Merge branch 'develop'

Author: d4v3-rm

CHANGELOG.md

@@ -10,11 +10,9 @@ The script does not create tags locally.
 - Range: `v0.36.4..HEAD`
 - Included commits: 13
 
-### Features (4)
+### Features (2)
 
 - [atlas-dashboard] rename AI layer and add n8n card (`619c080`)
-- [atlas-dashboard] add Plane Penpot and Nextcloud AIO core cards (`1f7e6be`)
-- [core] add Plane Penpot and Nextcloud AIO services (`d370dc7`)
 - [core] bootstrap Plane and Penpot default admins (`676a690`)
 
 ### Fix (6)

README.md

@@ -7,11 +7,11 @@
 ![CLI](https://img.shields.io/badge/CLI-Node.js%20%2B%20TypeScript-3C873A?logo=nodedotjs&logoColor=white)
 ![Dashboard](https://img.shields.io/badge/UI-Atlas%20Dashboard-0F172A?logo=antdesign&logoColor=white)
 ![Security](https://img.shields.io/badge/Ingress-HTTPS%20Only-0F766E)
-![Profiles](https://img.shields.io/badge/Layers-core%20%7C%20ai--agents%20%7C%20ai--llm%20%7C%20ai--image%20%7C%20ai--video%20%7C%20workbench-7C3AED)
+![Profiles](https://img.shields.io/badge/Layers-core%20%7C%20ai--llm%20%7C%20workbench-7C3AED)
 ![Persistence](https://img.shields.io/badge/Persistence-Docker%20Volumes-CA8A04)
 
 > 🧭 **Atlas Lab** is a localhost-first self-hosted platform made of a Node.js/TypeScript CLI, a layered Docker Compose stack, and an operational React dashboard served by the gateway.
-> It is designed to provide Git hosting, optional automation agents, optional local AI LLM services, optional AI image and video generation, browser-based development workbenches, and structured image/volume backup workflows on a single machine.
+> It is designed to provide Git hosting, optional local AI services with Open WebUI, Ollama, and n8n, browser-based development workbenches, and structured image/volume backup workflows on a single machine.
 
 ---
 
@@ -22,8 +22,8 @@ Atlas Lab is built for a practical goal: run a repeatable local engineering plat
 ### What it gives you
 
 - 🧱 An always-on **core layer** with Gitea, the gateway, and Atlas Dashboard
-- 🧠 An optional **AI LLM layer** with Open WebUI and Ollama
-- 🛠️ An optional **workbench layer** with browser-based Node, Python, AI, and C++ environments plus shared PostgreSQL
+- 🧠 An optional **AI LLM layer** with Open WebUI, Ollama, and n8n
+- 🛠️ An optional **workbench layer** with browser-based Node and Python environments plus shared PostgreSQL
 - 🔐 HTTPS-only ingress on `localhost`
 - 📦 A self-contained npm package that can run without a local repository checkout
 - 💾 Persistent state stored in named Docker volumes
@@ -67,7 +67,7 @@ Atlas Lab is split into **three explicit layers**:
 | Layer | Status | Includes | Purpose |
 | --- | --- | --- | --- |
 | `core` | always on | gateway, Atlas Dashboard, Gitea, Gitea DB | baseline platform |
-| `ai-llm` | optional | Open WebUI, Ollama, AI LLM gateway | local LLM workflows |
+| `ai-llm` | optional | Open WebUI, Ollama, n8n, AI gateway | local AI workflows and automation |
 | `workbench` | optional | Node Forge, Python Grid, shared PostgreSQL, workbench gateway | browser-based development |
 
 ### Why the current topology
@@ -95,6 +95,7 @@ The CLI:
 - runs host preflight checks
 - reconciles runtime state
 - bootstraps Gitea
+- aligns the n8n owner bootstrap account when the AI LLM layer is enabled
 - reconciles Ollama only when the AI LLM layer is enabled
 - cleans up legacy runtime artifacts
 
