2fe7163c89
Prompt injection mitigation: - Wrap user question in <user_question> XML tags in LLM prompt - Add system prompt instruction to treat tagged content as untrusted Docker security: - Bind ChromaDB and API ports to localhost only (127.0.0.1) - Remove redundant DB init command from api service (lifespan handles it) - Remove deprecated version field and unused volume definitions - Add API_SECRET env var to api and discord-bot services Gitea labels fix: - Remove string labels from API payload (Gitea expects integer IDs) - Include label names as text in issue body instead Conversation cleanup: - Add periodic background task in lifespan (every 5 minutes) - Cleans up conversations older than CONVERSATION_TTL (default 30 min) - Graceful cancellation on shutdown Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
77 lines
2.2 KiB
YAML
77 lines
2.2 KiB
YAML
services:
|
|
chroma:
|
|
image: chromadb/chroma:latest
|
|
volumes:
|
|
- ./data/chroma:/chroma/chroma_storage
|
|
ports:
|
|
- "127.0.0.1:8001:8000"
|
|
environment:
|
|
- CHROMA_SERVER_HOST=0.0.0.0
|
|
- CHROMA_SERVER_PORT=8000
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:8000/api/v1/heartbeat"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
api:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
volumes:
|
|
- ./data:/app/data
|
|
- ./app:/app/app
|
|
ports:
|
|
- "127.0.0.1:8000:8000"
|
|
environment:
|
|
- OPENROUTER_API_KEY=${OPENROUTER_API_KEY:-}
|
|
- OPENROUTER_MODEL=${OPENROUTER_MODEL:-stepfun/step-3.5-flash:free}
|
|
- GITEA_TOKEN=${GITEA_TOKEN:-}
|
|
- GITEA_OWNER=${GITEA_OWNER:-cal}
|
|
- GITEA_REPO=${GITEA_REPO:-strat-chatbot}
|
|
- DATA_DIR=/app/data
|
|
- RULES_DIR=/app/data/rules
|
|
- CHROMA_DIR=/app/data/chroma
|
|
- DB_URL=sqlite+aiosqlite:///./data/conversations.db
|
|
- API_SECRET=${API_SECRET:-}
|
|
- CONVERSATION_TTL=1800
|
|
- TOP_K_RULES=10
|
|
- EMBEDDING_MODEL=sentence-transformers/all-MiniLM-L6-v2
|
|
depends_on:
|
|
chroma:
|
|
condition: service_healthy
|
|
command: uvicorn app.main:app --host 0.0.0.0 --port 8000
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
|
|
interval: 15s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 30s
|
|
|
|
discord-bot:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
volumes:
|
|
- ./data:/app/data
|
|
- ./app:/app/app
|
|
environment:
|
|
- OPENROUTER_API_KEY=${OPENROUTER_API_KEY:-}
|
|
- OPENROUTER_MODEL=${OPENROUTER_MODEL:-stepfun/step-3.5-flash:free}
|
|
- DISCORD_BOT_TOKEN=${DISCORD_BOT_TOKEN:-}
|
|
- DISCORD_GUILD_ID=${DISCORD_GUILD_ID:-}
|
|
- API_BASE_URL=http://api:8000
|
|
- API_SECRET=${API_SECRET:-}
|
|
depends_on:
|
|
api:
|
|
condition: service_healthy
|
|
# Override the default command to run the Discord bot
|
|
command: >
|
|
sh -c "
|
|
echo 'Waiting for API to be ready...' &&
|
|
while ! curl -s http://api:8000/health > /dev/null; do sleep 2; done &&
|
|
echo 'API ready, starting Discord bot...' &&
|
|
python -m app.discord_bot
|
|
"
|
|
restart: unless-stopped
|