mirror of
https://github.com/tiennm99/goclaw.git
synced 2026-06-10 08:11:23 +00:00
Viet Tran
6895e369f6
- Remove standalone mode code: file-based stores, standalone gateway, heartbeat service, SQLite memory, standalone docker-compose - Rename docker-compose.managed.yml → docker-compose.postgres.yml - Clean up ~130 Go comments referencing "managed mode" qualifier - Simplify docker-compose.yml env vars (providers/channels via web UI) - Update .env.example to essential vars only (token + encryption key) - Add setup wizard UI (provider → agent → channel bootstrap flow) - Add logs.tail WebSocket handler for live log streaming - Add cursor-pointer to interactive UI components - Clean up config page (remove standalone-only sections) - Update README and docs for managed-only architecture
36 lines
1.1 KiB
YAML
36 lines
1.1 KiB
YAML
# Sandbox overlay — enables Docker-based sandbox for agent code execution.
|
|
#
|
|
# Prerequisites:
|
|
# 1. Build the sandbox image: docker build -t goclaw-sandbox:bookworm-slim -f Dockerfile.sandbox .
|
|
# 2. Ensure Docker socket is accessible
|
|
#
|
|
# Usage:
|
|
# docker compose -f docker-compose.yml -f docker-compose.postgres.yml -f docker-compose.sandbox.yml up
|
|
#
|
|
# SECURITY NOTE: Mounting Docker socket gives the container control over host Docker.
|
|
# Only use in trusted environments where agent code execution isolation is required.
|
|
|
|
services:
|
|
goclaw:
|
|
build:
|
|
args:
|
|
ENABLE_SANDBOX: "true"
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
environment:
|
|
- GOCLAW_SANDBOX_MODE=all
|
|
- GOCLAW_SANDBOX_IMAGE=goclaw-sandbox:bookworm-slim
|
|
- GOCLAW_SANDBOX_WORKSPACE_ACCESS=rw
|
|
- GOCLAW_SANDBOX_SCOPE=session
|
|
- GOCLAW_SANDBOX_MEMORY_MB=512
|
|
- GOCLAW_SANDBOX_CPUS=1.0
|
|
- GOCLAW_SANDBOX_TIMEOUT_SEC=300
|
|
- GOCLAW_SANDBOX_NETWORK=false
|
|
# Override base cap_drop to allow Docker socket access
|
|
cap_drop: []
|
|
cap_add:
|
|
- NET_BIND_SERVICE
|
|
security_opt: []
|
|
group_add:
|
|
- ${DOCKER_GID:-999}
|