `/api/v1/executions/{id}` detail + `/agents/{id}/metrics` + `/apps/{app}/routes/{route}/diagram`). DiagramRenderControllerIT's SVG tests still need a content hash → reads it off the execution-detail REST response rather than querying `route_diagrams`.
+
+**Cluster C — flat URL drift (DONE)**
+`/api/v1/agents` → `/api/v1/environments/{envSlug}/agents`. Two test classes touched.
+
+**Cluster D — heartbeat auto-heal contract (DONE)**
+`heartbeatUnknownAgent_returns404` renamed and asserts the 200 auto-heal path that `fb54f9cb` made the contract.
+
+**Cluster E — individual drifts (DONE except three parked)**
+
+| Test class | Status |
+|---|---|
+| FlywayMigrationIT | DONE (decouple from shared PG state) |
+| ConfigEnvIsolationIT.findByEnvironment_excludesOtherEnvs | DONE (unique slug prefix) |
+| ForwardCompatIT | DONE (chunk payload) |
+| ProtocolVersionIT | DONE (chunk payload) |
+| BackpressureIT | DONE (property-key prefix fix — see note below) |
+| SensitiveKeysAdminControllerIT | DONE (assert shape not count) |
+| ClickHouseChunkPipelineIT | DONE (consolidated init.sql) |
+| ClickHouseExecutionReadIT | DONE (iteration vs loopIndex mapping) |
+
+## PARKED — what you'll want to look at next
+
+### 1. ClickHouseStatsStoreIT (8 failures) — timezone bug in production code
+
+`ClickHouseStatsStore.buildStatsSql` uses `lit(Instant)` which formats as `'yyyy-MM-dd HH:mm:ss'` in UTC but with no timezone marker. ClickHouse parses that literal in the session timezone when comparing against the `DateTime`-typed `bucket` column in `stats_1m_*`. On a non-UTC CH host (e.g. CEST docker on a CEST laptop), the filter endpoint is off by the tz offset in hours and misses every row the MV bucketed.
+
+I confirmed this by instrumenting the test: `toDateTime(bucket)` returned `12:00:00` for a row inserted with `start_time=10:00:00Z` (i.e. the stored UTC Unix timestamp but displayed in CEST), and the filter literal `'2026-03-31 10:05:00'` was being parsed as CEST → UTC 08:05 → excluded all rows.
+
+**I didn't fix this** because the repair is in `src/main/java`, not the test. Two reasonable options:
+- **Test-side**: pin the container TZ via `.withEnv("TZ", "UTC")` + include `use_time_zone=UTC` in the JDBC URL. I tried both; neither was sufficient on their own — the CH server reads `timezone` from its own config, not `$TZ`. Getting all three layers (container env, CH server config, JDBC driver) aligned needs dedicated effort.
+- **Production-side (preferred)**: change `lit(Instant)` to `toDateTime('...', 'UTC')` or use the 3-arg `DateTime(3, 'UTC')` column type for `bucket`. That's a store change; would be caught by a matching unit test.
+
+I did add the explicit `'default'` env to the seed `INSERT`s per your directive, but reverted it locally because the timezone bug swallowed the fix. The raw unchanged test is what's committed.
+
+### 2. AgentSseControllerIT (3 failures) & SseSigningIT (1 failure) — SSE connection timing
+
+All failing assertions are `awaitConnection(5000)` timeouts or `ConditionTimeoutException` on SSE stream observation. Not related to any spec drift I could identify — the SSE server is up (other tests in the same classes connect fine), and auth/JWT is accepted. Looks like a real race on either the SseConnectionManager registration or on the HTTP client's first-read flush. Needs a dedicated debug session with a minimal reproducer; not something I wanted to hack around with sleeps.
+
+Specific tests:
+- `AgentSseControllerIT.sseConnect_unknownAgent_returns404` — 5s `CompletableFuture.get` timeout on an HTTP GET that should return 404 synchronously. Suggests the client is waiting on body data that never arrives (SSE stream opens even on 404?).
+- `AgentSseControllerIT.lastEventIdHeader_connectionSucceeds` — `stream.awaitConnection(5000)` false.
+- `AgentSseControllerIT.pingKeepalive_receivedViaSseStream` — waits for an event line in the stream snapshot, never sees it.
+- `SseSigningIT.deepTraceEvent_containsValidSignature` — same pattern.
+
+The sibling tests (`SseSigningIT.configUpdateEvent_containsValidEd25519Signature`) pass in isolation, which strongly suggests order-dependent flakiness rather than a protocol break.
+
+## Final verify command
+
+```bash
+mvn -pl cameleer-server-app -am -Dit.test='!SchemaBootstrapIT' -Dtest='!*' -DfailIfNoTests=false -Dsurefire.failIfNoSpecifiedTests=false verify
+```
+
+Reports land in `cameleer-server-app/target/failsafe-reports/`. Expect **12 failures** in the three classes above. Everything else is green.
+
+## Side notes worth flagging
+
+- **Property-key inconsistency in the main code** — surfaced via BackpressureIT. `IngestionConfig` is bound under `cameleer.server.ingestion.*`, but `MetricsFlushScheduler.@Scheduled` reads `ingestion.flush-interval-ms` (no prefix, hyphenated). In production this means the flush-interval in `application.yml` isn't actually being honoured by the metrics flush — it stays at the 1s fallback. Separate cleanup.
+- **Shared Testcontainers PG across IT classes** — several of the "cross-test state" fixes (FlywayMigrationIT, ConfigEnvIsolationIT, SensitiveKeysAdminControllerIT) are symptoms of one underlying issue: `AbstractPostgresIT` uses a singleton PG container, and nothing cleans between test classes. Could do with a global `@Sql("/test-reset.sql")` on `@BeforeAll`, but out of scope here.
+- **Agent registry shared across ITs** — same class of issue. Doesn't bite until a test explicitly inspects registry membership (SensitiveKeys `pushResult.total`).
+
+## Follow-up (2026-04-22) — 12 parked failures closed
+
+All three parked clusters now green. 560/560 tests passing.
+
+- **ClickHouseStatsStoreIT (8 failures)** — fixed in `a9a6b465`. Two-layer TZ fix: JVM default TZ pinned to UTC in `CameleerServerApplication.main()` (the ClickHouse JDBC 0.9.7 driver formats `java.sql.Timestamp` via `Timestamp.toString()`, which uses JVM default TZ — a CEST JVM shipping to a UTC CH server stored off-by-offset Unix timestamps), plus column-level `bucket DateTime('UTC')` on all `stats_1m_*` tables with explicit `toDateTime(..., 'UTC')` casts in MV projections and `ClickHouseStatsStore.lit(Instant)` as defence in depth.
+- **MetricsFlushScheduler property-key drift** — fixed in `a6944911`. Scheduler now reads `${cameleer.server.ingestion.flush-interval-ms:1000}` (the SpEL-via-`@ingestionConfig` approach doesn't work because `@EnableConfigurationProperties` uses a compound bean name). BackpressureIT workaround property removed.
+- **SSE flakiness (4 failures, `AgentSseControllerIT` + `SseSigningIT`)** — fixed in `41df042e`. Triage's "order-dependent flakiness" theory was wrong — all four reproduced in isolation. Three root causes: (a) `AgentSseController.events` auto-heal was over-permissive (spoofing vector), fixed with JWT-subject-equals-path-id check; (b) `SseConnectionManager.pingAll` read an unprefixed property key (`agent-registry.ping-interval-ms`), same family of bug as (a6944911); (c) SSE response headers didn't flush until the first `emitter.send()`, so `awaitConnection(5s)` assertions timed out under the 15s ping cadence — fixed by sending an initial `: connected` comment on `connect()`. Full diagnosis in `.planning/sse-flakiness-diagnosis.md`.
+
+Plus the two prod-code cleanups from the ExecutionController-removal follow-ons:
+
+- **Dead `SearchIndexer` subsystem** — removed in `98cbf8f3`. `ExecutionUpdatedEvent` had no publisher after `0f635576`, so the whole indexer + stats + `/admin/clickhouse/pipeline` endpoint + UI pipeline card carried zero signal.
+- **Unused `TaggedExecution` record** — removed in `06c6f53b`.
+
+Final verify: `mvn -pl cameleer-server-app -am -Dit.test='!SchemaBootstrapIT' ... verify` → **Tests run: 560, Failures: 0, Errors: 0, Skipped: 0**.
--- a/.planning/phases/01-ingestion-pipeline-api-foundation/01-01-PLAN.md
+++ b/.planning/phases/01-ingestion-pipeline-api-foundation/01-01-PLAN.md
@@ -6,18 +6,18 @@ wave: 1
 depends_on: []
 files_modified:
  - pom.xml
-  - cameleer3-server-core/pom.xml
-  - cameleer3-server-app/pom.xml
+  - cameleer-server-core/pom.xml
+  - cameleer-server-app/pom.xml
  - docker-compose.yml
  - clickhouse/init/01-schema.sql
-  - cameleer3-server-app/src/main/resources/application.yml
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/ClickHouseConfig.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/IngestionConfig.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/ingestion/WriteBuffer.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/ExecutionRepository.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/DiagramRepository.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/MetricsRepository.java
-  - cameleer3-server-core/src/test/java/com/cameleer3/server/core/ingestion/WriteBufferTest.java
+  - cameleer-server-app/src/main/resources/application.yml
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/config/ClickHouseConfig.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/config/IngestionConfig.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/ingestion/WriteBuffer.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/storage/ExecutionRepository.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/storage/DiagramRepository.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/storage/MetricsRepository.java
+  - cameleer-server-core/src/test/java/com/cameleer/server/core/ingestion/WriteBufferTest.java
 autonomous: true
 requirements:
  - INGST-04
@@ -32,7 +32,7 @@ must_haves:
    - "TTL clause on tables removes data older than configured days"
    - "Docker Compose starts ClickHouse and initializes the schema"
  artifacts:
-    - path: "cameleer3-server-core/src/main/java/com/cameleer3/server/core/ingestion/WriteBuffer.java"
+    - path: "cameleer-server-core/src/main/java/com/cameleer/server/core/ingestion/WriteBuffer.java"
      provides: "Generic bounded write buffer with offer/drain/isFull"
      min_lines: 30
    - path: "clickhouse/init/01-schema.sql"
@@ -41,15 +41,15 @@ must_haves:
    - path: "docker-compose.yml"
      provides: "Local ClickHouse service"
      contains: "clickhouse-server"
-    - path: "cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/ExecutionRepository.java"
+    - path: "cameleer-server-core/src/main/java/com/cameleer/server/core/storage/ExecutionRepository.java"
      provides: "Repository interface for execution batch inserts"
      exports: ["insertBatch"]
  key_links:
-    - from: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/ClickHouseConfig.java"
+    - from: "cameleer-server-app/src/main/java/com/cameleer/server/app/config/ClickHouseConfig.java"
      to: "application.yml"
      via: "spring.datasource properties"
      pattern: "spring\\.datasource"
-    - from: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/IngestionConfig.java"
+    - from: "cameleer-server-app/src/main/java/com/cameleer/server/app/config/IngestionConfig.java"
      to: "application.yml"
      via: "ingestion.* properties"
      pattern: "ingestion\\."
@@ -74,8 +74,8 @@ Output: Working ClickHouse via Docker Compose, DDL with TTL, WriteBuffer with un
@.planning/phases/01-ingestion-pipeline-api-foundation/01-RESEARCH.md

@pom.xml
-@cameleer3-server-core/pom.xml
-@cameleer3-server-app/pom.xml
+@cameleer-server-core/pom.xml
+@cameleer-server-app/pom.xml
 </context>

 <tasks>
@@ -84,11 +84,11 @@ Output: Working ClickHouse via Docker Compose, DDL with TTL, WriteBuffer with un
  <name>Task 1: Dependencies, Docker Compose, ClickHouse schema, and application config</name>
  <files>
    pom.xml,
-    cameleer3-server-core/pom.xml,
-    cameleer3-server-app/pom.xml,
+    cameleer-server-core/pom.xml,
+    cameleer-server-app/pom.xml,
    docker-compose.yml,
    clickhouse/init/01-schema.sql,
-    cameleer3-server-app/src/main/resources/application.yml
+    cameleer-server-app/src/main/resources/application.yml
  </files>
  <behavior>
    - docker compose up -d starts ClickHouse on ports 8123/9000
@@ -101,7 +101,7 @@ Output: Working ClickHouse via Docker Compose, DDL with TTL, WriteBuffer with un
    - Maven compile succeeds with new dependencies
  </behavior>
  <action>
-    1. Add dependencies to cameleer3-server-app/pom.xml per research:
+    1. Add dependencies to cameleer-server-app/pom.xml per research:
       - clickhouse-jdbc 0.9.7 (classifier: all)
       - spring-boot-starter-actuator
       - springdoc-openapi-starter-webmvc-ui 2.8.6
@@ -109,13 +109,13 @@ Output: Working ClickHouse via Docker Compose, DDL with TTL, WriteBuffer with un
       - junit-jupiter from testcontainers 2.0.2 (test scope)
       - awaitility (test scope)

-    2. Add slf4j-api dependency to cameleer3-server-core/pom.xml.
+    2. Add slf4j-api dependency to cameleer-server-core/pom.xml.

    3. Create docker-compose.yml at project root with ClickHouse service:
       - Image: clickhouse/clickhouse-server:25.3
       - Ports: 8123:8123, 9000:9000
       - Volume mount ./clickhouse/init to /docker-entrypoint-initdb.d
-       - Environment: CLICKHOUSE_USER=cameleer, CLICKHOUSE_PASSWORD=cameleer_dev, CLICKHOUSE_DB=cameleer3
+       - Environment: CLICKHOUSE_USER=cameleer, CLICKHOUSE_PASSWORD=cameleer_dev, CLICKHOUSE_DB=cameleer
       - ulimits nofile 262144

    4. Create clickhouse/init/01-schema.sql with the three tables from research:
@@ -124,9 +124,9 @@ Output: Working ClickHouse via Docker Compose, DDL with TTL, WriteBuffer with un
       - agent_metrics: MergeTree, daily partitioning on collected_at, ORDER BY (agent_id, metric_name, collected_at), TTL collected_at + INTERVAL 30 DAY, SETTINGS ttl_only_drop_parts=1.
       - All DateTime fields use DateTime64(3, 'UTC').

-    5. Create cameleer3-server-app/src/main/resources/application.yml with config from research:
+    5. Create cameleer-server-app/src/main/resources/application.yml with config from research:
       - server.port: 8081
-       - spring.datasource: url=jdbc:ch://localhost:8123/cameleer3, username/password, driver-class-name
+       - spring.datasource: url=jdbc:ch://localhost:8123/cameleer, username/password, driver-class-name
       - spring.jackson: write-dates-as-timestamps=false, fail-on-unknown-properties=false
       - ingestion: buffer-capacity=50000, batch-size=5000, flush-interval-ms=1000
       - clickhouse.ttl-days: 30
@@ -144,13 +144,13 @@ Output: Working ClickHouse via Docker Compose, DDL with TTL, WriteBuffer with un
 <task type="auto" tdd="true">
  <name>Task 2: WriteBuffer, repository interfaces, IngestionConfig, and ClickHouseConfig</name>
  <files>
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/ingestion/WriteBuffer.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/ExecutionRepository.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/DiagramRepository.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/MetricsRepository.java,
-    cameleer3-server-core/src/test/java/com/cameleer3/server/core/ingestion/WriteBufferTest.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/ClickHouseConfig.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/IngestionConfig.java
+    cameleer-server-core/src/main/java/com/cameleer/server/core/ingestion/WriteBuffer.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/storage/ExecutionRepository.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/storage/DiagramRepository.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/storage/MetricsRepository.java,
+    cameleer-server-core/src/test/java/com/cameleer/server/core/ingestion/WriteBufferTest.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/config/ClickHouseConfig.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/config/IngestionConfig.java
  </files>
  <behavior>
    - WriteBuffer(capacity=10): offer() returns true for first 10 items, false on 11th
@@ -181,7 +181,7 @@ Output: Working ClickHouse via Docker Compose, DDL with TTL, WriteBuffer with un
    3. Create repository interfaces in core module:
       - ExecutionRepository: void insertBatch(List<RouteExecution> executions)
       - DiagramRepository: void store(RouteGraph graph), Optional<RouteGraph> findByContentHash(String hash), Optional<String> findContentHashForRoute(String routeId, String agentId)
-       - MetricsRepository: void insertBatch(List<MetricsSnapshot> metrics) -- use a generic type or the cameleer3-common metrics model if available; if not, create a simple MetricsData record in core module
+       - MetricsRepository: void insertBatch(List<MetricsSnapshot> metrics) -- use a generic type or the cameleer-common metrics model if available; if not, create a simple MetricsData record in core module

    4. Create IngestionConfig as @ConfigurationProperties("ingestion"):
       - bufferCapacity (int, default 50000)
@@ -193,7 +193,7 @@ Output: Working ClickHouse via Docker Compose, DDL with TTL, WriteBuffer with un
       - No custom bean needed if relying on auto-config; only create if explicit JdbcTemplate customization required
  </action>
  <verify>
-    <automated>mvn test -pl cameleer3-server-core -Dtest=WriteBufferTest -q 2>&1 | tail -10</automated>
+    <automated>mvn test -pl cameleer-server-core -Dtest=WriteBufferTest -q 2>&1 | tail -10</automated>
  </verify>
  <done>WriteBuffer passes all unit tests. Repository interfaces exist with correct method signatures. IngestionConfig reads from application.yml.</done>
 </task>
@@ -201,7 +201,7 @@ Output: Working ClickHouse via Docker Compose, DDL with TTL, WriteBuffer with un
 </tasks>

 <verification>
- `mvn test -pl cameleer3-server-core -q` -- all WriteBuffer unit tests pass
+- `mvn test -pl cameleer-server-core -q` -- all WriteBuffer unit tests pass
 - `mvn clean compile -q` -- full project compiles with new dependencies
 - `docker compose config` -- validates Docker Compose file
 - clickhouse/init/01-schema.sql contains CREATE TABLE for all three tables with correct ENGINE, ORDER BY, PARTITION BY, and TTL
--- a/.planning/phases/01-ingestion-pipeline-api-foundation/01-01-SUMMARY.md
+++ b/.planning/phases/01-ingestion-pipeline-api-foundation/01-01-SUMMARY.md
@@ -26,22 +26,22 @@ key-files:
  created:
    - docker-compose.yml
    - clickhouse/init/01-schema.sql
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/ingestion/WriteBuffer.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/ExecutionRepository.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/DiagramRepository.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/MetricsRepository.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/model/MetricsSnapshot.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/IngestionConfig.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/ClickHouseConfig.java
-    - cameleer3-server-core/src/test/java/com/cameleer3/server/core/ingestion/WriteBufferTest.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/ingestion/WriteBuffer.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/storage/ExecutionRepository.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/storage/DiagramRepository.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/storage/MetricsRepository.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/storage/model/MetricsSnapshot.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/config/IngestionConfig.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/config/ClickHouseConfig.java
+    - cameleer-server-core/src/test/java/com/cameleer/server/core/ingestion/WriteBufferTest.java
  modified:
-    - cameleer3-server-core/pom.xml
-    - cameleer3-server-app/pom.xml
-    - cameleer3-server-app/src/main/resources/application.yml
+    - cameleer-server-core/pom.xml
+    - cameleer-server-app/pom.xml
+    - cameleer-server-app/src/main/resources/application.yml

 key-decisions:
  - "Used spring-boot-starter-jdbc for JdbcTemplate + HikariCP auto-config rather than manual DataSource"
-  - "Created MetricsSnapshot record in core module since cameleer3-common has no metrics model"
+  - "Created MetricsSnapshot record in core module since cameleer-common has no metrics model"
  - "ClickHouseConfig exposes JdbcTemplate bean; relies on Spring Boot DataSource auto-config"

 patterns-established:
@@ -84,21 +84,21 @@ Each task was committed atomically:
 ## Files Created/Modified
 - `docker-compose.yml` - ClickHouse service with ports 8123/9000, init volume mount
 - `clickhouse/init/01-schema.sql` - DDL for route_executions, route_diagrams, agent_metrics
- `cameleer3-server-core/src/main/java/.../ingestion/WriteBuffer.java` - Bounded queue with offer/offerBatch/drain
- `cameleer3-server-core/src/main/java/.../storage/ExecutionRepository.java` - Batch insert interface for RouteExecution
- `cameleer3-server-core/src/main/java/.../storage/DiagramRepository.java` - Store/find interface for RouteGraph
- `cameleer3-server-core/src/main/java/.../storage/MetricsRepository.java` - Batch insert interface for MetricsSnapshot
- `cameleer3-server-core/src/main/java/.../storage/model/MetricsSnapshot.java` - Metrics data record
- `cameleer3-server-app/src/main/java/.../config/IngestionConfig.java` - Buffer capacity, batch size, flush interval
- `cameleer3-server-app/src/main/java/.../config/ClickHouseConfig.java` - JdbcTemplate bean
- `cameleer3-server-core/src/test/java/.../ingestion/WriteBufferTest.java` - 10 unit tests for WriteBuffer
- `cameleer3-server-core/pom.xml` - Added slf4j-api
- `cameleer3-server-app/pom.xml` - Added clickhouse-jdbc, springdoc, actuator, testcontainers, awaitility
- `cameleer3-server-app/src/main/resources/application.yml` - Full config with datasource, ingestion, springdoc, actuator
+- `cameleer-server-core/src/main/java/.../ingestion/WriteBuffer.java` - Bounded queue with offer/offerBatch/drain
+- `cameleer-server-core/src/main/java/.../storage/ExecutionRepository.java` - Batch insert interface for RouteExecution
+- `cameleer-server-core/src/main/java/.../storage/DiagramRepository.java` - Store/find interface for RouteGraph
+- `cameleer-server-core/src/main/java/.../storage/MetricsRepository.java` - Batch insert interface for MetricsSnapshot
+- `cameleer-server-core/src/main/java/.../storage/model/MetricsSnapshot.java` - Metrics data record
+- `cameleer-server-app/src/main/java/.../config/IngestionConfig.java` - Buffer capacity, batch size, flush interval
+- `cameleer-server-app/src/main/java/.../config/ClickHouseConfig.java` - JdbcTemplate bean
+- `cameleer-server-core/src/test/java/.../ingestion/WriteBufferTest.java` - 10 unit tests for WriteBuffer
+- `cameleer-server-core/pom.xml` - Added slf4j-api
+- `cameleer-server-app/pom.xml` - Added clickhouse-jdbc, springdoc, actuator, testcontainers, awaitility
+- `cameleer-server-app/src/main/resources/application.yml` - Full config with datasource, ingestion, springdoc, actuator

 ## Decisions Made
 - Used spring-boot-starter-jdbc to get JdbcTemplate and HikariCP auto-configuration rather than manually wiring a DataSource
- Created MetricsSnapshot record in core module since cameleer3-common does not include a metrics model
+- Created MetricsSnapshot record in core module since cameleer-common does not include a metrics model
 - ClickHouseConfig is minimal -- relies on Spring Boot auto-configuring DataSource from spring.datasource properties

 ## Deviations from Plan
--- a/.planning/phases/01-ingestion-pipeline-api-foundation/01-02-PLAN.md
+++ b/.planning/phases/01-ingestion-pipeline-api-foundation/01-02-PLAN.md
@@ -5,18 +5,18 @@ type: execute
 wave: 3
 depends_on: ["01-01", "01-03"]
 files_modified:
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/ExecutionController.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/DiagramController.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/MetricsController.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseDiagramRepository.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseMetricsRepository.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/ingestion/ClickHouseFlushScheduler.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/ingestion/IngestionService.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/ExecutionControllerIT.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/DiagramControllerIT.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/MetricsControllerIT.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/BackpressureIT.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/ExecutionController.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/DiagramController.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/MetricsController.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseDiagramRepository.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseMetricsRepository.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/ingestion/ClickHouseFlushScheduler.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/ingestion/IngestionService.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/ExecutionControllerIT.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/DiagramControllerIT.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/MetricsControllerIT.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/BackpressureIT.java
 autonomous: true
 requirements:
  - INGST-01
@@ -32,16 +32,16 @@ must_haves:
    - "Data posted to endpoints appears in ClickHouse after flush interval"
    - "When buffer is full, endpoints return 503 with Retry-After header"
  artifacts:
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/ExecutionController.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/controller/ExecutionController.java"
      provides: "POST /api/v1/data/executions endpoint"
      min_lines: 20
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java"
      provides: "Batch insert to route_executions table via JdbcTemplate"
      min_lines: 30
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/ingestion/ClickHouseFlushScheduler.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/ingestion/ClickHouseFlushScheduler.java"
      provides: "Scheduled drain of WriteBuffer into ClickHouse"
      min_lines: 20
-    - path: "cameleer3-server-core/src/main/java/com/cameleer3/server/core/ingestion/IngestionService.java"
+    - path: "cameleer-server-core/src/main/java/com/cameleer/server/core/ingestion/IngestionService.java"
      provides: "Routes data to appropriate WriteBuffer instances"
      min_lines: 20
  key_links:
@@ -92,7 +92,7 @@ Output: Working ingestion flow verified by integration tests against Testcontain

 <!-- Interfaces from Plan 01 that this plan depends on -->
 <interfaces>
-From cameleer3-server-core WriteBuffer.java:
+From cameleer-server-core WriteBuffer.java:
 ```java
 public class WriteBuffer<T> {
    public WriteBuffer(int capacity);
@@ -106,7 +106,7 @@ public class WriteBuffer<T> {
 }
 ```

