| .. | ||
| docker-compose.yml | ||
| docker-entrypoint.sh | ||
| Dockerfile | ||
| README.md | ||
Docker Deployment
Run your agent system in an isolated Docker container.
Prerequisites
- Docker and Docker Compose installed
.envfile with your API key (see below)- Agent system built with
/agent-factory:build
Setup
-
Copy these files to your project root:
Dockerfiledocker-compose.ymldocker-entrypoint.sh
-
Create
.envin your project root:ANTHROPIC_API_KEY=sk-ant-... AGENT_BEAT_INTERVAL=3600Add
.envto.gitignore— never commit API keys. -
Replace
{{PROJECT_NAME}}indocker-compose.ymlwith your project name.
Build and run
# Build the image
docker compose build
# Start in background
docker compose up -d
# View logs
docker compose logs -f
# Stop
docker compose down
Volume mounts
| Host path | Container path | Purpose |
|---|---|---|
./data |
/home/agent/project/data |
Run state, outputs |
./memory |
/home/agent/project/memory |
Long-term memory files |
./budget |
/home/agent/project/budget |
Budget tracking |
./logs |
/home/agent/project/logs |
Agent activity logs |
These directories are created automatically on first run.
Environment variables
| Variable | Required | Default | Description |
|---|---|---|---|
ANTHROPIC_API_KEY |
Yes | — | Your Anthropic API key |
AGENT_BEAT_INTERVAL |
No | 3600 |
Seconds between heartbeat runs |
Security
- Never bake the API key into the image. Always pass it via
.envor--env-file. - Never mount the Docker socket (
/var/run/docker.sock) — the agent does not need Docker control. - The container runs as a non-root
agentuser. no-new-privileges:trueprevents privilege escalation.restart: unless-stoppedensures the agent recovers from crashes automatically.
Health check
The entrypoint writes a timestamp to /tmp/agent-health on each beat.
Docker's HEALTHCHECK verifies this file is updated within 5 minutes.
Check health status:
docker inspect --format='{{.State.Health.Status}}' {{PROJECT_NAME}}-agent