diff --git a/.claude/issue/claude-code-dispatch-flow.md b/.claude/issue/claude-code-dispatch-flow.md new file mode 100644 index 0000000000..6d37845ca8 --- /dev/null +++ b/.claude/issue/claude-code-dispatch-flow.md @@ -0,0 +1,357 @@ +# Claude Code 调度逻辑分析图 + +> 基于 claude-code-source-code v2.1.88 源码分析 + +--- + +## 图 1:宏观启动流程 + +```mermaid +%%{init: {'theme': 'base', 'themeVariables': {'primaryColor': '#E8F0FB', 'primaryTextColor': '#37352F', 'primaryBorderColor': '#A5C0E8', 'lineColor': '#9099A6', 'fontSize': '14px'}}}%% +flowchart TD + A([▶ 用户执行 claude 命令]) --> B + + subgraph BOOT [" 初始化阶段 "] + B["main.tsx 入口"] + B1["并行预取\nKeychain / MDM 配置"] + I["init · entrypoints/init.ts"] + I1["加载 config.json"] + I2["检查 OAuth / API Key"] + I3["初始化 MCP 客户端"] + I4["加载所有工具 getAllBaseTools"] + I5["初始化 feature flags GrowthBook"] + B --> B1 + B --> I + I --> I1 & I2 & I3 & I4 & I5 + end + + B --> C["Commander 解析 CLI 参数"] + C --> D{{"模式判断"}} + + D -->|交互式 REPL| E["launchRepl · replLauncher.tsx"] + D -->|非交互 -p 参数| F["QueryEngine.submitMessage"] + D -->|--resume 恢复会话| G["加载历史会话\n构建 messages[]"] + + E --> H["React / ink 渲染 UI\nREPL.tsx"] + G --> F + + H -->|用户输入| J["processUserInput"] + F --> J + J --> K(["⚙ query · query.ts\nAgent Loop 入口"]) + + classDef entry fill:#EAE4F2,stroke:#9065B0,stroke-width:1.5px,color:#37352F + classDef boot fill:#E8F0FB,stroke:#A5C0E8,stroke-width:1px,color:#37352F + classDef decision fill:#FEF3C7,stroke:#D97706,stroke-width:1.5px,color:#37352F + classDef terminal fill:#D1FAE5,stroke:#059669,stroke-width:2px,color:#1A3A2A + + class A entry + class K terminal + class D decision + class B,B1,I,I1,I2,I3,I4,I5,C,E,F,G,H,J boot +``` + +--- + +## 图 2:Agent Loop 主循环(核心) + +```mermaid +%%{init: {'theme': 'base', 'themeVariables': {'primaryColor': '#E8F0FB', 'primaryTextColor': '#37352F', 'primaryBorderColor': '#A5C0E8', 'lineColor': '#9099A6', 'fontSize': '14px'}}}%% +flowchart TD + START(["⚙ 进入 queryLoop"]) --> PREP + + PREP[/"预处理 · Context 管理\n① snipCompactIfNeeded\n② microcompactMessages\n③ applyCollapsesIfNeeded\n④ autoCompactIfNeeded"/] + PREP --> API + + API["🌐 queryModelWithStreaming\n调用 Anthropic API · 流式接收响应"] + API --> STREAM + + STREAM{{"包含\ntool_use block?"}} + STREAM -->|否 · 纯文本| HOOK + STREAM -->|是 · 有工具调用| TOOLS + + HOOK["handleStopHooks\n运行 Stop Hooks"] + HOOK --> HOOK_DEC{{"Hook\n决定?"}} + HOOK_DEC -->|阻止继续| X_HOOK(["退出\nstop_hook_prevented"]) + HOOK_DEC -->|继续| BUDGET + + BUDGET{{"Token Budget\n超出?"}} + BUDGET -->|否| X_OK(["✓ 退出\ncompleted"]) + BUDGET -->|是 · 注入收尾提示| PREP + + TOOLS["runTools 或 StreamingToolExecutor\n工具调度 → 见图 3"] + TOOLS --> COLLECT + + COLLECT["收集 tool_results\ngetAttachmentMessages 获取附件"] + COLLECT --> REBUILD + + REBUILD["构建下一轮 State\nmessages = 上轮 + assistant + results + attachments\nturnCount++"] + REBUILD --> PREP + + API -->|"Ctrl+C · 流式阶段"| X_AS(["退出\naborted_streaming"]) + TOOLS -->|"Ctrl+C · 工具阶段"| X_AT(["退出\naborted_tools"]) + API -->|"max_output_tokens\n连续 3 次"| X_MT(["退出\nmax_output_tokens"]) + API -->|"context 超限\n压缩无效"| X_TL(["退出\nprompt_too_long"]) + TOOLS -->|"pre-hook 中止"| X_HS(["退出\nhook_stopped"]) + + classDef entry fill:#EAE4F2,stroke:#9065B0,stroke-width:2px,color:#37352F + classDef process fill:#E8F0FB,stroke:#A5C0E8,stroke-width:1px,color:#37352F + classDef prep fill:#F0F4FF,stroke:#8BA4D4,stroke-width:1px,color:#37352F,font-style:italic + classDef api fill:#E0E7FF,stroke:#4F46E5,stroke-width:1.5px,color:#2D2B6B + classDef tool fill:#FEF3C7,stroke:#D97706,stroke-width:1.5px,color:#37352F + classDef ok fill:#D1FAE5,stroke:#059669,stroke-width:2px,color:#1A3A2A + classDef err fill:#FEE2E2,stroke:#DC2626,stroke-width:1.5px,color:#7F1D1D + classDef warn fill:#FED7AA,stroke:#EA580C,stroke-width:1.5px,color:#431407 + classDef dec fill:#FFFBEB,stroke:#D97706,stroke-width:1.5px,color:#37352F + + class START entry + class PREP prep + class API api + class TOOLS tool + class COLLECT,REBUILD,HOOK process + class X_OK ok + class X_AS,X_AT,X_HS err + class X_MT,X_TL,X_HOOK warn + class STREAM,HOOK_DEC,BUDGET dec +``` + +--- + +## 图 3:工具调度与执行 + +```mermaid +%%{init: {'theme': 'base', 'themeVariables': {'primaryColor': '#E8F0FB', 'primaryTextColor': '#37352F', 'primaryBorderColor': '#A5C0E8', 'lineColor': '#9099A6', 'fontSize': '14px'}}}%% +flowchart TD + IN(["收到 toolUseBlocks[]"]) --> PART + + PART["partitionToolCalls\n按 isConcurrencySafe 分批"] + + PART --> SAFE["只读工具批次\nFileRead · Glob · Grep …"] + PART --> UNSAFE["写入工具批次\nFileEdit · FileWrite · Bash …"] + + SAFE --> CON["runToolsConcurrently\n并行执行 · 最多 10 个\nCLAUDE_CODE_MAX_TOOL_USE_CONCURRENCY"] + UNSAFE --> SER["runToolsSerially\n严格串行执行"] + + CON --> RUN + SER --> RUN + + RUN["runToolUse\n单个工具执行入口"] + + RUN --> V["① 输入验证\nZod schema · validateInput"] + V --> PH["② Pre-tool Hooks\nrunPreToolUseHooks"] + PH --> PC["③ 权限检查\ncanUseTool → 见图 4"] + + PC --> DEC{{"权限\n决定"}} + DEC -->|allow| EX["④ 执行工具\ntool.call(input, ctx, onProgress)"] + DEC -->|deny| DR(["返回 ToolResult\n拒绝原因"]) + DEC -->|abort| AB(["⛔ 中止整个会话"]) + + EX --> POH["⑤ Post-tool Hooks\nrunPostToolUseHooks"] + POH --> RES(["返回 ToolResult ✓"]) + + STREAM_NOTE["🚀 StreamingToolExecutor\n流中出现完整 tool_use block\n立即启动,与后续流并行执行"] + STREAM_NOTE -.->|提前触发| RUN + + classDef entry fill:#EAE4F2,stroke:#9065B0,stroke-width:2px,color:#37352F + classDef process fill:#E8F0FB,stroke:#A5C0E8,stroke-width:1px,color:#37352F + classDef blue fill:#E0E7FF,stroke:#4F46E5,stroke-width:1.5px,color:#2D2B6B + classDef green fill:#D1FAE5,stroke:#059669,stroke-width:1.5px,color:#1A3A2A + classDef red fill:#FEE2E2,stroke:#DC2626,stroke-width:1.5px,color:#7F1D1D + classDef amber fill:#FEF3C7,stroke:#D97706,stroke-width:1.5px,color:#37352F + classDef stream fill:#FFF7ED,stroke:#EA580C,stroke-width:1.5px,stroke-dasharray:5 3,color:#431407 + classDef dec fill:#FFFBEB,stroke:#D97706,stroke-width:1.5px,color:#37352F + + class IN entry + class CON blue + class SER blue + class RES green + class DR,AB red + class PART,RUN,V,PH,EX,POH process + class PC amber + class STREAM_NOTE stream + class DEC dec +``` + +--- + +## 图 4:权限决策树 + +```mermaid +%%{init: {'theme': 'base', 'themeVariables': {'primaryColor': '#E8F0FB', 'primaryTextColor': '#37352F', 'primaryBorderColor': '#A5C0E8', 'lineColor': '#9099A6', 'fontSize': '14px'}}}%% +flowchart TD + START(["canUseTool 被调用"]) --> P1 + + P1{{"① alwaysDenyRules\n命中黑名单?"}} + P1 -->|是| DENY1(["🚫 deny"]) + P1 -->|否| P2 + + P2{{"② alwaysAskRules\n命中需询问规则?"}} + P2 -->|是 · 非沙箱| ASK + P2 -->|否| P3 + + P3{{"③ tool.checkPermissions\n工具自身检查"}} + P3 -->|deny| DENY2(["🚫 deny"]) + P3 -->|ask · 非safetyCheck| ASK + P3 -->|ask · safetyCheck| ASK_S + P3 -->|allow| P4 + + P4{{"④ requiresUserInteraction\n强制用户交互?"}} + P4 -->|是| ASK + P4 -->|否| P5 + + P5{{"⑤ 内容级 ask 规则\n如 npm publish:*"}} + P5 -->|命中| ASK_S + P5 -->|未命中| P6 + + P6{{"⑥ safetyCheck\n.git · .claude · shell 配置"}} + P6 -->|命中| ASK_S + P6 -->|未命中| P7 + + P7{{"⑦ bypassPermissions\n模式开启?"}} + P7 -->|是| ALLOW1(["✅ allow"]) + P7 -->|否| P8 + + P8{{"⑧ alwaysAllowRules\n命中白名单?"}} + P8 -->|是| ALLOW2(["✅ allow"]) + P8 -->|否| ASK + + ASK["behavior = ask\n进入模式路由"] + ASK_S["behavior = ask 🔒\nbypass 也无法豁免"] + ASK --> ROUTER + ASK_S --> ROUTER + + ROUTER{{"当前权限模式?"}} + ROUTER -->|dontAsk| AD1(["🚫 自动拒绝"]) + ROUTER -->|auto / plan+auto| CLS + ROUTER -->|shouldAvoidPrompts| HKP + ROUTER -->|default 交互式| UI + + CLS["🤖 AI 分类器\nclassifyYoloAction"] + CLS --> CDEC{{"分类\n结果"}} + CDEC -->|allow| ALLOW3(["✅ allow"]) + CDEC -->|deny · 未超拒绝上限| AD2(["🚫 自动拒绝"]) + CDEC -->|deny · 超过拒绝上限| UI + + HKP["外部 PermissionRequest Hooks"] + HKP --> HDEC{{"Hook\n决定"}} + HDEC -->|allow| ALLOW4(["✅ allow"]) + HDEC -->|无决定| AD3(["🚫 自动拒绝"]) + + UI["💬 交互式弹窗\nhandleInteractivePermission\n推送到 REPL UI 队列"] + UI --> UDEC{{"用户\n操作"}} + UDEC -->|onAllow| ALLOW5(["✅ allow"]) + UDEC -->|onReject| DENY3(["🚫 deny"]) + UDEC -->|onAbort| ABORT(["⛔ 中止会话"]) + + classDef entry fill:#EAE4F2,stroke:#9065B0,stroke-width:2px,color:#37352F + classDef dec fill:#FFFBEB,stroke:#D97706,stroke-width:1.5px,color:#37352F + classDef route fill:#F0F4FF,stroke:#8BA4D4,stroke-width:1px,color:#37352F + classDef allow fill:#D1FAE5,stroke:#059669,stroke-width:1.5px,color:#1A3A2A + classDef deny fill:#FEE2E2,stroke:#DC2626,stroke-width:1.5px,color:#7F1D1D + classDef abort fill:#1C1917,stroke:#1C1917,stroke-width:1px,color:#F5F5F4 + classDef ai fill:#FEF3C7,stroke:#D97706,stroke-width:1.5px,color:#37352F + classDef ui fill:#E0E7FF,stroke:#4F46E5,stroke-width:1.5px,color:#2D2B6B + + class START entry + class P1,P2,P3,P4,P5,P6,P7,P8,ROUTER,CDEC,HDEC,UDEC dec + class ASK,ASK_S route + class ALLOW1,ALLOW2,ALLOW3,ALLOW4,ALLOW5 allow + class DENY1,DENY2,DENY3,AD1,AD2,AD3 deny + class ABORT abort + class CLS ai + class UI,HKP ui +``` + +--- + +## 图 5:数据流与 AsyncGenerator 链 + +```mermaid +%%{init: {'theme': 'base', 'themeVariables': {'primaryColor': '#E8F0FB', 'primaryTextColor': '#37352F', 'primaryBorderColor': '#A5C0E8', 'lineColor': '#9099A6', 'fontSize': '14px'}}}%% +flowchart LR + USER(["👤 用户输入"]) + + subgraph SDK ["QueryEngine.ts · SDK 层"] + direction TB + QE1["submitMessage"] + QE2["processUserInput\nslash commands · 附件"] + QE3["fetchSystemPromptParts\n构建 system prompt"] + end + + subgraph LOOP ["query.ts · Agent Loop"] + direction TB + Q1["query(params)\nAsyncGenerator"] + Q2["queryLoop()\nwhile(true) 主循环"] + Q1 -->|yield*| Q2 + end + + subgraph APILAYER ["claude.ts · API 层"] + direction TB + A1["queryModelWithStreaming\nAnthropic SDK stream"] + end + + subgraph TOOLLAYER ["toolOrchestration.ts · 工具层"] + direction TB + T1["runTools\n批次划分 + 调度"] + T2["runToolUse\n单工具执行"] + T3["tool.call\n实际执行"] + T1 --> T2 --> T3 + end + + subgraph PERMLAYER ["permissions.ts · 权限层"] + direction TB + P1["hasPermissionsToUseTool"] + P2["canUseTool 回调"] + end + + subgraph UILAYER ["REPL.tsx · UI 层"] + direction TB + U1["useQueueProcessor\n消息队列处理"] + U2["ToolUseConfirm\n权限确认弹窗"] + end + + STREAM[("📡 消息流\n实时 yield")] + + USER -->|"Message[]"| QE1 + QE1 --> Q1 + Q2 <-->|"for await"| A1 + A1 -->|"yield assistant message"| STREAM + STREAM -->|"stream 消息"| U1 + + Q2 -->|"toolUseBlocks"| T1 + T3 -->|"ToolResult → yield 回"| Q2 + T2 <-->|"权限查询"| P1 + P2 <-->|"ask 时推送确认"| U2 + + classDef user fill:#EAE4F2,stroke:#9065B0,stroke-width:2px,color:#37352F + classDef stream fill:#FEF3C7,stroke:#D97706,stroke-width:2px,color:#37352F + classDef sdk fill:#E8F0FB,stroke:#A5C0E8,color:#37352F + classDef loop fill:#E0E7FF,stroke:#4F46E5,color:#2D2B6B + classDef apil fill:#F0F4FF,stroke:#8BA4D4,color:#37352F + classDef tool fill:#FEF9EC,stroke:#D97706,color:#37352F + classDef perm fill:#FFF0F0,stroke:#DC2626,color:#37352F + classDef ui fill:#F0FDF4,stroke:#059669,color:#37352F + + class USER user + class STREAM stream + class SDK sdk + class LOOP loop + class APILAYER apil + class TOOLLAYER tool + class PERMLAYER perm + class UILAYER ui +``` + +--- + +## 关键设计要点 + +| 特性 | 实现方式 | 源文件 | +|------|---------|--------| +| **全链路流式** | 每层均为 `AsyncGenerator`,`yield` 链式传递 | `query.ts` · `claude.ts` | +| **流式工具提前启动** | 流中出现完整 `tool_use` block 即立即执行,与后续流并行 | `StreamingToolExecutor.ts` | +| **工具并发控制** | `isConcurrencySafe` 分批,最多 10 并发 | `toolOrchestration.ts` | +| **Context 自动管理** | 超 token 时自动压缩/裁剪,对上层透明 | `query.ts` | +| **Token Budget** | 工具返回内容累计超限时注入收尾提示,防止无限循环 | `query.ts` | +| **多级权限** | 8 级判断规则 + 5 种模式路由(含 AI 分类器) | `permissions.ts` | +| **AbortController 层次** | 会话级 + 工具批次级,兄弟工具失败可互相取消 | `toolExecution.ts` | +| **启动并行优化** | Keychain / MDM 在 `main.tsx` 顶部并行预取 | `main.tsx` | diff --git a/deploy/args.json b/deploy/args.json index 11ea31c28b..db9602d71e 100644 --- a/deploy/args.json +++ b/deploy/args.json @@ -4,7 +4,8 @@ "fastgpt-sandbox": "v4.14.9.5", "fastgpt-mcp_server": "v4.14.9", "fastgpt-plugin": "v0.5.5", - "volume-manager": "v0.0.1", + "volume-manager": "v0.0.2", + "agent-sandbox-image": "v0.0.2", "aiproxy": "v0.3.5", "aiproxy-pg": "0.8.0-pg15", "mongo": "5.0.32", @@ -27,6 +28,7 @@ "fastgpt-sandbox": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox", "fastgpt-mcp_server": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server", "volume-manager": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager", + "agent-sandbox-image": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox", "aiproxy": "registry.cn-hangzhou.aliyuncs.com/labring/aiproxy", "aiproxy-pg": "registry.cn-hangzhou.aliyuncs.com/fastgpt/pgvector", "mongo": "registry.cn-hangzhou.aliyuncs.com/fastgpt/mongo", diff --git a/deploy/dev/docker-compose.cn.yml b/deploy/dev/docker-compose.cn.yml index 648c0b5230..35a92df77d 100644 --- a/deploy/dev/docker-compose.cn.yml +++ b/deploy/dev/docker-compose.cn.yml @@ -10,6 +10,38 @@ # - aiproxy: 3010 # - 使用 pgvector 作为默认的向量库 +# plugin auth token +x-plugin-auth-token: &x-plugin-auth-token 'token' +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' +# aiproxy token +x-aiproxy-token: &x-aiproxy-token 'token' +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@mongo:27017/fastgpt?authSource=admin + DB_MAX_LINK: 100 + REDIS_URL: redis://default:mypassword@redis:6379 + # @see https://doc.fastgpt.cn/docs/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + services: # Vector DB pg: @@ -134,19 +166,57 @@ services: interval: 30s timeout: 20s retries: 3 - sandbox: - container_name: sandbox + code-sandbox: + container_name: code-sandbox image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.9.5 ports: - 3002:3000 networks: - fastgpt restart: always + environment: + <<: [*x-log-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: false + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] + interval: 30s + timeout: 20s + retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.9 ports: - - 3005:3000 + - 3003:3000 networks: - fastgpt restart: always @@ -157,27 +227,84 @@ services: container_name: fastgpt-plugin restart: always ports: - - 3003:3000 + - 3004:3000 networks: - fastgpt environment: - - AUTH_TOKEN=token - # @see https://fastgpt.cn/docs/self-host/config/object-storage - - STORAGE_VENDOR=minio # minio | aws-s3 | cos | oss - - STORAGE_REGION=us-east-1 - - STORAGE_ACCESS_KEY_ID=minioadmin - - STORAGE_SECRET_ACCESS_KEY=minioadmin - - STORAGE_PUBLIC_BUCKET=fastgpt-public - - STORAGE_PRIVATE_BUCKET=fastgpt-private - - STORAGE_EXTERNAL_ENDPOINT=https://minio.com # 一个公开的、前端和用户可以直接访问的对象存储连接 - - STORAGE_S3_ENDPOINT=http://fastgpt-minio:9000 # 协议://域名(IP):端口 - - STORAGE_S3_FORCE_PATH_STYLE=true - - STORAGE_S3_MAX_RETRIES=3 - - MONGODB_URI=mongodb://myusername:mypassword@mongo:27017/fastgpt?authSource=admin&directConnection=true - - REDIS_URL=redis://default:mypassword@redis:6379 + <<: [*x-share-db-config, *x-log-config] + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin depends_on: fastgpt-minio: condition: service_healthy + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + ports: + - 8090:8090 + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + ports: + - 3005:3000 + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -193,17 +320,17 @@ services: - aiproxy environment: # 对应 fastgpt 里的AIPROXY_API_TOKEN - - ADMIN_KEY=aiproxy + ADMIN_KEY: *x-aiproxy-token # 错误日志详情保存时间(小时) - - LOG_DETAIL_STORAGE_HOURS=1 + LOG_DETAIL_STORAGE_HOURS: 1 # 数据库连接地址 - - SQL_DSN=postgres://postgres:aiproxy@aiproxy_pg:5432/aiproxy + SQL_DSN: postgres://postgres:aiproxy@aiproxy_pg:5432/aiproxy # 最大重试次数 - - RETRY_TIMES=3 + RETRY_TIMES: 3 # 不需要计费 - - BILLING_ENABLED=false + BILLING_ENABLED: false # 不需要严格检测模型 - - DISABLE_MODEL_CONFIG=true + DISABLE_MODEL_CONFIG: true healthcheck: test: ['CMD', 'curl', '-f', 'http://localhost:3000/api/status'] interval: 5s @@ -230,3 +357,24 @@ services: networks: fastgpt: aiproxy: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/deploy/dev/docker-compose.yml b/deploy/dev/docker-compose.yml index 7592f75aef..fe0b06ca00 100644 --- a/deploy/dev/docker-compose.yml +++ b/deploy/dev/docker-compose.yml @@ -10,6 +10,38 @@ # - aiproxy: 3010 # - 使用 pgvector 作为默认的向量库 +# plugin auth token +x-plugin-auth-token: &x-plugin-auth-token 'token' +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' +# aiproxy token +x-aiproxy-token: &x-aiproxy-token 'token' +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@mongo:27017/fastgpt?authSource=admin + DB_MAX_LINK: 100 + REDIS_URL: redis://default:mypassword@redis:6379 + # @see https://doc.fastgpt.cn/docs/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + services: # Vector DB pg: @@ -134,19 +166,57 @@ services: interval: 30s timeout: 20s retries: 3 - sandbox: - container_name: sandbox + code-sandbox: + container_name: code-sandbox image: ghcr.io/labring/fastgpt-sandbox:v4.14.9.5 ports: - 3002:3000 networks: - fastgpt restart: always + environment: + <<: [*x-log-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: false + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] + interval: 30s + timeout: 20s + retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server image: ghcr.io/labring/fastgpt-mcp_server:v4.14.9 ports: - - 3005:3000 + - 3003:3000 networks: - fastgpt restart: always @@ -157,27 +227,84 @@ services: container_name: fastgpt-plugin restart: always ports: - - 3003:3000 + - 3004:3000 networks: - fastgpt environment: - - AUTH_TOKEN=token - # @see https://fastgpt.cn/docs/self-host/config/object-storage - - STORAGE_VENDOR=minio # minio | aws-s3 | cos | oss - - STORAGE_REGION=us-east-1 - - STORAGE_ACCESS_KEY_ID=minioadmin - - STORAGE_SECRET_ACCESS_KEY=minioadmin - - STORAGE_PUBLIC_BUCKET=fastgpt-public - - STORAGE_PRIVATE_BUCKET=fastgpt-private - - STORAGE_EXTERNAL_ENDPOINT=https://minio.com # 一个公开的、前端和用户可以直接访问的对象存储连接 - - STORAGE_S3_ENDPOINT=http://fastgpt-minio:9000 # 协议://域名(IP):端口 - - STORAGE_S3_FORCE_PATH_STYLE=true - - STORAGE_S3_MAX_RETRIES=3 - - MONGODB_URI=mongodb://myusername:mypassword@mongo:27017/fastgpt?authSource=admin&directConnection=true - - REDIS_URL=redis://default:mypassword@redis:6379 + <<: [*x-share-db-config, *x-log-config] + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin depends_on: fastgpt-minio: condition: service_healthy + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + ports: + - 8090:8090 + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 + container_name: volume-manager + restart: always + ports: + - 3005:3000 + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -193,17 +320,17 @@ services: - aiproxy environment: # 对应 fastgpt 里的AIPROXY_API_TOKEN - - ADMIN_KEY=aiproxy + ADMIN_KEY: *x-aiproxy-token # 错误日志详情保存时间(小时) - - LOG_DETAIL_STORAGE_HOURS=1 + LOG_DETAIL_STORAGE_HOURS: 1 # 数据库连接地址 - - SQL_DSN=postgres://postgres:aiproxy@aiproxy_pg:5432/aiproxy + SQL_DSN: postgres://postgres:aiproxy@aiproxy_pg:5432/aiproxy # 最大重试次数 - - RETRY_TIMES=3 + RETRY_TIMES: 3 # 不需要计费 - - BILLING_ENABLED=false + BILLING_ENABLED: false # 不需要严格检测模型 - - DISABLE_MODEL_CONFIG=true + DISABLE_MODEL_CONFIG: true healthcheck: test: ['CMD', 'curl', '-f', 'http://localhost:3000/api/status'] interval: 5s @@ -230,3 +357,24 @@ services: networks: fastgpt: aiproxy: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/deploy/docker/cn/docker-compose.milvus.yml b/deploy/docker/cn/docker-compose.milvus.yml index cd51d3fbad..d7cf486fbc 100644 --- a/deploy/docker/cn/docker-compose.milvus.yml +++ b/deploy/docker/cn/docker-compose.milvus.yml @@ -243,10 +243,10 @@ services: AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -365,8 +365,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -383,7 +381,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -391,6 +389,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -401,11 +400,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/deploy/docker/cn/docker-compose.oceanbase.yml b/deploy/docker/cn/docker-compose.oceanbase.yml index 8adeb2c3db..2ce1fcff17 100644 --- a/deploy/docker/cn/docker-compose.oceanbase.yml +++ b/deploy/docker/cn/docker-compose.oceanbase.yml @@ -220,10 +220,10 @@ services: AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -342,8 +342,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -360,7 +358,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -368,6 +366,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -378,11 +377,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/deploy/docker/cn/docker-compose.pg.yml b/deploy/docker/cn/docker-compose.pg.yml index a1d9aa448b..a12c281094 100644 --- a/deploy/docker/cn/docker-compose.pg.yml +++ b/deploy/docker/cn/docker-compose.pg.yml @@ -201,10 +201,10 @@ services: AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -323,8 +323,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -341,7 +339,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -349,6 +347,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -359,11 +358,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/deploy/docker/cn/docker-compose.seekdb.yml b/deploy/docker/cn/docker-compose.seekdb.yml index ee6b8bb97b..3447d72ec0 100644 --- a/deploy/docker/cn/docker-compose.seekdb.yml +++ b/deploy/docker/cn/docker-compose.seekdb.yml @@ -207,10 +207,10 @@ services: AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -329,8 +329,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -347,7 +345,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -355,6 +353,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -365,11 +364,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/deploy/docker/cn/docker-compose.zilliz.yml b/deploy/docker/cn/docker-compose.zilliz.yml index 91f565fa28..513b44638a 100644 --- a/deploy/docker/cn/docker-compose.zilliz.yml +++ b/deploy/docker/cn/docker-compose.zilliz.yml @@ -185,10 +185,10 @@ services: AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -307,8 +307,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -325,7 +323,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -333,6 +331,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -343,11 +342,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/deploy/docker/global/docker-compose.milvus.yml b/deploy/docker/global/docker-compose.milvus.yml index 04bc461c52..1306e674ba 100644 --- a/deploy/docker/global/docker-compose.milvus.yml +++ b/deploy/docker/global/docker-compose.milvus.yml @@ -242,11 +242,11 @@ services: AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker - AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -365,8 +365,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -383,7 +381,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -391,6 +389,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -401,11 +400,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/deploy/docker/global/docker-compose.oceanbase.yml b/deploy/docker/global/docker-compose.oceanbase.yml index cba7830532..8c84ae1784 100644 --- a/deploy/docker/global/docker-compose.oceanbase.yml +++ b/deploy/docker/global/docker-compose.oceanbase.yml @@ -219,11 +219,11 @@ services: AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker - AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -342,8 +342,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -360,7 +358,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -368,6 +366,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -378,11 +377,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/deploy/docker/global/docker-compose.pg.yml b/deploy/docker/global/docker-compose.pg.yml index adcaec4324..e5d1f1e9d0 100644 --- a/deploy/docker/global/docker-compose.pg.yml +++ b/deploy/docker/global/docker-compose.pg.yml @@ -200,11 +200,11 @@ services: AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker - AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -323,8 +323,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -341,7 +339,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -349,6 +347,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -359,11 +358,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/deploy/docker/global/docker-compose.seekdb.yml b/deploy/docker/global/docker-compose.seekdb.yml index 2a62e156f4..11727ddccc 100644 --- a/deploy/docker/global/docker-compose.seekdb.yml +++ b/deploy/docker/global/docker-compose.seekdb.yml @@ -206,11 +206,11 @@ services: AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker - AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -329,8 +329,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -347,7 +345,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -355,6 +353,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -365,11 +364,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/deploy/docker/global/docker-compose.ziliiz.yml b/deploy/docker/global/docker-compose.ziliiz.yml index ce939d3f06..a9965c0107 100644 --- a/deploy/docker/global/docker-compose.ziliiz.yml +++ b/deploy/docker/global/docker-compose.ziliiz.yml @@ -184,11 +184,11 @@ services: AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker - AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -307,8 +307,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -325,7 +323,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -333,6 +331,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -343,11 +342,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/deploy/templates/docker-compose.dev.yml b/deploy/templates/docker-compose.dev.yml index 07e39c8dab..8954771d8b 100644 --- a/deploy/templates/docker-compose.dev.yml +++ b/deploy/templates/docker-compose.dev.yml @@ -10,6 +10,38 @@ # - aiproxy: 3010 # - 使用 pgvector 作为默认的向量库 +# plugin auth token +x-plugin-auth-token: &x-plugin-auth-token 'token' +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' +# aiproxy token +x-aiproxy-token: &x-aiproxy-token 'token' +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@mongo:27017/fastgpt?authSource=admin + DB_MAX_LINK: 100 + REDIS_URL: redis://default:mypassword@redis:6379 + # @see https://doc.fastgpt.cn/docs/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + services: # Vector DB pg: @@ -134,19 +166,57 @@ services: interval: 30s timeout: 20s retries: 3 - sandbox: - container_name: sandbox + code-sandbox: + container_name: code-sandbox image: ${{fastgpt-sandbox.image}}:${{fastgpt-sandbox.tag}} ports: - 3002:3000 networks: - fastgpt restart: always + environment: + <<: [*x-log-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: false + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] + interval: 30s + timeout: 20s + retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server image: ${{fastgpt-mcp_server.image}}:${{fastgpt-mcp_server.tag}} ports: - - 3005:3000 + - 3003:3000 networks: - fastgpt restart: always @@ -157,27 +227,84 @@ services: container_name: fastgpt-plugin restart: always ports: - - 3003:3000 + - 3004:3000 networks: - fastgpt environment: - - AUTH_TOKEN=token - # @see https://fastgpt.cn/docs/self-host/config/object-storage - - STORAGE_VENDOR=minio # minio | aws-s3 | cos | oss - - STORAGE_REGION=us-east-1 - - STORAGE_ACCESS_KEY_ID=minioadmin - - STORAGE_SECRET_ACCESS_KEY=minioadmin - - STORAGE_PUBLIC_BUCKET=fastgpt-public - - STORAGE_PRIVATE_BUCKET=fastgpt-private - - STORAGE_EXTERNAL_ENDPOINT=https://minio.com # 一个公开的、前端和用户可以直接访问的对象存储连接 - - STORAGE_S3_ENDPOINT=http://fastgpt-minio:9000 # 协议://域名(IP):端口 - - STORAGE_S3_FORCE_PATH_STYLE=true - - STORAGE_S3_MAX_RETRIES=3 - - MONGODB_URI=mongodb://myusername:mypassword@mongo:27017/fastgpt?authSource=admin&directConnection=true - - REDIS_URL=redis://default:mypassword@redis:6379 + <<: [*x-share-db-config, *x-log-config] + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin depends_on: fastgpt-minio: condition: service_healthy + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: opensandbox-server + restart: always + ports: + - 8090:8090 + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ${{volume-manager.image}}:${{volume-manager.tag}} + container_name: volume-manager + restart: always + ports: + - 3005:3000 + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: ${{agent-sandbox-image.image}}:${{agent-sandbox-image.tag}} + profiles: + - prepull + # AI Proxy aiproxy: image: ${{aiproxy.image}}:${{aiproxy.tag}} @@ -193,17 +320,17 @@ services: - aiproxy environment: # 对应 fastgpt 里的AIPROXY_API_TOKEN - - ADMIN_KEY=aiproxy + ADMIN_KEY: *x-aiproxy-token # 错误日志详情保存时间(小时) - - LOG_DETAIL_STORAGE_HOURS=1 + LOG_DETAIL_STORAGE_HOURS: 1 # 数据库连接地址 - - SQL_DSN=postgres://postgres:aiproxy@aiproxy_pg:5432/aiproxy + SQL_DSN: postgres://postgres:aiproxy@aiproxy_pg:5432/aiproxy # 最大重试次数 - - RETRY_TIMES=3 + RETRY_TIMES: 3 # 不需要计费 - - BILLING_ENABLED=false + BILLING_ENABLED: false # 不需要严格检测模型 - - DISABLE_MODEL_CONFIG=true + DISABLE_MODEL_CONFIG: true healthcheck: test: ['CMD', 'curl', '-f', 'http://localhost:3000/api/status'] interval: 5s @@ -230,3 +357,24 @@ services: networks: fastgpt: aiproxy: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/deploy/templates/docker-compose.prod.copy.yml b/deploy/templates/docker-compose.prod.copy.yml deleted file mode 100644 index 01f7607e07..0000000000 --- a/deploy/templates/docker-compose.prod.copy.yml +++ /dev/null @@ -1,325 +0,0 @@ -# 用于部署的 docker-compose 文件: -# - FastGPT 端口映射为 3000:3000 -# - FastGPT-mcp-server 端口映射 3005:3000 -# - 建议修改账密后再运行 - -# plugin auth token -x-plugin-auth-token: &x-plugin-auth-token 'token' -# aiproxy token -x-aiproxy-token: &x-aiproxy-token 'token' -# 数据库连接相关配置 -x-share-db-config: &x-share-db-config - MONGODB_URI: mongodb://myusername:mypassword@mongo:27017/fastgpt?authSource=admin - DB_MAX_LINK: 100 - REDIS_URL: redis://default:mypassword@redis:6379 - # @see https://doc.fastgpt.cn/docs/self-host/config/object-storage - STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss - STORAGE_REGION: us-east-1 - STORAGE_ACCESS_KEY_ID: minioadmin - STORAGE_SECRET_ACCESS_KEY: minioadmin - STORAGE_PUBLIC_BUCKET: fastgpt-public - STORAGE_PRIVATE_BUCKET: fastgpt-private - STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) - STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 - STORAGE_S3_FORCE_PATH_STYLE: true - STORAGE_S3_MAX_RETRIES: 3 -# Log 配置 -x-log-config: &x-log-config - LOG_ENABLE_CONSOLE: true - LOG_CONSOLE_LEVEL: debug - LOG_ENABLE_OTEL: false - LOG_OTEL_LEVEL: info - LOG_OTEL_URL: http://localhost:4318/v1/logs - -# 向量库相关配置 -x-vec-config: &x-vec-config -${{vec.config}} - -version: '3.3' -services: - # Vector DB -${{vec.db}} - mongo: - image: ${{mongo.image}}:${{mongo.tag}} # cpu 不支持 AVX 时候使用 4.4.29 - container_name: mongo - restart: always - networks: - - fastgpt - command: mongod --keyFile /data/mongodb.key --replSet rs0 - environment: - - MONGO_INITDB_ROOT_USERNAME=myusername - - MONGO_INITDB_ROOT_PASSWORD=mypassword - volumes: - - ./mongo/data:/data/db - healthcheck: - test: ['CMD', 'mongo', '-u', 'myusername', '-p', 'mypassword', '--authenticationDatabase', 'admin', '--eval', "db.adminCommand('ping')"] - interval: 10s - timeout: 5s - retries: 5 - start_period: 30s - entrypoint: - - bash - - -c - - | - openssl rand -base64 128 > /data/mongodb.key - chmod 400 /data/mongodb.key - chown 999:999 /data/mongodb.key - echo 'const isInited = rs.status().ok === 1 - if(!isInited){ - rs.initiate({ - _id: "rs0", - members: [ - { _id: 0, host: "mongo:27017" } - ] - }) - }' > /data/initReplicaSet.js - # 启动MongoDB服务 - exec docker-entrypoint.sh "$$@" & - - # 等待MongoDB服务启动 - until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do - echo "Waiting for MongoDB to start..." - sleep 2 - done - - # 执行初始化副本集的脚本 - mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js - - # 等待docker-entrypoint.sh脚本执行的MongoDB服务进程 - wait $$! - redis: - image: ${{redis.image}}:${{redis.tag}} - container_name: redis - networks: - - fastgpt - restart: always - command: | - redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction - healthcheck: - test: ['CMD', 'redis-cli', '-a', 'mypassword', 'ping'] - interval: 10s - timeout: 3s - retries: 3 - start_period: 30s - volumes: - - ./redis/data:/data - fastgpt-minio: - image: ${{minio.image}}:${{minio.tag}} - container_name: fastgpt-minio - restart: always - ports: - - 9000:9000 - - 9001:9001 - networks: - - fastgpt - environment: - - MINIO_ROOT_USER=minioadmin - - MINIO_ROOT_PASSWORD=minioadmin - volumes: - - ./fastgpt-minio:/data - command: server /data --console-address ":9001" - healthcheck: - test: ['CMD', 'curl', '-f', 'http://localhost:9000/minio/health/live'] - interval: 30s - timeout: 20s - retries: 3 - - opensandbox-server: - image: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.7 - container_name: opensandbox-server - restart: always - networks: - - fastgpt - extra_hosts: - - 'host.docker.internal:host-gateway' # Enable access to host machine - volumes: - - /var/run/docker.sock:/var/run/docker.sock - configs: - - source: opensandbox-config - target: /etc/opensandbox/config.toml - environment: - - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml - healthcheck: - test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] - interval: 10s - timeout: 5s - retries: 5 - - fastgpt: - container_name: fastgpt - image: ${{fastgpt.image}}:${{fastgpt.tag}} # git - ports: - - 3000:3000 - networks: - - fastgpt - extra_hosts: - - 'host.docker.internal:host-gateway' # Enable access to host machine - depends_on: - - mongo - - sandbox - - vectorDB - - opensandbox-server - restart: always - environment: - <<: [*x-share-db-config, *x-vec-config, *x-log-config] - # 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。 - FE_DOMAIN: - # root 密码,用户名为: root。如果需要修改 root 密码,直接修改这个环境变量,并重启即可。 - DEFAULT_ROOT_PSW: 1234 - # 登录凭证密钥 - TOKEN_KEY: any - # root的密钥,常用于升级时候的初始化请求 - ROOT_KEY: root_key - # 文件阅读加密 - FILE_TOKEN_KEY: filetoken - # 密钥加密key - AES256_SECRET_KEY: fastgptkey - - # plugin 地址 - PLUGIN_BASE_URL: http://fastgpt-plugin:3000 - PLUGIN_TOKEN: *x-plugin-auth-token - # sandbox 地址 - CODE_SANDBOX_URL: http://sandbox:3000 - # opensandbox server 地址 - OPENSANDBOX_SERVER_URL: http://opensandbox-server:8090 - # AI Proxy 的地址,如果配了该地址,优先使用 - AIPROXY_API_ENDPOINT: http://aiproxy:3000 - # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY - AIPROXY_API_TOKEN: *x-aiproxy-token - - # 传递给 OTLP 收集器的服务名称 - LOG_OTEL_SERVICE_NAME: fastgpt-client - - # 工作流最大运行次数 - WORKFLOW_MAX_RUN_TIMES: 1000 - # 批量执行节点,最大输入长度 - WORKFLOW_MAX_LOOP_TIMES: 100 - # 对话文件过期天数 - CHAT_FILE_EXPIRE_TIME: 7 - # 服务器接收请求,最大大小,单位 MB - SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 - # HTML 转换最大字符数 - MAX_HTML_TRANSFORM_CHARS: 1000000 - volumes: - - ./config.json:/app/data/config.json - sandbox: - container_name: sandbox - image: ${{fastgpt-sandbox.image}}:${{fastgpt-sandbox.tag}} - networks: - - fastgpt - restart: always - environment: - <<: [*x-log-config] - LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox - healthcheck: - test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] - interval: 30s - timeout: 20s - retries: 3 - fastgpt-mcp-server: - container_name: fastgpt-mcp-server - image: ${{fastgpt-mcp_server.image}}:${{fastgpt-mcp_server.tag}} - networks: - - fastgpt - ports: - - 3005:3000 - restart: always - environment: - <<: [*x-log-config] - FASTGPT_ENDPOINT: http://fastgpt:3000 - fastgpt-plugin: - image: ${{fastgpt-plugin.image}}:${{fastgpt-plugin.tag}} - container_name: fastgpt-plugin - restart: always - networks: - - fastgpt - environment: - <<: [*x-share-db-config, *x-log-config] - AUTH_TOKEN: *x-plugin-auth-token - # 工具网络请求,最大请求和响应体 - SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 - # 最大 API 请求体大小 - MAX_API_SIZE: 10 - # 传递给 OTLP 收集器的服务名称 - LOG_OTEL_SERVICE_NAME: fastgpt-plugin - depends_on: - fastgpt-minio: - condition: service_healthy - healthcheck: - test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] - interval: 30s - timeout: 20s - retries: 3 - # AI Proxy - aiproxy: - image: ${{aiproxy.image}}:${{aiproxy.tag}} - container_name: aiproxy - restart: unless-stopped - depends_on: - aiproxy_pg: - condition: service_healthy - networks: - - fastgpt - - aiproxy - environment: - # 对应 fastgpt 里的AIPROXY_API_TOKEN - ADMIN_KEY: *x-aiproxy-token - # 错误日志详情保存时间(小时) - LOG_DETAIL_STORAGE_HOURS: 1 - # 数据库连接地址 - SQL_DSN: postgres://postgres:aiproxy@aiproxy_pg:5432/aiproxy - # 最大重试次数 - RETRY_TIMES: 3 - # 不需要计费 - BILLING_ENABLED: false - # 不需要严格检测模型 - DISABLE_MODEL_CONFIG: true - healthcheck: - test: ['CMD', 'curl', '-f', 'http://localhost:3000/api/status'] - interval: 5s - timeout: 5s - retries: 10 - aiproxy_pg: - image: ${{aiproxy-pg.image}}:${{aiproxy-pg.tag}} # docker hub - restart: unless-stopped - container_name: aiproxy_pg - volumes: - - ./aiproxy_pg:/var/lib/postgresql/data - networks: - - aiproxy - environment: - TZ: Asia/Shanghai - POSTGRES_USER: postgres - POSTGRES_DB: aiproxy - POSTGRES_PASSWORD: aiproxy - healthcheck: - test: ['CMD', 'pg_isready', '-U', 'postgres', '-d', 'aiproxy'] - interval: 5s - timeout: 5s - retries: 10 -networks: - fastgpt: - aiproxy: - vector: -${{vec.extra}} - -configs: - opensandbox-config: - content: | - [server] - host = "0.0.0.0" - port = 8090 - log_level = "INFO" - - [runtime] - type = "docker" - execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" - - [egress] - image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" - - [docker] - network_mode = "bridge" - # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname - # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) - host_ip = "host.docker.internal" \ No newline at end of file diff --git a/deploy/templates/docker-compose.prod.yml b/deploy/templates/docker-compose.prod.yml index 11989815b4..5d4af833fe 100644 --- a/deploy/templates/docker-compose.prod.yml +++ b/deploy/templates/docker-compose.prod.yml @@ -183,11 +183,11 @@ ${{vec.db}} AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker - AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: ${{agent-sandbox-image.image}} + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: ${{agent-sandbox-image.tag}} # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -306,8 +306,6 @@ ${{vec.db}} image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -332,6 +330,7 @@ ${{vec.db}} volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -342,11 +341,16 @@ ${{vec.db}} 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: ${{agent-sandbox-image.image}}:${{agent-sandbox-image.tag}} + profiles: + - prepull # AI Proxy aiproxy: diff --git a/document/content/docs/self-host/deploy/docker.mdx b/document/content/docs/self-host/deploy/docker.mdx index 5d7e32b2d2..7f5047e872 100644 --- a/document/content/docs/self-host/deploy/docker.mdx +++ b/document/content/docs/self-host/deploy/docker.mdx @@ -87,7 +87,7 @@ curl -L https://github.com/docker/compose/releases/download/v2.20.3/docker-compo chmod +x /usr/local/bin/docker-compose # 验证安装 docker -v -docker-compose -v +docker compose -v # 如失效,自行百度~ ``` @@ -173,7 +173,8 @@ bash <(curl -fsSL https://doc.fastgpt.cn/deploy/install.sh) ```bash # 启动容器 -docker-compose up -d +docker compose --profile prepull pull agent-sandbox-image && dockercompose up -d + ``` ### 5. 访问 FastGPT @@ -261,8 +262,8 @@ mongo: 3. 重启服务 ```bash -docker-compose down -docker-compose up -d +docker compose down +docker compose up -d ``` 4. 进入容器执行副本集合初始化 @@ -297,8 +298,8 @@ rs.status() 修改完后重启: ```bash -docker-compose down -docker-compose up -d +docker compose down +docker compose up -d ``` ### 如何更新版本? @@ -308,15 +309,14 @@ docker-compose up -d 3. 执行下面命令会自动拉取镜像: ```bash - docker-compose pull - docker-compose up -d + docker compose up -d ``` 4. 执行初始化脚本(如果有) ### 如何自定义配置文件? -修改`config.json`文件,并执行`docker-compose down`再执行`docker-compose up -d`重起容器。具体配置,参考[配置详解](/docs/self-host/config/json)。 +修改`config.json`文件,并执行`docker compose down`再执行`docker compose up -d`重起容器。具体配置,参考[配置详解](/docs/self-host/config/json)。 ### 如何检查自定义配置文件是否挂载 @@ -327,7 +327,7 @@ docker-compose up -d 1. 挂载目录不正确 2. 配置文件不正确,日志中会提示`invalid json`,配置文件需要是标准的 JSON 文件。 -3. 修改后,没有`docker-compose down`再`docker-compose up -d`,restart是不会重新挂载文件的。 +3. 修改后,没有`docker compose down`再`docker compose up -d`,restart是不会重新挂载文件的。 ### 如何检查环境变量是否正常加载 diff --git a/document/data/doc-last-modified.json b/document/data/doc-last-modified.json index a218b2d594..bddcf506fb 100644 --- a/document/data/doc-last-modified.json +++ b/document/data/doc-last-modified.json @@ -220,7 +220,7 @@ "document/content/docs/self-host/upgrading/4-14/4140.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/upgrading/4-14/4141.en.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/upgrading/4-14/4141.mdx": "2026-03-03T17:39:47+08:00", - "document/content/docs/self-host/upgrading/4-14/41410.mdx": "2026-03-31T20:51:20+08:00", + "document/content/docs/self-host/upgrading/4-14/41410.mdx": "2026-03-31T21:30:11+08:00", "document/content/docs/self-host/upgrading/4-14/4142.en.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/upgrading/4-14/4142.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/upgrading/4-14/4143.en.mdx": "2026-03-03T17:39:47+08:00", diff --git a/document/public/deploy/docker/cn/docker-compose.milvus.yml b/document/public/deploy/docker/cn/docker-compose.milvus.yml index cd51d3fbad..d7cf486fbc 100644 --- a/document/public/deploy/docker/cn/docker-compose.milvus.yml +++ b/document/public/deploy/docker/cn/docker-compose.milvus.yml @@ -243,10 +243,10 @@ services: AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -365,8 +365,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -383,7 +381,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -391,6 +389,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -401,11 +400,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/document/public/deploy/docker/cn/docker-compose.oceanbase.yml b/document/public/deploy/docker/cn/docker-compose.oceanbase.yml index 8adeb2c3db..2ce1fcff17 100644 --- a/document/public/deploy/docker/cn/docker-compose.oceanbase.yml +++ b/document/public/deploy/docker/cn/docker-compose.oceanbase.yml @@ -220,10 +220,10 @@ services: AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -342,8 +342,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -360,7 +358,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -368,6 +366,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -378,11 +377,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/document/public/deploy/docker/cn/docker-compose.pg.yml b/document/public/deploy/docker/cn/docker-compose.pg.yml index a1d9aa448b..a12c281094 100644 --- a/document/public/deploy/docker/cn/docker-compose.pg.yml +++ b/document/public/deploy/docker/cn/docker-compose.pg.yml @@ -201,10 +201,10 @@ services: AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -323,8 +323,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -341,7 +339,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -349,6 +347,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -359,11 +358,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/document/public/deploy/docker/cn/docker-compose.seekdb.yml b/document/public/deploy/docker/cn/docker-compose.seekdb.yml index ee6b8bb97b..3447d72ec0 100644 --- a/document/public/deploy/docker/cn/docker-compose.seekdb.yml +++ b/document/public/deploy/docker/cn/docker-compose.seekdb.yml @@ -207,10 +207,10 @@ services: AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -329,8 +329,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -347,7 +345,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -355,6 +353,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -365,11 +364,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/document/public/deploy/docker/cn/docker-compose.zilliz.yml b/document/public/deploy/docker/cn/docker-compose.zilliz.yml index 91f565fa28..513b44638a 100644 --- a/document/public/deploy/docker/cn/docker-compose.zilliz.yml +++ b/document/public/deploy/docker/cn/docker-compose.zilliz.yml @@ -185,10 +185,10 @@ services: AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -307,8 +307,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -325,7 +323,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -333,6 +331,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -343,11 +342,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/document/public/deploy/docker/global/docker-compose.milvus.yml b/document/public/deploy/docker/global/docker-compose.milvus.yml index 04bc461c52..1306e674ba 100644 --- a/document/public/deploy/docker/global/docker-compose.milvus.yml +++ b/document/public/deploy/docker/global/docker-compose.milvus.yml @@ -242,11 +242,11 @@ services: AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker - AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -365,8 +365,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -383,7 +381,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -391,6 +389,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -401,11 +400,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/document/public/deploy/docker/global/docker-compose.oceanbase.yml b/document/public/deploy/docker/global/docker-compose.oceanbase.yml index cba7830532..8c84ae1784 100644 --- a/document/public/deploy/docker/global/docker-compose.oceanbase.yml +++ b/document/public/deploy/docker/global/docker-compose.oceanbase.yml @@ -219,11 +219,11 @@ services: AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker - AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -342,8 +342,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -360,7 +358,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -368,6 +366,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -378,11 +377,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/document/public/deploy/docker/global/docker-compose.pg.yml b/document/public/deploy/docker/global/docker-compose.pg.yml index adcaec4324..e5d1f1e9d0 100644 --- a/document/public/deploy/docker/global/docker-compose.pg.yml +++ b/document/public/deploy/docker/global/docker-compose.pg.yml @@ -200,11 +200,11 @@ services: AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker - AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -323,8 +323,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -341,7 +339,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -349,6 +347,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -359,11 +358,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/document/public/deploy/docker/global/docker-compose.seekdb.yml b/document/public/deploy/docker/global/docker-compose.seekdb.yml index 2a62e156f4..11727ddccc 100644 --- a/document/public/deploy/docker/global/docker-compose.seekdb.yml +++ b/document/public/deploy/docker/global/docker-compose.seekdb.yml @@ -206,11 +206,11 @@ services: AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker - AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -329,8 +329,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -347,7 +345,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -355,6 +353,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -365,11 +364,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/document/public/deploy/docker/global/docker-compose.ziliiz.yml b/document/public/deploy/docker/global/docker-compose.ziliiz.yml index ce939d3f06..a9965c0107 100644 --- a/document/public/deploy/docker/global/docker-compose.ziliiz.yml +++ b/document/public/deploy/docker/global/docker-compose.ziliiz.yml @@ -184,11 +184,11 @@ services: AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker - AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox - AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: undefined + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true - AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== @@ -307,8 +307,6 @@ services: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 container_name: opensandbox-server restart: always - ports: # 生产环境建议不要暴露 - - 8090:8090 networks: - fastgpt volumes: @@ -325,7 +323,7 @@ services: retries: 5 # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC volume-manager: - image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.2 container_name: volume-manager restart: always networks: @@ -333,6 +331,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: + PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 @@ -343,11 +342,16 @@ services: 'CMD', 'bun', '-e', - "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + agent-sandbox-image: + image: undefined:v0.0.2 + profiles: + - prepull # AI Proxy aiproxy: diff --git a/document/public/deploy/install.sh b/document/public/deploy/install.sh index 80e3f2f91c..748c7fdf55 100644 --- a/document/public/deploy/install.sh +++ b/document/public/deploy/install.sh @@ -76,9 +76,20 @@ esac # ========== 3. 检测可用 IP ========== IP_LIST=() +PRIMARY_IP="" + +# 尝试获取主路由 IP (默认网关对应的 IP) if command -v ip &>/dev/null; then - for ip in $(ip -4 addr show 2>/dev/null | awk '/inet / {split($2,a,"/"); print a[1]}' | grep -v '127.0.0.1'); do - IP_LIST+=("$ip") + PRIMARY_IP=$(ip route get 1 2>/dev/null | awk '{for(i=1;i<=NF;i++) if($i=="src") print $(i+1)}') +fi + +# 获取所有物理/主要网卡 IP,过滤掉本地回环、Docker桥接、虚拟网卡等 +if command -v ip &>/dev/null; then + VALID_IPS=$(ip -4 -o addr show | grep -vE ' lo|docker[0-9]+|br-[a-z0-9]+|veth' | awk '{split($4,a,"/"); print a[1]}') + for ip in $VALID_IPS; do + if [ "$ip" != "127.0.0.1" ]; then + IP_LIST+=("$ip") + fi done elif command -v ifconfig &>/dev/null; then for ip in $(ifconfig 2>/dev/null | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1'); do @@ -86,6 +97,26 @@ elif command -v ifconfig &>/dev/null; then done fi +# 去重并确保 PRIMARY_IP 排在第一位 +UNIQUE_IPS=() +if [ -n "$PRIMARY_IP" ]; then + UNIQUE_IPS+=("$PRIMARY_IP") +fi + +for ip in "${IP_LIST[@]}"; do + match=false + for u_ip in "${UNIQUE_IPS[@]}"; do + if [ "$u_ip" == "$ip" ]; then + match=true + break + fi + done + if [ "$match" = false ]; then + UNIQUE_IPS+=("$ip") + fi +done +IP_LIST=("${UNIQUE_IPS[@]}") + # 地址选择函数 # 参数: $1=标题, $2=端口 # 设置 SELECTED_ADDR 和 SELECTED_CUSTOM (true=手动输入, false=列表选择) @@ -96,8 +127,12 @@ select_address() { if [ ${#IP_LIST[@]} -gt 0 ]; then # 构建带完整地址的选项列表 local opts=() - for ip in "${IP_LIST[@]}"; do - opts+=("http://$ip:$port") + for i in "${!IP_LIST[@]}"; do + if [ $i -eq 0 ] && [ -n "$PRIMARY_IP" ] && [ "${IP_LIST[$i]}" == "$PRIMARY_IP" ]; then + opts+=("http://${IP_LIST[$i]}:$port (推荐/主IP)") + else + opts+=("http://${IP_LIST[$i]}:$port") + fi done opts+=("其他 (手动输入)") @@ -118,12 +153,12 @@ select_address() { } # ========== 4. 选择 S3 访问地址 (端口 9000) ========== -select_address "请选择 S3 访问地址 - 客户端和容器均需可访问 (↑↓ 选择, 回车确认):" 9000 +select_address "请选择 S3 访问地址 - 客户端和容器均需可访问 (↑↓ 选择, 回车确认, 通常默认第一个即可):" 9000 S3_ADDR="$SELECTED_ADDR" S3_CUSTOM=$SELECTED_CUSTOM -# ========== 5. 选择 SSE MCP 访问地址 (端口 3005) ========== -select_address "请选择 SSE MCP 访问地址 - 客户端和容器均需可访问 (↑↓ 选择, 回车确认):" 3005 +# ========== 5. 选择 SSE MCP 访问地址 (端口 3003) ========== +select_address "请选择 SSE MCP 访问地址 - 客户端和容器均需可访问 (↑↓ 选择, 回车确认, 通常默认第一个即可):" 3003 MCP_ADDR="$SELECTED_ADDR" MCP_CUSTOM=$SELECTED_CUSTOM @@ -148,7 +183,7 @@ if [ -n "$MCP_ADDR" ]; then if $MCP_CUSTOM; then MCP_DISPLAY="$MCP_ADDR" else - MCP_DISPLAY="http://$MCP_ADDR:3005" + MCP_DISPLAY="http://$MCP_ADDR:3003" fi else MCP_DISPLAY="未设置" @@ -237,7 +272,7 @@ if [ -n "$MCP_ADDR" ]; then if $MCP_CUSTOM; then MCP_ENDPOINT="$MCP_ADDR" else - MCP_ENDPOINT="http://$MCP_ADDR:3005" + MCP_ENDPOINT="http://$MCP_ADDR:3003" fi if [[ "$OSTYPE" == "darwin"* ]]; then @@ -258,10 +293,11 @@ fi # ========== 完成 ========== echo "" echo "配置下载成功! 后续操作:" -echo " 1. 启动服务: docker compose up -d" -echo " 2. 开放端口: 3000, 9000, 3005" -echo " 3. 访问服务: http://localhost:3000" -echo " 4. 登录服务: 默认账号为 'root', 密码为: '1234'" -echo " 5. 配置模型: 在 '账号-模型提供商' 页面,进行模型配置" +echo " 1. 预热沙盒: docker compose --profile prepull pull agent-sandbox-image" +echo " 2. 启动服务: docker compose up -d" +echo " 3. 开放端口: 3000, 9000, 3003" +echo " 4. 访问服务: http://localhost:3000" +echo " 5. 登录服务: 默认账号为 'root', 密码为: '1234'" +echo " 6. 配置模型: 在 '账号-模型提供商' 页面,进行模型配置" echo "" echo "详细文档: https://doc.fastgpt.cn/docs/self-host/deploy/docker" diff --git a/projects/app/.env.template b/projects/app/.env.template index 121f68908d..e1c581b91b 100644 --- a/projects/app/.env.template +++ b/projects/app/.env.template @@ -24,32 +24,33 @@ HIDE_CHAT_COPYRIGHT_SETTING= # PRO_URL= # 插件服务 -PLUGIN_BASE_URL=http://localhost:3003 +PLUGIN_BASE_URL=http://localhost:3004 PLUGIN_TOKEN=token # 代码沙箱服务 CODE_SANDBOX_URL=http://localhost:3002 -CODE_SANDBOX_TOKEN= +CODE_SANDBOX_TOKEN=codesandbox # AI Proxy API AIPROXY_API_ENDPOINT=https://localhost:3010 -AIPROXY_API_TOKEN=aiproxy +AIPROXY_API_TOKEN=token # Agent sandbox -AGENT_SANDBOX_PROVIDER= +AGENT_SANDBOX_PROVIDER=opensandbox # Sealos devbox AGENT_SANDBOX_SEALOS_BASEURL= AGENT_SANDBOX_SEALOS_TOKEN= # OpenSandbox 配置(PROVIDER=opensandbox 时生效) -AGENT_SANDBOX_OPENSANDBOX_BASEURL= +AGENT_SANDBOX_OPENSANDBOX_BASEURL=http://localhost:8090 AGENT_SANDBOX_OPENSANDBOX_API_KEY= AGENT_SANDBOX_OPENSANDBOX_RUNTIME=docker AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO=registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox -AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG=latest +AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG=v0.0.2 # Volume 持久化配置(opensandbox provider 下可选) -AGENT_SANDBOX_ENABLE_VOLUME=false -AGENT_SANDBOX_VOLUME_MANAGER_URL= -AGENT_SANDBOX_VOLUME_MANAGER_TOKEN= +AGENT_SANDBOX_ENABLE_VOLUME=true +AGENT_SANDBOX_VOLUME_MANAGER_URL=http://localhost:3005 +AGENT_SANDBOX_VOLUME_MANAGER_TOKEN=vmtoken +AGENT_SANDBOX_VOLUME_MANAGER_MOUNT_PATH=/workspace # E2B 配置(PROVIDER=e2b 时生效) AGENT_SANDBOX_E2B_API_KEY= diff --git a/projects/app/data/config.json b/projects/app/data/config.json index b997224712..4b0c634fa0 100644 --- a/projects/app/data/config.json +++ b/projects/app/data/config.json @@ -2,7 +2,7 @@ { "feConfigs": { "lafEnv": "https://laf.dev", // laf环境。 https://laf.run (杭州阿里云) ,或者私有化的laf环境。如果使用 Laf openapi 功能,需要最新版的 laf 。 - "mcpServerProxyEndpoint": "" // mcp server 代理地址,例如: http://localhost:3005 + "mcpServerProxyEndpoint": "http://localhost:3003" // mcp server 代理地址,例如: http://localhost:3004 }, "systemEnv": { "datasetParseMaxProcess": 10, // 知识库文件解析最大线程数量