# Docker Deployment

Run your agent system in an isolated Docker container.

## Prerequisites

- Docker and Docker Compose installed
- `.env` file with your API key (see below)
- Agent system built with `/agent-factory:build`

## Setup

1. Copy these files to your project root:
   - `Dockerfile`
   - `docker-compose.yml`
   - `docker-entrypoint.sh`

2. Create `.env` in your project root:
   ```
   ANTHROPIC_API_KEY=sk-ant-...
   AGENT_BEAT_INTERVAL=3600
   ```
   Add `.env` to `.gitignore` — never commit API keys.

3. Replace `{{PROJECT_NAME}}` in `docker-compose.yml` with your project name.

## Build and run

```bash
# Build the image
docker compose build

# Start in background
docker compose up -d

# View logs
docker compose logs -f

# Stop
docker compose down
```

## Volume mounts

| Host path | Container path | Purpose |
|-----------|---------------|---------|
| `./data` | `/home/agent/project/data` | Run state, outputs |
| `./memory` | `/home/agent/project/memory` | Long-term memory files |
| `./budget` | `/home/agent/project/budget` | Budget tracking |
| `./logs` | `/home/agent/project/logs` | Agent activity logs |

These directories are created automatically on first run.

## Environment variables

| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| `ANTHROPIC_API_KEY` | Yes | — | Your Anthropic API key |
| `AGENT_BEAT_INTERVAL` | No | `3600` | Seconds between heartbeat runs |

## Security

- **Never bake the API key into the image.** Always pass it via `.env` or `--env-file`.
- **Never mount the Docker socket** (`/var/run/docker.sock`) — the agent does not need Docker control.
- The container runs as a non-root `agent` user.
- `no-new-privileges:true` prevents privilege escalation.
- `restart: unless-stopped` ensures the agent recovers from crashes automatically.

## Health check

The entrypoint writes a timestamp to `/tmp/agent-health` on each beat.
Docker's `HEALTHCHECK` verifies this file is updated within 5 minutes.

Check health status:
```bash
docker inspect --format='{{.State.Health.Status}}' {{PROJECT_NAME}}-agent
```