ros/automaker
1
0
Fork 0
mirror of https://github.com/AutoMaker-Org/automaker.git synced 2026-01-31 06:42:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
67f18021c3d3f3e5b61b7afcda44ee343385d4c9
automaker/docs/docker-isolation.md
Soham Dasgupta 62019d5916 feat: add OpenCode CLI support in Docker 
- Install OpenCode CLI in Dockerfile alongside Claude and Cursor
- Add automaker-opencode-config volume for persisting auth
- Add OpenCode directory setup in docker-entrypoint.sh
- Update docker-isolation.md with OpenCode documentation
- Add OpenCode bind mount example to docker-compose.override.yml.example
2026-01-13 14:14:56 +05:30

132 lines
4.3 KiB
Markdown
Raw Blame History

# Docker Isolation Guide
This guide covers running Automaker in a fully isolated Docker container. For background on why isolation matters, see the [Security Disclaimer](../DISCLAIMER.md).
## Quick Start
1. **Set your API key** (create a `.env` file in the project root):
```bash
# Linux/Mac
echo "ANTHROPIC_API_KEY=your-api-key-here" > .env
# Windows PowerShell
Set-Content -Path .env -Value "ANTHROPIC_API_KEY=your-api-key-here" -Encoding UTF8
```
2. **Build and run**:
```bash
docker-compose up -d
```
3. **Access Automaker** at `http://localhost:3007`
4. **Stop**:
```bash
docker-compose down
```
## How Isolation Works
The default `docker-compose.yml` configuration:
- Uses only Docker-managed volumes (no host filesystem access)
- Server runs as a non-root user
- Has no privileged access to your system
Projects created in the UI are stored inside the container at `/projects` and persist across restarts via Docker volumes.
## Mounting a Specific Project
If you need to work on a host project, create `docker-compose.project.yml`:
```yaml
services:
server:
volumes:
- ./my-project:/projects/my-project:ro # :ro = read-only
```
Then run:
```bash
docker-compose -f docker-compose.yml -f docker-compose.project.yml up -d
```
**Tip**: Use `:ro` (read-only) when possible for extra safety.
## CLI Authentication (macOS)
On macOS, OAuth tokens are stored in Keychain (Claude) and SQLite (Cursor). Use these scripts to extract and pass them to the container:
### Claude CLI
```bash
# Extract and add to .env
echo "CLAUDE_OAUTH_CREDENTIALS=$(./scripts/get-claude-token.sh)" >> .env
```
### Cursor CLI
```bash
# Extract and add to .env (extracts from macOS Keychain)
echo "CURSOR_AUTH_TOKEN=$(./scripts/get-cursor-token.sh)" >> .env
```
**Note**: The cursor-agent CLI stores its OAuth tokens separately from the Cursor IDE:
- **macOS**: Tokens are stored in Keychain (service: `cursor-access-token`)
- **Linux**: Tokens are stored in `~/.config/cursor/auth.json` (not `~/.cursor`)
### OpenCode CLI
OpenCode stores its configuration and auth at `~/.local/share/opencode/`. To share your host authentication with the container:
```yaml
# In docker-compose.override.yml
volumes:
- ~/.local/share/opencode:/home/automaker/.local/share/opencode
```
### Apply to container
```bash
# Restart with new credentials
docker-compose down && docker-compose up -d
```
**Note**: Tokens expire periodically. If you get authentication errors, re-run the extraction scripts.
## CLI Authentication (Linux/Windows)
On Linux/Windows, cursor-agent stores credentials in files, so you can either:
**Option 1: Extract tokens to environment variables (recommended)**
```bash
# Linux: Extract tokens to .env
echo "CURSOR_AUTH_TOKEN=$(jq -r '.accessToken' ~/.config/cursor/auth.json)" >> .env
```
**Option 2: Bind mount credential directories directly**
```yaml
# In docker-compose.override.yml
volumes:
- ~/.claude:/home/automaker/.claude
- ~/.config/cursor:/home/automaker/.config/cursor
- ~/.local/share/opencode:/home/automaker/.local/share/opencode
```
## Troubleshooting
| Problem | Solution |
| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
| Container won't start | Check `.env` has `ANTHROPIC_API_KEY` set. Run `docker-compose logs` for errors. |
| Can't access web UI | Verify container is running with `docker ps \| grep automaker` |
| Need a fresh start | Run `docker-compose down && docker volume rm automaker-data && docker-compose up -d --build` |
| Cursor auth fails | Re-extract token with `./scripts/get-cursor-token.sh` - tokens expire periodically. Make sure you've run `cursor-agent login` on your host first. |
| OpenCode not detected | Mount `~/.local/share/opencode` to `/home/automaker/.local/share/opencode`. Make sure you've run `opencode auth login` on your host first. |
Reference in New Issue View Git Blame Copy Permalink