# What is Weavestream?

Weavestream is a **self-hosted IT documentation platform** designed for small teams, Managed Service Providers (MSPs), and homelabs. It brings together the tools you need to document and manage your infrastructure — assets, credentials, articles, domain health — in a single, self-contained deployment that runs entirely on your own hardware.

## The problem it solves

Modern IT environments generate a constant stream of knowledge that needs to be captured: server configurations, software licenses, passwords, network topology, SSL renewal dates. Proprietary platforms like Hudu or ITGlue solve this well, but they come with:

- Monthly per-seat subscription costs
- Data locked behind vendor APIs
- No control over uptime, backup strategy, or data residency
- Opaque pricing as you scale

Weavestream is the self-hosted alternative. One Docker Compose file, no cloud dependency, no data leakage.

## What it includes

| Feature | Description |
|---|---|
| [Asset management](/features/assets/) | Customisable layouts with 14+ field types to track any kind of infrastructure |
| [Password vault](/features/passwords/) | AES-256-GCM encrypted credentials with TOTP, breach checking, and version history |
| [Documentation](/features/articles/) | Rich-text articles and folders per tenant via Tiptap |
| [Domain monitoring](/features/domains/) | WHOIS, DNS, and TLS/SSL expiry tracking |
| [File uploads](/features/files/) | Per-tenant object storage with photo galleries |
| [Client portal](/features/client-portal/) | Read-only portal scoped to each tenant's allowed data |
| [User management](/features/users/) | Three-axis RBAC (role, default access, membership) with capabilities, invite-only onboarding, and forced MFA |
| [Audit log](/features/audit/) | Append-only, tamper-resistant mutation history |
| [Full-text search](/features/search/) | PostgreSQL-backed search across articles, assets, and uploads |

## Design principles

**One codebase, any vocabulary.** The operator chooses what to call their tenants — _Client_, _Department_, _Site_, _Tenant_, or a custom term — from the Admin UI. URL paths and database columns remain stable; the terminology change is purely cosmetic.

**Docker-first.** Three containers (`api`, `web`, `worker`) plus Postgres and Redis. Uploaded files live on a host bind-mounted directory shared by `api` and `worker`. All images are published to GHCR. No build step required on the host.

**Security by default.** Forced TOTP MFA on every account. AES-256-GCM encryption for credentials. Append-only audit log protected at the database-role level. Per-IP and per-email rate limiting. Strict Content-Security-Policy.

**Own your data.** Persistent data lives in host-mounted folders you control. Back up with `pg_dump`, rsync, or any standard tool. No vendor lock-in, no API quota.

## Next steps

- [Key concepts](/overview/concepts/) — understand the core data model
- [Architecture](/overview/architecture/) — how the pieces fit together
- [Getting started](/getting-started/) — deploy in under 10 minutes