coleam00 · dmcdonald11 · Sep 10, 2025 · Sep 10, 2025 · Sep 10, 2025 · Sep 10, 2025
diff --git a/.env.example b/.env.example
@@ -27,15 +27,60 @@ SUPABASE_SERVICE_KEY=
 LOGFIRE_TOKEN=
 LOG_LEVEL=INFO
 
+
+
+###################################################################
+###################################################################
+###  LocalHost deployment
+###################################################################
+###################################################################
+# Phase 1 Parameterization Variables
+# HOST: Service host for service discovery in local development (default: localhost)
+HOST=localhost
+
+# BIND_IP: IP address to bind Docker ports to (empty = all interfaces, 127.0.0.1 = localhost only)
+# Leave empty for LAN access, set to 127.0.0.1 to restrict to localhost only
+BIND_IP=
+
+# CORS_ORIGINS: Comma-separated list of allowed CORS origins (default: http://localhost:3737)
+# Example for LAN: CORS_ORIGINS=http://localhost:3737,http://192.168.1.100:3737
+CORS_ORIGINS=http://localhost:3737
+
+# API_BASE_URL: Base URL for API service (default: http://localhost:8181)
+# Example for LAN: API_BASE_URL=http://192.168.1.100:8181
+API_BASE_URL=http://localhost:8181
+###################################################################
+###################################################################
+###  HomeLab/Lan deployment
+###################################################################
+###################################################################
+# Network binding - bind to all interfaces for LAN access
+#BIND_IP=0.0.0.0
+
+# Domain configuration for yourdomain.com   
+#HOST=archon.yourdomain.com
+
+# CORS - allow access from the domain
+#CORS_ORIGINS=https://archon.yourdomain.com
+
+# API base URL for internal service communication
+#API_BASE_URL=https://archon.yourdomain.com/api
+
 # Service Ports Configuration
 # These ports are used for external access to the services
-HOST=localhost
 ARCHON_SERVER_PORT=8181
 ARCHON_MCP_PORT=8051
 ARCHON_AGENTS_PORT=8052
 ARCHON_UI_PORT=3737
 ARCHON_DOCS_PORT=3838
 
+# MCP Configuration for local development
+# These are used by the frontend to connect to the MCP server
+VITE_MCP_HOST=localhost
+VITE_MCP_PROTOCOL=http
+VITE_MCP_USE_PROXY=false
+VITE_MCP_PORT=8051
+
 # Frontend Configuration
 # VITE_ALLOWED_HOSTS: Comma-separated list of additional hosts allowed for Vite dev server
 # Example: VITE_ALLOWED_HOSTS=192.168.1.100,myhost.local,example.com

diff --git a/.env.unified.lan b/.env.unified.lan
@@ -0,0 +1,64 @@
+# LAN/Production Configuration
+# Copy to .env for LAN deployment
+
+# ========================================
+# REQUIRED: Database Connection
+# ========================================
+SUPABASE_URL=your database link
+SUPABASE_SERVICE_KEY=Your Key 
+
+# ========================================
+# Deployment Mode: LAN/PRODUCTION
+# ========================================
+DEPLOYMENT_MODE=lan
+BUILD_TARGET=production
+NODE_ENV=production
+
+# ========================================
+# Network Configuration - UPDATE YOUR DOMAIN
+# ========================================
+HOST=archon.YourDomainName.com
+BIND_IP=0.0.0.0
+CORS_ORIGINS=https://archon.yourdomain.com
+API_BASE_URL=https://archon.yourdomain.com/api
+VITE_API_URL=https://archon.yourdomain.com
+
+# ========================================
+# MCP Configuration for LAN
+# ========================================
+VITE_MCP_HOST=archon.yourdomainname.com
+VITE_MCP_PROTOCOL=https
+VITE_MCP_USE_PROXY=true
+VITE_MCP_PORT=8051
+
+# ========================================
+# Service Ports (internal)
+# ========================================
+ARCHON_SERVER_PORT=8181
+ARCHON_MCP_PORT=8051
+ARCHON_AGENTS_PORT=8052
+ARCHON_UI_PORT=3737
+VITE_ARCHON_SERVER_PORT=
+
+# ========================================
+# Production Settings
+# ========================================
+DOCKER_SOCKET=/var/run/docker.sock
+PROD=true
+# Use prod profile for production without volume mounts
+COMPOSE_PROFILES=prod
+
+# ========================================
+# Network Configuration (LAN/Traefik)
+# ========================================
+# Use external Traefik proxy network