@@ -111,6 +112,7 @@ The only host-level TCP service exposed directly is PostgreSQL from the workbenc
 | Gitea | `core` | `https://localhost:8444/` | Git forge, issues, reviews |
 | Open WebUI | `ai-llm` | `https://localhost:8446/` | only with `--with-ai-llm` |
 | Ollama | `ai-llm` | `https://localhost:8447/` | HTTPS API |
+| n8n | `ai-llm` | `https://localhost:8453/` | workflow automation and agent orchestration |
 | Node Forge | `workbench` | `https://localhost:8450/` | Node / TypeScript workspace |
 | Python Grid | `workbench` | `https://localhost:8451/` | Python workspace |
 | PostgreSQL | `workbench` | `localhost:15432` | host-side desktop access |
@@ -129,7 +131,7 @@ The only host-level TCP service exposed directly is PostgreSQL from the workbenc
 | --- | --- | --- |
 | `edge-net` | exposed | published ingress ports |
 | `apps-net` | internal | Gitea and shared browser-facing services |
-| `ai-llm-net` | internal | Open WebUI and Ollama |
+| `ai-llm-net` | internal | Open WebUI, Ollama, and n8n |
 | `data-net` | internal | data services and infrastructure databases |
 | `workbench-net` | internal | workbenches and PostgreSQL |
 | `workbench-host-net` | bridge | host-side PostgreSQL bind |
@@ -157,6 +159,7 @@ Key volumes include:
 - `gitea-data`
 - `gitea-db`
 - `ollama-data`
+- `n8n-data`
 - `open-webui-data`
 - `postgres-dev-data`
 - workbench home/workspace volumes for Node, Python, AI, and C++
@@ -175,7 +178,7 @@ Recreating containers does not wipe state. Removing the volumes does.
 
 ### AI requirements
 
-The AI LLM and AI image layers require:
+The AI LLM layer requires:
 
 - an `NVIDIA` GPU
 - a working `nvidia-smi` on the host
@@ -194,6 +197,7 @@ The AI LLM and AI image layers require:
 - `8444`
 - `8446`
 - `8447`
+- `8453`
 - `8450`
 - `8451`
 - `15432` when `workbench` is enabled
@@ -231,12 +235,13 @@ Key variables include:
 
 - `APP_VERSION`
 - `LAB_HTTPS_PORT`, `GITEA_HTTPS_PORT`
-- `OPENWEBUI_HTTPS_PORT`, `OLLAMA_HTTPS_PORT`
+- `OPENWEBUI_HTTPS_PORT`, `OLLAMA_HTTPS_PORT`, `N8N_HTTPS_PORT`
 - `NODE_DEV_HTTPS_PORT`, `PYTHON_DEV_HTTPS_PORT`
 - `POSTGRES_DEV_HOST_PORT`
 - `OLLAMA_CHAT_MODEL`, `OLLAMA_EMBEDDING_MODEL`, `OLLAMA_RUNTIME_MODELS`
 - `GITEA_ROOT_USERNAME`, `GITEA_ROOT_PASSWORD`
 - `OPENWEBUI_ROOT_EMAIL`, `OPENWEBUI_ROOT_PASSWORD`
+- `N8N_ROOT_EMAIL`, `N8N_ROOT_PASSWORD`
 
 Rule of thumb:
 
