🚀 Installation

Self-host installs run a 14-day free trial from first boot — full access to every engine, no credit card, no limits. After 14 days, write actions are blocked until you install a Sovereign licence file.

Buy a Sovereign licence at scarifone.com/sovereignty ($9,999 / $24,999 / $44,999, one-time). You get a signed JSON file by email; paste it into /superadmin/licenseon your install and the engine unlocks immediately.

The signature is verified offline using an embedded Ed25519 public key — no phone-home, works fully air-gapped, and your install keeps running forever even if scarifone.com goes away.

• Docker + docker-compose v2 — Docker Desktop on Mac/Win, Engine on Linux
• ~2GB RAM, 20GB disk — Scarif One uses a few hundred MB; the rest is for tenant data + cache
• A free Gemini API key — get one at aistudio.google.com/apikey

If you want to expose the dashboard to the public internet, also: Cloudflare Tunnel (free, easiest) OR an SSL reverse proxy.

curl -fsSL https://raw.githubusercontent.com/Scarif-One/scarif-one/main/scripts/install.sh | bash

This:

1. Verifies Docker is installed
2. Creates ~/scarif-one/
3. Downloads docker-compose.yml + .env.example
4. Prompts for your GEMINI_API_KEY
5. Pulls the image from GHCR + starts the container
6. Tells you when http://localhost:3000 is ready

If you don't want to pipe a script to bash, do it yourself:

mkdir scarif-one && cd scarif-one

curl -fsSL https://raw.githubusercontent.com/Scarif-One/scarif-one/main/docker-compose.yml -o docker-compose.yml
curl -fsSL https://raw.githubusercontent.com/Scarif-One/scarif-one/main/.env.example -o .env.local

# Edit .env.local — at minimum set GEMINI_API_KEY
nano .env.local

docker compose up -d

1. Open http://localhost:3000
2. The first-run wizard auto-launches
3. 5 steps: business info → AI brand voice scan → locale → integrations → admin login
4. Total time: ~10 minutes
5. Wizard finish → land on the dashboard already logged in
6. An amber trial banner appears at the top of every page — counts down 14 days from first boot

After buying a Sovereign tier:

1. You receive an email with a signed JSON licence file (filename ends in .licence.json)
2. Sign in at your-install/superadmin as the operator account
3. Go to Sovereign licence in the sidebar
4. Paste the entire JSON contents into the textarea + click Install licence
5. The signature is verified locally — no external call. Within ~1 minute the trial banner clears.

The file is stored at /data/licence.json with mode 0600 alongside your tenant data, so a backup of /data includes the licence.

If you lose the file, email hello@scarifone.com from the address that bought the licence — we re-issue at no cost.

If you don't install a licence within 14 days, the install enters read-only mode:

• The dashboard, settings, and existing data stay fully accessible
• Mutating API calls return HTTP 402 Payment Required with a JSON pointer to /sovereignty
• Generation, publishing, and integrations all stop working until a licence is installed
• Operator console (/superadmin/*) keeps working so you can install a licence to recover

Install a licence at any point — even months later — and the engine unlocks immediately without restarting the container. The trial state isn't reset by an install (it can't be re-triggered once consumed).

Optional. Adds a Watchtower container that polls GHCR every 24h:

cd ~/scarif-one
docker compose --profile auto-update up -d

To pin a specific version (skip auto-updates):

SCARIF_VERSION=v0.2.0 docker compose up -d

The simplest path: Cloudflare Tunnel.

1. Sign up at cloudflare.com + add your domain
2. Cloudflare Zero Trust → Networks → Tunnels → Create tunnel
3. Run the cloudflared install command Cloudflare gives you
4. Map your subdomain to localhost:3000
5. Done — your dashboard is accessible at e.g. scarif.yourdomain.com

Cloudflare handles the SSL + DDoS protection automatically. Free.

Set SCARIF_BACKUP_DIR in .env.local to enable nightly tarball backups at 04:00:

SCARIF_BACKUP_DIR=/path/to/backups

Manual backup any time: POST /api/admin/backup-now with SCARIF_SUPERADMIN_TOKEN.

S3-compatible (R2, B2, AWS) backup support is on the v1.5 roadmap — for now, sync your SCARIF_BACKUP_DIR to S3 with rclone or similar.

cd ~/scarif-one
docker compose pull
docker compose up -d

Your tenant data persists across updates (it's in ./data).

Check the container logs:

cd ~/scarif-one && docker compose logs -f

Or email hello@scarifone.com with the output.