install: curl-pipeable primary/secondary device installers + GHCR image#34
Merged
Conversation
Refactors the install path from "clone the repo, npm install, build, compose
up, copy slash commands by hand" into two one-line installers that work
without cloning or building anything locally:
curl -fsSL .../scripts/install-primary.sh | bash -s v0.3.0
curl -fsSL .../scripts/install-secondary.sh | bash -s v0.3.0 <tunnel-host>
Plus PowerShell mirrors (install-primary.ps1 / install-secondary.ps1) so
Windows users without bash can install without WSL/Git Bash.
What changed
- .github/workflows/release.yml — publishes the MCP image to GHCR on every
v* tag push. CI keeps doing the existing typecheck + tests.
- Dockerfile is now multi-stage: builds dist/ inside the container so the
GHCR image doesn't depend on a host-side `npm run build`. Bundles
prompts/ and scripts/sync-dream-skill.py for the entrypoint.
- docker/entrypoint.sh — seeds ~/graph-memory/prompts/ from the baked-in
copy on first run (idempotent), and generates a self-signed TLS cert at
~/graph-memory/certs/ if TLS_CERT is set but the file doesn't exist
yet. Without the cert step a fresh install crashes immediately on
startup with ENOENT trying to read server.crt — caught during Tier 1
local testing.
- docker-compose.yml now defaults to the GHCR image
(ghcr.io/stevepridemore/graph-memory-mcp:${MCP_IMAGE_TAG:-latest}).
docker-compose.dev.yml is a small override that switches back to a
local `build: .` for developers; opt-in via
`docker compose -f docker-compose.yml -f docker-compose.dev.yml`.
- skills/ — vendors the 12 graph-memory-specific slash commands so they
can be released alongside the server. Existing skills referenced
~/.claude/graph-memory/... (a path that doesn't exist; the real data
root is ~/graph-memory/) and Windows-only ~/AppData paths. Fixed to
use ~/graph-memory/.tmp/ for scratch and platform-agnostic install
notes for ffmpeg etc.
- scripts/sync-dream-skill.py — new --prompts-dir flag lets the installer
point at the entrypoint-seeded copy. New --os {auto,windows,unix} flag
picks the correct path separator for the host OS (was hard-coded to
Windows backslashes).
- scripts/test-install-local.sh — Tier-1 local test harness. Patches the
install script to use file:// URLs, runs it under a sandboxed $HOME,
and verifies the expected files exist with no personal-data leaks.
- README — Quick start replaced with three explicitly labeled install
paths: Primary Device (runs the containers + dream + maintenance),
Secondary Device (HTTP+OAuth client only), and Developer (from
source). Each shows both bash and PowerShell command lines.
- docs/SCHEMA.md → docs/GRAPH_SCHEMA_REFERENCE.md so the deep-dive ref
doesn't shadow the new agent-facing /GRAPH_SCHEMA.md at the root.
- .dockerignore added to keep the multi-stage build context lean.
Tier 1 local testing passed end-to-end: install script dry-run produces all
expected files in a sandbox, multi-stage build succeeds in 53s, entrypoint
seeds prompts + generates certs idempotently, docker compose up brings the
stack healthy in ~18s, /health returns 200 over HTTPS. The TLS-cert crash
was found and fixed before this commit.
Remove this commit before merging install-test → main.
For testing v0.3.0 against a feature branch before tagging. Treats anything not matching v* or 'latest' as a branch name and pulls from refs/heads/. A real user install with a tag like v0.3.0 hits the same tag URL as before.
This reverts commit df9405a.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Refactors the install path into two curl-pipeable one-liners that work without cloning or local building:
curl ... install-primary.sh | bash -s v0.3.0— pulls the GHCR image, writes docker-compose.yml/.env templates, installs slash commands. Pre-flight Docker check included.curl ... install-secondary.sh | bash -s v0.3.0 <tunnel-host>— slash commands +.mcp.jsonpointed at the remote tunnel. No Docker needed.Key pieces
.github/workflows/release.ymlpublishesghcr.io/stevepridemore/graph-memory-mcp:vX.Y.Zon everyv*tag push.Dockerfilebuildsdist/internally — no host-sidenpm run buildneeded.docker/entrypoint.shseeds prompts and auto-generates a self-signed TLS cert on first run.docker-compose.ymldefaults to the GHCR image;docker-compose.dev.ymlis the local-build override for developers.skills/vendors the 12 graph-memory slash commands (path bugs iningest,ingest-audio,graph-dreamfixed along the way).scripts/test-install-local.shis a Tier-1 local-test harness for future iteration.Test plan
docker build+docker compose upwith the locally-tagged image. Both containers healthy in 18s,/healthreturns 200 over HTTPS. Caught and fixed a real bug: the MCP server crashed on missing TLS certs — entrypoint now auto-generates them.install-testbranch, GHCR image pulled anonymously, full stack healthy. Confirms the published artifacts work for a real user.🤖 Generated with Claude Code