diff --git a/docker/README.md b/docker/README.md index d6fd0d0f..eecd14ea 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,10 +1,10 @@
-# CCS Dashboard - Docker +# CCS Docker Deployment ![CCS Logo](../assets/ccs-logo-medium.png) -### Run the CCS Config Dashboard in Docker. +### Run CCS in Docker, locally or over SSH. Persistent config, restart on reboot. **[Back to README](../README.md)** @@ -13,7 +13,43 @@ Persistent config, restart on reboot.
-## Quick Start (Prebuilt Image) +## Preferred: `ccs docker` + +The CLI now ships a first-class Docker command suite for the integrated CCS + CLIProxy stack: + +```bash +ccs docker up +ccs docker status +ccs docker logs --follow +ccs docker config +ccs docker update +ccs docker down +``` + +Remote deployment stages the bundled Docker assets to `~/.ccs/docker` on the target host: + +```bash +ccs docker up --host my-server +ccs docker --host my-server status +ccs docker status --host my-server +ccs docker logs --host my-server --service ccs --follow +ccs docker config --host my-server +``` + +Use a single SSH target or SSH config alias for `--host`. If you need custom SSH flags such as a port override, configure them in `~/.ssh/config` and reference the alias from `ccs docker`. + +The `ccs docker` flow uses the integrated assets in this directory: + +- `docker/Dockerfile.integrated` +- `docker/docker-compose.integrated.yml` +- `docker/supervisord.conf` +- `docker/entrypoint-integrated.sh` + +## Prebuilt Image Quick Start + +This existing image still runs the CCS dashboard and its locally managed CLIProxy inside one +container. It does not provide the remote staging and in-container self-update flow exposed by +`ccs docker`. Pull the latest stable release image from GitHub Container Registry: @@ -30,7 +66,7 @@ docker run -d \ Release-tag images are also published as `ghcr.io/kaitranntt/ccs-dashboard:`. -## Build Locally +## Prebuilt Image Build Locally ```bash docker build -f docker/Dockerfile -t ccs-dashboard:latest . @@ -91,7 +127,7 @@ docker start ccs-dashboard docker rm -f ccs-dashboard ``` -## Docker Compose (Optional) +## Prebuilt Image Docker Compose (Optional) Using the included `docker/docker-compose.yml`: @@ -106,6 +142,8 @@ Stop: docker-compose -f docker/docker-compose.yml down ``` +For the integrated CCS + CLIProxy stack managed by the CLI, use `ccs docker up` instead. + ## Persistence - CCS stores data in `/home/node/.ccs` inside the container. diff --git a/docs/project-roadmap.md b/docs/project-roadmap.md index 80526d0c..7090a9a5 100644 --- a/docs/project-roadmap.md +++ b/docs/project-roadmap.md @@ -42,6 +42,7 @@ All major modularization work is complete. The codebase evolved from monolithic ### Recent Fixes - **2026-03-27**: WebSearch dashboard cards now manage Exa, Tavily, and Brave API keys inline instead of relying on a separate manual env step. CCS stores those secrets through `global_env`, reflects masked key state in `/api/websearch`, and counts dashboard-managed keys as ready in the WebSearch status flow. +- **2026-03-27**: **#812** CCS now includes a first-class `ccs docker` command suite for self-hosting the integrated Dashboard + CLIProxy stack. The CLI can stage bundled Docker assets locally or to a remote `--host` over SSH, report compose/supervisor status, stream CCS or CLIProxy logs, and run in-container update flows without relying on ad-hoc deployment scripts. - **2026-03-24**: Official Claude Channels now follow Anthropic's actual runtime contract. CCS blocks auto-enable unless Bun is available, Claude Code is verified at v2.1.80+, and `claude.ai` auth is verified; treats `--allow-dangerously-skip-permissions` as an explicit override; keeps Telegram/Discord bot tokens in Claude's shared `~/.claude/channels/` state (or official `*_STATE_DIR` overrides); and upgrades the dashboard/CLI status flow with Bun/version/auth/state-scope guidance, safer token draft retention on refresh failures, and a non-macOS iMessage toggle that can still be turned off when already selected. - **2026-03-23**: CLIProxy providers that do not expose an email no longer require a user-supplied nickname on first auth. CCS now derives a stable internal account identifier for Kiro/Copilot-style flows, preserves later rename support, hardens account discovery/registry sync around that identifier, and updates AI Provider CRUD to use stable entry IDs instead of dashboard list indexes. - **2026-03-23**: Sensitive dashboard management routes now fail closed to localhost-only access whenever dashboard auth is disabled. Remote access remains available after `ccs config auth setup`, but AI Provider management, CLIProxy auth/status helpers, and other write-capable settings endpoints no longer trust unauthenticated non-loopback requests.