Self-Hosted Claude Host — Relocation & Access Architecture (design, in progress)

Status: Executed 2026-06-19 — with one deliberate deviation (access = SSH, not Remote Control; see the 2026-06-19 update). The brainstorming session on 2026-06-10 converged on the architecture below but paused before a formal Understanding Lock / final review — Brad exited to pursue a separate project (rolling his own Laravel markdown viewer). The migration then landed incrementally without a formal /planning pass: the always-on Ubuntu host is live, the harness is onboarded, and Brad reaches it from home over SSH. This doc is now a record of a realized design rather than a pending one; the only live follow-ups are the deferred polish items (Windows doc sweep, bell rethink, new-machine-setup Linux path, settings re-snapshot) tracked in current-plan.md. Naming kept dateless; no host-relocation-plan.md was ever needed.

One-line: Retire Seafile as the sync substrate. Relocate the whole Claude environment (the three layered repos + the ~/.claude wiring) onto a single dedicated always-on Ubuntu host, reach it from anywhere via Remote Control, and use GitHub private remotes as the backup/version foundation. A read-only web viewer of the markdown corpus is a parked, separable component (Brad is rolling his own — see the viewer bookmark).

Update 2026-06-18 — Seafile is now actually retired (uninstalled; its references scrubbed and the three repos relocated to flat C:\Projects\ in a separate, lighter effort — seafile-retirement-design.md / -plan.md). Two consequences for this design: (1) single-machine on Windows is now the interim reality — the multi-machine reach driver is parked, so what remains live here is the cloud relocation (always-on host + Remote Control + GitHub remotes + the Windows→Linux conversion), gated behind Kingdom.md; (2) the human-window viewer is now Kingdom.md (the roll-your-own Laravel viewer, MVP shipped), which supersedes the Perlite/Quartz survey below as the chosen viewer.

Update 2026-06-19 — migration executed; access pivoted from Remote Control to plain SSH. The always-on Ubuntu host (a DigitalOcean droplet) is live at /var/projects; the harness is onboarded (wiring verified, hooks ported to Bash, GitHub private remotes in place, line endings normalized to LF). The one architectural change from the converged design: access is plain SSH, not Remote Control. This was not a fallback — it's exactly what Brad wanted and the design hadn't named: reaching the host directly from home without first remoting into the work machine. SSH is now the settled primary access path. Remote Control is superseded for primary access and demoted to an optional mobile-reach luxury (phone/tablet, no laptop) — genuinely nice, but a deferred someday, not a blocker. The Access section (#2) below documents the Remote-Control design that was planned; it stands as the record of the road not taken.

Why (motivation)

Seafile is "deprecated-in-waiting" (see the 2026-06-04 phase Seafile out bookmark). The trigger this session was the Obsidian markdown line-ending friction (fixed separately this session via a *.md text eol=lf .gitattributes carve-out in all three repos), which exposed the deeper issue: a real-time file-syncer managing a live .git/ is the canonical corruption anti-pattern ("when, not if"). Seafile has been getting away with it only because Brad is effectively single-machine. That realization killed the initial "just move to Dropbox" plan and reframed the whole question from "which file-syncer?" to "where should the Claude environment live, and how do I reach it?"

Drivers (Brad's, elicited this session)

• Backup / durability (an off-machine copy, history included) and reach-from-anywhere / mobile.
• NOT multi-machine local editing. The ideal is one always-there "brain," zero-touch — reached from any device, nothing to reconcile.
• Leans toward moving that brain off the work machine ("probably not my work machine anymore").

Eliminated options (with reasons)

• Seafile / Dropbox — file-syncer over a live .git/ = corruption risk; the wrong tool for syncing git. (Dropbox also ignores dotfiles/.git anyway, so it wouldn't even carry history.)
• Obsidian Sync — ignores .git and all dotfiles (only .obsidian syncs) → drops version control entirely.
• Claude Code on the web (claude.ai/code) — Anthropic-managed Linux sandbox, GitHub-only, one repo per session, no user/global config layer → guts the layered multi-repo toolkit and PowerShell hooks die. A re-platform, not a move. Off the table unless Brad ever deliberately re-architects around a GitHub monorepo + per-project config.

Converged architecture

1. Host — a dedicated, always-on Ubuntu box (home server or a VPS Brad controls). The toolkit gets converted to Linux/Bash — the meaty migration scope: PowerShell hooks (bell.ps1, webfetch-github-guard.ps1) → Bash; Windows junctions → symlinks; relink.ps1 reworked; the per-machine memory/ path; CLAUDE.md's Windows-centric "Machine Setup" content; settings paths. Easy for Brad (DevOps/sysadmin) but real, owned plan scope.
2. Access (SUPERSEDED 2026-06-19 — actual access is plain SSH; this is the road not taken, kept as the record. Remote Control survives only as the deferred mobile-reach luxury.) — Remote Control in server mode (claude remote-control). The host makes outbound HTTPS only, relayed through Anthropic → a headless host is reachable from laptop/phone with no port-forwarding, authed by the Claude account (needs Pro/Max/Team, not API keys). Caveats to design around: persistence is DIY (no official daemon yet — wrap in tmux/screen + a boot-restart service like systemd; a >~10-min network outage drops the session), and it's research preview.
3. Backup foundation — GitHub private remotes for all three repos. This is the long- deferred "push the repos to private remotes" item, now promoted from someday to the foundation: it's the correct tool for backup AND for any future multi-machine git-sync, and it retires Seafile. The host becomes reconstructible (new box → clone the three repos → run relink → done), which is what makes a single always-on host safe despite being a SPOF.
4. Human window (parked, separable component) — a read-only web viewer of the markdown corpus, served from the host. Surveyed this session:
   • Perlite — PHP, live-render (instant), wikilinks + graph view, auth pushed to a reverse proxy (Basic / mTLS / authentik / oauth2-proxy / Cloudflare Access).
   • Quartz — best-in-class graph/backlinks/search, but Node/TS static-site generator (rebuild step), outside Brad's ecosystem.
   • LaRecipe / HydePHP — Laravel-native (docs package / SSG).
   • BookStack — Laravel but MySQL-backed (not live flat files) → ruled out for "browse the files Claude writes."
   • Decision: Brad is rolling his own — a Perlite-like viewer in Laravel + OAuth (Socialite) + RBAC — as a separate project (see the viewer bookmark). Perlite is the zero-effort interim if he wants eyes on the vault before then. The viewer is read-only by design (Claude is the writer) and fully decoupled → it adds zero risk to the write path.

Key findings (sources)

• File-syncer over live .git = corruption "when, not if": git+Dropbox safe practices, git-remote-dropbox.
• Obsidian Sync ignores dotfiles/.git: Obsidian forum.
• Cloud-web breaks the layered setup; Remote Control preserves it (runs local): Claude Code on the web, Remote Control.
• Viewer landscape: Perlite, Quartz, LaRecipe, HydePHP.
• Prior context: C:/Projects/yggdrasil-research/obsidian-as-memory-window.md (Obsidian as the human-facing window — this design re-homes that "Tier 1 viewer" to a host-served web viewer).

Open / next

• No formal Understanding Lock yet — the architecture is converged but not locked/reviewed. A quick re-confirm → /planning would produce the migration plan.
• Migration-plan scope (for /planning, roughly ordered): provision the Ubuntu host → set up GitHub private remotes first (the foundation) → convert the toolkit to Linux/Bash → stand up Remote Control (server mode + persistence wrapper + auth) → retire Seafile and update every doc that assumes it (new-machine-setup skill, CLAUDE.md Machine-Setup/Seafile-sync sections, any Yggdrasil notes) → optional Perlite interim.
• Roll-your-own viewer is a separate project (see bookmark) — deliberately not folded into this migration.

Decision log

• Reject file-syncers (Seafile/Dropbox) and Obsidian Sync — wrong tool for git / they drop version control.
• Reject cloud-web — a re-platform that guts the layered toolkit; PowerShell hooks die on Linux sandboxes.
• Choose a self-hosted always-on Ubuntu host + Remote Control + GitHub private remotes.
• Host OS = Ubuntu (Brad's call; he accepts the Windows→Linux toolkit conversion as "cake").
• Viewer = roll-your-own Laravel (separate project); Perlite as the interim.
• GitHub remotes promoted from a deferred someday to the architecture's foundation step.
• Access = SSH, not Remote Control (decided in practice 2026-06-19). Plain SSH to the droplet met the real driver — reach the host from home without first remoting into the work machine — more simply than Remote Control would have. Remote Control is demoted to an optional mobile-reach (phone/tablet) luxury, deferred indefinitely.