Wire production stack: Clerk + Postgres + Anthropic + per-user containers

Brings the backend from a scaffold to a working end-to-end MVP — real auth, persistent actor registry, Anthropic tool-use loop in the Grow Agent, and per-user Gitea+OpenCode provisioning. Also adds the client-facing architecture diagram under docs/architecture.html.
2026-05-19 22:17:40 +05:30
parent 5eaf52b8a5
commit ff0bf5e5f0
27 changed files with 4599 additions and 358 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,4 +1,24 @@
 services:
+  # Postgres for backend metadata (users, actor registry, billing,
+  # repo/container mappings). PRD §11.
+  postgres:
+    image: postgres:16-alpine
+    container_name: growqr-postgres
+    environment:
+      POSTGRES_USER: ${POSTGRES_USER:-growqr}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-growqr}
+      POSTGRES_DB: ${POSTGRES_DB:-growqr}
+    ports:
+      - "5432:5432"
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-growqr}"]
+      interval: 5s
+      timeout: 5s
+      retries: 10
+    restart: unless-stopped
+
  # Self-hosted Rivet engine. The backend's Rivet Kit client connects here.
  # Per the PRD, the Grow Agent + sub-agents are durable actors running on Rivet.
  rivet-engine:
@@ -21,24 +41,41 @@ services:
      dockerfile: Dockerfile
    container_name: growqr-backend
    depends_on:
-      - rivet-engine
+      postgres:
+        condition: service_healthy
+      rivet-engine:
+        condition: service_started
    ports:
      - "4000:4000"
    environment:
      PORT: 4000
+      NODE_ENV: ${NODE_ENV:-production}
+      DATABASE_URL: postgres://${POSTGRES_USER:-growqr}:${POSTGRES_PASSWORD:-growqr}@postgres:5432/${POSTGRES_DB:-growqr}
      RIVET_ENDPOINT: http://rivet-engine:6420
+      CLERK_SECRET_KEY: ${CLERK_SECRET_KEY}
+      CLERK_PUBLISHABLE_KEY: ${CLERK_PUBLISHABLE_KEY}
+      ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY}
+      GROW_AGENT_MODEL: ${GROW_AGENT_MODEL:-claude-opus-4-7}
+      SUB_AGENT_MODEL: ${SUB_AGENT_MODEL:-claude-sonnet-4-6}
+      SERVICE_TOKEN: ${SERVICE_TOKEN:-dev-service-token}
      GITEA_IMAGE: ${GITEA_IMAGE:-gitea/gitea:1.22}
      OPENCODE_IMAGE: ${OPENCODE_IMAGE:-ghcr.io/sst/opencode:latest}
-      USER_CONTAINER_HOST: ${USER_CONTAINER_HOST:-127.0.0.1}
+      USER_CONTAINER_HOST: ${USER_CONTAINER_HOST:-host.docker.internal}
      USER_DATA_ROOT: /data/users
      USER_PORT_RANGE_START: 20000
      USER_PORT_RANGE_END: 29999
+      FRONTEND_ORIGIN: ${FRONTEND_ORIGIN:-http://localhost:3000}
    volumes:
      # Docker-out-of-Docker: backend uses host Docker to spawn user containers.
      - /var/run/docker.sock:/var/run/docker.sock
      # Shared host dir that per-user containers will also bind-mount their
      # workspace from (so backend and spawned containers see the same files).
      - ./.data/users:/data/users
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://localhost:4000/healthz || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 6
    restart: unless-stopped

 # Note: per-user OpenCode + Gitea containers are NOT defined here.
@@ -47,3 +84,4 @@ services:

 volumes:
  rivet-data:
+  postgres-data: