Assistant/docker-compose.yml at master · bearlike/Assistant · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
services:
  mongo:
    image: mongo:7
    restart: unless-stopped
    ports:
      - "${MONGO_PORT:-27018}:27017"
    volumes:
      - mongo-data:/data/db
    environment:
      MONGO_INITDB_ROOT_USERNAME: ${MONGO_INITDB_ROOT_USERNAME:-mewbo}
      MONGO_INITDB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD:-mewbo}
      MONGO_INITDB_DATABASE: ${MEWBO_MONGODB_DATABASE:-mewbo}
    # Mongo holds sessions + the wiki graph/embeddings/entities; give it room
    # for a working set as those collections grow (512M was tight).
    deploy:
      resources:
        limits:
          memory: 1G
          cpus: '1.5'
        reservations:
          memory: 512M
          cpus: '0.5'

  api:
    image: ghcr.io/bearlike/mewbo-api:latest
    pull_policy: build
    build:
      context: .
      dockerfile: docker/Dockerfile.api
      args:
        BASE_IMAGE: ghcr.io/bearlike/mewbo-base:latest
        WIKI_EXTRAS: "1"
    network_mode: host
    # Survive a host reboot — without this the api stays DOWN after a crash
    # while mongo/mcp (which have it) come back, so the whole stack looks dead.
    restart: unless-stopped
    user: "${HOST_UID:-1000}:${HOST_GID:-1000}"
    # Supplementary group so the api process can reach /var/run/docker.sock
    # (needed by the Web IDE feature's Docker SDK calls). Set DOCKER_GID in
    # docker.env to your host's docker group GID (`stat -c '%g' /var/run/docker.sock`).
    group_add:
      - "${DOCKER_GID:-999}"
    env_file: docker.env
    labels:
      - "com.centurylinklabs.watchtower.enable=false"
    depends_on:
      - mongo
    volumes:
      - ./configs:/app/configs:ro
      - api-data:/app/data
      # Plan-mode scratch dirs live at /tmp/mewbo/plans/<session_id>/.
      # ``/tmp`` is inside the container's writable layer and would be wiped
      # on every rebuild; the named volume keeps plan markdown + revision
      # files across restarts. Survives ``docker compose down``; cleared
      # only by ``docker compose down -v`` or ``docker volume rm``.
      - plans-data:/tmp/mewbo/plans
      # Wiki indexing: git clones survive restarts; wiped only by `docker compose down -v`.
      - wiki-clones:/tmp/mewbo/wiki/clones
      # Web IDE: Docker SDK needs write access to the socket to create
      # code-server sibling containers. Deadline files bind-mounted into
      # each IDE container live under /tmp/mewbo-ide.
      - /var/run/docker.sock:/var/run/docker.sock
      - /tmp/mewbo-ide:/tmp/mewbo-ide
      # Project directories and init scripts — add in docker-compose.override.yml
      # (see docker-compose.override.example.yml for the template)
    environment:
      - MEWBO_HOME=/app/data
      - MEWBO_IDE_STATE_DIR=/tmp/mewbo-ide
      - MEWBO_WIKI_CLONE_ROOT=/tmp/mewbo/wiki/clones
      # CLAUDE_PLUGIN_ROOT is set at runtime from plugins.install_path in app.json
      # (or $MEWBO_HOME/plugins/ by default). Override here or in docker.env
      # to pin an explicit path.
      - CLAUDE_PLUGIN_ROOT=${CLAUDE_PLUGIN_ROOT:-}
    # The api is the workhorse — LLM orchestration, agentic wiki indexing
    # (tree-sitter + in-memory graph + embeddings), sub-agent fan-out, Web IDE
    # management — so it gets the largest envelope. The hard cap still keeps a
    # runaway index/leak from OOM-killing the whole host. Bump `memory` if you
    # index very large repos.
    deploy:
      resources:
        limits:
          memory: 4G
          cpus: '4.0'
        reservations:
          memory: 1G
          cpus: '1.0'

  mewbo-mcp:
    image: ghcr.io/bearlike/mewbo-mcp:latest
    pull_policy: build
    build:
      context: .
      dockerfile: docker/Dockerfile.mcp
      args:
        BASE_IMAGE: ghcr.io/bearlike/mewbo-base:latest
    network_mode: host
    user: "${HOST_UID:-1000}:${HOST_GID:-1000}"
    # MASTER_API_TOKEN is read from docker.env (same file the api service uses)
    # and must match the api service's value — it is the break-glass token the
    # MCP server accepts and the API validates.
    env_file: docker.env
    labels:
      - "com.centurylinklabs.watchtower.enable=false"
    depends_on:
      - api
      - mongo
    volumes:
      - ./configs:/app/configs:ro
      # SHARED KEY STORE: mewbo-mcp must reach the same KeyStore as the api
      # so that keys issued by POST /api/keys are valid here too. Mount the
      # same api-data volume (contains api_keys.json for the file driver) AND
      # pass the same MEWBO_MONGODB_URI so the Mongo driver resolves the same
      # api_keys collection. Without this, the MCP server cannot validate any
      # key except the master token.
      - api-data:/app/data
    environment:
      - MEWBO_HOME=/app/data
      # Point at the api service. Both services run with network_mode: host
      # so localhost resolves correctly; use the gunicorn port (API_PORT=5125).
      - MEWBO_API_URL=http://localhost:5125
      - MEWBO_MCP_HOST=0.0.0.0
      - MEWBO_MCP_PORT=5127
    restart: unless-stopped
    # Thin MCP shim that proxies tool calls to the api — light footprint.
    deploy:
      resources:
        limits:
          memory: 1G
          cpus: '1.0'
        reservations:
          memory: 128M
          cpus: '0.25'

  console:
    image: ghcr.io/bearlike/mewbo-console:latest
    pull_policy: always
    build:
      context: .
      dockerfile: docker/Dockerfile.console
    network_mode: host
    # Survive a host reboot (same gap the api had).
    restart: unless-stopped
    env_file: docker.env
    labels:
      - "com.centurylinklabs.watchtower.enable=false"
    # Runtime is just nginx serving static assets + proxying — tiny. (The vite
    # build is memory-heavy, but that is the image BUILD, not this container.)
    deploy:
      resources:
        limits:
          memory: 256M
          cpus: '0.5'
        reservations:
          memory: 64M
          cpus: '0.1'

  ide-proxy:
    image: nginx:1.27-alpine
    container_name: mewbo-ide-proxy
    networks: [mewbo-ide]
    # Loopback-only by default for safety. If an upstream edge proxy /
    # L7 gateway sits on a different host on your LAN, publish this on
    # the right interface via docker-compose.override.yml — see
    # docker-compose.override.example.yml for the pattern.
    ports: ["127.0.0.1:5126:8080"]
    volumes:
      - ./docker/nginx-ide-proxy.conf:/etc/nginx/conf.d/default.conf:ro
    restart: unless-stopped
    # Tiny nginx reverse proxy for Web IDE sessions.
    deploy:
      resources:
        limits:
          memory: 128M
          cpus: '0.5'
        reservations:
          memory: 32M
          cpus: '0.1'

networks:
  mewbo-ide:
    driver: bridge
    name: mewbo-ide

volumes:
  api-data:
  mongo-data:
  plans-data:
  wiki-clones: