docs(docker): document integrated deployment flow

- document the new ccs docker command suite and remote host staging path
- clarify how the existing prebuilt image differs from the integrated CLI flow
- record issue #812 in the project roadmap

Refs #812
This commit is contained in:
Tam Nhu Tran
2026-03-27 15:05:17 -04:00
parent 23f767b0c5
commit 6ac8f59a78
2 changed files with 44 additions and 5 deletions
+43 -5
View File
@@ -1,10 +1,10 @@
<div align="center">
# CCS Dashboard - Docker
# CCS Docker Deployment
![CCS Logo](../assets/ccs-logo-medium.png)
### Run the CCS Config Dashboard in Docker.
### Run CCS in Docker, locally or over SSH.
Persistent config, restart on reboot.
**[Back to README](../README.md)**
@@ -13,7 +13,43 @@ Persistent config, restart on reboot.
<br>
## Quick Start (Prebuilt Image)
## Preferred: `ccs docker`
The CLI now ships a first-class Docker command suite for the integrated CCS + CLIProxy stack:
```bash
ccs docker up
ccs docker status
ccs docker logs --follow
ccs docker config
ccs docker update
ccs docker down
```
Remote deployment stages the bundled Docker assets to `~/.ccs/docker` on the target host:
```bash
ccs docker up --host my-server
ccs docker --host my-server status
ccs docker status --host my-server
ccs docker logs --host my-server --service ccs --follow
ccs docker config --host my-server
```
Use a single SSH target or SSH config alias for `--host`. If you need custom SSH flags such as a port override, configure them in `~/.ssh/config` and reference the alias from `ccs docker`.
The `ccs docker` flow uses the integrated assets in this directory:
- `docker/Dockerfile.integrated`
- `docker/docker-compose.integrated.yml`
- `docker/supervisord.conf`
- `docker/entrypoint-integrated.sh`
## Prebuilt Image Quick Start
This existing image still runs the CCS dashboard and its locally managed CLIProxy inside one
container. It does not provide the remote staging and in-container self-update flow exposed by
`ccs docker`.
Pull the latest stable release image from GitHub Container Registry:
@@ -30,7 +66,7 @@ docker run -d \
Release-tag images are also published as `ghcr.io/kaitranntt/ccs-dashboard:<version>`.
## Build Locally
## Prebuilt Image Build Locally
```bash
docker build -f docker/Dockerfile -t ccs-dashboard:latest .
@@ -91,7 +127,7 @@ docker start ccs-dashboard
docker rm -f ccs-dashboard
```
## Docker Compose (Optional)
## Prebuilt Image Docker Compose (Optional)
Using the included `docker/docker-compose.yml`:
@@ -106,6 +142,8 @@ Stop:
docker-compose -f docker/docker-compose.yml down
```
For the integrated CCS + CLIProxy stack managed by the CLI, use `ccs docker up` instead.
## Persistence
- CCS stores data in `/home/node/.ccs` inside the container.
+1
View File
@@ -42,6 +42,7 @@ All major modularization work is complete. The codebase evolved from monolithic
### Recent Fixes
- **2026-03-27**: WebSearch dashboard cards now manage Exa, Tavily, and Brave API keys inline instead of relying on a separate manual env step. CCS stores those secrets through `global_env`, reflects masked key state in `/api/websearch`, and counts dashboard-managed keys as ready in the WebSearch status flow.
- **2026-03-27**: **#812** CCS now includes a first-class `ccs docker` command suite for self-hosting the integrated Dashboard + CLIProxy stack. The CLI can stage bundled Docker assets locally or to a remote `--host` over SSH, report compose/supervisor status, stream CCS or CLIProxy logs, and run in-container update flows without relying on ad-hoc deployment scripts.
- **2026-03-24**: Official Claude Channels now follow Anthropic's actual runtime contract. CCS blocks auto-enable unless Bun is available, Claude Code is verified at v2.1.80+, and `claude.ai` auth is verified; treats `--allow-dangerously-skip-permissions` as an explicit override; keeps Telegram/Discord bot tokens in Claude's shared `~/.claude/channels/` state (or official `*_STATE_DIR` overrides); and upgrades the dashboard/CLI status flow with Bun/version/auth/state-scope guidance, safer token draft retention on refresh failures, and a non-macOS iMessage toggle that can still be turned off when already selected.
- **2026-03-23**: CLIProxy providers that do not expose an email no longer require a user-supplied nickname on first auth. CCS now derives a stable internal account identifier for Kiro/Copilot-style flows, preserves later rename support, hardens account discovery/registry sync around that identifier, and updates AI Provider CRUD to use stable entry IDs instead of dashboard list indexes.
- **2026-03-23**: Sensitive dashboard management routes now fail closed to localhost-only access whenever dashboard auth is disabled. Remote access remains available after `ccs config auth setup`, but AI Provider management, CLIProxy auth/status helpers, and other write-capable settings endpoints no longer trust unauthenticated non-loopback requests.