+PROXY_EXTERNAL=true
+PROXY_NETWORK=proxy
+
+# ========================================
+# Optional Features
+# ========================================
+AGENTS_ENABLED=false
+OPENAI_API_KEY=
+LOGFIRE_TOKEN=
+LOG_LEVEL=INFO
diff --git a/.env.unified.local b/.env.unified.local
@@ -0,0 +1,92 @@
+# Local Development Configuration
+# Copy to .env for local development
+
+# ========================================
+# REQUIRED: Database Connection
+# ========================================
+# Get your SUPABASE_URL from the Data API section of your Supabase project settings -
+# https://supabase.com/dashboard/project/<your project ID>/settings/api
+#LOCAL
+#SUPABASE_URL=http://10.11.9.234:54321
+#WWW
+#SUPABASE_URL=https://supabase.com/dashboard/project/ywqhytytvsugasmbpdfa/settings/api
+#SUPABASE_URL=https://supabase.com/dashboard/project/ywqhytytvsugasmbpdfa/settings/api
+#http://127.0.0.1:54321
+#http://127.0.0.1:54321
+SUPABASE_URL=supabaseLink
+
+# ⚠️ CRITICAL: You MUST use the SERVICE ROLE key, NOT the Anon key! ⚠️
+# 
+# COMMON MISTAKE: Using the anon (public) key will cause ALL saves to fail with "permission denied"!
+#
+# How to get the CORRECT key:
+# 1. Go to: https://supabase.com/dashboard/project/<your project ID>/settings/api
+# 2. In the Settings menu, click on "API keys" 
+# 3. Find "Project API keys" section
+# 4. You will see TWO keys - choose carefully:
+#    ❌ anon (public): WRONG - This is shorter, starts with "eyJhbGc..." and contains "anon" in the JWT
+#    ✅ service_role (secret): CORRECT - This is longer and contains "service_role" in the JWT
+#
+# The service_role key is typically much longer than the anon key.
+# If you see errors like "Failed to save" or "Permission denied", you're using the wrong key!
+#
+# On the Supabase dashboard, it's labeled as "service_role" under "Project API keys"
+
+#www
+SUPABASE_SERVICE_KEY=supabaseKey
+
+
+# ========================================
+# Deployment Mode: LOCAL
+# ========================================
+DEPLOYMENT_MODE=local
+BUILD_TARGET=development
+NODE_ENV=development
+
+# ========================================
+# Network Configuration
+# ========================================
+HOST=localhost
+BIND_IP=127.0.0.1
+CORS_ORIGINS=http://localhost:3737
+API_BASE_URL=http://localhost:8181
+VITE_API_URL=http://localhost:8181
+
+# ========================================
+# MCP Configuration
+# ========================================
+VITE_MCP_HOST=localhost
+VITE_MCP_PROTOCOL=http
+VITE_MCP_USE_PROXY=false
+VITE_MCP_PORT=8051
+
+# ========================================
+# Service Ports
+# ========================================
+ARCHON_SERVER_PORT=8181
+ARCHON_MCP_PORT=8051
+ARCHON_AGENTS_PORT=8052
+ARCHON_UI_PORT=3737
+
+# ========================================
+# Development Features
+# ========================================
+DOCKER_SOCKET=/var/run/docker.sock
+PROD=false
+# Use dev profile for development with volume mounts
+COMPOSE_PROFILES=dev
+
+# ========================================
+# Network Configuration (Local)
+# ========================================
+# No external proxy network needed for local development
+PROXY_EXTERNAL=false
+PROXY_NETWORK=proxy-internal
+
+# ========================================
+# Optional Features
+# ========================================
+AGENTS_ENABLED=false
+OPENAI_API_KEY=
+LOGFIRE_TOKEN=
+LOG_LEVEL=INFO
diff --git a/.gitignore b/.gitignore
@@ -5,6 +5,8 @@ __pycache__
 PRPs/local
 PRPs/completed/
 /logs/
+.bmad-core
+lan-migration-docs/
 .zed
 tmp/
 temp/
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -294,7 +294,20 @@ async def handle_not_found(request, exc):
     )
 ```
 
+<<<<<<< HEAD
+### Important: Environment vs Database Settings
+
+**Critical**: The following settings MUST come from environment variables, NOT the database:
+- `HOST` - Server hostname/domain
+- `PORT` - Server port bindings
+- `BIND_IP` - Network binding interface
+
+These are deployment-specific and should never be loaded from the database settings table. The credential service has been updated to exclude these from database loading to prevent override issues in different deployment environments.
