Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 66 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# Git files
.git
.gitignore
.gitattributes

# GitHub workflows and documentation
.github
docs/book
docs/TODO.md

# Target and build artifacts
target/**
!target/release/wassette
bin
*.wasm

# Examples and tests
examples/*/target
tests

# Documentation
*.md
!README.md
LICENSE
NOTICE
SECURITY.md
CODE_OF_CONDUCT.md
CONTRIBUTING.md

# Development files
.vscode
.idea
*.swp
*.swo
*~

# Rust artifacts
**/*.rs.bk
Cargo.lock.bak

# OS files
.DS_Store
Thumbs.db

# CI/Docker files
Dockerfile.ci
docker-compose.yml

# Scripts
scripts

# Package manager files
Formula
flake.nix
flake.lock
winget

# Other
assets
audit.toml
deny.toml
_typos.toml
rustfmt.toml
component-registry.json
policy.yaml
install.sh
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),

### Added

- Comprehensive Docker documentation and Dockerfile for running Wassette in containers with enhanced security isolation, including examples for mounting components, secrets, configuration files, and production deployment patterns with Docker Compose
- `rust-toolchain.toml` file specifying Rust 1.90 as the stable toolchain version, ensuring consistent Rust version across development environments and CI/CD pipelines
- AI agent development guides (`AGENTS.md` and `Claude.md`) that consolidate development guidelines from `.github/instructions/` into accessible documentation for AI agents working on the project
- Comprehensive installation guide page consolidating all installation methods (one-liner script, Homebrew, Nix, WinGet) organized by platform (Linux, macOS, Windows) with verification steps and troubleshooting sections
Expand Down
58 changes: 58 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
# Wassette Docker Image
# This Dockerfile provides a containerized runtime for Wassette with additional security isolation

# Stage 1: Build the Wassette binary
FROM rust:1.90-bookworm AS builder

# Install ca-certificates for HTTPS support during build
RUN apt-get update && \
apt-get install -y --no-install-recommends ca-certificates && \
rm -rf /var/lib/apt/lists/*

WORKDIR /build

# Copy the project files
COPY Cargo.toml Cargo.lock ./
COPY src ./src
COPY crates ./crates
COPY build.rs ./

# Build the release binary
RUN cargo build --release --bin wassette

# Stage 2: Create the runtime image
FROM debian:bookworm-slim

# Install runtime dependencies
RUN apt-get update && \
apt-get install -y --no-install-recommends \
ca-certificates \
libssl3 && \
rm -rf /var/lib/apt/lists/*

# Create a non-root user for running Wassette
RUN useradd -m -u 1000 -s /bin/bash wassette

# Create necessary directories with proper permissions
RUN mkdir -p /home/wassette/.local/share/wassette/components && \
mkdir -p /home/wassette/.config/wassette/secrets && \
chown -R wassette:wassette /home/wassette

# Copy the binary from the builder stage
COPY --from=builder /build/target/release/wassette /usr/local/bin/wassette

# Set up environment
ENV HOME=/home/wassette
ENV XDG_DATA_HOME=/home/wassette/.local/share
ENV XDG_CONFIG_HOME=/home/wassette/.config

# Switch to the non-root user
USER wassette
WORKDIR /home/wassette

# Expose the default HTTP port (when using --http or --sse)
EXPOSE 9001

# Default command: start Wassette with streamable-http transport
# Override this in docker run or docker-compose for different transports
CMD ["wassette", "serve", "--streamable-http"]
42 changes: 42 additions & 0 deletions Dockerfile.prebuilt
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# Wassette Docker Image (Pre-built Binary)
# This Dockerfile uses a pre-built Wassette binary for faster builds
# Useful when you already have the binary compiled on your host system

FROM debian:bookworm-slim

# Install runtime dependencies
RUN apt-get update && \
apt-get install -y --no-install-recommends \
ca-certificates \
libssl3 && \
rm -rf /var/lib/apt/lists/*

# Create a non-root user for running Wassette
RUN useradd -m -u 1000 -s /bin/bash wassette

# Create necessary directories with proper permissions
RUN mkdir -p /home/wassette/.local/share/wassette/components && \
mkdir -p /home/wassette/.config/wassette/secrets && \
chown -R wassette:wassette /home/wassette

# Copy the pre-built binary from the host (build context)
# Build the binary first with: cargo build --release --bin wassette
# Then copy it: COPY target/release/wassette /usr/local/bin/wassette
COPY target/release/wassette /usr/local/bin/wassette
RUN chmod +x /usr/local/bin/wassette

# Set up environment
ENV HOME=/home/wassette
ENV XDG_DATA_HOME=/home/wassette/.local/share
ENV XDG_CONFIG_HOME=/home/wassette/.config

# Switch to the non-root user
USER wassette
WORKDIR /home/wassette

# Expose the default HTTP port (when using --http or --sse)
EXPOSE 9001

# Default command: start Wassette with streamable-http transport
# Override this in docker run or docker-compose for different transports
CMD ["wassette", "serve", "--streamable-http"]
20 changes: 20 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,28 @@ Available installation methods:
- **[Homebrew](./docs/installation.md#homebrew)** for macOS and Linux
- **[WinGet](./docs/installation.md#windows)** for Windows
- **[Nix flakes](./docs/installation.md#nix-all-platforms)** for reproducible environments
- **[Docker](./docs/deployment/docker.md)** for containerized deployments
- **[Manual download](https://github.com/microsoft/wassette/releases)** from GitHub Releases

### Docker Deployment

For enhanced security isolation and reproducible environments, Wassette can run in Docker containers:

```bash
# Build the image
docker build -t wassette:latest .

# Run with streamable-http transport (default)
docker run --rm -p 9001:9001 wassette:latest

# Mount components directory
docker run --rm -p 9001:9001 \
-v ./components:/home/wassette/.local/share/wassette/components:ro \
wassette:latest
```

See the **[Docker deployment guide](./docs/deployment/docker.md)** for detailed documentation on running Wassette in containers, including security best practices, component mounting, and production deployment patterns.

## Using Wassette

With Wassette installed, the next step is to register it with your agent of
Expand Down
84 changes: 84 additions & 0 deletions docker-compose.example.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
# Example Docker Compose configuration for Wassette
# Copy this file to docker-compose.yml and customize for your needs

version: '3.8'

services:
wassette:
build: .
image: wassette:latest

# Expose port 9001 for streamable-http transport (default)
ports:
- "9001:9001"

# Mount volumes for components, secrets, and configuration
volumes:
# Component directory (read-only for security)
- ./components:/home/wassette/.local/share/wassette/components:ro

# Secrets directory (read-only)
# Store API keys and credentials here
- ./secrets:/home/wassette/.config/wassette/secrets:ro

# Optional: Custom configuration file
# - ./config.toml:/home/wassette/.config/wassette/config.toml:ro

# Optional: Persistent component storage
# Use this if you want to load components via the MCP interface
# and persist them across container restarts
# - wassette-components:/home/wassette/.local/share/wassette/components

# Environment variables
environment:
# Set log level (trace, debug, info, warn, error)
- RUST_LOG=info

# Add any additional environment variables your components need
# - OPENWEATHER_API_KEY=your_api_key_here

# Command to run (override the default CMD from Dockerfile)
# Note: Default is streamable-http, but you can override it

# Default: Streamable HTTP transport (uses port 9001)
# Uses the default CMD from Dockerfile - no need to specify

# Option 1: Override with stdio transport
# command: ["wassette", "serve", "--stdio"]

# Option 2: Override with SSE transport
# command: ["wassette", "serve", "--sse"]

# Security: Limit container resources
deploy:
resources:
limits:
cpus: '1.0'
memory: 512M
reservations:
cpus: '0.5'
memory: 256M

# Security: Drop unnecessary capabilities
cap_drop:
- ALL

# Security: Prevent privilege escalation
security_opt:
- no-new-privileges:true

# Optional: Health check for SSE/HTTP transports
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:9001/health || exit 1"]
Copy link

Copilot AI Oct 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inconsistent health check format between the Docker Compose example and documentation. The documentation uses CMD format while this uses CMD-SHELL. Also, the /health endpoint should be verified to exist.

Suggested change
test: ["CMD-SHELL", "curl -f http://localhost:9001/health || exit 1"]
test: ["CMD", "curl", "-f", "http://localhost:9001/health"]

Copilot uses AI. Check for mistakes.

interval: 30s
timeout: 10s
retries: 3
start_period: 40s

# Restart policy
restart: unless-stopped

# Optional: Named volumes for persistent storage
# volumes:
# wassette-components:
# driver: local
1 change: 1 addition & 0 deletions docs/SUMMARY.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

- [Overview](./overview.md)
- [Installation](./installation.md)
- [Docker](./deployment/docker.md)
- [MCP Clients](./mcp-clients.md)
- [FAQ](./faq.md)

Expand Down
Loading
Loading