johan
/
clavitor
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clavitor/clavitor.com/CLAUDE.md

3.7 KiB
Raw Blame History

Clavitor Website — clavitor.com

Architecture

  • Go web server (main.go) with go:embed for templates, CSS, SVGs, PNGs
  • Templates in templates/*.tmpl, single CSS in clavitor.css
  • SQLite DB: clavitor.db (pops, telemetry, uptime, incidents, accounts, vaults, sessions)
  • Dev mode: auto-detected when templates/ dir exists on disk — reloads templates per request, but CSS/SVGs require rebuild (go:embed)
  • Port 8099
  • License: Elastic License 2.0 (NOT MIT)

Deployment

Dev (forge = 192.168.1.16, Florida — dev.clavitor.ai)

make dev           # build + restart locally
make deploy-dev    # same thing

Dev runs on forge (localhost). dev.clavitor.ai DNS points to home IP.

Prod (Zürich — zurich.inou.com — clavitor.ai)

make deploy-prod   # cross-compile amd64, scp to Zürich, restart systemd

Prod runs at /opt/clavitor-web/ as systemd service clavitor-web. Caddy reverse proxies clavitor.ai, clavitor.com, www.clavitor.ai, www.clavitor.comlocalhost:8099.

First-time setup (already done)

make setup-prod    # creates /opt/clavitor-web, systemd service, uploads binary+db

Then manually update /etc/caddy/Caddyfile to reverse_proxy.

SSH

  • Prod: ssh root@zurich.inou.com
  • Tailscale: zurich (100.70.148.118) — SSH may be blocked via Tailscale

Build & Run

CGO_ENABLED=1 go build -o clavitor-web .
./clavitor-web

CSS and SVG changes require rebuild (embedded at compile time). Template changes reload in dev mode.

Brand & Design

  • Light mode only. Single source of truth: clavitor.css
  • Logo: the black square (#0A0A0A). favicon.svg = black square
  • Colors: black #0A0A0A (brand), red #DC2626 (accent), light red #F5B7B7 (planned/secondary), grayscale
  • No purple. No green (except inherited SVG diagrams). Red is the only accent.
  • Square shapes for permanent UI elements. Circles only for transient animations (pulses, "You" dot)
  • Fonts: Figtree (body), JetBrains Mono (code/monospace)
  • No inline styles, no CSS in templates. Everything in clavitor.css.
  • Always capitalize "Clavitor" in prose. Lowercase in code/paths/commands.

Encryption Terminology

  • Vault Encryption — whole vault at rest
  • Credential Encryption — per-field, server-side (AI agents can read via CLI)
  • Identity Encryption — per-field, client-side via WebAuthn PRF (Touch ID only, server cannot decrypt)
  • Never use "sealed fields", "agent fields", "L1", "L2", "L3"
  • Agents use CLI, NOT MCP (MCP exposes plaintext; CLI is scoped)

POPs (Points of Presence)

  • Stored in pops table in clavitor.db — the single source of truth
  • Map on /hosted is generated dynamically from DB via JavaScript
  • Zürich = HQ, black dot, larger (11×11). Live POPs = red. Planned = light red.
  • "You" visitor dot = circle (not square — "you" is not clavitor)

Key URLs

  • /hosted — hosted product page with dynamic world map
  • /glass — looking glass (latency from user's browser)
  • /noc?pin=250365 — NOC dashboard (telemetry, read-only, hardcoded PIN)
  • /telemetry — POST endpoint for POP agent heartbeats (no auth)
  • /ping — server-side TCP ping (for diagnostics)

Vault Binary

  • Source: ~/dev/clavitor/clovis/clovis-vault/
  • Build for ARM64: cd ~/dev/clavitor/clovis/clovis-vault && GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -o clavitor-linux-arm64 ./cmd/clavitor
  • All POPs are ARM64 (AWS t4g.micro)
  • Vault runs on port 1984 with TLS
  • Has /ping endpoint (11 bytes, no DB, CORS via middleware) for looking glass
  • Has /health endpoint (heavier, queries DB)

Providers

  • AWS: most POPs (free tier t4g.micro)
  • LightNode: Santiago, Bogotá, Manila, Dhaka
  • ishosting: Istanbul, Almaty
  • HostAfrica: Lagos, Nairobi
  • Rackmill: Perth