# Clavitor Admin - Local Development Setup

## Architecture

```
┌─────────────────┐     ┌──────────────────┐     ┌─────────────────┐
│   Your Mac      │────▶│   Caddy (192.168)  │────▶│  Admin (forge)  │
│  (Browser)      │     │                  │     │   Port 1985     │
└─────────────────┘     └──────────────────┘     └─────────────────┘
        │                        │
        │                 dev.clavitor.ai (vault)
        │                 admin.dev.clavitor.ai (admin)
        │
        ▼
   https://admin.dev.clavitor.ai
```

## Quick Start

### 1. Start Admin Server Locally

```bash
cd /home/johan/dev/clavitor/clavitor.ai/admin
go run main.go
```

Server starts on **port 1985**:
- Local: http://localhost:1985
- Via Caddy: https://admin.dev.clavitor.ai

### 2. Update Caddy (on 192.168.0.2)

SSH to your Caddy machine and add:

```bash
ssh root@192.168.0.2
cat >> /etc/caddy/Caddyfile << 'EOF'

admin.dev.clavitor.ai {
    reverse_proxy forge:1985
    tls internal
}
EOF

systemctl reload caddy
```

### 3. Access Admin

From your Mac:
- https://admin.dev.clavitor.ai
- (Caddy handles TLS with self-signed cert)

## Services Map

| Service | Domain | Port (forge) | Caddy |
|---------|--------|--------------|-------|
| Vault | dev.clavitor.ai | 1984 | ✅ Already configured |
| Admin | admin.dev.clavitor.ai | 1985 | ⚠️ Add to Caddy |

## Environment Modes

### Sandbox Mode (Default)
Uses Paddle's test environment - no real money.

```go
// In sync.go - already set:
const DefaultSandbox = true
baseURL = "https://sandbox-api.paddle.com"
```

Get sandbox credentials:
1. https://sandbox-vendors.paddle.com
2. Developer Tools > Authentication
3. Create API Key + Client Token

### Production Mode
For real payments:

```bash
# Override sandbox
go run main.go -production
# Or set env:
PADDLE_PRODUCTION=true go run main.go
```

## API Keys Setup

Edit these files with your Paddle credentials:

### 1. Server-side API Key (sync.go)
```go
const DefaultAPIKey = "pdl_sandbox_apikey_XXXXX"
```

### 2. Client-side Token (checkout.html)
```javascript
const PADDLE_CLIENT_TOKEN = 'pdl_sandbox_clienttoken_XXXXX';
```

## Testing Checkout

1. Open https://admin.dev.clavitor.ai/static/checkout.html
2. Select plan
3. Use Paddle test card: `4242 4242 4242 4242`
4. Any future expiry, any CVC
5. Payment succeeds (fake money)

## Development Tips

**Hot reload:** Use `air` or just `go run` - changes apply on restart

**Database:** SQLite at `corporate.db` - delete to reset

**Logs:** Admin actions logged to `events` table

**Caddy issues:** Check `journalctl -u caddy -f` on 192.168.0.2

## Troubleshooting

**"Connection refused"**: Admin not running on forge:1985

**"Bad Gateway"**: Caddy can't reach forge - check firewall

**"Certificate error"**: Accept self-signed cert in browser (development only)

**"Paddle API error"**: Check API key environment (sandbox vs production)

## Switching Vault ↔ Admin

Both run independently:
- Vault on dev.clavitor.ai (port 1984)
- Admin on admin.dev.clavitor.ai (port 1985)

To link them: Vault calls admin API at `https://admin.dev.clavitor.ai/api/...`