@@ -332,7 +337,7 @@ npm run dev -- down
 | `atlas-lab up --with-workbench` | adds the workbench layer |
 | `atlas-lab up --with-ai-llm --with-workbench` | starts the full lab |
 | `atlas-lab bootstrap` | reruns core bootstrap |
-| `atlas-lab bootstrap --with-ai-llm` | reruns bootstrap and Ollama reconciliation |
+| `atlas-lab bootstrap --with-ai-llm` | reruns bootstrap, n8n owner alignment, and Ollama reconciliation |
 | `atlas-lab doctor` | runs host and configuration checks |
 | `atlas-lab doctor --smoke` | adds smoke tests for the core layer |
 | `atlas-lab doctor --with-ai-llm --smoke` | adds smoke tests for the AI LLM layer |
@@ -419,7 +424,7 @@ npm run dev -- save-volumes --with-ai-llm --with-workbench
 npm run dev -- restore-volumes --input .\backups\volumes\atlas-lab-volumes.tar.gz
 ```
 
-Bootstrap is idempotent and reconciles Gitea plus Ollama when `ai-llm` is enabled.
+Bootstrap is idempotent and reconciles Gitea, n8n, and Ollama when `ai-llm` is enabled.
 
 ---
 
@@ -433,6 +438,7 @@ Bootstrap is idempotent and reconciles Gitea plus Ollama when `ai-llm` is enable
 | Gitea | `https://localhost:8444/` | `root / RootGitea!2026` |
 | Open WebUI | `https://localhost:8446/` | `root@openwebui.local / RootOpenWebUI!2026` |
 | Ollama | `https://localhost:8447/` | gateway basic auth `root / RootOllama!2026` |
+| n8n | `https://localhost:8453/` | owner bootstrap `root@n8n.local / RootN8NApp!2026` |
 | PostgreSQL host-side | `localhost:15432` | `postgres / RootPostgresDev!2026` |
 
 For DBeaver and other desktop PostgreSQL clients:

apps/atlas-dashboard/src/locales/en.json

@@ -111,7 +111,6 @@
     "rootName": "root name",
     "rootPassword": "root password",
     "rootUser": "root user",
-    "setupUrl": "setup URL",
     "superuser": "superuser",
     "wanModel": "wan model",
     "usage": "usage"
@@ -123,11 +122,9 @@
     "designCollaboration": "design collaboration",
     "directAppOnboarding": "direct app onboarding",
     "directAppLogin": "direct app login",
-    "guidedSetup": "guided setup",
     "imageStudio": "image studio",
     "localInferenceApi": "local inference API",
     "password": "password",
-    "privateCloud": "private cloud",
     "projectHub": "project hub",
     "protectedApi": "protected API",
     "sharedDatabase": "shared database",
@@ -136,10 +133,10 @@
     "alwaysOnForge": "always-on forge"
   },
   "dashboard": {
-    "coreLayerSummary": "Gitea, Plane, Penpot, and Nextcloud AIO form the always-on core plane of the lab.",
+    "coreLayerSummary": "Gitea, Plane, and Penpot form the always-on core plane of the lab.",
     "accessNotes": {
       "aiDisabled": "The AI layer no longer starts by default: the deck marks it as optional instead of pretending that it is online.",
-      "aiEnabled": "Open WebUI and Ollama are really online and reachable on the AI gateway ports.",
+      "aiEnabled": "Open WebUI, Ollama, and n8n are online and reachable on the dedicated AI gateway ports.",
       "credentials": "Operational credentials are exposed here and remain aligned with the lab bootstrap.",
       "https": "All browser ingresses use localhost with dedicated HTTPS, without custom DNS or hosts-file edits.",
       "workbenchDisabled": "Workbench and Postgres stay separated from the core operating plane until you enable the dedicated layer.",
@@ -148,18 +145,19 @@
     "aiLayer": {
       "capabilities": {
         "llmModels": "GPU-backed LLM models",
+        "n8n": "Local n8n automation",
         "ollama": "Protected Ollama API",
         "openWebUi": "Local Open WebUI"
       },
-      "description": "Optional AI layer for local conversational workflows and GPU-backed LLM inference. The deck enables it only when you explicitly request it.",
+      "description": "Optional AI layer for local conversational workflows, workflow orchestration, and GPU-backed LLM inference. The deck enables it only when you explicitly request it.",
       "summaryDisabled": "The AI layer is off. No AI service is started or exposed until you enable the dedicated flag.",
-      "summaryEnabled": "Open WebUI and Ollama are active and served through the AI gateway.",
