johan
/
clavitor
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Makefile for dev/prod deployment, update CLAUDE.md 

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
James 2026-03-25 02:19:59 -04:00
parent 22fed471f4
commit 599ab722b5
2 changed files with 88 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
clavitor.com/CLAUDE.md
View File

@ -6,6 +6,33 @@
- SQLite DB: `clavitor.db` (pops, telemetry, uptime, incidents, accounts, vaults, sessions) - SQLite DB: `clavitor.db` (pops, telemetry, uptime, incidents, accounts, vaults, sessions)
- Dev mode: auto-detected when `templates/` dir exists on disk — reloads templates per request, but CSS/SVGs require rebuild (`go:embed`) - Dev mode: auto-detected when `templates/` dir exists on disk — reloads templates per request, but CSS/SVGs require rebuild (`go:embed`)
- Port 8099 - Port 8099
- License: Elastic License 2.0 (NOT MIT)
## Deployment
### Dev (localhost — Florida)
```
make dev # build + restart locally
make deploy-dev # same thing
```
### Prod (Zürich — zurich.inou.com)
```
make deploy-prod # cross-compile amd64, scp to Zürich, restart systemd
```
Prod runs at `/opt/clavitor-web/` as systemd service `clavitor-web`.
Caddy reverse proxies `clavitor.ai`, `clavitor.com`, `dev.clavitor.ai``localhost:8099`.
### First-time setup (already done)
```
make setup-prod # creates /opt/clavitor-web, systemd service, uploads binary+db
```
Then manually update `/etc/caddy/Caddyfile` to reverse_proxy.
### SSH
- Prod: `ssh root@zurich.inou.com`
- Tailscale: `zurich` (100.70.148.118) — SSH may be blocked via Tailscale
## Build & Run ## Build & Run
``` ```
@ -22,12 +49,14 @@ CSS and SVG changes require rebuild (embedded at compile time). Template changes
- Square shapes for permanent UI elements. Circles only for transient animations (pulses, "You" dot) - Square shapes for permanent UI elements. Circles only for transient animations (pulses, "You" dot)
- Fonts: Figtree (body), JetBrains Mono (code/monospace) - Fonts: Figtree (body), JetBrains Mono (code/monospace)
- No inline styles, no CSS in templates. Everything in clavitor.css. - No inline styles, no CSS in templates. Everything in clavitor.css.
- Always capitalize "Clavitor" in prose. Lowercase in code/paths/commands.
## Encryption Terminology ## Encryption Terminology
- **Vault Encryption** — whole vault at rest - **Vault Encryption** — whole vault at rest
- **Credential Encryption** — per-field, server-side (AI agents can read via MCP) - **Credential Encryption** — per-field, server-side (AI agents can read via CLI)
- **Identity Encryption** — per-field, client-side via WebAuthn PRF (Touch ID only, server cannot decrypt) - **Identity Encryption** — per-field, client-side via WebAuthn PRF (Touch ID only, server cannot decrypt)
- Never use "sealed fields", "agent fields", "L1", "L2", "L3" - Never use "sealed fields", "agent fields", "L1", "L2", "L3"
- Agents use CLI, NOT MCP (MCP exposes plaintext; CLI is scoped)
## POPs (Points of Presence) ## POPs (Points of Presence)
- Stored in `pops` table in clavitor.db — the single source of truth - Stored in `pops` table in clavitor.db — the single source of truth
@ -55,5 +84,4 @@ CSS and SVG changes require rebuild (embedded at compile time). Template changes
- LightNode: Santiago, Bogotá, Manila, Dhaka - LightNode: Santiago, Bogotá, Manila, Dhaka
- ishosting: Istanbul, Almaty - ishosting: Istanbul, Almaty
- HostAfrica: Lagos, Nairobi - HostAfrica: Lagos, Nairobi
- Voyager NZ → switched to AWS for Auckland
- Rackmill: Perth - Rackmill: Perth

58
clavitor.com/Makefile Normal file
View File

@ -0,0 +1,58 @@
BINARY = clavitor-web
PROD_HOST = root@zurich.inou.com
PROD_DIR = /opt/clavitor-web
PROD_PORT = 8099
.PHONY: build dev deploy-dev deploy-prod setup-prod
# Build for local (dev)
build:
CGO_ENABLED=1 go build -o $(BINARY) .
# Run locally (dev mode — templates reload from disk)
dev: build
pkill -f $(BINARY) 2>/dev/null || true
sleep 0.5
./$(BINARY) &
@echo "→ http://localhost:$(PROD_PORT)"
# Deploy to dev (localhost — just rebuild and restart)
deploy-dev: build
pkill -f $(BINARY) 2>/dev/null || true
sleep 0.5
./$(BINARY) &
@echo "✓ dev deployed → http://localhost:$(PROD_PORT)"
# Build for prod (linux/amd64 for Zürich)
build-prod:
GOOS=linux GOARCH=amd64 CGO_ENABLED=1 go build -o $(BINARY)-linux-amd64 .
# Deploy to prod (Zürich)
deploy-prod: build-prod
scp $(BINARY)-linux-amd64 clavitor.db $(PROD_HOST):$(PROD_DIR)/
ssh $(PROD_HOST) "cd $(PROD_DIR) && mv $(BINARY)-linux-amd64 $(BINARY) && systemctl restart clavitor-web"
@echo "✓ prod deployed → https://clavitor.ai"
# First-time prod setup: create dir, systemd service, update Caddy
setup-prod:
ssh $(PROD_HOST) "mkdir -p $(PROD_DIR)"
scp $(BINARY)-linux-amd64 clavitor.db $(PROD_HOST):$(PROD_DIR)/
ssh $(PROD_HOST) "mv $(PROD_DIR)/$(BINARY)-linux-amd64 $(PROD_DIR)/$(BINARY)"
ssh $(PROD_HOST) 'cat > /etc/systemd/system/clavitor-web.service << EOF\n\
[Unit]\n\
Description=clavitor-web\n\
After=network.target\n\
\n\
[Service]\n\
Type=simple\n\
WorkingDirectory=$(PROD_DIR)\n\
ExecStart=$(PROD_DIR)/$(BINARY)\n\
Restart=always\n\
RestartSec=5\n\
Environment=PORT=$(PROD_PORT)\n\
\n\
[Install]\n\
WantedBy=multi-user.target\n\
EOF'
ssh $(PROD_HOST) "systemctl daemon-reload && systemctl enable --now clavitor-web"
@echo "✓ prod setup complete — now update Caddyfile to reverse_proxy localhost:$(PROD_PORT)"