@connectai/selfhost

@connectai/selfhost

One-command self-host installer for ConnectAI. Takes a clean machine with only Docker + Node to a running, health-checked company-brain, with no source clone and no local image build.

npx @connectai/selfhost run
# optional global aliases:
npm i -g @connectai/selfhost
connectai run
selfhost run

That is the happy path. The canonical npm surface is @connectai/selfhost. The bare words connectai and selfhost are only installed binary aliases after npm i -g @connectai/selfhost; do not use npx connectai.

The CLI pulls prebuilt images, writes a hardened .env, boots the stack, pulls the local inference models, and prints the console URL + your single next step.

Quick start

• Boot the stack:

  npx @connectai/selfhost run
  

• Get the one-time setup token:

  npx @connectai/selfhost token
  

• Open http://localhost:5273/setup, paste the token, create the first admin, confirm inference, and connect a source.

For the full operator guide, remote-origin caveats, and day-2 operations, see SELF_HOSTING.md.

What run does

• Pre-flight (Node-native): verifies a running Docker daemon + Compose v2. Warns (does not block) if RAM/disk is below the ~8 GB footprint. Errors are copy-pasteable.
• Materialize the bundled deploy assets into a working dir (default ~/.connectai-selfhost, override --dir): the image-based docker-compose.selfhost.yml, .env.example, and the boot scripts. You never fetch source.
• Generate .env: copies the example, then fills the secrets with a CSPRNG (crypto.randomBytes): INFISICAL_*, ENCRYPTION_SECRET (32 bytes / 64 hex), and a strong POSTGRES_PASSWORD (with DATABASE_URL updated to match). Written chmod 600. Idempotent: it never overwrites a value you already set, and a second run is a no-op. Secrets are local-only: never logged, never transmitted.
• Boot: delegates to the bundled up.sh, which docker compose pulls the prebuilt images, brings up Infisical, provisions the vault identity, brings up the full stack, and waits for the API /health + the console. By default the installer runs the first-party GHCR images at the pinned, pullable tag v0.1.1: the merged backend image ghcr.io/connectai-os/connectai-app:v0.1.1 (used by both api + worker roles) plus ghcr.io/connectai-os/connectai-console:v0.1.1. You can override the release with --tag / CONNECTAI_IMAGE_TAG. It also pulls the pinned support images from the compose bundle: infisical/infisical:v0.159.28, pgvector/pgvector:pg16, postgres:16-alpine, redis:7-alpine, and ollama/ollama:latest.
• Pull models (qwen2.5:1.5b chat + mxbai-embed-large embed) into the bundled Ollama. Soft-fail: a pull error warns and points at the wizard, it never fails the install.
• Print the console URL, the setup-token command, and the next step.

Command examples

npx @connectai/selfhost run
npx @connectai/selfhost run --dir /opt/connectai --no-pull
npx @connectai/selfhost logs api
npx @connectai/selfhost token
npx @connectai/selfhost down -v

Commands

Command	What it does
run (default)	the full install + boot above
down	stop the stack (down -v also removes volumes / wipes the brain)
logs	tail stack logs (e.g. connectai logs api)
token	print the one-time first-run setup token, or tell you the instance is already configured
help / version	usage / version

Flags

Flag	Meaning
--dir <path>	working directory (default ~/.connectai-selfhost)
--model <name>	chat model to pull (default qwen2.5:1.5b)
--no-pull	skip the model pull
--tag <tag>	GHCR image tag to run (default: v0.1.1; also CONNECTAI_IMAGE_TAG)
--yes, -y	non-interactive (already the default; accepted for CI)

Requirements

• Docker with the Compose v2 plugin and a running daemon.
• Node >= 18 (for npx).
• Roughly 8 GB RAM and 10 GB free disk for a comfortable first boot.
• No git checkout, no source clone, and no local image build.

Notes

• --dir is also the compose-project boundary. The default dir keeps the stable connectai-selfhost project name; any other dir gets its own derived project name so down --dir <that-dir> only tears down that install.
• New packaged installs default to ~/.connectai-selfhost so they do not attach to an existing ~/.connectai checkout or self-host state. If you already installed an older packaged release into ~/.connectai, the CLI detects that layout and reuses it on upgrade.
• Only one localhost stack can be up at a time because the services still bind fixed host ports (4000, 5273, 8082, 5432). For a clean rerun on a shared box, stop the currently running stack without -v, run the temp-dir install, then tear down the temp-dir stack with down -v.
• localhost is the v1 target. The packaged installer is the fastest path for a same-box eval. The prebuilt console image bakes its API base URL at publish time to http://localhost:4000, which is correct for localhost. Serving the prebuilt console for a remote origin needs extra setup; use SELF_HOSTING.md before trying to expose this packaged path on a real domain.
• The packaged installer defaults to the verified v0.1.1 release tag. If you override it, keep the same tag across your operator docs and rollout notes.
• The first run downloads several GB (images + models) and can take a few minutes; re-runs are fast and idempotent.
• This is a thin front door over the same hardened up.sh boot engine used by a source checkout; it does not re-implement orchestration.

License

BUSL-1.1. Development, testing, and evaluation use need no license; production use requires a commercial license. The self-host runtime guard fail-closes at run time, so a public image gives nothing away.