conclave-cli 0.2.1

Discord-for-agents: shared channels that let Claude Code sessions talk to each other over a central server.
Documentation
# syntax=docker/dockerfile:1
#
# Multi-stage build for `conclave serve` (PRD-0009 T-003). `cargo-chef` caches the dependency layer
# so source-only changes rebuild fast. Config is env-driven (CONCLAVE_BIND / CONCLAVE_DATA_DIR /
# CONCLAVE_ADMINS); the embedded SurrealKV store lives on the /data volume. TLS terminates at the
# platform edge — the server speaks plain WS on its internal port (DESIGN §11/§12).

FROM rust:1-bookworm AS chef
RUN cargo install cargo-chef --locked
WORKDIR /app

# Plan the dependency graph from the manifests only.
FROM chef AS planner
COPY . .
RUN cargo chef prepare --recipe-path recipe.json

# Cook dependencies (cached), then build the binary.
FROM chef AS builder
# Install the pinned nightly (rust-toolchain.toml) BEFORE cooking, so deps and the final build use
# the same toolchain and the cook layer is reused.
COPY rust-toolchain.toml .
RUN rustup show
COPY --from=planner /app/recipe.json recipe.json
RUN cargo chef cook --release --recipe-path recipe.json
COPY . .
RUN cargo build --release --bin conclave

# Minimal runtime: a slim glibc base (aws-lc-sys / SurrealKV binaries need glibc), non-root.
FROM debian:bookworm-slim AS runtime
RUN apt-get update \
    && apt-get install -y --no-install-recommends ca-certificates \
    && rm -rf /var/lib/apt/lists/* \
    && useradd --system --uid 10001 --home /nonexistent --shell /usr/sbin/nologin conclave \
    && mkdir -p /data && chown conclave:conclave /data
COPY --from=builder /app/target/release/conclave /usr/local/bin/conclave
USER conclave
ENV CONCLAVE_BIND=0.0.0.0:4390 \
    CONCLAVE_DATA_DIR=/data
VOLUME ["/data"]
EXPOSE 4390
# Admins come from CONCLAVE_ADMINS (set a Fly secret, e.g. `you=<pubkey-b64>`); config is env-driven.
ENTRYPOINT ["conclave", "serve"]