-From cameleer3-server-core repository interfaces:
+From cameleer-server-core repository interfaces:
 ```java
 public interface ExecutionRepository {
    void insertBatch(List<RouteExecution> executions);
@@ -138,11 +138,11 @@ public class IngestionConfig {
 <task type="auto" tdd="false">
  <name>Task 1: IngestionService, ClickHouse repositories, and flush scheduler</name>
  <files>
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/ingestion/IngestionService.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseDiagramRepository.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseMetricsRepository.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/ingestion/ClickHouseFlushScheduler.java
+    cameleer-server-core/src/main/java/com/cameleer/server/core/ingestion/IngestionService.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseDiagramRepository.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseMetricsRepository.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/ingestion/ClickHouseFlushScheduler.java
  </files>
  <action>
    1. Create IngestionService in core module (no Spring annotations -- it's a plain class):
@@ -188,13 +188,13 @@ public class IngestionConfig {
 <task type="auto" tdd="true">
  <name>Task 2: Ingestion REST controllers and integration tests</name>
  <files>
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/ExecutionController.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/DiagramController.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/MetricsController.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/ExecutionControllerIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/DiagramControllerIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/MetricsControllerIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/BackpressureIT.java
+    cameleer-server-app/src/main/java/com/cameleer/server/app/controller/ExecutionController.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/controller/DiagramController.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/controller/MetricsController.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/ExecutionControllerIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/DiagramControllerIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/MetricsControllerIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/BackpressureIT.java
  </files>
  <behavior>
    - POST /api/v1/data/executions with single RouteExecution JSON returns 202
@@ -245,7 +245,7 @@ public class IngestionConfig {
    Note: All integration tests must include X-Cameleer-Protocol-Version:1 header (API-04 will be enforced by Plan 03's interceptor, but include the header now for forward compatibility).
  </action>
  <verify>
-    <automated>mvn test -pl cameleer3-server-app -Dtest="ExecutionControllerIT,DiagramControllerIT,MetricsControllerIT,BackpressureIT" -q 2>&1 | tail -15</automated>
+    <automated>mvn test -pl cameleer-server-app -Dtest="ExecutionControllerIT,DiagramControllerIT,MetricsControllerIT,BackpressureIT" -q 2>&1 | tail -15</automated>
  </verify>
  <done>All three ingestion endpoints return 202 on valid data. Data arrives in ClickHouse after flush. Buffer-full returns 503 with Retry-After. Unknown JSON fields accepted. Integration tests green.</done>
 </task>
@@ -253,7 +253,7 @@ public class IngestionConfig {
 </tasks>

 <verification>
- `mvn test -pl cameleer3-server-app -Dtest="ExecutionControllerIT,DiagramControllerIT,MetricsControllerIT,BackpressureIT" -q` -- all integration tests pass
+- `mvn test -pl cameleer-server-app -Dtest="ExecutionControllerIT,DiagramControllerIT,MetricsControllerIT,BackpressureIT" -q` -- all integration tests pass
 - POST to /api/v1/data/executions returns 202
 - POST to /api/v1/data/diagrams returns 202
 - POST to /api/v1/data/metrics returns 202
--- a/.planning/phases/01-ingestion-pipeline-api-foundation/01-02-SUMMARY.md
+++ b/.planning/phases/01-ingestion-pipeline-api-foundation/01-02-SUMMARY.md
@@ -30,21 +30,21 @@ tech-stack:

 key-files:
  created:
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/ingestion/IngestionService.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseDiagramRepository.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseMetricsRepository.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/ingestion/ClickHouseFlushScheduler.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/IngestionBeanConfig.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/ExecutionController.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/DiagramController.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/MetricsController.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/ExecutionControllerIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/DiagramControllerIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/MetricsControllerIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/BackpressureIT.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/ingestion/IngestionService.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseDiagramRepository.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseMetricsRepository.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/ingestion/ClickHouseFlushScheduler.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/config/IngestionBeanConfig.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/ExecutionController.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/DiagramController.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/MetricsController.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/ExecutionControllerIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/DiagramControllerIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/MetricsControllerIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/BackpressureIT.java
  modified:
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/IngestionConfig.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/config/IngestionConfig.java

 key-decisions:
  - "Controllers accept raw String body and detect single vs array JSON to support both payload formats"
@@ -91,20 +91,20 @@ Each task was committed atomically:
 3. **Task 2 GREEN: Ingestion REST controllers with backpressure** - `8fe65f0` (feat)

 ## Files Created/Modified
- `cameleer3-server-core/.../ingestion/IngestionService.java` - Routes data to WriteBuffer instances
- `cameleer3-server-app/.../storage/ClickHouseExecutionRepository.java` - Batch insert with parallel processor arrays
- `cameleer3-server-app/.../storage/ClickHouseDiagramRepository.java` - JSON storage with SHA-256 content-hash dedup
- `cameleer3-server-app/.../storage/ClickHouseMetricsRepository.java` - Batch insert for agent_metrics
- `cameleer3-server-app/.../ingestion/ClickHouseFlushScheduler.java` - Scheduled drain + SmartLifecycle shutdown
- `cameleer3-server-app/.../config/IngestionBeanConfig.java` - WriteBuffer and IngestionService bean wiring
- `cameleer3-server-app/.../controller/ExecutionController.java` - POST /api/v1/data/executions
- `cameleer3-server-app/.../controller/DiagramController.java` - POST /api/v1/data/diagrams
- `cameleer3-server-app/.../controller/MetricsController.java` - POST /api/v1/data/metrics
- `cameleer3-server-app/.../config/IngestionConfig.java` - Removed @Configuration (fix duplicate bean)
- `cameleer3-server-app/.../controller/ExecutionControllerIT.java` - 4 tests: single, array, flush, unknown fields
- `cameleer3-server-app/.../controller/DiagramControllerIT.java` - 3 tests: single, array, flush
- `cameleer3-server-app/.../controller/MetricsControllerIT.java` - 2 tests: POST, flush
- `cameleer3-server-app/.../controller/BackpressureIT.java` - 2 tests: 503 response, data not lost
+- `cameleer-server-core/.../ingestion/IngestionService.java` - Routes data to WriteBuffer instances
+- `cameleer-server-app/.../storage/ClickHouseExecutionRepository.java` - Batch insert with parallel processor arrays
+- `cameleer-server-app/.../storage/ClickHouseDiagramRepository.java` - JSON storage with SHA-256 content-hash dedup
+- `cameleer-server-app/.../storage/ClickHouseMetricsRepository.java` - Batch insert for agent_metrics
+- `cameleer-server-app/.../ingestion/ClickHouseFlushScheduler.java` - Scheduled drain + SmartLifecycle shutdown
+- `cameleer-server-app/.../config/IngestionBeanConfig.java` - WriteBuffer and IngestionService bean wiring
+- `cameleer-server-app/.../controller/ExecutionController.java` - POST /api/v1/data/executions
+- `cameleer-server-app/.../controller/DiagramController.java` - POST /api/v1/data/diagrams
+- `cameleer-server-app/.../controller/MetricsController.java` - POST /api/v1/data/metrics
+- `cameleer-server-app/.../config/IngestionConfig.java` - Removed @Configuration (fix duplicate bean)
+- `cameleer-server-app/.../controller/ExecutionControllerIT.java` - 4 tests: single, array, flush, unknown fields
+- `cameleer-server-app/.../controller/DiagramControllerIT.java` - 3 tests: single, array, flush
+- `cameleer-server-app/.../controller/MetricsControllerIT.java` - 2 tests: POST, flush
+- `cameleer-server-app/.../controller/BackpressureIT.java` - 2 tests: 503 response, data not lost

 ## Decisions Made
 - Controllers accept raw String body and detect single vs array JSON (starts with `[`), supporting both payload formats per protocol spec
@@ -119,7 +119,7 @@ Each task was committed atomically:
 - **Found during:** Task 2 (integration test context startup)
 - **Issue:** IngestionConfig had both `@Configuration` and `@ConfigurationProperties`, while `@EnableConfigurationProperties(IngestionConfig.class)` on the app class created a second bean, causing "expected single matching bean but found 2"
 - **Fix:** Removed `@Configuration` from IngestionConfig, relying solely on `@EnableConfigurationProperties`
- **Files modified:** cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/IngestionConfig.java
+- **Files modified:** cameleer-server-app/src/main/java/com/cameleer/server/app/config/IngestionConfig.java
 - **Verification:** Application context starts successfully, all tests pass
 - **Committed in:** 8fe65f0

--- a/.planning/phases/01-ingestion-pipeline-api-foundation/01-03-PLAN.md
+++ b/.planning/phases/01-ingestion-pipeline-api-foundation/01-03-PLAN.md
@@ -5,15 +5,15 @@ type: execute
 wave: 2
 depends_on: ["01-01"]
 files_modified:
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/interceptor/ProtocolVersionInterceptor.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/WebConfig.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/Cameleer3ServerApplication.java
-  - cameleer3-server-app/src/test/resources/application-test.yml
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/AbstractClickHouseIT.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/interceptor/ProtocolVersionIT.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/HealthControllerIT.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/OpenApiIT.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/ForwardCompatIT.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/interceptor/ProtocolVersionInterceptor.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/config/WebConfig.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/CameleerServerApplication.java
+  - cameleer-server-app/src/test/resources/application-test.yml
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/AbstractClickHouseIT.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/interceptor/ProtocolVersionIT.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/HealthControllerIT.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/OpenApiIT.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/ForwardCompatIT.java
 autonomous: true
 requirements:
  - API-01
@@ -34,13 +34,13 @@ must_haves:
    - "Unknown JSON fields in request body do not cause deserialization errors"
    - "ClickHouse tables have TTL clause for 30-day retention"
  artifacts:
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/interceptor/ProtocolVersionInterceptor.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/interceptor/ProtocolVersionInterceptor.java"
      provides: "Validates X-Cameleer-Protocol-Version:1 header on data endpoints"
      min_lines: 20
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/WebConfig.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/config/WebConfig.java"
      provides: "Registers interceptor with path patterns"
      min_lines: 10
-    - path: "cameleer3-server-app/src/test/java/com/cameleer3/server/app/AbstractClickHouseIT.java"
+    - path: "cameleer-server-app/src/test/java/com/cameleer/server/app/AbstractClickHouseIT.java"
      provides: "Shared Testcontainers base class for integration tests"
      min_lines: 20
  key_links:
@@ -83,11 +83,11 @@ Output: AbstractClickHouseIT base class, working health, Swagger UI, protocol he
 <task type="auto">
  <name>Task 1: Test infrastructure, protocol version interceptor, WebConfig, and Spring Boot application class</name>
  <files>
-    cameleer3-server-app/src/test/resources/application-test.yml,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/AbstractClickHouseIT.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/interceptor/ProtocolVersionInterceptor.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/WebConfig.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/Cameleer3ServerApplication.java
+    cameleer-server-app/src/test/resources/application-test.yml,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/AbstractClickHouseIT.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/interceptor/ProtocolVersionInterceptor.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/config/WebConfig.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/CameleerServerApplication.java
  </files>
  <action>
    1. Create application-test.yml for test profile:
@@ -113,15 +113,15 @@ Output: AbstractClickHouseIT base class, working health, Swagger UI, protocol he
       - Override addInterceptors: register interceptor with pathPatterns "/api/v1/data/**" and "/api/v1/agents/**"
       - Explicitly EXCLUDE: "/api/v1/health", "/api/v1/api-docs/**", "/api/v1/swagger-ui/**", "/api/v1/swagger-ui.html"

-    5. Create or update Cameleer3ServerApplication:
-       - @SpringBootApplication in package com.cameleer3.server.app
+    5. Create or update CameleerServerApplication:
+       - @SpringBootApplication in package com.cameleer.server.app
       - @EnableScheduling (needed for ClickHouseFlushScheduler from Plan 02)
       - @EnableConfigurationProperties(IngestionConfig.class)
       - Main method with SpringApplication.run()
-       - Ensure package scanning covers com.cameleer3.server.app and com.cameleer3.server.core
+       - Ensure package scanning covers com.cameleer.server.app and com.cameleer.server.core
  </action>
  <verify>
-    <automated>mvn clean compile -pl cameleer3-server-app -q 2>&1 | tail -5</automated>
+    <automated>mvn clean compile -pl cameleer-server-app -q 2>&1 | tail -5</automated>
  </verify>
  <done>AbstractClickHouseIT base class ready for integration tests. ProtocolVersionInterceptor validates header on data/agent paths. Health, swagger, and api-docs paths excluded. Application class enables scheduling and config properties.</done>
 </task>
@@ -129,10 +129,10 @@ Output: AbstractClickHouseIT base class, working health, Swagger UI, protocol he
 <task type="auto" tdd="true">
  <name>Task 2: Health, OpenAPI, protocol version, forward compat, and TTL integration tests</name>
  <files>
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/HealthControllerIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/OpenApiIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/interceptor/ProtocolVersionIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/ForwardCompatIT.java
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/HealthControllerIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/OpenApiIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/interceptor/ProtocolVersionIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/ForwardCompatIT.java
  </files>
  <behavior>
    - GET /api/v1/health returns 200 with JSON containing status field
@@ -178,7 +178,7 @@ Output: AbstractClickHouseIT base class, working health, Swagger UI, protocol he
    Note: All tests that POST to data endpoints must include X-Cameleer-Protocol-Version:1 header.
  </action>
  <verify>
-    <automated>mvn test -pl cameleer3-server-app -Dtest="HealthControllerIT,OpenApiIT,ProtocolVersionIT,ForwardCompatIT" -q 2>&1 | tail -15</automated>
+    <automated>mvn test -pl cameleer-server-app -Dtest="HealthControllerIT,OpenApiIT,ProtocolVersionIT,ForwardCompatIT" -q 2>&1 | tail -15</automated>
  </verify>
  <done>Health returns 200. OpenAPI docs are available and list endpoints. Protocol version header enforced on data paths, not on health/docs. Unknown JSON fields accepted. TTL confirmed in ClickHouse DDL via HealthControllerIT test methods.</done>
 </task>
@@ -186,7 +186,7 @@ Output: AbstractClickHouseIT base class, working health, Swagger UI, protocol he
 </tasks>

 <verification>
- `mvn test -pl cameleer3-server-app -Dtest="HealthControllerIT,OpenApiIT,ProtocolVersionIT,ForwardCompatIT" -q` -- all tests pass
+- `mvn test -pl cameleer-server-app -Dtest="HealthControllerIT,OpenApiIT,ProtocolVersionIT,ForwardCompatIT" -q` -- all tests pass
 - GET /api/v1/health returns 200
 - GET /api/v1/api-docs returns OpenAPI spec
 - Missing protocol header returns 400 on data endpoints
--- a/.planning/phases/01-ingestion-pipeline-api-foundation/01-03-SUMMARY.md
+++ b/.planning/phases/01-ingestion-pipeline-api-foundation/01-03-SUMMARY.md
@@ -12,7 +12,7 @@ provides:
  - AbstractClickHouseIT base class for all integration tests
  - ProtocolVersionInterceptor enforcing X-Cameleer-Protocol-Version:1 on data/agent paths
  - WebConfig with interceptor registration and path exclusions
-  - Cameleer3ServerApplication with @EnableScheduling and component scanning
+  - CameleerServerApplication with @EnableScheduling and component scanning
  - 12 passing integration tests (health, OpenAPI, protocol version, forward compat, TTL)

 affects: [01-02, 02-search, 03-agent-registry]
@@ -23,17 +23,17 @@ tech-stack:

 key-files:
  created:
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/Cameleer3ServerApplication.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/interceptor/ProtocolVersionInterceptor.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/WebConfig.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/AbstractClickHouseIT.java
-    - cameleer3-server-app/src/test/resources/application-test.yml
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/HealthControllerIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/OpenApiIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/interceptor/ProtocolVersionIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/ForwardCompatIT.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/CameleerServerApplication.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/interceptor/ProtocolVersionInterceptor.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/config/WebConfig.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/AbstractClickHouseIT.java
+    - cameleer-server-app/src/test/resources/application-test.yml
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/HealthControllerIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/OpenApiIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/interceptor/ProtocolVersionIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/ForwardCompatIT.java
  modified:
-    - cameleer3-server-app/pom.xml
+    - cameleer-server-app/pom.xml
    - pom.xml
    - clickhouse/init/01-schema.sql

@@ -70,7 +70,7 @@ completed: 2026-03-11
 - ProtocolVersionInterceptor validates X-Cameleer-Protocol-Version:1 on /api/v1/data/** and /api/v1/agents/** paths, returning 400 JSON error for missing or wrong version
 - AbstractClickHouseIT base class with Testcontainers ClickHouse 25.3, shared static container, schema init from 01-schema.sql
 - 12 integration tests: health endpoint (2), OpenAPI docs (2), protocol version enforcement (5), forward compatibility (1), TTL verification (2)
- Cameleer3ServerApplication with @EnableScheduling, @EnableConfigurationProperties, and dual package scanning
+- CameleerServerApplication with @EnableScheduling, @EnableConfigurationProperties, and dual package scanning

 ## Task Commits

@@ -80,17 +80,17 @@ Each task was committed atomically:
 2. **Task 2: Integration tests for health, OpenAPI, protocol version, forward compat, and TTL** - `2d3fde3` (test)

 ## Files Created/Modified
- `cameleer3-server-app/src/main/java/.../Cameleer3ServerApplication.java` - Spring Boot entry point with scheduling and config properties
- `cameleer3-server-app/src/main/java/.../interceptor/ProtocolVersionInterceptor.java` - Validates protocol version header on data/agent paths
- `cameleer3-server-app/src/main/java/.../config/WebConfig.java` - Registers interceptor with path patterns and exclusions
- `cameleer3-server-app/src/test/java/.../AbstractClickHouseIT.java` - Shared Testcontainers base class for ITs
- `cameleer3-server-app/src/test/resources/application-test.yml` - Test profile with small buffer config
- `cameleer3-server-app/src/test/java/.../controller/HealthControllerIT.java` - Health endpoint and TTL tests
- `cameleer3-server-app/src/test/java/.../controller/OpenApiIT.java` - OpenAPI and Swagger UI tests
- `cameleer3-server-app/src/test/java/.../interceptor/ProtocolVersionIT.java` - Protocol header enforcement tests
- `cameleer3-server-app/src/test/java/.../controller/ForwardCompatIT.java` - Unknown JSON fields test
+- `cameleer-server-app/src/main/java/.../CameleerServerApplication.java` - Spring Boot entry point with scheduling and config properties
+- `cameleer-server-app/src/main/java/.../interceptor/ProtocolVersionInterceptor.java` - Validates protocol version header on data/agent paths
+- `cameleer-server-app/src/main/java/.../config/WebConfig.java` - Registers interceptor with path patterns and exclusions
+- `cameleer-server-app/src/test/java/.../AbstractClickHouseIT.java` - Shared Testcontainers base class for ITs
+- `cameleer-server-app/src/test/resources/application-test.yml` - Test profile with small buffer config
+- `cameleer-server-app/src/test/java/.../controller/HealthControllerIT.java` - Health endpoint and TTL tests
+- `cameleer-server-app/src/test/java/.../controller/OpenApiIT.java` - OpenAPI and Swagger UI tests
+- `cameleer-server-app/src/test/java/.../interceptor/ProtocolVersionIT.java` - Protocol header enforcement tests
+- `cameleer-server-app/src/test/java/.../controller/ForwardCompatIT.java` - Unknown JSON fields test
 - `pom.xml` - Override testcontainers.version to 2.0.3
- `cameleer3-server-app/pom.xml` - Remove junit-jupiter, upgrade testcontainers-clickhouse to 2.0.3
+- `cameleer-server-app/pom.xml` - Remove junit-jupiter, upgrade testcontainers-clickhouse to 2.0.3
 - `clickhouse/init/01-schema.sql` - Fix TTL expressions and error column types

 ## Decisions Made
@@ -107,7 +107,7 @@ Each task was committed atomically:
 - **Found during:** Task 2 (compilation)
 - **Issue:** org.testcontainers:junit-jupiter:2.0.2 does not exist in Maven Central
 - **Fix:** Removed junit-jupiter dependency, upgraded to TC 2.0.3, managed container lifecycle manually via static initializer
- **Files modified:** cameleer3-server-app/pom.xml, pom.xml, AbstractClickHouseIT.java
+- **Files modified:** cameleer-server-app/pom.xml, pom.xml, AbstractClickHouseIT.java
 - **Verification:** All tests compile and pass
 - **Committed in:** 2d3fde3

--- a/.planning/phases/01-ingestion-pipeline-api-foundation/01-RESEARCH.md
+++ b/.planning/phases/01-ingestion-pipeline-api-foundation/01-RESEARCH.md
@@ -6,7 +6,7 @@

 ## Summary

-Phase 1 establishes the data pipeline and API skeleton for Cameleer3 Server. Agents POST execution data, diagrams, and metrics to REST endpoints; the server buffers these in memory and batch-flushes to ClickHouse. The ClickHouse schema design is the most critical and least reversible decision in this phase -- ORDER BY and partitioning cannot be changed without table recreation.
+Phase 1 establishes the data pipeline and API skeleton for Cameleer Server. Agents POST execution data, diagrams, and metrics to REST endpoints; the server buffers these in memory and batch-flushes to ClickHouse. The ClickHouse schema design is the most critical and least reversible decision in this phase -- ORDER BY and partitioning cannot be changed without table recreation.

 The ClickHouse Java ecosystem has undergone significant changes. The recommended approach is **clickhouse-jdbc v0.9.7** (JDBC V2 driver) with Spring Boot's JdbcTemplate for batch inserts. An alternative is the standalone **client-v2** artifact which offers a POJO-based insert API, but JDBC integration with Spring Boot is more conventional and better documented. ClickHouse now has a native full-text index (TYPE text, GA as of March 2026) that supersedes the older tokenbf_v1 bloom filter approach -- this is relevant for Phase 2 but should be accounted for in schema design now.

@@ -17,7 +17,7 @@ The ClickHouse Java ecosystem has undergone significant changes. The recommended

 | ID | Description | Research Support |
 |----|-------------|-----------------|
-| INGST-01 (#1) | Accept RouteExecution via POST /api/v1/data/executions, return 202 | REST controller + async write buffer pattern; Jackson deserialization of cameleer3-common models |
+| INGST-01 (#1) | Accept RouteExecution via POST /api/v1/data/executions, return 202 | REST controller + async write buffer pattern; Jackson deserialization of cameleer-common models |
 | INGST-02 (#2) | Accept RouteGraph via POST /api/v1/data/diagrams, return 202 | Same pattern; separate ClickHouse table for diagrams with content-hash dedup |
 | INGST-03 (#3) | Accept metrics via POST /api/v1/data/metrics, return 202 | Same pattern; separate ClickHouse table for metrics |
 | INGST-04 (#4) | In-memory batch buffer with configurable flush interval/size | ArrayBlockingQueue + @Scheduled flush; configurable via application.yml |
@@ -60,7 +60,7 @@ The ClickHouse Java ecosystem has undergone significant changes. The recommended
 | ArrayBlockingQueue | LMAX Disruptor | Disruptor is faster under extreme contention but adds complexity; ABQ is sufficient for this throughput |
 | Spring JdbcTemplate | Raw JDBC PreparedStatement | JdbcTemplate provides cleaner error handling and resource management; no meaningful overhead |

-**Installation (add to cameleer3-server-app/pom.xml):**
+**Installation (add to cameleer-server-app/pom.xml):**
 ```xml
 <!-- ClickHouse JDBC V2 -->
 <dependency>
@@ -103,7 +103,7 @@ The ClickHouse Java ecosystem has undergone significant changes. The recommended
 </dependency>
 ```

-**Add to cameleer3-server-core/pom.xml:**
+**Add to cameleer-server-core/pom.xml:**
 ```xml
 <!-- SLF4J for logging (no Spring dependency) -->
 <dependency>
@@ -117,7 +117,7 @@ The ClickHouse Java ecosystem has undergone significant changes. The recommended
 ### Recommended Project Structure

 ```
-cameleer3-server-core/src/main/java/com/cameleer3/server/core/
+cameleer-server-core/src/main/java/com/cameleer/server/core/
    ingestion/
        WriteBuffer.java              # Bounded queue + flush logic
        IngestionService.java         # Accepts data, routes to buffer
@@ -126,9 +126,9 @@ cameleer3-server-core/src/main/java/com/cameleer3/server/core/
        DiagramRepository.java        # Interface: store/retrieve diagrams
        MetricsRepository.java        # Interface: store metrics
    model/
-        (extend/complement cameleer3-common models as needed)
+        (extend/complement cameleer-common models as needed)

-cameleer3-server-app/src/main/java/com/cameleer3/server/app/
+cameleer-server-app/src/main/java/com/cameleer/server/app/
    config/
        ClickHouseConfig.java         # DataSource + JdbcTemplate bean
        IngestionConfig.java          # Buffer size, flush interval from YAML
@@ -424,7 +424,7 @@ services:
    environment:
      CLICKHOUSE_USER: cameleer
      CLICKHOUSE_PASSWORD: cameleer_dev
-      CLICKHOUSE_DB: cameleer3
+      CLICKHOUSE_DB: cameleer
    ulimits:
      nofile:
        soft: 262144
@@ -442,7 +442,7 @@ server:

 spring:
  datasource:
-    url: jdbc:ch://localhost:8123/cameleer3
+    url: jdbc:ch://localhost:8123/cameleer
    username: cameleer
    password: cameleer_dev
    driver-class-name: com.clickhouse.jdbc.ClickHouseDriver
@@ -493,10 +493,10 @@ management:

 ## Open Questions

-1. **Exact cameleer3-common model structure**
+1. **Exact cameleer-common model structure**
   - What we know: Models include RouteExecution, ProcessorExecution, ExchangeSnapshot, RouteGraph, RouteNode, RouteEdge
   - What's unclear: Exact field names, types, nesting structure -- needed to design ClickHouse schema precisely
-   - Recommendation: Read cameleer3-common source code before implementing schema. Schema must match the wire format.
+   - Recommendation: Read cameleer-common source code before implementing schema. Schema must match the wire format.

 2. **ClickHouse JDBC V2 + HikariCP compatibility**
   - What we know: clickhouse-jdbc 0.9.7 implements JDBC spec; HikariCP is Spring Boot default
@@ -515,36 +515,36 @@ management:
 | Property | Value |
 |----------|-------|
 | Framework | JUnit 5 (Spring Boot managed) + Testcontainers 2.0.2 |
-| Config file | cameleer3-server-app/src/test/resources/application-test.yml (Wave 0) |
-| Quick run command | `mvn test -pl cameleer3-server-core -Dtest=WriteBufferTest -q` |
+| Config file | cameleer-server-app/src/test/resources/application-test.yml (Wave 0) |
+| Quick run command | `mvn test -pl cameleer-server-core -Dtest=WriteBufferTest -q` |
 | Full suite command | `mvn verify` |

 ### Phase Requirements -> Test Map

 | Req ID | Behavior | Test Type | Automated Command | File Exists? |
 |--------|----------|-----------|-------------------|-------------|
-| INGST-01 | POST /api/v1/data/executions returns 202, data in ClickHouse | integration | `mvn test -pl cameleer3-server-app -Dtest=ExecutionControllerIT -q` | Wave 0 |
-| INGST-02 | POST /api/v1/data/diagrams returns 202 | integration | `mvn test -pl cameleer3-server-app -Dtest=DiagramControllerIT -q` | Wave 0 |
-| INGST-03 | POST /api/v1/data/metrics returns 202 | integration | `mvn test -pl cameleer3-server-app -Dtest=MetricsControllerIT -q` | Wave 0 |
-| INGST-04 | Buffer flushes at interval/size | unit | `mvn test -pl cameleer3-server-core -Dtest=WriteBufferTest -q` | Wave 0 |
-| INGST-05 | 503 when buffer full | unit+integration | `mvn test -pl cameleer3-server-app -Dtest=BackpressureIT -q` | Wave 0 |
-| INGST-06 | TTL removes old data | integration | `mvn test -pl cameleer3-server-app -Dtest=ClickHouseTtlIT -q` | Wave 0 |
+| INGST-01 | POST /api/v1/data/executions returns 202, data in ClickHouse | integration | `mvn test -pl cameleer-server-app -Dtest=ExecutionControllerIT -q` | Wave 0 |
+| INGST-02 | POST /api/v1/data/diagrams returns 202 | integration | `mvn test -pl cameleer-server-app -Dtest=DiagramControllerIT -q` | Wave 0 |
+| INGST-03 | POST /api/v1/data/metrics returns 202 | integration | `mvn test -pl cameleer-server-app -Dtest=MetricsControllerIT -q` | Wave 0 |
+| INGST-04 | Buffer flushes at interval/size | unit | `mvn test -pl cameleer-server-core -Dtest=WriteBufferTest -q` | Wave 0 |
+| INGST-05 | 503 when buffer full | unit+integration | `mvn test -pl cameleer-server-app -Dtest=BackpressureIT -q` | Wave 0 |
+| INGST-06 | TTL removes old data | integration | `mvn test -pl cameleer-server-app -Dtest=ClickHouseTtlIT -q` | Wave 0 |
 | API-01 | Endpoints under /api/v1/ | integration | Covered by controller ITs | Wave 0 |
-| API-02 | OpenAPI docs available | integration | `mvn test -pl cameleer3-server-app -Dtest=OpenApiIT -q` | Wave 0 |
-| API-03 | GET /api/v1/health responds | integration | `mvn test -pl cameleer3-server-app -Dtest=HealthControllerIT -q` | Wave 0 |
-| API-04 | Protocol version header validated | integration | `mvn test -pl cameleer3-server-app -Dtest=ProtocolVersionIT -q` | Wave 0 |
-| API-05 | Unknown JSON fields accepted | unit | `mvn test -pl cameleer3-server-app -Dtest=ForwardCompatIT -q` | Wave 0 |
+| API-02 | OpenAPI docs available | integration | `mvn test -pl cameleer-server-app -Dtest=OpenApiIT -q` | Wave 0 |
+| API-03 | GET /api/v1/health responds | integration | `mvn test -pl cameleer-server-app -Dtest=HealthControllerIT -q` | Wave 0 |
+| API-04 | Protocol version header validated | integration | `mvn test -pl cameleer-server-app -Dtest=ProtocolVersionIT -q` | Wave 0 |
+| API-05 | Unknown JSON fields accepted | unit | `mvn test -pl cameleer-server-app -Dtest=ForwardCompatIT -q` | Wave 0 |

 ### Sampling Rate
- **Per task commit:** `mvn test -pl cameleer3-server-core -q` (unit tests, fast)
+- **Per task commit:** `mvn test -pl cameleer-server-core -q` (unit tests, fast)
 - **Per wave merge:** `mvn verify` (full suite with Testcontainers integration tests)
 - **Phase gate:** Full suite green before verification

 ### Wave 0 Gaps
- [ ] `cameleer3-server-app/src/test/resources/application-test.yml` -- test ClickHouse config
- [ ] `cameleer3-server-core/src/test/java/.../WriteBufferTest.java` -- buffer unit tests
- [ ] `cameleer3-server-app/src/test/java/.../AbstractClickHouseIT.java` -- shared Testcontainers base class
- [ ] `cameleer3-server-app/src/test/java/.../ExecutionControllerIT.java` -- ingestion integration test
+- [ ] `cameleer-server-app/src/test/resources/application-test.yml` -- test ClickHouse config
+- [ ] `cameleer-server-core/src/test/java/.../WriteBufferTest.java` -- buffer unit tests
+- [ ] `cameleer-server-app/src/test/java/.../AbstractClickHouseIT.java` -- shared Testcontainers base class
+- [ ] `cameleer-server-app/src/test/java/.../ExecutionControllerIT.java` -- ingestion integration test
 - [ ] Docker available on test machine for Testcontainers

 ## Sources
--- a/.planning/phases/01-ingestion-pipeline-api-foundation/01-VALIDATION.md
+++ b/.planning/phases/01-ingestion-pipeline-api-foundation/01-VALIDATION.md
@@ -18,8 +18,8 @@ created: 2026-03-11
 | Property | Value |
 |----------|-------|
 | **Framework** | JUnit 5 (Spring Boot managed) + Testcontainers 2.0.2 |
-| **Config file** | cameleer3-server-app/src/test/resources/application-test.yml (Wave 0) |
-| **Quick run command** | `mvn test -pl cameleer3-server-core -Dtest=WriteBufferTest -q` |
+| **Config file** | cameleer-server-app/src/test/resources/application-test.yml (Wave 0) |
+| **Quick run command** | `mvn test -pl cameleer-server-core -Dtest=WriteBufferTest -q` |
 | **Full suite command** | `mvn verify` |
 | **Estimated runtime** | ~30 seconds |

@@ -27,7 +27,7 @@ created: 2026-03-11

 ## Sampling Rate

- **After every task commit:** Run `mvn test -pl cameleer3-server-core -q`
+- **After every task commit:** Run `mvn test -pl cameleer-server-core -q`
 - **After every plan wave:** Run `mvn verify`
 - **Before `/gsd:verify-work`:** Full suite must be green
 - **Max feedback latency:** 30 seconds
@@ -38,17 +38,17 @@ created: 2026-03-11

 | Task ID | Plan | Wave | Requirement | Test Type | Automated Command | File Exists | Status |
 |---------|------|------|-------------|-----------|-------------------|-------------|--------|
-| 1-01-01 | 01 | 1 | INGST-04 | unit | `mvn test -pl cameleer3-server-core -Dtest=WriteBufferTest -q` | no W0 | pending |
-| 1-01-02 | 01 | 1 | INGST-01 | integration | `mvn test -pl cameleer3-server-app -Dtest=ExecutionControllerIT -q` | no W0 | pending |
-| 1-01-03 | 01 | 1 | INGST-05 | integration | `mvn test -pl cameleer3-server-app -Dtest=BackpressureIT -q` | no W0 | pending |
-| 1-01-04 | 01 | 1 | INGST-06 | integration | `mvn test -pl cameleer3-server-app -Dtest=HealthControllerIT#ttlConfigured* -q` | no W0 | pending |
-| 1-02-01 | 02 | 1 | INGST-01 | integration | `mvn test -pl cameleer3-server-app -Dtest=ExecutionControllerIT -q` | no W0 | pending |
-| 1-02-02 | 02 | 1 | INGST-02 | integration | `mvn test -pl cameleer3-server-app -Dtest=DiagramControllerIT -q` | no W0 | pending |
-| 1-02-03 | 02 | 1 | INGST-03 | integration | `mvn test -pl cameleer3-server-app -Dtest=MetricsControllerIT -q` | no W0 | pending |
-| 1-02-04 | 02 | 1 | API-02 | integration | `mvn test -pl cameleer3-server-app -Dtest=OpenApiIT -q` | no W0 | pending |
-| 1-02-05 | 02 | 1 | API-03 | integration | `mvn test -pl cameleer3-server-app -Dtest=HealthControllerIT -q` | no W0 | pending |
-| 1-02-06 | 02 | 1 | API-04 | integration | `mvn test -pl cameleer3-server-app -Dtest=ProtocolVersionIT -q` | no W0 | pending |
-| 1-02-07 | 02 | 1 | API-05 | unit | `mvn test -pl cameleer3-server-app -Dtest=ForwardCompatIT -q` | no W0 | pending |
+| 1-01-01 | 01 | 1 | INGST-04 | unit | `mvn test -pl cameleer-server-core -Dtest=WriteBufferTest -q` | no W0 | pending |
+| 1-01-02 | 01 | 1 | INGST-01 | integration | `mvn test -pl cameleer-server-app -Dtest=ExecutionControllerIT -q` | no W0 | pending |
+| 1-01-03 | 01 | 1 | INGST-05 | integration | `mvn test -pl cameleer-server-app -Dtest=BackpressureIT -q` | no W0 | pending |
+| 1-01-04 | 01 | 1 | INGST-06 | integration | `mvn test -pl cameleer-server-app -Dtest=HealthControllerIT#ttlConfigured* -q` | no W0 | pending |
+| 1-02-01 | 02 | 1 | INGST-01 | integration | `mvn test -pl cameleer-server-app -Dtest=ExecutionControllerIT -q` | no W0 | pending |
+| 1-02-02 | 02 | 1 | INGST-02 | integration | `mvn test -pl cameleer-server-app -Dtest=DiagramControllerIT -q` | no W0 | pending |
+| 1-02-03 | 02 | 1 | INGST-03 | integration | `mvn test -pl cameleer-server-app -Dtest=MetricsControllerIT -q` | no W0 | pending |
+| 1-02-04 | 02 | 1 | API-02 | integration | `mvn test -pl cameleer-server-app -Dtest=OpenApiIT -q` | no W0 | pending |
+| 1-02-05 | 02 | 1 | API-03 | integration | `mvn test -pl cameleer-server-app -Dtest=HealthControllerIT -q` | no W0 | pending |
+| 1-02-06 | 02 | 1 | API-04 | integration | `mvn test -pl cameleer-server-app -Dtest=ProtocolVersionIT -q` | no W0 | pending |
+| 1-02-07 | 02 | 1 | API-05 | unit | `mvn test -pl cameleer-server-app -Dtest=ForwardCompatIT -q` | no W0 | pending |

 *Status: pending / green / red / flaky*

@@ -56,10 +56,10 @@ created: 2026-03-11

 ## Wave 0 Requirements

- [ ] `cameleer3-server-app/src/test/resources/application-test.yml` — test ClickHouse config
- [ ] `cameleer3-server-core/src/test/java/.../WriteBufferTest.java` — buffer unit tests
- [ ] `cameleer3-server-app/src/test/java/.../AbstractClickHouseIT.java` — shared Testcontainers base class
- [ ] `cameleer3-server-app/src/test/java/.../ExecutionControllerIT.java` — ingestion integration test
+- [ ] `cameleer-server-app/src/test/resources/application-test.yml` — test ClickHouse config
+- [ ] `cameleer-server-core/src/test/java/.../WriteBufferTest.java` — buffer unit tests
+- [ ] `cameleer-server-app/src/test/java/.../AbstractClickHouseIT.java` — shared Testcontainers base class
+- [ ] `cameleer-server-app/src/test/java/.../ExecutionControllerIT.java` — ingestion integration test
 - [ ] Docker available on test machine for Testcontainers

 *If none: "Existing infrastructure covers all phase requirements."*
--- a/.planning/phases/01-ingestion-pipeline-api-foundation/01-VERIFICATION.md
+++ b/.planning/phases/01-ingestion-pipeline-api-foundation/01-VERIFICATION.md
@@ -35,27 +35,27 @@ re_verification: false

 | Artifact | Expected | Status | Details |
 |---|---|---|---|
-| `cameleer3-server-core/src/main/java/com/cameleer3/server/core/ingestion/WriteBuffer.java` | Generic bounded write buffer with offer/drain/isFull | VERIFIED | 80 lines; `ArrayBlockingQueue`-backed; implements `offer`, `offerBatch` (all-or-nothing), `drain`, `isFull`, `size`, `capacity`, `remainingCapacity` |
+| `cameleer-server-core/src/main/java/com/cameleer/server/core/ingestion/WriteBuffer.java` | Generic bounded write buffer with offer/drain/isFull | VERIFIED | 80 lines; `ArrayBlockingQueue`-backed; implements `offer`, `offerBatch` (all-or-nothing), `drain`, `isFull`, `size`, `capacity`, `remainingCapacity` |
 | `clickhouse/init/01-schema.sql` | ClickHouse DDL for all three tables | VERIFIED | Contains `CREATE TABLE route_executions`, `route_diagrams`, `agent_metrics`; correct ENGINE, ORDER BY, PARTITION BY, TTL with `toDateTime()` cast |
 | `docker-compose.yml` | Local ClickHouse service | VERIFIED | `clickhouse/clickhouse-server:25.3`; ports 8123/9000; init volume mount; credentials configured |
-| `cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/ExecutionRepository.java` | Repository interface for execution batch inserts | VERIFIED | Declares `void insertBatch(List<RouteExecution> executions)` |
+| `cameleer-server-core/src/main/java/com/cameleer/server/core/storage/ExecutionRepository.java` | Repository interface for execution batch inserts | VERIFIED | Declares `void insertBatch(List<RouteExecution> executions)` |

 #### Plan 01-02 Artifacts

 | Artifact | Expected | Status | Details |
 |---|---|---|---|
-| `cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/ExecutionController.java` | POST /api/v1/data/executions endpoint | VERIFIED | 79 lines; `@PostMapping("/executions")`; handles single/array via raw String parsing; returns 202 or 503 + Retry-After |
-| `cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java` | Batch insert to route_executions via JdbcTemplate | VERIFIED | 118 lines; `@Repository`; `BatchPreparedStatementSetter`; flattens processor tree to parallel arrays |
-| `cameleer3-server-app/src/main/java/com/cameleer3/server/app/ingestion/ClickHouseFlushScheduler.java` | Scheduled drain of WriteBuffer into ClickHouse | VERIFIED | 160 lines; `@Scheduled(fixedDelayString="${ingestion.flush-interval-ms:1000}")`; implements `SmartLifecycle` for shutdown drain |
-| `cameleer3-server-core/src/main/java/com/cameleer3/server/core/ingestion/IngestionService.java` | Routes data to appropriate WriteBuffer instances | VERIFIED | 115 lines; plain class; `acceptExecution`, `acceptExecutions`, `acceptDiagram`, `acceptDiagrams`, `acceptMetrics`; delegates to typed `WriteBuffer` instances |
+| `cameleer-server-app/src/main/java/com/cameleer/server/app/controller/ExecutionController.java` | POST /api/v1/data/executions endpoint | VERIFIED | 79 lines; `@PostMapping("/executions")`; handles single/array via raw String parsing; returns 202 or 503 + Retry-After |
+| `cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java` | Batch insert to route_executions via JdbcTemplate | VERIFIED | 118 lines; `@Repository`; `BatchPreparedStatementSetter`; flattens processor tree to parallel arrays |
+| `cameleer-server-app/src/main/java/com/cameleer/server/app/ingestion/ClickHouseFlushScheduler.java` | Scheduled drain of WriteBuffer into ClickHouse | VERIFIED | 160 lines; `@Scheduled(fixedDelayString="${ingestion.flush-interval-ms:1000}")`; implements `SmartLifecycle` for shutdown drain |
+| `cameleer-server-core/src/main/java/com/cameleer/server/core/ingestion/IngestionService.java` | Routes data to appropriate WriteBuffer instances | VERIFIED | 115 lines; plain class; `acceptExecution`, `acceptExecutions`, `acceptDiagram`, `acceptDiagrams`, `acceptMetrics`; delegates to typed `WriteBuffer` instances |

 #### Plan 01-03 Artifacts

 | Artifact | Expected | Status | Details |
 |---|---|---|---|
-| `cameleer3-server-app/src/main/java/com/cameleer3/server/app/interceptor/ProtocolVersionInterceptor.java` | Validates X-Cameleer-Protocol-Version:1 header on data endpoints | VERIFIED | 47 lines; implements `HandlerInterceptor.preHandle`; returns 400 JSON on missing/wrong version |
-| `cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/WebConfig.java` | Registers interceptor with path patterns | VERIFIED | 35 lines; `addInterceptors` registers interceptor on `/api/v1/data/**` and `/api/v1/agents/**`; excludes health, api-docs, swagger-ui |
-| `cameleer3-server-app/src/test/java/com/cameleer3/server/app/AbstractClickHouseIT.java` | Shared Testcontainers base class for integration tests | VERIFIED | 73 lines; static `ClickHouseContainer`; `@DynamicPropertySource`; `@BeforeAll` schema init from SQL file; `JdbcTemplate` exposed to subclasses |
+| `cameleer-server-app/src/main/java/com/cameleer/server/app/interceptor/ProtocolVersionInterceptor.java` | Validates X-Cameleer-Protocol-Version:1 header on data endpoints | VERIFIED | 47 lines; implements `HandlerInterceptor.preHandle`; returns 400 JSON on missing/wrong version |
+| `cameleer-server-app/src/main/java/com/cameleer/server/app/config/WebConfig.java` | Registers interceptor with path patterns | VERIFIED | 35 lines; `addInterceptors` registers interceptor on `/api/v1/data/**` and `/api/v1/agents/**`; excludes health, api-docs, swagger-ui |
+| `cameleer-server-app/src/test/java/com/cameleer/server/app/AbstractClickHouseIT.java` | Shared Testcontainers base class for integration tests | VERIFIED | 73 lines; static `ClickHouseContainer`; `@DynamicPropertySource`; `@BeforeAll` schema init from SQL file; `JdbcTemplate` exposed to subclasses |

 ---

@@ -113,7 +113,7 @@ No orphaned requirements — all 11 IDs declared in plan frontmatter match the R

 ### Anti-Patterns Found

-No anti-patterns detected. Scanned all source files in `cameleer3-server-app/src/main` and `cameleer3-server-core/src/main` for TODO/FIXME/PLACEHOLDER/stub return patterns. None found.
+No anti-patterns detected. Scanned all source files in `cameleer-server-app/src/main` and `cameleer-server-core/src/main` for TODO/FIXME/PLACEHOLDER/stub return patterns. None found.

 One minor observation (not a blocker):

--- a/.planning/phases/02-transaction-search-diagrams/02-01-PLAN.md
+++ b/.planning/phases/02-transaction-search-diagrams/02-01-PLAN.md
@@ -6,17 +6,17 @@ wave: 1
 depends_on: []
 files_modified:
  - clickhouse/init/02-search-columns.sql
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/SearchRequest.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/SearchResult.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/SearchEngine.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/SearchService.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/ExecutionSummary.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/detail/DetailService.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/detail/ExecutionDetail.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/detail/ProcessorNode.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/ExecutionRepository.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/AbstractClickHouseIT.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/search/SearchRequest.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/search/SearchResult.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/search/SearchEngine.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/search/SearchService.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/search/ExecutionSummary.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/detail/DetailService.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/detail/ExecutionDetail.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/detail/ProcessorNode.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/storage/ExecutionRepository.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/AbstractClickHouseIT.java
 autonomous: true
 requirements:
  - SRCH-01
@@ -38,21 +38,21 @@ must_haves:
    - path: "clickhouse/init/02-search-columns.sql"
      provides: "Schema extension DDL for Phase 2 columns and skip indexes"
      contains: "exchange_bodies"
-    - path: "cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/SearchEngine.java"
+    - path: "cameleer-server-core/src/main/java/com/cameleer/server/core/search/SearchEngine.java"
      provides: "Search backend abstraction interface"
      exports: ["SearchEngine"]
-    - path: "cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/SearchRequest.java"
+    - path: "cameleer-server-core/src/main/java/com/cameleer/server/core/search/SearchRequest.java"
      provides: "Immutable search criteria record"
      exports: ["SearchRequest"]
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java"
      provides: "Extended with new columns in INSERT, plus query methods"
      min_lines: 100
  key_links:
-    - from: "cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/SearchService.java"
+    - from: "cameleer-server-core/src/main/java/com/cameleer/server/core/search/SearchService.java"
      to: "SearchEngine"
      via: "constructor injection"
      pattern: "SearchEngine"
-    - from: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java"
+    - from: "cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java"
      to: "clickhouse/init/02-search-columns.sql"
      via: "INSERT and SELECT SQL matching schema"
      pattern: "exchange_bodies|processor_depths|diagram_content_hash"
@@ -79,22 +79,22 @@ Output: Schema migration SQL, updated ingestion INSERT with new columns, core se
@.planning/phases/02-transaction-search-diagrams/02-RESEARCH.md

@clickhouse/init/01-schema.sql
-@cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/ExecutionRepository.java
-@cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/DiagramRepository.java
-@cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java
-@cameleer3-server-app/src/test/java/com/cameleer3/server/app/AbstractClickHouseIT.java
+@cameleer-server-core/src/main/java/com/cameleer/server/core/storage/ExecutionRepository.java
+@cameleer-server-core/src/main/java/com/cameleer/server/core/storage/DiagramRepository.java
+@cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java
+@cameleer-server-app/src/test/java/com/cameleer/server/app/AbstractClickHouseIT.java

 <interfaces>
 <!-- Existing interfaces the executor needs -->

-From cameleer3-server-core/.../storage/ExecutionRepository.java:
+From cameleer-server-core/.../storage/ExecutionRepository.java:
 ```java
 public interface ExecutionRepository {
    void insertBatch(List<RouteExecution> executions);
 }
 ```

-From cameleer3-server-core/.../storage/DiagramRepository.java:
+From cameleer-server-core/.../storage/DiagramRepository.java:
 ```java
 public interface DiagramRepository {
    void store(RouteGraph graph);
@@ -103,7 +103,7 @@ public interface DiagramRepository {
 }
 ```

-From cameleer3-common (decompiled — key fields):
+From cameleer-common (decompiled — key fields):
 ```java
 // RouteExecution: routeId, status (ExecutionStatus enum: COMPLETED/FAILED/RUNNING),
 //   startTime (Instant), endTime (Instant), durationMs (long), correlationId, exchangeId,
@@ -145,15 +145,15 @@ Existing ClickHouse schema (01-schema.sql):
  <name>Task 1: Schema extension and core domain types</name>
  <files>
    clickhouse/init/02-search-columns.sql,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/SearchRequest.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/SearchResult.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/SearchEngine.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/SearchService.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/ExecutionSummary.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/detail/DetailService.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/detail/ExecutionDetail.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/detail/ProcessorNode.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/ExecutionRepository.java
+    cameleer-server-core/src/main/java/com/cameleer/server/core/search/SearchRequest.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/search/SearchResult.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/search/SearchEngine.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/search/SearchService.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/search/ExecutionSummary.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/detail/DetailService.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/detail/ExecutionDetail.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/detail/ProcessorNode.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/storage/ExecutionRepository.java
  </files>
  <action>
    1. Create `clickhouse/init/02-search-columns.sql` with ALTER TABLE statements to add Phase 2 columns to route_executions:
@@ -172,14 +172,14 @@ Existing ClickHouse schema (01-schema.sql):
       - Add tokenbf_v1 skip indexes on exchange_bodies and exchange_headers (GRANULARITY 4, same as idx_error)
       - Add tokenbf_v1 skip index on error_stacktrace (it has no index yet, needed for SRCH-05 full-text search across stack traces)

-    2. Create core search domain types in `com.cameleer3.server.core.search`:
+    2. Create core search domain types in `com.cameleer.server.core.search`:
       - `SearchRequest` record: status (String, nullable), timeFrom (Instant), timeTo (Instant), durationMin (Long), durationMax (Long), correlationId (String), text (String — global full-text), textInBody (String), textInHeaders (String), textInErrors (String), offset (int), limit (int). Compact constructor validates: limit defaults to 50 if <= 0, capped at 500; offset defaults to 0 if < 0.
       - `SearchResult<T>` record: data (List<T>), total (long), offset (int), limit (int). Include static factory `empty(int offset, int limit)`.
       - `ExecutionSummary` record: executionId (String), routeId (String), agentId (String), status (String), startTime (Instant), endTime (Instant), durationMs (long), correlationId (String), errorMessage (String), diagramContentHash (String). This is the lightweight list-view DTO — NOT the full processor arrays.
       - `SearchEngine` interface with methods: `SearchResult<ExecutionSummary> search(SearchRequest request)` and `long count(SearchRequest request)`. This is the swappable backend (ClickHouse now, OpenSearch later per user decision).
       - `SearchService` class: plain class (no Spring annotations, same pattern as IngestionService). Constructor takes SearchEngine. `search(SearchRequest)` delegates to engine.search(). This thin orchestration layer allows adding cross-cutting concerns later.