+
+## File Organization
+=======
 ## Polling Architecture
+>>>>>>> 192c45df1197600ef746a77903877a4172f393f2
 
 ### HTTP Polling (replaced Socket.IO)
 

diff --git a/README-LAN.md b/README-LAN.md
@@ -0,0 +1,90 @@
+# Archon LAN Deployment
+
+Quick setup guide for deploying Archon on your LAN with Traefik proxy integration.
+
+## Quick Start
+
+### Prerequisites
+- Docker & Docker Compose installed on LAN server
+- Traefik proxy running with `proxy` network
+- DNS: `archon.mcdonaldhomelab.com` → LAN server IP
+
+### Deploy
+```bash
+# Clone repository
+git clone <repo-url>
-git clone <repo-url>
+git clone https://github.com/coleam00/Archon.git
-git clone <repo-url>
+git clone https://github.com/coleam00/Archon.git
+cd Archon
+
+# Configure environment
+cp .env.unified.lan .env
+# Edit .env with your Supabase credentials
+
+# Deploy with LAN configuration (standalone file)
+docker-compose -f docker-compose.unified.yml up -d
+
+# Access at: https://archon.yourDomain.com
+```
+
+## What This Gives You
+
+### 🌐 Production-Ready LAN Access
+- **HTTPS with SSL**: Automatic Let's Encrypt certificates via Traefik
+- **Domain Access**: `https://archon.yourDomain.com`
+- **Path Routing**: API at `/api/*`, frontend at `/`
+- **Security**: No direct port access, all traffic through Traefik
+
+### 🔒 Secure Architecture  
+- **Network Isolation**: MCP and Agents services internal-only
+- **SSL Termination**: All external traffic encrypted
+- **Service Discovery**: Containers communicate via internal Docker network
+- **Access Control**: Traefik handles all external routing
+
+### 🚀 Zero-Impact Developer Experience
+- **Localhost Unchanged**: `docker-compose up` still works for development  
+- **Environment Separation**: LAN deployment completely separate from dev
+- **Easy Switching**: Same codebase, different Docker Compose files
+
+## Architecture
+
+```
+Internet → Traefik Proxy → Docker Networks
+                        ├── archon-frontend:3737 (/)
+                        ├── archon-server:8181 (/api/*)  
+                        └── Internal Services
+                            ├── archon-mcp:8051
+                            └── archon-agents:8052
+```
+
+## Files Overview
+
+| File | Purpose |
+|------|---------|
+| `docker-compose.yml` | Developer localhost deployment |
+| `docker-compose-lan.yml` | LAN server override with Traefik labels |  
+| `.env.lan.example` | Environment template for LAN server |
+| `docs/lan-migration/` | Detailed deployment documentation |
+
+## Key Differences: Dev vs LAN
+
+| Aspect | Developer | LAN Server |
+|--------|-----------|------------|
+| **Access** | `http://localhost:3737` | `https://archon.mcdonaldhomelab.com` |
+| **Security** | HTTP, direct ports | HTTPS, Traefik proxy |  
+| **Network** | Port mappings | External proxy network |
+| **SSL** | None | Let's Encrypt via Traefik |
+| **Command** | `docker-compose up` | `docker-compose -f docker-compose-lan.yml up -d` |
+
+## Next Steps
+
+1. **Complete Setup**: Follow [LAN Deployment Guide](docs/lan-migration/lan-deployment-guide.md)
+2. **Pre-flight Check**: Use [Migration Checklist](docs/lan-migration/migration-checklist.md)  
+3. **Troubleshooting**: Reference deployment guide for common issues
+4. **Phase 2 Details**: See [Phase 2 Story](docs/stories/phase-2-lan-configuration-support.md)
+
+## Support
+
+For issues or questions:
+- Check the deployment guide troubleshooting section
+- Review Docker Compose logs: `docker-compose logs -f`
+- Verify Traefik configuration and proxy network setup
+- Ensure DNS resolution and SSL certificate generation