HyveHYVE / CASELINE / DOCS
CASELINE SERVER · SETUP & ADMIN GUIDE

Self-host the firm hub.

CaseLine Server is the on-premises sync hub for a firm’s CaseLine workstations. It exposes a REST + WebSocket API on port 8443 backed by a single-file SQLite database, and proxies LLM requests to a local Ollama instance so every workstation shares one model and one set of weights.

What you get

  • ▸ Central case storage (SQLite at /data/caseline.sqlite)
  • ▸ Real-time WebSocket sync — every case change broadcasts to connected workstations
  • ▸ JWT auth with first-user-becomes-admin bootstrap
  • ▸ Optional LLM proxy to a local Ollama (one model, every seat queries it)
  • ▸ Audit log endpoint for ABA Model Rule 1.6 documentation
  • ▸ Binary file storage for case attachments (MIME-allowlisted)

A. Docker — recommended

Easiest path. The bundled docker-compose.yml brings up CaseLine Server and Ollama on the same internal network.

# 1. Get the server bundle (request the build at majixx@vibesoftwaresolutions.com)
unzip caseline-server.zip && cd caseline-server

# 2. Set CASELINE_SECRET — required in production
cp .env.example .env
# Linux/macOS:
openssl rand -hex 32 | xargs -I {} sed -i 's/CASELINE_SECRET=$/CASELINE_SECRET={}/' .env

# 3. Bring it up
docker compose up -d

# 4. Pull a model into the bundled Ollama
docker compose exec ollama ollama pull llama3.1:8b

Workstations point at http://<server-ip>:8443.

B. Windows service (NSSM)

Prereqs: Node.js 20+, NSSM on PATH (choco install nssm).

# From an elevated PowerShell
.\install-windows-service.ps1
# Service registers as HyveCaseLineServer, auto-starts on boot,
# restarts on failure, logs rotated at 16 MB to data\logs\

# Open the firewall
New-NetFirewallRule -DisplayName 'CaseLine Server' `
  -Direction Inbound -Protocol TCP -LocalPort 8443 -Action Allow

# Uninstall:    .\install-windows-service.ps1 -Uninstall
# Restart:      .\install-windows-service.ps1 -Restart

C. Linux systemd

Security-hardened systemd unit ships in the bundle as caseline-server.service.

sudo cp caseline-server.service /etc/systemd/system/
sudo useradd --system --shell /usr/sbin/nologin --home-dir /opt/caseline-server caseline
sudo mkdir -p /opt/caseline-server /var/lib/caseline-server
sudo cp -r ./* /opt/caseline-server/
sudo chown -R caseline:caseline /opt/caseline-server /var/lib/caseline-server
sudo -u caseline npm --prefix /opt/caseline-server install --omit=dev

# Required JWT secret
echo "CASELINE_SECRET=$(openssl rand -hex 32)" | sudo tee /etc/caseline-server.env
sudo chmod 600 /etc/caseline-server.env

# Start it
sudo systemctl daemon-reload
sudo systemctl enable --now caseline-server
sudo systemctl status caseline-server

# View logs:    journalctl -u caseline-server -f
# Firewall:     sudo firewall-cmd --permanent --add-port=8443/tcp && sudo firewall-cmd --reload

First admin bootstrap

The first user to register becomes the admin. After that, additional users require an admin token to register.

# Bootstrap (first user → admin role)
curl -X POST http://<server-ip>:8443/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email":"admin@firm.com","password":"min-8-chars"}'

# Returns a JWT in {token,role}. Save it.

# Register additional users:
curl -X POST http://<server-ip>:8443/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email":"paralegal@firm.com","password":"min-8-chars","adminToken":"<paste admin JWT>"}'

In the desktop app: WORKSPACE → SETTINGS → SERVER → enter the URL + email + password.

TLS / reverse proxy

The server speaks plain HTTP on 8443. For anything outside the local firm network, terminate TLS at a reverse proxy:

# nginx
server {
  listen 443 ssl http2;
  server_name caseline.firm.example.com;
  ssl_certificate     /etc/ssl/firm/fullchain.pem;
  ssl_certificate_key /etc/ssl/firm/privkey.pem;
  location / {
    proxy_pass http://127.0.0.1:8443;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
  }
}

Optional — local LLM via Ollama

The Docker compose stack already includes Ollama. For non-Docker installs:

# Install Ollama: https://ollama.com (single-line installer)
ollama pull llama3.1:8b

# Server reads OLLAMA_URL (default http://127.0.0.1:11434)
# and OLLAMA_MODEL (default llama3.1:8b). Override via env vars.
OLLAMA_MODEL=hermes3:8b npm start

Troubleshooting

Server won’t start: "CASELINE_SECRET is required in production"
Generate a 32-byte hex secret and pass it via env. The server refuses to use an ephemeral auto-generated value in production mode.
Workstation says "Connecting…" forever
Confirm the firm’s firewall allows TCP 8443 from workstation subnet → server. Test with curl http://<server-ip>:8443/health — should return JSON.
CaSeY says "LLM unreachable" on the workstation
Ollama is either not running or the model isn’t pulled. Run ollama list on the server to confirm.
Audit log on the desktop is empty
You’re running in stand-alone (Firebase) mode. The audit log endpoint is only populated when the workstation is configured to use a CaseLine Server.

Need a build?

CaseLine Server is currently shipped on request — email majixx@vibesoftwaresolutions.com with your firm size + preferred deployment path (Docker / Windows / Linux) and we’ll send the bundle and license.