-    3. Create core detail domain types in `com.cameleer3.server.core.detail`:
+    3. Create core detail domain types in `com.cameleer.server.core.detail`:
       - `ProcessorNode` record: processorId (String), processorType (String), status (String), startTime (Instant), endTime (Instant), durationMs (long), diagramNodeId (String), errorMessage (String), errorStackTrace (String), children (List<ProcessorNode>). This is the nested tree node.
       - `ExecutionDetail` record: executionId (String), routeId (String), agentId (String), status (String), startTime (Instant), endTime (Instant), durationMs (long), correlationId (String), exchangeId (String), errorMessage (String), errorStackTrace (String), diagramContentHash (String), processors (List<ProcessorNode>). This is the full detail response.
       - `DetailService` class: plain class (no Spring annotations). Constructor takes ExecutionRepository. Method `getDetail(String executionId)` returns `Optional<ExecutionDetail>`. Calls repository's new `findDetailById` method, then calls `reconstructTree()` to convert flat arrays into nested ProcessorNode tree. The `reconstructTree` method: takes parallel arrays (ids, types, statuses, starts, ends, durations, diagramNodeIds, errorMessages, errorStackTraces, depths, parentIndexes), creates ProcessorNode[] array, then wires children using parentIndexes (parentIndex == -1 means root).
@@ -190,7 +190,7 @@ Existing ClickHouse schema (01-schema.sql):
       Actually, use a different approach per the layering: add a `findRawById(String executionId)` method that returns `Optional<RawExecutionRow>` — a new record containing all parallel arrays. DetailService takes this and reconstructs. Create `RawExecutionRow` as a record in the detail package with all fields needed for reconstruction.
  </action>
  <verify>
-    <automated>cd C:/Users/Hendrik/Documents/projects/cameleer3-server && mvn compile -pl cameleer3-server-core</automated>
+    <automated>cd C:/Users/Hendrik/Documents/projects/cameleer-server && mvn compile -pl cameleer-server-core</automated>
  </verify>
  <done>Schema migration SQL exists, all core domain types compile, SearchEngine interface and SearchService defined, ExecutionRepository extended with query method, DetailService has tree reconstruction logic</done>
 </task>
@@ -198,9 +198,9 @@ Existing ClickHouse schema (01-schema.sql):
 <task type="auto" tdd="true">
  <name>Task 2: Update ingestion to populate new columns and verify with integration test</name>
  <files>
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/AbstractClickHouseIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/storage/IngestionSchemaIT.java
+    cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/AbstractClickHouseIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/storage/IngestionSchemaIT.java
  </files>
  <behavior>
    - Test: After inserting a RouteExecution with processors that have exchange snapshots and nested children, the route_executions row has non-empty exchange_bodies, exchange_headers, processor_depths (correct depth values), processor_parent_indexes (correct parent wiring), processor_input_bodies, processor_output_bodies, processor_input_headers, processor_output_headers, processor_diagram_node_ids, and diagram_content_hash columns
@@ -231,7 +231,7 @@ Existing ClickHouse schema (01-schema.sql):
       - Verifies a second insertion with null snapshots succeeds with empty defaults
  </action>
  <verify>
-    <automated>cd C:/Users/Hendrik/Documents/projects/cameleer3-server && mvn test -pl cameleer3-server-app -Dtest=IngestionSchemaIT</automated>
+    <automated>cd C:/Users/Hendrik/Documents/projects/cameleer-server && mvn test -pl cameleer-server-app -Dtest=IngestionSchemaIT</automated>
  </verify>
  <done>All new columns populated correctly during ingestion, tree metadata (depth/parent) correct for nested processors, exchange data concatenated for search, existing ingestion tests still pass</done>
 </task>
@@ -239,9 +239,9 @@ Existing ClickHouse schema (01-schema.sql):
 </tasks>

 <verification>
- `mvn compile -pl cameleer3-server-core` succeeds (core domain types compile)
- `mvn test -pl cameleer3-server-app -Dtest=IngestionSchemaIT` passes (new columns populated correctly)
- `mvn test -pl cameleer3-server-app` passes (all existing tests still green with schema extension)
+- `mvn compile -pl cameleer-server-core` succeeds (core domain types compile)
+- `mvn test -pl cameleer-server-app -Dtest=IngestionSchemaIT` passes (new columns populated correctly)
+- `mvn test -pl cameleer-server-app` passes (all existing tests still green with schema extension)
 </verification>

 <success_criteria>
--- a/.planning/phases/02-transaction-search-diagrams/02-01-SUMMARY.md
+++ b/.planning/phases/02-transaction-search-diagrams/02-01-SUMMARY.md
@@ -22,22 +22,22 @@ tech-stack:
 key-files:
  created:
    - clickhouse/init/02-search-columns.sql
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/SearchRequest.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/SearchResult.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/ExecutionSummary.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/SearchEngine.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/search/SearchService.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/detail/DetailService.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/detail/ExecutionDetail.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/detail/ProcessorNode.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/detail/RawExecutionRow.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/diagram/DiagramRenderer.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/diagram/DiagramLayout.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/storage/IngestionSchemaIT.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/search/SearchRequest.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/search/SearchResult.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/search/ExecutionSummary.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/search/SearchEngine.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/search/SearchService.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/detail/DetailService.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/detail/ExecutionDetail.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/detail/ProcessorNode.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/detail/RawExecutionRow.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/diagram/DiagramRenderer.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/diagram/DiagramLayout.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/storage/IngestionSchemaIT.java
  modified:
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/ExecutionRepository.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/AbstractClickHouseIT.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/storage/ExecutionRepository.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/AbstractClickHouseIT.java

 key-decisions:
  - "FlatProcessor record captures depth and parentIndex during DFS traversal"
@@ -86,21 +86,21 @@ Each task was committed atomically:

 ## Files Created/Modified
 - `clickhouse/init/02-search-columns.sql` - ALTER TABLE adding 12 columns + 3 skip indexes
- `cameleer3-server-core/.../search/SearchRequest.java` - Immutable search criteria record with validation
- `cameleer3-server-core/.../search/SearchResult.java` - Paginated result envelope
- `cameleer3-server-core/.../search/ExecutionSummary.java` - Lightweight list-view DTO
- `cameleer3-server-core/.../search/SearchEngine.java` - Swappable search backend interface
- `cameleer3-server-core/.../search/SearchService.java` - Search orchestration layer
- `cameleer3-server-core/.../detail/DetailService.java` - Tree reconstruction from flat arrays
- `cameleer3-server-core/.../detail/ExecutionDetail.java` - Full execution detail record
- `cameleer3-server-core/.../detail/ProcessorNode.java` - Nested tree node (mutable children)
- `cameleer3-server-core/.../detail/RawExecutionRow.java` - DB-to-domain intermediate record
- `cameleer3-server-core/.../diagram/DiagramRenderer.java` - Diagram rendering interface (stub)
- `cameleer3-server-core/.../diagram/DiagramLayout.java` - JSON layout record (stub)
- `cameleer3-server-core/.../storage/ExecutionRepository.java` - Extended with findRawById
- `cameleer3-server-app/.../storage/ClickHouseExecutionRepository.java` - INSERT extended with 12 new columns
- `cameleer3-server-app/src/test/.../AbstractClickHouseIT.java` - Loads 02-search-columns.sql
- `cameleer3-server-app/src/test/.../storage/IngestionSchemaIT.java` - 3 integration tests
+- `cameleer-server-core/.../search/SearchRequest.java` - Immutable search criteria record with validation
+- `cameleer-server-core/.../search/SearchResult.java` - Paginated result envelope
+- `cameleer-server-core/.../search/ExecutionSummary.java` - Lightweight list-view DTO
+- `cameleer-server-core/.../search/SearchEngine.java` - Swappable search backend interface
+- `cameleer-server-core/.../search/SearchService.java` - Search orchestration layer
+- `cameleer-server-core/.../detail/DetailService.java` - Tree reconstruction from flat arrays
+- `cameleer-server-core/.../detail/ExecutionDetail.java` - Full execution detail record
+- `cameleer-server-core/.../detail/ProcessorNode.java` - Nested tree node (mutable children)
+- `cameleer-server-core/.../detail/RawExecutionRow.java` - DB-to-domain intermediate record
+- `cameleer-server-core/.../diagram/DiagramRenderer.java` - Diagram rendering interface (stub)
+- `cameleer-server-core/.../diagram/DiagramLayout.java` - JSON layout record (stub)
+- `cameleer-server-core/.../storage/ExecutionRepository.java` - Extended with findRawById
+- `cameleer-server-app/.../storage/ClickHouseExecutionRepository.java` - INSERT extended with 12 new columns
+- `cameleer-server-app/src/test/.../AbstractClickHouseIT.java` - Loads 02-search-columns.sql
+- `cameleer-server-app/src/test/.../storage/IngestionSchemaIT.java` - 3 integration tests

 ## Decisions Made
 - Used FlatProcessor record to carry depth and parentIndex alongside the ProcessorExecution during DFS flattening -- single pass, no separate traversal
@@ -116,9 +116,9 @@ Each task was committed atomically:
 **1. [Rule 3 - Blocking] Created DiagramRenderer and DiagramLayout stub interfaces**
 - **Found during:** Task 2 (compilation step)
 - **Issue:** Pre-existing `ElkDiagramRenderer` in app module referenced `DiagramRenderer` and `DiagramLayout` interfaces that did not exist in core module, causing compilation failure
- **Fix:** Created minimal stub interfaces in `com.cameleer3.server.core.diagram` package
+- **Fix:** Created minimal stub interfaces in `com.cameleer.server.core.diagram` package
 - **Files created:** DiagramRenderer.java, DiagramLayout.java
- **Verification:** `mvn compile -pl cameleer3-server-core` and `mvn compile -pl cameleer3-server-app` succeed
+- **Verification:** `mvn compile -pl cameleer-server-core` and `mvn compile -pl cameleer-server-app` succeed
 - **Committed in:** f6ff279 (Task 2 GREEN commit)

 **2. [Rule 1 - Bug] Fixed ClickHouse Array type handling in IngestionSchemaIT**
--- a/.planning/phases/02-transaction-search-diagrams/02-02-PLAN.md
+++ b/.planning/phases/02-transaction-search-diagrams/02-02-PLAN.md
@@ -5,16 +5,16 @@ type: execute
 wave: 1
 depends_on: []
 files_modified:
-  - cameleer3-server-app/pom.xml
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/diagram/DiagramRenderer.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/diagram/DiagramLayout.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/diagram/PositionedNode.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/diagram/PositionedEdge.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/diagram/ElkDiagramRenderer.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/DiagramRenderController.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/DiagramBeanConfig.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/DiagramRenderControllerIT.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/diagram/ElkDiagramRendererTest.java
+  - cameleer-server-app/pom.xml
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/diagram/DiagramRenderer.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/diagram/DiagramLayout.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/diagram/PositionedNode.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/diagram/PositionedEdge.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/diagram/ElkDiagramRenderer.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/DiagramRenderController.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/config/DiagramBeanConfig.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/DiagramRenderControllerIT.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/diagram/ElkDiagramRendererTest.java
 autonomous: true
 requirements:
  - DIAG-03
@@ -27,13 +27,13 @@ must_haves:
    - "Node colors match the route-diagram-example.html style: blue endpoints, green processors, red error handlers, purple EIPs"
    - "Nested processors (inside split, choice, try-catch) are rendered in compound/swimlane groups"
  artifacts:
-    - path: "cameleer3-server-core/src/main/java/com/cameleer3/server/core/diagram/DiagramRenderer.java"
+    - path: "cameleer-server-core/src/main/java/com/cameleer/server/core/diagram/DiagramRenderer.java"
      provides: "Renderer interface for SVG and JSON layout output"
      exports: ["DiagramRenderer"]
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/diagram/ElkDiagramRenderer.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/diagram/ElkDiagramRenderer.java"
      provides: "ELK + JFreeSVG implementation of DiagramRenderer"
      min_lines: 100
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/DiagramRenderController.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/controller/DiagramRenderController.java"
      provides: "GET /api/v1/diagrams/{hash} with content negotiation"
      exports: ["DiagramRenderController"]
  key_links:
@@ -70,14 +70,14 @@ Output: DiagramRenderer interface in core, ElkDiagramRenderer implementation in
@.planning/phases/02-transaction-search-diagrams/02-CONTEXT.md
@.planning/phases/02-transaction-search-diagrams/02-RESEARCH.md

-@cameleer3-server-core/src/main/java/com/cameleer3/server/core/storage/DiagramRepository.java
-@cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseDiagramRepository.java
-@cameleer3-server-app/pom.xml
+@cameleer-server-core/src/main/java/com/cameleer/server/core/storage/DiagramRepository.java
+@cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseDiagramRepository.java
+@cameleer-server-app/pom.xml

 <interfaces>
 <!-- Existing interfaces needed -->

-From cameleer3-server-core/.../storage/DiagramRepository.java:
+From cameleer-server-core/.../storage/DiagramRepository.java:
 ```java
 public interface DiagramRepository {
    void store(RouteGraph graph);
@@ -86,7 +86,7 @@ public interface DiagramRepository {
 }
 ```

-From cameleer3-common (decompiled — diagram models):
+From cameleer-common (decompiled — diagram models):
 ```java
 // RouteGraph: routeId (String), nodes (List<RouteNode>), edges (List<RouteEdge>),
 //   processorNodeMapping (Map<String,String>)
@@ -114,14 +114,14 @@ NodeType color mapping (from CONTEXT.md, matching route-diagram-example.html):
 <task type="auto">
  <name>Task 1: Add ELK/JFreeSVG dependencies and create core diagram rendering interfaces</name>
  <files>
-    cameleer3-server-app/pom.xml,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/diagram/DiagramRenderer.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/diagram/DiagramLayout.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/diagram/PositionedNode.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/diagram/PositionedEdge.java
+    cameleer-server-app/pom.xml,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/diagram/DiagramRenderer.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/diagram/DiagramLayout.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/diagram/PositionedNode.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/diagram/PositionedEdge.java
  </files>
  <action>
-    1. Add Maven dependencies to `cameleer3-server-app/pom.xml`:
+    1. Add Maven dependencies to `cameleer-server-app/pom.xml`:
       ```xml
       <dependency>
           <groupId>org.eclipse.elk</groupId>
@@ -140,7 +140,7 @@ NodeType color mapping (from CONTEXT.md, matching route-diagram-example.html):
       </dependency>
       ```

-    2. Create core diagram rendering interfaces in `com.cameleer3.server.core.diagram`:
+    2. Create core diagram rendering interfaces in `com.cameleer.server.core.diagram`:

       - `PositionedNode` record: id (String), label (String), type (String — NodeType name), x (double), y (double), width (double), height (double), children (List<PositionedNode> — for compound/swimlane groups). JSON-serializable for the JSON layout response.

@@ -154,7 +154,7 @@ NodeType color mapping (from CONTEXT.md, matching route-diagram-example.html):
         Both methods take a RouteGraph and produce output. The interface lives in core so it can be swapped (e.g., for a different renderer).
  </action>
  <verify>
-    <automated>cd C:/Users/Hendrik/Documents/projects/cameleer3-server && mvn compile -pl cameleer3-server-core && mvn dependency:resolve -pl cameleer3-server-app -q</automated>
+    <automated>cd C:/Users/Hendrik/Documents/projects/cameleer-server && mvn compile -pl cameleer-server-core && mvn dependency:resolve -pl cameleer-server-app -q</automated>
  </verify>
  <done>ELK and JFreeSVG dependencies resolve, DiagramRenderer interface and layout DTOs compile in core module</done>
 </task>
@@ -162,11 +162,11 @@ NodeType color mapping (from CONTEXT.md, matching route-diagram-example.html):
 <task type="auto" tdd="true">
  <name>Task 2: Implement ElkDiagramRenderer, DiagramRenderController, and integration tests</name>
  <files>
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/diagram/ElkDiagramRenderer.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/DiagramRenderController.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/DiagramBeanConfig.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/diagram/ElkDiagramRendererTest.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/DiagramRenderControllerIT.java
+    cameleer-server-app/src/main/java/com/cameleer/server/app/diagram/ElkDiagramRenderer.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/controller/DiagramRenderController.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/config/DiagramBeanConfig.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/diagram/ElkDiagramRendererTest.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/DiagramRenderControllerIT.java
  </files>
  <behavior>
    - Unit test: ElkDiagramRenderer.renderSvg with a simple 3-node graph (from->process->to) produces valid SVG containing svg element, rect elements for nodes, line/path elements for edges
@@ -179,7 +179,7 @@ NodeType color mapping (from CONTEXT.md, matching route-diagram-example.html):
    - Integration test: GET /api/v1/diagrams/{hash} with no Accept preference defaults to SVG
  </behavior>
  <action>
-    1. Create `ElkDiagramRenderer` implementing `DiagramRenderer` in `com.cameleer3.server.app.diagram`:
+    1. Create `ElkDiagramRenderer` implementing `DiagramRenderer` in `com.cameleer.server.app.diagram`:

       **Layout phase (shared by both SVG and JSON):**
       - Convert RouteGraph to ELK graph: create ElkNode root, set properties for LayeredOptions.ALGORITHM_ID, Direction.DOWN (top-to-bottom per user decision), spacing 40px node-node, 20px edge-node.
@@ -206,10 +206,10 @@ NodeType color mapping (from CONTEXT.md, matching route-diagram-example.html):
       **JSON layout (layoutJson):**
       - Run layout phase, return DiagramLayout directly. Jackson will serialize it to JSON.

-    2. Create `DiagramBeanConfig` in `com.cameleer3.server.app.config`:
+    2. Create `DiagramBeanConfig` in `com.cameleer.server.app.config`:
       - @Configuration class that creates DiagramRenderer bean (ElkDiagramRenderer) and SearchService bean wiring (prepare for Plan 03).

-    3. Create `DiagramRenderController` in `com.cameleer3.server.app.controller`:
+    3. Create `DiagramRenderController` in `com.cameleer.server.app.controller`:
       - `GET /api/v1/diagrams/{contentHash}/render` — renders the diagram
       - Inject DiagramRepository and DiagramRenderer.
       - Look up RouteGraph via `diagramRepository.findByContentHash(contentHash)`. If empty, return 404.
@@ -233,7 +233,7 @@ NodeType color mapping (from CONTEXT.md, matching route-diagram-example.html):
       - GET /api/v1/diagrams/{hash}/render with no Accept header -> assert SVG response (default).
  </action>
  <verify>
-    <automated>cd C:/Users/Hendrik/Documents/projects/cameleer3-server && mvn test -pl cameleer3-server-app -Dtest="ElkDiagramRendererTest,DiagramRenderControllerIT"</automated>
+    <automated>cd C:/Users/Hendrik/Documents/projects/cameleer-server && mvn test -pl cameleer-server-app -Dtest="ElkDiagramRendererTest,DiagramRenderControllerIT"</automated>
  </verify>
  <done>Diagram rendering produces color-coded top-to-bottom SVG and JSON layout, content negotiation works via Accept header, compound nodes group nested processors, all tests pass</done>
 </task>
@@ -241,8 +241,8 @@ NodeType color mapping (from CONTEXT.md, matching route-diagram-example.html):
 </tasks>

 <verification>
- `mvn test -pl cameleer3-server-app -Dtest=ElkDiagramRendererTest` passes (unit tests for layout and SVG)
- `mvn test -pl cameleer3-server-app -Dtest=DiagramRenderControllerIT` passes (integration tests for REST endpoint)
+- `mvn test -pl cameleer-server-app -Dtest=ElkDiagramRendererTest` passes (unit tests for layout and SVG)
+- `mvn test -pl cameleer-server-app -Dtest=DiagramRenderControllerIT` passes (integration tests for REST endpoint)
 - `mvn clean verify` passes (all existing tests still green)
 - SVG output contains color-coded nodes matching the NodeType color scheme
 </verification>
--- a/.planning/phases/02-transaction-search-diagrams/02-02-SUMMARY.md
+++ b/.planning/phases/02-transaction-search-diagrams/02-02-SUMMARY.md
@@ -21,17 +21,17 @@ tech-stack:

 key-files:
  created:
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/diagram/DiagramRenderer.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/diagram/DiagramLayout.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/diagram/PositionedNode.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/diagram/PositionedEdge.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/diagram/ElkDiagramRenderer.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/DiagramRenderController.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/DiagramBeanConfig.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/diagram/ElkDiagramRendererTest.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/DiagramRenderControllerIT.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/diagram/DiagramRenderer.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/diagram/DiagramLayout.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/diagram/PositionedNode.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/diagram/PositionedEdge.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/diagram/ElkDiagramRenderer.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/DiagramRenderController.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/config/DiagramBeanConfig.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/diagram/ElkDiagramRendererTest.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/DiagramRenderControllerIT.java
  modified:
-    - cameleer3-server-app/pom.xml
+    - cameleer-server-app/pom.xml

 key-decisions:
  - "Used ELK layered algorithm with top-to-bottom direction for route diagram layout"
@@ -78,16 +78,16 @@ Each task was committed atomically:
 2. **Task 2: Implement ElkDiagramRenderer, DiagramRenderController, and integration tests** - `c1bc32d` (feat, TDD)

 ## Files Created/Modified
- `cameleer3-server-core/.../diagram/DiagramRenderer.java` - Renderer interface with renderSvg and layoutJson
- `cameleer3-server-core/.../diagram/DiagramLayout.java` - Layout record (width, height, nodes, edges)
- `cameleer3-server-core/.../diagram/PositionedNode.java` - Node record with position, dimensions, children
- `cameleer3-server-core/.../diagram/PositionedEdge.java` - Edge record with waypoints
- `cameleer3-server-app/.../diagram/ElkDiagramRenderer.java` - ELK + JFreeSVG implementation (~400 lines)
- `cameleer3-server-app/.../controller/DiagramRenderController.java` - GET /api/v1/diagrams/{hash}/render
- `cameleer3-server-app/.../config/DiagramBeanConfig.java` - Spring bean wiring for DiagramRenderer
- `cameleer3-server-app/pom.xml` - Added ELK, JFreeSVG, xtext dependencies
- `cameleer3-server-app/.../diagram/ElkDiagramRendererTest.java` - 11 unit tests
- `cameleer3-server-app/.../controller/DiagramRenderControllerIT.java` - 4 integration tests
+- `cameleer-server-core/.../diagram/DiagramRenderer.java` - Renderer interface with renderSvg and layoutJson
+- `cameleer-server-core/.../diagram/DiagramLayout.java` - Layout record (width, height, nodes, edges)
+- `cameleer-server-core/.../diagram/PositionedNode.java` - Node record with position, dimensions, children
+- `cameleer-server-core/.../diagram/PositionedEdge.java` - Edge record with waypoints
+- `cameleer-server-app/.../diagram/ElkDiagramRenderer.java` - ELK + JFreeSVG implementation (~400 lines)
+- `cameleer-server-app/.../controller/DiagramRenderController.java` - GET /api/v1/diagrams/{hash}/render
+- `cameleer-server-app/.../config/DiagramBeanConfig.java` - Spring bean wiring for DiagramRenderer
+- `cameleer-server-app/pom.xml` - Added ELK, JFreeSVG, xtext dependencies
+- `cameleer-server-app/.../diagram/ElkDiagramRendererTest.java` - 11 unit tests
+- `cameleer-server-app/.../controller/DiagramRenderControllerIT.java` - 4 integration tests

 ## Decisions Made
 - Used ELK layered algorithm (org.eclipse.elk.alg.layered) -- well-maintained, supports compound nodes natively
@@ -104,7 +104,7 @@ Each task was committed atomically:
 - **Found during:** Task 2 (ElkDiagramRenderer implementation)
 - **Issue:** ELK 0.11.0 LayeredMetaDataProvider references org.eclipse.xtext.xbase.lib.CollectionLiterals at class initialization, causing NoClassDefFoundError
 - **Fix:** Added org.eclipse.xtext:org.eclipse.xtext.xbase.lib:2.37.0 dependency to app pom.xml
- **Files modified:** cameleer3-server-app/pom.xml
+- **Files modified:** cameleer-server-app/pom.xml
 - **Verification:** All unit tests pass after adding dependency
 - **Committed in:** c1bc32d (Task 2 commit)

@@ -119,7 +119,7 @@ Each task was committed atomically:
 **3. [Rule 1 - Bug] Adapted to actual NodeType enum naming (EIP_ prefix)**
 - **Found during:** Task 2 (ElkDiagramRenderer implementation)
 - **Issue:** Plan referenced CHOICE, SPLIT etc. but actual enum values are EIP_CHOICE, EIP_SPLIT etc.
- **Fix:** Used correct enum names from decompiled cameleer3-common jar in all color mapping sets
+- **Fix:** Used correct enum names from decompiled cameleer-common jar in all color mapping sets
 - **Files modified:** ElkDiagramRenderer.java
 - **Verification:** Unit tests verify correct colors for endpoint and processor nodes
 - **Committed in:** c1bc32d (Task 2 commit)
--- a/.planning/phases/02-transaction-search-diagrams/02-03-PLAN.md
+++ b/.planning/phases/02-transaction-search-diagrams/02-03-PLAN.md
@@ -6,14 +6,14 @@ wave: 2
 depends_on:
  - "02-01"
 files_modified:
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/search/ClickHouseSearchEngine.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/SearchController.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/DetailController.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/SearchBeanConfig.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/SearchControllerIT.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/DetailControllerIT.java
-  - cameleer3-server-core/src/test/java/com/cameleer3/server/core/detail/TreeReconstructionTest.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/search/ClickHouseSearchEngine.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/SearchController.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/DetailController.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/config/SearchBeanConfig.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/SearchControllerIT.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/DetailControllerIT.java
+  - cameleer-server-core/src/test/java/com/cameleer/server/core/detail/TreeReconstructionTest.java
 autonomous: true
 requirements:
  - SRCH-01
@@ -35,16 +35,16 @@ must_haves:
    - "Detail response includes diagramContentHash for linking to diagram endpoint"
    - "Search results are paginated with total count, offset, and limit"
  artifacts:
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/search/ClickHouseSearchEngine.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/search/ClickHouseSearchEngine.java"
      provides: "ClickHouse implementation of SearchEngine with dynamic WHERE building"
      min_lines: 80
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/SearchController.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/controller/SearchController.java"
      provides: "GET + POST /api/v1/search/executions endpoints"
      exports: ["SearchController"]
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/DetailController.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/controller/DetailController.java"
      provides: "GET /api/v1/executions/{id} endpoint returning nested tree"
      exports: ["DetailController"]
-    - path: "cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/SearchControllerIT.java"
+    - path: "cameleer-server-app/src/test/java/com/cameleer/server/app/controller/SearchControllerIT.java"
      provides: "Integration tests for all search filter combinations"
      min_lines: 100
  key_links:
@@ -92,13 +92,13 @@ Output: SearchController (GET + POST), DetailController, ClickHouseSearchEngine,

@clickhouse/init/01-schema.sql
@clickhouse/init/02-search-columns.sql
-@cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java
-@cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/ExecutionController.java
+@cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java
+@cameleer-server-app/src/main/java/com/cameleer/server/app/controller/ExecutionController.java

 <interfaces>
 <!-- Core types created by Plan 01 — executor reads these from plan 01 SUMMARY -->

-From cameleer3-server-core/.../search/SearchEngine.java:
+From cameleer-server-core/.../search/SearchEngine.java:
 ```java
 public interface SearchEngine {
    SearchResult<ExecutionSummary> search(SearchRequest request);
@@ -106,7 +106,7 @@ public interface SearchEngine {
 }
 ```

-From cameleer3-server-core/.../search/SearchRequest.java:
+From cameleer-server-core/.../search/SearchRequest.java:
 ```java
 public record SearchRequest(
    String status,          // nullable, filter by ExecutionStatus name
@@ -124,14 +124,14 @@ public record SearchRequest(
 ) { /* compact constructor with validation */ }
 ```

-From cameleer3-server-core/.../search/SearchResult.java:
+From cameleer-server-core/.../search/SearchResult.java:
 ```java
 public record SearchResult<T>(List<T> data, long total, int offset, int limit) {
    public static <T> SearchResult<T> empty(int offset, int limit);
 }
 ```

-From cameleer3-server-core/.../search/ExecutionSummary.java:
+From cameleer-server-core/.../search/ExecutionSummary.java:
 ```java
 public record ExecutionSummary(
    String executionId, String routeId, String agentId, String status,
@@ -140,7 +140,7 @@ public record ExecutionSummary(
 ) {}
 ```

-From cameleer3-server-core/.../detail/DetailService.java:
+From cameleer-server-core/.../detail/DetailService.java:
 ```java
 public class DetailService {
    // Constructor takes ExecutionRepository (or a query interface)
@@ -149,7 +149,7 @@ public class DetailService {
 }
 ```

-From cameleer3-server-core/.../detail/ExecutionDetail.java:
+From cameleer-server-core/.../detail/ExecutionDetail.java:
 ```java
 public record ExecutionDetail(
    String executionId, String routeId, String agentId, String status,
@@ -160,7 +160,7 @@ public record ExecutionDetail(
 ) {}
 ```

-From cameleer3-server-core/.../detail/ProcessorNode.java:
+From cameleer-server-core/.../detail/ProcessorNode.java:
 ```java
 public record ProcessorNode(
    String processorId, String processorType, String status,
@@ -201,10 +201,10 @@ Established controller pattern (from Phase 1):
 <task type="auto" tdd="true">
  <name>Task 1: ClickHouseSearchEngine, SearchController, and search integration tests</name>
  <files>
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/search/ClickHouseSearchEngine.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/SearchController.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/SearchBeanConfig.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/SearchControllerIT.java
+    cameleer-server-app/src/main/java/com/cameleer/server/app/search/ClickHouseSearchEngine.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/controller/SearchController.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/config/SearchBeanConfig.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/SearchControllerIT.java
  </files>
  <behavior>
    - Test searchByStatus: Insert 3 executions (COMPLETED, FAILED, RUNNING). GET /api/v1/search/executions?status=FAILED returns only the FAILED execution. Response has envelope: {"data":[...],"total":1,"offset":0,"limit":50}
@@ -221,7 +221,7 @@ Established controller pattern (from Phase 1):
    - Test emptyResults: Search with no matches returns {"data":[],"total":0,"offset":0,"limit":50}
  </behavior>
  <action>
-    1. Create `ClickHouseSearchEngine` in `com.cameleer3.server.app.search`:
+    1. Create `ClickHouseSearchEngine` in `com.cameleer.server.app.search`:
       - Implements SearchEngine interface from core module.
       - Constructor takes JdbcTemplate.
       - `search(SearchRequest)` method:
@@ -244,13 +244,13 @@ Established controller pattern (from Phase 1):
       - `escapeLike(String)` utility: escape `%`, `_`, `\` characters in user input to prevent LIKE injection. Replace `\` with `\\`, `%` with `\%`, `_` with `\_`.
       - `count(SearchRequest)` method: same WHERE building, just count query.

-    2. Create `SearchBeanConfig` in `com.cameleer3.server.app.config`:
+    2. Create `SearchBeanConfig` in `com.cameleer.server.app.config`:
       - @Configuration class that creates:
         - `ClickHouseSearchEngine` bean (takes JdbcTemplate)
         - `SearchService` bean (takes SearchEngine)
         - `DetailService` bean (takes the execution query interface from Plan 01)

-    3. Create `SearchController` in `com.cameleer3.server.app.controller`:
+    3. Create `SearchController` in `com.cameleer.server.app.controller`:
       - Inject SearchService.
       - `GET /api/v1/search/executions` with @RequestParam for basic filters:
         - status (optional String)
@@ -274,7 +274,7 @@ Established controller pattern (from Phase 1):
       - Assert response structure matches the envelope format.
  </action>
  <verify>
-    <automated>cd C:/Users/Hendrik/Documents/projects/cameleer3-server && mvn test -pl cameleer3-server-app -Dtest=SearchControllerIT</automated>
+    <automated>cd C:/Users/Hendrik/Documents/projects/cameleer-server && mvn test -pl cameleer-server-app -Dtest=SearchControllerIT</automated>
  </verify>
  <done>All search filter types work independently and in combination, response envelope has correct format, pagination works correctly, full-text search finds matches in all text fields, LIKE patterns are properly escaped</done>
 </task>
@@ -282,10 +282,10 @@ Established controller pattern (from Phase 1):
 <task type="auto" tdd="true">
  <name>Task 2: DetailController, tree reconstruction, exchange snapshot endpoint, and integration tests</name>
  <files>
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/DetailController.java,
-    cameleer3-server-core/src/test/java/com/cameleer3/server/core/detail/TreeReconstructionTest.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/DetailControllerIT.java
+    cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/controller/DetailController.java,
+    cameleer-server-core/src/test/java/com/cameleer/server/core/detail/TreeReconstructionTest.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/DetailControllerIT.java
  </files>
  <behavior>
    - Unit test: reconstructTree with [root, child, grandchild], depths=[0,1,2], parents=[-1,0,1] produces single root with one child that has one grandchild
@@ -308,7 +308,7 @@ Established controller pattern (from Phase 1):
       - Add `findRawById(String executionId)` method that queries all columns from route_executions WHERE execution_id = ?. Return Optional<RawExecutionRow> (use the record created in Plan 01 or create it here if needed). The RawExecutionRow should contain ALL columns including the parallel arrays for processors.
       - Add `findProcessorSnapshot(String executionId, int processorIndex)` method: queries processor_input_bodies[index+1], processor_output_bodies[index+1], processor_input_headers[index+1], processor_output_headers[index+1] for the given execution. Returns a DTO with inputBody, outputBody, inputHeaders, outputHeaders. ClickHouse arrays are 1-indexed in SQL, so add 1 to the Java 0-based index.

-    3. Create `DetailController` in `com.cameleer3.server.app.controller`:
+    3. Create `DetailController` in `com.cameleer.server.app.controller`:
       - Inject DetailService.
       - `GET /api/v1/executions/{executionId}`: call detailService.getDetail(executionId). If empty, return 404. Otherwise return 200 with ExecutionDetail JSON. The processors field is a nested tree of ProcessorNode objects.
       - `GET /api/v1/executions/{executionId}/processors/{index}/snapshot`: call repository's findProcessorSnapshot. If execution not found or index out of bounds, return 404. Return JSON with inputBody, outputBody, inputHeaders, outputHeaders. Per user decision: exchange snapshot data fetched separately per processor, not inlined in detail response.
@@ -323,7 +323,7 @@ Established controller pattern (from Phase 1):
       - Test GET /api/v1/executions/{id}/processors/999/snapshot: returns 404 for out-of-bounds index.
  </action>
  <verify>
-    <automated>cd C:/Users/Hendrik/Documents/projects/cameleer3-server && mvn test -pl cameleer3-server-core -Dtest=TreeReconstructionTest && mvn test -pl cameleer3-server-app -Dtest=DetailControllerIT</automated>
+    <automated>cd C:/Users/Hendrik/Documents/projects/cameleer-server && mvn test -pl cameleer-server-core -Dtest=TreeReconstructionTest && mvn test -pl cameleer-server-app -Dtest=DetailControllerIT</automated>
  </verify>
  <done>Tree reconstruction correctly rebuilds nested processor trees from flat arrays, detail endpoint returns nested tree with all fields, snapshot endpoint returns per-processor exchange data, diagram hash included in detail response, all tests pass</done>
 </task>
@@ -331,9 +331,9 @@ Established controller pattern (from Phase 1):
 </tasks>

 <verification>
- `mvn test -pl cameleer3-server-core -Dtest=TreeReconstructionTest` passes (unit test for tree rebuild)
- `mvn test -pl cameleer3-server-app -Dtest=SearchControllerIT` passes (all search filters)
- `mvn test -pl cameleer3-server-app -Dtest=DetailControllerIT` passes (detail + snapshot)
+- `mvn test -pl cameleer-server-core -Dtest=TreeReconstructionTest` passes (unit test for tree rebuild)
+- `mvn test -pl cameleer-server-app -Dtest=SearchControllerIT` passes (all search filters)
+- `mvn test -pl cameleer-server-app -Dtest=DetailControllerIT` passes (detail + snapshot)
 - `mvn clean verify` passes (full suite green)
 </verification>

--- a/.planning/phases/02-transaction-search-diagrams/02-03-SUMMARY.md
+++ b/.planning/phases/02-transaction-search-diagrams/02-03-SUMMARY.md
@@ -21,16 +21,16 @@ tech-stack:

 key-files:
  created:
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/search/ClickHouseSearchEngine.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/SearchController.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/DetailController.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/SearchBeanConfig.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/SearchControllerIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/DetailControllerIT.java
-    - cameleer3-server-core/src/test/java/com/cameleer3/server/core/detail/TreeReconstructionTest.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/search/ClickHouseSearchEngine.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/SearchController.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/DetailController.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/config/SearchBeanConfig.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/SearchControllerIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/DetailControllerIT.java
+    - cameleer-server-core/src/test/java/com/cameleer/server/core/detail/TreeReconstructionTest.java
  modified:
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java
-    - cameleer3-server-core/pom.xml
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java
+    - cameleer-server-core/pom.xml

 key-decisions:
  - "Search tests use correlationId scoping and >= assertions for shared ClickHouse isolation"
@@ -77,15 +77,15 @@ Each task was committed atomically:
 3. **Task 2 fix: Test isolation for shared ClickHouse** - `079dce5` (fix)

 ## Files Created/Modified
- `cameleer3-server-app/.../search/ClickHouseSearchEngine.java` - Dynamic SQL search with LIKE escape, implements SearchEngine
- `cameleer3-server-app/.../controller/SearchController.java` - GET + POST /api/v1/search/executions endpoints
- `cameleer3-server-app/.../controller/DetailController.java` - GET /api/v1/executions/{id} and processor snapshot endpoints
- `cameleer3-server-app/.../config/SearchBeanConfig.java` - Wires SearchEngine, SearchService, DetailService beans
- `cameleer3-server-app/.../storage/ClickHouseExecutionRepository.java` - Added findRawById, findProcessorSnapshot, array extraction helpers
- `cameleer3-server-app/.../controller/SearchControllerIT.java` - 13 integration tests for search
- `cameleer3-server-app/.../controller/DetailControllerIT.java` - 6 integration tests for detail/snapshot
- `cameleer3-server-core/.../detail/TreeReconstructionTest.java` - 5 unit tests for tree reconstruction
- `cameleer3-server-core/pom.xml` - Added assertj and mockito test dependencies
+- `cameleer-server-app/.../search/ClickHouseSearchEngine.java` - Dynamic SQL search with LIKE escape, implements SearchEngine
+- `cameleer-server-app/.../controller/SearchController.java` - GET + POST /api/v1/search/executions endpoints
+- `cameleer-server-app/.../controller/DetailController.java` - GET /api/v1/executions/{id} and processor snapshot endpoints
+- `cameleer-server-app/.../config/SearchBeanConfig.java` - Wires SearchEngine, SearchService, DetailService beans
+- `cameleer-server-app/.../storage/ClickHouseExecutionRepository.java` - Added findRawById, findProcessorSnapshot, array extraction helpers
+- `cameleer-server-app/.../controller/SearchControllerIT.java` - 13 integration tests for search
+- `cameleer-server-app/.../controller/DetailControllerIT.java` - 6 integration tests for detail/snapshot
+- `cameleer-server-core/.../detail/TreeReconstructionTest.java` - 5 unit tests for tree reconstruction
+- `cameleer-server-core/pom.xml` - Added assertj and mockito test dependencies

 ## Decisions Made
 - Search tests use correlationId scoping and >= assertions to remain stable when other test classes seed data in the shared ClickHouse container
@@ -99,8 +99,8 @@ Each task was committed atomically:
 **1. [Rule 3 - Blocking] Added assertj and mockito test dependencies to core module**
 - **Found during:** Task 2 (TreeReconstructionTest compilation)
 - **Issue:** Core module only had JUnit Jupiter as test dependency, TreeReconstructionTest needed assertj for assertions and mockito for mock(ExecutionRepository.class)
- **Fix:** Added assertj-core and mockito-core test-scoped dependencies to cameleer3-server-core/pom.xml
- **Files modified:** cameleer3-server-core/pom.xml
+- **Fix:** Added assertj-core and mockito-core test-scoped dependencies to cameleer-server-core/pom.xml
+- **Files modified:** cameleer-server-core/pom.xml
 - **Committed in:** 0615a98 (Task 2 commit)

 **2. [Rule 1 - Bug] Fixed search tests failing with shared ClickHouse data**
--- a/.planning/phases/02-transaction-search-diagrams/02-04-PLAN.md
+++ b/.planning/phases/02-transaction-search-diagrams/02-04-PLAN.md
@@ -5,9 +5,9 @@ type: execute
 wave: 1
 depends_on: ["02-01", "02-02", "02-03"]
 files_modified:
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java
-  - cameleer3-server-app/pom.xml
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/storage/DiagramLinkingIT.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java
+  - cameleer-server-app/pom.xml
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/storage/DiagramLinkingIT.java
 autonomous: true
 gap_closure: true
 requirements: ["DIAG-02"]
@@ -17,13 +17,13 @@ must_haves:
    - "Each transaction links to the RouteGraph version that was active at execution time"
    - "Full test suite passes with mvn clean verify (no classloader failures)"
  artifacts:
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java"
      provides: "Diagram hash lookup during batch insert"
      contains: "findContentHashForRoute"
-    - path: "cameleer3-server-app/pom.xml"
+    - path: "cameleer-server-app/pom.xml"
      provides: "Surefire fork configuration isolating ELK classloader"
      contains: "reuseForks"
-    - path: "cameleer3-server-app/src/test/java/com/cameleer3/server/app/storage/DiagramLinkingIT.java"
+    - path: "cameleer-server-app/src/test/java/com/cameleer/server/app/storage/DiagramLinkingIT.java"
      provides: "Integration test proving diagram hash is stored during ingestion"
  key_links:
    - from: "ClickHouseExecutionRepository"
@@ -57,18 +57,18 @@ Prior plan summaries (needed — touches same files):
 <interfaces>
 <!-- Key types and contracts the executor needs. -->

-From cameleer3-server-core/.../storage/DiagramRepository.java:
+From cameleer-server-core/.../storage/DiagramRepository.java:
 ```java
 Optional<String> findContentHashForRoute(String routeId, String agentId);
 ```

-From cameleer3-server-app/.../storage/ClickHouseExecutionRepository.java (line 141):
+From cameleer-server-app/.../storage/ClickHouseExecutionRepository.java (line 141):
 ```java
 ps.setString(col++, "");  // diagram_content_hash (wired later)
 ```
 The class is @Repository annotated, constructor takes JdbcTemplate only. It needs DiagramRepository injected to perform the lookup.

