cleanup and remote only

CLAUDE.md

@@ -63,6 +63,7 @@ uv run ruff format --check .
 ```
 mempalace/
 ├── mcp_server.py        # MCP server — all read/write tools
+├── ingest_server.py     # HTTP transcript-ingest endpoint (server mode only)
 ├── cli.py               # CLI dispatcher
 ├── config.py            # Configuration + input validation
 ├── miner.py             # Project file miner
@@ -90,9 +91,18 @@ mempalace/
 ├── split_mega_files.py  # Split concatenated transcript files
 └── version.py           # Single source of truth for version
 
-hooks/                   # Claude Code hook scripts
-├── mempal_save_hook.sh        # Stop: triggers diary save
-└── mempal_precompact_hook.sh  # PreCompact: saves state before compression
+hooks/                              # Hook scripts for Claude Code / Codex CLI
+├── mempal_save_hook_remote.sh      # Stop: HTTP POST to remote ingest endpoint
+└── mempal_precompact_hook_remote.sh  # PreCompact: HTTP POST to remote ingest
+
+deploy/unraid/                      # Containerized server-mode deployment
+├── docker-compose.yml              # mempalace + caddy sidecar (auth + TLS)
+├── Caddyfile                       # bearer-token auth, SSE-aware reverse proxy
+├── mempalace-server.xml            # dockerMan template (no-auth, LAN-trust path)
+└── README.md                       # Full install/usage/troubleshooting guide
+
+Dockerfile                          # Builds the server-mode image
+.dockerignore                       # Trims build context
 ```
 
 ## Conventions
@@ -130,4 +140,11 @@ Knowledge Graph:
 - **Modifying mining**: `mempalace/miner.py` (project files) or `mempalace/convo_miner.py` (transcripts)
 - **Adding a storage backend**: subclass `mempalace/backends/base.py`, register in `backends/__init__.py`
 - **Input validation**: `mempalace/config.py` — `sanitize_name()` / `sanitize_content()`
+- **Server-mode deployment**: `deploy/unraid/` — see [`deploy/unraid/README.md`](deploy/unraid/README.md). Image is built from the repo-root `Dockerfile`. The HTTP transcript-ingest endpoint in `mempalace/ingest_server.py` runs as a daemon thread inside `mempalace-mcp` (single Chroma writer per palace) and is opt-in via `MEMPALACE_INGEST_PORT`.
 - **Tests**: mirror source structure in `tests/test_<module>.py`
+
+## Architectural notes
+
+- **Server mode is opt-in.** The default install path (local CLI + stdio MCP server + local hooks) is unchanged. Server mode adds three things: a `Dockerfile`, an HTTP ingest thread that starts only when `MEMPALACE_INGEST_PORT` is set, and `*_remote.sh` hook variants that POST to that endpoint. Nothing in the local path imports the ingest server.
+- **One ChromaDB writer per palace.** ChromaDB's HNSW index isn't safe across processes. The ingest endpoint is a thread inside the existing MCP server process — not a sibling container — so all writes serialize through one Python process and one Chroma client. Anyone adding a second writer (e.g. a sidecar that mines on a schedule) must do it in-process or via `mine_lock`.
+- **"Local-first" boundary in server mode.** CLAUDE.md mission says data never leaves the user's machine. A user-controlled Unraid box on the user's LAN is still "the user's machine" — but the moment it accepts inbound HTTP, that property weakens to "user's machine + anyone with the bearer token + anyone who can MITM the LAN segment." Caddy's `tls internal` + bearer auth is the floor. Tailscale, mTLS, or a real CA cert are stronger options the user can layer on top.