Prerequisites
- Git.
- Docker with the Compose v2 plugin.
- Access to the Overlay source repository or customer fork.
- A Convex deployment URL and matching
INTERNAL_API_SECRETfor the selected environment. - Enterprise provider credentials for the providers you enable, such as OIDC, S3-compatible storage, and a model provider.
Install From Source
docker compose up -d pulls ghcr.io/layernorm/overlay-web:latest. This keeps first boot fast and avoids compiling the app on the customer’s server.
What The Repo Provides
The source checkout is still important even when the first run uses the official image:src/,packages/, andconvex/for audit and source-level customization.docker-compose.ymlfor the default image-based runtime.docker-compose.build.ymlfor local source builds..env.enterprise.examplefor enterprise runtime variables.docs/config/*.example.jsonfor validated deployment profiles.overlay.config.jsonfor non-secret runtime config.
Customize Runtime Config
Prefer runtime config before editing product code:.env for secrets and deployment-specific values. Use overlay.config.json for non-secret provider shape, feature gates, compliance profile, CSP additions, and capability defaults.
Validate config from the source checkout:
Build After Code Changes
When the IT team edits source files, switch to the build override:overlay-web:local by default. Set OVERLAY_WEB_BUILD_IMAGE if the team wants another local tag.
Production Custom Image
For production, prefer building in CI and pushing to the enterprise registry:Updating
For source-visible installs without code changes:OVERLAY_WEB_IMAGE, then run: