# TMCP Self-Hosted Installer

This directory contains a complete, self-contained installer system for
deploying [TMCP](https://github.com/touhidul7/TMCP) on your own server.

It installs and configures everything needed to run TMCP in production:

- System dependencies (Git, Node.js 22, Nginx, Certbot, PostgreSQL client, PM2)
- The TMCP application (cloned into `./TMCP`)
- A generated `TMCP/.env.local`
- Database migrations applied in order
- A production build started under **PM2** on port **3000**
- An **Nginx** reverse proxy with optional **Let's Encrypt** SSL

> The installer **does not modify any TMCP application source code**. It only
> creates configuration, environment, and runtime state.

---

## Supported platforms

| Platform           | Script                | Dependency handling                         |
| ------------------ | --------------------- | ------------------------------------------- |
| Ubuntu 22.04+/24.04+ | `install.sh`        | Auto-installs via `apt` + NodeSource        |
| macOS              | `install.sh`          | Auto-installs via Homebrew                  |
| Windows 10/11      | `install.ps1`         | **Checks only** — prints install hints      |

On Linux the installer also configures Nginx and Let's Encrypt. On macOS it
configures Homebrew Nginx (no Let's Encrypt). On Windows, Nginx/SSL are **not**
configured — run TMCP behind IIS, Caddy, or a cloud load balancer.

---

## What you'll be asked for

Have these ready before you start:

- **Domain** — e.g. `app.example.com` (DNS A/AAAA record must already point at this server)
- **Supabase URL** — `https://xxxx.supabase.co`
- **Supabase Anon Key**
- **Supabase Service Role Key**
- **Supabase Database URL** — `postgresql://postgres:PASSWORD@db.xxxxx.supabase.co:5432/postgres`
- **Google Client ID**
- **Google Client Secret**
- **Resend API Key**

The installer generates these automatically:

- `APP_ENCRYPTION_KEY` — a fresh 64-character hex key (`openssl rand -hex 32`)
- `NEXT_PUBLIC_APP_URL` — `https://<domain>`
- `GOOGLE_REDIRECT_URI` — `https://<domain>/api/connections/google/callback`

See [`examples/env.example.generated`](examples/env.example.generated) for the
shape of the `.env.local` it writes.

---

## Quick start

### Linux / macOS

```bash
# From the directory where you want the ./TMCP folder created:
git clone https://github.com/touhidul7/TMCP.git tmcp-installer-temp
chmod +x tmcp-installer-temp/install/*.sh
./tmcp-installer-temp/install/install.sh
```

Or, if you already have this `install/` directory locally:

```bash
chmod +x install/*.sh
./install/install.sh
```

### Windows (PowerShell)

```powershell
powershell -ExecutionPolicy Bypass -File .\install\install.ps1
```

> Run Windows PowerShell as a normal user; the script will offer to install
> PM2 via npm if it's missing. Install Git, Node.js 22 (LTS), and the
> PostgreSQL client tools yourself first — the script verifies them and stops
> with instructions if any are missing.

---

## What the installer does (in order)

1. **Detect OS** and validate it's supported.
2. **Collect configuration** with input validation (domain format, DB URL format).
3. **Generate `APP_ENCRYPTION_KEY`** (64 hex chars).
4. **Install dependencies** (Linux/macOS) or **verify** them (Windows).
5. **Clone** the repo into `./TMCP` (prompts before overwriting an existing dir).
6. **Write `TMCP/.env.local`** (mode `600` on Unix).
7. **Run migrations** — every `supabase/migrations/*.sql` in filename order,
   stopping on the first failure (`psql -v ON_ERROR_STOP=1`).
8. **Build** — `npm install && npm run build`.
9. **Start under PM2** — `pm2 start npm --name tmcp -- start`, then `pm2 save`
   and `pm2 startup`.
10. **Configure Nginx** from [`nginx.conf.template`](nginx.conf.template) and
    reload (Linux/macOS only).
11. **SSL** (Linux only) — optional `certbot --nginx` with auto-renewal.

Every phase prints `[INFO]`, `[SUCCESS]`, `[WARNING]`, or `[ERROR]` and the
scripts abort immediately on fatal errors (`set -euo pipefail` /
`$ErrorActionPreference = 'Stop'`).

---

## Updating

Pulls latest code, reinstalls deps, rebuilds, and restarts PM2.

```bash
./install/update.sh                                   # Linux / macOS
```
```powershell
powershell -ExecutionPolicy Bypass -File .\install\update.ps1   # Windows
```

---

## Uninstalling

Stops & deletes the PM2 process, removes the `./TMCP` directory, and removes the
Nginx site config. **System tooling (Node, PM2, Nginx, Git, psql) is left
intact.**

```bash
./install/uninstall.sh                                  # Linux / macOS
```
```powershell
powershell -ExecutionPolicy Bypass -File .\install\uninstall.ps1   # Windows
```

> SSL certificates are not removed automatically. Remove them with
> `sudo certbot delete` if needed.

---

## Files in this directory

| File                              | Purpose                                            |
| --------------------------------- | -------------------------------------------------- |
| `install.sh`                      | Full install for Linux / macOS                     |
| `update.sh`                       | Update an existing Linux / macOS install           |
| `uninstall.sh`                    | Remove a Linux / macOS install                     |
| `install.ps1`                     | Install for Windows (dependency checks only)       |
| `update.ps1`                      | Update an existing Windows install                 |
| `uninstall.ps1`                   | Remove a Windows install                           |
| `nginx.conf.template`             | Nginx reverse-proxy template (`__DOMAIN__` token)  |
| `examples/env.example.generated`  | Sample of the generated `.env.local`               |
| `README.md`                       | This file                                          |

---

## Troubleshooting

- **Migrations fail immediately** — verify the Database URL is the *direct*
  connection string with the correct password, and that this server's IP is
  allowed to reach Supabase Postgres (port 5432/6543).
- **`nginx -t` fails** — another site may already claim port 80 or your domain.
  Check `/etc/nginx/sites-enabled/`.
- **SSL (certbot) fails** — DNS for the domain must resolve to this server and
  ports 80/443 must be open *before* requesting a certificate. The install
  continues over HTTP; re-run `sudo certbot --nginx -d <domain>` later.
- **App not reachable** — check `pm2 status` and `pm2 logs tmcp`. The app must
  be listening on `127.0.0.1:3000`.
- **Windows: pm2 doesn't survive reboot** — install
  `pm2-windows-startup` (`npm i -g pm2-windows-startup && pm2-startup install`).

---

## Security notes

- `.env.local` contains live secrets. On Unix it's written with `600`
  permissions; keep it that way and never commit it.
- The generated `APP_ENCRYPTION_KEY` is unique per install. If you lose it,
  previously encrypted tool credentials in the database become unrecoverable —
  back it up securely.