-From cameleer3-server-app/.../storage/ClickHouseDiagramRepository.java:
+From cameleer-server-app/.../storage/ClickHouseDiagramRepository.java:
 ```java
@Repository
 public class ClickHouseDiagramRepository implements DiagramRepository {
@@ -83,9 +83,9 @@ public class ClickHouseDiagramRepository implements DiagramRepository {
 <task type="auto" tdd="true">
  <name>Task 1: Populate diagram_content_hash during ingestion and fix Surefire forks</name>
  <files>
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java,
-    cameleer3-server-app/pom.xml,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/storage/DiagramLinkingIT.java
+    cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java,
+    cameleer-server-app/pom.xml,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/storage/DiagramLinkingIT.java
  </files>
  <behavior>
    - Test 1: When a RouteGraph is ingested before a RouteExecution for the same routeId+agentId, the execution's diagram_content_hash column contains the SHA-256 hash of the diagram (not empty string)
@@ -117,7 +117,7 @@ public class ClickHouseDiagramRepository implements DiagramRepository {

    **Gap 2 — Surefire classloader isolation:**

-    5. In `cameleer3-server-app/pom.xml`, add a `<build><plugins>` section (after the existing `spring-boot-maven-plugin`) with `maven-surefire-plugin` configuration:
+    5. In `cameleer-server-app/pom.xml`, add a `<build><plugins>` section (after the existing `spring-boot-maven-plugin`) with `maven-surefire-plugin` configuration:
       ```xml
       <plugin>
           <groupId>org.apache.maven.plugins</groupId>
@@ -131,12 +131,12 @@ public class ClickHouseDiagramRepository implements DiagramRepository {
       This forces Surefire to fork a fresh JVM for each test class, isolating ELK's static initializer (LayeredMetaDataProvider + xtext CollectionLiterals) from Spring Boot's classloader. Trade-off: slightly slower test execution, but correct results.
  </action>
  <verify>
-    <automated>cd C:/Users/Hendrik/Documents/projects/cameleer3-server && mvn clean verify -pl cameleer3-server-app -am 2>&1 | tail -30</automated>
+    <automated>cd C:/Users/Hendrik/Documents/projects/cameleer-server && mvn clean verify -pl cameleer-server-app -am 2>&1 | tail -30</automated>
  </verify>
  <done>
    - diagram_content_hash is populated with the active diagram's SHA-256 hash during ingestion (not empty string)
    - DiagramLinkingIT passes with both positive and negative cases
-    - `mvn clean verify` passes for cameleer3-server-app (no classloader failures from ElkDiagramRendererTest)
+    - `mvn clean verify` passes for cameleer-server-app (no classloader failures from ElkDiagramRendererTest)
  </done>
 </task>

--- a/.planning/phases/02-transaction-search-diagrams/02-04-SUMMARY.md
+++ b/.planning/phases/02-transaction-search-diagrams/02-04-SUMMARY.md
@@ -20,12 +20,12 @@ tech-stack:

 key-files:
  created:
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/storage/DiagramLinkingIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/storage/DiagramLinkingIT.java
  modified:
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java
-    - cameleer3-server-app/pom.xml
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/storage/IngestionSchemaIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/SearchControllerIT.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java
+    - cameleer-server-app/pom.xml
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/storage/IngestionSchemaIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/SearchControllerIT.java

 key-decisions:
  - "DiagramRepository injected via constructor into ClickHouseExecutionRepository for diagram hash lookup during batch insert"
@@ -69,11 +69,11 @@ Each task was committed atomically:
 **Plan metadata:** (pending)

 ## Files Created/Modified
- `cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java` - Added DiagramRepository injection, diagram hash lookup in insertBatch
- `cameleer3-server-app/pom.xml` - Added maven-surefire-plugin and maven-failsafe-plugin with reuseForks=false
- `cameleer3-server-app/src/test/java/com/cameleer3/server/app/storage/DiagramLinkingIT.java` - Integration test for diagram hash linking
- `cameleer3-server-app/src/test/java/com/cameleer3/server/app/storage/IngestionSchemaIT.java` - Added ignoreExceptions + increased timeouts
- `cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/SearchControllerIT.java` - Adjusted pagination assertion count
+- `cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java` - Added DiagramRepository injection, diagram hash lookup in insertBatch
+- `cameleer-server-app/pom.xml` - Added maven-surefire-plugin and maven-failsafe-plugin with reuseForks=false
+- `cameleer-server-app/src/test/java/com/cameleer/server/app/storage/DiagramLinkingIT.java` - Integration test for diagram hash linking
+- `cameleer-server-app/src/test/java/com/cameleer/server/app/storage/IngestionSchemaIT.java` - Added ignoreExceptions + increased timeouts
+- `cameleer-server-app/src/test/java/com/cameleer/server/app/controller/SearchControllerIT.java` - Adjusted pagination assertion count

 ## Decisions Made
 - DiagramRepository injected via constructor into ClickHouseExecutionRepository -- both are @Repository Spring beans, so constructor injection autowires cleanly
--- a/.planning/phases/02-transaction-search-diagrams/02-CONTEXT.md
+++ b/.planning/phases/02-transaction-search-diagrams/02-CONTEXT.md
@@ -44,7 +44,7 @@ Users can find any transaction by status, time, duration, correlation ID, or con
 - No execution overlay in server-rendered SVG — the UI handles overlay with theme support (dark/light)
 - Top-to-bottom node layout flow
 - Nested processors (inside for-each, split, try-catch) rendered in swimlanes to highlight nesting/scope
- Reference: cameleer3 agent repo `examples/route-diagram-example.html` for visual style inspiration (color-coded node types, EIP icons)
+- Reference: cameleer agent repo `examples/route-diagram-example.html` for visual style inspiration (color-coded node types, EIP icons)

 ### Claude's Discretion
 - Pagination implementation details (offset/limit vs cursor)
@@ -58,7 +58,7 @@ Users can find any transaction by status, time, duration, correlation ID, or con
 <specifics>
 ## Specific Ideas

- "We want a cmd+k type of search in the UI" — see `cameleer3/examples/cmd-k-search-example.html` for the target UX. Key features:
+- "We want a cmd+k type of search in the UI" — see `cameleer/examples/cmd-k-search-example.html` for the target UX. Key features:
  - Cross-entity search: single query hits Executions, Routes, Exchanges, Agents with scope tabs and counts
  - Filter chips in the input (e.g., `route:order` prefix filtering)
  - Inline preview pane with JSON syntax highlighting for selected result
--- a/.planning/phases/02-transaction-search-diagrams/02-RESEARCH.md
+++ b/.planning/phases/02-transaction-search-diagrams/02-RESEARCH.md
@@ -112,7 +112,7 @@ The existing Phase 1 code provides a solid foundation: `ClickHouseExecutionRepos

 ### Recommended Project Structure (additions for Phase 2)
 ```
-cameleer3-server-core/src/main/java/com/cameleer3/server/core/
+cameleer-server-core/src/main/java/com/cameleer/server/core/
 ├── search/
 │   ├── SearchService.java              # Orchestrates search, delegates to SearchEngine
 │   ├── SearchEngine.java               # Interface for search backends (ClickHouse now, OpenSearch later)
@@ -127,7 +127,7 @@ cameleer3-server-core/src/main/java/com/cameleer3/server/core/
    ├── ExecutionRepository.java         # Extended with query methods
    └── DiagramRepository.java           # Extended with lookup methods

-cameleer3-server-app/src/main/java/com/cameleer3/server/app/
+cameleer-server-app/src/main/java/com/cameleer/server/app/
 ├── controller/
 │   ├── SearchController.java           # GET + POST /api/v1/search/executions
 │   ├── DetailController.java           # GET /api/v1/executions/{id}
@@ -517,25 +517,25 @@ private void populateExchangeColumns(PreparedStatement ps, List<FlatProcessor> p
 | Property | Value |
 |----------|-------|
 | Framework | JUnit 5 + Spring Boot Test + Testcontainers ClickHouse 25.3 |
-| Config file | cameleer3-server-app/pom.xml (testcontainers dep), AbstractClickHouseIT base class |
-| Quick run command | `mvn test -pl cameleer3-server-app -Dtest=SearchControllerIT -Dfailsafe.skip=true` |
+| Config file | cameleer-server-app/pom.xml (testcontainers dep), AbstractClickHouseIT base class |
+| Quick run command | `mvn test -pl cameleer-server-app -Dtest=SearchControllerIT -Dfailsafe.skip=true` |
 | Full suite command | `mvn clean verify` |

 ### Phase Requirements -> Test Map
 | Req ID | Behavior | Test Type | Automated Command | File Exists? |
 |--------|----------|-----------|-------------------|-------------|
-| SRCH-01 | Filter by status returns matching executions | integration | `mvn test -pl cameleer3-server-app -Dtest=SearchControllerIT#searchByStatus` | No -- Wave 0 |
-| SRCH-02 | Filter by time range returns matching executions | integration | `mvn test -pl cameleer3-server-app -Dtest=SearchControllerIT#searchByTimeRange` | No -- Wave 0 |
-| SRCH-03 | Filter by duration range returns matching | integration | `mvn test -pl cameleer3-server-app -Dtest=SearchControllerIT#searchByDuration` | No -- Wave 0 |
-| SRCH-04 | Filter by correlationId returns correlated | integration | `mvn test -pl cameleer3-server-app -Dtest=SearchControllerIT#searchByCorrelationId` | No -- Wave 0 |
-| SRCH-05 | Full-text search across bodies/headers/errors | integration | `mvn test -pl cameleer3-server-app -Dtest=SearchControllerIT#fullTextSearch` | No -- Wave 0 |
-| SRCH-06 | Detail returns nested processor tree | integration | `mvn test -pl cameleer3-server-app -Dtest=DetailControllerIT#detailReturnsNestedTree` | No -- Wave 0 |
-| DIAG-01 | Content-hash dedup stores identical defs once | integration | `mvn test -pl cameleer3-server-app -Dtest=DiagramControllerIT#contentHashDedup` | Partial (ingestion test exists) |
-| DIAG-02 | Transaction links to active diagram version | integration | `mvn test -pl cameleer3-server-app -Dtest=DetailControllerIT#detailIncludesDiagramHash` | No -- Wave 0 |
-| DIAG-03 | Diagram rendered as SVG or JSON layout | integration | `mvn test -pl cameleer3-server-app -Dtest=DiagramRenderControllerIT#renderSvg` | No -- Wave 0 |
+| SRCH-01 | Filter by status returns matching executions | integration | `mvn test -pl cameleer-server-app -Dtest=SearchControllerIT#searchByStatus` | No -- Wave 0 |
+| SRCH-02 | Filter by time range returns matching executions | integration | `mvn test -pl cameleer-server-app -Dtest=SearchControllerIT#searchByTimeRange` | No -- Wave 0 |
+| SRCH-03 | Filter by duration range returns matching | integration | `mvn test -pl cameleer-server-app -Dtest=SearchControllerIT#searchByDuration` | No -- Wave 0 |
+| SRCH-04 | Filter by correlationId returns correlated | integration | `mvn test -pl cameleer-server-app -Dtest=SearchControllerIT#searchByCorrelationId` | No -- Wave 0 |
+| SRCH-05 | Full-text search across bodies/headers/errors | integration | `mvn test -pl cameleer-server-app -Dtest=SearchControllerIT#fullTextSearch` | No -- Wave 0 |
+| SRCH-06 | Detail returns nested processor tree | integration | `mvn test -pl cameleer-server-app -Dtest=DetailControllerIT#detailReturnsNestedTree` | No -- Wave 0 |
+| DIAG-01 | Content-hash dedup stores identical defs once | integration | `mvn test -pl cameleer-server-app -Dtest=DiagramControllerIT#contentHashDedup` | Partial (ingestion test exists) |
+| DIAG-02 | Transaction links to active diagram version | integration | `mvn test -pl cameleer-server-app -Dtest=DetailControllerIT#detailIncludesDiagramHash` | No -- Wave 0 |
+| DIAG-03 | Diagram rendered as SVG or JSON layout | integration | `mvn test -pl cameleer-server-app -Dtest=DiagramRenderControllerIT#renderSvg` | No -- Wave 0 |

 ### Sampling Rate
- **Per task commit:** `mvn test -pl cameleer3-server-app -Dtest=<relevant>IT`
+- **Per task commit:** `mvn test -pl cameleer-server-app -Dtest=<relevant>IT`
 - **Per wave merge:** `mvn clean verify`
 - **Phase gate:** Full suite green before `/gsd:verify-work`

@@ -551,7 +551,7 @@ private void populateExchangeColumns(PreparedStatement ps, List<FlatProcessor> p

 ### Primary (HIGH confidence)
 - ClickHouse JDBC 0.9.7, ClickHouse 25.3 -- verified from project pom.xml and AbstractClickHouseIT
- cameleer3-common 1.0-SNAPSHOT JAR -- decompiled to verify RouteGraph, RouteNode, RouteEdge, NodeType, ProcessorExecution, ExchangeSnapshot field structures
+- cameleer-common 1.0-SNAPSHOT JAR -- decompiled to verify RouteGraph, RouteNode, RouteEdge, NodeType, ProcessorExecution, ExchangeSnapshot field structures
 - Existing Phase 1 codebase -- ClickHouseExecutionRepository, ClickHouseDiagramRepository, schema, test patterns

 ### Secondary (MEDIUM confidence)
--- a/.planning/phases/02-transaction-search-diagrams/02-VALIDATION.md
+++ b/.planning/phases/02-transaction-search-diagrams/02-VALIDATION.md
@@ -18,8 +18,8 @@ created: 2026-03-11
 | Property | Value |
 |----------|-------|
 | **Framework** | JUnit 5 + Spring Boot Test + Testcontainers ClickHouse 25.3 |
-| **Config file** | cameleer3-server-app/pom.xml (testcontainers dep), AbstractClickHouseIT base class |
-| **Quick run command** | `mvn test -pl cameleer3-server-app -Dtest=SearchControllerIT` |
+| **Config file** | cameleer-server-app/pom.xml (testcontainers dep), AbstractClickHouseIT base class |
+| **Quick run command** | `mvn test -pl cameleer-server-app -Dtest=SearchControllerIT` |
 | **Full suite command** | `mvn clean verify` |
 | **Estimated runtime** | ~45 seconds |

@@ -27,7 +27,7 @@ created: 2026-03-11

 ## Sampling Rate

- **After every task commit:** Run `mvn test -pl cameleer3-server-app -Dtest=<relevant>IT`
+- **After every task commit:** Run `mvn test -pl cameleer-server-app -Dtest=<relevant>IT`
 - **After every plan wave:** Run `mvn clean verify`
 - **Before `/gsd:verify-work`:** Full suite must be green
 - **Max feedback latency:** 45 seconds
@@ -38,15 +38,15 @@ created: 2026-03-11

 | Task ID | Plan | Wave | Requirement | Test Type | Automated Command | File Exists | Status |
 |---------|------|------|-------------|-----------|-------------------|-------------|--------|
-| 02-01-01 | 01 | 1 | SRCH-01 | integration | `mvn test -pl cameleer3-server-app -Dtest=SearchControllerIT#searchByStatus` | ❌ W0 | ⬜ pending |
-| 02-01-02 | 01 | 1 | SRCH-02 | integration | `mvn test -pl cameleer3-server-app -Dtest=SearchControllerIT#searchByTimeRange` | ❌ W0 | ⬜ pending |
-| 02-01-03 | 01 | 1 | SRCH-03 | integration | `mvn test -pl cameleer3-server-app -Dtest=SearchControllerIT#searchByDuration` | ❌ W0 | ⬜ pending |
-| 02-01-04 | 01 | 1 | SRCH-04 | integration | `mvn test -pl cameleer3-server-app -Dtest=SearchControllerIT#searchByCorrelationId` | ❌ W0 | ⬜ pending |
-| 02-01-05 | 01 | 1 | SRCH-05 | integration | `mvn test -pl cameleer3-server-app -Dtest=SearchControllerIT#fullTextSearch` | ❌ W0 | ⬜ pending |
-| 02-01-06 | 01 | 1 | SRCH-06 | integration | `mvn test -pl cameleer3-server-app -Dtest=DetailControllerIT#detailReturnsNestedTree` | ❌ W0 | ⬜ pending |
-| 02-02-01 | 02 | 1 | DIAG-01 | integration | `mvn test -pl cameleer3-server-app -Dtest=DiagramControllerIT#contentHashDedup` | Partial | ⬜ pending |
-| 02-02-02 | 02 | 1 | DIAG-02 | integration | `mvn test -pl cameleer3-server-app -Dtest=DetailControllerIT#detailIncludesDiagramHash` | ❌ W0 | ⬜ pending |
-| 02-02-03 | 02 | 1 | DIAG-03 | integration | `mvn test -pl cameleer3-server-app -Dtest=DiagramRenderControllerIT#renderSvg` | ❌ W0 | ⬜ pending |
+| 02-01-01 | 01 | 1 | SRCH-01 | integration | `mvn test -pl cameleer-server-app -Dtest=SearchControllerIT#searchByStatus` | ❌ W0 | ⬜ pending |
+| 02-01-02 | 01 | 1 | SRCH-02 | integration | `mvn test -pl cameleer-server-app -Dtest=SearchControllerIT#searchByTimeRange` | ❌ W0 | ⬜ pending |
+| 02-01-03 | 01 | 1 | SRCH-03 | integration | `mvn test -pl cameleer-server-app -Dtest=SearchControllerIT#searchByDuration` | ❌ W0 | ⬜ pending |
+| 02-01-04 | 01 | 1 | SRCH-04 | integration | `mvn test -pl cameleer-server-app -Dtest=SearchControllerIT#searchByCorrelationId` | ❌ W0 | ⬜ pending |
+| 02-01-05 | 01 | 1 | SRCH-05 | integration | `mvn test -pl cameleer-server-app -Dtest=SearchControllerIT#fullTextSearch` | ❌ W0 | ⬜ pending |
+| 02-01-06 | 01 | 1 | SRCH-06 | integration | `mvn test -pl cameleer-server-app -Dtest=DetailControllerIT#detailReturnsNestedTree` | ❌ W0 | ⬜ pending |
+| 02-02-01 | 02 | 1 | DIAG-01 | integration | `mvn test -pl cameleer-server-app -Dtest=DiagramControllerIT#contentHashDedup` | Partial | ⬜ pending |
+| 02-02-02 | 02 | 1 | DIAG-02 | integration | `mvn test -pl cameleer-server-app -Dtest=DetailControllerIT#detailIncludesDiagramHash` | ❌ W0 | ⬜ pending |
+| 02-02-03 | 02 | 1 | DIAG-03 | integration | `mvn test -pl cameleer-server-app -Dtest=DiagramRenderControllerIT#renderSvg` | ❌ W0 | ⬜ pending |

 *Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky*

--- a/.planning/phases/02-transaction-search-diagrams/02-VERIFICATION.md
+++ b/.planning/phases/02-transaction-search-diagrams/02-VERIFICATION.md
@@ -50,9 +50,9 @@ human_verification:

 | Artifact | Status | Notes |
 |----------|--------|-------|
-| `cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/ClickHouseExecutionRepository.java` | VERIFIED | DiagramRepository injected via constructor (line 59); `findContentHashForRoute` called in `setValues()` (lines 144–147); former `""` placeholder removed |
-| `cameleer3-server-app/pom.xml` | VERIFIED | `maven-surefire-plugin` with `forkCount=1` `reuseForks=false` at lines 95–100; `maven-failsafe-plugin` same config at lines 103–108 |
-| `cameleer3-server-app/src/test/java/com/cameleer3/server/app/storage/DiagramLinkingIT.java` | VERIFIED | 152 lines; 2 integration tests; positive case asserts 64-char hex hash; negative case asserts empty string; uses `ignoreExceptions()` for ClickHouse eventual consistency |
+| `cameleer-server-app/src/main/java/com/cameleer/server/app/storage/ClickHouseExecutionRepository.java` | VERIFIED | DiagramRepository injected via constructor (line 59); `findContentHashForRoute` called in `setValues()` (lines 144–147); former `""` placeholder removed |
+| `cameleer-server-app/pom.xml` | VERIFIED | `maven-surefire-plugin` with `forkCount=1` `reuseForks=false` at lines 95–100; `maven-failsafe-plugin` same config at lines 103–108 |
+| `cameleer-server-app/src/test/java/com/cameleer/server/app/storage/DiagramLinkingIT.java` | VERIFIED | 152 lines; 2 integration tests; positive case asserts 64-char hex hash; negative case asserts empty string; uses `ignoreExceptions()` for ClickHouse eventual consistency |

 ### Key Link Verification

@@ -62,7 +62,7 @@ human_verification:
 | `SearchController` | `SearchService` | constructor injection, `searchService.search()` | WIRED | Previously verified; no regression |
 | `DetailController` | `DetailService` | constructor injection, `detailService.getDetail()` | WIRED | Previously verified; no regression |
 | `DiagramRenderController` | `DiagramRepository` + `DiagramRenderer` | `findByContentHash()` + `renderSvg()`/`layoutJson()` | WIRED | Previously verified; no regression |
-| `Surefire/Failsafe` | ELK classloader isolation | `reuseForks=false` forces fresh JVM per test class | WIRED | Lines 95–116 in `cameleer3-server-app/pom.xml` |
+| `Surefire/Failsafe` | ELK classloader isolation | `reuseForks=false` forces fresh JVM per test class | WIRED | Lines 95–116 in `cameleer-server-app/pom.xml` |

 ### Requirements Coverage

@@ -108,7 +108,7 @@ Two blockers from the initial verification (2026-03-11T16:00:00Z) have been reso

 **Gap 1 resolved — DIAG-02 diagram hash linking:** `ClickHouseExecutionRepository` now injects `DiagramRepository` via constructor and calls `findContentHashForRoute(exec.getRouteId(), "")` in `insertBatch()`. Both the diagram store path and the execution ingest path use `agent_id=""` consistently, so the lookup is correct. `DiagramLinkingIT` provides integration test coverage for both the positive case (hash populated when diagram exists) and negative case (empty string when no diagram exists for the route).

-**Gap 2 resolved — Test suite stability:** Both `maven-surefire-plugin` and `maven-failsafe-plugin` in `cameleer3-server-app/pom.xml` are now configured with `forkCount=1` `reuseForks=false`. This forces a fresh JVM per test class, isolating ELK's `LayeredMetaDataProvider` static initializer from Spring Boot's classloader. The SUMMARY reports 51 tests, 0 failures. Test count across 16 test files totals 80 `@Test` methods; the difference from 51 reflects how Surefire/Failsafe counts parameterized and nested tests vs. raw annotation count.
+**Gap 2 resolved — Test suite stability:** Both `maven-surefire-plugin` and `maven-failsafe-plugin` in `cameleer-server-app/pom.xml` are now configured with `forkCount=1` `reuseForks=false`. This forces a fresh JVM per test class, isolating ELK's `LayeredMetaDataProvider` static initializer from Spring Boot's classloader. The SUMMARY reports 51 tests, 0 failures. Test count across 16 test files totals 80 `@Test` methods; the difference from 51 reflects how Surefire/Failsafe counts parameterized and nested tests vs. raw annotation count.

 No regressions were introduced. All 10 observable truths and all 9 phase requirements are now satisfied. Two items remain for human visual verification (SVG rendering correctness).

--- a/.planning/phases/03-agent-registry-sse-push/03-01-PLAN.md
+++ b/.planning/phases/03-agent-registry-sse-push/03-01-PLAN.md
@@ -5,21 +5,21 @@ type: execute
 wave: 1
 depends_on: []
 files_modified:
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentInfo.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentState.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentCommand.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/CommandStatus.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/CommandType.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentRegistryService.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentEventListener.java
-  - cameleer3-server-core/src/test/java/com/cameleer3/server/core/agent/AgentRegistryServiceTest.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/AgentRegistryConfig.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/AgentRegistryBeanConfig.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/AgentLifecycleMonitor.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentRegistrationController.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/Cameleer3ServerApplication.java
-  - cameleer3-server-app/src/main/resources/application.yml
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/AgentRegistrationControllerIT.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentInfo.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentState.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentCommand.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/agent/CommandStatus.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/agent/CommandType.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentRegistryService.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentEventListener.java
+  - cameleer-server-core/src/test/java/com/cameleer/server/core/agent/AgentRegistryServiceTest.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/config/AgentRegistryConfig.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/config/AgentRegistryBeanConfig.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/agent/AgentLifecycleMonitor.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentRegistrationController.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/CameleerServerApplication.java
+  - cameleer-server-app/src/main/resources/application.yml
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/AgentRegistrationControllerIT.java
 autonomous: true
 requirements:
  - AGNT-01
@@ -34,13 +34,13 @@ must_haves:
    - "Server transitions agents LIVE->STALE after 90s without heartbeat, STALE->DEAD 5 minutes after staleTransitionTime"
    - "Agent list endpoint GET /api/v1/agents returns all agents, filterable by ?status=LIVE|STALE|DEAD"
  artifacts:
-    - path: "cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentRegistryService.java"
+    - path: "cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentRegistryService.java"
      provides: "Agent registration, heartbeat, lifecycle transitions, find/filter"
-    - path: "cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentInfo.java"
+    - path: "cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentInfo.java"
      provides: "Agent record with id, name, group, version, routeIds, capabilities, state, timestamps"
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentRegistrationController.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentRegistrationController.java"
      provides: "POST /register, POST /{id}/heartbeat, GET /agents endpoints"
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/AgentLifecycleMonitor.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/agent/AgentLifecycleMonitor.java"
      provides: "@Scheduled lifecycle transitions LIVE->STALE->DEAD"
  key_links:
    - from: "AgentRegistrationController"
@@ -76,14 +76,14 @@ Output: Core domain types (AgentInfo, AgentState, AgentCommand, CommandStatus, C
@.planning/phases/03-agent-registry-sse-push/03-CONTEXT.md
@.planning/phases/03-agent-registry-sse-push/03-RESEARCH.md

-@cameleer3-server-core/src/main/java/com/cameleer3/server/core/ingestion/IngestionService.java
-@cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/IngestionBeanConfig.java
-@cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/IngestionConfig.java
-@cameleer3-server-app/src/main/java/com/cameleer3/server/app/ingestion/ClickHouseFlushScheduler.java
-@cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/WebConfig.java
-@cameleer3-server-app/src/main/java/com/cameleer3/server/app/Cameleer3ServerApplication.java
-@cameleer3-server-app/src/main/resources/application.yml
-@cameleer3-server-app/src/test/java/com/cameleer3/server/app/AbstractClickHouseIT.java
+@cameleer-server-core/src/main/java/com/cameleer/server/core/ingestion/IngestionService.java
+@cameleer-server-app/src/main/java/com/cameleer/server/app/config/IngestionBeanConfig.java
+@cameleer-server-app/src/main/java/com/cameleer/server/app/config/IngestionConfig.java
+@cameleer-server-app/src/main/java/com/cameleer/server/app/ingestion/ClickHouseFlushScheduler.java
+@cameleer-server-app/src/main/java/com/cameleer/server/app/config/WebConfig.java
+@cameleer-server-app/src/main/java/com/cameleer/server/app/CameleerServerApplication.java
+@cameleer-server-app/src/main/resources/application.yml
+@cameleer-server-app/src/test/java/com/cameleer/server/app/AbstractClickHouseIT.java

 <interfaces>
 <!-- Established codebase patterns the executor must follow -->
@@ -99,10 +99,10 @@ Pattern: Controller accepts raw String body:

 Pattern: @Scheduled for periodic tasks:
 - ClickHouseFlushScheduler uses @Scheduled(fixedDelayString = "${ingestion.flush-interval-ms:1000}")
- @EnableScheduling already on Cameleer3ServerApplication
+- @EnableScheduling already on CameleerServerApplication

 Pattern: @EnableConfigurationProperties registration:
- Cameleer3ServerApplication has @EnableConfigurationProperties(IngestionConfig.class)
+- CameleerServerApplication has @EnableConfigurationProperties(IngestionConfig.class)
 - New config classes must be added to this annotation

 Pattern: ProtocolVersionInterceptor:
@@ -116,14 +116,14 @@ Pattern: ProtocolVersionInterceptor:
 <task type="auto" tdd="true">
  <name>Task 1: Core domain types and AgentRegistryService with unit tests</name>
  <files>
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentInfo.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentState.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentCommand.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/CommandStatus.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/CommandType.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentRegistryService.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentEventListener.java,
-    cameleer3-server-core/src/test/java/com/cameleer3/server/core/agent/AgentRegistryServiceTest.java
+    cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentInfo.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentState.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentCommand.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/agent/CommandStatus.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/agent/CommandType.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentRegistryService.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentEventListener.java,
+    cameleer-server-core/src/test/java/com/cameleer/server/core/agent/AgentRegistryServiceTest.java
  </files>
  <behavior>
    - register: new agent ID creates AgentInfo with state LIVE, returns AgentInfo
@@ -142,7 +142,7 @@ Pattern: ProtocolVersionInterceptor:
    - findPendingCommands: returns PENDING commands for given agentId
  </behavior>
  <action>
-    Create the agent domain model in the core module (package com.cameleer3.server.core.agent):
+    Create the agent domain model in the core module (package com.cameleer.server.core.agent):

    1. **AgentState enum**: LIVE, STALE, DEAD

@@ -182,7 +182,7 @@ Pattern: ProtocolVersionInterceptor:
    Write tests FIRST (RED), then implement (GREEN). Test class: AgentRegistryServiceTest.
  </action>
  <verify>
-    <automated>mvn test -pl cameleer3-server-core -Dtest=AgentRegistryServiceTest</automated>
+    <automated>mvn test -pl cameleer-server-core -Dtest=AgentRegistryServiceTest</automated>
  </verify>
  <done>All unit tests pass: registration (new + re-register), heartbeat (known + unknown), lifecycle transitions (LIVE->STALE->DEAD, heartbeat revives STALE), findAll/findByState/findById, command add/acknowledge/expire. AgentEventListener interface defined.</done>
 </task>
@@ -190,13 +190,13 @@ Pattern: ProtocolVersionInterceptor:
 <task type="auto">
  <name>Task 2: Registration/heartbeat/list controllers, config, lifecycle monitor, integration tests</name>
  <files>
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/AgentRegistryConfig.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/AgentRegistryBeanConfig.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/AgentLifecycleMonitor.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentRegistrationController.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/Cameleer3ServerApplication.java,
-    cameleer3-server-app/src/main/resources/application.yml,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/AgentRegistrationControllerIT.java
+    cameleer-server-app/src/main/java/com/cameleer/server/app/config/AgentRegistryConfig.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/config/AgentRegistryBeanConfig.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/agent/AgentLifecycleMonitor.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentRegistrationController.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/CameleerServerApplication.java,
+    cameleer-server-app/src/main/resources/application.yml,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/AgentRegistrationControllerIT.java
  </files>
  <action>
    Wire the agent registry into the Spring Boot app and create REST endpoints:
@@ -214,7 +214,7 @@ Pattern: ProtocolVersionInterceptor:
       - @Bean AgentRegistryService: `new AgentRegistryService(config.getStaleThresholdMs(), config.getDeadThresholdMs(), config.getCommandExpiryMs())`
       Follow IngestionBeanConfig pattern.

-    3. **Update Cameleer3ServerApplication**: Add AgentRegistryConfig.class to @EnableConfigurationProperties.
+    3. **Update CameleerServerApplication**: Add AgentRegistryConfig.class to @EnableConfigurationProperties.

    4. **Update application.yml**: Add agent-registry section with all defaults (see RESEARCH.md code example). Also add `spring.mvc.async.request-timeout: -1` for SSE support (Plan 02 needs it, but set it now).

@@ -242,7 +242,7 @@ Pattern: ProtocolVersionInterceptor:
       - Use TestRestTemplate (already available from AbstractClickHouseIT's @SpringBootTest)
  </action>
  <verify>
-    <automated>mvn test -pl cameleer3-server-core,cameleer3-server-app -Dtest="Agent*"</automated>
+    <automated>mvn test -pl cameleer-server-core,cameleer-server-app -Dtest="Agent*"</automated>
  </verify>
  <done>POST /register returns 200 with agentId + sseEndpoint + heartbeatIntervalMs. POST /{id}/heartbeat returns 200 for known agents, 404 for unknown. GET /agents returns all agents with optional ?status= filter. AgentLifecycleMonitor runs on schedule. All integration tests pass. mvn clean verify passes.</done>
 </task>
--- a/.planning/phases/03-agent-registry-sse-push/03-01-SUMMARY.md
+++ b/.planning/phases/03-agent-registry-sse-push/03-01-SUMMARY.md
@@ -27,22 +27,22 @@ tech-stack:

 key-files:
  created:
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentInfo.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentState.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentCommand.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/CommandStatus.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/CommandType.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentRegistryService.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentEventListener.java
-    - cameleer3-server-core/src/test/java/com/cameleer3/server/core/agent/AgentRegistryServiceTest.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/AgentRegistryConfig.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/AgentRegistryBeanConfig.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/AgentLifecycleMonitor.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentRegistrationController.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/AgentRegistrationControllerIT.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentInfo.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentState.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentCommand.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/agent/CommandStatus.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/agent/CommandType.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentRegistryService.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentEventListener.java
+    - cameleer-server-core/src/test/java/com/cameleer/server/core/agent/AgentRegistryServiceTest.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/config/AgentRegistryConfig.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/config/AgentRegistryBeanConfig.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/agent/AgentLifecycleMonitor.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentRegistrationController.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/AgentRegistrationControllerIT.java
  modified:
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/Cameleer3ServerApplication.java
-    - cameleer3-server-app/src/main/resources/application.yml
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/CameleerServerApplication.java
+    - cameleer-server-app/src/main/resources/application.yml

 key-decisions:
  - "AgentInfo as Java record with wither-style methods for immutable ConcurrentHashMap swapping"
@@ -103,7 +103,7 @@ _Note: Task 1 used TDD with separate RED/GREEN commits_
 - `AgentRegistrationController.java` - REST endpoints for agents
 - `AgentRegistryServiceTest.java` - 23 unit tests
 - `AgentRegistrationControllerIT.java` - 7 integration tests
- `Cameleer3ServerApplication.java` - Added AgentRegistryConfig to @EnableConfigurationProperties
+- `CameleerServerApplication.java` - Added AgentRegistryConfig to @EnableConfigurationProperties
 - `application.yml` - Added agent-registry config section and spring.mvc.async.request-timeout

 ## Decisions Made
--- a/.planning/phases/03-agent-registry-sse-push/03-02-PLAN.md
+++ b/.planning/phases/03-agent-registry-sse-push/03-02-PLAN.md
@@ -5,12 +5,12 @@ type: execute
 wave: 2
 depends_on: ["03-01"]
 files_modified:
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/SseConnectionManager.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentSseController.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentCommandController.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/WebConfig.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/AgentSseControllerIT.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/AgentCommandControllerIT.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/agent/SseConnectionManager.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentSseController.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentCommandController.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/config/WebConfig.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/AgentSseControllerIT.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/AgentCommandControllerIT.java
 autonomous: true
 requirements:
  - AGNT-04
@@ -30,11 +30,11 @@ must_haves:
    - "SSE events include event ID for Last-Event-ID reconnection support (no replay of missed events)"
    - "Agent can acknowledge command receipt via POST /api/v1/agents/{id}/commands/{commandId}/ack"
  artifacts:
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/SseConnectionManager.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/agent/SseConnectionManager.java"
      provides: "Per-agent SseEmitter management, event sending, ping keepalive"
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentSseController.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentSseController.java"
      provides: "GET /{id}/events SSE endpoint"
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentCommandController.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentCommandController.java"
      provides: "POST command endpoints (single, group, broadcast) + ack endpoint"
  key_links:
    - from: "AgentCommandController"
@@ -75,49 +75,49 @@ Output: SseConnectionManager, SSE endpoint, command controller (single/group/bro
@.planning/phases/03-agent-registry-sse-push/03-RESEARCH.md
@.planning/phases/03-agent-registry-sse-push/03-01-SUMMARY.md

-@cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/WebConfig.java
-@cameleer3-server-app/src/main/resources/application.yml
-@cameleer3-server-app/src/test/java/com/cameleer3/server/app/AbstractClickHouseIT.java
+@cameleer-server-app/src/main/java/com/cameleer/server/app/config/WebConfig.java
+@cameleer-server-app/src/main/resources/application.yml
+@cameleer-server-app/src/test/java/com/cameleer/server/app/AbstractClickHouseIT.java

 <interfaces>
 <!-- From Plan 01 (must exist before this plan executes) -->

-From cameleer3-server-core/.../agent/AgentInfo.java:
+From cameleer-server-core/.../agent/AgentInfo.java:
 ```java
 // Record or class with fields:
 // id, name, group, version, routeIds, capabilities, state, registeredAt, lastHeartbeat, staleTransitionTime
 // Methods: withState(), withLastHeartbeat(), etc.
 ```

-From cameleer3-server-core/.../agent/AgentState.java:
+From cameleer-server-core/.../agent/AgentState.java:
 ```java
 public enum AgentState { LIVE, STALE, DEAD }
 ```

-From cameleer3-server-core/.../agent/CommandType.java:
+From cameleer-server-core/.../agent/CommandType.java:
 ```java
 public enum CommandType { CONFIG_UPDATE, DEEP_TRACE, REPLAY }
 ```

-From cameleer3-server-core/.../agent/CommandStatus.java:
+From cameleer-server-core/.../agent/CommandStatus.java:
 ```java
 public enum CommandStatus { PENDING, DELIVERED, ACKNOWLEDGED, EXPIRED }
 ```

-From cameleer3-server-core/.../agent/AgentCommand.java:
+From cameleer-server-core/.../agent/AgentCommand.java:
 ```java
 // Record: id (UUID string), type (CommandType), payload (String JSON), targetAgentId, createdAt, status
 // Method: withStatus()
 ```

-From cameleer3-server-core/.../agent/AgentEventListener.java:
+From cameleer-server-core/.../agent/AgentEventListener.java:
 ```java
 public interface AgentEventListener {
    void onCommandReady(String agentId, AgentCommand command);
 }
 ```

-From cameleer3-server-core/.../agent/AgentRegistryService.java:
+From cameleer-server-core/.../agent/AgentRegistryService.java:
 ```java
 // Key methods:
 // register(id, name, group, version, routeIds, capabilities) -> AgentInfo
@@ -131,7 +131,7 @@ From cameleer3-server-core/.../agent/AgentRegistryService.java:
 // setEventListener(listener) -> void
 ```

-From cameleer3-server-app/.../config/AgentRegistryConfig.java:
+From cameleer-server-app/.../config/AgentRegistryConfig.java:
 ```java
 // @ConfigurationProperties(prefix = "agent-registry")
 // getPingIntervalMs(), getCommandExpiryMs(), etc.
@@ -144,11 +144,11 @@ From cameleer3-server-app/.../config/AgentRegistryConfig.java:
 <task type="auto">
  <name>Task 1: SseConnectionManager, SSE controller, and command controller</name>
  <files>
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/SseConnectionManager.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentSseController.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentCommandController.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/AgentRegistryBeanConfig.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/WebConfig.java
+    cameleer-server-app/src/main/java/com/cameleer/server/app/agent/SseConnectionManager.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentSseController.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentCommandController.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/config/AgentRegistryBeanConfig.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/config/WebConfig.java
  </files>
  <action>
    Build the SSE infrastructure and command delivery system:
@@ -181,7 +181,7 @@ From cameleer3-server-app/.../config/AgentRegistryConfig.java:
    5. **Update WebConfig**: The SSE endpoint GET /api/v1/agents/{id}/events is already covered by the interceptor pattern "/api/v1/agents/**". Agents send the protocol version header on all requests (per research recommendation), so no exclusion needed. However, if the SSE GET causes issues because browsers/clients may not easily add custom headers to EventSource, add the SSE events path to excludePathPatterns: `/api/v1/agents/*/events`. This is a practical consideration -- add the exclusion to be safe.
  </action>
  <verify>
-    <automated>mvn compile -pl cameleer3-server-core,cameleer3-server-app</automated>
+    <automated>mvn compile -pl cameleer-server-core,cameleer-server-app</automated>
  </verify>
  <done>SseConnectionManager, AgentSseController, and AgentCommandController compile. SSE endpoint returns SseEmitter. Command endpoints accept type/payload and deliver via SSE. Ping keepalive scheduled. WebConfig updated if needed.</done>
 </task>
@@ -189,8 +189,8 @@ From cameleer3-server-app/.../config/AgentRegistryConfig.java:
 <task type="auto">
  <name>Task 2: Integration tests for SSE, commands, and full flow</name>
  <files>
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/AgentSseControllerIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/AgentCommandControllerIT.java
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/AgentSseControllerIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/AgentCommandControllerIT.java
  </files>
  <action>
    Write integration tests covering SSE connection, command delivery, ping, and acknowledgement:
@@ -224,7 +224,7 @@ From cameleer3-server-app/.../config/AgentRegistryConfig.java:
    **Test configuration**: If ping interval needs to be shorter for tests, add to test application.yml or use @TestPropertySource with agent-registry.ping-interval-ms=1000.
  </action>
  <verify>
-    <automated>mvn test -pl cameleer3-server-core,cameleer3-server-app -Dtest="Agent*"</automated>
+    <automated>mvn test -pl cameleer-server-core,cameleer-server-app -Dtest="Agent*"</automated>
  </verify>
  <done>All SSE integration tests pass: connect/disconnect, config-update/deep-trace/replay delivery via SSE, ping keepalive received, Last-Event-ID accepted, command targeting (single/group/broadcast), command acknowledgement. mvn clean verify passes with all existing tests still green.</done>
 </task>
--- a/.planning/phases/03-agent-registry-sse-push/03-02-SUMMARY.md
+++ b/.planning/phases/03-agent-registry-sse-push/03-02-SUMMARY.md
@@ -24,14 +24,14 @@ tech-stack:

 key-files:
  created:
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/SseConnectionManager.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentSseController.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentCommandController.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/AgentSseControllerIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/AgentCommandControllerIT.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/agent/SseConnectionManager.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentSseController.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentCommandController.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/AgentSseControllerIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/AgentCommandControllerIT.java
  modified:
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/WebConfig.java
-    - cameleer3-server-app/src/test/resources/application-test.yml
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/config/WebConfig.java
+    - cameleer-server-app/src/test/resources/application-test.yml

 key-decisions:
  - "SSE events path excluded from ProtocolVersionInterceptor for EventSource client compatibility"
--- a/.planning/phases/03-agent-registry-sse-push/03-RESEARCH.md
+++ b/.planning/phases/03-agent-registry-sse-push/03-RESEARCH.md
@@ -6,7 +6,7 @@

 ## Summary

-This phase adds agent registration, heartbeat-based lifecycle management (LIVE/STALE/DEAD), and real-time command push via SSE to the Cameleer3 server. The technology stack is straightforward: Spring MVC's `SseEmitter` for server-push, `ConcurrentHashMap` for the in-memory agent registry, and `@Scheduled` for periodic lifecycle checks (same pattern already used by `ClickHouseFlushScheduler`).
+This phase adds agent registration, heartbeat-based lifecycle management (LIVE/STALE/DEAD), and real-time command push via SSE to the Cameleer server. The technology stack is straightforward: Spring MVC's `SseEmitter` for server-push, `ConcurrentHashMap` for the in-memory agent registry, and `@Scheduled` for periodic lifecycle checks (same pattern already used by `ClickHouseFlushScheduler`).

 The main architectural challenge is managing per-agent SSE connections reliably -- handling disconnections, timeouts, and cleanup without leaking threads or emitters. The command delivery model (PENDING with 60s expiry, acknowledgement) adds a second concurrent data structure to manage alongside the registry itself.

@@ -93,7 +93,7 @@ No new dependencies required. Everything is already on the classpath.

 ### Recommended Project Structure
 ```
-cameleer3-server-core/src/main/java/com/cameleer3/server/core/
+cameleer-server-core/src/main/java/com/cameleer/server/core/
 ├── agent/
 │   ├── AgentInfo.java              # Record: id, name, group, version, routeIds, capabilities, state, timestamps
 │   ├── AgentState.java             # Enum: LIVE, STALE, DEAD
@@ -101,7 +101,7 @@ cameleer3-server-core/src/main/java/com/cameleer3/server/core/
 │   ├── AgentCommand.java           # Record: id, type, payload, targetAgentId, createdAt, status
 │   └── CommandStatus.java          # Enum: PENDING, DELIVERED, ACKNOWLEDGED, EXPIRED

-cameleer3-server-app/src/main/java/com/cameleer3/server/app/
+cameleer-server-app/src/main/java/com/cameleer/server/app/
 ├── config/
 │   ├── AgentRegistryConfig.java    # @ConfigurationProperties(prefix = "agent-registry")
 │   └── AgentRegistryBeanConfig.java # @Configuration: wires AgentRegistryService as bean
@@ -452,30 +452,30 @@ spring:
 |----------|-------|
 | Framework | JUnit 5 + Spring Boot Test (via spring-boot-starter-test) |
 | Config file | pom.xml (Surefire + Failsafe configured) |
-| Quick run command | `mvn test -pl cameleer3-server-core -Dtest=AgentRegistryServiceTest` |
+| Quick run command | `mvn test -pl cameleer-server-core -Dtest=AgentRegistryServiceTest` |
 | Full suite command | `mvn clean verify` |

 ### Phase Requirements to Test Map
 | Req ID | Behavior | Test Type | Automated Command | File Exists? |
 |--------|----------|-----------|-------------------|-------------|
-| AGNT-01 | Agent registers and gets response | integration | `mvn test -pl cameleer3-server-app -Dtest=AgentRegistrationControllerIT#registerAgent*` | No - Wave 0 |
-| AGNT-02 | Lifecycle transitions LIVE/STALE/DEAD | unit | `mvn test -pl cameleer3-server-core -Dtest=AgentRegistryServiceTest#lifecycle*` | No - Wave 0 |
-| AGNT-03 | Heartbeat updates timestamp, returns 200/404 | integration | `mvn test -pl cameleer3-server-app -Dtest=AgentRegistrationControllerIT#heartbeat*` | No - Wave 0 |
-| AGNT-04 | Config-update pushed via SSE | integration | `mvn test -pl cameleer3-server-app -Dtest=AgentSseControllerIT#configUpdate*` | No - Wave 0 |
-| AGNT-05 | Deep-trace command pushed via SSE | integration | `mvn test -pl cameleer3-server-app -Dtest=AgentSseControllerIT#deepTrace*` | No - Wave 0 |
-| AGNT-06 | Replay command pushed via SSE | integration | `mvn test -pl cameleer3-server-app -Dtest=AgentSseControllerIT#replay*` | No - Wave 0 |
-| AGNT-07 | SSE ping keepalive + Last-Event-ID | integration | `mvn test -pl cameleer3-server-app -Dtest=AgentSseControllerIT#pingKeepalive*` | No - Wave 0 |
+| AGNT-01 | Agent registers and gets response | integration | `mvn test -pl cameleer-server-app -Dtest=AgentRegistrationControllerIT#registerAgent*` | No - Wave 0 |
+| AGNT-02 | Lifecycle transitions LIVE/STALE/DEAD | unit | `mvn test -pl cameleer-server-core -Dtest=AgentRegistryServiceTest#lifecycle*` | No - Wave 0 |
+| AGNT-03 | Heartbeat updates timestamp, returns 200/404 | integration | `mvn test -pl cameleer-server-app -Dtest=AgentRegistrationControllerIT#heartbeat*` | No - Wave 0 |
+| AGNT-04 | Config-update pushed via SSE | integration | `mvn test -pl cameleer-server-app -Dtest=AgentSseControllerIT#configUpdate*` | No - Wave 0 |
+| AGNT-05 | Deep-trace command pushed via SSE | integration | `mvn test -pl cameleer-server-app -Dtest=AgentSseControllerIT#deepTrace*` | No - Wave 0 |
+| AGNT-06 | Replay command pushed via SSE | integration | `mvn test -pl cameleer-server-app -Dtest=AgentSseControllerIT#replay*` | No - Wave 0 |
+| AGNT-07 | SSE ping keepalive + Last-Event-ID | integration | `mvn test -pl cameleer-server-app -Dtest=AgentSseControllerIT#pingKeepalive*` | No - Wave 0 |

 ### Sampling Rate
- **Per task commit:** `mvn test -pl cameleer3-server-core,cameleer3-server-app -Dtest="Agent*"` (agent-related tests only)
+- **Per task commit:** `mvn test -pl cameleer-server-core,cameleer-server-app -Dtest="Agent*"` (agent-related tests only)
 - **Per wave merge:** `mvn clean verify`
 - **Phase gate:** Full suite green before /gsd:verify-work

 ### Wave 0 Gaps
- [ ] `cameleer3-server-core/.../agent/AgentRegistryServiceTest.java` -- covers AGNT-02, AGNT-03 (unit tests for registry logic)
- [ ] `cameleer3-server-app/.../controller/AgentRegistrationControllerIT.java` -- covers AGNT-01, AGNT-03
- [ ] `cameleer3-server-app/.../controller/AgentSseControllerIT.java` -- covers AGNT-04, AGNT-05, AGNT-06, AGNT-07
- [ ] `cameleer3-server-app/.../controller/AgentCommandControllerIT.java` -- covers command targeting (single, group, all)
+- [ ] `cameleer-server-core/.../agent/AgentRegistryServiceTest.java` -- covers AGNT-02, AGNT-03 (unit tests for registry logic)
+- [ ] `cameleer-server-app/.../controller/AgentRegistrationControllerIT.java` -- covers AGNT-01, AGNT-03
+- [ ] `cameleer-server-app/.../controller/AgentSseControllerIT.java` -- covers AGNT-04, AGNT-05, AGNT-06, AGNT-07
+- [ ] `cameleer-server-app/.../controller/AgentCommandControllerIT.java` -- covers command targeting (single, group, all)
 - [ ] No new framework install needed -- JUnit 5 + Spring Boot Test + Awaitility already in place

 ### SSE Test Strategy
--- a/.planning/phases/03-agent-registry-sse-push/03-VALIDATION.md
+++ b/.planning/phases/03-agent-registry-sse-push/03-VALIDATION.md
@@ -18,8 +18,8 @@ created: 2026-03-11
 | Property | Value |
 |----------|-------|
 | **Framework** | JUnit 5 + Spring Boot Test + Testcontainers ClickHouse 25.3 |
-| **Config file** | cameleer3-server-app/pom.xml (Surefire + Failsafe configured) |
-| **Quick run command** | `mvn test -pl cameleer3-server-core -Dtest=AgentRegistryServiceTest` |
+| **Config file** | cameleer-server-app/pom.xml (Surefire + Failsafe configured) |
+| **Quick run command** | `mvn test -pl cameleer-server-core -Dtest=AgentRegistryServiceTest` |
 | **Full suite command** | `mvn clean verify` |
 | **Estimated runtime** | ~50 seconds |

@@ -27,7 +27,7 @@ created: 2026-03-11

 ## Sampling Rate

- **After every task commit:** Run `mvn test -pl cameleer3-server-core,cameleer3-server-app -Dtest="Agent*"`
+- **After every task commit:** Run `mvn test -pl cameleer-server-core,cameleer-server-app -Dtest="Agent*"`
 - **After every plan wave:** Run `mvn clean verify`
 - **Before `/gsd:verify-work`:** Full suite must be green
 - **Max feedback latency:** 50 seconds
@@ -38,13 +38,13 @@ created: 2026-03-11

 | Task ID | Plan | Wave | Requirement | Test Type | Automated Command | File Exists | Status |
 |---------|------|------|-------------|-----------|-------------------|-------------|--------|
-| 03-01-01 | 01 | 1 | AGNT-01 | integration | `mvn test -pl cameleer3-server-app -Dtest=AgentRegistrationControllerIT#registerAgent*` | ❌ W0 | ⬜ pending |
-| 03-01-02 | 01 | 1 | AGNT-02 | unit | `mvn test -pl cameleer3-server-core -Dtest=AgentRegistryServiceTest#lifecycle*` | ❌ W0 | ⬜ pending |
-| 03-01-03 | 01 | 1 | AGNT-03 | integration | `mvn test -pl cameleer3-server-app -Dtest=AgentRegistrationControllerIT#heartbeat*` | ❌ W0 | ⬜ pending |
-| 03-02-01 | 02 | 1 | AGNT-04 | integration | `mvn test -pl cameleer3-server-app -Dtest=AgentSseControllerIT#configUpdate*` | ❌ W0 | ⬜ pending |
-| 03-02-02 | 02 | 1 | AGNT-05 | integration | `mvn test -pl cameleer3-server-app -Dtest=AgentSseControllerIT#deepTrace*` | ❌ W0 | ⬜ pending |
-| 03-02-03 | 02 | 1 | AGNT-06 | integration | `mvn test -pl cameleer3-server-app -Dtest=AgentSseControllerIT#replay*` | ❌ W0 | ⬜ pending |
-| 03-02-04 | 02 | 1 | AGNT-07 | integration | `mvn test -pl cameleer3-server-app -Dtest=AgentSseControllerIT#pingKeepalive*` | ❌ W0 | ⬜ pending |
+| 03-01-01 | 01 | 1 | AGNT-01 | integration | `mvn test -pl cameleer-server-app -Dtest=AgentRegistrationControllerIT#registerAgent*` | ❌ W0 | ⬜ pending |
+| 03-01-02 | 01 | 1 | AGNT-02 | unit | `mvn test -pl cameleer-server-core -Dtest=AgentRegistryServiceTest#lifecycle*` | ❌ W0 | ⬜ pending |
+| 03-01-03 | 01 | 1 | AGNT-03 | integration | `mvn test -pl cameleer-server-app -Dtest=AgentRegistrationControllerIT#heartbeat*` | ❌ W0 | ⬜ pending |
+| 03-02-01 | 02 | 1 | AGNT-04 | integration | `mvn test -pl cameleer-server-app -Dtest=AgentSseControllerIT#configUpdate*` | ❌ W0 | ⬜ pending |
+| 03-02-02 | 02 | 1 | AGNT-05 | integration | `mvn test -pl cameleer-server-app -Dtest=AgentSseControllerIT#deepTrace*` | ❌ W0 | ⬜ pending |
+| 03-02-03 | 02 | 1 | AGNT-06 | integration | `mvn test -pl cameleer-server-app -Dtest=AgentSseControllerIT#replay*` | ❌ W0 | ⬜ pending |
+| 03-02-04 | 02 | 1 | AGNT-07 | integration | `mvn test -pl cameleer-server-app -Dtest=AgentSseControllerIT#pingKeepalive*` | ❌ W0 | ⬜ pending |

 *Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky*

--- a/.planning/phases/03-agent-registry-sse-push/03-VERIFICATION.md
+++ b/.planning/phases/03-agent-registry-sse-push/03-VERIFICATION.md
@@ -51,18 +51,18 @@ re_verification: false

 | Artifact | Expected | Status | Details |
 |----------|----------|--------|---------|
-| `cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentRegistryService.java` | Registration, heartbeat, lifecycle, find/filter, commands | VERIFIED | 281 lines; full implementation with ConcurrentHashMap, compute-based atomic swaps, eventListener bridge |
-| `cameleer3-server-core/src/main/java/com/cameleer3/server/core/agent/AgentInfo.java` | Immutable record with all fields and wither methods | VERIFIED | 63 lines; record with 10 fields and 5 wither-style methods |
-| `cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentRegistrationController.java` | POST /register, POST /{id}/heartbeat, GET /agents | VERIFIED | 153 lines; all three endpoints implemented with OpenAPI annotations |
-| `cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/AgentLifecycleMonitor.java` | @Scheduled LIVE->STALE->DEAD transitions | VERIFIED | 37 lines; calls `registryService.checkLifecycle()` and `expireOldCommands()` on schedule |
+| `cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentRegistryService.java` | Registration, heartbeat, lifecycle, find/filter, commands | VERIFIED | 281 lines; full implementation with ConcurrentHashMap, compute-based atomic swaps, eventListener bridge |
+| `cameleer-server-core/src/main/java/com/cameleer/server/core/agent/AgentInfo.java` | Immutable record with all fields and wither methods | VERIFIED | 63 lines; record with 10 fields and 5 wither-style methods |
+| `cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentRegistrationController.java` | POST /register, POST /{id}/heartbeat, GET /agents | VERIFIED | 153 lines; all three endpoints implemented with OpenAPI annotations |
+| `cameleer-server-app/src/main/java/com/cameleer/server/app/agent/AgentLifecycleMonitor.java` | @Scheduled LIVE->STALE->DEAD transitions | VERIFIED | 37 lines; calls `registryService.checkLifecycle()` and `expireOldCommands()` on schedule |

 ### Plan 02 Artifacts

 | Artifact | Expected | Status | Details |
 |----------|----------|--------|---------|
-| `cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/SseConnectionManager.java` | Per-agent SseEmitter management, event sending, ping | VERIFIED | 158 lines; implements AgentEventListener, reference-equality removal, @PostConstruct registration |
-| `cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentSseController.java` | GET /{id}/events SSE endpoint | VERIFIED | 67 lines; checks agent exists, delegates to connectionManager.connect() |
-| `cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentCommandController.java` | POST commands (single/group/broadcast) + ack | VERIFIED | 182 lines; all four endpoints implemented |
+| `cameleer-server-app/src/main/java/com/cameleer/server/app/agent/SseConnectionManager.java` | Per-agent SseEmitter management, event sending, ping | VERIFIED | 158 lines; implements AgentEventListener, reference-equality removal, @PostConstruct registration |
+| `cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentSseController.java` | GET /{id}/events SSE endpoint | VERIFIED | 67 lines; checks agent exists, delegates to connectionManager.connect() |
+| `cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentCommandController.java` | POST commands (single/group/broadcast) + ack | VERIFIED | 182 lines; all four endpoints implemented |

 ### Supporting Artifacts (confirmed present)

@@ -77,7 +77,7 @@ re_verification: false
 | `AgentRegistryBeanConfig.java` (@Configuration) | VERIFIED — creates AgentRegistryService with config values |
 | `application.yml` | VERIFIED — agent-registry section present; `spring.mvc.async.request-timeout: -1` present |
 | `application-test.yml` | VERIFIED — `agent-registry.ping-interval-ms: 1000` for fast SSE test assertions |
-| `Cameleer3ServerApplication.java` | VERIFIED — `AgentRegistryConfig.class` added to `@EnableConfigurationProperties` |
+| `CameleerServerApplication.java` | VERIFIED — `AgentRegistryConfig.class` added to `@EnableConfigurationProperties` |

 ---

--- a/.planning/phases/04-security/04-01-PLAN.md
+++ b/.planning/phases/04-security/04-01-PLAN.md
@@ -5,19 +5,19 @@ type: execute
 wave: 1
 depends_on: []
 files_modified:
-  - cameleer3-server-app/pom.xml
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/JwtService.java
-  - cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/Ed25519SigningService.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/JwtServiceImpl.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/Ed25519SigningServiceImpl.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/BootstrapTokenValidator.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityProperties.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityBeanConfig.java
-  - cameleer3-server-app/src/main/resources/application.yml
-  - cameleer3-server-app/src/test/resources/application-test.yml
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/JwtServiceTest.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/Ed25519SigningServiceTest.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/BootstrapTokenValidatorTest.java
+  - cameleer-server-app/pom.xml
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/security/JwtService.java
+  - cameleer-server-core/src/main/java/com/cameleer/server/core/security/Ed25519SigningService.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/security/JwtServiceImpl.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/security/Ed25519SigningServiceImpl.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/security/BootstrapTokenValidator.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/security/SecurityProperties.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/security/SecurityBeanConfig.java
+  - cameleer-server-app/src/main/resources/application.yml
+  - cameleer-server-app/src/test/resources/application-test.yml
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/security/JwtServiceTest.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/security/Ed25519SigningServiceTest.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/security/BootstrapTokenValidatorTest.java
 autonomous: true
 requirements:
  - SECU-03
@@ -31,15 +31,15 @@ must_haves:
    - "BootstrapTokenValidator accepts CAMELEER_AUTH_TOKEN and optionally CAMELEER_AUTH_TOKEN_PREVIOUS using constant-time comparison"
    - "Server fails fast on startup if CAMELEER_AUTH_TOKEN is not set"
  artifacts:
-    - path: "cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/JwtService.java"
+    - path: "cameleer-server-core/src/main/java/com/cameleer/server/core/security/JwtService.java"
      provides: "JWT service interface with createAccessToken, createRefreshToken, validateAndExtractAgentId"
-    - path: "cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/Ed25519SigningService.java"
+    - path: "cameleer-server-core/src/main/java/com/cameleer/server/core/security/Ed25519SigningService.java"
      provides: "Ed25519 signing interface with sign(payload) and getPublicKeyBase64()"
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/JwtServiceImpl.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/security/JwtServiceImpl.java"
      provides: "Nimbus JOSE+JWT HMAC-SHA256 implementation"
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/Ed25519SigningServiceImpl.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/security/Ed25519SigningServiceImpl.java"
      provides: "JDK 17 Ed25519 KeyPairGenerator implementation"
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/BootstrapTokenValidator.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/security/BootstrapTokenValidator.java"
      provides: "Constant-time bootstrap token validation with dual-token rotation"
  key_links:
    - from: "JwtServiceImpl"
@@ -76,10 +76,10 @@ Output: Working JwtService, Ed25519SigningService, BootstrapTokenValidator with
@.planning/phases/04-security/04-RESEARCH.md
@.planning/phases/04-security/04-VALIDATION.md

-@cameleer3-server-app/pom.xml
-@cameleer3-server-app/src/main/resources/application.yml
-@cameleer3-server-app/src/test/resources/application-test.yml
-@cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/AgentRegistryConfig.java
+@cameleer-server-app/pom.xml
+@cameleer-server-app/src/main/resources/application.yml
+@cameleer-server-app/src/test/resources/application-test.yml
+@cameleer-server-app/src/main/java/com/cameleer/server/app/config/AgentRegistryConfig.java

 <interfaces>
 <!-- Existing patterns to follow: core module = interfaces/domain, app module = Spring implementations -->
@@ -106,19 +106,19 @@ public class AgentRegistryConfig { ... }
 <task type="auto" tdd="true">
  <name>Task 1: Core interfaces + app implementations + Maven deps</name>
  <files>
-    cameleer3-server-app/pom.xml,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/JwtService.java,
-    cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/Ed25519SigningService.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/JwtServiceImpl.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/Ed25519SigningServiceImpl.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/BootstrapTokenValidator.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityProperties.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityBeanConfig.java,
-    cameleer3-server-app/src/main/resources/application.yml,
-    cameleer3-server-app/src/test/resources/application-test.yml,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/JwtServiceTest.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/Ed25519SigningServiceTest.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/BootstrapTokenValidatorTest.java
+    cameleer-server-app/pom.xml,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/security/JwtService.java,
+    cameleer-server-core/src/main/java/com/cameleer/server/core/security/Ed25519SigningService.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/security/JwtServiceImpl.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/security/Ed25519SigningServiceImpl.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/security/BootstrapTokenValidator.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/security/SecurityProperties.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/security/SecurityBeanConfig.java,
+    cameleer-server-app/src/main/resources/application.yml,
+    cameleer-server-app/src/test/resources/application-test.yml,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/security/JwtServiceTest.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/security/Ed25519SigningServiceTest.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/security/BootstrapTokenValidatorTest.java
  </files>
  <behavior>
    JwtService tests:
@@ -145,7 +145,7 @@ public class AgentRegistryConfig { ... }
    - Uses constant-time comparison (MessageDigest.isEqual)
  </behavior>
  <action>
-    1. Add Maven dependencies to cameleer3-server-app/pom.xml:
+    1. Add Maven dependencies to cameleer-server-app/pom.xml:
       - `spring-boot-starter-security` (managed version)
       - `com.nimbusds:nimbus-jose-jwt:9.47` (explicit, may not be transitive without OAuth2 resource server)
       - `spring-security-test` scope test (managed version)
@@ -165,12 +165,12 @@ public class AgentRegistryConfig { ... }

    5. Update application-test.yml: Add `security.bootstrap-token: test-bootstrap-token`, `security.bootstrap-token-previous: old-bootstrap-token`. Also set `CAMELEER_AUTH_TOKEN: test-bootstrap-token` as an env override if needed.

-    6. IMPORTANT: Adding spring-boot-starter-security will break ALL existing tests immediately (401 on all endpoints). To prevent this during Plan 01 (before the security filter chain is configured in Plan 02), add a temporary test security config class `src/test/java/com/cameleer3/server/app/security/TestSecurityConfig.java` annotated `@TestConfiguration` that creates a `SecurityFilterChain` permitting all requests. This keeps existing tests green while security services are built. Plan 02 will replace this with real security config and update tests.
+    6. IMPORTANT: Adding spring-boot-starter-security will break ALL existing tests immediately (401 on all endpoints). To prevent this during Plan 01 (before the security filter chain is configured in Plan 02), add a temporary test security config class `src/test/java/com/cameleer/server/app/security/TestSecurityConfig.java` annotated `@TestConfiguration` that creates a `SecurityFilterChain` permitting all requests. This keeps existing tests green while security services are built. Plan 02 will replace this with real security config and update tests.

    7. Write unit tests per the behavior spec above. Tests should NOT require Spring context -- construct implementations directly with test SecurityProperties.
  </action>
  <verify>
-    <automated>cd /c/Users/Hendrik/Documents/projects/cameleer3-server && mvn test -pl cameleer3-server-app -Dtest="JwtServiceTest,Ed25519SigningServiceTest,BootstrapTokenValidatorTest" -Dsurefire.reuseForks=false</automated>
+    <automated>cd /c/Users/Hendrik/Documents/projects/cameleer-server && mvn test -pl cameleer-server-app -Dtest="JwtServiceTest,Ed25519SigningServiceTest,BootstrapTokenValidatorTest" -Dsurefire.reuseForks=false</automated>
  </verify>
  <done>
    - JwtService creates and validates access/refresh JWTs with correct claims and expiry
--- a/.planning/phases/04-security/04-01-SUMMARY.md
+++ b/.planning/phases/04-security/04-01-SUMMARY.md
@@ -25,22 +25,22 @@ tech-stack:

 key-files:
  created:
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/JwtService.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/Ed25519SigningService.java
-    - cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/InvalidTokenException.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/JwtServiceImpl.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/Ed25519SigningServiceImpl.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/BootstrapTokenValidator.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityProperties.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityBeanConfig.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/TestSecurityConfig.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/JwtServiceTest.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/Ed25519SigningServiceTest.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/BootstrapTokenValidatorTest.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/security/JwtService.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/security/Ed25519SigningService.java
+    - cameleer-server-core/src/main/java/com/cameleer/server/core/security/InvalidTokenException.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/security/JwtServiceImpl.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/security/Ed25519SigningServiceImpl.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/security/BootstrapTokenValidator.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/security/SecurityProperties.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/security/SecurityBeanConfig.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/security/TestSecurityConfig.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/security/JwtServiceTest.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/security/Ed25519SigningServiceTest.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/security/BootstrapTokenValidatorTest.java
  modified:
-    - cameleer3-server-app/pom.xml
-    - cameleer3-server-app/src/main/resources/application.yml
-    - cameleer3-server-app/src/test/resources/application-test.yml
+    - cameleer-server-app/pom.xml
+    - cameleer-server-app/src/main/resources/application.yml
+    - cameleer-server-app/src/test/resources/application-test.yml

 key-decisions:
  - "HMAC-SHA256 with ephemeral 256-bit secret for JWT signing (simpler than Ed25519 for tokens, Ed25519 reserved for config signing)"
@@ -91,21 +91,21 @@ _No REFACTOR commit needed -- implementations are clean and minimal._

 ## Files Created/Modified

- `cameleer3-server-core/.../security/JwtService.java` - JWT service interface with create/validate methods
- `cameleer3-server-core/.../security/Ed25519SigningService.java` - Ed25519 signing interface with sign/getPublicKeyBase64
- `cameleer3-server-core/.../security/InvalidTokenException.java` - Runtime exception for invalid/expired/wrong-type tokens
- `cameleer3-server-app/.../security/JwtServiceImpl.java` - Nimbus JOSE+JWT HMAC-SHA256 implementation
- `cameleer3-server-app/.../security/Ed25519SigningServiceImpl.java` - JDK 17 Ed25519 KeyPairGenerator implementation
- `cameleer3-server-app/.../security/BootstrapTokenValidator.java` - Constant-time bootstrap token validation
- `cameleer3-server-app/.../security/SecurityProperties.java` - Config properties for token expiry and bootstrap tokens
- `cameleer3-server-app/.../security/SecurityBeanConfig.java` - Bean wiring with fail-fast startup validation
- `cameleer3-server-app/.../security/TestSecurityConfig.java` - Temporary permit-all for existing test compatibility
- `cameleer3-server-app/pom.xml` - Added nimbus-jose-jwt, spring-boot-starter-security, spring-security-test
- `cameleer3-server-app/.../application.yml` - Security config section with env var mapping
- `cameleer3-server-app/.../application-test.yml` - Test bootstrap token values
- `cameleer3-server-app/.../security/JwtServiceTest.java` - 7 unit tests for JWT creation/validation
- `cameleer3-server-app/.../security/Ed25519SigningServiceTest.java` - 5 unit tests for signing/verification
- `cameleer3-server-app/.../security/BootstrapTokenValidatorTest.java` - 6 unit tests for token matching
+- `cameleer-server-core/.../security/JwtService.java` - JWT service interface with create/validate methods
+- `cameleer-server-core/.../security/Ed25519SigningService.java` - Ed25519 signing interface with sign/getPublicKeyBase64
+- `cameleer-server-core/.../security/InvalidTokenException.java` - Runtime exception for invalid/expired/wrong-type tokens
+- `cameleer-server-app/.../security/JwtServiceImpl.java` - Nimbus JOSE+JWT HMAC-SHA256 implementation
+- `cameleer-server-app/.../security/Ed25519SigningServiceImpl.java` - JDK 17 Ed25519 KeyPairGenerator implementation
+- `cameleer-server-app/.../security/BootstrapTokenValidator.java` - Constant-time bootstrap token validation
+- `cameleer-server-app/.../security/SecurityProperties.java` - Config properties for token expiry and bootstrap tokens
+- `cameleer-server-app/.../security/SecurityBeanConfig.java` - Bean wiring with fail-fast startup validation
+- `cameleer-server-app/.../security/TestSecurityConfig.java` - Temporary permit-all for existing test compatibility
+- `cameleer-server-app/pom.xml` - Added nimbus-jose-jwt, spring-boot-starter-security, spring-security-test
+- `cameleer-server-app/.../application.yml` - Security config section with env var mapping
+- `cameleer-server-app/.../application-test.yml` - Test bootstrap token values
+- `cameleer-server-app/.../security/JwtServiceTest.java` - 7 unit tests for JWT creation/validation
+- `cameleer-server-app/.../security/Ed25519SigningServiceTest.java` - 5 unit tests for signing/verification
+- `cameleer-server-app/.../security/BootstrapTokenValidatorTest.java` - 6 unit tests for token matching

 ## Decisions Made

--- a/.planning/phases/04-security/04-02-PLAN.md
+++ b/.planning/phases/04-security/04-02-PLAN.md
@@ -5,17 +5,17 @@ type: execute
 wave: 2
 depends_on: ["04-01"]
 files_modified:
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/JwtAuthenticationFilter.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityConfig.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentRegistrationController.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentSseController.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/WebConfig.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/SecurityFilterIT.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/JwtRefreshIT.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/RegistrationSecurityIT.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/BootstrapTokenIT.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/TestSecurityHelper.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/TestSecurityConfig.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/security/JwtAuthenticationFilter.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/security/SecurityConfig.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentRegistrationController.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentSseController.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/config/WebConfig.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/security/SecurityFilterIT.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/security/JwtRefreshIT.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/security/RegistrationSecurityIT.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/security/BootstrapTokenIT.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/TestSecurityHelper.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/security/TestSecurityConfig.java
 autonomous: true
 requirements:
  - SECU-01
@@ -30,11 +30,11 @@ must_haves:
    - "SSE endpoint accepts JWT via ?token= query parameter"
    - "Health endpoint and Swagger UI remain publicly accessible"
  artifacts:
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/JwtAuthenticationFilter.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/security/JwtAuthenticationFilter.java"
      provides: "OncePerRequestFilter extracting JWT from header or query param"
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityConfig.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/security/SecurityConfig.java"
      provides: "SecurityFilterChain with permitAll for public paths, authenticated for rest"
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentRegistrationController.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentRegistrationController.java"
      provides: "Updated register endpoint with bootstrap token validation, JWT issuance, public key"
  key_links:
    - from: "JwtAuthenticationFilter"
@@ -76,11 +76,11 @@ Output: Working security filter chain with protected/public endpoints, registrat
@.planning/phases/04-security/04-VALIDATION.md
@.planning/phases/04-security/04-01-SUMMARY.md

-@cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentRegistrationController.java
-@cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentSseController.java
-@cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/WebConfig.java
-@cameleer3-server-app/src/test/java/com/cameleer3/server/app/AbstractClickHouseIT.java
-@cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/AgentRegistrationControllerIT.java
+@cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentRegistrationController.java
+@cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentSseController.java
+@cameleer-server-app/src/main/java/com/cameleer/server/app/config/WebConfig.java
+@cameleer-server-app/src/test/java/com/cameleer/server/app/AbstractClickHouseIT.java
+@cameleer-server-app/src/test/java/com/cameleer/server/app/controller/AgentRegistrationControllerIT.java

 <interfaces>
 <!-- From Plan 01 (will exist after execution): -->
@@ -136,11 +136,11 @@ public class AgentRegistryService {
 <task type="auto">
  <name>Task 1: SecurityFilterChain + JwtAuthenticationFilter + registration/refresh integration</name>
  <files>
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/JwtAuthenticationFilter.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityConfig.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentRegistrationController.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentSseController.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/WebConfig.java
+    cameleer-server-app/src/main/java/com/cameleer/server/app/security/JwtAuthenticationFilter.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/security/SecurityConfig.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentRegistrationController.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentSseController.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/config/WebConfig.java
  </files>
  <action>
    1. Create `JwtAuthenticationFilter extends OncePerRequestFilter` (NOT annotated @Component -- constructed in SecurityConfig to avoid double registration):
@@ -176,7 +176,7 @@ public class AgentRegistryService {
    6. Update `WebConfig` if needed: The `ProtocolVersionInterceptor` excluded paths should align with Spring Security public paths. The SSE events path is already excluded from protocol version check (Phase 3 decision). Verify no conflicts.
  </action>
  <verify>
-    <automated>cd /c/Users/Hendrik/Documents/projects/cameleer3-server && mvn clean compile -pl cameleer3-server-app</automated>
+    <automated>cd /c/Users/Hendrik/Documents/projects/cameleer-server && mvn clean compile -pl cameleer-server-app</automated>
  </verify>
  <done>
    - SecurityConfig creates stateless filter chain with correct public/protected path split
@@ -190,28 +190,28 @@ public class AgentRegistryService {
 <task type="auto">
  <name>Task 2: Security integration tests + existing test adaptation</name>
  <files>
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/TestSecurityHelper.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/TestSecurityConfig.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/SecurityFilterIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/JwtRefreshIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/RegistrationSecurityIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/BootstrapTokenIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/AgentRegistrationControllerIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/ExecutionControllerIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/DiagramControllerIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/MetricsControllerIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/BackpressureIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/DiagramRenderControllerIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/DetailControllerIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/SearchControllerIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/AgentCommandControllerIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/AgentSseControllerIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/storage/DiagramLinkingIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/storage/IngestionSchemaIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/interceptor/ProtocolVersionIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/OpenApiIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/ForwardCompatIT.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/HealthControllerIT.java
+    cameleer-server-app/src/test/java/com/cameleer/server/app/TestSecurityHelper.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/security/TestSecurityConfig.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/security/SecurityFilterIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/security/JwtRefreshIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/security/RegistrationSecurityIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/security/BootstrapTokenIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/AgentRegistrationControllerIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/ExecutionControllerIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/DiagramControllerIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/MetricsControllerIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/BackpressureIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/DiagramRenderControllerIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/DetailControllerIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/SearchControllerIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/AgentCommandControllerIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/AgentSseControllerIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/storage/DiagramLinkingIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/storage/IngestionSchemaIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/interceptor/ProtocolVersionIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/OpenApiIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/ForwardCompatIT.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/controller/HealthControllerIT.java
  </files>
  <action>
    1. Replace the Plan 01 temporary `TestSecurityConfig` (permit-all) with real security active in tests. Remove the permit-all override so tests run with actual security enforcement.
@@ -259,7 +259,7 @@ public class AgentRegistryService {
       - Test: New access token from refresh can access protected endpoints
  </action>
  <verify>
-    <automated>cd /c/Users/Hendrik/Documents/projects/cameleer3-server && mvn clean verify</automated>
+    <automated>cd /c/Users/Hendrik/Documents/projects/cameleer-server && mvn clean verify</automated>
  </verify>
  <done>
    - All 17 existing ITs pass with JWT authentication
--- a/.planning/phases/04-security/04-02-SUMMARY.md
+++ b/.planning/phases/04-security/04-02-SUMMARY.md
@@ -25,31 +25,31 @@ tech-stack:

 key-files:
  created:
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/JwtAuthenticationFilter.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityConfig.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/TestSecurityHelper.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/SecurityFilterIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/BootstrapTokenIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/RegistrationSecurityIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/JwtRefreshIT.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/security/JwtAuthenticationFilter.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/security/SecurityConfig.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/TestSecurityHelper.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/security/SecurityFilterIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/security/BootstrapTokenIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/security/RegistrationSecurityIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/security/JwtRefreshIT.java
  modified:
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentRegistrationController.java
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/config/WebConfig.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/TestSecurityConfig.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/AgentRegistrationControllerIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/ExecutionControllerIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/DiagramControllerIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/MetricsControllerIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/BackpressureIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/DiagramRenderControllerIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/DetailControllerIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/SearchControllerIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/AgentCommandControllerIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/AgentSseControllerIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/storage/DiagramLinkingIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/storage/IngestionSchemaIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/interceptor/ProtocolVersionIT.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/ForwardCompatIT.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentRegistrationController.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/config/WebConfig.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/security/TestSecurityConfig.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/AgentRegistrationControllerIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/ExecutionControllerIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/DiagramControllerIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/MetricsControllerIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/BackpressureIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/DiagramRenderControllerIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/DetailControllerIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/SearchControllerIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/AgentCommandControllerIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/AgentSseControllerIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/storage/DiagramLinkingIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/storage/IngestionSchemaIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/interceptor/ProtocolVersionIT.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/controller/ForwardCompatIT.java

 key-decisions:
  - "Added /error to SecurityConfig permitAll to allow Spring Boot error page forwarding through security"
--- a/.planning/phases/04-security/04-03-PLAN.md
+++ b/.planning/phases/04-security/04-03-PLAN.md
@@ -5,10 +5,10 @@ type: execute
 wave: 2
 depends_on: ["04-01"]
 files_modified:
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/SseConnectionManager.java
-  - cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/SsePayloadSigner.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/SseSigningIT.java
-  - cameleer3-server-app/src/test/java/com/cameleer3/server/app/agent/SsePayloadSignerTest.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/agent/SseConnectionManager.java
+  - cameleer-server-app/src/main/java/com/cameleer/server/app/agent/SsePayloadSigner.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/security/SseSigningIT.java
+  - cameleer-server-app/src/test/java/com/cameleer/server/app/agent/SsePayloadSignerTest.java
 autonomous: true
 requirements:
  - SECU-04
@@ -19,9 +19,9 @@ must_haves:
    - "Signature is computed over the payload JSON without the signature field, then added as a 'signature' field"
    - "Agent can verify the signature using the public key received at registration"
  artifacts:
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/SsePayloadSigner.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/agent/SsePayloadSigner.java"
      provides: "Component that signs SSE command payloads before delivery"
-    - path: "cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/SseConnectionManager.java"
+    - path: "cameleer-server-app/src/main/java/com/cameleer/server/app/agent/SseConnectionManager.java"
      provides: "Updated onCommandReady with signing before sendEvent"
  key_links:
    - from: "SseConnectionManager.onCommandReady"
@@ -54,7 +54,7 @@ Output: All SSE command events carry verifiable Ed25519 signatures.
@.planning/phases/04-security/04-RESEARCH.md
@.planning/phases/04-security/04-01-SUMMARY.md

-@cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/SseConnectionManager.java
+@cameleer-server-app/src/main/java/com/cameleer/server/app/agent/SseConnectionManager.java

 <interfaces>
 <!-- From Plan 01 (will exist after execution): -->
@@ -98,10 +98,10 @@ public record AgentCommand(String id, CommandType type, String payload, String a
 <task type="auto" tdd="true">
  <name>Task 1: SsePayloadSigner + signing integration in SseConnectionManager</name>
  <files>
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/SsePayloadSigner.java,
-    cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/SseConnectionManager.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/agent/SsePayloadSignerTest.java,
-    cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/SseSigningIT.java
+    cameleer-server-app/src/main/java/com/cameleer/server/app/agent/SsePayloadSigner.java,
+    cameleer-server-app/src/main/java/com/cameleer/server/app/agent/SseConnectionManager.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/agent/SsePayloadSignerTest.java,
+    cameleer-server-app/src/test/java/com/cameleer/server/app/security/SseSigningIT.java
  </files>
  <behavior>
    SsePayloadSigner unit tests:
@@ -155,7 +155,7 @@ public record AgentCommand(String id, CommandType type, String payload, String a
       - NOTE: This test depends on Plan 02's bootstrap token and JWT auth being in place. If Plan 03 executes before Plan 02, the test will need the TestSecurityHelper or a different auth approach. Since both are Wave 2 but independent, document this: "If Plan 02 is not yet complete, use TestSecurityHelper from Plan 01's temporary permit-all config."
  </action>
  <verify>
-    <automated>cd /c/Users/Hendrik/Documents/projects/cameleer3-server && mvn test -pl cameleer3-server-app -Dtest="SsePayloadSignerTest,SseSigningIT" -Dsurefire.reuseForks=false</automated>
+    <automated>cd /c/Users/Hendrik/Documents/projects/cameleer-server && mvn test -pl cameleer-server-app -Dtest="SsePayloadSignerTest,SseSigningIT" -Dsurefire.reuseForks=false</automated>
  </verify>
  <done>
    - SsePayloadSigner signs JSON payloads with Ed25519 and adds signature field
--- a/.planning/phases/04-security/04-03-SUMMARY.md
+++ b/.planning/phases/04-security/04-03-SUMMARY.md
@@ -22,11 +22,11 @@ tech-stack:

 key-files:
  created:
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/SsePayloadSigner.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/agent/SsePayloadSignerTest.java
-    - cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/SseSigningIT.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/agent/SsePayloadSigner.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/agent/SsePayloadSignerTest.java
+    - cameleer-server-app/src/test/java/com/cameleer/server/app/security/SseSigningIT.java
  modified:
-    - cameleer3-server-app/src/main/java/com/cameleer3/server/app/agent/SseConnectionManager.java
+    - cameleer-server-app/src/main/java/com/cameleer/server/app/agent/SseConnectionManager.java

 key-decisions:
  - "Signed payload parsed to JsonNode before passing to SseEmitter to avoid double-quoting raw JSON strings"
@@ -73,10 +73,10 @@ _No REFACTOR commit needed -- implementation is clean and minimal._

 ## Files Created/Modified

- `cameleer3-server-app/.../agent/SsePayloadSigner.java` - Component that signs JSON payloads with Ed25519 and adds signature field
- `cameleer3-server-app/.../agent/SseConnectionManager.java` - Updated onCommandReady to sign payload before SSE delivery
- `cameleer3-server-app/.../agent/SsePayloadSignerTest.java` - 7 unit tests for signing behavior and edge cases
- `cameleer3-server-app/.../security/SseSigningIT.java` - 2 integration tests for end-to-end signature verification
+- `cameleer-server-app/.../agent/SsePayloadSigner.java` - Component that signs JSON payloads with Ed25519 and adds signature field
+- `cameleer-server-app/.../agent/SseConnectionManager.java` - Updated onCommandReady to sign payload before SSE delivery
+- `cameleer-server-app/.../agent/SsePayloadSignerTest.java` - 7 unit tests for signing behavior and edge cases
+- `cameleer-server-app/.../security/SseSigningIT.java` - 2 integration tests for end-to-end signature verification

 ## Decisions Made

--- a/.planning/phases/04-security/04-RESEARCH.md
+++ b/.planning/phases/04-security/04-RESEARCH.md
@@ -6,7 +6,7 @@

 ## Summary

-This phase adds authentication and integrity protection to the Cameleer3 server. The implementation uses Spring Security 6.4.3 (managed by Spring Boot 3.4.3) with a custom `OncePerRequestFilter` for JWT validation, JDK 17 built-in Ed25519 for signing SSE payloads, and environment variable-based bootstrap tokens for agent registration. The approach is deliberately simple -- no OAuth2 resource server, no external identity provider, just symmetric HMAC JWTs for access control and Ed25519 signatures for payload integrity.
+This phase adds authentication and integrity protection to the Cameleer server. The implementation uses Spring Security 6.4.3 (managed by Spring Boot 3.4.3) with a custom `OncePerRequestFilter` for JWT validation, JDK 17 built-in Ed25519 for signing SSE payloads, and environment variable-based bootstrap tokens for agent registration. The approach is deliberately simple -- no OAuth2 resource server, no external identity provider, just symmetric HMAC JWTs for access control and Ed25519 signatures for payload integrity.

 The existing codebase has clear integration points: `AgentRegistrationController.register()` already returns `serverPublicKey: null` as a placeholder, `SseConnectionManager.onCommandReady()` is the signing hook for SSE events, and `WebConfig` already defines excluded paths that align with the public endpoint list. Spring Security's `SecurityFilterChain` replaces the need for hand-rolled authorization logic -- endpoints are protected by default, with explicit `permitAll()` for health, register, and docs.

@@ -89,7 +89,7 @@ The existing codebase has clear integration points: `AgentRegistrationController
 - **Ed25519 library:** Use JDK built-in. Zero external dependencies, native performance, well-tested in JDK 17+.
 - **Refresh token storage:** Use stateless signed refresh tokens (also HMAC-signed JWTs with different claims/expiry). This avoids any in-memory storage for refresh tokens and scales naturally. The refresh token is just a JWT with `type=refresh`, `sub=agentId`, and 7-day expiry. On refresh, validate the refresh JWT, check agent still exists, issue new access JWT.

-**Installation (add to cameleer3-server-app pom.xml):**
+**Installation (add to cameleer-server-app pom.xml):**
 ```xml
 <dependency>
    <groupId>org.springframework.boot</groupId>
@@ -108,12 +108,12 @@ Note: If `spring-boot-starter-security` brings Nimbus transitively (via `spring-

 ### Recommended Project Structure
 ```
-cameleer3-server-core/src/main/java/com/cameleer3/server/core/
+cameleer-server-core/src/main/java/com/cameleer/server/core/
  security/
    JwtService.java              # Interface: createAccessToken, createRefreshToken, validateToken, extractAgentId
    Ed25519SigningService.java    # Interface: sign(payload) -> signature, getPublicKeyBase64()

-cameleer3-server-app/src/main/java/com/cameleer3/server/app/
+cameleer-server-app/src/main/java/com/cameleer/server/app/
  security/
    JwtServiceImpl.java          # Nimbus JOSE+JWT HMAC implementation
    Ed25519SigningServiceImpl.java # JDK Ed25519 keypair + signing implementation
@@ -439,23 +439,23 @@ public boolean validateBootstrapToken(String provided) {
 | Property | Value |
 |----------|-------|
 | Framework | JUnit 5 + Spring Boot Test (spring-boot-starter-test) |
-| Config file | `cameleer3-server-app/src/test/resources/application-test.yml` |
-| Quick run command | `mvn test -pl cameleer3-server-app -Dtest=Security*Test -Dsurefire.reuseForks=false` |
+| Config file | `cameleer-server-app/src/test/resources/application-test.yml` |
+| Quick run command | `mvn test -pl cameleer-server-app -Dtest=Security*Test -Dsurefire.reuseForks=false` |
 | Full suite command | `mvn clean verify` |

 ### Phase Requirements to Test Map
 | Req ID | Behavior | Test Type | Automated Command | File Exists? |
 |--------|----------|-----------|-------------------|-------------|
-| SECU-01 | Protected endpoints reject requests without JWT; public endpoints accessible | integration | `mvn test -pl cameleer3-server-app -Dtest=SecurityFilterIT -Dsurefire.reuseForks=false` | No -- Wave 0 |
-| SECU-02 | Refresh endpoint issues new access JWT from valid refresh token | integration | `mvn test -pl cameleer3-server-app -Dtest=JwtRefreshIT -Dsurefire.reuseForks=false` | No -- Wave 0 |
-| SECU-03 | Ed25519 keypair generated at startup; public key in registration response | integration | `mvn test -pl cameleer3-server-app -Dtest=RegistrationSecurityIT -Dsurefire.reuseForks=false` | No -- Wave 0 |
-| SECU-04 | SSE payloads carry valid Ed25519 signature | integration | `mvn test -pl cameleer3-server-app -Dtest=SseSigningIT -Dsurefire.reuseForks=false` | No -- Wave 0 |
-| SECU-05 | Bootstrap token required for registration; rejects invalid/missing tokens | integration | `mvn test -pl cameleer3-server-app -Dtest=BootstrapTokenIT -Dsurefire.reuseForks=false` | No -- Wave 0 |
-| N/A | JWT creation, validation, expiry logic | unit | `mvn test -pl cameleer3-server-app -Dtest=JwtServiceTest -Dsurefire.reuseForks=false` | No -- Wave 0 |
-| N/A | Ed25519 signing and verification roundtrip | unit | `mvn test -pl cameleer3-server-app -Dtest=Ed25519SigningServiceTest -Dsurefire.reuseForks=false` | No -- Wave 0 |
+| SECU-01 | Protected endpoints reject requests without JWT; public endpoints accessible | integration | `mvn test -pl cameleer-server-app -Dtest=SecurityFilterIT -Dsurefire.reuseForks=false` | No -- Wave 0 |
+| SECU-02 | Refresh endpoint issues new access JWT from valid refresh token | integration | `mvn test -pl cameleer-server-app -Dtest=JwtRefreshIT -Dsurefire.reuseForks=false` | No -- Wave 0 |
+| SECU-03 | Ed25519 keypair generated at startup; public key in registration response | integration | `mvn test -pl cameleer-server-app -Dtest=RegistrationSecurityIT -Dsurefire.reuseForks=false` | No -- Wave 0 |
+| SECU-04 | SSE payloads carry valid Ed25519 signature | integration | `mvn test -pl cameleer-server-app -Dtest=SseSigningIT -Dsurefire.reuseForks=false` | No -- Wave 0 |
+| SECU-05 | Bootstrap token required for registration; rejects invalid/missing tokens | integration | `mvn test -pl cameleer-server-app -Dtest=BootstrapTokenIT -Dsurefire.reuseForks=false` | No -- Wave 0 |
+| N/A | JWT creation, validation, expiry logic | unit | `mvn test -pl cameleer-server-app -Dtest=JwtServiceTest -Dsurefire.reuseForks=false` | No -- Wave 0 |
+| N/A | Ed25519 signing and verification roundtrip | unit | `mvn test -pl cameleer-server-app -Dtest=Ed25519SigningServiceTest -Dsurefire.reuseForks=false` | No -- Wave 0 |

 ### Sampling Rate
- **Per task commit:** `mvn test -pl cameleer3-server-app -Dsurefire.reuseForks=false`
+- **Per task commit:** `mvn test -pl cameleer-server-app -Dsurefire.reuseForks=false`
 - **Per wave merge:** `mvn clean verify`
 - **Phase gate:** Full suite green before `/gsd:verify-work`

--- a/.planning/phases/04-security/04-VALIDATION.md
+++ b/.planning/phases/04-security/04-VALIDATION.md
@@ -18,8 +18,8 @@ created: 2026-03-11
 | Property | Value |
 |----------|-------|
 | **Framework** | JUnit 5 + Spring Boot Test + Spring Security Test |
-| **Config file** | cameleer3-server-app/src/test/resources/application-test.yml |
-| **Quick run command** | `mvn test -pl cameleer3-server-app -Dtest="Security*,Jwt*,Bootstrap*,Ed25519*" -Dsurefire.reuseForks=false` |
+| **Config file** | cameleer-server-app/src/test/resources/application-test.yml |
+| **Quick run command** | `mvn test -pl cameleer-server-app -Dtest="Security*,Jwt*,Bootstrap*,Ed25519*" -Dsurefire.reuseForks=false` |
 | **Full suite command** | `mvn clean verify` |
 | **Estimated runtime** | ~60 seconds |

@@ -27,7 +27,7 @@ created: 2026-03-11

 ## Sampling Rate

- **After every task commit:** Run `mvn test -pl cameleer3-server-app -Dsurefire.reuseForks=false`
+- **After every task commit:** Run `mvn test -pl cameleer-server-app -Dsurefire.reuseForks=false`
 - **After every plan wave:** Run `mvn clean verify`
 - **Before `/gsd:verify-work`:** Full suite must be green
 - **Max feedback latency:** 60 seconds
@@ -38,13 +38,13 @@ created: 2026-03-11

 | Task ID | Plan | Wave | Requirement | Test Type | Automated Command | File Exists | Status |
 |---------|------|------|-------------|-----------|-------------------|-------------|--------|
-| 04-01-01 | 01 | 1 | SECU-03 | unit | `mvn test -pl cameleer3-server-app -Dtest=Ed25519SigningServiceTest -Dsurefire.reuseForks=false` | ❌ W0 | ⬜ pending |
-| 04-01-02 | 01 | 1 | SECU-01 | unit | `mvn test -pl cameleer3-server-app -Dtest=JwtServiceTest -Dsurefire.reuseForks=false` | ❌ W0 | ⬜ pending |
-| 04-01-03 | 01 | 1 | SECU-05 | integration | `mvn test -pl cameleer3-server-app -Dtest=BootstrapTokenIT -Dsurefire.reuseForks=false` | ❌ W0 | ⬜ pending |
-| 04-01-04 | 01 | 1 | SECU-01 | integration | `mvn test -pl cameleer3-server-app -Dtest=SecurityFilterIT -Dsurefire.reuseForks=false` | ❌ W0 | ⬜ pending |
-| 04-01-05 | 01 | 1 | SECU-02 | integration | `mvn test -pl cameleer3-server-app -Dtest=JwtRefreshIT -Dsurefire.reuseForks=false` | ❌ W0 | ⬜ pending |
-| 04-01-06 | 01 | 1 | SECU-04 | integration | `mvn test -pl cameleer3-server-app -Dtest=SseSigningIT -Dsurefire.reuseForks=false` | ❌ W0 | ⬜ pending |
-| 04-01-07 | 01 | 1 | N/A | integration | `mvn test -pl cameleer3-server-app -Dtest=RegistrationSecurityIT -Dsurefire.reuseForks=false` | ❌ W0 | ⬜ pending |
+| 04-01-01 | 01 | 1 | SECU-03 | unit | `mvn test -pl cameleer-server-app -Dtest=Ed25519SigningServiceTest -Dsurefire.reuseForks=false` | ❌ W0 | ⬜ pending |
+| 04-01-02 | 01 | 1 | SECU-01 | unit | `mvn test -pl cameleer-server-app -Dtest=JwtServiceTest -Dsurefire.reuseForks=false` | ❌ W0 | ⬜ pending |
+| 04-01-03 | 01 | 1 | SECU-05 | integration | `mvn test -pl cameleer-server-app -Dtest=BootstrapTokenIT -Dsurefire.reuseForks=false` | ❌ W0 | ⬜ pending |
+| 04-01-04 | 01 | 1 | SECU-01 | integration | `mvn test -pl cameleer-server-app -Dtest=SecurityFilterIT -Dsurefire.reuseForks=false` | ❌ W0 | ⬜ pending |
+| 04-01-05 | 01 | 1 | SECU-02 | integration | `mvn test -pl cameleer-server-app -Dtest=JwtRefreshIT -Dsurefire.reuseForks=false` | ❌ W0 | ⬜ pending |
+| 04-01-06 | 01 | 1 | SECU-04 | integration | `mvn test -pl cameleer-server-app -Dtest=SseSigningIT -Dsurefire.reuseForks=false` | ❌ W0 | ⬜ pending |
+| 04-01-07 | 01 | 1 | N/A | integration | `mvn test -pl cameleer-server-app -Dtest=RegistrationSecurityIT -Dsurefire.reuseForks=false` | ❌ W0 | ⬜ pending |

 *Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky*

--- a/.planning/phases/04-security/04-VERIFICATION.md
+++ b/.planning/phases/04-security/04-VERIFICATION.md
@@ -39,19 +39,19 @@ All truths drawn from PLAN frontmatter must_haves across plans 01, 02, and 03.

 | Artifact | Provides | Status | Details |
 |----------|----------|--------|---------|
-| `cameleer3-server-core/.../security/JwtService.java` | JWT interface: createAccessToken, createRefreshToken, validateAndExtractAgentId, validateRefreshToken | VERIFIED | 49 lines, substantive interface with 4 methods |
-| `cameleer3-server-core/.../security/Ed25519SigningService.java` | Ed25519 interface: sign(payload), getPublicKeyBase64() | VERIFIED | 29 lines, substantive interface with 2 methods |
-| `cameleer3-server-app/.../security/JwtServiceImpl.java` | Nimbus JOSE+JWT HMAC-SHA256 implementation | VERIFIED | 120 lines; uses `MACSigner`/`MACVerifier`, ephemeral 256-bit secret, correct claims |
-| `cameleer3-server-app/.../security/Ed25519SigningServiceImpl.java` | JDK 17 Ed25519 KeyPairGenerator implementation | VERIFIED | 54 lines; `KeyPairGenerator.getInstance("Ed25519")`, `Signature.getInstance("Ed25519")`, Base64-encoded output |
-| `cameleer3-server-app/.../security/BootstrapTokenValidator.java` | Constant-time bootstrap token validation with dual-token rotation | VERIFIED | 50 lines; `MessageDigest.isEqual()`, checks current and previous token, null/blank guard |
-| `cameleer3-server-app/.../security/SecurityProperties.java` | Config binding with env var mapping | VERIFIED | 48 lines; `@ConfigurationProperties(prefix="security")`; all 4 fields with defaults |
-| `cameleer3-server-app/.../security/SecurityBeanConfig.java` | Bean wiring with fail-fast validation | VERIFIED | 43 lines; `@EnableConfigurationProperties`, all 3 service beans, `InitializingBean` check |
-| `cameleer3-server-app/.../security/JwtAuthenticationFilter.java` | OncePerRequestFilter extracting JWT from header or query param | VERIFIED | 72 lines; extracts from `Authorization: Bearer` then `?token=` query param; sets `SecurityContextHolder` |
-| `cameleer3-server-app/.../security/SecurityConfig.java` | SecurityFilterChain with permitAll for public paths, authenticated for rest | VERIFIED | 54 lines; stateless, CSRF disabled, correct permitAll list, `addFilterBefore` JwtAuthenticationFilter |
-| `cameleer3-server-app/.../controller/AgentRegistrationController.java` | Updated register endpoint with bootstrap token validation, JWT issuance, public key; refresh endpoint | VERIFIED | 230 lines; both `/register` and `/{id}/refresh` endpoints fully wired |
-| `cameleer3-server-app/.../agent/SsePayloadSigner.java` | Component that signs SSE command payloads | VERIFIED | 77 lines; `@Component`, signs then adds field, defensive null/blank handling |
-| `cameleer3-server-app/.../agent/SseConnectionManager.java` | Updated onCommandReady with signing before sendEvent | VERIFIED | `onCommandReady()` calls `ssePayloadSigner.signPayload()`, parses to `JsonNode` to avoid double-quoting |
-| `cameleer3-server-app/.../resources/application.yml` | Security config with env var mapping | VERIFIED | `security.bootstrap-token: ${CAMELEER_AUTH_TOKEN:}` and `security.bootstrap-token-previous: ${CAMELEER_AUTH_TOKEN_PREVIOUS:}` present |
+| `cameleer-server-core/.../security/JwtService.java` | JWT interface: createAccessToken, createRefreshToken, validateAndExtractAgentId, validateRefreshToken | VERIFIED | 49 lines, substantive interface with 4 methods |
+| `cameleer-server-core/.../security/Ed25519SigningService.java` | Ed25519 interface: sign(payload), getPublicKeyBase64() | VERIFIED | 29 lines, substantive interface with 2 methods |
+| `cameleer-server-app/.../security/JwtServiceImpl.java` | Nimbus JOSE+JWT HMAC-SHA256 implementation | VERIFIED | 120 lines; uses `MACSigner`/`MACVerifier`, ephemeral 256-bit secret, correct claims |
+| `cameleer-server-app/.../security/Ed25519SigningServiceImpl.java` | JDK 17 Ed25519 KeyPairGenerator implementation | VERIFIED | 54 lines; `KeyPairGenerator.getInstance("Ed25519")`, `Signature.getInstance("Ed25519")`, Base64-encoded output |
+| `cameleer-server-app/.../security/BootstrapTokenValidator.java` | Constant-time bootstrap token validation with dual-token rotation | VERIFIED | 50 lines; `MessageDigest.isEqual()`, checks current and previous token, null/blank guard |
+| `cameleer-server-app/.../security/SecurityProperties.java` | Config binding with env var mapping | VERIFIED | 48 lines; `@ConfigurationProperties(prefix="security")`; all 4 fields with defaults |
+| `cameleer-server-app/.../security/SecurityBeanConfig.java` | Bean wiring with fail-fast validation | VERIFIED | 43 lines; `@EnableConfigurationProperties`, all 3 service beans, `InitializingBean` check |
+| `cameleer-server-app/.../security/JwtAuthenticationFilter.java` | OncePerRequestFilter extracting JWT from header or query param | VERIFIED | 72 lines; extracts from `Authorization: Bearer` then `?token=` query param; sets `SecurityContextHolder` |
+| `cameleer-server-app/.../security/SecurityConfig.java` | SecurityFilterChain with permitAll for public paths, authenticated for rest | VERIFIED | 54 lines; stateless, CSRF disabled, correct permitAll list, `addFilterBefore` JwtAuthenticationFilter |
+| `cameleer-server-app/.../controller/AgentRegistrationController.java` | Updated register endpoint with bootstrap token validation, JWT issuance, public key; refresh endpoint | VERIFIED | 230 lines; both `/register` and `/{id}/refresh` endpoints fully wired |
+| `cameleer-server-app/.../agent/SsePayloadSigner.java` | Component that signs SSE command payloads | VERIFIED | 77 lines; `@Component`, signs then adds field, defensive null/blank handling |
+| `cameleer-server-app/.../agent/SseConnectionManager.java` | Updated onCommandReady with signing before sendEvent | VERIFIED | `onCommandReady()` calls `ssePayloadSigner.signPayload()`, parses to `JsonNode` to avoid double-quoting |
+| `cameleer-server-app/.../resources/application.yml` | Security config with env var mapping | VERIFIED | `security.bootstrap-token: ${CAMELEER_AUTH_TOKEN:}` and `security.bootstrap-token-previous: ${CAMELEER_AUTH_TOKEN_PREVIOUS:}` present |

 ### Key Link Verification

--- a/.planning/research/ARCHITECTURE.md
+++ b/.planning/research/ARCHITECTURE.md
@@ -57,7 +57,7 @@ Agents (50+)                        Users / UI
 Agent POST /api/v1/ingest
    |
    v
-[IngestController] -- validates JWT, deserializes using cameleer3-common models
+[IngestController] -- validates JWT, deserializes using cameleer-common models
    |
    v
 [IngestionService.accept(batch)] -- accepts TransactionData/ActivityData
@@ -126,7 +126,7 @@ Each registered SseEmitter sends event to connected agent
 Agent POST /api/v1/diagrams (on startup or route change)
    |
    v
-[DiagramController] -- receives route definition (XML/YAML/JSON from cameleer3-common)
+[DiagramController] -- receives route definition (XML/YAML/JSON from cameleer-common)
    |
    v
 [DiagramService.storeVersion(definition)]
@@ -341,11 +341,11 @@ public record PageCursor(Instant timestamp, String id) {}

 ## Module Boundary Design

-### Core Module (`cameleer3-server-core`)
+### Core Module (`cameleer-server-core`)

 The core module is the domain layer. It contains:

- **Domain models** -- Transaction, Activity, Agent, DiagramVersion, etc. (may extend or complement cameleer3-common models)
+- **Domain models** -- Transaction, Activity, Agent, DiagramVersion, etc. (may extend or complement cameleer-common models)
 - **Service interfaces and implementations** -- TransactionService, AgentRegistryService, DiagramService, QueryEngine
 - **Repository interfaces** -- TransactionRepository, DiagramRepository, AgentRepository (interfaces only, no implementations)
 - **Ingestion logic** -- WriteBuffer, batch assembly, backpressure signaling
@@ -356,7 +356,7 @@ The core module is the domain layer. It contains:

 **No Spring Boot dependencies.** Jackson is acceptable (already present). JUnit for tests.

-### App Module (`cameleer3-server-app`)
+### App Module (`cameleer-server-app`)

 The app module is the infrastructure/adapter layer. It contains:

@@ -376,8 +376,8 @@ The app module is the infrastructure/adapter layer. It contains:
 ```
 app --> core (allowed)
 core --> app (NEVER)
-core --> cameleer3-common (allowed)
-app --> cameleer3-common (transitively via core)
+core --> cameleer-common (allowed)
+app --> cameleer-common (transitively via core)
 ```

 ## Ingestion Pipeline Detail
@@ -393,7 +393,7 @@ Use a two-stage approach:

 - WriteBuffer has a bounded capacity (configurable, default 50,000 items).
 - When buffer is >80% full, respond with HTTP 429 + `Retry-After` header.
- Agents (cameleer3) should implement exponential backoff on 429.
+- Agents (cameleer) should implement exponential backoff on 429.
 - Monitor buffer fill level as a metric.

 ### Batch Size Tuning
--- a/.planning/research/PITFALLS.md
+++ b/.planning/research/PITFALLS.md
@@ -1,6 +1,6 @@
 # Domain Pitfalls

-**Domain:** Transaction monitoring / observability server (Cameleer3 Server)
+**Domain:** Transaction monitoring / observability server (Cameleer Server)
 **Researched:** 2026-03-11
 **Confidence:** MEDIUM (based on established patterns for ClickHouse, SSE, high-volume ingestion; no web verification available)

--- a/.planning/research/STACK.md
+++ b/.planning/research/STACK.md
@@ -1,6 +1,6 @@
 # Technology Stack

-**Project:** Cameleer3 Server
+**Project:** Cameleer Server
 **Researched:** 2026-03-11
 **Overall confidence:** MEDIUM (no live source verification available; versions based on training data up to May 2025)

--- a/.planning/research/SUMMARY.md
+++ b/.planning/research/SUMMARY.md
@@ -1,4 +1,4 @@
-# Research Summary: Cameleer3 Server
+# Research Summary: Cameleer Server

 **Domain:** Transaction observability server for Apache Camel integrations
 **Researched:** 2026-03-11
@@ -6,7 +6,7 @@

 ## Executive Summary

-Cameleer3 Server is a write-heavy, read-occasional observability system that receives millions of transaction records per day from distributed Apache Camel agents, stores them with 30-day retention, and provides structured + full-text search. The architecture closely parallels established observability platforms like Jaeger, Zipkin, and njams Server, with the key differentiator being Camel route diagram visualization tied to individual transactions.
+Cameleer Server is a write-heavy, read-occasional observability system that receives millions of transaction records per day from distributed Apache Camel agents, stores them with 30-day retention, and provides structured + full-text search. The architecture closely parallels established observability platforms like Jaeger, Zipkin, and njams Server, with the key differentiator being Camel route diagram visualization tied to individual transactions.

 The recommended stack centers on **ClickHouse** as the primary data store. ClickHouse's columnar MergeTree engine provides the exact properties this project needs: massive batch insert throughput, excellent time-range query performance, native TTL-based retention, and 10-20x compression on structured observability data. This is a well-established pattern used by production observability platforms (SigNoz, Uptrace, PostHog all run on ClickHouse).

@@ -93,9 +93,9 @@ Based on research, suggested phase structure:
 ## Gaps to Address

 - **ClickHouse Java client API:** The clickhouse-java library has undergone significant changes. Exact API, connection pooling, and Spring Boot integration patterns need phase-specific research
- **cameleer3-common PROTOCOL.md:** Must read the agent protocol definition before designing ClickHouse schema -- this defines the exact data structures being ingested
+- **cameleer-common PROTOCOL.md:** Must read the agent protocol definition before designing ClickHouse schema -- this defines the exact data structures being ingested
 - **ClickHouse Docker setup:** Optimal ClickHouse Docker configuration (memory limits, merge settings) for development and production
 - **Full-text search decision:** ClickHouse skip indexes may or may not meet the "search by any content" requirement. This needs prototyping with realistic data
- **Diagram rendering library:** Server-side route diagram rendering is a significant unknown; needs prototyping with actual Camel route graph data from cameleer3-common
+- **Diagram rendering library:** Server-side route diagram rendering is a significant unknown; needs prototyping with actual Camel route graph data from cameleer-common
 - **Frontend framework:** No research on UI technology -- deferred to UI phase
- **Agent protocol stability:** The cameleer3-common protocol is still evolving. Schema evolution strategy needs alignment with agent development
+- **Agent protocol stability:** The cameleer-common protocol is still evolving. Schema evolution strategy needs alignment with agent development
--- a/.planning/sse-flakiness-diagnosis.md
+++ b/.planning/sse-flakiness-diagnosis.md
@@ -0,0 +1,81 @@
+# SSE Flakiness — Root-Cause Analysis
+
+**Date:** 2026-04-21
+**Tests:** `AgentSseControllerIT.sseConnect_unknownAgent_returns404`, `.lastEventIdHeader_connectionSucceeds`, `.pingKeepalive_receivedViaSseStream`, `SseSigningIT.deepTraceEvent_containsValidSignature`
+
+## Summary
+
+Not order-dependent flakiness (triage report was wrong). Three distinct root causes, one production bug and one test-infrastructure issue, all reproducible when running the classes in isolation.
+
+## Reproduction
+
+```bash
+mvn -pl cameleer-server-app -am -Dit.test='AgentSseControllerIT' -Dtest='!*' \
+    -DfailIfNoTests=false -Dsurefire.failIfNoSpecifiedTests=false verify
+```
+
+Result: 3 failures out of 7 tests with a cold CH container. Not order-dependent.
+
+## Root causes
+
+### 1. `AgentSseController.events` auto-heal is over-permissive (security bug)
+
+**File:** `cameleer-server-app/src/main/java/com/cameleer/server/app/controller/AgentSseController.java:63-76`
+
+```java
+AgentInfo agent = registryService.findById(id);
+if (agent == null) {
+    var jwtResult = ...;
+    if (jwtResult != null) {     // ← only checks JWT presence
+        registryService.register(id, id, application, env, ...);
+    } else {
+        throw 404;
+    }
+}
+```
+
+**Bug:** auto-heal registers *any* path id when any valid JWT is present, regardless of whether the JWT subject matches the path id. A holder of agent X's JWT can open SSE for any path-id Y, silently spoofing Y.
+
+**Surface symptom:** `sseConnect_unknownAgent_returns404` sends a JWT for `test-agent-sse-it` and requests SSE for `unknown-sse-agent`. Auto-heal kicks in, returns 200 with an infinite empty stream. Test's `statusFuture.get(5s)` — which uses `BodyHandlers.ofString()` and waits for the full body — times out instead of getting a synchronous 404.
+
+**Fix:** only auto-heal when `jwtResult.subject().equals(id)`.
+
+### 2. `SseConnectionManager.pingAll` reads an unprefixed property key (production bug)
+
+**File:** `cameleer-server-app/src/main/java/com/cameleer/server/app/agent/SseConnectionManager.java:172`
+
+```java
+@Scheduled(fixedDelayString = "${agent-registry.ping-interval-ms:15000}")
+```
+
+**Bug:** `AgentRegistryConfig` is `@ConfigurationProperties(prefix = "cameleer.server.agentregistry")`. The scheduler reads an unprefixed `agent-registry.*` key that the YAML never defines — so the default 15s always applies, regardless of config. Same family of bug as the `MetricsFlushScheduler` fix in commit `a6944911`.
+
+**Fix:** `${cameleer.server.agentregistry.ping-interval-ms:15000}`.
+
+### 3. SSE response body doesn't flush until first event (test timing dependency)
+
+**File:** `cameleer-server-app/src/main/java/com/cameleer/server/app/agent/SseConnectionManager.java:connect()`
+
+Spring's `SseEmitter` holds the response open but doesn't flush headers to the client until the first `emitter.send()`. Until then, clients using `HttpResponse.BodyHandlers.ofInputStream()` block on the first byte.
+
+**Surface symptom:**
+- `lastEventIdHeader_connectionSucceeds` — asserts `awaitConnection(5000)` is `true`. The latch counts down in `.thenAccept(response -> ...)`, which in practice only fires once body bytes start flowing (JDK 21 behaviour with SSE streams). Default ping cadence is 15s → 5s assertion times out.
+- `pingKeepalive_receivedViaSseStream` — waits 5s for a `:ping` line. The scheduler runs every 15s (both by default, and because of bug #2, unconditionally).
+- `SseSigningIT.deepTraceEvent_containsValidSignature` — same family: `awaitConnection(5000).isTrue()`.
+
+**Fix:** send an initial `: connected` comment as part of `connect()`. Spring flushes on the first `.send()`, so an immediate comment forces the response headers + first byte to hit the wire, which triggers the client's `thenAccept` callback. Also solves the ping-test: the initial comment is observed as a keepalive line within the test's polling window.
+
+## Hypothesis ladder (ruled out)
+
+- **Order-dependent singleton leak** — ruled out: every failure reproduces when the class is run solo.
+- **Tomcat async thread pool exhaustion** — ruled out: `SseEmitter(Long.MAX_VALUE)` does hold threads, but the 7-test class doesn't reach Tomcat's defaults.
+- **SseConnectionManager emitter-map contamination** — ruled out: each test uses a unique agent id (UUID-suffixed), and the `@Component` is the same instance across tests but the emitter map is keyed by agent id, no collisions.
+
+## Verification
+
+```
+mvn -pl cameleer-server-app -am -Dit.test='AgentSseControllerIT,SseSigningIT' ... verify
+# Tests run: 9, Failures: 0, Errors: 0, Skipped: 0
+```
+
+All 9 tests green with the three fixes applied.
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -0,0 +1,101 @@
+<!-- gitnexus:start -->
+# GitNexus — Code Intelligence
+
+This project is indexed by GitNexus as **cameleer-server** (9731 symbols, 24987 relationships, 300 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely.
+
+> If any GitNexus tool warns the index is stale, run `npx gitnexus analyze` in terminal first.
+
+## Always Do
+
+- **MUST run impact analysis before editing any symbol.** Before modifying a function, class, or method, run `gitnexus_impact({target: "symbolName", direction: "upstream"})` and report the blast radius (direct callers, affected processes, risk level) to the user.
+- **MUST run `gitnexus_detect_changes()` before committing** to verify your changes only affect expected symbols and execution flows.
+- **MUST warn the user** if impact analysis returns HIGH or CRITICAL risk before proceeding with edits.
+- When exploring unfamiliar code, use `gitnexus_query({query: "concept"})` to find execution flows instead of grepping. It returns process-grouped results ranked by relevance.
+- When you need full context on a specific symbol — callers, callees, which execution flows it participates in — use `gitnexus_context({name: "symbolName"})`.
+
+## When Debugging
+
+1. `gitnexus_query({query: "<error or symptom>"})` — find execution flows related to the issue
+2. `gitnexus_context({name: "<suspect function>"})` — see all callers, callees, and process participation
+3. `READ gitnexus://repo/cameleer-server/process/{processName}` — trace the full execution flow step by step
+4. For regressions: `gitnexus_detect_changes({scope: "compare", base_ref: "main"})` — see what your branch changed
+
+## When Refactoring
+
+- **Renaming**: MUST use `gitnexus_rename({symbol_name: "old", new_name: "new", dry_run: true})` first. Review the preview — graph edits are safe, text_search edits need manual review. Then run with `dry_run: false`.
+- **Extracting/Splitting**: MUST run `gitnexus_context({name: "target"})` to see all incoming/outgoing refs, then `gitnexus_impact({target: "target", direction: "upstream"})` to find all external callers before moving code.
+- After any refactor: run `gitnexus_detect_changes({scope: "all"})` to verify only expected files changed.
+
+## Never Do
+
+- NEVER edit a function, class, or method without first running `gitnexus_impact` on it.
+- NEVER ignore HIGH or CRITICAL risk warnings from impact analysis.
+- NEVER rename symbols with find-and-replace — use `gitnexus_rename` which understands the call graph.
+- NEVER commit changes without running `gitnexus_detect_changes()` to check affected scope.
+
+## Tools Quick Reference
+
+| Tool | When to use | Command |
+|------|-------------|---------|
+| `query` | Find code by concept | `gitnexus_query({query: "auth validation"})` |
+| `context` | 360-degree view of one symbol | `gitnexus_context({name: "validateUser"})` |
+| `impact` | Blast radius before editing | `gitnexus_impact({target: "X", direction: "upstream"})` |
+| `detect_changes` | Pre-commit scope check | `gitnexus_detect_changes({scope: "staged"})` |
+| `rename` | Safe multi-file rename | `gitnexus_rename({symbol_name: "old", new_name: "new", dry_run: true})` |
+| `cypher` | Custom graph queries | `gitnexus_cypher({query: "MATCH ..."})` |
+
+## Impact Risk Levels
+
+| Depth | Meaning | Action |
+|-------|---------|--------|
+| d=1 | WILL BREAK — direct callers/importers | MUST update these |
+| d=2 | LIKELY AFFECTED — indirect deps | Should test |
+| d=3 | MAY NEED TESTING — transitive | Test if critical path |
+
+## Resources
+
+| Resource | Use for |
+|----------|---------|
+| `gitnexus://repo/cameleer-server/context` | Codebase overview, check index freshness |
+| `gitnexus://repo/cameleer-server/clusters` | All functional areas |
+| `gitnexus://repo/cameleer-server/processes` | All execution flows |
+| `gitnexus://repo/cameleer-server/process/{name}` | Step-by-step execution trace |
+
+## Self-Check Before Finishing
+
+Before completing any code modification task, verify:
+1. `gitnexus_impact` was run for all modified symbols
+2. No HIGH/CRITICAL risk warnings were ignored
+3. `gitnexus_detect_changes()` confirms changes match expected scope
+4. All d=1 (WILL BREAK) dependents were updated
+
+## Keeping the Index Fresh
+
+After committing code changes, the GitNexus index becomes stale. Re-run analyze to update it:
+
+```bash
+npx gitnexus analyze
+```
+
+If the index previously included embeddings, preserve them by adding `--embeddings`:
+
+```bash
+npx gitnexus analyze --embeddings
+```
+
+To check whether embeddings exist, inspect `.gitnexus/meta.json` — the `stats.embeddings` field shows the count (0 means no embeddings). **Running analyze without `--embeddings` will delete any previously generated embeddings.**
+
+> Claude Code users: A PostToolUse hook handles this automatically after `git commit` and `git merge`.
+
+## CLI
+
+| Task | Read this skill file |
+|------|---------------------|
+| Understand architecture / "How does X work?" | `.claude/skills/gitnexus/gitnexus-exploring/SKILL.md` |
+| Blast radius / "What breaks if I change X?" | `.claude/skills/gitnexus/gitnexus-impact-analysis/SKILL.md` |
+| Trace bugs / "Why is X failing?" | `.claude/skills/gitnexus/gitnexus-debugging/SKILL.md` |
+| Rename / extract / split / refactor | `.claude/skills/gitnexus/gitnexus-refactoring/SKILL.md` |
+| Tools, resources, schema reference | `.claude/skills/gitnexus/gitnexus-guide/SKILL.md` |
+| Index, status, clean, wiki CLI commands | `.claude/skills/gitnexus/gitnexus-cli/SKILL.md` |
+
+<!-- gitnexus:end -->
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -4,268 +4,90 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co

 ## Project

-Cameleer3 Server — observability server that receives, stores, and serves Camel route execution data and route diagrams from Cameleer3 agents. Pushes config and commands to agents via SSE. Also orchestrates Docker container deployments when running under cameleer-saas.
+Cameleer Server — observability server that receives, stores, and serves Camel route execution data and route diagrams from Cameleer agents. Pushes config and commands to agents via SSE. Also orchestrates Docker container deployments when running under cameleer-saas.

 ## Related Project

- **cameleer3** (`https://gitea.siegeln.net/cameleer/cameleer3`) — the Java agent that instruments Camel applications
- Protocol defined in `cameleer3-common/PROTOCOL.md` in the agent repo
- This server depends on `com.cameleer3:cameleer3-common` (shared models and graph API)
+- **cameleer** (`https://gitea.siegeln.net/cameleer/cameleer`) — the Java agent that instruments Camel applications
+- Protocol defined in `cameleer-common/PROTOCOL.md` in the agent repo
+- This server depends on `com.cameleer:cameleer-common` (shared models and graph API)

 ## Modules

- `cameleer3-server-core` — domain logic, storage interfaces, services (no Spring dependencies)
- `cameleer3-server-app` — Spring Boot web app, REST controllers, SSE, persistence, Docker orchestration
+- `cameleer-server-core` — domain logic, storage interfaces, services (no Spring dependencies)
+- `cameleer-server-app` — Spring Boot web app, REST controllers, SSE, persistence, Docker orchestration

 ## Build Commands

 ```bash
 mvn clean compile          # Compile all modules
 mvn clean verify           # Full build with tests
+mvn clean verify -DskipITs # Fast: unit tests only (no Testcontainers)
 ```

+### Faster local builds
+
+- **Surefire reuses forks** (`cameleer-server-app/pom.xml`): unit tests run with `forkCount=1C` + `reuseForks=true` — one JVM per CPU core, reused across classes. Test classes that mutate static state must clean up after themselves.
+- **Testcontainers reuse** — opt-in per developer. Add to `~/.testcontainers.properties`:
+  ```
+  testcontainers.reuse.enable=true
+  ```
+  Then `AbstractPostgresIT` containers persist across `mvn verify` runs (saves ~20s per run). Stop them manually when you need a clean DB: `docker rm -f $(docker ps -aq --filter label=org.testcontainers.reuse=true)`.
+- **UI build** dropped redundant `tsc --noEmit` from `npm run build` (Vite/esbuild type-checks during bundling). Run `npm run typecheck` explicitly when you want a full type-check pass.
+
 ## Run

 ```bash
-java -jar cameleer3-server-app/target/cameleer3-server-app-1.0-SNAPSHOT.jar
+java -jar cameleer-server-app/target/cameleer-server-app-1.0-SNAPSHOT.jar
 ```

-## Key Classes by Package
-
-### Core Module (`cameleer3-server-core/src/main/java/com/cameleer3/server/core/`)
-
-**agent/** — Agent lifecycle and commands
- `AgentRegistryService` — in-memory registry (ConcurrentHashMap), register/heartbeat/lifecycle
- `AgentInfo` — record: id, name, application, environmentId, version, routeIds, capabilities, state
- `AgentCommand` — record: id, type, targetAgent, payload, createdAt, expiresAt
- `AgentEventService` — records agent state changes, heartbeats
-
-**runtime/** — App/Environment/Deployment domain
- `App` — record: id, environmentId, slug, displayName, containerConfig (JSONB)
- `AppVersion` — record: id, appId, version, jarPath
- `Environment` — record: id, slug, jarRetentionCount
- `Deployment` — record: id, appId, appVersionId, environmentId, status, targetState, deploymentStrategy, replicaStates (JSONB), deployStage, containerId, containerName
- `DeploymentStatus` — enum: STOPPED, STARTING, RUNNING, DEGRADED, STOPPING, FAILED
- `DeployStage` — enum: PRE_FLIGHT, PULL_IMAGE, CREATE_NETWORK, START_REPLICAS, HEALTH_CHECK, SWAP_TRAFFIC, COMPLETE
- `DeploymentService` — createDeployment (deletes terminal deployments first), markRunning, markFailed, markStopped
- `ContainerRequest` — record: 17 fields for Docker container creation
- `ResolvedContainerConfig` — record: typed config with memoryLimitMb, cpuShares, cpuLimit, appPort, replicas, routingMode, etc.
- `ConfigMerger` — pure function: resolve(globalDefaults, envConfig, appConfig) -> ResolvedContainerConfig
- `RuntimeOrchestrator` — interface: startContainer, stopContainer, getContainerStatus, getLogs
-
-**search/** — Execution search
- `SearchService` — search, topErrors, punchcard, distinctAttributeKeys
- `SearchRequest` / `SearchResult` — search DTOs
-
-**storage/** — Storage abstractions
- `ExecutionStore`, `MetricsStore`, `DiagramStore`, `SearchIndex`, `LogIndex` — interfaces
-
-**rbac/** — Role-based access control
- `RbacService` — getDirectRolesForUser, syncOidcRoles, assignRole
- `SystemRole` — enum: AGENT, VIEWER, OPERATOR, ADMIN; `normalizeScope()` maps scopes
- `UserDetail`, `RoleDetail`, `GroupDetail` — records
-
-**security/** — Auth
- `JwtService` — interface: createAccessToken, validateAccessToken
- `Ed25519SigningService` — interface: sign, verify (config signing)
- `OidcConfig` — record: issuerUri, clientId, audience, rolesClaim, additionalScopes
-
-**ingestion/** — Buffered data pipeline
- `IngestionService` — ingestExecution, ingestMetric, ingestLog, ingestDiagram
- `ChunkAccumulator` — batches data for efficient flush
-
-### App Module (`cameleer3-server-app/src/main/java/com/cameleer3/server/app/`)
-
-**controller/** — REST endpoints
- `AgentRegistrationController` — POST /register, POST /heartbeat, GET / (list), POST /refresh-token
- `AgentSseController` — GET /sse (Server-Sent Events connection)
- `AgentCommandController` — POST /broadcast, POST /{agentId}, POST /{agentId}/ack
- `AppController` — CRUD /api/v1/apps, POST /{appId}/upload-jar, GET /{appId}/versions
- `DeploymentController` — GET/POST /api/v1/apps/{appId}/deployments, POST /{id}/stop, POST /{id}/promote, GET /{id}/logs
- `EnvironmentAdminController` — CRUD /api/v1/admin/environments, PUT /{id}/jar-retention
- `ExecutionController` — GET /api/v1/executions (search + detail)
- `SearchController` — POST /api/v1/search, GET /routes, GET /top-errors, GET /punchcard
- `LogQueryController` — GET /api/v1/logs, GET /tail
- `ChunkIngestionController` — POST /api/v1/ingestion/chunk/{executions|metrics|diagrams}
- `UserAdminController` — CRUD /api/v1/admin/users, POST /{id}/roles, POST /{id}/set-password
- `RoleAdminController` — CRUD /api/v1/admin/roles
- `GroupAdminController` — CRUD /api/v1/admin/groups
- `OidcConfigAdminController` — GET/POST /api/v1/admin/oidc, POST /test
- `AuditLogController` — GET /api/v1/admin/audit
- `MetricsController` — GET /api/v1/metrics, GET /timeseries
- `DiagramController` — GET /api/v1/diagrams/{id}, POST /
- `DiagramRenderController` — POST /api/v1/diagrams/render (ELK layout)
- `LicenseAdminController` — GET/POST /api/v1/admin/license
-
-**runtime/** — Docker orchestration
- `DockerRuntimeOrchestrator` — implements RuntimeOrchestrator; Docker Java client (zerodep transport), container lifecycle
- `DeploymentExecutor` — @Async staged deploy: PRE_FLIGHT -> PULL_IMAGE -> CREATE_NETWORK -> START_REPLICAS -> HEALTH_CHECK -> SWAP_TRAFFIC -> COMPLETE
- `DockerNetworkManager` — ensures bridge networks (cameleer-traefik, cameleer-env-{slug}), connects containers
- `DockerEventMonitor` — persistent Docker event stream listener (die, oom, start, stop), updates deployment status
- `TraefikLabelBuilder` — generates Traefik Docker labels for path-based or subdomain routing
- `DisabledRuntimeOrchestrator` — no-op when runtime not enabled
-
-**storage/** — PostgreSQL repositories (JdbcTemplate)
- `PostgresAppRepository`, `PostgresAppVersionRepository`, `PostgresEnvironmentRepository`
- `PostgresDeploymentRepository` — includes JSONB replica_states, deploy_stage, findByContainerId
- `PostgresUserRepository`, `PostgresRoleRepository`, `PostgresGroupRepository`
- `PostgresAuditRepository`, `PostgresOidcConfigRepository`, `PostgresClaimMappingRepository`
-
-**storage/** — ClickHouse stores
- `ClickHouseExecutionStore`, `ClickHouseMetricsStore`, `ClickHouseLogStore`
- `ClickHouseStatsStore` — pre-aggregated stats, punchcard
- `ClickHouseDiagramStore`, `ClickHouseAgentEventRepository`
- `ClickHouseSearchIndex` — full-text search
- `ClickHouseUsageTracker` — usage_events for billing
-
-**security/** — Spring Security
- `SecurityConfig` — WebSecurityFilterChain, JWT filter, CORS, OIDC conditional
- `JwtAuthenticationFilter` — OncePerRequestFilter, validates Bearer tokens
- `JwtServiceImpl` — HMAC-SHA256 JWT (Nimbus JOSE)
- `OidcAuthController` — /api/v1/auth/oidc (login-uri, token-exchange, logout)
- `OidcTokenExchanger` — code -> tokens, role extraction from access_token then id_token
- `OidcProviderHelper` — OIDC discovery, JWK source cache
-
-**agent/** — Agent lifecycle
- `SseConnectionManager` — manages per-agent SSE connections, delivers commands
- `AgentLifecycleMonitor` — @Scheduled 10s, LIVE->STALE->DEAD transitions
-
-**retention/** — JAR cleanup
- `JarRetentionJob` — @Scheduled 03:00 daily, per-environment retention, skips deployed versions
-
-**config/** — Spring beans
- `RuntimeOrchestratorAutoConfig` — conditional Docker/Disabled orchestrator + NetworkManager + EventMonitor
- `RuntimeBeanConfig` — DeploymentExecutor, AppService, EnvironmentService
- `SecurityBeanConfig` — JwtService, Ed25519, BootstrapTokenValidator
- `StorageBeanConfig` — all repositories
- `ClickHouseConfig` — ClickHouse JdbcTemplate, schema initializer
-
 ## Key Conventions

 - Java 17+ required
 - Spring Boot 3.4.3 parent POM
- Depends on `com.cameleer3:cameleer3-common` from Gitea Maven registry
+- Depends on `com.cameleer:cameleer-common` from Gitea Maven registry
 - Jackson `JavaTimeModule` for `Instant` deserialization
 - Communication: receives HTTP POST data from agents (executions, diagrams, metrics, logs), serves SSE event streams for config push/commands (config-update, deep-trace, replay, route-control)
- Environment filtering: all data queries (exchanges, dashboard stats, route metrics, agent events, correlation) filter by the selected environment. All commands (config-update, route-control, set-traced-processors, replay) target only agents in the selected environment when one is selected. `AgentRegistryService.findByApplicationAndEnvironment()` for environment-scoped command dispatch. Backend endpoints accept optional `environment` query parameter; null = all environments (backward compatible).
- Maintains agent instance registry (in-memory) with states: LIVE -> STALE -> DEAD. Auto-heals from JWT `env` claim + heartbeat body on heartbeat/SSE after server restart (priority: heartbeat `environmentId` > JWT `env` claim > `"default"`). Capabilities and route states updated on every heartbeat (protocol v2). Route catalog falls back to ClickHouse stats for route discovery when registry has incomplete data.
- Multi-tenancy: each server instance serves one tenant (configured via `CAMELEER_TENANT_ID`, default: `"default"`). Environments (dev/staging/prod) are first-class — agents send `environmentId` at registration and in heartbeats. JWT carries `env` claim for environment persistence across token refresh. PostgreSQL isolated via schema-per-tenant (`?currentSchema=tenant_{id}`). ClickHouse shared DB with `tenant_id` + `environment` columns, partitioned by `(tenant_id, toYYYYMM(timestamp))`.
+- URL taxonomy: user-facing data, config, and query endpoints live under `/api/v1/environments/{envSlug}/...`. Env is a path segment, resolved via the `@EnvPath` argument resolver (404 on unknown slug). Flat endpoints are only for: agent self-service (JWT-authoritative), cross-env admin (RBAC, OIDC, audit, license, thresholds, env CRUD), cross-env discovery (`/catalog`), content-addressed lookups (`/diagrams/{contentHash}/render`, `/executions/{id}`), and auth. See `.claude/rules/app-classes.md` for the full allow-list.
+- Slug immutability: environment and app slugs are immutable after creation (both appear in URLs, Docker network names, container names, and ClickHouse partition keys). Slug regex `^[a-z0-9][a-z0-9-]{0,63}$` is enforced on POST; update endpoints silently drop any slug field in the request body via Jackson's default unknown-property handling.
+- App uniqueness: `(environment_id, app_slug)` is the natural key. The same app slug can legitimately exist in multiple environments; `AppService.getByEnvironmentAndSlug(envId, slug)` is the canonical lookup for controllers. Bare `getBySlug(slug)` remains for internal use but is ambiguous across envs.
+- Environment filtering: all data queries filter by the selected environment. All commands target only agents in the selected environment. Env is required on every env-scoped endpoint (path param); the legacy `?environment=` query form is retired.
+- Maintains agent instance registry (in-memory) with states: LIVE -> STALE -> DEAD. Auto-heals from JWT `env` claim + heartbeat body on heartbeat/SSE after server restart (priority: heartbeat `environmentId` > JWT `env` claim; no silent default — missing env on heartbeat auto-heal returns 400). Registration (`POST /api/v1/agents/register`) requires `environmentId` in the request body; missing or blank returns 400. Capabilities and route states updated on every heartbeat (protocol v2). Route catalog merges three sources: in-memory agent registry, persistent `route_catalog` table (ClickHouse), and `stats_1m_route` execution stats. The persistent catalog tracks `first_seen`/`last_seen` per route per environment, updated on every registration and heartbeat. Routes appear in the sidebar when their lifecycle overlaps the selected time window (`first_seen <= to AND last_seen >= from`), so historical routes remain visible even after being dropped from newer app versions.
+- Multi-tenancy: each server instance serves one tenant (configured via `CAMELEER_SERVER_TENANT_ID`, default: `"default"`). Environments (dev/staging/prod) are first-class. PostgreSQL isolated via schema-per-tenant (`?currentSchema=tenant_{id}`) and `ApplicationName=tenant_{id}` on the JDBC URL. ClickHouse shared DB with `tenant_id` + `environment` columns, partitioned by `(tenant_id, toYYYYMM(timestamp))`.
 - Storage: PostgreSQL for RBAC, config, and audit; ClickHouse for all observability data (executions, search, logs, metrics, stats, diagrams). ClickHouse schema migrations in `clickhouse/*.sql`, run idempotently on startup by `ClickHouseSchemaInitializer`. Use `IF NOT EXISTS` for CREATE and ADD PROJECTION.
+- Log exchange correlation: `ClickHouseLogStore` extracts `exchange_id` from log entry MDC, preferring `cameleer.exchangeId` over `camel.exchangeId` (fallback for older agents). For `ON_COMPLETION` exchange copies, the agent sets `cameleer.exchangeId` to the parent's exchange ID via `CORRELATION_ID`.
+- Log processor correlation: The agent sets `cameleer.processorId` in MDC, identifying which processor node emitted a log line.
 - Logging: ClickHouse JDBC set to INFO (`com.clickhouse`), HTTP client to WARN (`org.apache.hc.client5`) in application.yml
- Security: JWT auth with RBAC (AGENT/VIEWER/OPERATOR/ADMIN roles), Ed25519 config signing (key derived deterministically from JWT secret via HMAC-SHA256), bootstrap token for registration. CORS: `CAMELEER_CORS_ALLOWED_ORIGINS` (comma-separated) overrides `CAMELEER_UI_ORIGIN` for multi-origin setups (e.g., reverse proxy). UI role gating: Admin sidebar/routes hidden for non-ADMIN; diagram toolbar and route control hidden for VIEWER. Read-only for VIEWER, editable for OPERATOR+. Role helpers: `useIsAdmin()`, `useCanControl()` in `auth-store.ts`. Route guard: `RequireAdmin` in `auth/RequireAdmin.tsx`. Last-ADMIN guard: system prevents removal of the last ADMIN role (409 Conflict on role removal, user deletion, group role removal). Password policy: min 12 chars, 3-of-4 character classes, no username match (enforced on user creation and admin password reset). Brute-force protection: 5 failed attempts -> 15 min lockout (tracked via `failed_login_attempts` / `locked_until` on users table). Token revocation: `token_revoked_before` column on users, checked in `JwtAuthenticationFilter`, set on password change.
- OIDC: Optional external identity provider support (token exchange pattern). Configured via admin API/UI, stored in database (`server_config` table). Configurable `userIdClaim` (default `sub`) determines which id_token claim is used as the user identifier. Resource server mode: accepts external access tokens (Logto M2M) via JWKS validation when `CAMELEER_OIDC_ISSUER_URI` is set. `CAMELEER_OIDC_JWK_SET_URI` overrides JWKS discovery for container networking. `CAMELEER_OIDC_TLS_SKIP_VERIFY=true` disables TLS cert verification for OIDC calls (self-signed CAs). Scope-based role mapping via `SystemRole.normalizeScope()` (case-insensitive, strips `server:` prefix): `admin`/`server:admin` -> ADMIN, `operator`/`server:operator` -> OPERATOR, `viewer`/`server:viewer` -> VIEWER. SSO: when OIDC enabled, UI auto-redirects to provider with `prompt=none` for silent sign-in; falls back to `/login?local` on `login_required`, retries without `prompt=none` on `consent_required`. Logout always redirects to `/login?local` (via OIDC end_session or direct fallback) to prevent SSO re-login loops. Auto-signup provisions new OIDC users with default roles. System roles synced on every OIDC login via `syncOidcRoles` — always overwrites directly-assigned roles (falls back to `defaultRoles` when OIDC returns none); uses `getDirectRolesForUser` to avoid touching group-inherited roles. Group memberships are never touched. Supports ES384, ES256, RS256. Shared OIDC logic in `OidcProviderHelper` (discovery, JWK source, algorithm set).
- OIDC role extraction: `OidcTokenExchanger` reads roles from the **access_token** first (JWT with `at+jwt` type, decoded by a separate processor), then falls back to id_token. `OidcConfig` includes `audience` (RFC 8707 resource indicator — included in both authorization request and token exchange POST body to trigger JWT access tokens) and `additionalScopes` (extra scopes for the SPA to request). The `rolesClaim` config points to the claim name in the token (e.g., `"roles"` for Custom JWT claims, `"realm_access.roles"` for Keycloak). All provider-specific configuration is external — no provider-specific code in the server.
- User persistence: PostgreSQL `users` table, admin CRUD at `/api/v1/admin/users`
+- Security: JWT auth with RBAC (AGENT/VIEWER/OPERATOR/ADMIN roles), Ed25519 config signing (key derived deterministically from JWT secret via HMAC-SHA256), bootstrap token for registration. CORS: `CAMELEER_SERVER_SECURITY_CORSALLOWEDORIGINS` (comma-separated) overrides `CAMELEER_SERVER_SECURITY_UIORIGIN` for multi-origin setups. Infrastructure access: `CAMELEER_SERVER_SECURITY_INFRASTRUCTUREENDPOINTS=false` disables Database and ClickHouse admin endpoints. Last-ADMIN guard: system prevents removal of the last ADMIN role (409 Conflict). Password policy: min 12 chars, 3-of-4 character classes, no username match. Brute-force protection: 5 failed attempts -> 15 min lockout. Token revocation: `token_revoked_before` column on users, checked in `JwtAuthenticationFilter`, set on password change.
+- OIDC: Optional external identity provider support (token exchange pattern). Configured via admin API/UI, stored in database (`server_config` table). Resource server mode: accepts external access tokens (Logto M2M) via JWKS validation when `CAMELEER_SERVER_SECURITY_OIDCISSUERURI` is set. Scope-based role mapping via `SystemRole.normalizeScope()`. System roles synced on every OIDC login via `applyClaimMappings()` in `OidcAuthController` (calls `clearManagedAssignments` + `assignManagedRole` on `RbacService`) — always overwrites managed role assignments; uses managed assignment origin to avoid touching group-inherited or directly-assigned roles. Supports ES384, ES256, RS256.
+- OIDC role extraction: `OidcTokenExchanger` reads roles from the **access_token** first (JWT with `at+jwt` type), then falls back to id_token. `OidcConfig` includes `audience` (RFC 8707 resource indicator) and `additionalScopes`. All provider-specific configuration is external — no provider-specific code in the server.
+- Sensitive keys: Global enforced baseline for masking sensitive data in agent payloads. Merge rule: `final = global UNION per-app` (case-insensitive dedup, per-app can only add, never remove global keys).
+- User persistence: PostgreSQL `users` table, admin CRUD at `/api/v1/admin/users`. `users.user_id` is the **bare** identifier — local users as `<username>`, OIDC users as `oidc:<sub>`. JWT `sub` carries the `user:` namespace prefix so `JwtAuthenticationFilter` can tell user tokens from agent tokens; write paths (`UiAuthController`, `OidcAuthController`, `UserAdminController`) all upsert unprefixed, and env-scoped read-path controllers strip the `user:` prefix before using the value as an FK to `users.user_id` / `user_roles.user_id`. Alerting / outbound FKs (`alert_rules.created_by`, `outbound_connections.created_by`, …) therefore all reference the bare form.
 - Usage analytics: ClickHouse `usage_events` table tracks authenticated UI requests, flushed every 5s

 ## Database Migrations

-PostgreSQL (Flyway): `cameleer3-server-app/src/main/resources/db/migration/`
- V1 — RBAC (users, roles, groups, audit_log)
- V2 — Claim mappings (OIDC)
- V3 — Runtime management (apps, environments, deployments, app_versions)
- V4 — Environment config (default_container_config JSONB)
- V5 — App container config (container_config JSONB on apps)
- V6 — JAR retention policy (jar_retention_count on environments)
- V7 — Deployment orchestration (target_state, deployment_strategy, replica_states JSONB, deploy_stage)
- V8 — Deployment active config (resolved_config JSONB on deployments)
- V9 — Password hardening (failed_login_attempts, locked_until, token_revoked_before on users)
+PostgreSQL (Flyway): `cameleer-server-app/src/main/resources/db/migration/`
+- V1 — Consolidated baseline schema. All prior V1–V18 evolution was collapsed before first prod deploy. Contains: RBAC (users, roles, groups, user_roles, user_groups, group_roles, claim_mapping_rules), runtime management (environments, apps, app_versions, deployments), env-scoped application config (application_config PK `(application, environment)`, app_settings PK `(application_id, environment)`), audit_log, outbound_connections, server_config, and the full alerting subsystem (alert_rules, alert_rule_targets, alert_instances, alert_silences, alert_notifications). Seeds the 4 system roles (AGENT/VIEWER/OPERATOR/ADMIN), the `Admins` group with ADMIN role, and a default environment. Invariants covered by `SchemaBootstrapIT`.

-ClickHouse: `cameleer3-server-app/src/main/resources/clickhouse/init.sql` (run idempotently on startup)
+ClickHouse: `cameleer-server-app/src/main/resources/clickhouse/init.sql` (run idempotently on startup)

-## CI/CD & Deployment
+## Regenerating OpenAPI schema (SPA types)

- CI workflow: `.gitea/workflows/ci.yml` — build -> docker -> deploy on push to main or feature branches
- Build step skips integration tests (`-DskipITs`) — Testcontainers needs Docker daemon
- Docker: multi-stage build (`Dockerfile`), `$BUILDPLATFORM` for native Maven on ARM64 runner, amd64 runtime
- `REGISTRY_TOKEN` build arg required for `cameleer3-common` dependency resolution
- Registry: `gitea.siegeln.net/cameleer/cameleer3-server` (container images)
- K8s manifests in `deploy/` — Kustomize base + overlays (main/feature), shared infra (PostgreSQL, ClickHouse, Logto) as top-level manifests
- Deployment target: k3s at 192.168.50.86, namespace `cameleer` (main), `cam-<slug>` (feature branches)
- Feature branches: isolated namespace, PG schema; Traefik Ingress at `<slug>-api.cameleer.siegeln.net`
- Secrets managed in CI deploy step (idempotent `--dry-run=client | kubectl apply`): `cameleer-auth`, `postgres-credentials`, `clickhouse-credentials`
- K8s probes: server uses `/api/v1/health`, PostgreSQL uses `pg_isready -U "$POSTGRES_USER"` (env var, not hardcoded)
- K8s security: server and database pods run with `securityContext.runAsNonRoot`. UI (nginx) runs without securityContext (needs root for entrypoint setup).
- Docker: server Dockerfile has no default credentials — all DB config comes from env vars at runtime
- Docker build uses buildx registry cache + `--provenance=false` for Gitea compatibility
- CI: branch slug sanitization extracted to `.gitea/sanitize-branch.sh`, sourced by docker and deploy-feature jobs
+After any change to REST controller paths, request/response DTOs, or `@PathVariable`/`@RequestParam`/`@RequestBody` signatures, regenerate the TypeScript types the SPA consumes. Required for every controller-level change.

-## UI Structure
+```bash
+# Backend must be running on :8081
+cd ui && npm run generate-api:live   # fetches fresh openapi.json AND regenerates schema.d.ts
+# OR, if openapi.json was updated by other means:
+cd ui && npm run generate-api        # regenerates schema.d.ts from existing openapi.json
+```

-The UI has 4 main tabs: **Exchanges**, **Dashboard**, **Runtime**, **Deployments**.
+After regeneration, `ui/src/api/schema.d.ts` and `ui/src/api/openapi.json` will update. The TypeScript compiler then surfaces every SPA call site that needs updating — fix all compile errors before testing in the browser. Commit the regenerated files with the controller change.

- **Exchanges** — route execution search and detail (`ui/src/pages/Exchanges/`)
- **Dashboard** — metrics and stats with L1/L2/L3 drill-down (`ui/src/pages/DashboardTab/`)
- **Runtime** — live agent status, logs, commands (`ui/src/pages/RuntimeTab/`)
- **Deployments** — app management, JAR upload, deployment lifecycle (`ui/src/pages/AppsTab/`)
-  - Config sub-tabs: **Variables | Monitoring | Traces & Taps | Route Recording | Resources**
-  - Create app: full page at `/apps/new` (not a modal)
-  - Deployment progress: `ui/src/components/DeploymentProgress.tsx` (7-stage step indicator)
+## Maintaining .claude/rules/

-### Key UI Files
-
- `ui/src/router.tsx` — React Router v6 routes
- `ui/src/config.ts` — apiBaseUrl, basePath
- `ui/src/auth/auth-store.ts` — Zustand: accessToken, user, roles, login/logout
- `ui/src/api/environment-store.ts` — Zustand: selected environment (localStorage)
- `ui/src/components/ContentTabs.tsx` — main tab switcher
- `ui/src/components/ExecutionDiagram/` — interactive trace view (canvas)
- `ui/src/components/ProcessDiagram/` — ELK-rendered route diagram
- `ui/src/hooks/useScope.ts` — TabKey type, scope inference
-
-## UI Styling
-
- Always use `@cameleer/design-system` CSS variables for colors (`var(--amber)`, `var(--error)`, `var(--success)`, etc.) — never hardcode hex values. This applies to CSS modules, inline styles, and SVG `fill`/`stroke` attributes. SVG presentation attributes resolve `var()` correctly. All colors use CSS variables (no hardcoded hex).
- Shared CSS modules in `ui/src/styles/` (table-section, log-panel, rate-colors, refresh-indicator, chart-card, section-card) — import these instead of duplicating patterns.
- Shared `PageLoader` component replaces copy-pasted spinner patterns.
- Design system components used consistently: `Select`, `Tabs`, `Toggle`, `Button`, `LogViewer`, `Label` — prefer DS components over raw HTML elements.
- Environment slugs are auto-computed from display name (read-only in UI).
- Brand assets: `@cameleer/design-system/assets/` provides `camel-logo.svg` (currentColor), `cameleer3-{16,32,48,192,512}.png`, and `cameleer3-logo.png`. Copied to `ui/public/` for use as favicon (`favicon-16.png`, `favicon-32.png`) and logo (`camel-logo.svg` — login dialog 36px, sidebar 28x24px).
- Sidebar generates `/exchanges/` paths directly (no legacy `/apps/` redirects). basePath is centralized in `ui/src/config.ts`; router.tsx imports it instead of re-reading `<base>` tag.
- Global user preferences (environment selection) use Zustand stores with localStorage persistence — never URL search params. URL params are for page-specific state only (e.g. `?text=` search query). Switching environment resets all filters and remounts pages.
-
-## Docker Orchestration
-
-When deployed via the cameleer-saas platform, this server orchestrates customer app containers using Docker. Key components:
-
- **ConfigMerger** (`core/runtime/ConfigMerger.java`) — pure function: resolve(globalDefaults, envConfig, appConfig) -> ResolvedContainerConfig. Three-layer merge: global (application.yml) -> environment (defaultContainerConfig JSONB) -> app (containerConfig JSONB).
- **TraefikLabelBuilder** (`app/runtime/TraefikLabelBuilder.java`) — generates Traefik Docker labels for path-based (`/{envSlug}/{appSlug}/`) or subdomain-based (`{appSlug}-{envSlug}.{domain}`) routing. Supports strip-prefix and SSL offloading toggles.
- **DockerNetworkManager** (`app/runtime/DockerNetworkManager.java`) — manages two Docker network tiers:
-  - `cameleer-traefik` — shared network; Traefik, server, and all app containers attach here. Server joined via docker-compose with `cameleer3-server` DNS alias.
-  - `cameleer-env-{slug}` — per-environment isolated network; containers in the same environment discover each other via Docker DNS.
- **DockerEventMonitor** (`app/runtime/DockerEventMonitor.java`) — persistent Docker event stream listener for containers with `managed-by=cameleer3-server` label. Detects die/oom/start/stop events and updates deployment replica states. Periodic reconciliation (@Scheduled every 30s) inspects actual container state and corrects deployment status mismatches (fixes stale DEGRADED with all replicas healthy).
- **DeploymentProgress** (`ui/src/components/DeploymentProgress.tsx`) — UI step indicator showing 7 deploy stages with amber active/green completed styling.
-
-### Deployment Status Model
-
-Deployments move through these statuses:
-
-| Status | Meaning |
-|--------|---------|
-| `STOPPED` | Intentionally stopped or initial state |
-| `STARTING` | Deploy in progress |
-| `RUNNING` | All replicas healthy and serving |
-| `DEGRADED` | Some replicas healthy, some dead |
-| `STOPPING` | Graceful shutdown in progress |
-| `FAILED` | Terminal failure (pre-flight, health check, or crash) |
-
-**Replica support**: deployments can specify a replica count. `DEGRADED` is used when at least one but not all replicas are healthy.
-
-**Deploy stages** (`DeployStage`): PRE_FLIGHT -> PULL_IMAGE -> CREATE_NETWORK -> START_REPLICAS -> HEALTH_CHECK -> SWAP_TRAFFIC -> COMPLETE (or FAILED at any stage).
-
-**Blue/green strategy**: when re-deploying, new replicas are started and health-checked before old ones are stopped, minimising downtime.
-
-**Deployment uniqueness**: `DeploymentService.createDeployment()` deletes any STOPPED/FAILED deployments for the same app+environment before creating a new one, preventing duplicate rows.
-
-### JAR Management
-
- **Retention policy** per environment: configurable maximum number of JAR versions to keep. Older JARs are deleted automatically.
- **Nightly cleanup job** (`JarRetentionJob`, Spring `@Scheduled` 03:00): purges JARs exceeding the retention limit and removes orphaned files not referenced by any app version. Skips versions currently deployed.
- **Volume-based JAR mounting** for Docker-in-Docker setups: set `CAMELEER_JAR_DOCKER_VOLUME` to the Docker volume name that contains the JAR storage directory. When set, the orchestrator mounts this volume into the container instead of bind-mounting the host path (required when the SaaS container itself runs inside Docker and the host path is not accessible from sibling containers).
-
-### nginx / Reverse Proxy
-
- `client_max_body_size 200m` is required in the nginx config to allow JAR uploads up to 200 MB. Without this, large JAR uploads return 413.
+When adding, removing, or renaming classes, controllers, endpoints, UI components, or metrics, update the corresponding `.claude/rules/` file as part of the same change. The rule files are the class/API map that future sessions rely on — stale rules cause wrong assumptions. Treat rule file updates like updating an import: part of the change, not a separate task.

 ## Disabled Skills

@@ -274,7 +96,7 @@ Deployments move through these statuses:
 <!-- gitnexus:start -->
 # GitNexus — Code Intelligence

-This project is indexed by GitNexus as **cameleer3-server** (5509 symbols, 13919 relationships, 300 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely.
+This project is indexed by GitNexus as **cameleer-server** (9731 symbols, 24987 relationships, 300 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely.

 > If any GitNexus tool warns the index is stale, run `npx gitnexus analyze` in terminal first.