+      "summaryEnabled": "Open WebUI, Ollama, and n8n are active and served through the AI gateway.",
       "title": "AI"
     },
     "aiServices": {
       "n8n": {
         "action": "Open n8n",
-        "description": "Workflow automation platform for orchestrating integrations, agents, and AI flows, even outside the lab's local runtime.",
+        "description": "Local workflow automation platform for orchestrating integrations, agents, and AI flows, with the bootstrap owner account aligned to the lab runtime.",
         "title": "n8n"
       },
       "ollama": {
@@ -187,7 +185,7 @@
         "label": "segmentation"
       },
       "usage": {
-        "body": "Gitea, Plane, Penpot, and Nextcloud AIO stay on as the core plane; AI, AI image, AI video, and workbench layers are enabled only when they are actually needed.",
+        "body": "Gitea, Plane, and Penpot stay on as the core plane; the AI and workbench layers are enabled only when they are actually needed.",
         "label": "usage"
       }
     },
@@ -209,7 +207,7 @@
         "networkMapDescription": "Read the lab topology and the published network planes.",
         "networkMapLabel": "Network map"
       },
-      "summary": "Unified control room for repository work, project coordination, design collaboration, private cloud access, optional AI tooling, and development environments. Browser ports stay on HTTPS over localhost, while Postgres from the workbench layer also exposes a host-side TCP port.",
+      "summary": "Unified control room for repository work, project coordination, design collaboration, optional AI tooling, and development environments. Browser ports stay on HTTPS over localhost, while Postgres from the workbench layer also exposes a host-side TCP port.",
       "titleLines": {
         "first": "LAB",
         "second": "ATLAS"
@@ -255,13 +253,6 @@
         "description": "Internal Git forge for repositories, issues, review, and the lab's technical collaboration flow.",
         "title": "Gitea Forge"
       },
-      "nextcloudAio": {
-        "action": "Open setup UI",
-        "description": "Self-hosted Nextcloud All-in-One stack routed through the lab gateway. It exposes the application on its dedicated URL once the guided AIO setup has completed.",
-        "note": "Use the setup UI first. When the Nextcloud application asks for the initial admin account, use the credentials listed here. After AIO provisions the application containers, the main app URL becomes available on the dedicated gateway port.",
-        "title": "Nextcloud All-in-One",
-        "usage": "self-hosted deployment"
-      },
       "penpot": {
         "action": "Open Penpot",
         "description": "Self-hosted Penpot workspace for product design, shared libraries, and collaboration across design and code, with a bootstrap root profile aligned to the lab.",

apps/atlas-dashboard/src/locales/it.json

@@ -111,7 +111,6 @@
     "rootName": "nome root",
     "rootPassword": "password root",
     "rootUser": "utente root",
-    "setupUrl": "URL setup",
     "superuser": "superuser",
     "wanModel": "modello wan",
     "usage": "uso"
@@ -123,11 +122,9 @@
     "designCollaboration": "collaborazione design",
     "directAppOnboarding": "onboarding diretto in app",
     "directAppLogin": "login diretto applicazione",
-    "guidedSetup": "setup guidato",
     "imageStudio": "studio immagini",
     "localInferenceApi": "API di inference locale",
     "password": "password",
-    "privateCloud": "cloud privato",
     "projectHub": "hub progetti",
     "protectedApi": "API protetta",
     "sharedDatabase": "database condiviso",
@@ -136,10 +133,10 @@
     "alwaysOnForge": "forge sempre accesa"
   },
   "dashboard": {
-    "coreLayerSummary": "Gitea, Plane, Penpot e Nextcloud AIO formano il piano core sempre acceso del lab.",
+    "coreLayerSummary": "Gitea, Plane e Penpot formano il piano core sempre acceso del lab.",
     "accessNotes": {
       "aiDisabled": "Il layer AI non viene piu acceso di default: il deck lo marca come opzionale invece di fingere che sia online.",
-      "aiEnabled": "Open WebUI e Ollama sono realmente online e raggiungibili sulle porte AI del gateway.",
