Guide

Install Guide

CLAIIM runs entirely inside your environment. Your database stores Chron records, agent identities, gate decisions, and policy definitions. Nivaya does not receive agent activity data.

Choose your path

Installation by deployment type

Deployment type	Primary path	Status
Evaluation Preview	Docker Compose	Available now
Professional	Helm chart + BYO Postgres	In development
Sovereign	Signed air-gap bundle	In development

Evaluation Preview

Docker Compose -- available now

Docker Compose is the primary evaluation path. It starts the backend, admin UI, and a bundled Postgres container in one command. Estimated time: under 10 minutes.

Requirements: Docker 24+, openssl (for generating the secret).

Image access required before starting. Runtime container images are gated during the controlled preview rollout. Contact support@claiim.io or use the Request preview form to receive pull credentials. docker compose up -d will fail with an authentication error until access is granted.

CLAIIM is proprietary software. The distribution repository (github.com/nivaya/claiim) contains deployment files only: compose.yml, .env.example, and the rehearsal script. Runtime images are distributed as signed containers pulled automatically by Docker Compose. No source code is included.

Clone the repository

git clone https://github.com/nivaya/claiim
cd claiim

2
Configure TOKEN_SECRET
Copy the example config and set a strong secret. This secret signs all JWT tokens for your deployment.
```
cp .env.example .env
# Edit .env and set TOKEN_SECRET:
TOKEN_SECRET=$(openssl rand -hex 32)
```
3
Start CLAIIM
```
docker compose up -d
```
This starts three containers: Postgres, the CLAIIM API on port 8181, and the admin UI on port 3001. Migrations run automatically on first start.

Verify the API is healthy

curl http://localhost:8181/health
# Expected: {"status":"ok"}

5
Open the admin panel
Navigate to http://localhost:3001 and log in with admin@claiim.io / claiim-demo.
6
Run the gate proof
This provisions an AIORG, skill, policy, and agent -- then runs two gate calls (one ALLOW, one DENY) and prints the Chron URL to verify.
```
bash rehearsal.sh
```
Expected output: PASS: 13 / FAIL: 0

Stop CLAIIM

docker compose down       # stop, keep data
docker compose down -v    # stop and wipe all data

Database ownership

Evaluation vs. production vs. Sovereign

Context	Database	Owner
Evaluation Preview (Docker Compose)	Bundled Postgres container	You (local volume)
Production (Professional)	Customer-managed PostgreSQL 16+	You (your infra)
Sovereign	Customer-managed PostgreSQL (mandatory)	You (air-gapped infra)

Before going live, replace the bundled Postgres with your own PostgreSQL instance:

# In .env:
DATABASE_URL=postgres://your_user:your_password@your_host:5432/claiim

# Remove or comment out the postgres service in compose.yml, then:
docker compose up -d

Migrations run automatically on startup. Your data stays in your database -- Nivaya does not receive it.

Environment variables

Key configuration

Variable	Required	Default	Description
TOKEN_SECRET	Yes	--	32+ character secret for JWT signing
DATABASE_URL	Yes	(set in compose)	PostgreSQL connection string
TIER	No	community	community, professional, or sovereign
LICENSE_PATH	No	/etc/claiim/license.json	Path to signed license file (Professional and Sovereign)
PORT	No	8181	Port the API listens on
LOG_LEVEL	No	info	debug, info, warn, error

Professional and Sovereign

Production paths are in development

Professional deployments use a customer-managed PostgreSQL instance with a Kubernetes Helm chart or VM installer. A signed license file from Nivaya is required. No Nivaya-hosted database.

Sovereign deployments are fully air-gapped. Nivaya delivers a signed bundle containing Docker images, Helm chart, database migrations, and the license file. No internet connectivity to Nivaya is required or permitted.

Both paths are in development. Contact support@claiim.io for design partner access.

Onboarding guide Preview scope Get preview access