@@ -290,7 +112,7 @@ This project is indexed by GitNexus as **cameleer3-server** (5509 symbols, 13919

 1. `gitnexus_query({query: "<error or symptom>"})` — find execution flows related to the issue
 2. `gitnexus_context({name: "<suspect function>"})` — see all callers, callees, and process participation
-3. `READ gitnexus://repo/cameleer3-server/process/{processName}` — trace the full execution flow step by step
+3. `READ gitnexus://repo/cameleer-server/process/{processName}` — trace the full execution flow step by step
 4. For regressions: `gitnexus_detect_changes({scope: "compare", base_ref: "main"})` — see what your branch changed

 ## When Refactoring
@@ -329,10 +151,10 @@ This project is indexed by GitNexus as **cameleer3-server** (5509 symbols, 13919

 | Resource | Use for |
 |----------|---------|
-| `gitnexus://repo/cameleer3-server/context` | Codebase overview, check index freshness |
-| `gitnexus://repo/cameleer3-server/clusters` | All functional areas |
-| `gitnexus://repo/cameleer3-server/processes` | All execution flows |
-| `gitnexus://repo/cameleer3-server/process/{name}` | Step-by-step execution trace |
+| `gitnexus://repo/cameleer-server/context` | Codebase overview, check index freshness |
+| `gitnexus://repo/cameleer-server/clusters` | All functional areas |
+| `gitnexus://repo/cameleer-server/processes` | All execution flows |
+| `gitnexus://repo/cameleer-server/process/{name}` | Step-by-step execution trace |

 ## Self-Check Before Finishing

--- a/22
+++ b/22
@@ -1,14 +1,18 @@
 FROM --platform=$BUILDPLATFORM maven:3.9-eclipse-temurin-17 AS build
 WORKDIR /build

-# Configure Gitea Maven Registry for cameleer3-common dependency
-ARG REGISTRY_TOKEN
-RUN mkdir -p ~/.m2 && \
-    echo '<settings><servers><server><id>gitea</id><username>cameleer</username><password>'${REGISTRY_TOKEN}'</password></server></servers></settings>' > ~/.m2/settings.xml
+# Optional auth for Gitea Maven Registry. The `cameleer/cameleer-common` package
+# is published publicly, so empty token → anonymous pull (no settings.xml).
+# Private packages require a non-empty token.
+ARG REGISTRY_TOKEN=""
+RUN if [ -n "$REGISTRY_TOKEN" ]; then \
+      mkdir -p ~/.m2 && \
+      printf '<settings><servers><server><id>gitea</id><username>cameleer</username><password>%s</password></server></servers></settings>\n' "$REGISTRY_TOKEN" > ~/.m2/settings.xml; \
+    fi

 COPY pom.xml .
-COPY cameleer3-server-core/pom.xml cameleer3-server-core/
-COPY cameleer3-server-app/pom.xml cameleer3-server-app/
+COPY cameleer-server-core/pom.xml cameleer-server-core/
+COPY cameleer-server-app/pom.xml cameleer-server-app/
 # Cache deps — only re-downloaded when POMs change
 RUN mvn dependency:go-offline -B || true
 COPY . .
@@ -16,8 +20,10 @@ RUN mvn clean package -DskipTests -U -B

 FROM eclipse-temurin:17-jre
 WORKDIR /app
-COPY --from=build /build/cameleer3-server-app/target/cameleer3-server-app-*.jar /app/server.jar
+COPY --from=build /build/cameleer-server-app/target/cameleer-server-app-*.jar /app/server.jar
+COPY docker-entrypoint.sh /app/
+RUN chmod +x /app/docker-entrypoint.sh

 EXPOSE 8081
 ENV TZ=UTC
-ENTRYPOINT exec java -Duser.timezone=UTC -jar /app/server.jar
+ENTRYPOINT ["/app/docker-entrypoint.sh"]
--- a/HOWTO.md
+++ b/HOWTO.md
@@ -1,4 +1,4 @@
-# HOWTO — Cameleer3 Server
+# HOWTO — Cameleer Server

 ## Prerequisites

@@ -6,7 +6,7 @@
 - Maven 3.9+
 - Node.js 22+ and npm
 - Docker & Docker Compose
- Access to the Gitea Maven registry (for `cameleer3-common` dependency)
+- Access to the Gitea Maven registry (for `cameleer-common` dependency)

 ## Build

@@ -19,38 +19,99 @@ mvn clean compile          # compile only
 mvn clean verify           # compile + run all tests (needs Docker for integration tests)
 ```

-## Infrastructure Setup
+## Start a brand-new local environment (Docker)

-Start PostgreSQL:
+The repo ships a `docker-compose.yml` with the full stack: PostgreSQL, ClickHouse, the Spring Boot server, and the nginx-served SPA. All dev defaults are baked into the compose file — no `.env` file or extra config needed for a first run.

 ```bash
+# 1. Clean slate (safe if this is already a first run — noop when no volumes exist)
+docker compose down -v
+
+# 2. Build + start everything. First run rebuilds both images (~2–4 min).
+docker compose up -d --build
+
+# 3. Watch the server come up (health check goes green in ~60–90s after Flyway + ClickHouse init)
+docker compose logs -f cameleer-server
+#   ready when you see "Started CameleerServerApplication in ...".
+#   Ctrl+C when ready — containers keep running.
+
+# 4. Smoke test
+curl -s http://localhost:8081/api/v1/health     # → {"status":"UP"}
+```
+
+Open the UI at **http://localhost:8080** (nginx) and log in with **admin / admin**.
+
+| Service    | Host port | URL / notes |
+|------------|-----------|-------------|
+| Web UI (nginx) | 8080 | http://localhost:8080 — proxies `/api` to the server |
+| Server API | 8081 | http://localhost:8081/api/v1/health, http://localhost:8081/api/v1/swagger-ui.html |
+| PostgreSQL | 5432 | user `cameleer`, password `cameleer_dev`, db `cameleer` |
+| ClickHouse | 8123 (HTTP), 9000 (native) | user `default`, no password, db `cameleer` |
+
+**Dev credentials baked into compose (do not use in production):**
+
+| Purpose | Value |
+|---|---|
+| UI login | `admin` / `admin` |
+| Bootstrap token (agent registration) | `dev-bootstrap-token-for-local-agent-registration` |
+| JWT secret | `dev-jwt-secret-32-bytes-min-0123456789abcdef0123456789abcdef` |
+| `CAMELEER_SERVER_RUNTIME_ENABLED` | `false` (Docker-in-Docker app orchestration off for the local stack) |
+
+Override any of these by editing `docker-compose.yml` or passing `-e KEY=value` to `docker compose run`.
+
+### Common lifecycle commands
+
+```bash
+# Stop everything but keep volumes (quick restart later)
+docker compose stop
+
+# Start again after a stop
+docker compose start
+
+# Apply changes to the server code / UI — rebuild just what changed
+docker compose up -d --build cameleer-server
+docker compose up -d --build cameleer-ui
+
+# Wipe the environment completely (drops PG + ClickHouse volumes — all data gone)
+docker compose down -v
+
+# Fresh Flyway run by dropping just the PG volume (keeps ClickHouse data)
+docker compose down
+docker volume rm cameleer-server_cameleer-pgdata
 docker compose up -d
 ```

-This starts PostgreSQL 16. The database schema is applied automatically via Flyway migrations on server startup. ClickHouse tables are created by the schema initializer on startup.
+### Infra-only mode (backend via `mvn` / UI via Vite)

-| Service    | Port | Purpose              |
-|------------|------|----------------------|
-| PostgreSQL | 5432 | JDBC (Spring JDBC)   |
-
-PostgreSQL credentials: `cameleer` / `cameleer_dev`, database `cameleer3`.
-
-## Run the Server
+If you want to iterate on backend/UI code without rebuilding the server image on every change, start just the databases and run the server + UI locally:

 ```bash
+# 1. Only infra containers
+docker compose up -d cameleer-postgres cameleer-clickhouse
+
+# 2. Build and run the server jar against those containers
 mvn clean package -DskipTests
-SPRING_DATASOURCE_URL=jdbc:postgresql://localhost:5432/cameleer3 \
+SPRING_DATASOURCE_URL="jdbc:postgresql://localhost:5432/cameleer?currentSchema=tenant_default&ApplicationName=tenant_default" \
 SPRING_DATASOURCE_USERNAME=cameleer \
 SPRING_DATASOURCE_PASSWORD=cameleer_dev \
-CAMELEER_AUTH_TOKEN=my-secret-token \
-java -jar cameleer3-server-app/target/cameleer3-server-app-1.0-SNAPSHOT.jar
+SPRING_FLYWAY_USER=cameleer \
+SPRING_FLYWAY_PASSWORD=cameleer_dev \
+CAMELEER_SERVER_CLICKHOUSE_URL="jdbc:clickhouse://localhost:8123/cameleer" \
+CAMELEER_SERVER_CLICKHOUSE_USERNAME=default \
+CAMELEER_SERVER_CLICKHOUSE_PASSWORD= \
+CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN=dev-bootstrap-token-for-local-agent-registration \
+CAMELEER_SERVER_SECURITY_JWTSECRET=dev-jwt-secret-32-bytes-min-0123456789abcdef0123456789abcdef \
+CAMELEER_SERVER_RUNTIME_ENABLED=false \
+CAMELEER_SERVER_TENANT_ID=default \
+java -jar cameleer-server-app/target/cameleer-server-app-1.0-SNAPSHOT.jar
+
+# 3. In another terminal — Vite dev server on :5173 (proxies /api → :8081)
+cd ui && npm install && npm run dev
 ```

-> **Note:** The Docker image no longer includes default database credentials. When running via `docker run`, pass `-e SPRING_DATASOURCE_URL=...` etc. The docker-compose setup provides these automatically.
+Database schema is applied automatically: PostgreSQL via Flyway migrations on server startup, ClickHouse tables via `ClickHouseSchemaInitializer`. No manual DDL needed.

-The server starts on **port 8081**. The `CAMELEER_AUTH_TOKEN` environment variable is **required** — the server fails fast on startup if it is not set.
-
-For token rotation without downtime, set `CAMELEER_AUTH_TOKEN_PREVIOUS` to the old token while rolling out the new one. The server accepts both during the overlap window.
+`CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN` is **required** for agent registration — the server fails fast on startup if it's not set. For token rotation without downtime, set `CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKENPREVIOUS` to the old token while rolling out the new one — the server accepts both during the overlap window.

 ## API Endpoints

@@ -89,7 +150,7 @@ curl -s -X POST http://localhost:8081/api/v1/auth/refresh \
  -d '{"refreshToken":"<refreshToken>"}'
 ```

-UI credentials are configured via `CAMELEER_UI_USER` / `CAMELEER_UI_PASSWORD` env vars (default: `admin` / `admin`).
+UI credentials are configured via `CAMELEER_SERVER_SECURITY_UIUSER` / `CAMELEER_SERVER_SECURITY_UIPASSWORD` env vars (default: `admin` / `admin`).

 **Public endpoints (no JWT required):** `GET /api/v1/health`, `POST /api/v1/agents/register` (uses bootstrap token), `POST /api/v1/auth/**`, OpenAPI/Swagger docs.

@@ -146,7 +207,7 @@ curl -s -X PUT http://localhost:8081/api/v1/admin/oidc \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
    "enabled": true,
-    "issuerUri": "http://logto:3001/oidc",
+    "issuerUri": "http://cameleer-logto:3001/oidc",
    "clientId": "your-client-id",
    "clientSecret": "your-client-secret",
    "rolesClaim": "realm_access.roles",
@@ -162,7 +223,7 @@ curl -s -X DELETE http://localhost:8081/api/v1/admin/oidc \
  -H "Authorization: Bearer $TOKEN"
 ```

-**Initial provisioning**: OIDC can also be seeded from `CAMELEER_OIDC_*` env vars on first startup (when DB is empty). After that, the admin API takes over.
+**Initial provisioning**: OIDC can also be seeded from `CAMELEER_SERVER_SECURITY_OIDC*` env vars on first startup (when DB is empty). After that, the admin API takes over.

 ### Logto Setup (OIDC Provider)

@@ -183,21 +244,15 @@ Logto is proxy-aware via `TRUST_PROXY_HEADER=1`. The `LOGTO_ENDPOINT` and `LOGTO
   - Name: `Cameleer SaaS`
   - Assign the API Resource created above with `server:admin` scope
   - Note the **Client ID** and **Client Secret**
-5. **Configure Cameleer OIDC login**: Use the admin API (`PUT /api/v1/admin/oidc`) or set env vars for initial seeding:
-   ```
-   CAMELEER_OIDC_ENABLED=true
-   CAMELEER_OIDC_ISSUER=<LOGTO_ENDPOINT>/oidc
-   CAMELEER_OIDC_CLIENT_ID=<client-id-from-step-2>
-   CAMELEER_OIDC_CLIENT_SECRET=<not-needed-for-public-spa>
-   ```
+5. **Configure Cameleer OIDC login**: Use the admin API (`PUT /api/v1/admin/oidc`) or the admin UI. OIDC login configuration is stored in the database — no env vars needed for the SPA OIDC flow.
 6. **Configure resource server** (for M2M token validation):
   ```
-   CAMELEER_OIDC_ISSUER_URI=<LOGTO_ENDPOINT>/oidc
-   CAMELEER_OIDC_JWK_SET_URI=http://logto:3001/oidc/jwks
-   CAMELEER_OIDC_AUDIENCE=<api-resource-indicator-from-step-3>
-   CAMELEER_OIDC_TLS_SKIP_VERIFY=true   # optional — skip cert verification for self-signed CAs
+   CAMELEER_SERVER_SECURITY_OIDCISSUERURI=<LOGTO_ENDPOINT>/oidc
+   CAMELEER_SERVER_SECURITY_OIDCJWKSETURI=http://cameleer-logto:3001/oidc/jwks
+   CAMELEER_SERVER_SECURITY_OIDCAUDIENCE=<api-resource-indicator-from-step-3>
+   CAMELEER_SERVER_SECURITY_OIDCTLSSKIPVERIFY=true   # optional — skip cert verification for self-signed CAs
   ```
-   `JWK_SET_URI` is needed when the public issuer URL isn't reachable from inside containers — it fetches JWKS directly from the internal Logto service. `TLS_SKIP_VERIFY` disables certificate verification for all OIDC HTTP calls (discovery, token exchange, JWKS); use only when the provider has a self-signed CA.
+   `OIDCJWKSETURI` is needed when the public issuer URL isn't reachable from inside containers — it fetches JWKS directly from the internal Logto service. `OIDCTLSSKIPVERIFY` disables certificate verification for all OIDC HTTP calls (discovery, token exchange, JWKS); use only when the provider has a self-signed CA.

 ### SSO Behavior

@@ -248,19 +303,18 @@ curl -s -X POST http://localhost:8081/api/v1/data/metrics \
  -H "Authorization: Bearer $TOKEN" \
  -d '[{"agentId":"agent-1","metricName":"cpu","value":42.0,"timestamp":"2026-03-11T00:00:00Z","tags":{}}]'

-# Post application log entries (batch)
+# Post application log entries (raw JSON array — no wrapper)
 curl -s -X POST http://localhost:8081/api/v1/data/logs \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
-  -d '{
-    "entries": [{
-      "timestamp": "2026-03-25T10:00:00Z",
-      "level": "INFO",
-      "loggerName": "com.acme.MyService",
-      "message": "Processing order #12345",
-      "threadName": "main"
-    }]
-  }'
+  -d '[{
+    "timestamp": "2026-03-25T10:00:00Z",
+    "level": "INFO",
+    "loggerName": "com.acme.MyService",
+    "message": "Processing order #12345",
+    "threadName": "main",
+    "source": "app"
+  }]'
 ```

 **Note:** The `X-Protocol-Version: 1` header is required on all `/api/v1/data/**` endpoints. Missing or wrong version returns 400.
@@ -385,36 +439,85 @@ When the write buffer is full (default capacity: 50,000), ingestion endpoints re

 ## Configuration

-Key settings in `cameleer3-server-app/src/main/resources/application.yml`:
+Key settings in `cameleer-server-app/src/main/resources/application.yml`. All custom properties live under `cameleer.server.*`. Env vars are a mechanical 1:1 mapping (dots to underscores, uppercase).

-| Setting | Default | Description |
-|---------|---------|-------------|
-| `server.port` | 8081 | Server port |
-| `ingestion.buffer-capacity` | 50000 | Max items in write buffer |
-| `ingestion.batch-size` | 5000 | Items per batch insert |
-| `ingestion.flush-interval-ms` | 1000 | Buffer flush interval (ms) |
-| `agent-registry.heartbeat-interval-seconds` | 30 | Expected heartbeat interval |
-| `agent-registry.stale-threshold-seconds` | 90 | Time before agent marked STALE |
-| `agent-registry.dead-threshold-seconds` | 300 | Time after STALE before DEAD |
-| `agent-registry.command-expiry-seconds` | 60 | Pending command TTL |
-| `agent-registry.keepalive-interval-seconds` | 15 | SSE ping keepalive interval |
-| `security.access-token-expiry-ms` | 3600000 | JWT access token lifetime (1h) |
-| `security.refresh-token-expiry-ms` | 604800000 | Refresh token lifetime (7d) |
-| `security.bootstrap-token` | `${CAMELEER_AUTH_TOKEN}` | Bootstrap token for agent registration (required) |
-| `security.bootstrap-token-previous` | `${CAMELEER_AUTH_TOKEN_PREVIOUS}` | Previous bootstrap token for rotation (optional) |
-| `security.ui-user` | `admin` | UI login username (`CAMELEER_UI_USER` env var) |
-| `security.ui-password` | `admin` | UI login password (`CAMELEER_UI_PASSWORD` env var) |
-| `security.ui-origin` | `http://localhost:5173` | CORS allowed origin for UI (`CAMELEER_UI_ORIGIN` env var) |
-| `security.cors-allowed-origins` | *(empty)* | Comma-separated CORS origins (`CAMELEER_CORS_ALLOWED_ORIGINS`) — overrides `ui-origin` when set |
-| `security.jwt-secret` | *(random)* | HMAC secret for JWT signing (`CAMELEER_JWT_SECRET`). If set, tokens survive restarts |
-| `security.oidc.enabled` | `false` | Enable OIDC login (`CAMELEER_OIDC_ENABLED`) |
-| `security.oidc.issuer-uri` | | OIDC provider issuer URL (`CAMELEER_OIDC_ISSUER`) |
-| `security.oidc.client-id` | | OAuth2 client ID (`CAMELEER_OIDC_CLIENT_ID`) |
-| `security.oidc.client-secret` | | OAuth2 client secret (`CAMELEER_OIDC_CLIENT_SECRET`) |
-| `security.oidc.roles-claim` | `realm_access.roles` | JSONPath to roles in OIDC id_token (`CAMELEER_OIDC_ROLES_CLAIM`) |
-| `security.oidc.default-roles` | `VIEWER` | Default roles for new OIDC users (`CAMELEER_OIDC_DEFAULT_ROLES`) |
-| `cameleer.indexer.debounce-ms` | `2000` | Search indexer debounce delay (`CAMELEER_INDEXER_DEBOUNCE_MS`) |
-| `cameleer.indexer.queue-size` | `10000` | Search indexer queue capacity (`CAMELEER_INDEXER_QUEUE_SIZE`) |
+**Security** (`cameleer.server.security.*`):
+
+| Setting | Default | Env var | Description |
+|---------|---------|---------|-------------|
+| `cameleer.server.security.bootstraptoken` | *(required)* | `CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN` | Bootstrap token for agent registration |
+| `cameleer.server.security.bootstraptokenprevious` | *(empty)* | `CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKENPREVIOUS` | Previous bootstrap token for rotation |
+| `cameleer.server.security.uiuser` | `admin` | `CAMELEER_SERVER_SECURITY_UIUSER` | UI login username |
+| `cameleer.server.security.uipassword` | `admin` | `CAMELEER_SERVER_SECURITY_UIPASSWORD` | UI login password |
+| `cameleer.server.security.uiorigin` | `http://localhost:5173` | `CAMELEER_SERVER_SECURITY_UIORIGIN` | CORS allowed origin for UI |
+| `cameleer.server.security.corsallowedorigins` | *(empty)* | `CAMELEER_SERVER_SECURITY_CORSALLOWEDORIGINS` | Comma-separated CORS origins — overrides `uiorigin` when set |
+| `cameleer.server.security.jwtsecret` | *(random)* | `CAMELEER_SERVER_SECURITY_JWTSECRET` | HMAC secret for JWT signing. If set, tokens survive restarts |
+| `cameleer.server.security.accesstokenexpiryms` | `3600000` | `CAMELEER_SERVER_SECURITY_ACCESSTOKENEXPIRYMS` | JWT access token lifetime (1h) |
+| `cameleer.server.security.refreshtokenexpiryms` | `604800000` | `CAMELEER_SERVER_SECURITY_REFRESHTOKENEXPIRYMS` | Refresh token lifetime (7d) |
+| `cameleer.server.security.infrastructureendpoints` | `true` | `CAMELEER_SERVER_SECURITY_INFRASTRUCTUREENDPOINTS` | Show DB/ClickHouse admin endpoints. Set `false` in SaaS-managed mode |
+
+**OIDC resource server** (`cameleer.server.security.oidc.*`):
+
+| Setting | Default | Env var | Description |
+|---------|---------|---------|-------------|
+| `cameleer.server.security.oidc.issueruri` | *(empty)* | `CAMELEER_SERVER_SECURITY_OIDC_ISSUERURI` | OIDC issuer URI — enables resource server mode |
+| `cameleer.server.security.oidc.jwkseturi` | *(empty)* | `CAMELEER_SERVER_SECURITY_OIDC_JWKSETURI` | Direct JWKS URL — bypasses OIDC discovery |
+| `cameleer.server.security.oidc.audience` | *(empty)* | `CAMELEER_SERVER_SECURITY_OIDC_AUDIENCE` | Expected JWT audience |
+| `cameleer.server.security.oidc.tlsskipverify` | `false` | `CAMELEER_SERVER_SECURITY_OIDC_TLSSKIPVERIFY` | Skip TLS cert verification for OIDC calls |
+
+**Note:** OIDC *login* configuration (issuer, client ID, client secret, roles claim, default roles) is stored in the database and managed via the admin API (`PUT /api/v1/admin/oidc`) or admin UI. The env vars above are for resource server mode (M2M token validation) only.
+
+**Ingestion** (`cameleer.server.ingestion.*`):
+
+| Setting | Default | Env var | Description |
+|---------|---------|---------|-------------|
+| `cameleer.server.ingestion.buffercapacity` | `50000` | `CAMELEER_SERVER_INGESTION_BUFFERCAPACITY` | Max items in write buffer |
+| `cameleer.server.ingestion.batchsize` | `5000` | `CAMELEER_SERVER_INGESTION_BATCHSIZE` | Items per batch insert |
+| `cameleer.server.ingestion.flushintervalms` | `5000` | `CAMELEER_SERVER_INGESTION_FLUSHINTERVALMS` | Buffer flush interval (ms) |
+| `cameleer.server.ingestion.bodysizelimit` | `16384` | `CAMELEER_SERVER_INGESTION_BODYSIZELIMIT` | Max body size per execution (bytes) |
+
+**Agent registry** (`cameleer.server.agentregistry.*`):
+
+| Setting | Default | Env var | Description |
+|---------|---------|---------|-------------|
+| `cameleer.server.agentregistry.heartbeatintervalms` | `30000` | `CAMELEER_SERVER_AGENTREGISTRY_HEARTBEATINTERVALMS` | Expected heartbeat interval (ms) |
+| `cameleer.server.agentregistry.stalethresholdms` | `90000` | `CAMELEER_SERVER_AGENTREGISTRY_STALETHRESHOLDMS` | Time before agent marked STALE (ms) |
+| `cameleer.server.agentregistry.deadthresholdms` | `300000` | `CAMELEER_SERVER_AGENTREGISTRY_DEADTHRESHOLDMS` | Time after STALE before DEAD (ms) |
+| `cameleer.server.agentregistry.pingintervalms` | `15000` | `CAMELEER_SERVER_AGENTREGISTRY_PINGINTERVALMS` | SSE ping keepalive interval (ms) |
+| `cameleer.server.agentregistry.commandexpiryms` | `60000` | `CAMELEER_SERVER_AGENTREGISTRY_COMMANDEXPIRYMS` | Pending command TTL (ms) |
+| `cameleer.server.agentregistry.lifecyclecheckintervalms` | `10000` | `CAMELEER_SERVER_AGENTREGISTRY_LIFECYCLECHECKINTERVALMS` | Lifecycle monitor interval (ms) |
+
+**Runtime** (`cameleer.server.runtime.*`):
+
+| Setting | Default | Env var | Description |
+|---------|---------|---------|-------------|
+| `cameleer.server.runtime.enabled` | `true` | `CAMELEER_SERVER_RUNTIME_ENABLED` | Enable Docker orchestration |
+| `cameleer.server.runtime.baseimage` | `cameleer-runtime-base:latest` | `CAMELEER_SERVER_RUNTIME_BASEIMAGE` | Base Docker image for app containers |
+| `cameleer.server.runtime.dockernetwork` | `cameleer` | `CAMELEER_SERVER_RUNTIME_DOCKERNETWORK` | Primary Docker network |
+| `cameleer.server.runtime.jarstoragepath` | `/data/jars` | `CAMELEER_SERVER_RUNTIME_JARSTORAGEPATH` | JAR file storage directory |
+| `cameleer.server.runtime.jardockervolume` | *(empty)* | `CAMELEER_SERVER_RUNTIME_JARDOCKERVOLUME` | Docker volume for JAR sharing |
+| `cameleer.server.runtime.routingmode` | `path` | `CAMELEER_SERVER_RUNTIME_ROUTINGMODE` | `path` or `subdomain` Traefik routing |
+| `cameleer.server.runtime.routingdomain` | `localhost` | `CAMELEER_SERVER_RUNTIME_ROUTINGDOMAIN` | Domain for Traefik routing labels |
+| `cameleer.server.runtime.serverurl` | *(empty)* | `CAMELEER_SERVER_RUNTIME_SERVERURL` | Server URL injected into app containers |
+| `cameleer.server.runtime.certresolver` | *(empty)* | `CAMELEER_SERVER_RUNTIME_CERTRESOLVER` | Traefik TLS cert resolver name (e.g. `letsencrypt`). Blank = omit the `tls.certresolver` label and let Traefik serve the default TLS-store cert |
+| `cameleer.server.runtime.agenthealthport` | `9464` | `CAMELEER_SERVER_RUNTIME_AGENTHEALTHPORT` | Agent health check port |
+| `cameleer.server.runtime.healthchecktimeout` | `60` | `CAMELEER_SERVER_RUNTIME_HEALTHCHECKTIMEOUT` | Health check timeout (seconds) |
+| `cameleer.server.runtime.container.memorylimit` | `512m` | `CAMELEER_SERVER_RUNTIME_CONTAINER_MEMORYLIMIT` | Default memory limit for app containers |
+| `cameleer.server.runtime.container.cpushares` | `512` | `CAMELEER_SERVER_RUNTIME_CONTAINER_CPUSHARES` | Default CPU shares for app containers |
+
+**Other** (`cameleer.server.*`):
+
+| Setting | Default | Env var | Description |
+|---------|---------|---------|-------------|
+| `cameleer.server.catalog.discoveryttldays` | `7` | `CAMELEER_SERVER_CATALOG_DISCOVERYTTLDAYS` | Days before stale discovered apps auto-hide from sidebar |
+| `cameleer.server.tenant.id` | `default` | `CAMELEER_SERVER_TENANT_ID` | Tenant identifier |
+| `cameleer.server.indexer.debouncems` | `2000` | `CAMELEER_SERVER_INDEXER_DEBOUNCEMS` | Search indexer debounce delay (ms) |
+| `cameleer.server.indexer.queuesize` | `10000` | `CAMELEER_SERVER_INDEXER_QUEUESIZE` | Search indexer queue capacity |
+| `cameleer.server.license.token` | *(empty)* | `CAMELEER_SERVER_LICENSE_TOKEN` | License token |
+| `cameleer.server.license.publickey` | *(empty)* | `CAMELEER_SERVER_LICENSE_PUBLICKEY` | License verification public key |
+| `cameleer.server.clickhouse.url` | `jdbc:clickhouse://localhost:8123/cameleer` | `CAMELEER_SERVER_CLICKHOUSE_URL` | ClickHouse JDBC URL |
+| `cameleer.server.clickhouse.username` | `default` | `CAMELEER_SERVER_CLICKHOUSE_USERNAME` | ClickHouse user |
+| `cameleer.server.clickhouse.password` | *(empty)* | `CAMELEER_SERVER_CLICKHOUSE_PASSWORD` | ClickHouse password |

 ## Web UI Development

@@ -425,7 +528,7 @@ npm run dev          # Vite dev server on http://localhost:5173 (proxies /api to
 npm run build        # Production build to ui/dist/
 ```

-Login with `admin` / `admin` (or whatever `CAMELEER_UI_USER` / `CAMELEER_UI_PASSWORD` are set to).
+Login with `admin` / `admin` (or whatever `CAMELEER_SERVER_SECURITY_UIUSER` / `CAMELEER_SERVER_SECURITY_UIPASSWORD` are set to).

 The UI uses runtime configuration via `public/config.js`. In Kubernetes, a ConfigMap overrides this file to set the correct API base URL.

@@ -446,10 +549,10 @@ Integration tests use Testcontainers (starts PostgreSQL automatically — requir
 mvn verify

 # Unit tests only (no Docker needed)
-mvn test -pl cameleer3-server-core
+mvn test -pl cameleer-server-core

 # Specific integration test
-mvn test -pl cameleer3-server-app -Dtest=ExecutionControllerIT
+mvn test -pl cameleer-server-app -Dtest=ExecutionControllerIT
 ```

 ## Verify Database Data
@@ -457,7 +560,7 @@ mvn test -pl cameleer3-server-app -Dtest=ExecutionControllerIT
 After posting data and waiting for the flush interval (1s default):

 ```bash
-docker exec -it cameleer3-server-postgres-1 psql -U cameleer -d cameleer3 \
+docker exec -it cameleer-server-postgres-1 psql -U cameleer -d cameleer \
  -c "SELECT count(*) FROM route_executions"
 ```

@@ -469,10 +572,10 @@ The full stack is deployed to k3s via CI/CD on push to `main`. K8s manifests are

 ```
 cameleer namespace:
-  PostgreSQL (StatefulSet, 10Gi PVC)       ← postgres:5432 (ClusterIP)
-  ClickHouse (StatefulSet, 10Gi PVC)       ← clickhouse:8123 (ClusterIP)
-  cameleer3-server (Deployment)            ← NodePort 30081
-  cameleer3-ui (Deployment, Nginx)         ← NodePort 30090
+  PostgreSQL (StatefulSet, 10Gi PVC)       ← cameleer-postgres:5432 (ClusterIP)
+  ClickHouse (StatefulSet, 10Gi PVC)       ← cameleer-clickhouse:8123 (ClusterIP)
+  cameleer-server (Deployment)            ← NodePort 30081
+  cameleer-ui (Deployment, Nginx)         ← NodePort 30090
  cameleer-deploy-demo (Deployment)        ← NodePort 30092
  Logto Server (Deployment)               ← NodePort 30951/30952
  Logto PostgreSQL (StatefulSet, 1Gi)     ← ClusterIP
@@ -496,7 +599,7 @@ cameleer-demo namespace:

 Push to `main` triggers: **build** (UI npm + Maven, unit tests) → **docker** (buildx amd64 for server + UI, push to Gitea registry) → **deploy** (kubectl apply + rolling update).

-Required Gitea org secrets: `REGISTRY_TOKEN`, `KUBECONFIG_BASE64`, `CAMELEER_AUTH_TOKEN`, `CAMELEER_JWT_SECRET`, `POSTGRES_USER`, `POSTGRES_PASSWORD`, `POSTGRES_DB`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`, `CAMELEER_UI_USER` (optional), `CAMELEER_UI_PASSWORD` (optional), `LOGTO_PG_USER`, `LOGTO_PG_PASSWORD`, `LOGTO_ENDPOINT` (public-facing Logto URL, e.g., `https://auth.cameleer.my.domain`), `LOGTO_ADMIN_ENDPOINT` (admin console URL), `CAMELEER_OIDC_ISSUER_URI` (optional, for resource server M2M token validation), `CAMELEER_OIDC_AUDIENCE` (optional, API resource indicator), `CAMELEER_OIDC_TLS_SKIP_VERIFY` (optional, skip TLS cert verification for self-signed CAs).
+Required Gitea org secrets: `REGISTRY_TOKEN`, `KUBECONFIG_BASE64`, `CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN`, `CAMELEER_SERVER_SECURITY_JWTSECRET`, `POSTGRES_USER`, `POSTGRES_PASSWORD`, `POSTGRES_DB`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`, `CAMELEER_SERVER_SECURITY_UIUSER` (optional), `CAMELEER_SERVER_SECURITY_UIPASSWORD` (optional), `LOGTO_PG_USER`, `LOGTO_PG_PASSWORD`, `LOGTO_ENDPOINT` (public-facing Logto URL, e.g., `https://auth.cameleer.my.domain`), `LOGTO_ADMIN_ENDPOINT` (admin console URL), `CAMELEER_SERVER_SECURITY_OIDCISSUERURI` (optional, for resource server M2M token validation), `CAMELEER_SERVER_SECURITY_OIDCAUDIENCE` (optional, API resource indicator), `CAMELEER_SERVER_SECURITY_OIDCTLSSKIPVERIFY` (optional, skip TLS cert verification for self-signed CAs).

 ### Manual K8s Commands

@@ -505,14 +608,14 @@ Required Gitea org secrets: `REGISTRY_TOKEN`, `KUBECONFIG_BASE64`, `CAMELEER_AUT
 kubectl -n cameleer get pods

 # View server logs
-kubectl -n cameleer logs -f deploy/cameleer3-server
+kubectl -n cameleer logs -f deploy/cameleer-server

 # View PostgreSQL logs
-kubectl -n cameleer logs -f statefulset/postgres
+kubectl -n cameleer logs -f statefulset/cameleer-postgres

 # View ClickHouse logs
-kubectl -n cameleer logs -f statefulset/clickhouse
+kubectl -n cameleer logs -f statefulset/cameleer-clickhouse

 # Restart server
-kubectl -n cameleer rollout restart deployment/cameleer3-server
+kubectl -n cameleer rollout restart deployment/cameleer-server
 ```
--- a/UI-CONSISTENCY-AUDIT.md
+++ b/UI-CONSISTENCY-AUDIT.md
@@ -1,6 +1,6 @@
 > **Status: RESOLVED** — All phases (1-5) executed on 2026-04-09. Remaining: responsive design (separate initiative).

-# UI Consistency Audit — cameleer3-server
+# UI Consistency Audit — cameleer-server

 **Date:** 2026-04-09
 **Scope:** All files under `ui/src/` (26 CSS modules, ~45 TSX components, ~15 pages)
--- a/UI_FINDINGS.md
+++ b/UI_FINDINGS.md
@@ -1,4 +1,4 @@
-# UI/UX Evaluation Report — Cameleer3 Server
+# UI/UX Evaluation Report — Cameleer Server

 **Date:** 2026-03-25
 **Evaluated URL:** http://192.168.50.86:30090/
@@ -8,7 +8,7 @@

 ## Executive Summary

-The Cameleer3 dashboard has a **distinctive, well-crafted warm amber design language** that stands out in the observability space. The core monitoring pages (Dashboard, Exchange Detail, Routes, Agents) are polished and consistent. The design system provides a solid foundation.
+The Cameleer dashboard has a **distinctive, well-crafted warm amber design language** that stands out in the observability space. The core monitoring pages (Dashboard, Exchange Detail, Routes, Agents) are polished and consistent. The design system provides a solid foundation.

 **Key strengths:** KPI strip pattern, command palette (Ctrl+K), agent card grouping, dark mode token system, cohesive brand identity.

--- a/audit/01-exchanges-list.png
+++ b/audit/01-exchanges-list.png
--- a/audit/01-platform-dashboard.png
+++ b/audit/01-platform-dashboard.png
--- a/audit/02-exchanges-error-filter.png
+++ b/audit/02-exchanges-error-filter.png
--- a/audit/02-exchanges-list-overview.png
+++ b/audit/02-exchanges-list-overview.png
--- a/audit/02-platform-license.png
+++ b/audit/02-platform-license.png
--- a/audit/03-exchanges-error-filtered.png
+++ b/audit/03-exchanges-error-filtered.png
--- a/audit/03-exchanges-list-light.png
+++ b/audit/03-exchanges-list-light.png
--- a/audit/03-server-exchanges-overview.png
+++ b/audit/03-server-exchanges-overview.png
--- a/audit/04-exchange-detail-ok.png
+++ b/audit/04-exchange-detail-ok.png
--- a/audit/04-users-roles-list.png
+++ b/audit/04-users-roles-list.png
--- a/audit/05-exchange-detail-err.png
+++ b/audit/05-exchange-detail-err.png
--- a/audit/05-user-detail-admin.png
+++ b/audit/05-user-detail-admin.png
--- a/audit/05-users-roles-page.png
+++ b/audit/05-users-roles-page.png
--- a/audit/06-exchange-detail-err-tab.png
+++ b/audit/06-exchange-detail-err-tab.png
--- a/audit/06-user-detail-admin.png
+++ b/audit/06-user-detail-admin.png
--- a/audit/07-add-user-dialog.png
+++ b/audit/07-add-user-dialog.png
--- a/audit/07-dashboard-full.png
+++ b/audit/07-dashboard-full.png
--- a/audit/07-dashboard-tab.png
+++ b/audit/07-dashboard-tab.png
--- a/audit/08-dashboard-drilldown-full.png
+++ b/audit/08-dashboard-drilldown-full.png
--- a/audit/08-dashboard-drilldown.png
+++ b/audit/08-dashboard-drilldown.png
--- a/audit/09-runtime-full.png
+++ b/audit/09-runtime-full.png
--- a/audit/09-runtime-tab.png
+++ b/audit/09-runtime-tab.png
--- a/audit/09-user-create-filled.png
+++ b/audit/09-user-create-filled.png
--- a/audit/10-runtime-agent-detail.png
+++ b/audit/10-runtime-agent-detail.png
--- a/audit/10-user-create-result.png
+++ b/audit/10-user-create-result.png
--- a/audit/11-create-app-full.png
+++ b/audit/11-create-app-full.png
--- a/audit/11-deployments-tab.png
+++ b/audit/11-deployments-tab.png
--- a/audit/11-rbac-after-create.png
+++ b/audit/11-rbac-after-create.png
--- a/audit/12-deployments-list.png
+++ b/audit/12-deployments-list.png
--- a/audit/12-user-create-attempt2.png
+++ b/audit/12-user-create-attempt2.png
--- a/audit/13-deployment-detail.png
+++ b/audit/13-deployment-detail.png
--- a/audit/13-groups-tab.png
+++ b/audit/13-groups-tab.png
--- a/audit/14-command-palette.png
+++ b/audit/14-command-palette.png
--- a/audit/14-roles-tab.png
+++ b/audit/14-roles-tab.png
--- a/audit/15-audit-log.png
+++ b/audit/15-audit-log.png
--- a/audit/15-command-palette-search.png
+++ b/audit/15-command-palette-search.png
--- a/audit/16-clickhouse.png
+++ b/audit/16-clickhouse.png
--- a/Show More
+++ b/Show More