dullfig/xml-pipeline
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
xml-pipeline/deploy/docker-compose.yml
dullfig 06eeea3dee
Some checks failed
CI / test (3.11) (push) Has been cancelled
Details
CI / test (3.12) (push) Has been cancelled
Details
CI / test (3.13) (push) Has been cancelled
Details
CI / lint (push) Has been cancelled
Details
CI / typecheck (push) Has been cancelled
Details
CI / docker (push) Has been cancelled
Details
Add AgentOS container foundation, security hardening, and management plane 
Invert the agent model: the agent IS the computer. The message pump
becomes the kernel, handlers are sandboxed apps, and all access is
mediated by the platform.

Phase 1 — Container foundation:
- Multi-stage Dockerfile (python:3.12-slim, non-root user, /data volume)
- deploy/entrypoint.py with --dry-run config validation
- docker-compose.yml (cap_drop ALL, read_only, no-new-privileges)
- docker-compose.dev.yml overlay for development
- CI Docker build smoke test

Phase 2 — Security hardening:
- xml_pipeline/security/ module with default-deny container mode
- Permission gate: per-listener tool allowlist enforcement
- Network policy: egress control (only declared LLM backend domains)
- Shell tool: disabled in container mode
- File tool: restricted to /data and /config in container mode
- Fetch tool: integrates network egress policy
- Config loader: parses security and network YAML sections

Phase 3 — Management plane:
- Agent app (port 8080): minimal /health, /inject, /ws only
- Management app (port 9090): full API, audit log, dashboard
- SQLite-backed audit log for tool invocations and security events
- Static web dashboard (no framework, WebSocket-driven)
- CLI --split flag for dual-port serving

All 439 existing tests pass with zero regressions.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-03 21:37:24 -08:00

90 lines
1.8 KiB
YAML
Raw Blame History

# AgentOS production deployment
#
# Usage:
# docker compose -f deploy/docker-compose.yml up
#
# Requires:
# - organism.yaml mounted at /config/organism.yaml
# - API keys passed as environment variables
services:
organism:
build:
context: ..
dockerfile: Dockerfile
container_name: agentos
restart: unless-stopped
ports:
- "8080:8080" # Agent bus (public-facing)
- "9090:9090" # Management plane (bind to localhost in production)
volumes:
- ./organism.yaml:/config/organism.yaml:ro
- organism-data:/data
environment:
- ORGANISM_MODE=container
- AGENT_PORT=8080
- MANAGEMENT_PORT=9090
env_file:
- .env
# Security hardening
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
read_only: true
tmpfs:
- /tmp:size=64M
# Resource limits
deploy:
resources:
limits:
memory: 2G
cpus: "2.0"
reservations:
memory: 512M
cpus: "0.5"
healthcheck:
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8080/health')"]
interval: 30s
timeout: 5s
retries: 3
start_period: 15s
# Optional: Redis for distributed key-value store
redis:
image: redis:7-alpine
container_name: agentos-redis
restart: unless-stopped
profiles: ["redis"]
ports:
- "6379:6379"
volumes:
- redis-data:/data
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- SETUID
- SETGID
read_only: true
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 3s
retries: 3
volumes:
organism-data:
redis-data:
Reference in a new issue View git blame Copy permalink