johan
/
clavitor
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clavitor/clavis/clavis-vault/GIT_WORKFLOW.md

3.4 KiB
Raw Blame History

Git Workflow — Zurich Server Only

Critical Policy

NEVER push to GitHub. The repository at git@zurich.inou.com:clavitor.git is the only remote.

Why Zurich-Only?

  1. Commercial code protection — The edition/commercial.go file contains proprietary logic that must never leak
  2. Pre-release privacy — Community edition is not yet ready for public GitHub release
  3. Unified source of truth — All development happens on Zurich, deployment flows from there

Repository Structure

zurich.inou.com:clavitor.git
├── clavitor/                 # This vault codebase
│   ├── cmd/clavitor/         # Main application
│   ├── api/                  # HTTP handlers
│   ├── lib/                  # Core libraries
│   ├── edition/              # ⬅️ COMMERCIAL/Community split
│   │   ├── edition.go        # Interface (shared)
│   │   ├── community.go      # Community Edition (Elastic 2)
│   │   └── commercial.go     # ⬅️ COMMERCIAL ONLY (proprietary)
│   └── ...
├── clavitor.ai/              # Hosted portal (commercial)
└── clavitor.com/             # Marketing site

Build Tags Matter

Build Command Edition License
go build ./cmd/clavitor/ Community Elastic 2
go build -tags commercial ./cmd/clavitor/ Commercial Proprietary

Key point: Both editions are in the same Git repo. The -tags commercial build flag is what enables commercial features.

What Gets Committed

DO commit:

  • Source code (*.go, *.js, *.css, *.html)
  • Documentation (*.md)
  • Configuration (go.mod, Makefile)
  • Test files (*_test.go)

DO NOT commit:

  • Binaries (clavitor-linux-amd64, clavitor-web)
  • Database files (*.db, *.db-shm, *.db-wal)
  • Log files (vault.log)
  • OS files (.DS_Store, ._.DS_Store)
  • Generated files (build/, *.o)

Daily Workflow

# 1. Check you're on Zurich remote
git remote -v
# Should show: origin  git@zurich.inou.com:clavitor.git

# 2. Pull latest
git pull origin main

# 3. Work on code...

# 4. Stage changes (careful - review what you're staging)
git status
git add <specific files>

# 5. Commit with descriptive message
git commit -m "feature: add FQDN caching for agent IP whitelist"

# 6. Push to Zurich only
git push origin main

Emergency: GitHub Leak Prevention

If you accidentally add GitHub as a remote or push there:

# 1. Remove GitHub remote immediately
git remote remove github

# 2. Check what was pushed
git log github/main --not zurich/main

# 3. If commercial code leaked, contact Johan immediately
# We may need to rotate tokens or change implementation details

Future: GitHub Release (Community Only)

When ready for public release:

  1. Create community-release branch on Zurich
  2. Verify edition/commercial.go is properly tagged with //go:build commercial
  3. Export to GitHub as NEW repository (not this one)
  4. Only community edition builds from that repo
  5. Commercial stays on Zurich forever

SSH Access to Zurich

ssh git@zurich.inou.com
# Or via Tailscale (if blocked on public IP)
ssh git@100.x.x.x  # Tailscale IP

Never:

  • Use git@github.com:johanj/clavitor.git as remote
  • Push to any github.com URL
  • Include commercial code in GitHub issues/PRs

Questions?

Ask Johan. This is a business-critical security boundary.