Skip to content

production-install.md

Latest commit

 

History

History
87 lines (62 loc) · 2 KB

production-install.md

File metadata and controls

87 lines (62 loc) · 2 KB

Production Install

This guide installs Claw for a self-hosted enterprise baseline.

Deployment model

  • claw daemon runs in your environment and serves gRPC.
  • Repository data is local under .claw/ in the repo root.
  • Clients connect through claw sync using gRPC remotes.
  • Auth is bearer-token based (authorization: Bearer <token>).

Host prerequisites

  • Claw binary installed and on PATH.
  • Stable storage for repository checkout plus .claw/.
  • Service account with read/write access to the repository directory.
  • Network controls allowing only approved clients to daemon port.

Install procedure

  1. Create or select the repository directory on the server.
  2. Initialize if needed:
claw init
  1. Configure daemon auth profile token:
claw auth token set "<strong-random-token>" --profile default
  1. Run preflight:
claw admin preflight
  1. Start daemon:
claw daemon --listen 0.0.0.0:50051 --auth-profile default

Service manager example (systemd)

[Unit]
Description=Claw Daemon
After=network.target

[Service]
Type=simple
User=claw
Group=claw
WorkingDirectory=/srv/claw/repo
ExecStart=/usr/local/bin/claw daemon --listen 0.0.0.0:50051 --auth-profile default
Restart=always
RestartSec=2

[Install]
WantedBy=multi-user.target

TLS guidance

  • If daemon is reachable beyond localhost, use TLS.
  • You can terminate TLS at ingress/proxy, or configure cert/key in .claw/config.toml.
  • claw admin preflight fails when TLS config is incomplete (tls.cert_path without tls.key_path, or inverse).

Post-install checks

  • claw admin preflight returns PASS.
  • Daemon process remains healthy after restart.
  • A client can run:
claw remote add origin http://claw-daemon.internal:50051 --kind grpc --token-profile default
claw sync pull --remote origin --ref-name heads/main

Related docs