growqr-backend/docker-compose.yml

services:
  # Postgres for backend metadata (users, actor registry, billing,
  # repo/container mappings). PRD §11.
  postgres:
    image: postgres:16-alpine
    container_name: growqr-postgres
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-growqr}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-growqr}
      POSTGRES_DB: ${POSTGRES_DB:-growqr}
    ports:
      - "5432:5432"
    volumes:
      - postgres-data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-growqr}"]
      interval: 5s
      timeout: 5s
      retries: 10
    restart: unless-stopped

  # Self-hosted Rivet engine. The backend's Rivet Kit client connects here.
  # Per the PRD, the Grow Agent + sub-agents are durable actors running on Rivet.
  rivet-engine:
    image: rivetgg/engine:latest
    container_name: growqr-rivet
    ports:
      - "6420:6420"   # API
      - "6421:6421"   # Guard/edge
    environment:
      RIVET__AUTH__ADMIN_TOKEN: ${RIVET_ADMIN_TOKEN:-dev-admin-token}
    volumes:
      - rivet-data:/data
    restart: unless-stopped

  # The HTTP backend (Hono + Rivet Kit client + Docker manager).
  # Mounts the host Docker socket so it can spawn per-user containers.
  backend:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: growqr-backend
    depends_on:
      postgres:
        condition: service_healthy
      rivet-engine:
        condition: service_started
    ports:
      - "4000:4000"
    environment:
      PORT: 4000
      NODE_ENV: ${NODE_ENV:-production}
      DATABASE_URL: postgres://${POSTGRES_USER:-growqr}:${POSTGRES_PASSWORD:-growqr}@postgres:5432/${POSTGRES_DB:-growqr}
      RIVET_ENDPOINT: http://rivet-engine:6420
      CLERK_SECRET_KEY: ${CLERK_SECRET_KEY}
      CLERK_PUBLISHABLE_KEY: ${CLERK_PUBLISHABLE_KEY}
      ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY}
      GROW_AGENT_MODEL: ${GROW_AGENT_MODEL:-claude-opus-4-7}
      SUB_AGENT_MODEL: ${SUB_AGENT_MODEL:-claude-sonnet-4-6}
      SERVICE_TOKEN: ${SERVICE_TOKEN:-dev-service-token}
      GITEA_IMAGE: ${GITEA_IMAGE:-gitea/gitea:1.22}
      OPENCODE_IMAGE: ${OPENCODE_IMAGE:-ghcr.io/sst/opencode:latest}
      USER_CONTAINER_HOST: ${USER_CONTAINER_HOST:-host.docker.internal}
      USER_DATA_ROOT: /data/users
      USER_PORT_RANGE_START: 20000
      USER_PORT_RANGE_END: 29999
      FRONTEND_ORIGIN: ${FRONTEND_ORIGIN:-http://localhost:3000}
    volumes:
      # Docker-out-of-Docker: backend uses host Docker to spawn user containers.
      - /var/run/docker.sock:/var/run/docker.sock
      # Shared host dir that per-user containers will also bind-mount their
      # workspace from (so backend and spawned containers see the same files).
      - ./.data/users:/data/users
    healthcheck:
      test: ["CMD-SHELL", "wget -qO- http://localhost:4000/healthz || exit 1"]
      interval: 10s
      timeout: 5s
      retries: 6
    restart: unless-stopped

# Note: per-user OpenCode + Gitea containers are NOT defined here.
# The backend spawns them dynamically via dockerode on /actors/provision.
# See src/docker/manager.ts.

volumes:
  rivet-data:
  postgres-data: