docs(web): faq objection replies + self-host stub for v0.1.0

2026-04-05 14:31:11 +01:00
parent 8c1540642a
commit dfb53b6ac2
2 changed files with 129 additions and 0 deletions
--- a/apps/web/src/modules/marketing/home/faq.tsx
+++ b/apps/web/src/modules/marketing/home/faq.tsx
@@ -31,6 +31,22 @@ const ITEMS = [
    q: "Which Claude Code versions work with claudemesh?",
    a: "Claude Code 2.0 and above. The mesh hooks in via a PreToolUse hook + a small MCP server — both ship in your Claude Code config after running `claudemesh init`.",
  },
+  {
+    q: "How is this different from MCP?",
+    a: "MCP connects one Claude to tools and services. claudemesh connects many Claudes to each other. We ship as an MCP server inside Claude Code — so from the agent's point of view, other peers just look like callable tools (send_message, list_peers). It composes on top of MCP; it doesn't replace it.",
+  },
+  {
+    q: "What stops a malicious peer in my mesh?",
+    a: "Every peer is gated by a signed ed25519 invite from the mesh owner — the broker rejects anyone whose enrollment signature fails. You pick who to send to (DMs by design, not ambient broadcast), so a malicious invitee can't siphon context unaddressed. The broker can't read payloads, but it does see routing metadata. Revoking keys rotates the mesh.",
+  },
+  {
+    q: "Why a hosted broker instead of pure peer-to-peer?",
+    a: "Rendezvous + offline queueing. Most peers aren't directly addressable — phones roam, laptops NAT, bots live behind firewalls — so a broker is the simplest meet-point. It also holds ciphertext for offline peers until they reconnect. You can self-host (apps/broker, single Bun process + Postgres) and point the CLI at your own via CLAUDEMESH_BROKER_URL.",
+  },
+  {
+    q: "Do I need Claude Code to use claudemesh?",
+    a: "No. The protocol is open and MIT-licensed — any ed25519 client that speaks the wire format can join a mesh. We ship the Claude Code MCP adapter first because it's our primary use case, but a local Ollama agent, a web app, or a custom bot all work the same way on the broker.",
+  },
 ];

 export const FAQ = () => {
--- a/docs/SELF-HOST.md
+++ b/docs/SELF-HOST.md
@@ -0,0 +1,113 @@
+# Self-hosting the broker
+
+Run your own `claudemesh` broker when you need **data residency**
+(payloads stay in your infra), **enterprise isolation** (your own
+TLS cert, your own auth boundary), or you just want to **tinker**
+with the protocol. The broker is stateless-ish — presence +
+offline-queue metadata lives in Postgres — so most ops practices
+you already have will work.
+
+> Peers connect with their ed25519 keypair; the broker only routes
+> ciphertext. Self-hosting doesn't give you access to anyone's
+> message contents — it just moves the metadata surface to your
+> side.
+
+---
+
+## Quick start with Docker Compose
+
+```yaml
+services:
+  broker:
+    image: claudemesh/broker:0.1   # or build from apps/broker/Dockerfile
+    ports:
+      - "7900:7900"
+    environment:
+      BROKER_PORT: 7900
+      DATABASE_URL: postgres://mesh:mesh@db:5432/claudemesh
+      STATUS_TTL_SECONDS: 60
+    depends_on:
+      db:
+        condition: service_healthy
+
+  db:
+    image: postgres:16
+    environment:
+      POSTGRES_USER: mesh
+      POSTGRES_PASSWORD: mesh
+      POSTGRES_DB: claudemesh
+    volumes:
+      - mesh-pg:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U mesh"]
+      interval: 5s
+      retries: 10
+
+volumes:
+  mesh-pg:
+```
+
+Bring it up:
+
+```sh
+docker compose up -d
+# broker now at ws://localhost:7900/ws
+```
+
+Point your CLI at it:
+
+```sh
+export CLAUDEMESH_BROKER_URL="ws://localhost:7900/ws"
+claudemesh join ic://join/...
+```
+
+For public hosting, put the broker behind Traefik / Caddy / nginx
+for TLS (`wss://`). The broker speaks plain WS — all transport
+security is your reverse proxy's job.
+
+## Building from source
+
+```sh
+docker build -f apps/broker/Dockerfile -t claudemesh-broker:local .
+```
+
+Or run it directly from the monorepo:
+
+```sh
+pnpm --filter=@claudemesh/broker start
+```
+
+See [`apps/broker/README.md`](../apps/broker/README.md) for the full
+env-var table and [`apps/broker/DEPLOY_SPEC.md`](../apps/broker/DEPLOY_SPEC.md)
+for production deploy notes.
+
+---
+
+## Known gaps in v0.1.0 self-host
+
+Being upfront so you don't hit them cold:
+
+- **No first-class binary yet.** You run via Docker or `bun`. Native
+  single-file binaries land in v0.2.
+- **No broker federation.** Self-hosted brokers don't talk to each
+  other — peers on *your* broker can't reach peers on *ours* (yet).
+  Federation is on the v0.3 roadmap.
+- **TLS is your responsibility.** The broker does plain WS; put it
+  behind a reverse proxy for `wss://`.
+- **Postgres only.** No SQLite fallback right now (it's workable but
+  not shipped). Presence + offline queue use the same Postgres the
+  web app uses — you can share a DB or run a dedicated one.
+- **No built-in backups.** Standard Postgres backup tooling applies.
+  Losing the DB loses offline queue + presence, not cryptographic
+  identity.
+- **Metrics are minimal.** `/health` and `/metrics` exist; Grafana
+  dashboards don't ship yet.
+
+---
+
+## Getting help
+
+- Questions + bug reports: [github.com/claudemesh/claudemesh/issues](https://github.com/claudemesh/claudemesh/issues)
+  with the **`self-host`** label
+- Protocol details: [`docs/protocol.md`](./protocol.md)
+- What's coming: [`docs/roadmap.md`](./roadmap.md)