+      "aiEnabled": "Open WebUI, Ollama e n8n sono online e raggiungibili sulle porte dedicate del gateway AI.",
       "credentials": "Le credenziali operative sono esposte qui e restano allineate al bootstrap del lab.",
       "https": "Tutti gli ingressi browser usano localhost con HTTPS dedicato, senza DNS custom o file hosts.",
       "workbenchDisabled": "Workbench e Postgres restano separati dal core operativo finche non abiliti il layer dedicato.",
@@ -148,18 +145,19 @@
     "aiLayer": {
       "capabilities": {
         "llmModels": "modelli LLM GPU-backed",
+        "n8n": "automazione n8n locale",
         "ollama": "API Ollama protetta",
         "openWebUi": "Open WebUI locale"
       },
-      "description": "Layer AI opzionale per console conversazionale locale e inference LLM GPU-backed. Il deck lo attiva solo quando lo chiedi esplicitamente.",
+      "description": "Layer AI opzionale per console conversazionale locale, orchestrazione workflow e inference LLM GPU-backed. Il deck lo attiva solo quando lo chiedi esplicitamente.",
       "summaryDisabled": "Layer AI spento. Nessun servizio AI viene avviato o esposto finche non abiliti il flag dedicato.",
-      "summaryEnabled": "Open WebUI e Ollama sono attivi e serviti dal gateway AI.",
+      "summaryEnabled": "Open WebUI, Ollama e n8n sono attivi e serviti dal gateway AI.",
       "title": "AI"
     },
     "aiServices": {
       "n8n": {
         "action": "Apri n8n",
-        "description": "Piattaforma di automazione workflow utile per orchestrare integrazioni, agenti e flussi AI anche fuori dal runtime locale del lab.",
+        "description": "Piattaforma locale di automazione workflow per orchestrare integrazioni, agenti e flussi AI, con owner bootstrap allineato al runtime del lab.",
         "title": "n8n"
       },
       "ollama": {
@@ -187,7 +185,7 @@
         "label": "segmentazione"
       },
       "usage": {
-        "body": "Gitea, Plane, Penpot e Nextcloud AIO restano sempre attivi nel piano core; AI, AI image, AI video e workbench vengono abilitati a layer solo quando servono davvero.",
+        "body": "Gitea, Plane e Penpot restano sempre attivi nel piano core; i layer AI e workbench vengono abilitati solo quando servono davvero.",
         "label": "uso"
       }
     },
@@ -209,7 +207,7 @@
         "networkMapDescription": "Leggi la topologia del lab e i piani di rete pubblicati.",
         "networkMapLabel": "Network map"
       },
-      "summary": "Control room unificata per repository, coordinamento progetti, collaborazione design, cloud privato, strumenti AI opzionali e ambienti di sviluppo. Le porte browser restano HTTPS su localhost, mentre Postgres del layer workbench espone anche una porta TCP host-side.",
+      "summary": "Control room unificata per repository, coordinamento progetti, collaborazione design, strumenti AI opzionali e ambienti di sviluppo. Le porte browser restano HTTPS su localhost, mentre Postgres del layer workbench espone anche una porta TCP host-side.",
       "titleLines": {
         "first": "LAB",
         "second": "ATLAS"
@@ -255,13 +253,6 @@
         "description": "Forge Git interna per repository, issue, review e flusso di collaborazione tecnica del lab.",
         "title": "Gitea Forge"
       },
-      "nextcloudAio": {
-        "action": "Apri setup UI",
-        "description": "Stack Nextcloud All-in-One self-hosted instradato dal gateway del lab. Espone l'applicazione sul suo URL dedicato dopo il completamento del setup guidato AIO.",
-        "note": "Apri prima la setup UI. Quando l'applicazione Nextcloud chiede l'account admin iniziale, usa le credenziali mostrate qui. Dopo che AIO ha predisposto i container applicativi, l'URL principale risponde sulla porta gateway dedicata.",
-        "title": "Nextcloud All-in-One",
-        "usage": "deployment self-hosted"
-      },
       "penpot": {
         "action": "Apri Penpot",
         "description": "Workspace Penpot self-hosted per product design, librerie condivise e collaborazione tra design e codice, con profilo root allineato al bootstrap del lab.",